US20030196113A1 - System and method for providing a secure environment for performing conditional access functions for a set top box - Google Patents
System and method for providing a secure environment for performing conditional access functions for a set top box Download PDFInfo
- Publication number
- US20030196113A1 US20030196113A1 US10/120,222 US12022202A US2003196113A1 US 20030196113 A1 US20030196113 A1 US 20030196113A1 US 12022202 A US12022202 A US 12022202A US 2003196113 A1 US2003196113 A1 US 2003196113A1
- Authority
- US
- United States
- Prior art keywords
- program
- processing system
- control signal
- secure processing
- control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/81—Monomedia components thereof
- H04N21/8166—Monomedia components thereof involving executable data, e.g. software
- H04N21/8193—Monomedia components thereof involving executable data, e.g. software dedicated tools, e.g. video decoder software or IPMP tool
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
Definitions
- the present invention relates to cryptographic systems.
- the present invention relates to a secure decryption of information transmitted to a set top box to provide conditional access to transmitted signals.
- Cable and satellite television service providers utilize conditional access systems to broadcast encrypted information, representing programs, to authorized customers. Cable and satellite television service providers use a conditional access transmission system to encrypt signals so that access to the content of the signals is prevented except through a specified mechanism.
- cable and satellite television service providers supply set top boxes which can decrypt the signals transmitted by the cable and satellite television service providers. Each set top box can be configured to decrypt information from the cable and satellite television service providers on a per-service or per-event basis.
- MPEG-2 specifies a syntax for encoding video and audio information. It also specifies a transport stream format which allows multiple programs to be multiplexed into a single bit stream.
- the cable and satellite television service providers break down programs into elementary streams, for example video and audio, which are then encoded into packetized elementary streams (hereinafter “PES”) consisting of variable-length packets containing coded video and audio information. PES packets are then encapsulated in 188-byte transport packets for multiplexing and transmission.
- PES packetized elementary streams
- MPEG-2 specifies two stream formats for transmitting content: program stream and transport stream. Transport stream is used in broadcast environments.
- An MPEG-2 transport stream consists of a stream of transport packets, each of which contains a packet identifier in the header. Packets sharing the same program identifier (hereinafter “PID”) are considered as belonging to the same stream. In this way, multiple independent streams can be carried in a transport stream or transport multiplex.
- PID packet identifier
- a set top box provided by a particular cable or satellite television company, is configured to decrypt some or all of the individual streams carried within the transport stream sent by the particular cable or satellite television company.
- the set top box can be configured to decrypt transport streams on a per-service or per-event basis.
- the set top box generally will not work for another cable or satellite television company. If the user of the set top box elects to change from one cable or satellite television company to a second cable or satellite television company, the second cable or satellite television company must provide another set top box for the user.
- An object of the present invention is to provide a system and method for the reception, decryption and decoding of information from more than one provider.
- the present invention provides for the installation of a conditional access applet associated with a service provider which generates control words that allow a set top box to decrypt a selected channel.
- a secure processing system for use in a set top box for decrypting a selected channel from a first service provider.
- the secure processing system includes a first system input for receiving at least one authorization message, a second system input for receiving at least one control message associated with a selected program, and a system output for providing a system output signal.
- the secure processing system also includes a data storage device and a central processing unit.
- the data storage device is configured to store information conveyed by the at least one authorization message.
- the central processing unit is configured to receive the at least one control message from the second system input, receive the at least one authorization message from the first system input and store the at least one authorization message in the data storage device.
- the central processing unit also executes a first conditional access applet which is configured to cause the system output to transmit a first control signal if the at least one control message specifies a type of program that can be decrypted given the at least one authorization message.
- the central processing unit will also cause the system output to transmit a second control signal if the at least one control message specifies a type of program that can not be decrypted by the decryption device given the at least one authorization message.
- Another aspect of the invention includes a third system input for receiving a service provider identifier. Yet another aspect of the invention includes the central processing unit discontinuing execution of the first conditional access applet and beginning execution of the second conditional access applet if the service provider identifier received by the third system input is associated with a second conditional access applet.
- a further aspect of the invention includes the second conditional access applet being configured to cause the system output to transmit a third control signal if the at least one control message specifies a type of program that can be decrypted by the decryption device given the at least one authorization message, and to cause the system output to transmit a fourth control signal if the at least one control message specifies a type of program that can not be decrypted by the decryption device given the at least one authorization message.
- a method for decrypting a selected channel from a first service provider includes receiving at least one authorization message, receiving at least one control message associated with a selected program, and storing the at least one authorization message.
- An aspect of the invention includes transmitting a first control signal if the at least one control message specifies a type of program that can be decrypted given the at least one authorization message.
- Another aspect of the invention includes transmitting a second control signal if the at least one control message specifies a type of program that can not be decrypted by the decryption device given the at least one authorization message.
- FIG. 1 is a timing diagram illustrating the prior art MPEG-2 transport stream format
- FIG. 2 is a functional block diagram illustrating a system for receiving, decrypting and decoding data from at least one service provider, according to the present invention
- FIG. 3 is a block diagram illustrating a secure processing system according to the present invention.
- FIG. 4 is a flow chart illustrating a process for service acquisition according to the present invention.
- FIG. 5 is a flow chart illustrating a process for determining whether a set top box has authorization to decrypt a selected program according to the present invention.
- FIG. 1 illustrates the prior art MPEG-2 transport stream format 10 that is used to broadcast transport streams from a cable or satellite company to a set top box.
- the MPEG-2 transport stream format 10 is compliant with the ISO/IEC 13838-1 specification.
- An MPEG-2 transport packet 12 is 188 bytes in length and includes a transport header 14 , an optional adaptation field 16 , and a payload 18 .
- the transport header 14 further includes a program identifier (hereinafter “PID”) 20 , which is 13 bits in length.
- PID program identifier
- a “program” in MPEG-2 terminology is a collection of packet streams 12 having related PIDs.
- An example of an MPEG-2 program may be the Home Box Office Channel or the Public Broadcasting System Channel.
- the PID 20 allows a system to identify the component packet streams of the individual programs.
- MPEG-2 provides a general syntax for standard and private messages.
- a standard table called the program association table (hereinafter “PAT”), is carried on PID 0 .
- the PAT serves as a directory to the streams in the transport multiplex.
- the PAT includes many entries. Each entry in the PAT correlates a program number with the PID of a program map table (hereinafter “PMT”).
- PMT program map table
- the PMT lists individual PIDs associated with the particular program.
- a PID listed in the PMT of an access-controlled program is the PID of the ECMs associated with the selected program.
- the other PIDs located in the PMT indicate the PIDs of the data streams that constitute a program, for example video, audio, and the like.
- control messages Two types of messages are used in controlling access to the programs: control messages and access messages.
- the control messages are entitlement control messages (hereinafter “ECMs”) and the access messages are entitlement management messages (hereinafter “EMMs”).
- ECMs are used to specify the access requirement associated with programs. They also typically contain the parameters needed for deriving decrypting keys or control words.
- ECMs are associated with individual programs. ECMs are transported “in-band” alongside the video and audio streams of a program.
- EMMs are used to convey authorization to the subscribers. They are unicast addressed to each set top box, typically over an out-of-band (hereinafter “OOB”) channel that the set top box is always monitoring, regardless of the channel the subscriber is watching. EMMs are associated with individual set top boxes.
- OOB out-of-band
- FIG. 2 is a block diagram which illustrates a conditional access system 100 for broadcasting programs from a cable or satellite television provider to a set top box.
- the conditional access system 100 includes a television broadcasting equipment set-up 102 , a television broadcasting equipment set-up 182 , and one or more set top box 130 .
- Each of the television broadcasting equipment set-up 102 and the television broadcasting equipment set-up 182 can provide one or more transport stream, representing multiple programs, over a data line 120 to the one or more set top box 130 . It will be appreciated that in an ordinary system there will be thousands of set top boxes 130 and that only a single set top box is shown for purposes of explaining the present invention.
- the television broadcasting equipment set-ups 102 , 182 can be television broadcasting satellite uplinks.
- the television broadcasting equipment set-up 102 includes a multiple program transport stream generator 104 , an ECM generator 108 , a multiplexer 106 , a encryption device 110 , a data storage device 112 , a quadrature amplitude modulator 114 , and an upconversion unit 116 .
- the television broadcasting equipment set-up 102 broadcasts multiple programs to many set top boxes 130 using the MPEG-2 standard.
- the multiple program transport stream generator 104 creates and transmits data streams to the multiplexer 106 and the ECM generator 108 creates and transmits ECMs to the multiplexer 106 .
- the multiplexer 106 combines the data streams generated by the multiple program transport stream generator 104 and the ECMs generated by the ECM generator 108 into one or more transport stream.
- the data format of the one or more transport stream comports with the MPEG-2 specification.
- the multiplexer 106 transmits the one or more transport stream to the optional data storage device 110 .
- the optional data storage device 110 acts as a buffer.
- the optional data storage device 110 receives and stores the one or more transport stream from the multiplexer 106 for a predetermined period of time, and then transmits the one or more transport stream to the quadrature amplitude modulator (hereinafter “QAM”) 114 .
