Smartcard for use with a receiver of encrypted broadcast signals, and receiver Number:7,043,020 from the United States Patent and Trademark Office (PTO) owispatent A smartcard for use with a receiver of encrypted broadcast signals comprises a microprocessor for enabling or controlling decryption of said signals. A memory is coupled to the microprocessor. The microprocessor is adapted to enable or control the individual decryption of a plurality of such signals from respective broadcast suppliers of such signals by means of respective dynamically created zones in the memory, the dynamically created zones each being arranged to store decryption data associated with a respective one of said broadcast suppliers.<H broadcast, encrypted, Smartcard, for, u, 7043020.html, Patent, pto, 7043020

Title: Smartcard for use with a receiver of encrypted broadcast signals, and receiver

Abstract: A smartcard for use with a receiver of encrypted broadcast signals comprises a microprocessor for enabling or controlling decryption of said signals. A memory is coupled to the microprocessor. The microprocessor is adapted to enable or control the individual decryption of a plurality of such signals from respective broadcast suppliers of such signals by means of respective dynamically created zones in the memory, the dynamically created zones each being arranged to store decryption data associated with a respective one of said broadcast suppliers.

Patent Number: 7,043,020 Issued on 05/09/2006 to Maillard, et al.

Inventors: Maillard; Michel (Maintenon, FR); Bernardeau; Christian (Bussy Saint Georges, FR)
Assignee: Canal & Technologies (Paris, FR)

Appl. No.: 055177

Filed: January 25, 2002

Foreign Application Priority Data


Mar 21, 1997 [EP]			97400650

Current U.S. Class: 380/227 ; 380/201; 380/205; 380/210; 380/217; 380/233; 380/239; 380/37; 713/163; 713/167; 713/172

Current International Class: H04N 7/167 (20060101); H04K 1/04 (20060101); H04L 9/00 (20060101)

Field of Search: 713/185 725/104 380/227

References Cited [Referenced By]

U.S. Patent Documents


4833710	May 1989	Hirashima
5144663	September 1992	Kudelski et al.

Foreign Patent Documents


0 679 029	Oct., 1995	EP
WO 96 06504	Feb., 1996	WO

Other References

Copy of International Search Report from PCT Appl. No. PCT/EP97/02107, completed Nov. 12, 1997, 3 pages. cited by other .
Taskett, J., "Smart Cards as a Replaceable Security Element for Television Delivery Access Control," Proceedings from Eleven Technical Sessions of the Annual Convention and Exposition of the National Cable Television Association, San Francisco, CA, Jun. 6-9, 1993, vol. No. 42, Jun. 6, 1993, pp. 128-132. cited by other .
Vigarie, J.P., "A Device for Real-Time Modification of Access Conditions in a D2-MAC/Packet Eurocrypt Signal: The Transcontroller," Cable TV Sessions, Montreux, Switzerland, Jun. 10-15, 1993, vol. No. 18, Jun. 11, 1993, Fostes; Telephones at Telegraphes Suisses, pp. 761-769. cited by other.

Primary Examiner: Zand; Kambiz
Attorney, Agent or Firm: Osha Liang LLP

Parent Case Text

This application is a continuation of Application Ser. No. 09/400,443 filed Sep. 21, 1999, which is a continuation of PCT/EP97/02107, filed Apr. 25, 1997.

Claims

The invention claimed is:

1. A smartcard for use with a receiver of encrypted broadcast signals, the smartcard comprising: a microprocessor for enabling or controlling decryption of said signals; and a memory coupled to said microprocessor; said microprocessor enabling or controlling the individual decryption of a plurality of such signals from respective broadcast suppliers of such signals by means of respective dynamically created zones in said memory, said dynamically created zones each being arranged to store decryption data associated with a respective one of said broadcast suppliers; and said smartcard being arranged to maintain a first series of memory zones containing the identities of the respective broadcast suppliers and a second series of dynamically created memory zones, the memory zones in the second series each being labeled with the identity of a broadcast supplier and containing data including said decryption data used for the handling of received broadcast signals from that supplier.

2. A smarteard as claimed in claim 1, further comprising an identifier and at least one secret decryption key associated with a respective one of said broadcast suppliers, said identifier and the or each key being stored in one of said dynamically created zones and being arranged to decrypt broadcast signals having an identity corresponding to that identifier and encrypted using an encryption key corresponding to that decryption key.

3. A smartcard as claimed in claim 2, further comprising for each zone a stored group identifier and a further identifier which identifies that zone within that group and is arranged to decrypt broadcast signals having an identity corresponding to the stored group identifier.

4. A smartcard as claimed in claim 1, further comprising a plurality of memory zones in the second series having a common identity label and containing different classes of data relating to the handling of received broadcast signals from that broadcast supplier.

5. A smartcard as claimed in claim 1, said smartcard being arranged to create dynamically the memory zones of said first series.

6. A smartcard as claimed in claim 1, wherein the dynamically created memory zones are continuous.

7. A smartcard as claimed in claim 1, further comprising a management memory zone arranged to store data for controlling, the dynamic creation of said dynamically created zones.

8. A smartcard as claimed in claim 1, wherein one of said dynamically created zones contains rights data indicating a particular selection of broadcast items broadcast by a broadcast supplier, which the user of the smartcard is entitled to decrypt, the smartcard being arranged to utilize said rights data to decrypt items broadcast by that supplier.

9. A smartcard as claimed in claim 1, wherein a transaction memory zone is defined in the smartcard in addition to said dynamically created zones and contains further rights data concerning items broadcast by a broadcast supplier which a user of the smartcard is entitled to decrypt only in response to a transaction output signal which can be generated by the smartcard under the control of the user.

10. A smartcard as claimed in claim 9, further comprising a counter for counting the number of occasions on which an item is broadcast following the output of a said transaction output signal and wherein the smartcard is arranged to gate the decryption of that item in dependence upon the count value reached by said counter.

11. A receiver/decoder including a smartcard as claimed in claim 1, and comprising a smartcard reader for reading said smartcard, said receiver/decoder being arranged to decrypt broadcast encrypted signals under the control of the subscriber smartcard.

