Methods and apparatuses for secondary conditional access server

US 20060123246A1
Filed: 12/07/2004
Published: 06/08/2006
Est. Priority Date: 12/07/2004
Status: Active Grant

First Claim

Patent Images

1. A method to control a presentation of content, the method comprising:

receiving a representation of content from a first conditional access server which provides the content in an encrypted form and uses a first set of cryptographic keys to protect the content from unauthorized access; and

presenting the content, at a user'"'"'s request, through a second conditional access server which is coupled to the first conditional access server;

wherein the presenting of the content is authorized through a client server relationship between the second and the first conditional access servers respectively; and

wherein the second conditional access server uses a second set of cryptographic keys to protect the content from unauthorized access in presenting the content.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Conditional access to media content of primary security systems on a secondary networked environment. In one embodiment, a conditional access server is used to provide services to secondary CA clients (e.g., a bridge, a renderer, a storage, or their different combinations) through network connections. Containing data representing the subscriber, a conditional access server recovers entitlement data and/or decryption keys of a primary security system for the conditional access protected content, such as service keys and control words, and/or enforces conditional access to the content by secondary CA clients according to the authorization of the primary security system for the secondary CA clients. In one embodiment, a conditional access system provides delayed authorization for use so that the content can be recorded for later use when authorized and broadcasts rights for use on multiple secondary CA clients.

111 Citations

View as Search Results

146 Claims

1. A method to control a presentation of content, the method comprising:
- receiving a representation of content from a first conditional access server which provides the content in an encrypted form and uses a first set of cryptographic keys to protect the content from unauthorized access; and
  
  presenting the content, at a user'"'"'s request, through a second conditional access server which is coupled to the first conditional access server;
  
  wherein the presenting of the content is authorized through a client server relationship between the second and the first conditional access servers respectively; and
  
  wherein the second conditional access server uses a second set of cryptographic keys to protect the content from unauthorized access in presenting the content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the content is presented by a network client of the second conditional access server using the second set of cryptographic keys.
  - 3. The method of claim 2, wherein the first conditional access server provides the second conditional access server the first set of cryptographic keys for authorized use.
  - 4. The method of claim 3, wherein the user'"'"'s request is after the first conditional access server provides at least a portion of the content;
    - and the portion of the content is presented in response to the user'"'"'s request.
  - 5. The method of claim 2, wherein the second set of cryptographic keys comprises a key of a digital rights management system;
    - and the network client is a digital rights management client.
  - 6. The method of claim 5, wherein the second conditional access server authorizes the network client to use the content through the digital rights management system in accordance with authorization to use received from the first conditional access server.
  - 7. The method of claim 1, wherein the second conditional access server translates authorization to access the content from authorization received from the first conditional access server to authorization for the network client.
  - 8. The method of claim 1, wherein the second set of cryptographic keys consists one key.
  - 9. The method of claim 1, wherein the second conditional access server acts as a primary conditional access server to another secondary conditional access server.

10. A machine readable medium containing executable computer program instructions which when executed by a data processing system cause said system to perform a method to control a presentation of content, the method comprising:
- receiving, at a second conditional access server, a first set of cryptographic keys from a first conditional access server which provides a representation of content in an encrypted form and authorizes access to the content through the first set of cryptographic keys; and
  
  authorizing a client of the second conditional access server to present the content in accordance with authorization the second conditional access server received from the first conditional access server;
  
  wherein the second conditional access server uses a second set of cryptographic keys to protect the content from unauthorized access in presenting the content.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The medium of claim 10, wherein the method further comprises:
    - recording a representation of the content in an encrypted form in response to a message from the first conditional access server.
  - 12. The medium of claim 11, wherein the client sends a request, through a network connection to the second conditional access server, for authorization to present the content after the first conditional access server provides at least a portion of the content which is recorded;
    - and the second conditional access server obtains authorization from the first conditional access server, after the first conditional access server provides the portion of the content, for said authorizing.
  - 13. The medium of claim 10, wherein the method further comprises:
    - translating authorization to access the content from authorization received from the first conditional access server to authorization for the client.
  - 14. The medium of claim 13, wherein the second set of cryptographic keys comprises a key of a digital rights management system;
    - and the client comprises a digital rights management client.
  - 15. The medium of claim 14, wherein the second conditional access server authorizes the client to use the content through the digital rights management system in accordance with authorization received from the first conditional access server.
  - 16. The medium of claim 15, wherein the first conditional access server provides authorization to the second conditional access server according to an identity of the second conditional access server;
    - the second conditional access server provides authorization to the client according to an identity of the client; and
      
      the first conditional access server is not aware of an identity of the client.
  - 17. The medium of claim 10, wherein the second set of cryptographic keys consists one key.
  - 18. The medium of claim 10, wherein the second conditional access server is a server of a further secondary conditional access server and acts as a primary conditional access server with respect to the further secondary conditional access server.