- the QAM 114 processes the one or more transport stream and transmits a QAM carrier representing the one or more transport stream to the upconverter 116 .
- the upconverter 116 couples the QAM carrier to a carrier wave and broadcasts the coupled data signal to the set top boxes 130 that are connected to the television broadcasting equipment set-up 102 by the data line 120 .
- the television broadcasting equipment set-up 182 is substantially similar to the television broadcasting equipment set-up 102 .
- a multiple program transport stream generator 184 of the television broadcasting equipment set-up 182 is substantially similar to the multiple program transport stream generator 104
- an ECM generator 188 of the television broadcasting equipment set-up 182 is substantially similar to the ECM generator 108
- a multiplexer 186 of the television broadcasting equipment set-up 182 is substantially similar to the multiplexer 106
- a encryption device 190 of the television broadcasting equipment set-up 182 is substantially similar to the encryption device 110
- a data storage device 192 of the television broadcasting equipment set-up 182 is substantially similar to the data storage device 112
- a QAM 194 of the television broadcasting equipment set-up 182 is substantially similar to the QAM 114
- an upconversion unit 196 of the television broadcasting equipment set-up 182 is substantially similar to the upconversion unit 116 .
- the multiple program transport stream generator 184 differs from the multiple program transport stream generator 104 in that the one or more transport stream generated by the multiple program transport stream generators 184 , 104 are different.
- the ECM generator 188 differs from the ECM generator 108 in that the ECMs generated by the ECM generators 108 , 188 are different.
- the upconversion unit 196 differs from the upconversion unit 116 in that the carrier frequency the upconversion unit 196 uses to couple the QAM carrier to is generally different than the carrier frequency the upconversion unit 116 uses.
- the one or more set top box 130 includes a tuner 132 , a demodulator 134 , a demultiplexer 136 , a decryption device 138 , a main central processing unit (hereinafter “main CPU”) 140 , a data storage device 141 , a user interface 142 , a secure processing system 144 , for example, as disclosed as the public cryptographic control unit in Sprague et al., an out-of-band interface 146 , a decoder 150 , and an analog output 152 .
- the coupled data signal, received by the one or more set top box 130 is conveyed to the tuner 132 .
- the tuner 132 is tuned to a particular carrier signal frequency by the main CPU 140 and decouples the carrier signal from the QAM carrier, thereby recovering an intermediate frequency (IF) signal. Once the IF signal is recovered, the IF signal is transmitted to the demodulator 134 .
- the demodulator 134 demodulates the QAM carrier received by the demodulator 134 and transmits the one or more transport stream to the demultiplexer 136 .
- the out-of-band interface 146 is an Ethernet interface.
- the demultiplexer 136 receives the one or more transport stream from the demodulator 134 , and based on control signals from the main CPU 140 , conveys the appropriate data streams to the decryption device 138 , the secure processing system 144 , and the main CPU 140 .
- the CPU 140 provides control signals to the demultiplexer 136 such that the demultiplexer 136 transmits two data streams of the one or more transport stream associated with a selected program to the decryption device 138 , transmits one data stream of the one or more transport stream associated with the PMT of the selected program, which is program specific information (PSI), to the main CPU 140 , and transmits the data streams containing the ECMs associated with the selected program to the secure processing system 144 .
- PSI program specific information
- more than two data streams can be associated with the selected program, and the demultiplexer 136 can transmit the data streams associated with the selected program to the decryption device 138 .
- the decryption device 138 receives the two data streams transmitted by the demultiplexer 136 and decrypts the data streams depending on the control words transmitted by the secure processing system 144 . If one of the EMMs stored in the secure processing system 144 gives the one or more set top box 130 the privilege to decrypt a program associated with the ECM received by the secure processing system 144 from the demultiplexer 136 , the secure processing system 144 provides the control words necessary to decrypt the two transport streams. The decrypted data streams are then transmitted to the video and audio decoding unit 150 .
- the secure processing system 144 does not provide the control words necessary to decrypt the two transport streams, and encrypted data streams are transmitted to the video and audio decoding unit 150 .
- the video and audio decoding unit 150 receives the decrypted transport streams from the decryption device 138 and decodes the digital signals.
- the video and audio decoding unit 150 processes the decrypted data streams and produces an analog signal.
- the analog signal is transmitted to the analog output 152 , which transmits the analog signal to a monitor 180 which displays the analog signal.
- the out-of-band interface 146 receives EMMs, a virtual channel table and encrypted conditional access applets from an access controller 160 .
- the EMMs convey authorization to decrypt particular types of transport streams.
- the virtual channel table associates a selected channel with a program number, a service provider identifier, and a particular tuner setting.
- the encrypted conditional access applets are service provider specific applets that are used by the secure processing system 144 to generate control words. Each of the encrypted conditional access applets is associated with a particular service provider identifier.
- the out-of-band interface 146 transmits the EMMs, the virtual channel table and the encrypted control word applets, received from an access controller 160 , to the main CPU 140 .
- the main CPU 140 receives the EMMs, the virtual channel table and the encrypted conditional access applets from the out-of-band interface 146 .
- the main CPU 140 transmits the EMMs to the secure processing system 144 .
- the main CPU 140 stores the cable association table in the data storage device 141 , and upon receipt of a selected channel, transmits the service provider identifier associated with the selected channel to the secure processing system 144 .
- the main CPU 140 transmits the encrypted conditional access applets to the secure processing system 144 for storage therein.
- the secure processing system 144 decrypts the EMMs using public-key or private-key cryptographic techniques, or both.
- the secure processing system 144 is described in more detail in relation with FIG. 3.
- the secure processing system 144 uses the decrypted conditional access applet associated with the service provider identifier of the selected channel, which is decrypted within the secure processing system 144 , to compare the ECMs for the selected channel with the EMMs stored within the secure processing system 144 .
- the secure processing system 144 transmits control words, derived from the ECMs and the conditional access applet provided by the service provider associated with the service provider identifier, to the decrypting device 138 which cause the decrypting device 138 to decrypt the data streams received from the demultiplexer 136 .
- the secure processing system 144 should have received an EMM that allows the one or more set top box 130 to decrypt PREMIUM programs in order to provide control words to the decryption device 138 which will decrypt the data streams that correspond to the Home Box Office channel. Otherwise, the secure processing system 144 does not transmit any control words to the decryption device 138 , and the decryption device 138 transmits encrypted content to the decoding unit 150 .
- the user interface 142 receives input from a user and conveys that information to the main CPU 140 .
- a user can command the one or more set top box 130 to turn on, turn off, select a particular channel, or purchase a pay per view event through the user interface 142 .
- the user interface 142 transmits these commands to the main CPU 140 which carries out the particular command issued by the user. If the main CPU 140 receives a command to purchase a pay per view event, the main CPU 140 transmits a purchase record to the out-of-band interface 146 .
- the out-of-band interface 146 receives the purchase record and transmits the purchase record to the access controller 160 . In response to the purchase record, the access controller 160 transmits an appropriate EMM to the one or more set top box 130 .
- the access controller 160 may transmit EMMs to the one or more set top box 130 as out-of-band signals over the data line 120 .
- the one or more set top box 130 can transmit purchase records to the television broadcasting equipment set-up 102 as out-of-band signals over the data line 120 .
- the access controller 160 may transmit the virtual channel table to the one or more set top box 130 as an out band signal over the data line 120 .
- FIG. 3 is a block diagram illustrating the secure processing system 144 .
- the secure processing system 144 for example as disclosed as the public cryptographic control unit in Sprague et al., includes a central processing unit 202 , a data storage device 204 , a communication device 206 , and a unique unit identity 208 .
- the data storage device 204 includes memory for storing the EMMs received by the one or more set top box 130 and the conditional access applets received by the one or more set top box 130 .
- the communication device 206 sends and receives data to and from the main CPU 140 and the demultiplexer 136 , and transmits control words to the decryption device 138 .
- the central processing unit 202 executes the conditional access applet associated with the service provider identifier received from the main CPU 140 .
- One conditional access applet should be running at any one time.
- the data storage device 204 contains the conditional access applets in addition to the EMMs.
- FIG. 4 illustrates a process 300 for granting conditional access to a selected program.
- the process 300 begins at step 302 . If the main CPU 140 receives an indication from the user interface 142 that the user has selected a new channel, the process 300 advances to step 304 . Otherwise, the process 300 remains at step 302 .
- the main CPU 140 determines whether the new channel is a valid channel.
- the main CPU 140 has the virtual channel table stored in memory.
- the virtual channel table associates a selected channel with a program number, a service provider identifier, and a particular tuner setting.
- the main CPU 140 searches the virtual channel table for a data record corresponding to the new channel. If the main CPU 140 locates a data record corresponding to the new channel, the main CPU 140 informs the secure processing system 144 that a new channel has been selected, and the process 300 advances to step 306 . If the main CPU 140 does not locate a data record corresponding to the new channel, the new channel is not a valid channel and the process 300 advances to step 305 .
- the main CPU 140 transmits an error indicator to the user interface 142 .
