Authorization of services in a conditional access system
First Claim
1. A conditional access apparatus in a receiver for giving a receiver, in a cable television system, conditional access to a given encrypted instance of service of a plurality of encrypted instances of services received in the receiver, the conditional access apparatus comprising:
- an agent establishment apparatus adapted to establish an entitlement agent in the receiver in response to a first message received in the receiver, wherein the agent establishment apparatus imposes constraints in the receiver on the established entitlement agent, and the established entitlement agent is associated with the given encrypted instance of service;
an entitlement specification apparatus in communication with the agent establishment apparatus, the entitlement specification apparatus adapted to specify the one or more service entitlements, wherein specified service entitlements include entitlements of the receiver for instances of services received in the receiver that are associated with the established entitlement agent; and
an access granting apparatus in communication with the entitlement specification apparatus, the access granting apparatus adapted to grant access to the given instance of service in response to a second message received in the receiver, the second message includes an entitlement identifier associated with the given encrypted instance of service, wherein the access granting apparatus uses the specified service entitlement and the entitlement identifier to grant access to the given instance of service, and the access granting apparatus grants access to the given instance of service only if the agent establishment apparatus has established the entitlement agent, and the given instance of service includes services including programming that are provided to the cable television system.
3 Assignments
0 Petitions
Accused Products
Abstract
A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances”, or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.
-
Citations
60 Claims
-
1. A conditional access apparatus in a receiver for giving a receiver, in a cable television system, conditional access to a given encrypted instance of service of a plurality of encrypted instances of services received in the receiver, the conditional access apparatus comprising:
-
an agent establishment apparatus adapted to establish an entitlement agent in the receiver in response to a first message received in the receiver, wherein the agent establishment apparatus imposes constraints in the receiver on the established entitlement agent, and the established entitlement agent is associated with the given encrypted instance of service; an entitlement specification apparatus in communication with the agent establishment apparatus, the entitlement specification apparatus adapted to specify the one or more service entitlements, wherein specified service entitlements include entitlements of the receiver for instances of services received in the receiver that are associated with the established entitlement agent; and an access granting apparatus in communication with the entitlement specification apparatus, the access granting apparatus adapted to grant access to the given instance of service in response to a second message received in the receiver, the second message includes an entitlement identifier associated with the given encrypted instance of service, wherein the access granting apparatus uses the specified service entitlement and the entitlement identifier to grant access to the given instance of service, and the access granting apparatus grants access to the given instance of service only if the agent establishment apparatus has established the entitlement agent, and the given instance of service includes services including programming that are provided to the cable television system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method for providing a receiver, in a conditional access system, with an entitlement for an encrypted instance of service, wherein the instance of service is provided by a service provider to the conditional access system, the method comprising the steps of:
-
receiving at the receiver a first message, the first message having an indicator associated with an entitlement agent included therein; processing in the receiver the first message to authenticate the first message and, to establish, in the receiver, the entitlement agent associated with the indicator of the first message, wherein only when the first message is authentic is the entitlement agent established, and the act of establishing the entitlement agent imposes constraints, in the receiver, on the established entitlement agent; receiving at the receiver a second message, the second message having a service service entitlement specifier associated with the instance of service included therein; processing the second message to associate the service entitlement specifier with the established entitlement agent; receiving at the receiver the encrypted instance of service and a third message having an entitlement identifier included therein, wherein the entitlement identifier is associated with the instance of service; and processing in the receiver the third message to determine whether the receiver is entitled to decrypt the encrypted instance of service. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
-
49. An entitling apparatus in a receiver, wherein the receiver is in a conditional access system and receives an encrypted instance of service, the instance of service is associated with an entitlement agent that is included in the conditional access system, the apparatus comprising:
-
means for establishing entitlements in the receiver for the entitlement agent, wherein the establishing means establishes the entitlements in response to a first message; means for specifying service entitlements of the receiver, wherein the specifying means specifies the service entitlements of the receiver for the instances of service associated with the entitlement agent, and the service entitlements are specified in response to a second message; means for granting the decryption of the received encrypted instance of service, wherein the encrypted instance of service is associated with an entitlement identifier, and the granting is based at least in part on the entitlement identifier and at least in part on the specified service entitlement of the receiver for the instance of service. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
-
Specification