12. A receiver/decoder as claimed in claim 11, said receiver/decoder being arranged to decrypt encrypted broadcast video and/or audio signals and to generate and corresponding video and/or audio output.

13. A receiver/decoder as claimed in claim 11, said receiver/decoder having a relatively high bandwidth input port for receiving said encrypted broadcast signals and a relatively low bandwidth output port arranged to transmit output control signals back to a broadcast transmitter.

14. A receiver/decoder as claimed in claim 11, said receiver/decoder containing a stored identifier and is arranged to work only with a smartcard having a corresponding stored identifier.

15. A receiver/decoder for receiving and decrypting encrypted broadcast signals, the receiver/decoder comprising: a smartcard reader; a processor coupled to the smartcard reader and arranged to decrypt said signals in dependence upon an output from a smartcard; memory means containing a stored ID of the receiver/decoder; means for comparing said stored ID with an ID of the smartcard read by the smartcard reader; and means for enabling or disabling the decryption of said signals in dependence upon the comparison, said smartcard being arranged to maintain a first series of memory zones containing the identities of respective broadcast suppliers and a second series of dynamically created memory zones, the memory zones in the second series each being labeled with the identity of a broadcast supplier and containing data including said decryption data used for the handling of received broadcast signals from the broadcast supplier.

16. A receiver/decoder according to claim 15 wherein said enabling means is arranged to enable or disable said smartcard.

17. A receiver/decoder according to claim 16, wherein said processor is arranged to enable said smartcard in response to a handshake routine between the receiver/decoder and smartcard.

18. A receiver/decoder according to claim 15, said receiver/decoder being arranged to receive and decrypt broadcast video and/or audio signals.

19. A receiver/decoder for receiving and decrypting encrypted broadcast signals, the receiver/decoder comprising: a smartcard reader; a processor coupled to the smartcard reader and arranged to decrypt said signals in dependence upon an output from a smartcard; a memory containing a stored ID of the receiver/decoder; and the processor being configured to compare said stored ID with an ID of the smartcard read by the smartcard reader, and to enable or disable the decryption of said signals in dependence upon the comparison, said smartcard being arranged to maintain a first series of memory zones containing the identities of respective broadcast suppliers and a second series of dynamically created memory zones, the memory zones in the second series each being labeled with the identity of a broadcast supplier and containing data including said decryption data used for the handling of received broadcast signals from the broadcast supplier.

Description

The present invention relates to a smartcard for use with a receiver of encrypted broadcast signals in a broadcast and reception system, a receiver/decoder for receiving and decrypting broadcast signals, apparatus for broadcasting encrypted signals and a method of broadcasting encrypted signals.

In particular, but not exclusively, the invention relates to a mass-market broadcast system having some or all of the following preferred features: It is an information broadcast system, preferably a radio and/or television broadcast system It is a satellite system (although it could be applicable to cable or terrestrial transmission) It is a digital system, preferably using the MPEG, more preferably the MPEG-2, compression system for data/signal transmission It affords the possibility of interactivity It uses smartcards.

The term "smartcard" is used herein with a broad meaning, and includes (but not exclusively so) any microprocessor based card or object of similar function and preformance.

In a first aspect the present invention provides a smartcard for use with a receiver of encrypted broadcast signals, the smartcard comprising: a microprocessor for enabling or controlling decryption of said signals; and a memory coupled to said microprocessor; said microprocessor being adapted to enable or control the individual decryption of a plurality of such signals from respective broadcast suppliers of such signals by means of respective dynamically created zones in said memory, said dynamically created zones each being arranged to store decryption data associated with a respective one of said broadcast suppliers.

Dynamic creation (and removal) of zones in the smartcard allows for the rights afforded to the subscriber by means of the smartcard to be changed easily and quickly by, for example, EMMs (Entitlement Management Messages) which are periodically transmitted by the broadcaster, received by the receiver/decoder and passed to the smartcard.

Preferably, the smartcard further comprises an identifier and at least one secret decryption key associated with a respective one of said broadcast suppliers, said identifier and the or each key being stored in one of said dynamically created zones and being arranged to decrypt broadcast signals having an identity corresponding to that identifier and encrypted using an encryption key corresponding to that decryption key.

The smartcard may further comprise for each zone stored group identifier and a further identifier which identifies it within that group and is arranged to decrypt broadcast signals having an identity corresponding to the stored group identifier.

The smartcard may be arranged to maintain a first series of memory zones containing the identities of the respective broadcast suppliers and a second series of dynamically created memory zones, the memory zones in the second series each being labelled with the identity of a broadcast supplier and containing data including said decryption data used for the handling of received broadcast signals from that supplier, a plurality of memory zones in the second series having a common identity label and containing different classes of data relating to the handling of received broadcast signals from that broadcast supplier.

Preferably, the smartcard is arranged to create dynamically the memory zones of said first series. The dynamically created memory zones may be continuous.

Preferably, the smartcard comprises a management memory zone arranged to store data for controlling the dynamic creation of said dynamically created zones.

One of said dynamically created zones may contain rights data indicating a particular selection of broadcast items broadcast by a broadcast supplier, which the user of the smartcard is entitled to decrypt, the smartcard being arranged to utilise said rights data to decrypt items broadcast by that supplier.

A transaction memory zone may be defined in the smartcard in addition to said dynamically created zones and which contains further rights data concerning items broadcast by a broadcast supplier which a user of the smartcard is entitled to decrypt only in response to a transaction output signal which can be generated by the smartcard under the control of the user.

The smartcard may further comprise a counter for counting the number of occasions on which an item is broadcast following the output of a said transaction output signal, the smartcard being arranged to gate the decryption of that item in dependence upon the count value reached by said counter.

A second aspect of the present invention provides a receiver/decoder for use with a smartcard as described above, the receiver/decoder comprising a smartcard reader and being arranged to decrypt broadcast encrypted signals under the control of the subscriber smartcard.

The receiver/decoder may be arranged to decrypt encrypted broadcast video and/or audio signals and to generate corresponding video and/or audio output.

Preferably, the receiver/decoder has a relatively high bandwidth input port for receiving said encrypted broadcast signals and a relatively low bandwidth output port arranged to transmit output control signals back to a broadcast transmitter.