- the user interface 142 may output an error indication to the user. Once the error indicator is transmitted to the user interface 142 , the process 300 advances to step 302 .
- the process 300 reads and stores the information contained within the data record of the virtual channel table corresponding to the new channel.
- the main CPU 140 reads the program number, the service provider identifier, and the particular tuner setting from the data record for the new channel.
- the main CPU 140 stores these values in the data storage device 141 , and the process 300 advances to step 308 .
- the main CPU 140 transmits the particular tuner setting to the tuner 132 and transmits the particular service provider identifier to the secure processing system 144 .
- the particular tuner setting will cause the tuner 132 to recover the one or more transport stream carried on the radio frequency carrier associated with the new channel. If the particular service provider identifier for the new channel is different than the particular service provider identifier for the old channel, the secure processing system 144 will discontinue using the conditional access applet of the particular service provider identifier associated with the old channel, and begin using the conditional access applet of the particular service provider identifier associated with the new channel. This process is further disclosed as the software applet installation and execution process in Veil et al. Once the particular tuner setting and the particular service provider identifier is transmitted to the tuner 132 , the process 300 advances to step 310 .
- the main CPU 140 captures the PAT from the one or more transport stream received by the demultiplexer 136 .
- the main CPU 140 does this by transmitting control signals to the demultiplexer 136 which cause the demultiplexer 136 to transmit the MPEG-2 data packets with PIDs of zero to the main CPU 140 .
- the PAT is a table which associates each of a group of program numbers with a particular PMT PID. Each program number is associated with a single PMT PID.
- the main CPU 140 reads the data record corresponding to the program number associated with the new channel.
- the main CPU 140 stores the PMT PID associated with the new channel in memory. Once the PMT PID is stored in memory, the process 300 advances to step 314 .
- the main CPU 140 captures the PMT from the one or more transport stream received by the demultiplexer 136 .
- the main CPU 140 does this by transmitting control signals to the demultiplexer 136 which cause the demultiplexer 136 to transmit the MPEG-2 data packets with PIDs equal to the PMT PID stored in the memory of the main CPU 140 to the main CPU 140 .
- the PMT is a table which lists a group of PIDs.
- the PMT lists the ECM PID, and the PIDs of the data streams of packets which combine to form the program for the new channel.
- the main CPU 140 reads the contents of the PMT and stores it in memory. Once the contents of the PMT are captured, the process 300 advances to step 316 .
- the main CPU 140 transmits control signals to the demultiplexer 136 which cause the demultiplexer 136 to transmit the packets with the PIDs listed in the PMT associated with the new channel to the decryption device 138 and the secure processing system 144 .
- the demultiplexer 136 transmits the MPEG-2 data packets with PIDs equal to the ECM PID to the secure processing system 144 , and the MPEG-2 data packets with PIDs equal to the data stream PIDs associated with the new channel to the decryption device 138 .
- FIG. 5 is a flow chart illustrating a process 400 for determining whether a set top box has authorization to decrypt a selected program.
- the process 400 begins at step 402 .
- the secure processing system 144 receives an MPEG-2 data packet from the demultiplexer 136 , the MPEG-2 data packet contains an ECM for the selected program and the process 400 advances to step 404 . If the secure processing system 144 does not receive an MPEG-2 data packet from the demultiplexer 136 , the process 400 remains at step 402 .
- the secure processing system 144 determines whether the conditional access applet, currently running on the secure processing system 144 , is associated with the service provider identifier received from the main CPU 140 . If the conditional access applet, currently running on the secure processing system 144 , is associated with the service provider identifier received from the main CPU 140 , the process 400 advances to step 410 . If the conditional access applet currently running on the secure processing system 144 is not associated with the service provider identifier received from the main CPU 140 , the process 400 advances to step 406 .
- the secure processing system 144 determines whether the conditional access applet associated with the service provider identifier is stored in the data storage device 204 .
- the secure processing system 144 issues a request to the data storage device 204 for the control word applet associated with the service provider identifier. If the data storage device 204 has the control word applet associated with the service provider identifier, the process 400 advances to step 408 . If the data storage device 204 does not have the control word applet associated with the service provider identifier, the process 400 advances to step 412 .
- the secure processing system 144 begins running the control word applet associated with the service provider identifier.
- the secure processing system 144 reads the control word applet associated with the service provider identifier of the selected channel from the data storage device 204 .
- the secure processing system 144 stops running the conditional access applet that was running on the secure processing system 144 , encrypts the conditional access applet, and stores it within the data storage device 204 .
- the secure processing system 144 installs and begins running the control word applet received from the data storage device 204 , for example, as disclosed as the software applet installation and execution process in Veil et al. Once the control word applet associated with the service provider identifier is installed in the secure processing system 144 , the process 400 advances to step 410 .
- the secure processing system 144 determines whether it has authorization to decrypt the data streams associated with the new channel.
- the secure processing system 144 uses the conditional access applet currently running on the secure processing system 144 to compare the ECMs received from the demultiplexer 136 to the EMMs received from the main CPU 140 . If the one or more set top box 130 contains EMMs granting the one or more set top box 130 permission to decrypt a channel which is associated with the ECMs received from the demultiplexer 136 , the process 400 advances to step 414 . Otherwise, the secure processing system 144 does not have authorization to decrypt the data streams associated with the new channel, and the process 400 advances to step 412 .
- the secure processing system 144 discontinues transmitting appropriate control words to the decryption device 138 . If the secure processing system 144 does not transmit appropriate control words to the decryption device 138 , the decryption device 138 will not decrypt the one or more transport stream received from the demultiplexer 136 . After the secure processing system 144 discontinues transmission of the appropriate control words to the decryption device 138 , the process 400 advances to step 402 .
- the secure processing system 144 transmits appropriate control words to the decryption device 138 , such that the decryption device 138 decrypts the one or more transport stream received from the demultiplexer.
- the secure processing system 144 uses the control word generator for the service provider identifier associated with the new channel to generate control words for the decryption device 138 .
- the control words are transmitted to the decryption device 138 , and the process 400 advances to step 402 .
- control words are transmitted to the decryption device 138 , the secure processing system 144 continues to transmit the control words to the decryption device 138 until such time as the secure processing system 144 discontinues transmission of the control words to the decryption device 138 .
Abstract
A system and method are provided for decrypting a selected program. The system and method can receive at least one authorization message and at least one control message associated with a selected program. The system and method stores the at least one authorization message. The system and method transmits a first control signal if the at least one control message specifies a type of program that can be decrypted given the at least one authorization message and transmits a second control signal if the at least one control message specifies a type of program that can not be decrypted by the decryption device given the at least one authorization message.
Description
- The present invention relates to cryptographic systems. In particular, the present invention relates to a secure decryption of information transmitted to a set top box to provide conditional access to transmitted signals.
- Cable and satellite television service providers utilize conditional access systems to broadcast encrypted information, representing programs, to authorized customers. Cable and satellite television service providers use a conditional access transmission system to encrypt signals so that access to the content of the signals is prevented except through a specified mechanism. Generally, cable and satellite television service providers supply set top boxes which can decrypt the signals transmitted by the cable and satellite television service providers. Each set top box can be configured to decrypt information from the cable and satellite television service providers on a per-service or per-event basis.
- Many cable and satellite television service providers use the MPEG-2 encoding standard for transmission of encoded programs. MPEG-2 specifies a syntax for encoding video and audio information. It also specifies a transport stream format which allows multiple programs to be multiplexed into a single bit stream. The cable and satellite television service providers break down programs into elementary streams, for example video and audio, which are then encoded into packetized elementary streams (hereinafter “PES”) consisting of variable-length packets containing coded video and audio information. PES packets are then encapsulated in 188-byte transport packets for multiplexing and transmission. MPEG-2 specifies two stream formats for transmitting content: program stream and transport stream. Transport stream is used in broadcast environments.
- An MPEG-2 transport stream consists of a stream of transport packets, each of which contains a packet identifier in the header. Packets sharing the same program identifier (hereinafter “PID”) are considered as belonging to the same stream. In this way, multiple independent streams can be carried in a transport stream or transport multiplex.
- A set top box, provided by a particular cable or satellite television company, is configured to decrypt some or all of the individual streams carried within the transport stream sent by the particular cable or satellite television company. The set top box can be configured to decrypt transport streams on a per-service or per-event basis. The set top box generally will not work for another cable or satellite television company. If the user of the set top box elects to change from one cable or satellite television company to a second cable or satellite television company, the second cable or satellite television company must provide another set top box for the user.
- An object of the present invention is to provide a system and method for the reception, decryption and decoding of information from more than one provider. In a particular embodiment, the present invention provides for the installation of a conditional access applet associated with a service provider which generates control words that allow a set top box to decrypt a selected channel.
