Patent Grant
8737990
The invention concerns the field of conditional access to a digital data stream broadcast by radio link and received by a plurality of mobile devices, such as, for instance, mobile phone, personal digital assistant PDA (Personal Digital Assistant), portable digital television receiver, portable computer.
The broadcast data is encrypted and can be received in clear only by authorized devices, the users of which have purchased the necessary entitlements. These entitlements, stored in a security module associated with the mobile device, consist of a set of keys allowing for the decryption of control words contained in ECM control messages (Entitlement Control Message) broadcast in the audio/video data stream.
A security module is a well-known tamper-proof device containing various encryption/decryption keys, information used to identify a user on a network and data that defines the entitlements purchased by the user for the reception of broadcast content. The security module can exist in different forms such as a removable smart card inserted in a reader, an integrated circuit welded on a motherboard, a memory card (SD or MMC) in which a security chip is embedded, a SIM type card (Subscriber Identity Module) that can be found in most portable devices.
This module can be realised in software form and can be part of the mobile device software. Preferably, this software will run in a particular zone of the memory in order to minimise the interference with other software.
Currently, mobile devices configured for the reception of digital television programmes are based on standard technologies such as OMA (Open Mobile Alliance), DVB-H (Digital Video Broadcast, Handheld), or DMB (Digital Multimedia Broadcasting) which is in a way a broadband extension of DAB (Digital Audio Broadcasting).
The OMA technology implements a single complete solution for a given market such as the portable phone market where all devices and content providers implement the OMA technology.
DVB technology has been designed to standardize digital television decoders (set-top boxes) in order to reduce their costs on a large scale. It standardizes the elements involved in the conditional access to content broadcast in MPEG-2 or MPEG-4 formats for mobile television on the Internet. These elements consist of the encryption algorithm of the broadcast content, the ECM control messages containing the decryption keys or control words, the EMM management messages containing user entitlements and the interface between the decoder and the security module managing the conditional access.
In the particular case of DVB-H mobile television, the protection of the content is developed by the DVB-CBMS group (Digital video Broadcasting—Convergence of Broadcast and Mobile Services).
The standardization does not encompass either the added value content of the ECM and EMM messages, or the method of protection of said messages. Each conditional access provider uses its own data structure and its own protection means for a particular broadcast content. DVB technology thus offers a number of possibilities for the development of content security.
It is well known for a broadcaster to be allowed to manage the reception of an event depending on geographical location. In fact, broadcasters will often try to preclude the access to content such as a sports broadcast in the area surrounding the site where this event takes place. Thus, by knowing the location of each receiver, a so-called <<blackout>> signal is sent to the receiver with for instance the postcode or postcodes of areas which are not allowed to receive live coverage of the event. The security module of the receiver that contains the location information (for example the subscriber postal code to the service or ZIP code), receiving this message, will thus apply a new rule during the entitlements verification and even if the receiver has entitlements for this event, the <<blackout>> message has priority to forbid the access to the event by not sending back the control words that are used to encrypt the event.
Nevertheless, in the mobile universe, this notion of “postal code” is no more valid and it is not possible to restrict a reception on such a portable device.
The aim of the present invention is to be able to apply the same restriction means in the mobile world as those applied to fixed receivers.
This aim is achieved using a method for conditional access to a digital data stream encrypted with at least one control word and broadcast via a transmitter in a broadcast network to at least one mobile device, said transmitter also transmitting a control message stream containing the control words and the access conditions, said mobile device being further connected to a mobile communication network via a mobile access point, said method being characterized in that it comprises the following steps:
This method can be used to block the access by a portable device in a certain region (blackout) or otherwise, to authorize the access only in this region (hot spot).
According to this embodiment, the way to determine the location identifier can be based on the mobile cell identifier (mobile access point) or the identifier of the broadcast network transmitter.
In the first case, it seems likely that the precision of the location is more accurate due to the limited range of mobile access points.
In the second case, the broadcasting network comprises a plurality of transmitters that, besides broadcasting the data stream, broadcast service data in which it is possible to identify the transmitter to which the mobile device is tuned.
The invention will be better understood thanks to the following detailed description that refers to the annexed figures given as non-limitative examples.
A digital data stream forming a content (C) encrypted with control words (CW) is broadcast along with ECM control messages. This digital data can either comprises audio/video television programme data as well as data corresponding to applications being able to be run on a mobile device.
A server of a provider of conditional access content is connected to a broadcasting network (NET1). This network broadcasts through several antennas E1, E2 to mobile devices EM1, EM2. Depending on the location of a mobile device, the latter may connect to antenna E1 rather than to antenna E2.
In the same way, the mobile devices EM1, EM2 are linked to the mobile telecommunication network NET2 by appropriate antennas F1, F2.
The mobile device can define its geographical position either by the broadcasting antenna network E1, E2 or by the mobile telecommunication antennas F1, F2. In the communication protocol of both communication systems, the antenna identifier is transmitted to the mobile device and is thus used as a location identifier. This identifier is used for instance for measuring the reception quality of a network.
This identifier as such does not necessarily give a geographical indication and can be a simple alphanumeric value.
At the same time, the broadcasting transmitter sends a control message stream with the audio/video data stream. The control message contains the control word(s) used to decrypt the encrypted content and further contains the access conditions to this content.
According to the invention, the access conditions comprise, in addition to the entitlements necessary for the reception of the content (for instance subscription), one or more of the antenna identifiers related to the zones where reception is either restricted or authorized. These identifiers can be related to the broadcast network NET1 or related to the mobile telecommunication network NET2. It is also possible to include a joint list comprising one or various identifiers of both networks in the access conditions.