Preferably the receiver/decoder contains a stored identifier and is arranged to work only with a smartcard having a corresponding stored identifier.

In a third aspect, the present invention provides apparatus for broadcasting encrypted signals to receiver/decoders, the apparatus comprising means for generating two of more classes of broadcast control signals, wherein each class of such control signals includes receiver/decoder ID data for selectively enabling receiver/decoders having a corresponding ID to respond to such a class of control signals, said receiver/decoder ID data including group ID data for enabling one or more groups of receiver/decoders all to respond to a common class of such control signals, the apparatus being provided with database means which is arranged to distribute dynamically individual receiver/decoders between different ID groups in response to input information.

The database means may be responsive to signals received from the receiver/decoders to change the distribution of receiver/decoders between groups.

The apparatus may be arranged to broadcast control signals for changing the distribution of receiver/decoders between groups in response to said input information.

Different classes of control signals may enable the decryption of different parts of a broadcast encrypted data stream.

Preferably, the input information includes payment information. The classes of control signals may include classes which control subscription to decrypt encrypted broadcast signals from different broadcast suppliers. The classes of control signals may also include classes which control purchase of the right to decrypt broadcast encrypted data signals in different time frames.

Preferably, the encrypted broadcast signals are video and/or audio signals, and the apparatus may be arranged to transmit said encrypted data signals to a satellite in orbit.

Each group may comprise up to 256 members.

In a fourth aspect, the present invention provides a receiver/decoder for receiving encrypted broadcast signals, the receiver/decoder comprising a group ID and being responsive to a class of broadcast control signals having a corresponding ID to said group ID, the receiver/decoder being arranged to change its group ID in response to a further control signal.

Further control signal may comprise a broadcast signal, said broadcast signal and said encrypted broadcast signals being arranged to be received by said receiver/decoder.

Preferably, the group ID is recorded in a smartcard removably inserted in the receiver/decoder. The encrypted broadcast signals may be video and/or audio signals.

In a fifth aspect the present invention provides a system for broadcasting and receiving digital data signals comprising apparatus as described above in conjunction with a receiver/decoder as described above.

In a sixth aspect, the present invention provides a method of broadcasting encrypted signals to receiver/decoders, the method comprising generating two or more classes of broadcast control signals, each class of such signals including receiver/decoder ID data for selectively enabling receivers/decoders having a corresponding ID to respond to such a class of control signals, and distributing dynamically individual receiver/decoders between different ID groups in response to input information.

The input information preferably includes payment information and said classes of control signals enable the receiver/decoders to selectively decrypt portions of an encrypted broadcast video and/or audio stream.

In a seventh aspect, the present invention provides apparatus for broadcasting encrypted signals to receiver/decoders, the apparatus comprising means for generating control signals for controlling or enabling the decryption of said encrypted signals, means for associating control signals with respective program transmissions within said broadcast signals, the associating means comprising means for generating a signal identifying each transmission in a series of transmissions of the same program.

Preferably, the apparatus further comprises means for generating a signal for setting a limit at the receiver/decoders on the number of transmissions in said series which can be decrypted. The apparatus may be responsive to an input signal from a receiver/decoder to vary said limit.

Preferably, the apparatus is arranged to transmit said video and/or audio stream to a satellite in orbit.

In an eighth aspect, the present invention provides a receiver/decoder for receiving and decrypting broadcast signals in a Pay Per View (PPV) mode, the receiver/decoder comprising means for detecting control signals which enable or control the decryption of particular program transmissions within said broadcast signals, said control signals including information identifying each transmission in a series of transmissions of the same program, and limiting means coupled to said detecting means for limiting the number of transmissions in said series which can be decrypted.

Preferably, the limiting means comprises a counter arranged to be incremented or decremented towards a stored limit value in response to each successive viewing of a transmission within said series. The receiver/decoder preferably comprises means for adjusting said limit value in response to a received broadcast signal.

Preferably, the limiting means comprises a smartcard removably inserted in the receiver/decoder.

In a ninth aspect, the present invention provides a receiver/decoder for receiving and decrypting encrypted broadcast signals, the receiver/decoder comprising: a smartcard reader; a processor coupled to the smartcard reader and arranged to decrypt said signals in dependence upon an output from the smartcard reader; memory means containing a stored ID of the receiver/decoder; means for comparing said stored ID with an ID of a smartcard read by the smartcard reader; and means for enabling or disabling the decryption of said signals in dependence upon the comparison.

The enabling means may be arranged to enable or disable said smartcard.

The processor may be arranged to enable said smartcard in response to a handshake routine between the receiver/decoder and smartcard.

The receiver/decoder may be arranged to receive and decrypt broadcast video and/or audio signals.

In a tenth aspect, the present invention provides a smartcard for use in a receiver/decoder as described above, said smartcard including a memory containing a list of IDs of respective receiver/decoders with which it may operate and indications as to whether the smartcard may operate with each of said listed receiver/decoders

In an eleventh aspect, the present invention provide a combination of a receiver/decoder as described above and a smartcard as described above, said receiver/decoder further comprising means for reading the ID of each receiver/decoder listed in the memory of said smartcard and the indication associated therewith to determine whether the smartcard may be used with the receiver/decoder.

In a twelfth aspect, the present invention provides a smartcard for use with a receiver of encrypted broadcast signals, the smartcard comprising a microprocessor for enabling or controlling decryption of said signals; and a memory coupled to said microprocessor; said microprocessor being adapted to enable or control the individual decryption of a plurality of such signals from respective broadcast suppliers of such signals by means of respective zones in said memory, said zones each being arranged to store decryption data associated with a respective one of said broadcast suppliers, said decryption data including a priority level assigned to the smartcard by the respective broadcast supplier and enabling the decryption of signals associated with that priority level broadcast by that broadcast supplier.

The priority level may be assigned to the smartcard by means of a control signal broadcast by the broadcast supplier.

In a thirteenth aspect, the present invention provides apparatus for broadcasting encrypted broadcast signals to receiver/decoders, said receiver/decoders having assigned thereto a respective priority level, the apparatus comprising: means for generating control signals for controlling or enabling the decryption of said broadcast signals, the control signals each having an address portion for selectively enabling decryption by a receiver/decoder having a corresponding address; and means for addressing receiver/decoders with said control signals selectively according to their respective priority levels.