- In accordance with a first exemplary embodiment of the system of the present invention, there is provided a secure processing system for use in a set top box for decrypting a selected channel from a first service provider. The secure processing system includes a first system input for receiving at least one authorization message, a second system input for receiving at least one control message associated with a selected program, and a system output for providing a system output signal. The secure processing system also includes a data storage device and a central processing unit. The data storage device is configured to store information conveyed by the at least one authorization message. The central processing unit is configured to receive the at least one control message from the second system input, receive the at least one authorization message from the first system input and store the at least one authorization message in the data storage device. In addition, the central processing unit also executes a first conditional access applet which is configured to cause the system output to transmit a first control signal if the at least one control message specifies a type of program that can be decrypted given the at least one authorization message. The central processing unit will also cause the system output to transmit a second control signal if the at least one control message specifies a type of program that can not be decrypted by the decryption device given the at least one authorization message.
- Another aspect of the invention includes a third system input for receiving a service provider identifier. Yet another aspect of the invention includes the central processing unit discontinuing execution of the first conditional access applet and beginning execution of the second conditional access applet if the service provider identifier received by the third system input is associated with a second conditional access applet.
- A further aspect of the invention includes the second conditional access applet being configured to cause the system output to transmit a third control signal if the at least one control message specifies a type of program that can be decrypted by the decryption device given the at least one authorization message, and to cause the system output to transmit a fourth control signal if the at least one control message specifies a type of program that can not be decrypted by the decryption device given the at least one authorization message.
- In accordance with a second exemplary embodiment of the method of the present invention, there is provided a method for decrypting a selected channel from a first service provider. The method for decrypting a selected program includes receiving at least one authorization message, receiving at least one control message associated with a selected program, and storing the at least one authorization message. An aspect of the invention includes transmitting a first control signal if the at least one control message specifies a type of program that can be decrypted given the at least one authorization message. Another aspect of the invention includes transmitting a second control signal if the at least one control message specifies a type of program that can not be decrypted by the decryption device given the at least one authorization message.
- Further objects, features, and advantages of the invention will become apparent from the following detailed description taken in conjunction with the accompanying figures showing illustrative embodiments of the invention, in which:
- FIG. 1 is a timing diagram illustrating the prior art MPEG-2 transport stream format;
- FIG. 2 is a functional block diagram illustrating a system for receiving, decrypting and decoding data from at least one service provider, according to the present invention;
- FIG. 3 is a block diagram illustrating a secure processing system according to the present invention;
- FIG. 4 is a flow chart illustrating a process for service acquisition according to the present invention; and
- FIG. 5 is a flow chart illustrating a process for determining whether a set top box has authorization to decrypt a selected program according to the present invention.
- Throughout the figures, unless otherwise stated, the same reference numerals and characters are used to denote like features, elements, components, or portions of the illustrated embodiments. Moreover, while the subject invention will now be described in detail with reference to the figures, and in connection with the illustrative embodiments, changes and modifications can be made to the described embodiments without departing from the true scope and spirit of the subject invention as defined by the appended claims.
- U.S. patent application Ser. No. 09/313,295, filed Mar. 17, 1999, to Steven J. Sprague and Gregory J. Kazmierczak entitled “Public Cryptographic Control Unit and System Therefor” (hereinafter “Sprague et al.”), the entire specification of which is herein incorporated by reference, describes a cryptographic control unit in which small software applications (hereinafter “applets”) can be swapped in and/or out of the cryptographic control unit.
- U.S. patent application Ser. No. 09/855,898, filed May 15, 2001, to Leonard S. Veil and Erica E. Tups entitled “Method and System for Conditional Installation and Execution of Services in a Secure Computing Environment” (hereinafter “Veil et al.”), the entire specification of which is herein incorporated by reference, describes a cryptographic control unit in which applets can be swapped in and/or out of the cryptographic control unit.
- FIG. 1 illustrates the prior art MPEG-2
transport stream format 10 that is used to broadcast transport streams from a cable or satellite company to a set top box. The MPEG-2transport stream format 10 is compliant with the ISO/IEC 13838-1 specification. An MPEG-2transport packet 12 is 188 bytes in length and includes atransport header 14, anoptional adaptation field 16, and apayload 18. Thetransport header 14 further includes a program identifier (hereinafter “PID”) 20, which is 13 bits in length. A group of MPEG-2transport packets 12 with the same PID combine to make a packet stream, a group of related packet streams combine to make a program, and a group of programs combine to form one or more transport stream. A “program” in MPEG-2 terminology is a collection ofpacket streams 12 having related PIDs. An example of an MPEG-2 program may be the Home Box Office Channel or the Public Broadcasting System Channel. The PID 20 allows a system to identify the component packet streams of the individual programs. - MPEG-2 provides a general syntax for standard and private messages. A standard table, called the program association table (hereinafter “PAT”), is carried on PID0. The PAT serves as a directory to the streams in the transport multiplex. The PAT includes many entries. Each entry in the PAT correlates a program number with the PID of a program map table (hereinafter “PMT”). The PMT lists individual PIDs associated with the particular program. A PID listed in the PMT of an access-controlled program is the PID of the ECMs associated with the selected program. The other PIDs located in the PMT indicate the PIDs of the data streams that constitute a program, for example video, audio, and the like.
- Two types of messages are used in controlling access to the programs: control messages and access messages. In a preferred embodiment, the control messages are entitlement control messages (hereinafter “ECMs”) and the access messages are entitlement management messages (hereinafter “EMMs”). ECMs are used to specify the access requirement associated with programs. They also typically contain the parameters needed for deriving decrypting keys or control words. ECMs are associated with individual programs. ECMs are transported “in-band” alongside the video and audio streams of a program.
- EMMs are used to convey authorization to the subscribers. They are unicast addressed to each set top box, typically over an out-of-band (hereinafter “OOB”) channel that the set top box is always monitoring, regardless of the channel the subscriber is watching. EMMs are associated with individual set top boxes.
- FIG. 2 is a block diagram which illustrates a
conditional access system 100 for broadcasting programs from a cable or satellite television provider to a set top box. Theconditional access system 100 includes a television broadcasting equipment set-up 102, a television broadcasting equipment set-up 182, and one or moreset top box 130. Each of the television broadcasting equipment set-up 102 and the television broadcasting equipment set-up 182 can provide one or more transport stream, representing multiple programs, over adata line 120 to the one or moreset top box 130. It will be appreciated that in an ordinary system there will be thousands of settop boxes 130 and that only a single set top box is shown for purposes of explaining the present invention. - In an alternate embodiment, the television broadcasting equipment set-
ups - The television broadcasting equipment set-
up 102 includes a multiple programtransport stream generator 104, anECM generator 108, amultiplexer 106, aencryption device 110, adata storage device 112, aquadrature amplitude modulator 114, and anupconversion unit 116. The television broadcasting equipment set-up 102 broadcasts multiple programs to many settop boxes 130 using the MPEG-2 standard. - The multiple program
transport stream generator 104 creates and transmits data streams to themultiplexer 106 and theECM generator 108 creates and transmits ECMs to themultiplexer 106. Themultiplexer 106 combines the data streams generated by the multiple programtransport stream generator 104 and the ECMs generated by theECM generator 108 into one or more transport stream. Preferably, the data format of the one or more transport stream comports with the MPEG-2 specification. Themultiplexer 106 transmits the one or more transport stream to the optionaldata storage device 110. - The optional
data storage device 110 acts as a buffer. The optionaldata storage device 110 receives and stores the one or more transport stream from themultiplexer 106 for a predetermined period of time, and then transmits the one or more transport stream to the quadrature amplitude modulator (hereinafter “QAM”) 114. TheQAM 114 processes the one or more transport stream and transmits a QAM carrier representing the one or more transport stream to theupconverter 116. Theupconverter 116 couples the QAM carrier to a carrier wave and broadcasts the coupled data signal to the settop boxes 130 that are connected to the television broadcasting equipment set-up 102 by thedata line 120. - The television broadcasting equipment set-
up 182 is substantially similar to the television broadcasting equipment set-up 102. A multiple programtransport stream generator 184 of the television broadcasting equipment set-up 182 is substantially similar to the multiple programtransport stream generator 104, anECM generator 188 of the television broadcasting equipment set-up 182 is substantially similar to theECM generator 108, amultiplexer 186 of the television broadcasting equipment set-up 182 is substantially similar to themultiplexer 106, aencryption device 190 of the television broadcasting equipment set-up 182 is substantially similar to theencryption device 110, adata storage device 192 of the television broadcasting equipment set-up 182 is substantially similar to thedata storage device 112, aQAM 194 of the television broadcasting equipment set-up 182 is substantially similar to theQAM 114, and anupconversion unit 196 of the television broadcasting equipment set-up 182 is substantially similar to theupconversion unit 116. The multiple programtransport stream generator 184 differs from the multiple programtransport stream generator 104 in that the one or more transport stream generated by the multiple programtransport stream generators ECM generator 188 differs from theECM generator 108 in that the ECMs generated by theECM generators upconversion unit 196 differs from theupconversion unit 116 in that the carrier frequency theupconversion unit 196 uses to couple the QAM carrier to is generally different than the carrier frequency theupconversion unit 116 uses. - The one or more
set top box 130 includes atuner 132, ademodulator 134, ademultiplexer 136, adecryption device 138, a main central processing unit (hereinafter “main CPU”) 140, adata storage device 141, auser interface 142, asecure processing system 144, for example, as disclosed as the public cryptographic control unit in Sprague et al., an out-of-band interface 146, adecoder 150, and ananalog output 152. The coupled data signal, received by the one or moreset top box 130, is conveyed to thetuner 132. Thetuner 132 is tuned to a particular carrier signal frequency by themain CPU 140 and decouples the carrier signal from the QAM carrier, thereby recovering an intermediate frequency (IF) signal. Once the IF signal is recovered, the IF signal is transmitted to thedemodulator 134. Thedemodulator 134 demodulates the QAM carrier received by thedemodulator 134 and transmits the one or more transport stream to thedemultiplexer 136. - In a certain embodiment, the out-of-band interface146 is an Ethernet interface.