19. A secondary conditional access server to control a presentation of content, the secondary conditional access server comprising:
- a communication interface, the communication interface to receive a first set of cryptographic keys from a primary conditional access server which provides a representation of content in an encrypted form and authorizes access to the content through the first set of cryptographic keys; and
  
  a controller coupled to the communication interface, the controller to authorize a client of the secondary conditional access server to present the content in accordance with authorization the secondary conditional access server received from the primary conditional access server;
  
  wherein the secondary conditional access server uses a second set of cryptographic keys to protect the content from unauthorized access in presenting the content.
- View Dependent Claims (20, 21, 22)
- - 20. The secondary conditional access server of claim 19, wherein the controller is to translate authorization to access the content from authorization received from the primary conditional access server to authorization for the client.
  - 21. The secondary conditional access server of claim 20, wherein the second set of cryptographic keys comprises a key of a digital rights management system;
    - the client comprises a digital rights management client; and
      
      the secondary conditional access server authorizes the client to use the content through the digital rights management system in accordance with authorization received from the primary conditional access server.
  - 22. The secondary conditional access server of claim 20, wherein the primary conditional access server provides authorization to the secondary conditional access server according to an identity of the secondary conditional access server;
    - the secondary conditional access server provides authorization to the client according to an identity of the client; and
      
      the primary conditional access server is not aware of an identity of the client.

23. A secondary conditional access server to control a presentation of content, the secondary conditional access server comprising:
- means for receiving a first set of cryptographic keys from a primary conditional access server which provides a representation of content in an encrypted form and authorizes access to the content through the first set of cryptographic keys; and
  
  means for authorizing a client of the secondary conditional access server to present the content in accordance with authorization the secondary conditional access server received from the primary conditional access server;
  
  wherein the secondary conditional access server uses a second set of cryptographic keys to protect the content from unauthorized access in presenting the content.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The secondary conditional access server of claim 23, further comprising:
    - means for recording a representation of the content in an encrypted form in response to a message from the primary conditional access server. wherein the client sends a request, through a network connection to the secondary conditional access server, for authorization to present the content after the primary conditional access server provides at least a portion of the content which is recorded; and
      
      the secondary conditional access server obtains authorization from the primary conditional access server, after the primary conditional access server provides the portion of the content, for authorizing the client to present the content.
  - 25. The secondary conditional access server of claim 23, further comprising:
    - means for translating authorization to access the content from authorization received from the primary conditional access server to authorization for the client. wherein the second set of cryptographic keys comprises a key of a digital rights management system; and
      
      the client comprises a digital rights management client; and
      
      wherein the secondary conditional access server authorizes the client to use the content through the digital rights management system in accordance with authorization received from the primary conditional access server.
  - 26. The secondary conditional access server of claim 23, wherein the primary conditional access server provides authorization to the secondary conditional access server according to an identity of the secondary conditional access server;
    - the secondary conditional access server provides authorization to the client according to an identity of the client; and
      
      the primary conditional access server is not aware of an identity of the client.
  - 27. The secondary conditional access server of claim 23, wherein the second set of cryptographic keys consists one key.

28. A method to provide conditional access, the method comprising:
- broadcasting a first entitlement management message for a subscriber to request caching of a media component;
  
  broadcasting the media component from a first conditional access server;
  
  receiving a client request to use the media component from a client through a second conditional access server after said broadcasting; and
  
  responding to the client request through the second conditional access server.
- View Dependent Claims (29, 30, 31)
- - 29. The method of claim 28, further comprising:
    - broadcasting a second entitlement management message to authorize the client to playback the media component responsive to the client request.
  - 30. The method of claim 29, wherein the client is not authorized to use the portion of the media content before the second entitlement management message.
  - 31. The method of claim 30, wherein the second entitlement management message contains data specifying rights of the client to use the portion of the media content on a plurality of devices that are capable of using the portion of the media content simultaneously.

