Mechanism and apparatus for encapsulation of entitlement authorization in conditional access system

US 7,515,712 B2
Filed: 03/25/2005
Issued: 04/07/2009
Est. Priority Date: 08/01/1997
Status: Expired due to Fees

First Claim

Patent Images

1. In a terminal of a conditional access system in which a user selects a service associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein, a method of determining whether the terminal is authorized to receive the selected service, the method comprising the steps of:

receiving at least one encrypted entitlement control message corresponding to the service, wherein each entitlement control message includes a packet identifier (PID) and a payload;

decrypting each of the at least one encrypted entitlement control messages in the secure element, each decrypted entitlement control message revealing at least one first entitlement unit number associated with the selected service and at least one control word associated with the selected service, wherein the at least one first entitlement unit number and the at least one control word are carried in the payload; and

determining that the terminal is authorized to receive the selected service when the at least one first entitlement unit number of any decrypted entitlement control message corresponds to an authorized entitlement unit number, wherein the authorized entitlement unit number indicates a group of services that a receiver is authorized to receive; and

wherein the method further comprises initial steps of;

receiving over a permanently available data link an unencrypted entitlement unit table, the unencrypted entitlement unit table associating the selected service with at least one second entitlement unit number; and

tuning the tuner of the terminal to the frequency associated with the selected service when any of said at least one second entitlement number represents any number of said at least one authorized entitlement unit number.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for determining whether the terminal is authorized to receive the selected service is practiced in a terminal of a conditional access system in which a user selects a service, the selected service being associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein. The method includes receiving at least one encrypted entitlement control message corresponding to the service, and decrypting each of the at least one encrypted entitlement control message in the secure element, each decrypted entitlement control message revealing at least one first entitlement number associated with the selected service. The method further includes determining that the terminal is authorized to receive the selected service when any first entitlement number of any decrypted entitlement control message represents any number of the at least one authorized entitlement unit number. Alternatively, the method includes receiving at least one entitlement control message corresponding to the service, and authenticating each of the at least one entitlement control message in the secure element, each authenticated entitlement control message revealing at least one first entitlement number associated with the selected service. The method further including determining that the terminal is authorized to receive the selected service when any first entitlement number of any authenticated entitlement control message represents any number of the at least one authorized entitlement unit number.

136 Citations

37 Claims

1. In a terminal of a conditional access system in which a user selects a service associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein, a method of determining whether the terminal is authorized to receive the selected service, the method comprising the steps of:
- receiving at least one encrypted entitlement control message corresponding to the service, wherein each entitlement control message includes a packet identifier (PID) and a payload;
  
  decrypting each of the at least one encrypted entitlement control messages in the secure element, each decrypted entitlement control message revealing at least one first entitlement unit number associated with the selected service and at least one control word associated with the selected service, wherein the at least one first entitlement unit number and the at least one control word are carried in the payload; and
  
  determining that the terminal is authorized to receive the selected service when the at least one first entitlement unit number of any decrypted entitlement control message corresponds to an authorized entitlement unit number, wherein the authorized entitlement unit number indicates a group of services that a receiver is authorized to receive; and
  
  wherein the method further comprises initial steps of;
  
  receiving over a permanently available data link an unencrypted entitlement unit table, the unencrypted entitlement unit table associating the selected service with at least one second entitlement unit number; and
  
  tuning the tuner of the terminal to the frequency associated with the selected service when any of said at least one second entitlement number represents any number of said at least one authorized entitlement unit number.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the step of receiving over a permanently available data link includes receiving the entitlement unit table over an out of band data link.
  - 3. The method of claim 1, wherein the step of receiving over a permanently available link includes receiving the entitlement unit table incorporated in a data packet that is included in a data stream associated with an initial power on frequency that is tunable by the tuner.
  - 4. The method of claim 1, wherein the step of receiving over a permanently available link includes receiving the entitlement unit table incorporated in a data packet that is included in a data stream associated with each frequency that is tunable by the tuner.
  - 5. The method of claim 1, wherein the step of decrypting the at least one encrypted entitlement control message includes recovering at least one control word associated with decryption of a video component of the selected service.
  - 6. The method of claim 1, wherein the step of decrypting the at least one encrypted entitlement control message includes recovering at least one control word associated with decryption of an audio component of the selected service.
  - 7. The method of claim 1, wherein the step of receiving at least one encrypted entitlement control message includes demodulating an output of the tuner to recover a data component corresponding to the selected service, the data component containing the encrypted entitlement control message.
  - 8. The method of claim 1, wherein the step of decrypting said at least one encrypted entitlement control message includes recovering at least one control word from said at least one decrypted entitlement control message, each control word being a decryption key for decrypting a corresponding service component of the selected service.
  - 9. The method of claim 8, further comprising steps of:
    - recovering a first encrypted service component; and
      