- The
demultiplexer 136 receives the one or more transport stream from thedemodulator 134, and based on control signals from themain CPU 140, conveys the appropriate data streams to thedecryption device 138, thesecure processing system 144, and themain CPU 140. TheCPU 140 provides control signals to thedemultiplexer 136 such that thedemultiplexer 136 transmits two data streams of the one or more transport stream associated with a selected program to thedecryption device 138, transmits one data stream of the one or more transport stream associated with the PMT of the selected program, which is program specific information (PSI), to themain CPU 140, and transmits the data streams containing the ECMs associated with the selected program to thesecure processing system 144. - In an alternate embodiment, more than two data streams can be associated with the selected program, and the
demultiplexer 136 can transmit the data streams associated with the selected program to thedecryption device 138. - The
decryption device 138 receives the two data streams transmitted by thedemultiplexer 136 and decrypts the data streams depending on the control words transmitted by thesecure processing system 144. If one of the EMMs stored in thesecure processing system 144 gives the one or moreset top box 130 the privilege to decrypt a program associated with the ECM received by thesecure processing system 144 from thedemultiplexer 136, thesecure processing system 144 provides the control words necessary to decrypt the two transport streams. The decrypted data streams are then transmitted to the video andaudio decoding unit 150. If the EMMs stored in thesecure processing system 144 do not give the one or moreset top box 130 the privilege to decrypt a program associated with the ECM received by thesecure processing system 144 from thedemultiplexer 136, thesecure processing system 144 does not provide the control words necessary to decrypt the two transport streams, and encrypted data streams are transmitted to the video andaudio decoding unit 150. - The video and
audio decoding unit 150 receives the decrypted transport streams from thedecryption device 138 and decodes the digital signals. The video andaudio decoding unit 150 processes the decrypted data streams and produces an analog signal. The analog signal is transmitted to theanalog output 152, which transmits the analog signal to amonitor 180 which displays the analog signal. - The out-of-band interface146 receives EMMs, a virtual channel table and encrypted conditional access applets from an
access controller 160. The EMMs convey authorization to decrypt particular types of transport streams. The virtual channel table associates a selected channel with a program number, a service provider identifier, and a particular tuner setting. The encrypted conditional access applets are service provider specific applets that are used by thesecure processing system 144 to generate control words. Each of the encrypted conditional access applets is associated with a particular service provider identifier. The out-of-band interface 146 transmits the EMMs, the virtual channel table and the encrypted control word applets, received from anaccess controller 160, to themain CPU 140. - The
main CPU 140 receives the EMMs, the virtual channel table and the encrypted conditional access applets from the out-of-band interface 146. Themain CPU 140 transmits the EMMs to thesecure processing system 144. Themain CPU 140 stores the cable association table in thedata storage device 141, and upon receipt of a selected channel, transmits the service provider identifier associated with the selected channel to thesecure processing system 144. Themain CPU 140 transmits the encrypted conditional access applets to thesecure processing system 144 for storage therein. - The
secure processing system 144 decrypts the EMMs using public-key or private-key cryptographic techniques, or both. Thesecure processing system 144 is described in more detail in relation with FIG. 3. Thesecure processing system 144 uses the decrypted conditional access applet associated with the service provider identifier of the selected channel, which is decrypted within thesecure processing system 144, to compare the ECMs for the selected channel with the EMMs stored within thesecure processing system 144. If the EMMs grant the one or moreset top box 130 the privilege to decrypt the selected channel, thesecure processing system 144 transmits control words, derived from the ECMs and the conditional access applet provided by the service provider associated with the service provider identifier, to thedecrypting device 138 which cause thedecrypting device 138 to decrypt the data streams received from thedemultiplexer 136. For example, if one of the selected program is the Home Box Office Channel, and the ECM for the Home Box Office Channel was PREMIUM, thesecure processing system 144 should have received an EMM that allows the one or moreset top box 130 to decrypt PREMIUM programs in order to provide control words to thedecryption device 138 which will decrypt the data streams that correspond to the Home Box Office channel. Otherwise, thesecure processing system 144 does not transmit any control words to thedecryption device 138, and thedecryption device 138 transmits encrypted content to thedecoding unit 150. - The
user interface 142 receives input from a user and conveys that information to themain CPU 140. A user can command the one or moreset top box 130 to turn on, turn off, select a particular channel, or purchase a pay per view event through theuser interface 142. Theuser interface 142 transmits these commands to themain CPU 140 which carries out the particular command issued by the user. If themain CPU 140 receives a command to purchase a pay per view event, themain CPU 140 transmits a purchase record to the out-of-band interface 146. The out-of-band interface 146 receives the purchase record and transmits the purchase record to theaccess controller 160. In response to the purchase record, theaccess controller 160 transmits an appropriate EMM to the one or moreset top box 130. - In an alternate embodiment, the
access controller 160 may transmit EMMs to the one or moreset top box 130 as out-of-band signals over thedata line 120. In another alternate embodiment, the one or moreset top box 130 can transmit purchase records to the television broadcasting equipment set-up 102 as out-of-band signals over thedata line 120. In yet another alternate embodiment, theaccess controller 160 may transmit the virtual channel table to the one or moreset top box 130 as an out band signal over thedata line 120. - FIG. 3 is a block diagram illustrating the
secure processing system 144. Thesecure processing system 144, for example as disclosed as the public cryptographic control unit in Sprague et al., includes acentral processing unit 202, adata storage device 204, acommunication device 206, and aunique unit identity 208. Thedata storage device 204 includes memory for storing the EMMs received by the one or moreset top box 130 and the conditional access applets received by the one or moreset top box 130. Thecommunication device 206 sends and receives data to and from themain CPU 140 and thedemultiplexer 136, and transmits control words to thedecryption device 138. Thecentral processing unit 202 executes the conditional access applet associated with the service provider identifier received from themain CPU 140. One conditional access applet should be running at any one time. - In an alternate embodiment the
data storage device 204 contains the conditional access applets in addition to the EMMs. - FIG. 4 illustrates a
process 300 for granting conditional access to a selected program. Theprocess 300 begins atstep 302. If themain CPU 140 receives an indication from theuser interface 142 that the user has selected a new channel, theprocess 300 advances to step 304. Otherwise, theprocess 300 remains atstep 302. - At
step 304, themain CPU 140 determines whether the new channel is a valid channel. Themain CPU 140 has the virtual channel table stored in memory. The virtual channel table associates a selected channel with a program number, a service provider identifier, and a particular tuner setting. Themain CPU 140 searches the virtual channel table for a data record corresponding to the new channel. If themain CPU 140 locates a data record corresponding to the new channel, themain CPU 140 informs thesecure processing system 144 that a new channel has been selected, and theprocess 300 advances to step 306. If themain CPU 140 does not locate a data record corresponding to the new channel, the new channel is not a valid channel and theprocess 300 advances to step 305. - At
step 305, themain CPU 140 transmits an error indicator to theuser interface 142. Theuser interface 142 may output an error indication to the user. Once the error indicator is transmitted to theuser interface 142, theprocess 300 advances to step 302. - At
step 306, theprocess 300 reads and stores the information contained within the data record of the virtual channel table corresponding to the new channel. Themain CPU 140 reads the program number, the service provider identifier, and the particular tuner setting from the data record for the new channel. Themain CPU 140 stores these values in thedata storage device 141, and theprocess 300 advances to step 308. - At
step 308, themain CPU 140 transmits the particular tuner setting to thetuner 132 and transmits the particular service provider identifier to thesecure processing system 144. The particular tuner setting will cause thetuner 132 to recover the one or more transport stream carried on the radio frequency carrier associated with the new channel. If the particular service provider identifier for the new channel is different than the particular service provider identifier for the old channel, thesecure processing system 144 will discontinue using the conditional access applet of the particular service provider identifier associated with the old channel, and begin using the conditional access applet of the particular service provider identifier associated with the new channel. This process is further disclosed as the software applet installation and execution process in Veil et al. Once the particular tuner setting and the particular service provider identifier is transmitted to thetuner 132, theprocess 300 advances to step 310. - At
step 310, themain CPU 140 captures the PAT from the one or more transport stream received by thedemultiplexer 136. Themain CPU 140 does this by transmitting control signals to thedemultiplexer 136 which cause thedemultiplexer 136 to transmit the MPEG-2 data packets with PIDs of zero to themain CPU 140. The PAT is a table which associates each of a group of program numbers with a particular PMT PID. Each program number is associated with a single PMT PID. After themain CPU 140 captures the PAT, themain CPU 140 reads the data record corresponding to the program number associated with the new channel. Themain CPU 140 stores the PMT PID associated with the new channel in memory. Once the PMT PID is stored in memory, theprocess 300 advances to step 314. - At