32. A method to process conditional access protection, the method comprising:
- receiving, at a conditional access server, security messages of a primary security system;
  
  processing the security messages on the conditional access server; and
  
  transmitting, from the conditional access server to a secondary conditional access client through a network connection, access controlled data that is in an access controlled format and that is at least partially derived from the security messages.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 33. The method of claim 32, wherein the security messages comprise entitlement management messages;
    - the conditional access server has a user key representing a subscriber of the primary security system; and
      
      said processing the entitlement management messages comprises;
      
      decrypting to obtain a service key of the primary security system.
  - 34. The method of claim 32, wherein the access controlled data is protected using a digital rights management system.
  - 35. The method of claim 34, wherein rights to the access controlled data are at least partially derived from the entitlement management messages.
  - 36. The method of claim 34, further comprising:
    - receiving, at the conditional access server, an entitlement control message of the primary security system; and
      
      processing the entitlement control message on the conditional access server to obtain a control word of the primary security system;
      
      wherein the access controlled data comprises the control word.
  - 37. The method of claim 36, wherein the access controlled data comprises a decrypted version of the entitlement control message.
  - 38. The method of claim 34, further comprising:
    - receiving, at the conditional access server, an entitlement control message and scrambled content of the primary security system; and
      
      descrambling the scrambled content according to the entitlement control message;
      
      wherein the access controlled data comprises a result of descrambling the scrambled content.
  - 39. The method of claim 38, further comprising:
    - storing, at the conditional access server, the content in an encrypted form;
      
      wherein the access controlled data is provided in response to a request from the secondary conditional access client.
  - 40. The method of claim 32, further comprising:
    - receiving, at the conditional access server, an entitlement control message of the primary security system; and
      
      processing the entitlement control message on the conditional access server to generate a substitutive entitlement control message as a replacement of the entitlement control message;
      
      wherein the access controlled data comprises the substitutive entitlement control message.
  - 41. The method of claim 40, wherein the substitutive entitlement control message has a control word encrypted using a key of the conditional access server.
  - 42. The method of claim 41, wherein the substitutive entitlement control message is to be decrypted using a user key of the conditional access server for the primary security system.
  - 43. The method of claim 41, wherein the entitlement control message and the substitutive entitlement control message have a same control word.
  - 44. The method of claim 41, wherein the entitlement control message has a first control word;
    - the substitutive entitlement control message has a second control word; and
      
      the first and second control words are different.
  - 45. The method of claim 44, wherein the access controlled data further comprises the first and second control words.
  - 46. The method of claim 32, further comprising:
    - receiving, at the conditional access server, a first entitlement control message containing a first control word and content scrambled by the first control word;
      
      generating a second entitlement control message containing a second control word that is different from the first control word; and
      
      descrambling the content using the first control word and rescrambling the content by the second control word;
      
      wherein the access controlled data comprises the content rescrambled by the second control word and second entitlement control message.
  - 47. The method of claim 46, further comprising:
    - storing, at the conditional access server, the content rescrambled by the second control word; and
      
      retrieving the content rescrambled by the second control word in response to a request from the secondary conditional access client.

48. A method to process media content provided by a primary security system, the method comprising:
- receiving, at a secondary conditional access client from a conditional access server through a network connection, access controlled data that is in an access controlled format and that is at least partially derived from a security message of the primary security system.
- View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
- - 49. The method of claim 48, wherein the security message is an entitlement message;
    - and wherein the secondary conditional access client does not have a user key representing a subscriber of the primary security system.
  - 50. The method of claim 48, wherein the access controlled format protects access to data using a digital rights management system.
  - 51. The method of claim 50, further comprising:
    - automatically determining whether or not to descramble a portion of media content received from the primary security system for recording according to the entitlement data;
      
      descrambling and recording the portion of the media content in response to a determination to descramble; and
      
      recording the portion of the media content without descrambling in response to a determination not to descramble.
  - 52. The method of claim 50, further comprising:
    - sending, from the secondary conditional access client to the conditional access server through a network connection, an entitlement control message, the entitlement control message containing a control word in an encrypted form;
      
