EP1247399A1 - Conditional access and security for video on-demand systems - Google Patents

Conditional access and security for video on-demand systems

Info

Publication number
EP1247399A1
EP1247399A1 EP01904852A EP01904852A EP1247399A1 EP 1247399 A1 EP1247399 A1 EP 1247399A1 EP 01904852 A EP01904852 A EP 01904852A EP 01904852 A EP01904852 A EP 01904852A EP 1247399 A1 EP1247399 A1 EP 1247399A1
Authority
EP
European Patent Office
Prior art keywords
video
key
subscriber station
services
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP01904852A
Other languages
German (de)
French (fr)
Inventor
Michael C. Bertram
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sedna Patent Services LLC
Original Assignee
Diva Systems Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Diva Systems Corp filed Critical Diva Systems Corp
Publication of EP1247399A1 publication Critical patent/EP1247399A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25866Management of end-user data
    • H04N21/25875Management of end-user data involving end-user authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/472End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content
    • H04N21/47202End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content for requesting content on demand, e.g. video on demand
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/173Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
    • H04N7/17309Transmission or handling of upstream communications
    • H04N7/17336Handling of requests in head-ends
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/173Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
    • H04N7/17345Control of the passage of the selected programme
    • H04N7/17354Control of the passage of the selected programme in an intermediate station common to a plurality of user terminals