step 314, themain CPU 140 captures the PMT from the one or more transport stream received by thedemultiplexer 136. Themain CPU 140 does this by transmitting control signals to thedemultiplexer 136 which cause thedemultiplexer 136 to transmit the MPEG-2 data packets with PIDs equal to the PMT PID stored in the memory of themain CPU 140 to themain CPU 140. The PMT is a table which lists a group of PIDs. The PMT lists the ECM PID, and the PIDs of the data streams of packets which combine to form the program for the new channel. Themain CPU 140 reads the contents of the PMT and stores it in memory. Once the contents of the PMT are captured, theprocess 300 advances to step 316. - At
step 316, themain CPU 140 transmits control signals to thedemultiplexer 136 which cause thedemultiplexer 136 to transmit the packets with the PIDs listed in the PMT associated with the new channel to thedecryption device 138 and thesecure processing system 144. Thedemultiplexer 136 transmits the MPEG-2 data packets with PIDs equal to the ECM PID to thesecure processing system 144, and the MPEG-2 data packets with PIDs equal to the data stream PIDs associated with the new channel to thedecryption device 138. Once themain CPU 140 transmits the control signals to thedemultiplexer 136, theprocess 300 advances to step 302. - FIG. 5 is a flow chart illustrating a
process 400 for determining whether a set top box has authorization to decrypt a selected program. Theprocess 400 begins atstep 402. Atstep 402, if thesecure processing system 144 receives an MPEG-2 data packet from thedemultiplexer 136, the MPEG-2 data packet contains an ECM for the selected program and theprocess 400 advances to step 404. If thesecure processing system 144 does not receive an MPEG-2 data packet from thedemultiplexer 136, theprocess 400 remains atstep 402. - At
step 404, thesecure processing system 144 determines whether the conditional access applet, currently running on thesecure processing system 144, is associated with the service provider identifier received from themain CPU 140. If the conditional access applet, currently running on thesecure processing system 144, is associated with the service provider identifier received from themain CPU 140, theprocess 400 advances to step 410. If the conditional access applet currently running on thesecure processing system 144 is not associated with the service provider identifier received from themain CPU 140, theprocess 400 advances to step 406. - At
step 406, thesecure processing system 144 determines whether the conditional access applet associated with the service provider identifier is stored in thedata storage device 204. Thesecure processing system 144 issues a request to thedata storage device 204 for the control word applet associated with the service provider identifier. If thedata storage device 204 has the control word applet associated with the service provider identifier, theprocess 400 advances to step 408. If thedata storage device 204 does not have the control word applet associated with the service provider identifier, theprocess 400 advances to step 412. - At
step 408, thesecure processing system 144 begins running the control word applet associated with the service provider identifier. Thesecure processing system 144 reads the control word applet associated with the service provider identifier of the selected channel from thedata storage device 204. Thesecure processing system 144 stops running the conditional access applet that was running on thesecure processing system 144, encrypts the conditional access applet, and stores it within thedata storage device 204. Thesecure processing system 144 installs and begins running the control word applet received from thedata storage device 204, for example, as disclosed as the software applet installation and execution process in Veil et al. Once the control word applet associated with the service provider identifier is installed in thesecure processing system 144, theprocess 400 advances to step 410. - At
step 410, thesecure processing system 144 determines whether it has authorization to decrypt the data streams associated with the new channel. Thesecure processing system 144 uses the conditional access applet currently running on thesecure processing system 144 to compare the ECMs received from thedemultiplexer 136 to the EMMs received from themain CPU 140. If the one or moreset top box 130 contains EMMs granting the one or moreset top box 130 permission to decrypt a channel which is associated with the ECMs received from thedemultiplexer 136, theprocess 400 advances to step 414. Otherwise, thesecure processing system 144 does not have authorization to decrypt the data streams associated with the new channel, and theprocess 400 advances to step 412. - At
step 412, thesecure processing system 144 discontinues transmitting appropriate control words to thedecryption device 138. If thesecure processing system 144 does not transmit appropriate control words to thedecryption device 138, thedecryption device 138 will not decrypt the one or more transport stream received from thedemultiplexer 136. After thesecure processing system 144 discontinues transmission of the appropriate control words to thedecryption device 138, theprocess 400 advances to step 402. - At
step 414, thesecure processing system 144 transmits appropriate control words to thedecryption device 138, such that thedecryption device 138 decrypts the one or more transport stream received from the demultiplexer. Thesecure processing system 144 uses the control word generator for the service provider identifier associated with the new channel to generate control words for thedecryption device 138. Once the control words are generated by the control word generator for the service provider identifier associated with the new channel, the control words are transmitted to thedecryption device 138, and theprocess 400 advances to step 402. Once control words are transmitted to thedecryption device 138, thesecure processing system 144 continues to transmit the control words to thedecryption device 138 until such time as thesecure processing system 144 discontinues transmission of the control words to thedecryption device 138. - The invention has been described in connection with certain preferred embodiments thereof. It will be appreciated that those skilled in the art can modify or alter such embodiments without departing from the scope and spirit of the invention which is set forth in the appended claims.
Claims (16)
1. A secure processing system for a set top box, comprising:
a first system input for receiving at least one authorization message;
a second system input for receiving at least one control message associated with a selected program;
a system output for providing a system output signal;
a data storage device, the data storage device configured to store information associated with the at least one authorization message;
a processing unit configured to receive the at least one control message from the second system input, receive the at least one authorization message from the first system input, and store the information associated with the at least one authorization message in the data storage device, execute a first conditional access client applet, the first conditional access applet configured to cause the system output to transmit a first control signal if the at least one control message specifies a type of program that the set top box is authorized to decrypt given the information associated with the at least one authorization message, and to cause the system output to transmit a second control signal if the at least one control message specifies a type of program that can not be decrypted by the decryption device given the at least one authorization message.
2. The secure processing system of claim 1 , wherein the first control signal is adapted to cause a set top box to decrypt an encrypted signal and transmit a decrypted signal representing the selected program.
3. The secure processing system of claim 1 , wherein the second control signal is adapted to cause the set top box to transmit an encrypted signal representing the selected program.
4. The secure processing system of claim 1 , further comprising a third system input for receiving a service provider identifier.
5. The secure processing system of claim 4 , wherein if the service provider identifier received by the third system input is associated with a second conditional access applet, the central processing unit discontinues execution of the first conditional access applet and executes the second conditional access applet.
6. The secure processing system of claim 5 , wherein the second conditional access applet is configured to cause the system output to transmit a third control signal if the at least one control message specifies a type of program that can be decrypted by the decryption device given the at least one authorization message, and to cause the system output to transmit a fourth control signal if the at least one control message specifies a type of program that can not be decrypted by the decryption device given the at least one authorization message.
7. The secure processing system of claim 6 , wherein the third control signal is adapted to cause a set top box to decrypt an encrypted signal and transmit a decrypted signal representing the selected program.
8. The secure processing system of claim 6 , wherein the fourth control signal is adapted to cause the set top box to transmit an encrypted signal representing the selected program.
9. The secure processing system of claim 1 , wherein the data storage device is nonvolatile random access memory.
10. A method for decrypting a selected program, comprising:
receiving at least one authorization message;
receiving at least one control message associated with a selected program;
storing information conveyed by the at least one authorization message;
transmitting a first control signal if the at least one control message specifies a type of program that can be decrypted given the at least one authorization message; and
transmitting a second control signal if the at least one control message specifies a type of program that can not be decrypted by the decryption device given the at least one authorization message.
11. The method of claim 10 , wherein in response to the first control signal, encrypted signal from a first service provider is decrypted and transmitted representing the selected program.
12. The method of claim 10 , wherein in response to the second control signal, an encrypted signal is transmitted representing the selected program.
13. The method of claim 10 , further comprising the step of receiving a service provider identifier.
14. The method of claim 13 , further comprising the step of transmitting a third control signal if the at least one control message specifies a type of program that can be decrypted given the at least one authorization message, and transmitting a fourth control signal if the at least one control message specifies a type of program that can not be decrypted given the at least one authorization message.
15. The method of claim 14 , wherein in response to the third control signal, an encrypted signal from a second service provider is decrypted and transmitted representing the selected program.
