Patent Grant
8724808
This application claims the benefit, under 35 U.S.C. §365 of International Application PCT/FR01/02502, filed Jul. 31, 2001, which was published in accordance with PCT Article 21(2) on Feb. 14, 2002 in French and which claims the benefit of French patent application No. 0010339 filed Aug. 4, 2000.
The present invention pertains in a general manner to the distribution of data through broadcasting networks, in particular the Internet network. It relates more especially to a method of secure distribution of digital data representative of a multimedia content, such as video or audio sequences.
The existing solutions for distributing digital data in a secure manner, by way of the Internet network in particular, are based essentially on the encryption of the data transmitted by the content provider and the decryption of these data by an application executed on a computer connected to the network and receiving the said data.
However, these solutions do not guarantee sufficient security since it is almost impossible to securely store a decryption key (which must remain secret in order to guarantee security) in an appliance such as a computer.
Moreover, an important preoccupation of content providers relates to the anticopy protection of the digital data representing these contents.
An aim of the invention is therefore to propose a method of distribution of digital data representative of a multimedia content which is safer than those of the prior art.
Another aim of the invention is to propose such a method which furthermore makes it possible to avoid illicit copying of the digital data.
The invention relates accordingly to a method of secure distribution of digital data representative of a multimedia content by a content provider through a broadcasting network, the data being scrambled by control words. According to the invention, the method comprises the steps consisting in:
According to an advantageous embodiment of the invention, the encryption key is a unique public key associated with the content reception device.
A public key, used in an asymmetric cryptographic system, can be transmitted through a non secure network since only the private key associated therewith makes it possible to decrypt the control words encrypted with the public key. Thus, it is not necessary to provide a secure channel for transmitting the public key of the reception device.
According to a particular characteristic of the invention, the aforesaid method comprises the steps, prior to steps (a) and (b), consisting in receiving the public key of the reception device and a cryptographic certificate associated with the public key; and verifying the validity of the public key by analyzing the associated cryptographic certificate. Step (a) is performed only in case of positive verification.
According to another advantageous embodiment of the invention, the aforesaid method comprises the steps, prior to steps (a) and (b), consisting in:
Thus, the content provider performs the preprocessing consisting in scrambling the digital data before receiving requests for transmission of data by content reception devices. When such requests are received by the content provider, the latter must just perform the encryption of the control words with the aid of the key received from the reception device which issued the request. This encryption calculation can be performed in real time at the moment of the downloading of the scrambled digital data to the reception device through the broadcasting network, thereby allowing fast processing of the request.
According to a particular characteristic of the invention, the control words are stored in the database associated with the content provider by being enclosed in control messages and:
The invention also relates, according to a second aspect, to a method of secure distribution of digital data representative of a multimedia content to a content reception device through a broadcasting network, the digital data being scrambled by control words. According to the invention, the method comprises the steps consisting for said content reception device connected to the network in:
According to an advantageous embodiment, the encryption key is a unique public key and the decryption key is the unique private key associated with said public key.
According to a particular characteristic of the invention, the content reception device is able to cooperate with a security element, and the public and private key pair is associated in a unique manner with the security element and is stored in said security element.
According to another characteristic of the invention, the security element is provided to the user of the content reception device by a trusted authority. The security element contains, in addition to the unique public and private key pair, a cryptographic certificate delivered by said authority and, in step (i), the content reception device transmits the associated cryptographic certificate to the content provider, in addition to the public key.
According to an advantageous characteristic of the invention, the security element is a detachable element, in particular a smart card.
The invention also relates, according to a third aspect, to a method of secure distribution of digital data representative of a multimedia content to a content receiver device, the device being adapted to be connected on the one hand to a broadcasting network, in particular the Internet network; and on the other hand to a digital home network, and the digital data being scrambled by control words. According to the third aspect of the invention, the method comprises the steps consisting for the reception device in:
According to an advantageous embodiment, the content reception device is able to cooperate with a first security element, and the public key associated with the home network is stored in this first security element.
According to this embodiment, the presentation device is able to cooperate with a second security element, and the private key associated with the home network is stored in this second security element.
According to an advantageous characteristic of the invention, the first security element and/or the second security element is a detachable element, in particular a smart card.
The invention will be better understood on reading the following description of particular, nonlimiting embodiments thereof given with reference to the appended drawings in which:
a and 2b diagrammatically illustrate data which are exchanged by elements of
In the subsequent description, reference will be made solely to digital data representing a video content but naturally, the invention applies to the distribution of any type of multimedia content, be it sequences of audio, video or textual data or even computer data files used for the implementation of software.
Represented in
The digital data representing the video contents are stored in the database in a form which is compressed (so as to be able to be transmitted easily by way of the broadcasting network) and scrambled by control words generally denoted CW. This scrambling is performed according to a symmetric cryptographic scheme with keys, the control words, which are periodically renewed and which are stored in control messages denoted ECM (standing for “Entitlement Control Message”). These control messages are stored, together with the scrambled data, in the database.