      wherein the access controlled data comprises the control word.
  - 53. The method of claim 52, further comprising:
    - descrambling media content using the control word; and
      
      storing the media content in a storage under protection of a digital rights management system.
  - 54. The method of claim 52, further comprising:
    - descrambling media content using the control word; and
      
      rendering the media content for presentation.
  - 55. The method of claim 54, further comprising:
    - retrieving the entitlement control message from a storage device;
      
      wherein the entitlement control message is controlled by a first entitlement management message for a first time period, which is earlier than a second entitlement management message for a second time period including a time between when the entitlement control message is sent from the secondary conditional access client to the conditional server and when the access controlled data is received at the secondary conditional access client.
  - 56. The method of claim 52, wherein the access controlled data comprises a decrypted version of the entitlement control message.
  - 57. The method of claim 50, wherein the access controlled data comprises a result of descrambling media content scrambled by a conditional access system of the primary security system.
  - 58. The method of claim 48, further comprising:
    - receiving a first entitlement control message for descrambling a portion of media content received from the primary security system; and
      
      sending the first entitlement control message from the secondary conditional access client to the conditional access server through a network connection.
  - 59. The method of claim 58, wherein the access controlled data comprises a second entitlement control message as a replacement of the entitlement control message;
    - and the method further comprises;
      
      storing the second entitlement control message with the portion of the media content.
  - 60. The method of claim 59, wherein both the first and the second entitlement control messages contain a same control word;
    - the second entitlement control message is encrypted to be decrypted using a key of the conditional access server.
  - 61. The method of claim 59, wherein the first entitlement control message contains a first control word;
    - the second entitlement control message contains a second control word;
      
      the first and second control words are different;
      
      the access controlled data further comprises the first and second control words; and
      
      the method further comprises;
      
      descrambling the content using the first control word and rescrambling the content using the second control word.

62. A machine readable medium containing executable computer program instructions which when executed by a data processing system cause said system to perform a method to provide conditional access, the method comprising:
- broadcasting a first entitlement management message for a subscriber to request caching of a media component;
  
  broadcasting the media component from a first conditional access server;
  
  receiving a client request to use the media component from a client through a second conditional access server after said broadcasting; and
  
  responding to the client request through the second conditional access server.
- View Dependent Claims (63, 64, 65)
- - 63. The medium of claim 62, wherein the method further comprises:
    - broadcasting a second entitlement management message to authorize the client to playback the media component responsive to the client request.
  - 64. The medium of claim 63, wherein the client is not authorized to use the portion of the media content before the second entitlement management message.
  - 65. The medium of claim 64, wherein the second entitlement management message contains data specifying rights of the client to use the portion of the media content on a plurality of devices that are capable of using the portion of the media content simultaneously.

66. A machine readable medium containing executable computer program instructions which when executed by a data processing system cause said system to perform a method to process conditional access protection, the method comprising:
- receiving, at a conditional access server, security messages of a primary security system;
  
  processing the security messages on the conditional access server; and
  
  transmitting, from the conditional access server to a secondary conditional access client through a network connection, access controlled data that is in an access controlled format and that is at least partially derived from the security messages.
- View Dependent Claims (67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81)
- - 67. The medium of claim 66, wherein the security messages comprise entitlement management messages;
    - the conditional access server has a user key representing a subscriber of the primary security system; and
      
      said processing the entitlement management messages comprises;
      
      decrypting to obtain a service key of the primary security system.
  - 68. The medium of claim 66, wherein the access controlled data is protected using a digital rights management system.
  - 69. The medium of claim 68, wherein rights to the access controlled data are at least partially derived from the entitlement management messages.
  - 70. The medium of claim 68, wherein the method further comprises:
    - receiving, at the conditional access server, an entitlement control message of the primary security system; and
      
      processing the entitlement control message on the conditional access server to obtain a control word of the primary security system;
      
      wherein the access controlled data comprises the control word.
  - 71. The medium of claim 70, wherein the access controlled data comprises a decrypted version of the entitlement control message.
  - 72. The medium of claim 68, wherein the method further comprises:
    - receiving, at the conditional access server, an entitlement control message and scrambled content of the primary security system; and
      