16. The method of claim 15 , wherein in response to the fourth control signal, an encrypted signal is transmitted representing the selected program.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/120,222 US20030196113A1 (en) | 2002-04-10 | 2002-04-10 | System and method for providing a secure environment for performing conditional access functions for a set top box |
US11/342,766 US7461396B2 (en) | 2002-04-10 | 2006-01-30 | System and method for providing a secure environment for performing conditional access functions for a set top box |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/120,222 US20030196113A1 (en) | 2002-04-10 | 2002-04-10 | System and method for providing a secure environment for performing conditional access functions for a set top box |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/342,766 Continuation US7461396B2 (en) | 2002-04-10 | 2006-01-30 | System and method for providing a secure environment for performing conditional access functions for a set top box |
Publications (1)
Publication Number | Publication Date |
---|---|
US20030196113A1 true US20030196113A1 (en) | 2003-10-16 |
Family
ID=28790059
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/120,222 Abandoned US20030196113A1 (en) | 2002-04-10 | 2002-04-10 | System and method for providing a secure environment for performing conditional access functions for a set top box |
US11/342,766 Active 2026-08-05 US7461396B2 (en) | 2002-04-10 | 2006-01-30 | System and method for providing a secure environment for performing conditional access functions for a set top box |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/342,766 Active 2026-08-05 US7461396B2 (en) | 2002-04-10 | 2006-01-30 | System and method for providing a secure environment for performing conditional access functions for a set top box |
Country Status (1)
Country | Link |
---|---|
US (2) | US20030196113A1 (en) |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040228175A1 (en) * | 2003-05-12 | 2004-11-18 | Candelore Brant L. | Configurable cableCARD |
US7000241B2 (en) * | 2002-11-21 | 2006-02-14 | The Directv Group, Inc. | Method and apparatus for minimizing conditional access information overhead while ensuring conditional access information reception in multi-tuner receivers |
US20060075423A1 (en) * | 2002-12-03 | 2006-04-06 | Oliver Brique | Method of managing the display of event specifications with conditional access |
US7225458B2 (en) * | 2002-11-21 | 2007-05-29 | The Directv Group, Inc. | Method and apparatus for ensuring reception of conditional access information in multi-tuner receivers |
US20070169173A1 (en) * | 2002-04-10 | 2007-07-19 | Wave Systems Corp. | System and method for providing a secure environment for performing conditional access functions for a set top box |
US20070198858A1 (en) * | 2006-02-15 | 2007-08-23 | Samsung Electronics Co., Ltd. | Method and apparatus for importing a transport stream |
US20090007225A1 (en) * | 2007-06-29 | 2009-01-01 | Samsung Electronics Co., Ltd. | Method and apparatus for ensuring security of remote user interface session using out-of-band communication |
US20090125966A1 (en) * | 2007-11-14 | 2009-05-14 | Cho Yong Seong | Digital cable broadcasting receiver including security module and method for authenticating the same |
EP1657926A3 (en) * | 2004-11-10 | 2009-12-02 | Kabushiki Kaisha Toshiba | Information processing apparatus |
US7804958B2 (en) | 2000-07-21 | 2010-09-28 | The Directv Group, Inc. | Super encrypted storage and retrieval of media programs with smartcard generated keys |
US7992175B2 (en) | 2006-05-15 | 2011-08-02 | The Directv Group, Inc. | Methods and apparatus to provide content on demand in content broadcast systems |
US8001565B2 (en) | 2006-05-15 | 2011-08-16 | The Directv Group, Inc. | Methods and apparatus to conditionally authorize content delivery at receivers in pay delivery systems |
US8095466B2 (en) | 2006-05-15 | 2012-01-10 | The Directv Group, Inc. | Methods and apparatus to conditionally authorize content delivery at content servers in pay delivery systems |
US20130166694A1 (en) * | 2011-12-22 | 2013-06-27 | Samsung Electronics Co., Ltd. | Electronic apparatus, conditional access system, and control method thereof |
US20130212374A1 (en) * | 2010-03-23 | 2013-08-15 | Cryptoexperts Sas | Method for identifying a device used by a hacked terminal, and related device |
EP2705662A2 (en) * | 2011-06-14 | 2014-03-12 | Sony Corporation | Tv receiver device with multiple decryption modes |
US8775319B2 (en) | 2006-05-15 | 2014-07-08 | The Directv Group, Inc. | Secure content transfer systems and methods to operate the same |
US8996421B2 (en) | 2006-05-15 | 2015-03-31 | The Directv Group, Inc. | Methods and apparatus to conditionally authorize content delivery at broadcast headends in pay delivery systems |
US9178693B2 (en) | 2006-08-04 | 2015-11-03 | The Directv Group, Inc. | Distributed media-protection systems and methods to operate the same |
US9225761B2 (en) | 2006-08-04 | 2015-12-29 | The Directv Group, Inc. | Distributed media-aggregation systems and methods to operate the same |
US9325944B2 (en) | 2005-08-11 | 2016-04-26 | The Directv Group, Inc. | Secure delivery of program content via a removable storage medium |
GB2553295A (en) * | 2016-08-25 | 2018-03-07 | Samsung Electronics Co Ltd | Managing communications between a broadcast receiver and a security module |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040093614A1 (en) * | 2002-10-29 | 2004-05-13 | Atsunori Sakurai | Conditional access system and receiver |
US9652637B2 (en) | 2005-05-23 | 2017-05-16 | Avago Technologies General Ip (Singapore) Pte. Ltd. | Method and system for allowing no code download in a code download scheme |
US9904809B2 (en) * | 2006-02-27 | 2018-02-27 | Avago Technologies General Ip (Singapore) Pte. Ltd. | Method and system for multi-level security initialization and configuration |
US9177176B2 (en) | 2006-02-27 | 2015-11-03 | Broadcom Corporation | Method and system for secure system-on-a-chip architecture for multimedia data processing |
US9489318B2 (en) | 2006-06-19 | 2016-11-08 | Broadcom Corporation | Method and system for accessing protected memory |
EP2129116A1 (en) | 2008-05-29 | 2009-12-02 | Nagravision S.A. | Unit and method for securely processing audio/video data with controlled access |
US8468566B2 (en) | 2009-04-10 | 2013-06-18 | Echostar Technologies L.L.C. | Control message feedback in a satellite broadcast communication system |
EP2337347A1 (en) * | 2009-12-17 | 2011-06-22 | Nagravision S.A. | Method and processing unit for secure processing of access controlled audio/video data |
US8782417B2 (en) | 2009-12-17 | 2014-07-15 | Nagravision S.A. | Method and processing unit for secure processing of access controlled audio/video data |
US8321501B2 (en) * | 2009-12-23 | 2012-11-27 | Intel Corporation | Secure out-of-band storage control |
US20120310837A1 (en) * | 2011-06-03 | 2012-12-06 | Holden Kevin Rigby | Method and System For Providing Authenticated Access to Secure Information |
EP2802152B1 (en) | 2013-05-07 | 2017-07-05 | Nagravision S.A. | Method for secure processing a stream of encrypted digital audio / video data |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4823386A (en) * | 1981-04-02 | 1989-04-18 | Texscan Corporation | Addressable subscriber cable television system |
US5812928A (en) * | 1995-04-12 | 1998-09-22 | Watson Technologies | Cable television control apparatus and method with channel access controller at node of network including channel filtering system |
US5862219A (en) * | 1995-05-12 | 1999-01-19 | General Instrument Corporation | Cable television setback decoder automatic control |
US6745245B1 (en) * | 1998-04-09 | 2004-06-01 | Webtv Networks, Inc. | Managing access to set-top box objects using television conditional access system |
US6757909B1 (en) * | 1999-12-29 | 2004-06-29 | Sony Corporation | Internet set-top box having an in-band tuner and cable modem |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6157719A (en) * | 1995-04-03 | 2000-12-05 | Scientific-Atlanta, Inc. | Conditional access system |
US6351467B1 (en) * | 1997-10-27 | 2002-02-26 | Hughes Electronics Corporation | System and method for multicasting multimedia content |
US6460086B1 (en) * | 1998-12-01 | 2002-10-01 | Sun Microsystems, Inc. | Method and apparatus for delivery of a bytecode embedded within a transport stream |
US6697489B1 (en) * | 1999-03-30 | 2004-02-24 | Sony Corporation | Method and apparatus for securing control words |
US6449720B1 (en) * | 1999-05-17 | 2002-09-10 | Wave Systems Corp. | Public cryptographic control unit and system therefor |
US20010054112A1 (en) * | 2000-01-26 | 2001-12-20 | Lida Nobakht | Channel-based internet network for a satellite system |
US6785716B1 (en) * | 2000-01-26 | 2004-08-31 | Viaclix, Inc. | System and method of channel-based internet network |
US7257227B2 (en) * | 2000-10-26 | 2007-08-14 | General Instrument Corporation | System for denying access to content generated by a compromised off line encryption device and for conveying cryptographic keys from multiple conditional access systems |
US20020146125A1 (en) * | 2001-03-14 | 2002-10-10 | Ahmet Eskicioglu | CA system for broadcast DTV using multiple keys for different service providers and service areas |
US20020157002A1 (en) * | 2001-04-18 | 2002-10-24 | Messerges Thomas S. | System and method for secure and convenient management of digital electronic content |
