Conditional access personal video recorder
First Claim
Patent Images
1. A method of providing through a settop a digital service to a subscriber in a digital subscriber system having a headend, the method comprising the steps of:
- retrieving a given decryptor and a set of packets from a storage device, the set of packets carrying a portion of a digital service, wherein the storage device has multiple sets of packets and multiple decryptors stored therein, each decryptor associated with a particular set of packets, and the multiple sets of packets make up the digital service; and
determining whether the settop is entitled to access the set of packets by at least processing at least a portion of the given decryptor;
responsive to determining the settop is entitled to access the set of packets, further including the steps of;
processing at least a portion of the given decryptor with a first key to generate a decryption-key therefrom; and
decrypting content included in the set of packets with the decryption-key.
5 Assignments
0 Petitions
Accused Products
Abstract
A Personal Video Recorder (PVR) in a subscriber television network receives service instances from a headend of the subscriber television network. The PVR is adapted to provide conditional access to recorded service instances.
292 Citations
90 Claims
-
1. A method of providing through a settop a digital service to a subscriber in a digital subscriber system having a headend, the method comprising the steps of:
-
retrieving a given decryptor and a set of packets from a storage device, the set of packets carrying a portion of a digital service, wherein the storage device has multiple sets of packets and multiple decryptors stored therein, each decryptor associated with a particular set of packets, and the multiple sets of packets make up the digital service; and
determining whether the settop is entitled to access the set of packets by at least processing at least a portion of the given decryptor;
responsive to determining the settop is entitled to access the set of packets, further including the steps of;
processing at least a portion of the given decryptor with a first key to generate a decryption-key therefrom; and
decrypting content included in the set of packets with the decryption-key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A Personal Service Recorder (PSR) for providing a user with a recorded digital service, the PSR comprising:
-
a storage device adapted to store a digital service carried in a plurality of packets and a plurality of decryptors, each decryptor associated with a set of packets of the plurality of packets, wherein each set of packets make up a portion of the digital service;
an entitlement-verifier module in communication with the storage device adapted to receive from the storage device a given decryptor of the plurality of decryptors and determine whether the PSR is entitled to access a given set of packets by at least processing at least a portion of the given decryptor; and
a key-generation module in communication with the entitlement-verifier, the key-generation adapted to generate a decryption-key using a first key and at least a portion of the given decryptor, wherein the key-generation module only generates the decryption-key responsive to entitlement-verifier determining the PSR is entitled to access the given set of packets. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
-
-
56. In a subscriber television system having a headend in communication with a settop, a method of providing a recorded digital service to a subscriber of the digital subscriber system, the method implemented in the settop and comprising the steps of:
-
(a) receiving a message from the headend, the message specifying a time;
(b) retrieving from a storage device a given decryptor, the storage device having a plurality of decryptors and a digital service that is carried in a plurality of packets stored therein the storage device, wherein each decryptor is associated with a set of packets of the plurality of packets, and each decryptor includes decryption-key-material for generating a decryption-key to decrypt the set of packets associated with the decryptor;
(c) processing the decryption-key-material included in the given decryptor with a first key to generate a decryption-key therefrom;
(d) determining whether the settop is entitled to access the recorded digital service by using at least a portion of the given decryptor and at least the specified time; and
;
responsive to determining the settop is entitled to access the digital service, further including the steps of;
(e) decrypting the set of packets associated with the decryptor using the decryption-key;
(f) determining whether the entire recorded digital service has been accessed; and
(g) responsive to determining that the entire digital service has not been accessed, repeating steps (a) through (f). - View Dependent Claims (57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73)
-
-
74. A Personal Service Recorder (PSR) in a subscriber television system that transmits digital services from a headend to the PSR, the PSR for providing a user with a recorded digital service, the PSR comprising:
-
a storage device having a digital service carried in a plurality of packets and a plurality of decryptors stored therein, each decryptor associated with a set of packets of the plurality of packets, wherein each set of packets make up a portion of the digital service;
a cryptographic device in communication with the storage device adapted to decrypt a given set of packets with a given control word;
a memory having entitlements to digital services stored therein;