      descrambling the scrambled content according to the entitlement control message;
      
      wherein the access controlled data comprises a result of descrambling the scrambled content.
  - 73. The medium of claim 72, wherein the method further comprises:
    - storing, at the conditional access server, the content in an encrypted form;
      
      wherein the access controlled data is provided in response to a request from the secondary conditional access client.
  - 74. The medium of claim 66, wherein the method further comprises:
    - receiving, at the conditional access server, an entitlement control message of the primary security system; and
      
      processing the entitlement control message on the conditional access server to generate a substitutive entitlement control message as a replacement of the entitlement control message;
      
      wherein the access controlled data comprises the substitutive entitlement control message.
  - 75. The medium of claim 74, wherein the substitutive entitlement control message has a control word encrypted using a key of the conditional access server.
  - 76. The medium of claim 75, wherein the substitutive entitlement control message is to be decrypted using a user key of the conditional access server for the primary security system.
  - 77. The medium of claim 75, wherein the entitlement control message and the substitutive entitlement control message have a same control word.
  - 78. The medium of claim 75, wherein the entitlement control message has a first control word;
    - the substitutive entitlement control message has a second control word; and
      
      the first and second control words are different.
  - 79. The medium of claim 78, wherein the access controlled data further comprises the first and second control words.
  - 80. The medium of claim 66, wherein the method further comprises:
    - receiving, at the conditional access server, a first entitlement control message containing a first control word and content scrambled by the first control word;
      
      generating a second entitlement control message containing a second control word that is different from the first control word; and
      
      descrambling the content using the first control word and rescrambling the content by the second control word;
      
      wherein the access controlled data comprises the content rescrambled by the second control word and second entitlement control message.
  - 81. The medium of claim 80, wherein the method further comprises:
    - storing, at the conditional access server, the content rescrambled by the second control word; and
      
      retrieving the content rescrambled by the second control word in response to a request from the secondary conditional access client.

82. A machine readable medium containing executable computer program instructions which when executed by a data processing system cause said system to perform a method to process media content provided by a primary security system, the method comprising:
- receiving, at a secondary conditional access client from a conditional access server through a network connection, access controlled data that is in an access controlled format and that is at least partially derived from a security message of the primary security system.
- View Dependent Claims (83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95)
- - 83. The medium of claim 82, wherein the security message is an entitlement management message;
    - and wherein the secondary conditional access client does not have a user key representing a subscriber of the primary security system.
  - 84. The medium of claim 82, wherein the access controlled format protects access to data using a digital rights management system.
  - 85. The medium of claim 84, wherein the method further comprises:
    - automatically determining whether or not to descramble a portion of media content received from the primary security system for recording according to the entitlement data;
      
      descrambling and recording the portion of the media content in response to a determination to descramble; and
      
      recording the portion of the media content without descrambling in response to a determination not to descramble.
  - 86. The medium of claim 84, wherein the method further comprises:
    - sending, from the secondary conditional access client to the conditional access server through a network connection, an entitlement control message, the entitlement control message containing a control word in an encrypted form;
      
      wherein the access controlled data comprises the control word.
  - 87. The medium of claim 86, wherein the method further comprises:
    - descrambling media content using the control word; and
      
      storing the media content in a storage under protection of a digital rights management system.
  - 88. The medium of claim 86, wherein the method further comprises:
    - descrambling media content using the control word; and
      
      rendering the media content for presentation.
  - 89. The medium of claim 88, wherein the method further comprises:
    - retrieving the entitlement control message from a storage device;
      
      wherein the entitlement control message is controlled by a first entitlement management message for a first time period, which is earlier than a second entitlement management message for a second time period including a time between when the entitlement control message is sent from the secondary conditional access client to the conditional server and when the access controlled data is received at the secondary conditional access client.
  - 90. The medium of claim 86, wherein the access controlled data comprises a decrypted version of the entitlement control message.
  - 91. The medium of claim 84, wherein the access controlled data comprises a result of descrambling media content scrambled by a conditional access system of the primary security system.
  - 92. The medium of claim 82, wherein the method further comprises:
    - receiving a first entitlement control message for descrambling a portion of media content received from the primary security system; and
      
      sending the first entitlement control message from the secondary conditional access client to the conditional access server through a network connection.
  - 93. The medium of claim 92, wherein the access controlled data comprises a second entitlement control message as a replacement of the entitlement control message;
    - and the method further comprises;
      
