Mechanism and apparatus for encapsulation of entitlement authorization in conditional access system
First Claim
1. In a terminal of a conditional access system in which a user selects a service associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein, a method of determining whether the terminal is authorized to receive the selected service, the method comprising the steps of:
- receiving at least one encrypted entitlement control message corresponding to the service, wherein each entitlement control message includes a packet identifier (PID) and a payload;
decrypting each of the at least one encrypted entitlement control messages in the secure element, each decrypted entitlement control message revealing at least one first entitlement unit number associated with the selected service and at least one control word associated with the selected service, wherein the at least one first entitlement unit number and the at least one control word are carried in the payload; and
determining that the terminal is authorized to receive the selected service when the at least one first entitlement unit number of any decrypted entitlement control message corresponds to an authorized entitlement unit number, wherein the authorized entitlement unit number indicates a group of services that a receiver is authorized to receive; and
wherein the method further comprises initial steps of;
receiving over a permanently available data link an unencrypted entitlement unit table, the unencrypted entitlement unit table associating the selected service with at least one second entitlement unit number; and
tuning the tuner of the terminal to the frequency associated with the selected service when any of said at least one second entitlement number represents any number of said at least one authorized entitlement unit number.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for determining whether the terminal is authorized to receive the selected service is practiced in a terminal of a conditional access system in which a user selects a service, the selected service being associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein. The method includes receiving at least one encrypted entitlement control message corresponding to the service, and decrypting each of the at least one encrypted entitlement control message in the secure element, each decrypted entitlement control message revealing at least one first entitlement number associated with the selected service. The method further includes determining that the terminal is authorized to receive the selected service when any first entitlement number of any decrypted entitlement control message represents any number of the at least one authorized entitlement unit number. Alternatively, the method includes receiving at least one entitlement control message corresponding to the service, and authenticating each of the at least one entitlement control message in the secure element, each authenticated entitlement control message revealing at least one first entitlement number associated with the selected service. The method further including determining that the terminal is authorized to receive the selected service when any first entitlement number of any authenticated entitlement control message represents any number of the at least one authorized entitlement unit number.
136 Citations
37 Claims
-
1. In a terminal of a conditional access system in which a user selects a service associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein, a method of determining whether the terminal is authorized to receive the selected service, the method comprising the steps of:
-
receiving at least one encrypted entitlement control message corresponding to the service, wherein each entitlement control message includes a packet identifier (PID) and a payload; decrypting each of the at least one encrypted entitlement control messages in the secure element, each decrypted entitlement control message revealing at least one first entitlement unit number associated with the selected service and at least one control word associated with the selected service, wherein the at least one first entitlement unit number and the at least one control word are carried in the payload; and determining that the terminal is authorized to receive the selected service when the at least one first entitlement unit number of any decrypted entitlement control message corresponds to an authorized entitlement unit number, wherein the authorized entitlement unit number indicates a group of services that a receiver is authorized to receive; and wherein the method further comprises initial steps of; receiving over a permanently available data link an unencrypted entitlement unit table, the unencrypted entitlement unit table associating the selected service with at least one second entitlement unit number; and tuning the tuner of the terminal to the frequency associated with the selected service when any of said at least one second entitlement number represents any number of said at least one authorized entitlement unit number. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. In a terminal of a conditional access system in which a user selects a service associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein, a method of determining whether the terminal is authorized to receive the selected service, the method comprising the steps of:
-
receiving at least one entitlement control message corresponding to the service, wherein each entitlement control message includes a packet identifier (PID) and a payload; authenticating each of the at least one entitlement control messages in the secure element, each authenticated entitlement control message revealing at least one first entitlement unit number associated with the selected service and at least one control word associated with the selected service, wherein the at least one first entitlement unit number and the at least one control word are carried in the payload; and determining that the terminal is authorized to receive the selected service when any first entitlement unit number of any authenticated entitlement control message corresponds to an authorized entitlement unit number, wherein the authorized entitlement unit number indicates a group of services that a receiver is authorized to receive; and wherein the method further comprises initial steps of; receiving over a permanently available data link an unencrypted entitlement unit table, the unencrypted entitlement unit table associating the selected service with at least one second entitlement unit number; and tuning the tuner of the terminal to the frequency associated with the selected service when any of said at least one second entitlement number represents any number of said at least one authorized entitlement unit number. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A system in which a user selects a service associated with a frequency, the system comprising:
-
a tuner; and a processor communicatively coupled to the tuner and including a secure element, the processor configured to; receive a transport stream comprising a plurality of packets having different packet types, one packet type comprising at least one encrypted entitlement control message corresponding to the service, wherein each entitlement control message includes a packet identifier (PID) and a payload, the PID uniquely identifying the packet corresponding to the entitlement control message from the other packet types; decrypt each of the at least one encrypted entitlement control messages in the secure elements, each decrypted entitlement control message revealing at least one first entitlement unit number associated with the selected service, wherein the at least one first entitlement unit number and the at least one control word are carried in the payload; and determine the terminal is authorized to receive the selected service when the at least one first entitlement unit number of any decrypted entitlement control message corresponds to an authorized entitlement unit number, wherein the authorized entitlement unit number indicates a group of services that a receiver is authorized to receive; and wherein the processor is further configured to perform the initial steps of; receive over a permanently available data link an unencrypted entitlement unit table, the unencrypted entitlement unit table associating the selected service with at least one second entitlement unit number; and tune the tuner of the terminal to the frequency associated with the selected service when any of said at least one second entitlement number represents any number of said at least one authorized entitlement unit number. - View Dependent Claims (34)
-
-
35. In a terminal of a conditional access system in which a user selects a service associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein, a method of determining whether the terminal is authorized to receive the selected service, the method comprising the steps of:
-
receiving at least one encrypted entitlement control message corresponding to the service, wherein each entitlement control message includes a packet identifier (PID) and a payload; decrypting each of the at least one encrypted entitlement control messages in the secure element, each decrypted entitlement control message revealing at least one first entitlement unit number associated with the selected service and at least one encrypted control word associated with the selected service, wherein the at least one first entitlement unit number and the at least one encrypted control word are carried in the payload; and determining that the terminal is authorized to receive the selected service when the at least one first entitlement unit number of any decrypted entitlement control message corresponds to an authorized entitlement unit number, wherein the authorized entitlement unit number indicates a group of services that a receiver is authorized to receive; and wherein the method further comprises initial steps of; receiving over a permanently available data link an unencrypted entitlement unit table, the unencrypted entitlement unit table associating the selected service with at least one second entitlement unit number; and tuning the tuner of the terminal to the frequency associated with the selected service when any of said at least one second entitlement number represents any number of said at least one authorized entitlement unit number. - View Dependent Claims (36, 37)
-
Specification