      decrypting the first encrypted service component using a first control word of said at least one control word.
  - 10. The method of claim 1, further comprising steps of:
    - receiving an encrypted entitlement management message addressed to the terminal; and
      
      decrypting the encrypted entitlement management message in the secure element, the decrypted entitlement management message including an update of at least one authorized entitlement unit number to be stored in the secure element.
  - 11. The method of claim 10, wherein the step of receiving an encrypted entitlement management message includes receiving the encrypted entitlement management message over an out of band data link.
  - 12. The method of claim 10, wherein the step of receiving an encrypted entitlement management message includes receiving the encrypted entitlement management message incorporated in a data packet that is included in a data stream associated with each frequency that is tunable by the tuner.
  - 13. The method of claim 1, further comprising steps of:
    - receiving an entitlement management message addressed to the terminal; and
      
      authenticating the entitlement management message in the secure element, the authenticated entitlement management message including an update of at least one authorized entitlement unit number to be stored in the secure element.
  - 14. The method of claim 13, wherein the step of receiving an entitlement management message includes receiving the entitlement management message over an out of band data link.
  - 15. The method of claim 13, wherein the step of receiving an entitlement management message includes receiving the entitlement management message incorporated in a data packet that is included in a data stream associated with each frequency that is tunable by the tuner.
  - 16. The method of claim 1, wherein the step of decrypting the at least one encrypted entitlement control message includes recovering the at least one first entitlement unit number associated with the selected service.

17. In a terminal of a conditional access system in which a user selects a service associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein, a method of determining whether the terminal is authorized to receive the selected service, the method comprising the steps of:
- receiving at least one entitlement control message corresponding to the service, wherein each entitlement control message includes a packet identifier (PID) and a payload;
  
  authenticating each of the at least one entitlement control messages in the secure element, each authenticated entitlement control message revealing at least one first entitlement unit number associated with the selected service and at least one control word associated with the selected service, wherein the at least one first entitlement unit number and the at least one control word are carried in the payload; and
  
  determining that the terminal is authorized to receive the selected service when any first entitlement unit number of any authenticated entitlement control message corresponds to an authorized entitlement unit number, wherein the authorized entitlement unit number indicates a group of services that a receiver is authorized to receive; and
  
  wherein the method further comprises initial steps of;
  
  receiving over a permanently available data link an unencrypted entitlement unit table, the unencrypted entitlement unit table associating the selected service with at least one second entitlement unit number; and
  
  tuning the tuner of the terminal to the frequency associated with the selected service when any of said at least one second entitlement number represents any number of said at least one authorized entitlement unit number.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 18. The method of claim 17, wherein the step of receiving over a permanently available data link includes receiving the entitlement unit table over an out of band data link.
  - 19. The method of claim 17, wherein the step of receiving over a permanently available link includes receiving the entitlement unit table incorporated in a data packet that is included in a data stream associated with an initial power on frequency that is tunable by the tuner.
  - 20. The method of claim 17, wherein the step of receiving over a permanently available link includes receiving the entitlement unit table incorporated in a data packet that is included in a data stream associated with each frequency that is tunable by the tuner.
  - 21. The method of claim 17, wherein the step of authenticating the at least one entitlement control message includes recovering at least one control word associated with decryption of a video component of the selected service.
  - 22. The method of claim 17, wherein the step of authenticating the at least one entitlement control message includes recovering at least one control word associated with decryption of an audio component of the selected service.
  - 23. The method of claim 17, wherein the step of receiving at least one entitlement control message includes demodulating an output of the tuner to recover a data component corresponding to the selected service, the data component containing the entitlement control message.
  - 24. The method of claim 17, wherein the step of authenticating said at least one entitlement control message includes recovering at least one control word from said at least one entitlement control message, each control word being a decryption key for decrypting a corresponding service component of the selected service.
  - 25. The method of claim 24, further comprising step of:
    - recovering a first encrypted service component; and
      
      decrypting the first encrypted service component using a first control word of said at least one control word.
  - 26. The method of claim 17, further comprising steps of:
    - receiving an encrypted entitlement management message addressed to the terminal; and
      
      decrypting the encrypted entitlement management message in the secure element, the decrypted entitlement management message including an update of at least one authorized entitlement unit number to be stored in the secure element.
  - 27. The method of claim 26, wherein the step of receiving an encrypted entitlement management message includes receiving the encrypted entitlement management message over an out of band data link.
  - 28. The method of claim 26, wherein the step of receiving an encrypted entitlement management message includes receiving the encrypted entitlement management message incorporated in a data packet that is included in a data stream associated with each frequency that is tunable by the tuner.
  - 29. The method of claim 17, further comprising steps of:
    - receiving an entitlement management message addressed to the terminal; and
      