US20040015958A1 (en) * | 2001-05-15 | 2004-01-22 | Veil Leonard Scott | Method and system for conditional installation and execution of services in a secure computing environment |
US20030196113A1 (en) * | 2002-04-10 | 2003-10-16 | Chris Brown | System and method for providing a secure environment for performing conditional access functions for a set top box |
US7724907B2 (en) * | 2002-11-05 | 2010-05-25 | Sony Corporation | Mechanism for protecting the transfer of digital content |
-
2002
- 2002-04-10 US US10/120,222 patent/US20030196113A1/en not_active Abandoned
-
2006
- 2006-01-30 US US11/342,766 patent/US7461396B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4823386A (en) * | 1981-04-02 | 1989-04-18 | Texscan Corporation | Addressable subscriber cable television system |
US5812928A (en) * | 1995-04-12 | 1998-09-22 | Watson Technologies | Cable television control apparatus and method with channel access controller at node of network including channel filtering system |
US5862219A (en) * | 1995-05-12 | 1999-01-19 | General Instrument Corporation | Cable television setback decoder automatic control |
US6745245B1 (en) * | 1998-04-09 | 2004-06-01 | Webtv Networks, Inc. | Managing access to set-top box objects using television conditional access system |
US6757909B1 (en) * | 1999-12-29 | 2004-06-29 | Sony Corporation | Internet set-top box having an in-band tuner and cable modem |
Cited By (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7804958B2 (en) | 2000-07-21 | 2010-09-28 | The Directv Group, Inc. | Super encrypted storage and retrieval of media programs with smartcard generated keys |
US7461396B2 (en) | 2002-04-10 | 2008-12-02 | Paladin Patents Inc. | System and method for providing a secure environment for performing conditional access functions for a set top box |
US20070169173A1 (en) * | 2002-04-10 | 2007-07-19 | Wave Systems Corp. | System and method for providing a secure environment for performing conditional access functions for a set top box |
US7000241B2 (en) * | 2002-11-21 | 2006-02-14 | The Directv Group, Inc. | Method and apparatus for minimizing conditional access information overhead while ensuring conditional access information reception in multi-tuner receivers |
US7225458B2 (en) * | 2002-11-21 | 2007-05-29 | The Directv Group, Inc. | Method and apparatus for ensuring reception of conditional access information in multi-tuner receivers |
US20060075423A1 (en) * | 2002-12-03 | 2006-04-06 | Oliver Brique | Method of managing the display of event specifications with conditional access |
US7831046B2 (en) * | 2002-12-03 | 2010-11-09 | Nagravision S.A. | Method of managing the display of event specifications with conditional access |
US7398544B2 (en) * | 2003-05-12 | 2008-07-08 | Sony Corporation | Configurable cableCARD |
US20040228175A1 (en) * | 2003-05-12 | 2004-11-18 | Candelore Brant L. | Configurable cableCARD |
EP1657926A3 (en) * | 2004-11-10 | 2009-12-02 | Kabushiki Kaisha Toshiba | Information processing apparatus |
US9325944B2 (en) | 2005-08-11 | 2016-04-26 | The Directv Group, Inc. | Secure delivery of program content via a removable storage medium |
US8510568B2 (en) * | 2006-02-15 | 2013-08-13 | Samsung Electronics Co., Ltd. | Method and apparatus for importing a transport stream |
US20070198858A1 (en) * | 2006-02-15 | 2007-08-23 | Samsung Electronics Co., Ltd. | Method and apparatus for importing a transport stream |
US10977631B2 (en) | 2006-05-15 | 2021-04-13 | The Directv Group, Inc. | Secure content transfer systems and methods to operate the same |
US8001565B2 (en) | 2006-05-15 | 2011-08-16 | The Directv Group, Inc. | Methods and apparatus to conditionally authorize content delivery at receivers in pay delivery systems |
US8095466B2 (en) | 2006-05-15 | 2012-01-10 | The Directv Group, Inc. | Methods and apparatus to conditionally authorize content delivery at content servers in pay delivery systems |
US7992175B2 (en) | 2006-05-15 | 2011-08-02 | The Directv Group, Inc. | Methods and apparatus to provide content on demand in content broadcast systems |
US9967521B2 (en) | 2006-05-15 | 2018-05-08 | The Directv Group, Inc. | Methods and apparatus to provide content on demand in content broadcast systems |
US8775319B2 (en) | 2006-05-15 | 2014-07-08 | The Directv Group, Inc. | Secure content transfer systems and methods to operate the same |
US8996421B2 (en) | 2006-05-15 | 2015-03-31 | The Directv Group, Inc. | Methods and apparatus to conditionally authorize content delivery at broadcast headends in pay delivery systems |
US9178693B2 (en) | 2006-08-04 | 2015-11-03 | The Directv Group, Inc. | Distributed media-protection systems and methods to operate the same |
US9225761B2 (en) | 2006-08-04 | 2015-12-29 | The Directv Group, Inc. | Distributed media-aggregation systems and methods to operate the same |
US20090007225A1 (en) * | 2007-06-29 | 2009-01-01 | Samsung Electronics Co., Ltd. | Method and apparatus for ensuring security of remote user interface session using out-of-band communication |
US8966641B2 (en) * | 2007-06-29 | 2015-02-24 | Samsung Electronics Co., Ltd. | Method and apparatus for ensuring security of remote user interface session using out-of-band communication |
US20090125966A1 (en) * | 2007-11-14 | 2009-05-14 | Cho Yong Seong | Digital cable broadcasting receiver including security module and method for authenticating the same |
US9178695B2 (en) * | 2010-03-23 | 2015-11-03 | Cryptoexperts Sas | Method for identifying a device used by a hacked terminal, and related device |
US20130212374A1 (en) * | 2010-03-23 | 2013-08-15 | Cryptoexperts Sas | Method for identifying a device used by a hacked terminal, and related device |
EP2705662A4 (en) * | 2011-06-14 | 2015-05-06 | Sony Corp | Tv receiver device with multiple decryption modes |
EP2705662A2 (en) * | 2011-06-14 | 2014-03-12 | Sony Corporation | Tv receiver device with multiple decryption modes |
US9392318B2 (en) | 2011-06-14 | 2016-07-12 | Sony Corporation | Receiver device with multiple decryption modes |
US9237385B2 (en) * | 2011-12-22 | 2016-01-12 | Samsung Electronics Co., Ltd. | Electronic apparatus, conditional access system, and control method thereof |
US20130166694A1 (en) * | 2011-12-22 | 2013-06-27 | Samsung Electronics Co., Ltd. | Electronic apparatus, conditional access system, and control method thereof |
GB2553295A (en) * | 2016-08-25 | 2018-03-07 | Samsung Electronics Co Ltd | Managing communications between a broadcast receiver and a security module |
GB2553295B (en) * | 2016-08-25 | 2020-12-16 | Samsung Electronics Co Ltd | Managing communications between a broadcast receiver and a security module |
Also Published As
Publication number | Publication date |
---|---|
US20070169173A1 (en) | 2007-07-19 |
US7461396B2 (en) | 2008-12-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7461396B2 (en) | System and method for providing a secure environment for performing conditional access functions for a set top box | |
US7515712B2 (en) | Mechanism and apparatus for encapsulation of entitlement authorization in conditional access system | |
CA2167222C (en) | Countdown system for conditional access module | |
US6766451B1 (en) | Transmission system | |
US7200868B2 (en) | Apparatus for encryption key management | |
AU758667B2 (en) | Signalling of bouquet information in a digital transmission system | |
EP1600000B1 (en) | Conditional access personal video recorder | |
KR101364462B1 (en) | Method and device for authorising conditional access | |
US20020101991A1 (en) | Method of identifying multiple digital streams within a multplexed signal | |
US20040237100A1 (en) | Validating client-receivers | |
US20040187161A1 (en) | Auxiliary program association table | |
KR20000070915A (en) | Data multiplexing device, program distribution system, program transmission system, pay broadcast system, program transmission method, conditional access system, and data reception device | |
EP1226717B1 (en) | Method of accessing transmitted audio/video data protected according to different conditional access systems by a same apparatus | |
JP2005295589A (en) | Mechanism and apparatus for encapsulation of registration authorization in conditional access system | |
KR100700301B1 (en) | Transmission system | |
US20020118608A1 (en) | Transmission device and method, reception device and method, recording medium and program | |
JP2000295202A (en) | Limited reception system | |
KR20100069373A (en) | Conditional access system and method exchanging randon value | |
JP2000101984A (en) | Limited receiving system of cable television, and its transmitter and its receiver | |
US7254236B1 (en) | Method and system for handling two CA systems in a same receiver | |
CN108650549B (en) | Digital television data management method and system | |
JP3561599B2 (en) | Digital signal receiver | |
JP2001211127A (en) | Scramble control method for digital broadcast | |
JP2002246995A (en) | Transmission device and method therefor, receiving device and method therefor, recording medium, and program thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: WAVE SYSTEMS CORP., MASSACHUSETTS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BROWN, CHRIS;SO, NICOL;KAZMIERCZAK, GREGORY;REEL/FRAME:012791/0727;SIGNING DATES FROM 20020312 TO 20020406 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: PALADIN PATENTS INC., DELAWARE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:WAVE SYSTEMS CORP.;REEL/FRAME:017629/0795 Effective date: 20060424 |