This preprocessing consisting in compressing and scrambling the data so as to store them in the database 10 is preferably performed before supplying the data to the users. It may even be performed outside of the database or of the video server.
The scrambling of the data is preferably performed according to the DVB CS standard (the initials standing for “Digital Video Broadcasting Content Scrambling”) and the data are, in a preferred embodiment, coded in the form of packets according to the MPEG 2 standard (ISO/IEC 13818-1) so as to be transmitted over the broadcasting network.
Represented diagrammatically in
Coming back to
A receiver device 2 is also linked to the Internet network. This receiver device is generally located at a user's who wishes to access video programs via the Internet network. It may in particular be a computer or a digital decoder (or “Set-Top Box”). The latter possesses a user interface (of the keypad, screen, remote control type, etc.) so as to allow in particular a user to select video programs which he wants to receive.
The receiver device also comprises means for receiving data streams from the Internet network, by streaming, that is to say by viewing the content as and when it is loaded, or by downloading, that is to say without viewing the content in real time.
It also comprises a descrambler capable of descrambling as will be seen hereinbelow, scrambled digital data packets which it receives, with the aid of the control words which served to scramble the data.
The receiver device 2 furthermore comprises a smart card reader intended for receiving a card 3. The smart card 3 comprises a secure processor 30 which, as is well known to the person skilled in the art, enables data such as cryptographic keys to be stored in a secure manner.
The smart card 3 is delivered preferably by a trusted authority 4 which may be dependent on or independent of the content provider. In order to be able to access the service for distributing video sequences by the content provider, a user must firstly subscribe to this service via the trusted authority designated by the content provider (for payment or otherwise depending on the content provider's commercial policy).
The user receives in exchange a smart card 3 which contains a unique private KPri
Such a certificate contains a set of data (such as the public key, the user's identification, a date of validity of the public key) which prove that the public key does indeed belong to a given person and the certificate is signed by the trusted authority. The X509 (ISO/IEC 9594-8) standard will preferably be used to generate the certificate.
For example, the certificate may have the following form:
The signature being calculated as follows:
The smart card 3 preferably also contains means for establishing a payment protocol with a financial intermediary or directly with the content provider. The payment protocols, of micropayment type, that is to say dedicated to payments of small amounts, or of macropayment type, for bigger amounts, are well known to the person skilled in the art and will not be described hereinafter.
The smart card 3 also comprises means for decrypting the ECM messages which it receives with the aid of the private key KPri
In a general manner, the principle of the invention is as follows: when a user has selected a video sequence which he wants to receive from the video server 1 on his receiver device 2, the receiver device transmits, via the Internet network, the public key KPub
71 to form a data packet 7 (
The data packets 7 containing the requested sequence of scrambled video data and the encrypted ECM messages are then transmitted to the receiver device by the video server.
The receiver device, when it receives these data, extracts the encrypted ECM messages therefrom and it transmits them to the smart card 3 which comprises means for decrypting the said messages with the aid of the private key KPub
With the aid of these control words, and in a manner well known per se, the receiver device descrambles the digital data corresponding to the requested video sequence.
We shall now describe in more detail, in conjunction with
Represented in
During the first step 100, it is assumed that the user has selected, by way of the user interface of the receiver device, a video sequence, for example a film or a particular transmission, which he wants to receive. The receiver device 2 then constructs a video content request message which it issues to the address of the video server 1. This request naturally contains an identifier of the requested video sequence as well as an identifier of the receiver device.
In the next step 101, the video server sends back to the receiver device the commercial conditions, including the price, relating to the delivery of the chosen video sequence. These conditions are presented to the user by way of the user interface and the user then decides whether or not he wants to continue the transaction.
In the case where he still wants to receive the video sequence, the user signifies same by a command entered via the user interface and, in step 102, the receiver device sends the smart card 3 the commercial conditions received in step 101 or certain elements only, such as the price, of these conditions.
In fact, according to the chosen method of payment, the smart card might not be involved in the payment for the video sequence, for example in the case where a payment protocol based on a credit card is used (such as the SET protocol, the initials standing for “Secure Electronic Transaction”). We assume in the example of
The smart card then sends, in step 103, to the receiver device, a message containing:
This message is forwarded as is by the receiver device to the video server in step 104. In the case where the smart card is not involved in the payment, the data relating to the payment are concatenated by the receiver device with the data received from the smart card in the previous step so as to form the message transmitted in step 104.
The video server then proceeds to the verification of the data relating to the payment (step 105). If these data prove that the payment has indeed been made, then the server verifies the validity of the public key KPub
To do this, the server possesses the public key KPub
“DK(M)” representing the operation of decrypting, with the key K, the message M and on the other hand perform the operation:
Hash (KPub
The above two operations should normally give the same result if the certificate has not been altered.