The apparatus may further comprise means for generating a first set of control signals associated with a respective broadcast supplier of broadcast signals and a second set of control signals associated with respective programs, the control signals in the second set having a switching portion arranged to gate decryption by said receiver/decoders, the control signals in said second set having said address portion.

The apparatus may be arranged to black out decryption of a selected program in a selected geographical location.

Preferred features of the present invention will now be described, purely by way of example, with reference to the accompanying drawings, in which:

FIG. 1 shows the overall architecture of a digital television system according to the preferred embodiment of the present invention;

FIG. 2 shows the architecture of a conditional access system of the digital television system;

FIG. 3 shows the structure of an Entitlement Management Message used in the conditional access system;

FIG. 4 is a schematic diagram of the hardware of a Subscriber Authorisation System (SAS) according to a preferred embodiment of the present invention;

FIG. 5 is a schematic diagram of the architecture of the SAS;

FIG. 6 is a schematic diagram of a Subscriber Technical Management server forming part of the SAS;

FIG. 7 is a flow diagram of the procedure for automatic renewal of subscriptions as implemented by the SAS;

FIG. 8 is a schematic diagram of a group subscription bitmap used in the automatic renewal procedure;

FIG. 9 shows the structure of an EMM used in the automatic renewal procedure;

FIG. 10 shows in detail the structure of the EMM;

FIG. 11 is a schematic diagram of an order centralized server when used to receive commands directly through communications servers;

FIG. 12 illustrates diagrammatically a part of FIG. 2 showing one embodiment of the present invention;

FIG. 13 is a schematic diagram of the order centralized server when used to receive commands from the subscriber authorization system to request a callback;

FIG. 14 is a schematic diagram of the communications servers;

FIG. 15 shows the manner in which EMM emission cycle rate is varied according to the timing of a PPV event;

FIG. 16 is a schematic diagram of a Message Emitter used to emit EMMs;

FIG. 17 is a schematic diagram showing the manner of storage of EMMs within the Message Emitter;

FIG. 18 is a schematic diagram of a smartcard;

FIG. 19 is a schematic diagram of an arrangement of zones in the memory of the smartcard; and

FIG. 20 is a schematic diagram of a PPV event description.

An overview of a digital television broadcast and reception system 1000 according to the present invention is shown in FIG. 1. The invention includes a mostly conventional digital television system 2000 which uses the known MPEG-2 compression system to transmit compressed digital signals. In more detail, MPEG-2 compressor 2002 in a broadcast centre receives a digital signal stream (typically a stream of video signals). The compressor 2002 is connected to a multiplexer and scrambler 2004 by linkage 2006. The multiplexer 2004 receives a plurality of further input signals, assembles one or more transport streams and transmits compressed digital signals to a transmitter 2008 of the broadcast centre via linkage 2010, which can of course take a wide variety of forms including telecom links. The transmitter 2008 transmits electromagnetic signals via uplink 2012 towards a satellite transponder 2014, where they are electronically processed and broadcast via notional downlink 2016 to earth receiver 2018, conventionally in the form of a dish owned or rented by the end user. The signals received by receiver 2018 are transmitted to an integrated receiver/decoder 2020 owned or rented by the end user and connected to the end user's television set 2022. The receiver/decoder 2020 decodes the compressed MPEG-2 signal into a television signal for the television set 2022.

A conditional access system 3000 is connected to the multiplexer 2004 and the receiver/decoder 2020, and is located partly in the broadcast centre and partly in the decoder. It enables the end user to access digital television broadcasts from one or more broadcast suppliers. A smartcard, capable of decrypting messages relating to commercial offers (that is, one or several television programmes sold by the broadcast supplier), can be inserted into the receiver/decoder 2020. Using the decoder 2020 and smartcard, the end user may purchase events in either a subscription mode or a pay-per-view mode.

An interactive system 4000, also connected to the multiplexer 2004 and the receiver/decoder 2020 and again located partly in the broadcast centre and partly in the decoder, enables the end user to interact with various applications via a modemmed back channel 4002.

The conditional access system 3000 is now described in more detail.

With reference to FIG. 2, in overview the conditional access system 3000 includes a Subscriber Authorization System (SAS) 3002. The SAS 3002 is connected to one or more Subscriber Management Systems (SMS) 3004, one SMS for each broadcast supplier, by a respective TCP-IP linkage 3006 (although other types of linkage could alternatively be used). Alternatively, one SMS could be shared between two broadcast suppliers, or one supplier could use two SMSs, and so on.

First encrypting units in the form of ciphering units 3008 utilising "mother" smartcards 3010 are connected to the SAS by linkage 3012. Second encrypting units again in the form of ciphering units 3014 utilising mother smartcards 3016 are connected to the multiplexer 2004 by linkage 3018. The receiver/decoder 2020 receives a "daughter" smartcard 3020. It is connected directly to the SAS 3002 by Communications Servers 3022 via the modemmed back channel 4002. The SAS sends amongst other things subscription rights to the daughter smartcard on request.

The smartcards contain the secrets of one or more commercial operators. The "mother" smartcard encrypts different kinds of messages and the "daughter" smartcards decrypt the messages, if they have the rights to do so.

The first and second ciphering units 3008 and 3014 comprise a rack, an electronic VME card with software stored on an EEPROM, up to 20 electronic cards and one smartcard 3010 and 3016 respectively, for each electronic card, one (card 3016) for encrypting the ECMs (Entitlement Control Messages) and one (card 3010) for encrypting the EMMs.

The operation of the conditional access system 3000 of the digital television system will now be described in more detail with reference to the various components of the television system 2000 and the conditional access system 3000.

Multiplexer and Scrambler

With reference to FIGS. 1 and 2, in the broadcast centre, the digital video signal is first compressed (or bit rate reduced), using the MPEG-2 compressor 2002. This compressed signal is then transmitted to the multiplexer and scrambler 2004 via the linkage 2006 in order to be multiplexed with other data, such as other compressed data.