Definitions

  • This invention relates generally to the field of video distribution networks.
  • this invention relates to conditional access and security for video on-demand distribution networks.
  • Conditional access for digitally transmitted services satisfies at least two important goals. First, it protects the content from theft during transmission.. Second, it provides specific controls over which target devices may access and use the content.
  • Problematic attributes of video on-demand services for conditional access systems include: 1) that video on-demand services use a large number of data streams (on the order of thousands); 2) that video on-demand services target data streams to individual users; and 3) that video on-demand services are not pre-scheduled.
  • the current practice for conditional access for digital broadcast services can be applied to video on-demand services, the different attributes discussed above lead to problems.
  • the current practices for conditional access typically are not designed to accommodate the generation and distribution of encryption keys and authorizations for thousands of services.
  • the generation and distribution time for on-demand authorizations is not fast enough to support timely decryption of video on- demand services. Therefore, there is a need for conditional access systems and methods for video on- demand services that protects the content from theft and controls access of target devices to the content.
  • a method for providing conditional access to video services for a plurality of subscriber stations comprises the steps of: authorizing the plurality of subscriber stations to receive the video services; receiving a first order for a first video service from a first subscriber station; and transmitting tuning data to the first subscriber station so that the first subscriber station is able to receive the first video service.
  • the present invention is also directed to preventing theft of the content of transmissions with a method comprising the additional steps of: scrambling the first video service using a first key to generate a first scrambled video service; generating a de-scrambling message having scrambling data to allow de-scrambling of the first video service by the plurality of subscriber stations; transmitting the first scrambled video service to the plurality of subscriber stations; and transmitting the de-scrambling message to the plurality of subscriber stations.
  • the present invention also includes a system that provides secure transmission and complete access control for target devices. Such a system includes a distribution center, a video-on-demand system, a transmission network and a plurality of target devices or subscriber stations.
  • FIG. 1 is a schematic diagram of a conventional video broadcast distribution network.
  • Figure 2 is a flow chart of the prior art method for processing of the content at the distribution center and transmission to subscriber stations.
  • Figure 3 A is a flow chart of the prior art method for receiving and processing a transmission at an authorized subscriber station.
  • Figure 3B is a flow chart of the prior art method for receiving and processing a transmission at an unauthorized subscriber station.
  • Figure 4 A is a schematic diagram of a video-on-demand system utilizing the present invention.
  • Figure 4B is a block diagram of a subscriber station in the system of Figure 4A.
  • Figure 5 is a flow chart of a preferred embodiment of the method for processing of the content at the distribution center and transmission to subscriber stations.
  • Figure 6 A is a flow chart of a preferred embodiment of the method for receiving and processing a transmission at a subscriber station that has requested video-on-demand services.
  • Figure 6B is a flow chart of a preferred embodiment of the method for receiving and processing a transmission at an subscriber station that has not requested video-on-demand services.
  • Figure 6C is a flow chart of a method for receiving and processing a transmission at a non-subscriber station attempting to pirate video-on-demand services.
  • Figure 7 is a block diagram illustrating the transmission of data and keys with respect to time according to the prior art.
  • Figure 8 is a block diagram illustrating the transmission of data and keys with respect to time according to the present invention.
  • Figure 9 is a block diagram illustrating a hybrid/fiber coax network and the use of keys per channel and program according to the present invention.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Throughout this description various terms are used to describe the invention.
  • Scrambling comprises a method of protecting a data stream by transforming the value bits in the stream based on a given key.
  • scrambling has the same meaning as encrypting.
  • De-scrambling comprises a method of transforming data stream bits back to their original value based on the use of a key.
  • de-scrambling has the same meaning as decryption.
  • a conditional access (CA) system is a system that generates keys, de-scrambling messages, and authorization messages supporting the scrambling and de-scrambling of, e.g., MPEG encoded programs.
  • a descrambling message comprises a conditional access message containing de-scrambling information for a particular MPEG program.
  • the de-scrambling information may be the de- scrambling key or the information a Set Top Box (or boxes) needs to generate or derive the de-scrambling key.
  • An authorization message comprises a conditional access message authorizing a particular Set Top Box to use a de-scrambling key to de-scramble a particular MPEG program.
  • Figure 1 is a schematic diagram of a conventional video broadcast network 100.
  • the conventional video broadcast distribution network 100 typically includes one or more broadcast sources 102a, 102b, and 102c, one or more distribution centers 104, one or more secondary distribution networks 106, and a plurality of targets or subscriber stations 108a-i.
  • the broadcast sources 102a, 102b, and 102c provided video and audio content for various channels in the broadcast network 100.
  • the broadcast sources 102a, 102b, and 102c include what are referred to as premium channels such as HBO, Showtime, Cinemax, etc.
  • the sources 102a, 102b, and 102c may also be, for example, pay-per-view (PPV) channels.
  • PSV pay-per-view
  • the sources 102a, 102b, and 102c are typically coupled via a primary distribution network (show as connector lines) to the distribution center 104.
  • the distribution center 104 may be, for example, a cable head-end.
  • the distribution center 104 receives the content from the broadcast sources 102a, 102b, 102c, and associates the content with channels and transmits the content over predetermined channels in the secondary distribution network 106.
  • the distribution center 104 is coupled via a secondary distribution network 106 to the subscriber stations 108a-i.
  • the secondary distribution network 106 comprises for example, various amplifiers, bridges, taps, and drop cables.
  • the subscriber stations 108a-i may be, for example, set-top boxes and associated television equipment for viewing the video content by end users.
  • FIG. 2 illustrates the processing of the video and audio signals (content) done at the distribution center 104 before transmission.
  • the distribution center 104 sends or distributes authorization for pre-scheduled services to the individual subscriber stations 108 in step 202. Then at some later time, the distribution center 104 scrambles a pre-scheduled service in step 206 and at the same time generates a de-scrambling message in step 208.
  • the distribution center 104 sends the scrambled pre-scheduled service and the de-scrambling message over the network 106.
  • Figure 3 A shows the prior art method for receiving and processing a transmission at an authorized subscriber station 108a-i.
  • Figure 3B shows the prior art method for receiving and processing a transmission at an unauthorized subscriber.
  • step 302 Parallel in time to, or even before or after step 302, the user inputs signals to a corresponding subscriber station 108 to tune the subscriber station 108 to the pre-scheduled service in step 306. Then in step 308, the subscriber station 108 receives the scrambled data for pre-scheduled service and a de-scrambling message. Once steps 302, 306, and 308 have been completed, the prior art process transitions to step 310. Now having received the necessary information from steps 302 and 308, the subscriber station 108 generates or derives the key using the de-scrambling message from step 308 if authorized. Next in step 312, the subscriber station 108 de-scrambles the pre-scheduled service using the derived key from step 310.
  • the subscriber station 108 can display the pre-scheduled service on a display device of the subscriber station 108.
  • the key is used to control access by the respective subscriber station 108 to the content.
  • a unique key is needed for each program, and each subscriber station 108a-I must receive the authorization before the key to the program can be decrypted in the prior art.
  • Figure 3B the processing that occurs when an unauthorized subscriber station 108 attempts to gain access to the content is illustrated.
  • Figure 3B is a flow chart of the prior art method for receiving and processing a transmission at an unauthorized subscriber station. For ease of understanding like reference numerals have been used for like steps.
  • the user inputs signals to a corresponding subscriber station 108 to tune the subscriber station 108 to the pre-scheduled service in step 306. Also in step 308, the subscriber station 108 receives the scrambled data for pre-scheduled service and the de-scrambling message. However, step 302 at the unauthorized subscriber station 108 are never completed. Rather as shown by the flow chart in step 316 the subscriber station 108 does not receive the authorization for pre-scheduled services. Therefore, the unauthorized subscriber station 108 is unable to perform step 310 and is unable to derive the key and de-scramble the signal for display in step 320.
  • Figures 3 A and 3B show the importance in the prior art of having a fairly small number of data streams (on the order of tens) that have many potential users, and that digital broadcast services can generally be pre-scheduled allowing authorization to be generated and distributed before they are needed.
  • Figure 4 is a schematic diagram of a system 400 utilizing the present invention. The present invention is directed to the addition of a video-on-demand system 402 and to providing conditional access and security in such a combined system 400. Again, for ease of understanding like reference numerals have been used for similar elements with the same functionality.
  • the combined system 400 preferably comprises one or more broadcast sources 102a/b/c, one or more video-on-demand (VOD) system 402, a distribution center 104, a VOD content server 404, a session manager 406, a transport multiplexer 410, a conditional access system, a secondary distribution network 106 and a plurality of subscriber stations 408a-408i.
  • VOD video-on-demand
  • An exemplary such video-on-demand system 400 is described in pending U.S. Patent Application Number 08/984,710, filed December 4, 1997, and entitled "System for Interactively Distributing Information Services," the disclosure of which is incorporated herein by reference. The following description will focus on differences from such a system.
  • the combined system 400 differs from the prior art of Figure 1 by providing video-on-demand data streams.
  • the system 400 has a plurality of VOD systems 402 to provide the content as requested by the subscriber stations 108a-108i in addition to the broadcast sources 102 used in traditional cable networks to provided video and audio content for various channels.
  • the VOD system 402 for example may include various movies that may be requested by the user. The available number of movies to the subscriber stations 108a-108i can be in the thousands.
  • Both the broadcast sources 102 and the VOD system 402 are coupled to provide their content to the distribution center 104, preferably via a primary distribution network.
  • the VOD system 402 preferably comprises a content server 404, a session manager 406, a transport stream multiplexer/scrambler 410 and a conditional access system 412.
  • the content server 404 stores the video content such thousands of movies, and in response to signals from the session manager 406 provides the video content to the transport stream multiplexer/scrambler 410.
  • the session manager 406 controls the content server 404, the transport stream multiplexer/scrambler 410 and the conditional access system 412 in response to user requests.
  • the session manager is coupled to each of these devices for sending control signals.
  • the session manager 406 is also coupled to each subscriber station 408 by a out of band communication channel 420 to receive input from the subscribers.
  • conditional access system 412 sends control signals, encryption keys and authorization messages to the transport stream multiplexer/scrambler 410.
  • control signals As will be known to those skilled in the art, multiple commercial vendors offer conditional access systems compatible with conditional access messaging defined by the MPEG-2 standard that could be used for conditional access system 412.
  • the transport stream multiplexer/scrambler 410 send the content and control signal in both scrambled and not scrambled format to the distribution center 104.
  • the session manager 406 also instructs the transport stream multiplexer/scrambler 410 which channels and program ID to use when transmitting the content.
  • the distribution center 104 is similar to that described above with reference to Figure 1.
  • the distribution center 104 transmits the typical broadcast content, but also transmits the content, access and communication necessary for VOD services.
  • the VOD system 402 may provide the functionality as described in U.S. Patent Application Serial No. 08/984,710, filed December 4, 1997, entitled "System for Interactively Distributing Information Service” which is incorporated herein by reference.
  • the distribution center 104 is coupled to the secondary distribution network 106.
  • the streams transmitted include both the typical broadcast content (A) but also video-on-demand services (B) as shown in the Figure 4.
  • the coupling of the distribution center 104 to the secondary distribution network 106 provides a return channel (shown by dotted line 420) for sending signals from the subscriber stations 408a-i to the VOD system 402, in particular, the session manager 406.