a processor in communication with the decryptor and the memory, the processor adapted to receive a user input and responsive thereto determine whether the PSR is entitled to access the given set of packets, wherein responsive to the PSR being entitled to access the given set of packets, the processor processes a given decryptor of the plurality of decryptors with a first key to generate the control word and provides the control word to the cryptographic device. - View Dependent Claims (75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88)
-
-
89. A method of providing a recorded digital service to a subscriber in a subscriber television system, the method implemented in a settop in communication with a headend of the subscriber television system, the method comprising the steps of:
-
recording in a storage device a plurality of decryptors and a digital service transmitted from the headend to the settop, wherein the digital service is carried in a plurality of packets, each decryptor of the plurality of decryptors is associated with a set of packets of the plurality of packets, and each decryptor includes decryption-key-material to decrypt the set of packets associated with the decryptor;
receiving user input for accessing the recorded digital service;
receiving from the headend a time-message that specifies a time;
retrieving from the storage device a given decryptor of the plurality of decryptors;
processing the decryption-key-material included in the given decryptor with a first key to generate a control word therefrom;
inputting at least a portion of the time-message into a first hash function to generate a first digest;
processing a first authentication token included in the time-message with a public key of a public key-private key pair;
comparing the first digest with the processed first authentication token, wherein responsive to the first digest and the processed first authentication token being the same, the time-message is authentic;
inputting at least a portion of the decryptor into a second hash function to generate a second digest;
comparing the second digest with a second authentication token included in the decryptor, wherein responsive to the second digest and the second authentication token being the same, the decryptor is authentic; and
responsive to both the decryptor and the time-message being authentic, further including the steps of;
determining whether the specified time is within a given entitled time span;
determining whether the settop is entitled to access the recorded digital service by using at least a portion of the given decryptor;
responsive to both determining the settop is entitled to access the digital service and determining the settop is entitled to access the recorded digital service, further including the steps of;
decrypting the set of packets associated with the decryptor using the control word; and
determining whether the entire recorded digital service has been accessed.
-
-
90. A Personal Service Recorder (PSR) for providing a recorded digital service to a subscriber in a subscriber television system that transmits digital services from a headend to the PSR, the PSR comprising:
-
an input port receiving a stream of packets, the stream of packets including packets carrying a digital service and packets carrying time-messages, each time-message having a specific time and an authentication token included therein;
a storage device in communication with the input port, the storage device adapted to store the packets carrying the digital service and a plurality of decryptors therein, each decryptor associated with a set of packets carrying the digital service, each decryptor having decryption-key-material and an authentication token, the decryption-key-material for generating a control word for decrypting a particular set of packets carrying the digital service;
a cryptographic device in communication with the storage device adapted to decrypt a given set of packets with a given control word;
a memory having entitlements to digital services, a first key, and a public key of a public key-private key pair stored therein;
a processor in communication with the input port, the cryptographic device and the memory, the processor adapted to input at least a portion of a given time-message into a first hash function to generate a first hash, process the authentication token of the time-message with the public key, compare the first hash digest with the processed authentication token, wherein the given time-message is authentic only if the first hash digest and the processed first authentication token are the same, the processor further adapted to input at least a portion of a given decryptor of the plurality of decryptors into a second hash function to generate a second hash, compare the second hash digest with a second authentication token included in the given decryptor, wherein the given decryptor is authentic only if the second hash digest and the second authentication token are the same, the processor further adapted to determine whether the specific time included in the time-message is within an entitled time span and determine whether the PSR is entitled to access the given set of packets using the entitlements stored in the memory, the processor further adapted to generate the given control word using the first key and the decryption-key-material included in the given decryptor and provide the given control word to the cryptographic device, wherein the processor provides the given control word to the cryptographic device only if the time-message and the decryptor are authentic and the specific time is within the entitled time span and the PSR is entitled to access the given set of packets.
-
Specification