The present invention generally relates to the field of conditional access systems and digital rights management solutions.
All mechanisms for protection of multimedia content delivery (conditional access systems or digital rights management) that are based on content encryption require a secure client at the terminal side which is usually the weakest link of the chain in terms of security. For getting a rich and scalable feature set, it is desirable that this secure client include a good level of intelligence, but the complexity this introduces usually leads to weakness in the implementation from the security point of view.
Prior art solutions implement the secure client on some kind of specialized hardware (e.g. a smartcard) which is designed to be tamper resistant. An important drawback of this approach is the cost of the additional hardware (i.e., capital expenditures) and management of smart card distribution (causing operational expenditures). Additionally, the solution is exposed to security attacks and may eventually be hacked, because of its risky environment (it is physically in hands of the potential attackers). The existing approach is to periodically replace smartcards before the number of cracked cards reaches a damaging level further raising the capital and operational expenditure costs.
The products currently available on the conditional access system market can roughly be divided in three types. Smartcard based solutions offer a very good security and allow complex business models like Impulse Pay per View, Pay Per Time, etc. . . . (see below), but are very expensive. Further the smartcard can be hacked (although not easy, yet always feasible). Logistics is also an issue with Smartcards. Second there are pure software-based solutions. These emulate the functionality of a smartcard (including the local decision capability and hence the complex business models) on a software module in the set top box (STB). Their functionality is similar to the smartcard based product, but security is an order of magnitude worse. Price, of course, is also much lower. Thirdly there are smartcard-less hardware solutions. This is typically offered by the smartcard based solution providers as a lower cost alternative. They make extensive usage of the bidirectional network to provide massive amounts of keys to all subscribers, relying on the (limited) security capabilities of the STB chipsets. This solution is as secure as the smartcard (or even more, as there is no physical device to attach other than the STB), but lacks the local decision capability and therefore the complex business models.
The present invention aims to provide a device for authorising access to data content with improved security while maintaining a high level of flexibility at a reasonable price.
The present invention relates to a device for authorising access to data content protected by a control signal and delivered to a terminal over a network comprising an access network. The device is arranged for receiving a version of the control signal and further comprises processing means for processing the received version of the control signal and arranged for sending to the terminal an output signal derived from the processed version of the control signal. The output signal enables the terminal to get access to the delivered data content protected by the control signal. The device is operable in the access network. In this way the need for smartcards in the set top box is eliminated, which considerably reduces the deployment cost.
Preferably the version of the control signal is obtained by encryption. In an advantageous embodiment said version of the control signal is an Encryption Control Message.
In a preferred embodiment the processing means is arranged for decrypting the version of the control signal. The processing means is further advantageously arranged for encrypting the output signal. The output signal is preferably encrypted with a code specific for the terminal.
In another preferred embodiment the device is arranged for receiving information about the terminal being entitled or not to access the data content. Said information is advantageously contained in an entitlement management message.
The data content is typically multimedia data.
In another aspect the invention relates to an access node comprising a device for authorizing access as previously described. The access node may advantageously be a DSL access multiplexer (DSLAM).
In yet a further aspect the invention relates to a conditional access system comprising a device for authorising access as disclosed above and further comprising a device arranged for protecting data content to be delivered with a control signal and for transmitting the protected data content, and comprising at least one terminal connected with the device for protecting data content via a network provided with an access network and with the device for authorising access.
The conditional access system advantageously comprises means for encrypting the control signal.
In a further aspect the invention relates to a method for improving the security of a conditional access system. The conditional access system comprises a device arranged for protecting data content to be delivered with a control signal and for transmitting the protected data content, and also comprises at least one terminal connected with the device for protecting data content via a network provided with an access network. The method comprises the step of providing a device for authorising access as previously described in the access network, whereby the device for authorising access is connected with the at least one terminal.
The present invention proposes to implement the secure client with complex functionality on a device in the access network, out of the physical reach of the end user, but close enough to the terminal to still enable a fast and secure data exchange with the terminal, thus enabling the kind of local decisions that a smartcard or equivalent solution provides. These local decisions enable some business models that are not possible otherwise, like Impulse Pay per View (purchasing of content locally, without communicating in real time with a call center or a central computer), Pay per Time (consuming minutes of content when the subscriber prefers) and others.
According to an embodiment of the invention the terminal processing of the conditional access system (CAS) and DRM is moved into the access node. This has no impact on the CAS system as illustrated in
The device for authorizing access according to the present invention can be considered as a “networked smartcard” (NSC) (see
The device for authorizing access to data content as in the present invention scales with the number of subscribers, but given the low computing power required by these functions (equivalent to the processing power of a smartcard) and the resource sharing capability that may be leveraged, the overall cost is lower than the prior art smartcard solution.
The device for authorizing access of the invention provides the same flexibility as a hardware based (smartcard or equivalent) conditional access system, but without any specialized hardware in the terminal. It reuses the basic security components built into descrambler/decoder chipsets. It provides improved security, because the secure appliance (i.e. the ‘networked smartcard’) is physically not reachable by potential attackers.
The present invention can be applied to existing CAS systems without any change to the headend. It keeps full compatibility with existing conditional access systems: it is even possible to have in the field some set top boxes with traditional smartcards and others using networked smartcards (the access node devices), all working with the same signal coming from the headend (encrypted content, ECMs and EMMs). This also means that the solution may be applied gradually to an already existing (and deployed) conditional access system.
The invention further makes management and maintenance of the solution easier, because the appliance is located in the network premises (no visits to the subscribers' homes). Also, it reduces the cost of a deployment by reducing the CAS/DRM investment needed in the set top box to integrate the conditional access functionality and eliminates the need for smartcards. This reduces both the capital and operational expenditure costs.
With respect to smartcard based architectures, the invention provides better security, easier management and upgradeability and lower cost in the mid-term.
As compared to pure software CAS/DRM architecture, the proposed solution provides better flexibility, more business models (e.g. impulsive Pay Per View or Pay per Time) and better security.
Concerning the DRM interoperability initiatives that exist in the market (e.g. Coral—see e.g; http://www.coral-interop.org), it should be noted that the present invention offers a better security (because all risky tasks are undertaken in a secure environment) and much better performance and scalability (because of the close distance of the appliance to the terminal).
Although the present invention has been illustrated by reference to specific embodiments, it will be apparent to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied with various changes and modifications without departing from the spirit and scope thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. In other words, it is contemplated to cover any and all modifications, variations or equivalents that fall within the spirit and scope of the basic underlying principles and whose essential attributes are claimed in this patent application. It will furthermore be understood by the reader of this patent application that the words “comprising” or “comprise” do not exclude other elements or steps, that the words “a” or “an” do not exclude a plurality, and that a single element, such as a computer system, a processor, or another integrated unit may fulfil the functions of several means recited in the claims. Any reference signs in the claims shall not be construed as limiting the respective claims concerned. The terms “first”, “second”, third”, “a”, “b”, “c”, and the like, when used in the description or in the claims are introduced to distinguish between similar elements or steps and are not necessarily describing a sequential or chronological order. Similarly, the terms “top”, “bottom”, “over”, “under”, and the like are introduced for descriptive purposes and not necessarily to denote relative positions. It is to be understood that the terms so used are interchangeable under appropriate circumstances and embodiments of the invention are capable of operating according to the present invention in other sequences, or in orientations different from the one(s) described or illustrated above.
Number | Date | Country | Kind |
---|---|---|---|
08305647.3 | Oct 2008 | EP | regional |