  • the VOD services are provided on channel resources that are re-used and reallocated to different subscribers, and the subscriber station requires tuning information to access the VOD services.
  • the distribution center 104 and the VOD system 402 are coupled via a secondary distribution network 106 to the subscriber stations 408a-408i.
  • the secondary distribution network 106 comprises for example, various amplifiers, bridges, taps, and drop cables.
  • the subscriber stations 408a-408i are, by way of example, set-top boxes and associated television equipment for viewing the video content by end users.
  • the subscriber stations 408a-408i or set-top boxes differ from the prior art in that they included added functionality in the form of programs downloaded or stored in ROM that provide the functionality described below with reference to Figures 6A-6C. More specifically, the programs provide method for ensuring that access to the VOD services are authorized and that does not suffer from the above-identified shortcomings of the prior art.
  • FIG 4B one exemplary embodiment for a subscriber stations 408 is shown.
  • Each subscriber station 408 preferably comprises a tuner/de-multiplexer 450, a controller 452, a de-scrambler 454, a key generator 456, a video decoder 457, and a display device 458.
  • the tuner/de-multiplexer 450 tunes to a particular frequency and program ID in response to signals from the controller 452.
  • the tuner/de-multiplexer 450 monitors the channels and extracts the signals for the identified channel.
  • the tuner/de- multiplexer 450 also extracts control information from the channel and provides it to the controller 452 and the key generator 456. General control signals, tuning information, and other communication with the session manager 406 are provided to the controller 452. .
  • the tuner/de-multiplexer 450 also extracts and provides entitlement management messages and entitlement control messages to the key generator 456.
  • the key generator 456 may be a smart card coupled to the subscriber station 408 or may be ROM included in the subscriber station 408.
  • the controller 452 enables the key generator 456 to derive a key that is sent to the de-scrambler 454 to de-scramble or decrypt the video content.
  • the video streams are presented to the video decoder 457 that converts the MPEG streams to an video analog signals. The analog signals are then presented to a display device 458.
  • the present invention is applicable to any variety of video distribution system whether is uses cable or some other media for distribution such as but not limited to a satellite system, a digital subscriber line system, and a microwave system.
  • a prefe ⁇ ed embodiment of the method for processing of the content at the distribution center 104 and transmission of the content to subscriber stations 408 according to the present invention is shown.
  • the method begins in step 501 by configuring the conditional access system 412 to scramble all the VOD programs as scrambled broadcast services. In other words, the VOD services are provisioned to be scrambled all the time.
  • step 502 at least one subscriber station 408 is authorized for all VOD services. More preferably, the present invention authorizes all subscriber stations 408 connected to the network for all VOD services. This authorization is preferably accomplished by having the server 404 send the authorization to the all subscriber stations 408.
  • An authorization message is a message authorizing a particular subscriber station to use a de-scrambling key to de-scramble a program.
  • authorization of the subscriber stations 408 is performed by sending an entitlement management message (EMM) from the distribution center 104 to each of the subscriber stations 408.
  • EMM entitlement management message
  • This step 502 is preferably performed at initialization of the communication between a particular subscriber station 408 and the system 400.
  • the method proceeds in parallel to steps 512, 506, 508. Since the system 400 provides the streams of video data in response to a request from respective subscriber station 408.
  • the duration between step 502 and the other steps 512, 506, 508 can vary significantly for each subscriber station 408 and may be any length of time.
  • step 512 using the return channel unique to the VOD system 400, the VOD system 402 and distribution center 104 receives a request or order for VOD services from a particular subscriber station 408.
  • step 514 responsive to the request, the VOD system 402 and distribution center 104 sends tuning data to the individual subscriber 408. This preferably accomplished by sending the frequency and MPEG program number by reference or value using the VOD downstream communication control path.
  • the actual information for tuning to the channel may be provided or this virtually may be done by providing a index to a table at the subscriber station 408 that is used to look up the value in a table.
  • This feature of the present invention is particularly advantageous because it solves the problem presented VOD services of targeting data streams to individual users.
  • the tuning information is know by the user, can be used to tune to the program and cannot be used to control access.
  • the transmission and use of the tuning information as described above permits the targeting of particular programs streams to particular users as was not possible in the prior art.
  • the VOD system 402 and distribution center 104 scrambles or encrypts the streams of the VOD service; and in step 508, the VOD system 402 and distribution center 104 generate a de- scrambling message for producing the key for decoding the streams of the VOD service.
  • the de-scrambling message preferably includes data that can be used by the subscriber station 408 to derive or generate the key.
  • the de-scrambling message preferably takes the form of an entitlement control message (ECM) in the MPEG protocol.
  • ECM entitlement control message
  • the present invention preferably uses the same key or key set for a number of programs.
  • the distribution center 104 transmits the scrambled VOD service and the de-scrambling message over the secondary distribution network 106. This completes the processes of the present invention at the distribution center 104.
  • the security of the content being distributed is maintained by the present invention using scrambling or encryption. Any one of the various and conventional encryption methods could be used.
  • the present invention is particularly advantageous because the system 400 uses the same keys for all subscriber stations 408. Thus, even with thousands of subscribers, the distribution of the keys is not problematic.
  • the keys are used to protect against theft of the transmission signal but are not use to control or prevent access by a subscriber station 408. While the present invention uses multiple keys for groups of subscribers, the present invention avoids the problem of the prior art of requiring a key for each subscriber station 408 connected to the network 106.
  • Figures 6A-6C the various processes that may occur at the subscriber stations 408 will be described. With the method of the present invention, there are three possible scenarios: an authorized user ordering VOD service, a subscriber not ordering VOD service, an attempt to pirate or steal VOD service.
  • FIG. 6A the prefe ⁇ ed method for receiving and processing a transmission at a subscriber station 408 that has requested video-on-demand services will be described.
  • the process begins in step 608 with the user inputting an order for VOD services, and the respective subscriber station 408 receiving input and generating an order for VOD services that is sent over the back channel to the video VOD system 402. Then in step 610, the subscriber station 408 receives tuning data indicating both which channel of a plurality of pre-defined VOD channels the content will be transmitted on and which PIDs (program identification numbers) the content will be marked with.
  • the PIDs are selected by the session manager 406 and sent by value or by reference to the server 404 and the subscriber station 408.
  • the sever 404 preferably provides the requested program on an available channel and the PIDs are included in the header of all packets sent on a stream and associated with the program.
  • step 612 the subscriber station 408 tunes to the channel specified by the tuning data from step 610.
  • step 606 the subscriber station 408 receives the scrambled or encrypted VOD service and the de-scrambling message in step 606 responsive the execution of step 510 by the distribution center 104.
  • step 606 the method continues in step 614.
  • the subscriber station 408 performed step 602 to receive authorization for all VOD service.
  • the subscriber station 408 performs step 602 responsive to step 502, and need perform step 602 only once upon initialization, and long before step 614. Such information would be stored at and by the subscriber station 408.
  • step 614 the subscriber station 408 uses the de-scrambling message, namely the decryption data, to derive or generate the key for de-scrambling the content.
  • step 616 the key is used to de-scramble the VOD service.
  • step 618 the subscriber station 408 decodes the signal and displays it the VOD on an associated display device. It should be noted that access to the VOD service is controlled in two ways. First, requiring the key for decryption protects all content of the VOD service.
  • the access to the VOD service for a particular subscriber station 408 is controlled by the VOD system 402 that controls whether the subscriber station 408 knows which channel is being used to provide the VOD service, thus, to which the subscriber station 408 must tune.
  • additional keys may be used to provide additional levels of security. For example, at a later time a second key may be substituted for the first key, where the first key and the second key are both members of a first set of keys, and where the decryption data is usable to decrypt each member of the first set of keys.
  • FIG. 6B illustrates the processing that occurs at the subscriber station 408 when no service has been requested.
  • the subscriber station 408 performs step 602 as do all subscriber stations 408 to become authorized for VOD services.
  • the subscriber station 408 will not send a request for VOD service to the VOD system 402 in step 620, and therefore, will also never receive the necessary tuning data in step 622.
  • any attempts in step 624 to get the VOD service without notifying the video VOD system 402 and thus not be charged is not possible.
  • FIG. 6B most clearly shows that it is the failure to provide tuning data in the present invention that prevents a authorized subscriber station 408 that has not ordered the VOD services from decoding the VOD services signal.
  • FIG 6C the processing that occurs at the subscriber station 408 when a non-subscriber attempts to pirate video-on-demand services will be described.
  • the non-subscriber by definition will not receive the authorization in step 628. Since the subscriber station 408 is a non-subscriber there will have been no initialization and not received the authorization in step 628. Nonetheless, the non-subscribing station 408 may through illegitimate means determine the tuning data in step 626.
  • the non-subscribing station 408 could tune to the channel having the VOD services.
  • the non-subscribing station 408 receives the scrambled VOD services and the de- scrambling message.
  • the non-subscribing station 408 will attempt to derive or generate the key, however, it does not have the authorization and data necessary to derive the key, and therefore will be unable to de-scramble the VOD services.
  • the lack of the authorization and thus the key provides the protection against theft of the VOD services.
  • Figures 7 & 8 Each Figure shows the distribution of keys for controlling access to the video content provided by the distribution center 104.
  • FIG 7 is a block diagram illustrating the transmission of data and keys with respect to the transport stream such as MPEG according to the prior art.
  • the prior art sends a different key associated with the program, and thus, controls access to the program.
  • each subscriber station 408 is enabled to access the program depending on whether the subscriber station 408 has received the key co ⁇ esponding to the program.
  • this is not problematic because there are relatively few programs.
  • VOD services there may be thousands of programs, and if each required a separate key, the distribution of the keys themselves would cause failures making the programs not accessible to the subscriber stations 408.
  • Figure 9 is diagram for a hybrid fiber/coax network 900 including a headend 902, plurality of nodes 904 providing a plurality of channel 906 each having a plurality of programs 908.
  • Figure 9 illustrates the use of the same key for each channel.
  • the number of keys to be distributed is reduced by a factor of n.
  • n is the number of programs 908 per channel or frequency.
  • this an 8:1 reduction in the number of keys needed.
  • this concept can be extended to used one key for groups of channel, or even one key for each node.
  • the present invention ensures that the distribution of keys is not a obstacle to providing the conditional access desired.
  • the present invention uses the mechanisms of (1) scrambling, (2) authorization messages and (3) tuning to control access.
  • the subscriber station 408 requires all three to be able to receive and de-scramble signals transmitted over the network 106 to the subscriber station 408.
  • the present invention minimizes traffic over the network 106 by using the same encryption decryption keys for the channels; and sending authorization messages upon initialization. Therefore, even though there are thousands of programs each being sent to individual subscriber, conditional access is maintained with nominal impact on network bandwidth. It is to be understood that the specific mechanisms and techniques that have been described are merely illustrative of one application of the principles of the invention. For example, while the present invention is described in application to a video on-demand system, it also has some application in other point cast on-demand services such as data. Numerous additional modifications may be made to the methods and apparatus described without departing from the true spirit of the invention.