The server can thus verify that the public key KPub
Once this verification has been carried out, in the next step 107, the server encrypts, with the key KPub
The RSA (from the name of the creators Rivest, Shamir and Adleman) cryptographic algorithm will preferably be chosen, this being well known to the person skilled in the art as using private and public keys (delivered by the trusted authority 4) with a size of 1024 bits.
In the next step 108, the server transmits (by downloading as seen earlier) the encrypted control messages and the scrambled data corresponding to the sequence chosen by the user.
The encrypted control messages are then extracted by the receiver device from the data received and are transferred by it to the smart card 3 in step 109.
In step 110, the smart card decrypts the control messages with its private key KPri
The latter is then able, in step 112, to descramble the digital data received in step 108, with these control words. It can then present these data directly to the user so that he views them (for example in the case of a computer equipped with a screen). However, it may also transmit these data to another device for viewing.
As a variant, it is also possible for the smart card 3 to comprise a descrambler and for the descrambling of the digital data to be performed in the smart card.
We shall now describe a second embodiment of the invention which makes it possible furthermore to ensure protection against the copying of the distributed multimedia contents.
The elements in common with the embodiment of
The first difference with the system of
On the other hand, the smart card 21 contains only a public key allocated by the trusted authority.
A second smart card 25 containing the private key associated with the said public key is also delivered to the user by the trusted authority but the latter is intended to be inserted into the card reader of a presentation device 24, also connected to the digital home network 50.
In the subsequent description, the public key contained in the card 21 will be regarded as being the public key KPUB
The principle of this embodiment is as follows: when a user wishes to receive a video sequence, steps 100 to 102 described in
On the other hand, as the smart card 21 inserted into this device does not contain the private key KPRI
This receiver device serves solely as point of entry onto the digital home network for receiving data from an external broadcasting network such as the Internet.
The digital data corresponding to the video sequence chosen by the user can therefore flow around the home network 50 while always being scrambled. They will only be descrambled in a presentation device 24 (for example a digital television) which comprises a smart card 25, containing the private key KPRI
Also represented in
By virtue of the method of the invention, as the data which flow around the home network 50 are scrambled, they cannot be recorded by the recording device 22 other than in this form. It is thus possible to make copies of the data received from the content provider by downloading from the Internet network 5 but these copies can be read back only in the home network 50.
Specifically, as the ECM control messages associated with the scrambled data are encrypted with the aid of the public key of the home network KPUB
The trusted authority 4 makes sure of course that the private/public key pairs (contained in the pairs of cards 21, 25) which it provides to the users are all different from one another and are unique. It is therefore impossible to read back a copy made on the home network 50 on another home network which possesses another private/public key pair.
The invention therefore makes it possible to guarantee that the data received from the content provider will not be copied illicitly so as to be read back outside of the user's home network.
Naturally, the home network 50 can comprise several receiver devices (which contain a smart card containing the public key KPUB
| Number | Date | Country | Kind |
|---|---|---|---|
| 00 10339 | Aug 2000 | FR | national |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/FR01/02502 | 7/31/2001 | WO | 00 | 6/4/2003 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO02/13529 | 2/14/2002 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 5563950 | Easter et al. | Oct 1996 | A |
| 6035397 | Campinos et al. | Mar 2000 | A |
| 6230269 | Spies et al. | May 2001 | B1 |
| 6804357 | Ikonen et al. | Oct 2004 | B1 |
| 6959288 | Medina et al. | Oct 2005 | B1 |
| 7010685 | Candelore | Mar 2006 | B1 |
| 7080039 | Marsh | Jul 2006 | B1 |
| 7305087 | Ques et al. | Dec 2007 | B1 |
| 20020094084 | Wasilewski et al. | Jul 2002 | A1 |
| Number | Date | Country |
|---|---|---|
| 586022 | Mar 1997 | EP |
| 858184 | Aug 1998 | EP |
| 0996074 | Apr 2000 | EP |
| 1078510 | Feb 2003 | EP |
| 10-178629 | Jun 1998 | JP |
| 11-112494 | Apr 1999 | JP |
| 11-143953 | May 1999 | JP |
| 11-328850 | Nov 1999 | JP |
| 2000-78555 | Mar 2000 | JP |
| 2000-113048 | Apr 2000 | JP |
| 2000-151526 | May 2000 | JP |
| 19970068618 | Oct 1997 | KR |
| 9704553 | Feb 1997 | WO |
| 9907149 | Feb 1999 | WO |
| WO 9941874 | Aug 1999 | WO |
| 99057889 | Nov 1999 | WO |
| WO 0062505 | Oct 2000 | WO |
| Entry |
|---|
| “Functional Model of a Conditional Access System” EBU Review—Technical, European Boradcasting Union, Brussels, BE, pp. 64-77. |
| Number | Date | Country | |
|---|---|---|---|
| 20040068659 A1 | Apr 2004 | US |