As it can be seen in
When a control message arrives on the mobile device, this message is transmitted to the device's security means. These means can either be the SIM card of the mobile device, or a specialized circuit (directly soldered onto the printed circuit), or can be realised in software form. These security means verify whether or not the access conditions specified in the control message are met. These conditions can have several forms, such as an entitlement specific to the content, a general entitlement for a given channel or a payment system per time as described in the application WO03/085959.
According to the invention, in addition to conditions such as those described previously, and as far as the content reception is limited according to the geographical location, the security means verify whether or not the obtained location identifier of the broadcasting or telecommunication antenna is present in the identifier list comprised in the control message. If the location identifier is included in the list of the identifier(s) broadcast in the access conditions, the security means will be able to send either the control word to the decryption means (hot spot version) or otherwise block the broadcasting of the control word to the decryption means (blackout).
It should be noted that the control message is encrypted in such a way that a third party cannot access the identifiers used to restrict the access to audio/video data. According to a particular mode of the invention, the location identifier can be signed in order to guarantee its integrity. The broadcasting centre (or telecommunication centre according to the embodiment) uses its private key (from a pair of asymmetrical keys) to sign the identifier. This signature is realized in a conventional way, for instance by using a hashing method (Hash) of the identifier and an encryption of the result by the private key.
On the reception side, the security module has the corresponding public key, which allows it to decrypt the signature in order to obtain the presumed Hash value and compare this value with the one calculated by the security module on the location identifier (authentication). The comparison of the presumed value and the calculated value allows, if they are equal, to ensure that the identifier has not been modified.
In a particular embodiment, the security module is pre-initialized by a default location value. The current identifier replaces this value as soon as it is communicated to the security module.
When a control message arrives at the said module, and given that it contains a blackout control, the default value is considered as being automatically part of the location identifiers that have to be blacklisted.
According to an embodiment it is possible to define a duration during which an identifier is valid. Once this validity is expired, and if a more recent identifier has not been transmitted to the security module, the default identifier is re-established and is thus considered active at each blackout command. This duration can either be a parameter of the security module, or be associated with the identifier data, for instance with the authentication signature. In order to avoid an identifier being reused, a current date is associated with the identifier, preferably authenticated with the identifier itself. Thus, an identifier previously harvested in another network cell will not be able to be reutilized in another mobile device. In order to reinforce the whole security, the security module will refuse all identifiers associated with a date previous to that of the identifier transmitted previously.
In addition to the well-known telecommunication networks such as GSM, GPRS or UMTS, other location means can be used such as for instance Wifi, WiMax, Wibro, or any network having a set of antennas. The location precision will directly depend on the antennas' density. It should be noted that the identifier contained in the control message could include an identifier range. For instance if the antennas identifiers in a city all begin with ABC (ABCV120, ABCJ11 etc), it is possible to only send the prefix ABC for including all the antennas ABCxxx. Others possibilities can include a range such as ABC100 to ABC200.
| Number | Date | Country | Kind |
|---|---|---|---|
| 06118345 | Aug 2006 | EP | regional |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/EP2007/057717 | 7/26/2007 | WO | 00 | 1/30/2009 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2008/015155 | 2/7/2008 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 5016274 | Micali et al. | May 1991 | A |
| 6463276 | Jonsson | Oct 2002 | B1 |
| 6560340 | Akins, III et al. | May 2003 | B1 |
| 6807534 | Erickson | Oct 2004 | B1 |
| 7066382 | Kaplan | Jun 2006 | B2 |
| 7383438 | Fahrny et al. | Jun 2008 | B2 |
| 7450930 | Williams et al. | Nov 2008 | B2 |
| 7644266 | Ahuja et al. | Jan 2010 | B2 |
| 7676219 | Williams et al. | Mar 2010 | B2 |
| 7703140 | Nath et al. | Apr 2010 | B2 |
| 7748045 | Kenrich et al. | Jun 2010 | B2 |
| 7933410 | Fahrny | Apr 2011 | B2 |
| 20020051540 | Glick et al. | May 2002 | A1 |
| 20030181160 | Hirsch | Sep 2003 | A1 |
| 20040101138 | Revital et al. | May 2004 | A1 |
| 20040123150 | Wright et al. | Jun 2004 | A1 |
| 20050234735 | Williams | Oct 2005 | A1 |
| 20060112188 | Albanese et al. | May 2006 | A1 |
| 20080022411 | Wendling et al. | Jan 2008 | A1 |
| Number | Date | Country |
|---|---|---|
| 1 172 270 | Jan 2002 | EP |
| 1 645 985 | Apr 2006 | EP |
| WO 9911086 | Mar 1999 | WO |
| WO 03067404 | Aug 2003 | WO |
| 2005036820 | Apr 2005 | WO |
| WO 2006122908 | Nov 2006 | WO |
| Entry |
|---|
| International Search Report as cited in PCT/EP2007/057717 dated Feb. 18, 2008. |
| Opposition Filed in EP 2052516 dated Sep. 28, 2012. |
| Alexander W. Dent et al., “Regional Blackouts: Protection of Broadcast Content on 3G Networks”, Fifth International Conference on 3G Mobile Communications Technolgies (Oct. 2004) (5 pages). |
| RHUL eRepository; Item Summary (Abstract)—Alexander W. Dent et al., “Regional Blackouts: Protection of Broadcast Content on 3G Networks”, Fifth International Conference on 3G Mobile Communications Technolgies (Oct. 2004) (5 pages). |
| Kinji Matsumura et al., “Location-Aware Data Broadcasting—An Application for Digital Mobile Broadcasting in Japan”, MM'03, Nov. 2-8, 2003, pp. 271-274. |
| Number | Date | Country | |
|---|---|---|---|
| 20090325576 A1 | Dec 2009 | US |