Abstract

A system that provides secure transmission and complete access control for target devices. Such a system includes a distribution center, a video-on-demand system, a transmission network and a plurality of target devices. The video-on-demand system advantageously provides for encryption of the transmission, transmission of access keys, and access control. The target devices also include circuitry for communicating with the video server and decrypting the transmission and controlling access to video services. A method for providing conditional access to video services for a plurality of subscriber stations comprises the steps of: authorizing the plurality of subscriber stations to receive the video services; receiving a first order for a first video service from a first subscriber station; and transmitting tuning data to the first subscriber station so that the first subscriber station is able to receive the first video service. The method may also prevent the theft of the content of transmissions by performing the steps of: scrambling the first video service using a first key to generate a first scrambled video service; scrambling the first key using decryption data to generate a first scrambled key; distributing the decryption data to decrypt the first scrambled key to the plurality of subscriber stations; transmitting the first scrambled video service to the plurality of subscriber stations; and transmitting the first scrambled key to the plurality of subscriber stations.

Description

CONDITIONAL ACCESS AND SECURITY FOR VIDEO ON-DEMAND SYSTEMS
Inventor: Michael C. Bertram
BACKGROUND OF THE INVENTION 1. Field of the Invention This invention relates generally to the field of video distribution networks. In particular, this invention relates to conditional access and security for video on-demand distribution networks. 2. Description of the Background Art Conditional access for digitally transmitted services satisfies at least two important goals. First, it protects the content from theft during transmission.. Second, it provides specific controls over which target devices may access and use the content. Three major digital video conditional access approaches currently exist in the marketplace. The GI Digicypher system from General Instruments and the SA Powerkey system from Scientific-Atlanta are used for digital broadcast services, primarily in the United States. DVB Common Scrambling Algorithm based systems are used primarily in Europe. Current practice for conditional access for digital broadcast services works well because of several attributes of broadcast services. These attributes include: 1) that digital broadcast services are usually comprised of a fairly small number of data streams (on the order of tens); 2) that digital broadcast services have many potential users of each data stream; and 3) that digital broadcast services can generally be pre-scheduled (this is true of both premium services and pay per view services) allowing authorization to be generated and distributed before they are needed. However, the current practice for conditional access for digital broadcast services does not work well for video on-demand services and systems. Video on-demand services have attributes which are quite different from the attributes of digital broadcast services. Problematic attributes of video on-demand services for conditional access systems include: 1) that video on-demand services use a large number of data streams (on the order of thousands); 2) that video on-demand services target data streams to individual users; and 3) that video on-demand services are not pre-scheduled. Although the current practice for conditional access for digital broadcast services can be applied to video on-demand services, the different attributes discussed above lead to problems. For example, the current practices for conditional access typically are not designed to accommodate the generation and distribution of encryption keys and authorizations for thousands of services. Additionally, the generation and distribution time for on-demand authorizations is not fast enough to support timely decryption of video on- demand services. Therefore, there is a need for conditional access systems and methods for video on- demand services that protects the content from theft and controls access of target devices to the content.
SUMMARY OF THE INVENTION The present invention overcomes the shortcomings of the prior art and provides a solution to the conditional access and security issues presented above. In accordance with the present invention, a method for providing conditional access to video services for a plurality of subscriber stations comprises the steps of: authorizing the plurality of subscriber stations to receive the video services; receiving a first order for a first video service from a first subscriber station; and transmitting tuning data to the first subscriber station so that the first subscriber station is able to receive the first video service. In another aspect, the present invention is also directed to preventing theft of the content of transmissions with a method comprising the additional steps of: scrambling the first video service using a first key to generate a first scrambled video service; generating a de-scrambling message having scrambling data to allow de-scrambling of the first video service by the plurality of subscriber stations; transmitting the first scrambled video service to the plurality of subscriber stations; and transmitting the de-scrambling message to the plurality of subscriber stations. The present invention also includes a system that provides secure transmission and complete access control for target devices. Such a system includes a distribution center, a video-on-demand system, a transmission network and a plurality of target devices or subscriber stations. The video-on-demand system advantageously provides for scrambling of the transmission, transmission of de-scrambling messages, and access control. The target devices also include circuitry for communicating with the video server and de-scrambling the transmission and controlling access to video services. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a schematic diagram of a conventional video broadcast distribution network. Figure 2 is a flow chart of the prior art method for processing of the content at the distribution center and transmission to subscriber stations. Figure 3 A is a flow chart of the prior art method for receiving and processing a transmission at an authorized subscriber station. Figure 3B is a flow chart of the prior art method for receiving and processing a transmission at an unauthorized subscriber station. Figure 4 A is a schematic diagram of a video-on-demand system utilizing the present invention. Figure 4B is a block diagram of a subscriber station in the system of Figure 4A. Figure 5 is a flow chart of a preferred embodiment of the method for processing of the content at the distribution center and transmission to subscriber stations. Figure 6 A is a flow chart of a preferred embodiment of the method for receiving and processing a transmission at a subscriber station that has requested video-on-demand services. Figure 6B is a flow chart of a preferred embodiment of the method for receiving and processing a transmission at an subscriber station that has not requested video-on-demand services. Figure 6C is a flow chart of a method for receiving and processing a transmission at a non-subscriber station attempting to pirate video-on-demand services. Figure 7 is a block diagram illustrating the transmission of data and keys with respect to time according to the prior art. Figure 8 is a block diagram illustrating the transmission of data and keys with respect to time according to the present invention. Figure 9 is a block diagram illustrating a hybrid/fiber coax network and the use of keys per channel and program according to the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Throughout this description various terms are used to describe the invention. Unless modified by the following description, several of the terms are defined as follows: Scrambling comprises a method of protecting a data stream by transforming the value bits in the stream based on a given key. For the purposes of this disclosure, scrambling has the same meaning as encrypting. De-scrambling comprises a method of transforming data stream bits back to their original value based on the use of a key. For the purposes of this description, de-scrambling has the same meaning as decryption. A conditional access (CA) system is a system that generates keys, de-scrambling messages, and authorization messages supporting the scrambling and de-scrambling of, e.g., MPEG encoded programs. A descrambling message comprises a conditional access message containing de-scrambling information for a particular MPEG program. The de-scrambling information may be the de- scrambling key or the information a Set Top Box (or boxes) needs to generate or derive the de-scrambling key. An authorization message comprises a conditional access message authorizing a particular Set Top Box to use a de-scrambling key to de-scramble a particular MPEG program. Figure 1 is a schematic diagram of a conventional video broadcast network 100. The conventional video broadcast distribution network 100 typically includes one or more broadcast sources 102a, 102b, and 102c, one or more distribution centers 104, one or more secondary distribution networks 106, and a plurality of targets or subscriber stations 108a-i. The broadcast sources 102a, 102b, and 102c provided video and audio content for various channels in the broadcast network 100. For example, the broadcast sources 102a, 102b, and 102c include what are referred to as premium channels such as HBO, Showtime, Cinemax, etc. The sources 102a, 102b, and 102c may also be, for example, pay-per-view (PPV) channels. The sources 102a, 102b, and 102c are typically coupled via a primary distribution network (show as connector lines) to the distribution center 104. The distribution center 104 may be, for example, a cable head-end. The distribution center 104 receives the content from the broadcast sources 102a, 102b, 102c, and associates the content with channels and transmits the content over predetermined channels in the secondary distribution network 106. The distribution center 104 is coupled via a secondary distribution network 106 to the subscriber stations 108a-i. The secondary distribution network 106 comprises for example, various amplifiers, bridges, taps, and drop cables. Finally, the subscriber stations 108a-i may be, for example, set-top boxes and associated television equipment for viewing the video content by end users. Referring now to Figure 2, the prior art method for preventing theft of the transmission data is shown. The cable distribution networks 100 of the prior art prevents theft by scrambling the signals before transmission. Figure 2 illustrates the processing of the video and audio signals (content) done at the distribution center 104 before transmission. In the prior art, the distribution center 104 sends or distributes authorization for pre-scheduled services to the individual subscriber stations 108 in step 202. Then at some later time, the distribution center 104 scrambles a pre-scheduled service in step 206 and at the same time generates a de-scrambling message in step 208. Next in step 210, the distribution center 104 sends the scrambled pre-scheduled service and the de-scrambling message over the network 106. Referring now to Figures 3A and 3B, the prior art method for processing the scrambled data at the subscriber stations 108a-i will be described. Figure 3 A shows the prior art method for receiving and processing a transmission at an authorized subscriber station 108a-i. In contrast, Figure 3B, shows the prior art method for receiving and processing a transmission at an unauthorized subscriber. These are the two general processing scenarios at the subscriber stations 108a-i provided with the prior art. Referring now to Figure 3 A, the processing at the subscriber station 