The scrambler generates a control word used in the scrambling process and included in the MPEG-2 stream in the multiplexer 2004. The control word is generated internally and enables the end user's integrated receiver/decoder 2020 to descramble the programme.

Access criteria, indicating how the programme is commercialised, are also added to the MPEG-2 stream. The programme may be commercialised in either one of a number of "subscription" modes and/or one of a number of "Pay Per View" (PPV) modes or events. In the subscription mode, the end user subscribes to one or more commercial offers, or "bouquets", thus getting the rights to watch every channel inside those bouquets. In the preferred embodiment, up to 960 commercial offers may be selected from a bouquet of channels. In the Pay Per View mode, the end user is provided with the capability to purchase events as he wishes. This can be achieved by either pre-booking the event in advance ("pre-book mode"), or by purchasing the event as soon as it is broadcast ("impulse mode"). In the preferred embodiment, all users are subscribers, whether or not they watch in subscription or PPV mode, but of course PPV viewers need not necessarily be subscribers.

Both the control word and the access criteria are used to build an Entitlement Control Message (ECM); this is a message sent in relation with one scrambled program; the message contains a control word (which allows for the descrambling of the program) and the access criteria of the broadcast program. The access criteria and control word are transmitted to the second encrypting unit 3014 via the linkage 3018. In this unit, an ECM is generated, encrypted and transmitted on to the multiplexer and scrambler 2004.

Each service broadcast by a broadcast supplier in a data stream comprises a number of distinct components; for example a television programme includes a video component, an audio component, a sub-title component and so on. Each of these components of a service is individually scrambled and encrypted for subsequent broadcast to the transponder 2014. In respect of each scrambled component of the service, a separate ECM is required.

Programme Transmission

The multiplexer 2004 receives electrical signals comprising encrypted EMMs from the SAS 3002, encrypted ECMs from the second encrypting unit 3014 and compressed programmes from the compressor 2002. The multiplexer 2004 scrambles the programmes and transmits the scrambled programmes, the encrypted EMMs and the encrypted ECMs as electric signals to a transmitter 2008 of the broadcast centre via linkage 2010. The transmitter 2008 transmits electromagnetic signals towards the satellite transponder 2014 via uplink 2012.

Programme Reception

The satellite transponder 2014 receives and processes the electromagnetic signals transmitted by the transmitter 2008 and transmits the signals on to the earth receiver 2018, conventionally in the form of a dish owned or rented by the end user, via downlink 2016. The signals received by receiver 2018 are transmitted to the integrated receiver/decoder 2020 owned or rented by the end user and connected to the end user's television set 2022. The receiver/decoder 2020 demultiplexes the signals to obtain scrambled programmes with encrypted EMMs and encrypted ECMs.

If the programme is not scrambled, that is, no ECM has been transmitted with the MPEG-2 stream, the receiver/decoder 2020 decompresses the data and transforms the signal into a video signal for transmission to television set 2022.

If the programme is scrambled, the receiver/decoder 2020 extracts the corresponding ECM from the MPEG-2 stream and passes the ECM to the "daughter" smartcard 3020 of the end user. This slots into a housing in the receiver/decoder 2020. The daughter smartcard 3020 controls whether the end user has the right to decrypt the RCM and to access the programme. If not, a negative status is passed to the receiver/decoder 2020 to indicate that the programme cannot be descrambled. If the end user does have the rights, the ECM is decrypted and the control word extracted. The decoder 2020 can then descramble the programme using this control word. The MPEG-2 stream is decompressed and translated into a video signal for onward transmission to television set 2022.

Subscriber Management System (SMS)

A Subscriber Management System (SMS) 3004 includes a database 3024 which manages, amongst others, all of the end user files, commercial offers (such as tariffs and promotions), subscriptions, PPV details, and data regarding end user consumption and authorization. The SMS may be physically remote from the SAS.

Each SMS 3004 transmits messages to the SAS 3002 via respective linkage 3006 which imply modifications to or creations of Entitlement Management Messages (EMMs) to be transmitted to end users.

The SMS 3004 also transmits messages to the SAS 3002 which imply no modifications or creations of EMMs but imply only a change in an end user's state (relating to the authorization granted to the end user when ordering products or to the amount that the end user will be charged).

As described later, the SAS 3002 sends messages (typically requesting information such as call-back information or billing information) to the SMS 3004, so that it will be apparent that communication between the two is two-way.

Entitlement Management Messages (EMMs)

The EMM is a message dedicated to an individual end user (subscriber), or a group of end users, only (in contrast with an ECM, which is dedicated to one scrambled programme only or a set of scrambled programmes if part of the same commercial offer). Each group may contain a given number of end users. This organisation as a group aims at optimising the bandwidth; that is, access to one group can permit the reaching of a great number of end users.

Various specific types of EMM are used in putting the present invention into practice. Individual EMMs are dedicated to individual subscribers, and are typically used in the provision of Pay Per View services; these contain the group identifier and the position of the subscriber in that group. So-called "Group" subscription EMMs are dedicated to groups of, say, 256 individual users, and are typically used in the administration of some subscription services. This EMM has a group identifier and a subscribers' group bitmap. Audience EMMs are dedicated to entire audiences, and might for example be used by a particular operator to provide certain free services. An "audience" is the totality of subscribers having smartcards which bear the same Operator Identifier (OPI). Finally, a "unique" EMM is addressed to the unique identifier of the smartcard.

The structure of a typical EMM is now described with reference to FIG. 3. Basically, the EMM, which is implemented as a series of digital data bits, comprises a header 3060, the EMM proper 3062, and a signature 3064. The header 3060 in turn comprises a type identifier 3066 to identify whether the type is individual, group, audience or some other type, a length identifier 3068 which gives the length of the EMM, an optional address 3070 for the EMM, an operator identifier 3072 and a key identifier 3074. The EMM proper 3062 of course varies greatly according to its type. Finally, the signature 3064, which is typically of 8 bytes long, provides a number of checks against corruption of the remaining data in the EMM.

Subscriber Authorization System (SAS)

The messages generated by the SMS 3004 are passed via linkage 3006 to the Subscriber Authorization System (SAS) 3002, which in turn generates messages acknowledging receipt of the messages generated by the SMS 3004 and passes these acknowledgements to the SMS 3004.