      storing the second entitlement control message with the portion of the media content.
  - 94. The medium of claim 93, wherein both the first and the second entitlement control messages contain a same control word;
    - the second entitlement control message is encrypted to be decrypted using a key of the conditional access server.
  - 95. The medium of claim 93, wherein the first entitlement control message contains a first control word;
    - the second entitlement control message contains a second control word;
      
      the first and second control words are different;
      
      the access controlled data further comprises the first and second control words; and
      
      the method further comprises;
      
      descrambling the content using the first control word and rescrambling the content using the second control word.

96. A primary security system to provide conditional access, the system comprising:
- means for broadcasting a first entitlement management message for a subscriber to request caching of a media component;
  
  means for broadcasting the media component;
  
  means for receiving a client request to use the media component from a client through a secondary conditional access server after said broadcasting; and
  
  means for responding to the client request through the secondary conditional access server.
- View Dependent Claims (97, 98, 99)
- - 97. The system of claim 96, further comprising:
    - means for broadcasting a second entitlement management message to authorize the client to playback the media component responsive to the client request.
  - 98. The system of claim 97, wherein the client is not authorized to use the portion of the media content before the second entitlement management message.
  - 99. The system of claim 98, wherein the second entitlement management message contains data specifying rights of the client to use the portion of the media content on a plurality of devices that are capable of using the portion of the media content simultaneously.

100. A data processing system to process conditional access protection, the data processing system comprising:
- means for receiving, at a conditional access server, security messages of a primary security system;
  
  means for processing the security messages on the conditional access server; and
  
  means for transmitting, from the conditional access server to a secondary conditional access client through a network connection, access controlled data that is in an access controlled format and that is at least partially derived from the security messages.
- View Dependent Claims (101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115)
- - 101. The data processing system of claim 100, wherein the security messages comprise entitlement management messags;
    - the conditional access server has a user key representing a subscriber of the primary security system; and
      
      said means for processing the entitlement management messages comprises;
      
      means for decrypting to obtain a service key of the primary security system.
  - 102. The data processing system of claim 100, wherein the access controlled data is protected using a digital rights management system.
  - 103. The data processing system of claim 102, wherein rights to the access controlled data are at least partially derived from the entitlement management messages.
  - 104. The data processing system of claim 102, further comprising:
    - means for receiving, at the conditional access server, an entitlement control message of the primary security system; and
      
      means for processing the entitlement control message on the conditional access server to obtain a control word of the primary security system;
      
      wherein the access controlled data comprises the control word.
  - 105. The data processing system of claim 104, wherein the access controlled data comprises a decrypted version of the entitlement control message.
  - 106. The data processing system of claim 102, further comprising:
    - means for receiving, at the conditional access server, an entitlement control message and scrambled content of the primary security system; and
      
      means for descrambling the scrambled content according to the entitlement control message;
      
      wherein the access controlled data comprises a result of descrambling the scrambled content.
  - 107. The data processing system of claim 106, further comprising:
    - means for storing, at the conditional access server, the content in an encrypted form;
      
      wherein the access controlled data is provided in response to a request from the secondary conditional access client.
  - 108. The data processing system of claim 100, further comprising:
    - means for receiving, at the conditional access server, an entitlement control message of the primary security system; and
      
      means for processing the entitlement control message on the conditional access server to generate a substitutive entitlement control message as a replacement of the entitlement control message;
      
      wherein the access controlled data comprises the substitutive entitlement control message.
  - 109. The data processing system of claim 108, wherein the substitutive entitlement control message has a control word encrypted using a key of the conditional access server.
  - 110. The data processing system of claim 109, wherein the substitutive entitlement control message is to be decrypted using a user key of the conditional access server for the primary security system.
  - 111. The data processing system of claim 109, wherein the entitlement control message and the substitutive entitlement control message have a same control word.
  - 112. The data processing system of claim 109, wherein the entitlement control message has a first control word;
    - the substitutive entitlement control message has a second control word; and
      
      the first and second control words are different.
  - 113. The data processing system of claim 112, wherein the access controlled data further comprises the first and second control words.
  - 114. The data processing system of claim 100, further comprising:
    - means for receiving, at the conditional access server, a first entitlement control message containing a first control word and content scrambled by the first control word;
      
      means for generating a second entitlement control message containing a second control word that is different from the first control word; and
      
      means for descrambling the content using the first control word and rescrambling the content by the second control word;
      
      wherein the access controlled data comprises the content rescrambled by the second control word and second entitlement control message.
  - 115. The data processing system of claim 114, further comprising:
    - means for storing, at the conditional access server, the content rescrambled by the second control word; and
      
      means for retrieving the content rescrambled by the second control word in response to a request from the secondary conditional access client.