108 begins in step 302 where the subscriber station 108 receives an authorization for pre-scheduled service over the secondary distribution network 206 from the distribution center 104. Parallel in time to, or even before or after step 302, the user inputs signals to a corresponding subscriber station 108 to tune the subscriber station 108 to the pre-scheduled service in step 306. Then in step 308, the subscriber station 108 receives the scrambled data for pre-scheduled service and a de-scrambling message. Once steps 302, 306, and 308 have been completed, the prior art process transitions to step 310. Now having received the necessary information from steps 302 and 308, the subscriber station 108 generates or derives the key using the de-scrambling message from step 308 if authorized. Next in step 312, the subscriber station 108 de-scrambles the pre-scheduled service using the derived key from step 310. Having de-scrambled the signal, the subscriber station 108 can display the pre-scheduled service on a display device of the subscriber station 108. As has been noted above, the key is used to control access by the respective subscriber station 108 to the content. Thus, a unique key is needed for each program, and each subscriber station 108a-I must receive the authorization before the key to the program can be decrypted in the prior art. Referring now to Figure 3B, the processing that occurs when an unauthorized subscriber station 108 attempts to gain access to the content is illustrated. Figure 3B is a flow chart of the prior art method for receiving and processing a transmission at an unauthorized subscriber station. For ease of understanding like reference numerals have been used for like steps. Similar to the authorized case, the user inputs signals to a corresponding subscriber station 108 to tune the subscriber station 108 to the pre-scheduled service in step 306. Also in step 308, the subscriber station 108 receives the scrambled data for pre-scheduled service and the de-scrambling message. However, step 302 at the unauthorized subscriber station 108 are never completed. Rather as shown by the flow chart in step 316 the subscriber station 108 does not receive the authorization for pre-scheduled services. Therefore, the unauthorized subscriber station 108 is unable to perform step 310 and is unable to derive the key and de-scramble the signal for display in step 320. Thus, Figures 3 A and 3B show the importance in the prior art of having a fairly small number of data streams (on the order of tens) that have many potential users, and that digital broadcast services can generally be pre-scheduled allowing authorization to be generated and distributed before they are needed. Figure 4 is a schematic diagram of a system 400 utilizing the present invention. The present invention is directed to the addition of a video-on-demand system 402 and to providing conditional access and security in such a combined system 400. Again, for ease of understanding like reference numerals have been used for similar elements with the same functionality. The combined system 400 preferably comprises one or more broadcast sources 102a/b/c, one or more video-on-demand (VOD) system 402, a distribution center 104, a VOD content server 404, a session manager 406, a transport multiplexer 410, a conditional access system, a secondary distribution network 106 and a plurality of subscriber stations 408a-408i. An exemplary such video-on-demand system 400 is described in pending U.S. Patent Application Number 08/984,710, filed December 4, 1997, and entitled "System for Interactively Distributing Information Services," the disclosure of which is incorporated herein by reference. The following description will focus on differences from such a system. As noted above, the combined system 400 differs from the prior art of Figure 1 by providing video-on-demand data streams. To provide such functionality, the system 400 has a plurality of VOD systems 402 to provide the content as requested by the subscriber stations 108a-108i in addition to the broadcast sources 102 used in traditional cable networks to provided video and audio content for various channels. The VOD system 402 for example may include various movies that may be requested by the user. The available number of movies to the subscriber stations 108a-108i can be in the thousands. Both the broadcast sources 102 and the VOD system 402 are coupled to provide their content to the distribution center 104, preferably via a primary distribution network. The VOD system 402 preferably comprises a content server 404, a session manager 406, a transport stream multiplexer/scrambler 410 and a conditional access system 412. The content server 404 stores the video content such thousands of movies, and in response to signals from the session manager 406 provides the video content to the transport stream multiplexer/scrambler 410. The session manager 406 controls the content server 404, the transport stream multiplexer/scrambler 410 and the conditional access system 412 in response to user requests. The session manager is coupled to each of these devices for sending control signals. The session manager 406 is also coupled to each subscriber station 408 by a out of band communication channel 420 to receive input from the subscribers. Although only one such path is shown in Figure 4A, it should be understood there is such a coupling for each subscriber station 408a-i. In response to signals from the session manager 406, the conditional access system 412 sends control signals, encryption keys and authorization messages to the transport stream multiplexer/scrambler 410. As will be known to those skilled in the art, multiple commercial vendors offer conditional access systems compatible with conditional access messaging defined by the MPEG-2 standard that could be used for conditional access system 412. The transport stream multiplexer/scrambler 410 send the content and control signal in both scrambled and not scrambled format to the distribution center 104. The session manager 406 also instructs the transport stream multiplexer/scrambler 410 which channels and program ID to use when transmitting the content.
The distribution center 104 is similar to that described above with reference to Figure 1. The distribution center 104 transmits the typical broadcast content, but also transmits the content, access and communication necessary for VOD services. For example, the VOD system 402 may provide the functionality as described in U.S. Patent Application Serial No. 08/984,710, filed December 4, 1997, entitled "System for Interactively Distributing Information Service" which is incorporated herein by reference. The distribution center 104 is coupled to the secondary distribution network 106. Those skilled in the art will recognize that distribution center 104 of the present invention differs from the prior art in the following respects. First, the streams transmitted include both the typical broadcast content (A) but also video-on-demand services (B) as shown in the Figure 4. Second, the coupling of the distribution center 104 to the secondary distribution network 106 provides a return channel (shown by dotted line 420) for sending signals from the subscriber stations 408a-i to the VOD system 402, in particular, the session manager 406. Third, the VOD services are provided on channel resources that are re-used and reallocated to different subscribers, and the subscriber station requires tuning information to access the VOD services. Finally, that there is processing by the VOD system 402, and communication between the VOD system 402 and the subscriber stations 408, as will be described above with reference to Figures 5-6C, to enforce transmission security and access. The distribution center 104 and the VOD system 402 are coupled via a secondary distribution network 106 to the subscriber stations 408a-408i. The secondary distribution network 106 comprises for example, various amplifiers, bridges, taps, and drop cables. The subscriber stations 408a-408i are, by way of example, set-top boxes and associated television equipment for viewing the video content by end users. In the present invention, the subscriber stations 408a-408i or set-top boxes differ from the prior art in that they included added functionality in the form of programs downloaded or stored in ROM that provide the functionality described below with reference to Figures 6A-6C. More specifically, the programs provide method for ensuring that access to the VOD services are authorized and that does not suffer from the above-identified shortcomings of the prior art. Referring now to Figure 4B, one exemplary embodiment for a subscriber stations 408 is shown. Each subscriber station 408 preferably comprises a tuner/de-multiplexer 450, a controller 452, a de-scrambler 454, a key generator 456, a video decoder 457, and a display device 458. Basically, the tuner/de-multiplexer 450 tunes to a particular frequency and program ID in response to signals from the controller 452. The tuner/de-multiplexer 450 monitors the channels and extracts the signals for the identified channel. The tuner/de- multiplexer 450 also extracts control information from the channel and provides it to the controller 452 and the key generator 456. General control signals, tuning information, and other communication with the session manager 406 are provided to the controller 452. . The tuner/de-multiplexer 450 also extracts and provides entitlement management messages and entitlement control messages to the key generator 456. For example, the key generator 456 may be a smart card coupled to the subscriber station 408 or may be ROM included in the subscriber station 408. Using the EMMs and the ECMs, the controller 452 enables the key generator 456 to derive a key that is sent to the de-scrambler 454 to de-scramble or decrypt the video content. Once de-scrambled, the video streams are presented to the video decoder 457 that converts the MPEG streams to an video analog signals. The analog signals are then presented to a display device 458. It should be noted that while the methods of the present invention will now be discussed in the context of a video distribution system for cable networks, the present invention is applicable to any variety of video distribution system whether is uses cable or some other media for distribution such as but not limited to a satellite system, a digital subscriber line system, and a microwave system. Referring now to Figure 5, a prefeπed embodiment of the method for processing of the content at the distribution center 104 and transmission of the content to subscriber stations 408 according to the present invention is shown. The method begins in step 501 by configuring the conditional access system 412 to scramble all the VOD programs as scrambled broadcast services. In other words, the VOD services are provisioned to be scrambled all the time. This is preferably done prior to the authorization of any subscribers to the VOD services. The programs are also scrambled independent of any particular content carried on the VOD streams. This is particularly advantageous because it addresses the problem that the VOD services are not pre-scheduled. Next in step 502 at least one subscriber station 408 is authorized for all VOD services. More preferably, the present invention authorizes all subscriber stations 408 connected to the network for all VOD services. This authorization is preferably accomplished by having the server 404 send the authorization to the all subscriber stations 408. An authorization message is a message authorizing a particular subscriber station to use a de-scrambling key to de-scramble a program. More specifically, authorization of the subscriber stations 408 is performed by sending an entitlement management message (EMM) from the distribution center 104 to each of the subscriber stations 408. This step 502 is preferably performed at initialization of the communication between a particular subscriber station 408 and the system 400. At some later point in time after step 502 has been performed, the method proceeds in parallel