As shown in FIG. 4, at the hardware level the SAS comprises in known fashion a mainframe computer 3050 (in the preferred embodiment a DEC machine) connected to one or more keyboards 3052 for data and command input, one or more Visual Display Units (VDUs) 3054 for display of output information and data storage means 3056. Some redundancy in hardware may be provided.

At the software level the SAS runs, in the preferred embodiment on a standard open VMS operating system, a suite of software whose architecture is now described in overview with reference to FIG. 5; it will be understood that the software could alteratively be implemented in hardware.

In overview the SAS comprises a Subscription Chain area 3100 to give rights for subscription mode and to renew the rights automatically each month, a Pay Per View Chain area 3200 to give rights for PPV events, and an EMM Injector 3300 for passing EMMs created by the Subscription and PPV chain areas to the multiplexer and scrambler 2004, and hence to feed the MPEG stream with EMMs. If other rights are to be granted, such as Pay Per File (PPF) rights in the case of downloading computer software to a user's Personal Computer, other similar areas are also provided.

One function of the SAS 3002 is to manage the access rights to television programmes, available as commercial offers in subscription mode or sold as PPV events according to different modes of commercialisation (pre-book mode, impulse mode). The SAS 3002, according to those rights and to information received from the SMS 3004, generates EMMs for the subscriber.

The Subscription Chain area 3100 comprises a Command Interface (CI) 3102, a Subscriber Technical Management (STM) server 3104, a Message Generator (MG) 3106, and the Ciphering Unit 3008.

The PPV Chain area 3200 comprises an Authorisation Server (AS) 3202, a relational database 3204 for storing relevant details of the end users, a local blacklist database 3205, Database Servers 3206 for the database, an Order Centralized Server (OCS) 3207, a Server for Programme Broadcaster (SPB) 3208, a Message Generator (MG) 3210 whose function is basically the same as that for the Subscription Chain area and is hence not described further in any detail, and the Ciphering Unit 3008.

The EMM Injector 3300 comprises a plurality of Message Emitters (MEs) 3302, 3304, 3306 and 3308 and Software Multiplexers (SMUXs) 3310 and 3312. In the preferred embodiment, there are two MEs, 3302 and 3304 for the Message Generator 3106, with the other two MEs 3306 and 3308 for the Message Generator 3210. MEs 3302 and 3306 are connected to the SMUX 3310 whilst MEs 3304 and 3308 are connected to the SMUX 3312.

Each of the three main components of the SAS (the Subscription Chain area, the PPV Chain area and the EMM Injector) are now considered in more detail.

Subscription Chain Area

Considering first the Subscription Chain area 3100, the Command Interface 3102 is primarily for despatching messages from the SMS 3004 to the STM server 3104, as well as to the OCS 3206, and from the OCS to the SMS. The Command Interface takes as input from the SMS either direct commands or batch files containing commands. It performs syntactic analysis on the messages coming from the STM server, and is able to emit accurate messages when an error occurs in a message (parameter out of range, missing parameter, and so on). It traces incoming commands in textual form in a trace file 3110 and also in binary form in a replay file 3112 in order to be able to replay a series of commands. Traces can be disabled and the size of files limited.

Detailed discussion of the STM server 3104 is now provided with particular reference to FIG. 6. The STM server is effectively the main engine of the Subscription Chain area, and has the purpose of managing free rights, the creation of new subscribers and the renewal of existing subscribers. As shown in the figure, commands are passed on to the Message Generator 3106, albeit in a different format from that in which the commands are passed to the STM server. For each command, the STM server is arranged to send an acknowledgement message to the CI only when the relevant command has been successfully processed and sent to the MG.

The STM server includes a subscriber database 3120, in which all the relevant parameters of the subscribers are stored (smartcard number, commercial offers, state, group and position in the group, and so on). The database performs semantic checks of the commands sent by the CI 3102 against the content of the database, and updates the database when the commands are valid.

The STM server further manages a First In First Out (FIFO) buffer 3122 between the STM server and the MG, as well as a backup disk FIFO 3124. The purpose of the FIFOs is to average the flow of commands from the CI if the MG is not able to respond for a while for any reason. They can also ensure that in the case of a crash of the STM server or MG no command will be lost, since the STM server is-arranged to empty (that is, send to the MG) its FIFOs when restarted. The FIFOs are implemented as files.

The STM server includes at its core an automatic renewal server 3126 which automatically generates renewals, and, if required by the operators, free rights. In this context, the generation of renewals may be thought of as including the generation of rights for the first time, although it will be understood that the generation of new rights is initiated at the SMS. As will become apparent, the two can be treated by roughly the same commands and EMMs.

Having the STM separate from the SAS, and the automatic renewal server within the SAS rather than (in known systems) in the SMS 3004, is a particularly important feature, since it can significantly reduce the number of commands which need to be passed from the SMS to the SAS (bearing in mind that the SMS and SAS may be in different locations and operated by different operators). In fact, the two main commands required from the SMS are merely commands that a new subscription should be started and that an existing subscription should be stopped (for example in the case of non-payment). By minimising command exchange between the SMS and SAS, the possibility of failure of command transfer in the linkage 3006 between the two is reduced; also, the design of the SMS does not need to take into account the features of the conditional access system 3000 generally.

Automatic renewal proceeds in the fashion indicated in the flow diagram of FIG. 7. In order to reduce bandwidth, and given that a very high percentage of all renewals are standard, renewal proceeds in groups of subscribers; in the preferred embodiments there are 256 individual subscribers per group. The flow diagram begins with the start step 3130, and proceeds to step 3132 where a monthly activation of the renewal function is made (although of course it will be appreciated that other frequencies are also possible). With a monthly frequency, rights are given to the end user for the current month and all of the following month, at which point they expire if not renewed.

In step 3134 the subscriber database 3120 is accessed in respect of each group and each individual within that group to determine whether rights for the particular individual are to be renewed.