116. A data processing system to process media content provided by a primary security system, the data processing system comprising:
- means for receiving, at a secondary conditional access client from a conditional access server through a network connection, access controlled data that is in an access controlled format and that is at least partially derived from a security message of the primary security system.
- View Dependent Claims (117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129)
- - 117. The data processing system of claim 116, wherein the security message is an entitlement management message;
    - and wherein the secondary conditional access client does not have a user key representing a subscriber of the primary security system.
  - 118. The data processing system of claim 116, wherein the access controlled format protects access to data using a digital rights management system.
  - 119. The data processing system of claim 118, further comprising:
    - means for automatically determining whether or not to descramble a portion of media content received from the primary security system for recording according to the entitlement data;
      
      means for descrambling and recording the portion of the media content in response to a determination to descramble; and
      
      means for recording the portion of the media content without descrambling in response to a determination not to descramble.
  - 120. The data processing system of claim 118, further comprising:
    - means for sending, from the secondary conditional access client to the conditional access server through a network connection, an entitlement control message, the entitlement control message containing a control word in an encrypted form;
      
      wherein the access controlled data comprises the control word.
  - 121. The data processing system of claim 120, further comprising:
    - means for descrambling media content using the control word; and
      
      means for storing the media content in a storage under protection of a digital rights management system.
  - 122. The data processing system of claim 120, further comprising:
    - means for descrambling media content using the control word; and
      
      means for rendering the media content for presentation.
  - 123. The data processing system of claim 122, further comprising:
    - means for retrieving the entitlement control message from a storage device;
      
      wherein the entitlement control message is controlled by a first entitlement management message for a first time period, which is earlier than a second entitlement management message for a second time period including a time between when the entitlement control message is sent from the secondary conditional access client to the conditional server and when the access controlled data is received at the secondary conditional access client.
  - 124. The data processing system of claim 120, wherein the access controlled data comprises a decrypted version of the entitlement control message.
  - 125. The data processing system of claim 118, wherein the access controlled data comprises a result of descrambling media content scrambled by a conditional access system of the primary security system.
  - 126. The data processing system of claim 116, further comprising:
    - means for receiving a first entitlement control message for descrambling a portion of media content received from the primary security system; and
      
      means for sending the first entitlement control message from the secondary conditional access client to the conditional access server through a network connection.
  - 127. The data processing system of claim 126, wherein the access controlled data comprises a second entitlement control message as a replacement of the entitlement control message;
    - and the system further comprises;
      
      means for storing the second entitlement control message with the portion of the media content.
  - 128. The data processing system of claim 127, wherein both the first and the second entitlement control messages contain a same control word;
    - the second entitlement control message is encrypted to be decrypted using a key of the conditional access server.
  - 129. The data processing system of claim 127, wherein the first entitlement control message contains a first control word;
    - the second entitlement control message contains a second control word;
      
      the first and second control words are different;
      
      the access controlled data further comprises the first and second control words; and
      
      the system further comprises;
      
      means for descrambling the content using the first control word and rescrambling the content using the second control word.

130. A conditional access server, comprising:
- one or more communication interfaces, the one or more communication interfaces to receive security messages of a primary security system;
  
  a processor coupled to the one or more communication interfaces, the processor to process the security messages, and the one or more communication interfaces to transmit, to a secondary conditional access client through a network connection, access controlled data that is in an access controlled format and that is at least partially derived from the security messages.
- View Dependent Claims (131, 132, 133, 134, 135, 136, 137, 138, 139)
- - 131. The conditional access server of claim 130, wherein the security messages comprise entitlement management messages;
    - and the access controlled data is protected using a digital rights management system.
  - 132. The conditional access server of claim 131, wherein rights to the access controlled data are at least partially derived from the entitlement management messages.
  - 133. The conditional access server of claim 131, wherein the one or more communication interfaces are to receive an entitlement control message of the primary security system;
    - the processor is to obtain a control word of the primary security system from the entitlement control message; and
      