to steps 512, 506, 508. Since the system 400 provides the streams of video data in response to a request from respective subscriber station 408. The duration between step 502 and the other steps 512, 506, 508 can vary significantly for each subscriber station 408 and may be any length of time. In step 512, using the return channel unique to the VOD system 400, the VOD system 402 and distribution center 104 receives a request or order for VOD services from a particular subscriber station 408. Next in step 514, responsive to the request, the VOD system 402 and distribution center 104 sends tuning data to the individual subscriber 408. This preferably accomplished by sending the frequency and MPEG program number by reference or value using the VOD downstream communication control path. The actual information for tuning to the channel may be provided or this virtually may be done by providing a index to a table at the subscriber station 408 that is used to look up the value in a table. This feature of the present invention is particularly advantageous because it solves the problem presented VOD services of targeting data streams to individual users. In broadcast systems, the tuning information is know by the user, can be used to tune to the program and cannot be used to control access. However, in the present invention, since different program streams are targeted to different users, the transmission and use of the tuning information as described above permits the targeting of particular programs streams to particular users as was not possible in the prior art. In step 506, the VOD system 402 and distribution center 104 scrambles or encrypts the streams of the VOD service; and in step 508, the VOD system 402 and distribution center 104 generate a de- scrambling message for producing the key for decoding the streams of the VOD service. The de-scrambling message preferably includes data that can be used by the subscriber station 408 to derive or generate the key. The de-scrambling message preferably takes the form of an entitlement control message (ECM) in the MPEG protocol. The present invention preferably uses the same key or key set for a number of programs. Then in step 510, the distribution center 104 transmits the scrambled VOD service and the de-scrambling message over the secondary distribution network 106. This completes the processes of the present invention at the distribution center 104. As has been described above, the security of the content being distributed is maintained by the present invention using scrambling or encryption. Any one of the various and conventional encryption methods could be used. It should be noted the present invention is particularly advantageous because the system 400 uses the same keys for all subscriber stations 408. Thus, even with thousands of subscribers, the distribution of the keys is not problematic. In other words, the keys are used to protect against theft of the transmission signal but are not use to control or prevent access by a subscriber station 408. While the present invention uses multiple keys for groups of subscribers, the present invention avoids the problem of the prior art of requiring a key for each subscriber station 408 connected to the network 106. Referring now to Figures 6A-6C, the various processes that may occur at the subscriber stations 408 will be described. With the method of the present invention, there are three possible scenarios: an authorized user ordering VOD service, a subscriber not ordering VOD service, an attempt to pirate or steal VOD service. Referring particularly to Figure 6A, the prefeπed method for receiving and processing a transmission at a subscriber station 408 that has requested video-on-demand services will be described. The process begins in step 608 with the user inputting an order for VOD services, and the respective subscriber station 408 receiving input and generating an order for VOD services that is sent over the back channel to the video VOD system 402. Then in step 610, the subscriber station 408 receives tuning data indicating both which channel of a plurality of pre-defined VOD channels the content will be transmitted on and which PIDs (program identification numbers) the content will be marked with. The PIDs are selected by the session manager 406 and sent by value or by reference to the server 404 and the subscriber station 408. The sever 404 preferably provides the requested program on an available channel and the PIDs are included in the header of all packets sent on a stream and associated with the program. Then in step 612, the subscriber station 408 tunes to the channel specified by the tuning data from step 610. Next in step 606, the subscriber station 408 receives the scrambled or encrypted VOD service and the de-scrambling message in step 606 responsive the execution of step 510 by the distribution center 104. After step 606, the method continues in step 614. However, prior to step 614, the subscriber station 408 performed step 602 to receive authorization for all VOD service. The subscriber station 408 performs step 602 responsive to step 502, and need perform step 602 only once upon initialization, and long before step 614. Such information would be stored at and by the subscriber station 408. Then in step 614, the subscriber station 408 uses the de-scrambling message, namely the decryption data, to derive or generate the key for de-scrambling the content. Next in step 616, the key is used to de-scramble the VOD service. Finally, in step 618, the subscriber station 408 decodes the signal and displays it the VOD on an associated display device. It should be noted that access to the VOD service is controlled in two ways. First, requiring the key for decryption protects all content of the VOD service. Second, the access to the VOD service for a particular subscriber station 408 is controlled by the VOD system 402 that controls whether the subscriber station 408 knows which channel is being used to provide the VOD service, thus, to which the subscriber station 408 must tune. Those skilled in the art will recognize that additional keys may be used to provide additional levels of security. For example, at a later time a second key may be substituted for the first key, where the first key and the second key are both members of a first set of keys, and where the decryption data is usable to decrypt each member of the first set of keys. These and other modifications to the general methods described above with reference to Figures 5 and 6A are contemplated by the present invention. Referring now to Figure 6B, the case where a subscriber station 408 has not requested video-on-demand services will be described. Figure 6B illustrates the processing that occurs at the subscriber station 408 when no service has been requested. As shown, the subscriber station 408 performs step 602 as do all subscriber stations 408 to become authorized for VOD services. However, since no service has been ordered, the subscriber station 408 will not send a request for VOD service to the VOD system 402 in step 620, and therefore, will also never receive the necessary tuning data in step 622. Thus, any attempts in step 624 to get the VOD service without notifying the video VOD system 402 and thus not be charged is not possible. Figure 6B, most clearly shows that it is the failure to provide tuning data in the present invention that prevents a authorized subscriber station 408 that has not ordered the VOD services from decoding the VOD services signal. Referring now to Figure 6C, the processing that occurs at the subscriber station 408 when a non-subscriber attempts to pirate video-on-demand services will be described. The non-subscriber by definition will not receive the authorization in step 628. Since the subscriber station 408 is a non-subscriber there will have been no initialization and not received the authorization in step 628. Nonetheless, the non-subscribing station 408 may through illegitimate means determine the tuning data in step 626. Then in step 612, the non-subscribing station 408 could tune to the channel having the VOD services. Next in step 606, the non-subscribing station 408 receives the scrambled VOD services and the de- scrambling message. In step 632, the non-subscribing station 408 will attempt to derive or generate the key, however, it does not have the authorization and data necessary to derive the key, and therefore will be unable to de-scramble the VOD services. Thus, the lack of the authorization and thus the key provides the protection against theft of the VOD services. The differences between the claimed invention and the prior art are further highlighted by Figures 7 & 8. Each Figure shows the distribution of keys for controlling access to the video content provided by the distribution center 104. Figure 7 is a block diagram illustrating the transmission of data and keys with respect to the transport stream such as MPEG according to the prior art. As shown in Figure 7, for each program, the prior art sends a different key associated with the program, and thus, controls access to the program. In other words, each subscriber station 408 is enabled to access the program depending on whether the subscriber station 408 has received the key coπesponding to the program. In the prior art this is not problematic because there are relatively few programs. In contrast in VOD services, there may be thousands of programs, and if each required a separate key, the distribution of the keys themselves would cause failures making the programs not accessible to the subscriber stations 408. In contrast and as shown in Figure 8, the methods of the present invention do not use the keys to control access to the programs, and do not require a separate key set for each program. As can be seen in Figure 8, a single key or key set is distributed to all subscriber stations. This key or key set is then used for all programs. This greatly reduces the control traffic over the network 106, and is particularly advantageous for VOD services where the thousands of programs requiring a separate key for each subscriber station are not possible. Referring now to Figure 9, the advantage of the present invention in using one or a smaller set of key is shown. Figure 9 is diagram for a hybrid fiber/coax network 900 including a headend 902, plurality of nodes 904 providing a plurality of channel 906 each having a plurality of programs 908. Figure 9 illustrates the use of the same key for each channel. In such a case, the number of keys to be distributed is reduced by a factor of n. Where n is the number of programs 908 per channel or frequency. In the prefeπed embodiment for the system described above this an 8:1 reduction in the number of keys needed. Similarly, this concept can be extended to used one key for groups of channel, or even one key for each node. Thus, the present invention ensures that the distribution of keys is not a obstacle to providing the conditional access desired. Thus, in summary, the present invention uses the mechanisms of (1) scrambling, (2) authorization messages and (3) tuning to control access. The subscriber station 408 requires all three to be able to receive and de-scramble signals transmitted over the network 106 to the subscriber station 408. The present invention, however, minimizes traffic over the network 106 by using the same encryption decryption keys for the channels; and sending authorization messages upon initialization. Therefore, even though there are thousands of programs each being sent to individual subscriber, conditional access is maintained with nominal impact on network bandwidth. It is to be understood that the specific mechanisms and techniques that have been described are merely illustrative of one application of the principles of the invention. For example, while the present invention is described in application to a video on-demand system, it also has some application in other point cast on-demand services such as data. Numerous additional modifications may be made to the methods and apparatus described without departing from the true spirit of the invention.

