Representing entitlements to service in a conditional access system
First Claim
1. An apparatus for representing entitlements for instances of services having entitlement IDs associated therewith in a receiver that receives the instances of services and the entitlement IDs, the apparatus comprising:
- a memory having a starting entitlement ID and a map having entitlement values for entitlements that have been given to the receiver, wherein the starting entitlement ID is used with the map to determine whether the receiver is entitled to a given instance of a service, wherein the receiver grants access to the given instance of service only if the receiver is entitled to the given instance of service, the map represents a sequence of entitlement IDs, the starting entitlement ID is the first entitlement ID in the sequence of entitlement IDs, and the map is represented by an array of elements having entitlement values that represent the presence or absence of entitlement, and the difference in the sequence of entitlement IDs between the starting entitlement ID and the entitlement ID associated with the given instance of service is used to determine the index value for a given element in the array, wherein the given element has the entitlement value of the given instance of service.
3 Assignments
0 Petitions
Accused Products
Abstract
A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances”, or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.
278 Citations
13 Claims
-
1. An apparatus for representing entitlements for instances of services having entitlement IDs associated therewith in a receiver that receives the instances of services and the entitlement IDs, the apparatus comprising:
-
a memory having a starting entitlement ID and a map having entitlement values for entitlements that have been given to the receiver, wherein the starting entitlement ID is used with the map to determine whether the receiver is entitled to a given instance of a service, wherein the receiver grants access to the given instance of service only if the receiver is entitled to the given instance of service, the map represents a sequence of entitlement IDs, the starting entitlement ID is the first entitlement ID in the sequence of entitlement IDs, and the map is represented by an array of elements having entitlement values that represent the presence or absence of entitlement, and the difference in the sequence of entitlement IDs between the starting entitlement ID and the entitlement ID associated with the given instance of service is used to determine the index value for a given element in the array, wherein the given element has the entitlement value of the given instance of service. - View Dependent Claims (2)
the array has single-bit elements and the state of an element'"'"'s bit indicates whether the receiver has the entitlement value represented by the array element.
-
-
3. An apparatus for representing entitlements for instances of services having entitlement IDs associated therewith in a receiver that receives the instances of services and the entitlement IDs, the apparatus comprising:
-
a memory having a starting entitlement ID and a map having entitlement values for entitlements that have been given to the receiver, wherein the starting entitlement ID is used with the map to determine whether the receiver is entitled to a given instance of a service; and
wherein;
the receiver grants access to the given instance of service only if the receiver is entitled to the given instance of service;
the starting entitlement ID and the map are set in response to a message received in the receiver;
the message contains a message starting entitlement ID and message map from which the starting entitlement ID and the map are set;
the receiver is given entitlements by at least one entitlement agent;
each entitlement agent has a map for representing entitlements that have been given to the receiver;
the message further specifies a given entitlement agent; and
the message starting entitlement ID and the message map are used to set a starting entitlement ID and a map in the list for the given entitlement agent.
-
-
4. A method of providing a receiver with entitlements for instances of a service, the method comprising the steps of:
-
making a representation of entitlements that includes a starting entitlement ID and a map that specifies a set of entitlement values; and
sending a message to the receiver that contains the representation, wherein the receiver responds to the message by storing the representation and using the starting entitlement ID together with the map to determine whether the receiver has an entitlement value for a given instance of a service, the map represents a sequence of entitlement IDs, the starting entitlement ID is the first entitlement ID in the sequence of entitlement IDs, the map is represented by an array whose elements have entitlement values that represent the presence or absence of entitlement values; and
the difference between the starting entitlement ID and the entitlement ID of the given instance of service is used to determine the index value for an element in the array, wherein the element having the index value represents the entitlement value of the given instance of service. - View Dependent Claims (5)
the array has single-bit elements and the state of an element'"'"'s bit indicates whether the receiver has the entitlement value represented by the array element.
-
-
6. A method of, providing a receiver with entitlements for instances of a service, the method comprising the steps of:
-
making a representation of entitlements that includes a starting entitlement ID and a map that specifies a set of entitlement values;
sending a message to the receiver that contains the representation, wherein the receiver responds to the message by storing the representation and using the starting entitlement ID together with the map to determine whether the receiver has an entitlement value for a given instance of a service, and the receiver is given entitlements by at least one entitlement agent; and
putting a specification of a given entitlement agent in the message, the receiver using the specification to locate a list whose elements include an apparatus for representing entitlements and using the apparatus in the message to set an apparatus in the list for the given entitlement agent.
-
-
7. A receiver for receiving instances of service and entitlement IDs associated therewith and entitlement values for the entitlement IDs, the receiver comprising:
-
a port for receiving instances of service and at least a first message having an entitlement ID associated with a given instance of service;
a memory coupled to the port having a starting entitlement ID and a map including entitlement values that have been given to the receiver, wherein the starting entitlement ID is used in conjunction with the map to determine the entitlement of the receiver for a given instance of service, wherein the receiver grants access to the given instance of service only if the receiver is entitled to the given instance of service, wherein the map represents a sequence of entitlement IDs, and wherein the map is represented by an array of elements having entitlement values stored therein, and the index number of the element in the array having the entitlement value for a given instance of service is determined from the sequence of entitlements IDs by the difference between the starting entitlement ID and the entitlement ID for the given instance of service.
-
-
8. A method of determining entitlements for instances of service in a receiver, the method comprising the steps, in the receiver, of:
-
receiving at least a first message having a starting entitlement ID and a map having entitlement values that represent entitlements of the receiver for instances of service;
storing in a memory at least the starting entitlement ID and the map of the first message;
receiving at least a second message having an entitlement ID associated with a given instance of service; and
determining whether the receiver is entitled to the instance of service by using the starting entitlement ID and the entitlement ID associated with the given instance of service to determine an element of the map which has the entitlement value of the given instance of service, wherein the map is stored as an array, the starting entitlement ID is the first entitlement ID in a sequence of entitlement IDs including the entitlement ID associated with the given instance of service, and the difference in the sequence between the starting entitlement ID and the entitlement ID associated with the given instance of service is used to determine an element in the array having the entitlement value for the given instance of service. - View Dependent Claims (9, 12, 13)
authenticating the first message using information provided by an entitlement agent.
-
-
13. The method of claim 12, wherein the step of authentication is performed by using RSA digital signatures.
-
10. A method of determining entitlements for instances of service in a receiver, the method comprising the steps, in the receiver, of:
-
receiving at least a first message having a starting entitlement ID and a map having entitlement values that represent entitlements of the receiver for instances of service;
storing in a memory at least the starting entitlement ID and the map of the first message;
receiving at least a second message having an entitlement ID associated with a given instance of service;
determining whether the receiver is entitled to the instance of service by using the starting entitlement ID and the entitlement ID associated with the given instance of service to determine an element of the map which has the entitlement value of the given instance of service;
receiving at least a second message that specifies a given entitlement agent; and
allocating a portion of the memory to the given entitlement agent. - View Dependent Claims (11)
receiving at least a third message having a starting entitlement ID and a map;
storing the starting entitlement ID and the map of the at least third message in the portion of the memory allocated to the given entitlement agent.
-
Specification