Patent Grant
7600238
The present invention concerns a method for verifying television receivers with access control and a receiver that is capable of being verified using this method.
In television with access control, the data to transmit is first scrambled using an encryption algorithm and the scrambled data is then broadcast together with access control messages. The receivers of subscribers that have subscribed to the appropriate subscription are loaded with information that constitutes an access right allowing them to find in the access control messages the key required for the descrambling of transmitted data.
As an example, the document FR-A-2 448 825 describes a system that uses subscription keys Ci, which randomly change in relatively long intervals ranging in the order of a month, and a service key K that also changes randomly but in short intervals ranging in the order of a few minutes. The data is descrambled using the service key K. The access control messages Mi are obtained from the subscription keys Ci and the service key K using an algorithm that is defined by the subscription keys Ci. In the receiver set of a subscriber, the chip card contained therein has been loaded with keys corresponding to subscriptions to which the subscriber has subscribed. The terminal associated to the card contains a circuit for retrieving the service key K, that receives the messages Mi and that has available the subscription key Ci contained in the card. Descrambling means then retrieve the data in descrambled form.
Although providing satisfaction in many aspects, such a technology bears the inconvenience to be subject to fraud. Indeed, a receiver could be modified by a skilled person guilty of fraud to be able to receive a programme although the subscriber has not paid for the corresponding subscription. Avoiding such fraud (or reducing it), would require to periodically make verifications at the subscriber's place in order to check the integrity of their receiver. This is hardly conceivable for obvious commercial reasons.
The present invention therefore aims at addressing this problem.
According to the invention, the verification of a receiver is initiated by the broadcast institution and is performed by the receiver itself. If the verification reveals that the receiver has kept its integrity, then it continues to operate normally. In the opposite case, the operation is altered, in one way or another, for example by partial or total halt.
According to the invention, this is achieved as follows:
A)—the broadcaster performs calculations defined by one or many determined parameters;
B)—in order to verify a specific receiver, the broadcaster transmits to this receiver the one or many determined parameters;
When the receiver comprises a terminal and a chip card, preferably the chip card stores the results of the calculations transmitted by the broadcaster and the terminal performs the concerned calculations.
In a first alternative, the terminal transmits the result of its calculation to the card; the latter compares this result with the one that it stores and, in case of difference, it alters the operation of the receiver, for example by refusing to cooperate with the terminal.
In a second alternative the terminal reads from the card among the results the one that corresponds to the calculation that it has performed and compares this result with the one that it has itself obtained ; in case of difference, it alters the operation of the receiver, for example by refusing to cooperate with the card.
The parameters used may be constituted by a first parameter corresponding to one of the subscriptions and by a second parameter constituted by one of the characteristics of the receivers, for example the serial number of their chip card (which is unique).
The implemented calculation algorithms may be of any type: these may be symmetric or asymmetric encryption algorithms, of RSA type, of HASH type, of DES type or of any other type.
The calculation algorithm implemented in relation with a subscription is not necessarily the same as the one implemented with the others. This algorithm may be installed in the terminal at manufacturing or loaded by the broadcaster at the time of verification.
The present invention also concerns a television receiver that is capable of being controlled according to the method that has just been defined. This receiver comprises a terminal and a chip card containing access rights and it is characterized in that:
In a first alternative, the means for comparing the results are located in the card, the latter being capable of altering the operation of the receiver.
In a second alternative, the means for comparing the results are located in the terminal, the latter being capable of altering the operation of the receiver.
One of the parameter may correspond to one of the subscriptions and an other parameter may be one of the characteristics of the receiver and for example the serial number of the card.
The
It is assumed, in a non limitative way of example, that the calculation algorithm is a symmetric key encryption algorithm that applies to the serial number of the chip card. Such algorithms are presently used in access control, in particular for retrieving the service key (see the introduction). We name AC
The broadcaster calculates, at some point in time, the np results Ri,j, i varying from 1 to n and j from 1 to p. Only n results Ri,q correspond to a receiver of determined rank q (j=q), the n results Ri,q corresponding to the n subscription keys Ci (i from 1 to n).
In order to perform the verification of the receiver of rank q, the broadcaster chooses one of the subscription keys among the n, say Ck, and commands the receiver to perform the calculation by using the key Ck as parameter. This calculation had produced the result Rk,q at the time it had been performed by the broadcaster. It thus calculates AC
The table I summarizes these operations.
This table does not indicate which means of the receiver perform the comparison of the results. In the table II, it is assumed that the card is used for this task. In this case, the results written in the card are not readable by the terminal. The table III corresponds to the case in which the terminal is used for the comparison. In both tables II and III the index q, which identifies the receiver, has been left out to simplify the notations.
As a simple example, it can be assumed that to each receiver corresponds one subscription. The broadcaster calculates the n results Ri. A result Rq corresponds to a receiver of rank q, the result Rq corresponding to the subscription key Cq and to the algorithm ACq.
In order to perform the verification of this receiver, the broadcaster commands the receiver to perform the calculation while taking this key Cq as parameter. This calculation had produced the result Rq at the time when the broadcaster had performed it. The receiver thus calculates ACq(NSq) and compares the obtained result with the Rq one that it obtained from the broadcaster.
It will be noted that according to the invention the terminal and the chip card are dynamic products in the sense that their contents may vary: at any time they may receive new access rights and new results of calculation.
The calculation algorithm may use other keys than the subscriptions keys as such, for example diversified keys obtained from a base key combined with the identifier of each chip card. In this case, each receiver performs a calculation with a key that is specific to the receiver. Also, the algorithm may be changed or amended dynamically.
Each one of the receiver embodiments corresponding to the tables 1 to 3 is illustrated in each of the respective
In
The terminal 2 comprises means 4 capable of performing any one of the calculations according to the method by using one or many predetermined parameters.
The receiver 1 comprises means 5 for comparing the calculation result performed by the terminal 2 with the corresponding result contained in the card 3.
The receiver comprises means 6 for altering its operation in an appropriate manner in case of a difference between the two results.
In the embodiment of the
In the embodiment of the
| Number | Date | Country | Kind |
|---|---|---|---|
| 01 13878 | Oct 2001 | FR | national |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/FR02/03673 | 10/25/2002 | WO | 00 | 10/8/2004 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO03/036974 | 5/1/2003 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 4323921 | Guillou et al. | Apr 1982 | A |
| 4833710 | Hirashima | May 1989 | A |
| 6357046 | Thompson et al. | Mar 2002 | B1 |
| 6452616 | De Vito et al. | Sep 2002 | B1 |
| 6789106 | Eyer et al. | Sep 2004 | B2 |
| 7275163 | Cocchi et al. | Sep 2007 | B2 |
| 20020002706 | Sprunk | Jan 2002 | A1 |
| Number | Date | Country |
|---|---|---|
| 0427601 | May 1991 | EP |
| 2448825 | Sep 1980 | FR |
| WO-9856179 | Dec 1998 | WO |
| WO 0111820 | Feb 2001 | WO |
| WO 0135635 | May 2001 | WO |
| WO 0141443 | Jun 2001 | WO |
| WO 0150755 | Jul 2001 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20050044562 A1 | Feb 2005 | US |