      authenticating the entitlement management message in the secure element, the authenticated entitlement management message including an update of at least one authorized entitlement unit number to be stored in the secure element.
  - 30. The method of claim 29, wherein the step of receiving an entitlement management message includes receiving the entitlement management message over an out of band data link.
  - 31. The method of claim 29, wherein the step of receiving an entitlement management message includes receiving the entitlement management message incorporated in a data packet that is included in a data stream associated with each frequency that is tunable by the tuner.
  - 32. The method of claim 17, wherein the step of authenticating the at least one entitlement control message includes recovering the at least one first entitlement unit number associated with the selected service.

33. A system in which a user selects a service associated with a frequency, the system comprising:
- a tuner; and
  
  a processor communicatively coupled to the tuner and including a secure element, the processor configured to;
  
  receive a transport stream comprising a plurality of packets having different packet types, one packet type comprising at least one encrypted entitlement control message corresponding to the service, wherein each entitlement control message includes a packet identifier (PID) and a payload, the PID uniquely identifying the packet corresponding to the entitlement control message from the other packet types;
  
  decrypt each of the at least one encrypted entitlement control messages in the secure elements, each decrypted entitlement control message revealing at least one first entitlement unit number associated with the selected service, wherein the at least one first entitlement unit number and the at least one control word are carried in the payload; and
  
  determine the terminal is authorized to receive the selected service when the at least one first entitlement unit number of any decrypted entitlement control message corresponds to an authorized entitlement unit number, wherein the authorized entitlement unit number indicates a group of services that a receiver is authorized to receive; and
  
  wherein the processor is further configured to perform the initial steps of;
  
  receive over a permanently available data link an unencrypted entitlement unit table, the unencrypted entitlement unit table associating the selected service with at least one second entitlement unit number; and
  
  tune the tuner of the terminal to the frequency associated with the selected service when any of said at least one second entitlement number represents any number of said at least one authorized entitlement unit number.
- View Dependent Claims (34)
- - 34. The system of claim 33, wherein the different packet types include video packets, audio packets, and entitlement management message packets.

35. In a terminal of a conditional access system in which a user selects a service associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein, a method of determining whether the terminal is authorized to receive the selected service, the method comprising the steps of:
- receiving at least one encrypted entitlement control message corresponding to the service, wherein each entitlement control message includes a packet identifier (PID) and a payload;
  
  decrypting each of the at least one encrypted entitlement control messages in the secure element, each decrypted entitlement control message revealing at least one first entitlement unit number associated with the selected service and at least one encrypted control word associated with the selected service, wherein the at least one first entitlement unit number and the at least one encrypted control word are carried in the payload; and
  
  determining that the terminal is authorized to receive the selected service when the at least one first entitlement unit number of any decrypted entitlement control message corresponds to an authorized entitlement unit number, wherein the authorized entitlement unit number indicates a group of services that a receiver is authorized to receive; and
  
  wherein the method further comprises initial steps of;
  
  receiving over a permanently available data link an unencrypted entitlement unit table, the unencrypted entitlement unit table associating the selected service with at least one second entitlement unit number; and
  
  tuning the tuner of the terminal to the frequency associated with the selected service when any of said at least one second entitlement number represents any number of said at least one authorized entitlement unit number.
- View Dependent Claims (36, 37)
- - 36. The method of claim 35, further comprising decrypting said at least one encrypted control word when it is determined that the terminal is authorized to receive the selected service.
  - 37. The method of claim 36, further comprising steps of:
    - recovering a first encrypted service component; and
      
      decrypting the first encrypted service component using a decrypted control word of said at least one encrypted control word.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tech 5 SAS
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Defreese, Darryl L., Seaman, Jeffery M., Wasilewski, Anthony J.
Primary Examiner(s)
Pich; Ponnoreay

Application Number

US10/981,347
Publication Number

US 20050152551A1
Time in Patent Office

1,474 Days
Field of Search

725/25, 725/31
US Class Current

380/239
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/123   received data contents, e.g...

H04N 21/23608   Remultiplexing multiplex st...

H04N 21/26606   for generating or managing ...

H04N 21/4344   Remultiplexing of multiplex...

H04N 21/4623   Processing of entitlement m...

H04N 7/163   by receiver means only

H04N 7/1675   Providing digital key or au...

Mechanism and apparatus for encapsulation of entitlement authorization in conditional access system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

136 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism and apparatus for encapsulation of entitlement authorization in conditional access system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links