In step 3136, a group subscription bitmap is set up according to the contents of the subscriber database, as shown in FIG. 8. The bitmap comprises a group identifier (in this case Group 1--"G1") 3138 and 256 individual subscriber zones 3140. The individual bits in the bitmap are set to 1 or zero according to whether or not the particular subscriber is to have his rights renewed. A typical set of binary data is shown in the figure.

In step 3142 the appropriate commands, including the group subscription bitmap, are passed to the Message Generator 3106. In step 3143 the Message Generator sets an obsolescence date to indicate to the smartcard the date beyond which the particular subscription EMM is not valid; typically this date is set as the end of the next month.

In step 3144 the Message Generator generates from the commands appropriate group subscription EMMs and asks the Ciphering Unit 3008 to cipher the EMMs, the ciphered EMMs being then passed to the EMM Injector 3300, which, in step 3146, injects the EMMs into the MPEG-2 data stream.

Step 3148 indicates that the above described procedure is repeated for each and every group. The process is finally brought to an end at stop step 3150.

The flow diagram described above with reference to FIG. 7 relates in fact specifically to the renewal of subscriptions. The STM also manages in a similar way free audience rights and new subscribers.

In the case of free audience rights, available for specific television programmes or groups of such programmes, these are made available by the STM issuing a command to the Message Generator to generate appropriate audience EMMs (for a whole audience) with an obsolescence date a given number of days (or weeks) hence. The MG computes the precise obsolescence date based on the STM command.

In the case of new subscribers, these are dealt with in two stages. Firstly, on purchase the smartcard in the receiver/decoder 2020 (if desired by the operator) affords the subscriber free rights for a given period (typically a few days). This is achieved by generating a bitmap for the subscriber which includes the relevant obsolescence date.

The subscriber then passes his completed paperwork to the operator managing the subscriber (at the SMS). Once the paperwork has been processed, the SMS supplies to the SAS a start command for that particular subscriber. On receipt by the SAS of the start command, the STM commands the MG to assign a unique address to the new subscriber (with a particular group number and position within the group) and to generate a special, so-called "commercial offer" subscription EMM (as opposed to the more usual "group" subscription EMM used for renewals) to provide the particular subscriber with rights until the end of the next month. From this point renewal of the subscriber can occur automatically as described above. By this two stage process it is possible to grant new subscribers rights until the SMS issues a stop command.

It is to be noted that the commercial offer subscription EMM is used for new subscribers and for reactivation of existing subscribers. The group subscription EMM is used for renewal and suspension purposes.

With reference to FIG. 9, a typical subscription EMM proper (that is, ignoring the header and signature) generated by the above procedure comprises the following main portions, namely typically a 256 bit subscription (or subscribers' group) bitmap 3152, 128 bits of management ciphering keys 3154 for the ciphering of the EMM, 64 bits of each exploitation ciphering key 3156 to enable the smartcard 3020 to decipher a control word to provide access to broadcast programmes, and 16 bits of obsolescence date 3158 to indicate the date beyond which the smartcard will ignore the EMM. In fact in the preferred embodiment three exploitation keys are provided, one set for the present month, one set for the next month, and one for resume purposes in the event of system failure.

In more detail, the group subscription EMM proper has all of the above components, except the management ciphering keys 3154. The commercial offer subscription EMM proper (which is for an individual subscriber) includes instead of the full subscribers'group bitmap 3152 the group ID followed by the position in the group, and then management ciphering keys 3154 and three exploitation keys 3156, followed by the relevant obsolescence date 3158.

The Message Generator 3106 serves to transform commands issued by the STM server 3104 into EMMs for passing to the Message Emitter 3302. With reference to FIG. 5, firstly, the MG produces the EMMs proper and passes them to the Ciphering Unit 3008 for ciphering with respect to the management and exploitation keys. The CU completes the signature 3064 on the EMM (see FIG. 3) and passes the EMM back to the MG, where the header 3060 is added. The EMMs which are passed to the Message Emitter are thus complete EMMs. The Message Generator also determines the broadcast start and stop time and the rate of emission of the EMMs, and passes these as appropriate directions along with the EMMs to the Message Emitter. The MG only generates a given EMM once; it is the ME which performs its cyclic transmission.

Again with reference to FIG. 5, the Message Generator includes its own EMM database 3160 which, for the lifetime of the relevant EMM, stores it. It is erased once its emission duration has expired. The database is used to ensure consistency between the MG and ME, so that for example when an end user is suspended the ME will not continue to send renewals. In this regard the MG computes the relevant operations and sends them to the ME.

On generation of an EMM, the MG assigns a unique identifier to the EMM. When the MG passes the EMM to the ME, it also passes the EMM ID. This enables identification of a particular EMM at both the MG and the ME.

Also concerning the Subscription Chain area, the Message Generator includes two FIFOs 3162 and 3164, one for each of the relevant Message Emitters 3302 and 3304 in the EMM Injector 3300, for storing the ciphered EMMs. Since the Subscription Chain area and EMM Injector may be a significant distance apart, the use of FIFOs can allow full continuity in EMM transmission even if the links 3166 and 3168 between the two fail. Similar FIFO's are provided in the Pay Per View Chain area.

One particular feature of the Message Generator in particular and the conditional access system in general concerns the way that it reduces the length of the EMM proper 3062 by mixing parameter length and identifier to save space. This is now described with reference to FIG. 10 which illustrates an exemplary EMM (in fact a FPV EMM, which is the simplest EMM). The reduction in length occurs in the Pid (Packet or "Parameter" identifier) 3170. This comprises two portions, the actual ID 3172, and the length parameter for the packet 3174 (necessary in order that the start of the next packet can be identified). The whole Pid is expressed in just one byte of information, 4 bits being reserved for the ID, and four for the length. Because 4 bits is not sufficient to define the length in true binary fashion, a different correspondence between the bits and the actual length is used, this correspondence being represented in a look-up table, stored in storage area 3178 in the Message Generator (see FIG. 5). The correspondence is typically as follows: 0000=0 0001=1 0010=2 0011=3 0100=4 0101=5 0110=6 0111=7 1000=8 1001=9 1010=10 1011=11 1100=12 1101=16 1110=24 1111=32

It will be seen that the length parameter is not directly proportional to the actual length of the packet; the relationship is in part more quadratic rather than linear. This allows for a greater range of packet length.