Claims

WHAT IS CLAIMED IS;
1. A method for providing conditional access to video-on-demand services for a plurality of subscriber stations, the method comprising: sending an authorization message to the plurality of subscriber stations to authorize the plurality of subscriber stations to receive the video-on-demand services; receiving a first order for a first video service from a first subscriber station; and transmitting tuning data to the first subscriber station so that the first subscriber station is able to receive the first video service.
2. The method of claim 1, further comprising the steps of: scrambling the first video service using a first key to generate a first scrambled video service; scrambling the first key to generate a first scrambled key; transmitting the first scrambled video service to the plurality of subscriber stations; transmitting the first scrambled key to the plurality of subscriber stations.
3. The method of claim 2, wherein the authorization message further comprises data to derive the first scrambled key to the plurality of subscriber stations.
4. The method of claim 3 wherein the control message is an entitlement control message.
5. The method of claim 3 wherein the de-scrambling message is an entitlement control messages.
6. The method of claim 1, wherein the step of transmitting tuning data includes transmitting a service frequency and a MPEG program number by value or reference.
7. The method of claim 1, wherein the video services comprise video on- demand services.
8. The method of claim 1, wherein the video services are distributed by way of a video distribution system from the group of video distribution systems including a cable distribution network, a satellite system, a digital subscriber line system, and a microwave system.
9. The method of claim 2, wherein at a later time a second key is substituted for the first key, where the first key and the second key are both members of a first set of keys, and where the decryption data is usable to decrypt each member of the first set of keys.
10. A method for providing conditional access to video-on-demand services to a subscriber station in a video-on-demand (VOD) system, the method comprising the step of: receiving an authorization message at the subscriber station from the VOD system; sending a signal to request a video service from the subscriber station to the VOD system; and receiving tuning data at the subscriber station; using the tuning data to tune to the video service; and receiving the video service and displaying it on display device.
11. The method of claim 10, wherein the step of receiving the video service further comprises the steps of: receiving and de-scrambling a encryption/decryption key; de-scrambling the video service using the encryption/decryption key; and providing an unscrambled video service.
12. The method of claim 11, where in the step of receiving an authorization message further comprises the steps of: receiving a control message for the subscriber station that includes an instruction to de-scramble the encryption/decryption key; and receiving a de-scrambling message that includes data to derive the encryption/decryption key.
13. The method of claim 12 wherein the control message is an entitlement control messages.
14. The method of claim 12 wherein the de-scrambling message is an entitlement control messages.
15. The method of claim 1 , wherein the step of receiving tuning data includes receiving a service frequency and a MPEG program number by value or reference.
16. The method of claim 15, wherein the step of using the tuning data to tune to the video service comprises the step of setting a de-multiplexer to receive on the service frequency and extract packets matching the MPEG program number.
17. The method of claim 11 , wherein at a later time a second key is substituted for the first key, where the first key and the second key are both members of a first set of keys, and where the decryption data is usable to decrypt each member of the first set of keys.
18. A method for conditionally accessing video services, the method comprising: transmitting an order for a first video service; receiving tuning data; using the tuning data to tune to the first video service; receiving an scrambled version of the first video service; and receiving an scrambled version of a first key for decrypting the scrambled version of the first video service.
19. The method of claim 18, the method further comprising: receiving decryption data for decrypting the scrambled version of the first key; decrypting the scrambled version of the first key using the decryption data to generate the first key; and decrypting the scrambled version of the first video service using the first key to generate the first video service.
20. The method of claim 18, wherein the video services comprise video on- demand services.
21. The method of claim 18, wherein the video services are distributed by way of a cable distribution network.
22. The method of claim 21 , wherein the method is performed at a subscriber station coupled to the cable distribution network.
23. The method of claim 18, further comprising receiving authorization for the video services.
24. The method of claim 19, wherein the decryption data is received by way of an entitlement control message.
25. The method of claim 19, wherein at a later time a second key is substituted for the first key, where the first key and the second key are both members of a first set of keys; and where the decryption data is usable to decrypt each member of the first set of keys.
26. A video-on-demand system providing conditional access to video services, the system comprising: a video-on-demand system for providing video content, tuning information and access control messages; a distribution network coupled to the video-on-demand system for transmitting video content, tuning information and access control messages, the distribution network coupled to the video-on-demand system; and
a plurality of subscriber stations being coupled to the distribution network to receive video content, tuning information and access control messages, the subscriber station tuning to a frequency and de-scrambling video content in responsive to access control messages from the video-on-demand system.
27. The system of claim 26, wherein the video-on-demand system further comprises: a content server for storing and providing video content; a multiplexer/scrambler for multiplexing a plurality of signal and generating video streams, the multiplexer/scrambler coupled to the content server and responsive to control signals; and a session manager for controlling the video content provided by the content server and its transmission, the session manage coupled to the video content server and the multiplexer/scrambler.
28. The system of claim 26, further comprising a conditional access system coupled to the session manager and the multiplexer/scrambler, the conditional access system providing control signals, encryption keys and authorization messages to the multiplexer/scrambler in response to signals from the session manager.
29. The system of claim 28, wherein the conditional access system uses ECM to send control signals to the subscriber stations.
30. The system of claim 28, wherein the conditional access system uses the same ECM having the same key for the plurality of subscriber stations.
31. The system of claim 28, wherein the conditional access system provides an authorization message to each subscriber stations upon initialization to enable access to and de-scrambling of the video service.
32. The system of claim 27, wherein the session manager controls the frequency and program ID for the video content provided the distribution network.
33. The system of claim 26, wherein the subscriber station further comprises: a de-multiplexer coupled to the distribution network to receive the video content; a key generator for producing a key and coupled to the de-multiplexer to receive an ECM; a de-scrambler coupled to the key generator and the de-multiplexer, the de- scrambler decrypting a signal from the de-multiplexer to generate the video content; and a controller coupled to VOD system to receive control signals, the controller coupled to the key generator to provide an EMM and the de-multiplexer to provide tuning information.
EP01904852A 2000-01-14 2001-01-12 Conditional access and security for video on-demand systems Withdrawn EP1247399A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US48306600A 2000-01-14 2000-01-14
US483066 2000-01-14
PCT/US2001/001173 WO2001052543A1 (en) 2000-01-14 2001-01-12 Conditional access and security for video on-demand systems