      the access controlled data comprises the control word.
  - 134. The conditional access server of claim 131, wherein the one or more communication interfaces are to receive an entitlement control message and scrambled content of the primary security system;
    - and the conditional access server further comprises;
      
      a descrambler coupled to the processor, the descrambler to descramble the scrambled content according to the entitlement control message;
      
      wherein the access controlled data comprises a result of descrambling the scrambled content.
  - 135. The conditional access server of claim 134, further comprising:
    - a storage device coupled to one or more communication interfaces, the storage device to store the content in an encrypted form;
      
      wherein the access controlled data is provided in response to a request from the secondary conditional access client.
  - 136. The conditional access server of claim 130, wherein the one or more communication interfaces are to receive entitlement control message of the primary security system;
    - the processor is to to generate a substitutive entitlement control message as a replacement of the entitlement control message; and
      
      the access controlled data comprises the substitutive entitlement control message.
  - 137. The conditional access server of claim 136, wherein the substitutive entitlement control message has a control word encrypted using a key of the conditional access server.
  - 138. The conditional access server of claim 130, wherein the one or more communication interfaces are to receive a first entitlement control message containing a first control word and content scrambled by the first control word;
    - the processor is to generate a second entitlement control message containing a second control word that is different from the first control word; and
      
      the conditional access server further comprises;
      
      a transcrambler coupled to the one or more communication interfaces and the processor, the transcrambler to descramble the content using the first control word and rescramble the content using the second control word;
      
      wherein the access controlled data comprises the content rescrambled by the second control word and second entitlement control message.
  - 139. The conditional access server of claim 138, further comprising:
    - a storage device coupled to the transcrambler, the storage device to store the content rescrambled by the second control word.

140. A secondary conditional access client, comprising:
- a communication interface to receive, from a conditional access server through a network connection, access controlled data that is in an access controlled format and that is at least partially derived from a security message of a primary security system; and
  
  a processor coupled to the communication interface, the processor to process the access controlled data.
- View Dependent Claims (141, 142, 143, 144, 145, 146)
- - 141. The client of claim 140, wherein the security message is an entitlement management message;
    - and wherein the secondary conditional access client does not have a user key representing a subscriber of the primary security system.
  - 142. The client of claim 140, wherein the access controlled format protects access to data using a digital rights management system.
  - 143. The client of claim 142, wherein the processor is to automatically determine whether or not to descramble a portion of media content received from the primary security system for recording according to the entitlement data;
    - the client further comprises;
      
      a storage device;
      
      a descrambler coupled to the processor and the storage device, in response to a determination to descramble the descrambler to descramble the portion of the media content for storing in the storage device, in response to a determination not to descramble the storage device to record the portion of the media content without descrambling.
  - 144. The client of claim 142, wherein the communication interface is to send, to the conditional access server through a network connection, an entitlement control message containing a control word in an encrypted form;
    - and the access controlled data comprises the control word.
  - 145. The client of claim 144, further comprising:
    - a storage device;
      
      a descrambler coupled to the processor and the storage device, the descrambler to descramble media content using the control word, the storage device to store the media content under protection of a digital rights management system.
  - 146. The client of claim 140, further comprising:
    - an physical interface to receive a first entitlement control message for descrambling a portion of media content received from the primary security system; and
      
      wherein the communication interface is to send the first entitlement control message to the conditional access server through a network connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VideoLabs, Inc.
Original Assignee
Digital Keystone Incorporated
Inventors
Vantalon, Luc, Siccardo, Paolo

Granted Patent

US 8,291,236 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04N 2005/91364   the video signal being scra...

H04N 21/4334   Recording operations record...

H04N 21/4405   involving video stream decr...

H04N 21/4408   involving video stream encr...

H04N 21/4623   Processing of entitlement m...

H04N 5/913   for scrambling ; for copy p...

H04N 7/162   Authorising the user termin...

Methods and apparatuses for secondary conditional access server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

111 Citations

146 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatuses for secondary conditional access server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

111 Citations

146 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links