Pay Per View Chain Area

Concerning the Pay Per View Chain area 3200, with reference to FIG. 5 in more detail the Authorisation Server 3202 has as its client the Order Centralized Server 3207, which requests information about each subscriber which connects to the Communications Servers 3022 to purchase a PPV product.

If the subscriber is known from the AS 3202, a set of transactions takes place. If the subscriber is authorized for the order, the AS creates a bill and sends it to the OCS. Otherwise, it signals to the OCS that the order is not authorized.

It is only at the end of this set of transactions that the AS updates the end users database 3204 via the database servers (DBAS) 3206, if at least one transaction was authorized; this optimizes the number of database accesses.

The criteria according to which the AS authorizes purchase are stored in the database, accessed through DBAS processes. In one embodiment, the database is the same as the database accessed by the STM.

Depending on consumer profile, the authorization may be denied (PPV_Forbidden, Casino_Forbidden . . . ). These kind of criteria are updated by STM 3104, on behalf of the SMS 3004.

Other parameters are checked, such as limits allowed for purchase (either by credit card, automatic payment, or number of authorized token purchases per day).

In case of payment with a credit card, the number of the card is checked against a local blacklist stored in the local blacklist database 3205.

When all the verifications are successful, the AS: 1. Generates a bill and sends it to the OCS, which completes this bill and stores it in a file, this file being later sent to the SMS for processing (customer actual billing); and 2. Updates the database, mainly to set new purchase limits.

This check-and-generate-bill-if-OK mechanism applies for each command a subscriber may request during a single connection (it is possible to order e.g. 5 movies in a single session).

It is to be noted that the AS has a reduced amount of information concerning the subscriber, by comparison with that held by the SMS. For example, the AS does not hold the name or address of the subscriber. On the other hand, the AS does hold the smartcard number of the subscriber, the subscriber's consumer category (so that different offers can be made to different subscribers), and various flags which state whether, for example, the subscriber may purchase on credit, or he is suspended or his smartcard has been stolen. Use of a reduced amount of information can help to reduce the amount of time taken to authorize a particular subscriber request.

The main purpose of the DBASs 3206 is to increase database performance seen from the AS, by paralleling the accesses (so actually it does not make much sense to define a configuration with only one DBAS). An AS parameter determines how many DBASes should connect. A given DBAS may be connected to only one AS.

The OCS 2307 mainly deals with PPV commands. It operates in several modes.

Firstly, it operates to process commands issued by the SMS, such as product refreshment (for instance, if the bill is already stored by the SMS, no bill is generated by the OCS), update of the wallet in the smartcard 3020, and session cancellation/update.

The various steps in the procedure are: 1. Identifying the relevant subscriber (using the AS 3202); 2. If valid, generate adequate commands to the Message Generator, in order to send an appropriate EMM. Commands may be: Product commands, Update of the wallet, Session erasure.

Note that these operations do not imply creation of billing information, since billing is already known from the SMS. These operations are assimilated to "free products" purchase.

Secondly, the OCS deals with commands received from the subscribers through the Communications Servers 3022. These may be received either via a modem connected to the receiver/decoder 2020, or by voice activation via the telephone 4001, or by key activation via a MINITEL, PRESTEL or like system where available.

Thirdly, the OCS deals with callback requests issued by the SMS. These last two modes of operation are now discussed in more detail.

In the second type of mode described above it was stated that the OCS deals with commands received directly from the end user (subscriber) through the Communications Servers 3022. These include product orders (such as for a particular PPV event), a subscription modification requested by the subscriber, and a reset of a parental code (a parental code being a code by which parents may restrict the right of access to certain programmes or classes of programmes).

The way in which these commands are dealt with is now described in more detail with reference to FIG. 11.

Product orders by a subscriber involve the following steps: 1. Identifying through the AS the caller who is making a call through the CS 3022 ordering a particular product; 2. Checking the caller's request validity, again using the AS (where the order is placed using the receiver/decoder 2020, this is achieved by verifying the smartcard 3020 details); 3. Ascertain the price of the purchase; 4. Check that the price does not exceed the caller's credit limit etc; 5. Receiving a partial bill from the AS; 6. Filling additional fields in the bill to form a completed bill; 7. Adding the completed bill to a billing information storage file 3212 for later processing; and 8. Sending corresponding command(s) to the PPV Message Generator 3210 to generate the relevant EMM(s).

The EMM(s) is sent either on the modem line 4002 if the consumer placed the product order using the receiver/decoder 2020 (more details of this are described later), or else it is broadcast. The one exception to this is where there is some failure of the modem connection (in the case where the consumer places the order using the receiver/decoder); in this event the EMM is broadcast over the air.

A subscription modification requested by a subscriber involves: 1. Identifying the caller (using the AS); 2. Sending information to the Command Interface; the CI in turn forwards this information to the SMS; and 3. Via the CI, the OCS then receives an answer from the SMS (in terms of the cost of the modification, if the modification is possible).

If modification was requested using the receiver/decoder, the OCS generates a confirmation to the SMS. Otherwise, for example in the case of phone or Minitel, the subscriber is prompted for confirmation and this answer sent to the SMS via the OCS and the CI.

Reset of a parental code involves 1. Identifying the caller (using AS); and 2. Sending a command to the MG to generate an appropriate EMM bearing an appropriate reset password.

In the case of reset of parental code, the command to reset the code is for security reasons not permitted to originate from the receiver/decoder. Only the SMS, telephone and MINITEL or like can originate such a command. Hence in this particular case the EMM(s) are broadcast only on air, never on the telephone line.

It will be understood from the above examples of different modes of operation of the OCS that the user can have direct access to the SAS, and in particular the OCS and AS, in that the Communications Servers are directly connected to the SAS, and in particular the OCS. This important feature is concerned with reducing the time for the user to communicate his command to the SAS.

This feature is illustrated further with reference to FIG. 12, from which it can be seen that the end user's Set-Top-Box, and in particular its receiver/decoder 2020, has the capability of communicating directly with the Communications Servers 3022 associated with the SAS 3002. Instead of the connect