Publications (1)

Publication Number Publication Date
EP1247399A1 true EP1247399A1 (en) 2002-10-09

Family

ID=23918499

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01904852A Withdrawn EP1247399A1 (en) 2000-01-14 2001-01-12 Conditional access and security for video on-demand systems

Country Status (4)

Country Link
EP (1) EP1247399A1 (en)
AU (1) AU2001232794A1 (en)
CA (1) CA2396821A1 (en)
WO (1) WO2001052543A1 (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6983480B1 (en) 1999-10-13 2006-01-03 Starz Entertainment Group Llc Method for authorizing limited programming distribution
US7984463B2 (en) 2002-03-29 2011-07-19 Starz Entertainment, Llc Instant video on demand playback
US8020186B1 (en) 1999-10-13 2011-09-13 Starz Entertainment, Llc Methods and systems for distributing on-demand programming
US8806549B1 (en) 1999-10-13 2014-08-12 Starz Entertainment, Llc Pre-storing a portion of a program to allow user control of playback
JP2003533075A (en) * 1999-12-22 2003-11-05 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Conditional access system to control access to data content
US8707357B1 (en) 2001-04-23 2014-04-22 Starz Entertainment, Llc Thematic VOD navigation
WO2003044835A2 (en) 2001-11-20 2003-05-30 Starz Encore Group Llc Viewing limit controls
US7739707B2 (en) 2001-11-20 2010-06-15 Starz Entertainment, Llc Parental controls using view limits
US7486792B2 (en) 2002-08-23 2009-02-03 General Instrument Corporation Terrestrial broadcast copy protection system for digital television
GB2413026B (en) * 2003-02-12 2006-03-22 Video Networks Ltd System for capture and selective playback of broadcast programmes
WO2004075551A1 (en) * 2003-02-21 2004-09-02 Alif R & D Sdn Bhd System and method for providing secure video broadcasting services
SE0301728D0 (en) * 2003-06-13 2003-06-13 Television And Wireless Applic Adapter arrangement, method, system and user terminal for conditional access
US7827573B2 (en) 2004-04-05 2010-11-02 Comcast Cable Holdings, Llc Method and system for provisioning a set-top box
US8566894B2 (en) 2006-02-10 2013-10-22 Scott W. Lewis Method and system for distribution of media
US9740552B2 (en) 2006-02-10 2017-08-22 Percept Technologies Inc. Method and system for error correction utilized with a system for distribution of media
US8451850B2 (en) 2006-02-10 2013-05-28 Scott W. Lewis Method and system for distribution of media including a gigablock

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0739135A1 (en) * 1995-04-19 1996-10-23 General Instrument Corporation Of Delaware Data security scheme for point-to-point communication sessions
US5870474A (en) * 1995-12-04 1999-02-09 Scientific-Atlanta, Inc. Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
WO1999007151A1 (en) * 1997-08-01 1999-02-11 Scientific-Atlanta, Inc. Mechanism and apparatus for encapsulation of entitlement authorization in conditional access system
WO1999009743A2 (en) * 1997-08-01 1999-02-25 Scientific-Atlanta, Inc. Conditional access system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4430669A (en) * 1981-05-29 1984-02-07 Payview Limited Transmitting and receiving apparatus for permitting the transmission and reception of multi-tier subscription programs
WO1985000491A1 (en) * 1983-06-30 1985-01-31 Independent Broadcasting Authority Encrypted broadcast television system
JPS60253386A (en) * 1984-05-30 1985-12-14 Toshiba Corp Controller of cable television system
US4866770A (en) * 1986-07-08 1989-09-12 Scientific Atlanta, Inc. Method and apparatus for communication of video, audio, teletext, and data to groups of decoders in a communication system
US5247364A (en) * 1991-11-29 1993-09-21 Scientific-Atlanta, Inc. Method and apparatus for tuning data channels in a subscription television system having in-band data transmissions
US6118498A (en) * 1997-09-26 2000-09-12 Sarnoff Corporation Channel scanning and channel change latency reduction in an ATSC television receiver

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0739135A1 (en) * 1995-04-19 1996-10-23 General Instrument Corporation Of Delaware Data security scheme for point-to-point communication sessions
US5870474A (en) * 1995-12-04 1999-02-09 Scientific-Atlanta, Inc. Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
WO1999007151A1 (en) * 1997-08-01 1999-02-11 Scientific-Atlanta, Inc. Mechanism and apparatus for encapsulation of entitlement authorization in conditional access system
WO1999009743A2 (en) * 1997-08-01 1999-02-25 Scientific-Atlanta, Inc. Conditional access system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO0152543A1 *

Also Published As

Publication number Publication date
CA2396821A1 (en) 2001-07-19
WO2001052543A1 (en) 2001-07-19
AU2001232794A1 (en) 2001-07-24
WO2001052543A8 (en) 2001-08-16

Similar Documents

Publication Publication Date Title
US20220021930A1 (en) Reduced Hierarchy Key Management System and Method
US9467658B2 (en) Method and apparatus for protecting the transfer of data
EP0739135B1 (en) Data security scheme for point-to-point communication sessions
KR101059624B1 (en) Conditional access personal video recorder
EP1618666B1 (en) Method and apparatus for protecting the transfer of data
US8681979B2 (en) Conditional access system and method for prevention of replay attacks
US20040158721A1 (en) System, method and apparatus for secure digital content transmission
US20120201377A1 (en) Authenticated Mode Control
EP1247399A1 (en) Conditional access and security for video on-demand systems
EP1534011A1 (en) System and method for securing on-demand delivery of pre-encrypted content using ECM suppression
JP2007173917A (en) Conditional access control method, system, and apparatus in vod prescramble system

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20020731

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: TV GATEWAY, LLC

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SEDNA PATENT SERVICES, LLC

17Q First examination report despatched

Effective date: 20081017

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20090428