WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
System for controlling access to broadcast transmissions    
United States Patent5481609   
Link to this pagehttp://www.wikipatents.com/5481609.html
Inventor(s)Cohen; Michael (Jerusalem, IL); Hashkes; Jonathan (Jerusalem, IL)
AbstractA system for controlling access to broadcast transmissions including a transmitter having a transmission encoder for scrambling the broadcast, a multiplicity of subscriber receivers, each having an identical receiving decoder, containing no secret cryptographic keys, for descrambling the broadcast and a plurality of selectable and portable executing apparatus each being operatively associatable with a receiving decoder at a partially different given time and each executing generally identical operations to generate a seed for use by the associated receiving decoder to enable the receiving decoder to descramble the broadcast.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History
Drawing from US Patent 5481609
System for controlling access to broadcast transmissions - US Patent 5481609 Drawing
System for controlling access to broadcast transmissions
Inventor     Cohen; Michael (Jerusalem, IL); Hashkes; Jonathan (Jerusalem, IL)
Owner/Assignee     News Data Security Products Ltd. (Quarry Bay, HK)
Patent assignment
All assignments
Publication Date     January 2, 1996
Application Number     08/119,734
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     September 10, 1993
US Classification     380/227 235/380 235/382 380/22 380/44 380/228 380/242
Int'l Classification     H04L 009/32 H04L 009/08 H04N 007/167
Examiner     Gregory; Bernarr E.
Assistant Examiner    
Attorney/Law Firm     Ladas & Parry
Address
Parent Case     This is a continuation of application Ser. No. 07/993,823 filed Dec. 18, 1992, now U.S. Pat. No. 5,282,249, which is a continuation of application Ser, No. 07/611,960 filed Nov. 9, 1990, now abandoned.
Priority Data    
USPTO Field of Search     235/379 235/380 235/381 235/382 380/9 380/10 380/16 380/21 380/22 380/23 380/30 380/44 340/825.31 340/825.34
Patent Tags     controlling access broadcast transmissions
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
2977434



[0 after 0 votes]		5282249
Cohen
380/229
Jan,1994
[0 after 0 votes]
4993066
Jenkins

Feb,1991
[0 after 0 votes]		4811377
Krolopp
455/550.1
Mar,1989
[0 after 0 votes]
4748668
Shamir
380/30
May,1988
[0 after 0 votes]		4494143
Lovick
380/227
Jan,1985
[0 after 0 votes]
4012583
Kramer
725/26
Mar,1977
[0 after 0 votes]		3890461
Vogelman
380/228
Jun,1975
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


We claim:

1. A system for controlling access to broadcast transmissions comprising:

a transmitter having a transmission scrambler for scrambling a broadcast and a satellite in geosynchronous orbit for relaying said broadcast;

a security computer coupled to said transmitter; and

a multiplicity of subscriber receivers, each comprising:

a groundstation for receiving said broadcast relayed from said satellite and a receiving descrambler for descrambling said broadcast; and

a selectable and portable memory means operatively associated with said receiving descrambler, wherein instructions transmitted by said security computer to said receiving descrambler enable said receiving descrambler to employ data stored in said memory means for generating a seed used by said receiving descrambler to descramble said broadcast.

2. A system according to claim 1 and wherein said selectable and portable memory means contains information which indicates programming entitlements to said receiving descrambler.

3. A system according to claim 1 and wherein said receiving descrambler generates displayed messages originating from said broadcast transmissions.

4. A method for controlling access to broadcast transmissions, wherein scrambled programs are transmitted to a plurality of subscriber units, each including a receiver and a receiving descrambler which descrambles programs by using a smart card, the method comprising:

providing a first smart card for enabling descrambling of programs for a first predetermined time period;

transmitting a message from said first smart card to an electronic mailbox in said receiving descrambler when said first predetermined period lapses;

storing said message in said electronic mailbox;

providing a second smart card;

applying said message stored in said electronic mailbox to enable operation of said second smart card for a second predetermined time period; and

employing said second smart card for enabling descrambling of programs for said second predetermined time period.
 Description Submit all comments and votes
 


FIELD OF THE INVENTION

The present invention relates to broadcast transmission systems and techniques.

BACKGROUND OF THE INVENTION

There is known in the patent literature a great variety of systems and techniques for broadcast transmission. More particularly systems for controlling access to broadcast transmissions are described in the following publication:

Satellite and Cable TV Scrambling and Descrambling, by Brent Gale and Frank Baylin, published by Baylin/Gale Productions, Boulder, Colo., 1986.

Smart cards, plastic cards resembling credit cards with microprocessor inside of them, are known in the art. They are described in the book, Smart Cards, The New Bank Cards, by Jerome Svigals and published by Macmillan Publishing Company, N.Y., 1987.

SUMMARY OF THE INVENTION

The present invention seeks to provide improved apparatus and techniques for controlling access to broadcast transmissions. For the purposes of the present specification and claims, broadcast transmissions are deemed to include both audio and video, combined and separately, whether transmitted by wire or by wireless techniques.

There is thus provided in accordance with a preferred embodiment of the present invention a system for controlling access to broadcast transmissions including a transmitter having a transmission encoder for scrambling the broadcast, a multiplicity of subscriber receivers, each having an identical receiving decoder, containing no secret cryptographic keys, for descrambling the broadcast and a plurality of selectable and portable executing apparatus each being operatively associatable with a receiving decoder at a partially different given time and each executing generally identical operations to generate a seed for use by the associated receiving decoder to enable the receiving decoder to descramble the broadcast.

In accordance with a preferred embodiment of the present invention, the executing apparatus includes apparatus for actively executing an algorithm.

In accordance with another embodiment of the present invention, the executing apparatus includes apparatus for providing instructions and data for an algorithm executed in the decoder.

In accordance with one embodiment of the present invention, the executing apparatus includes provides all of the instructions required to descramble the transmission. In accordance with another embodiment of the present invention, the executing apparatus provides only part of the instructions required to descramble the transmission.

In accordance with a preferred embodiment of the present invention, the executing apparatus comprises apparatus for providing proof of authenticity to the receiving decoder. The proof of authenticity is preferably a public key proof of authenticity and preferably a Fiat-Shamir public key proof of authenticity.

In accordance with a preferred embodiment of the present invention, each executing apparatus contains a separate identification element which is sensible by a decoder.

Further, in accordance with a preferred embodiment of the present invention, each executing apparatus comprises an element which indicates programming entitlements to the decoder.

In accordance with a preferred embodiment of the present invention, the element which indicates programming entitlements to the decoder is modified by information contained in the transmitted broadcast.

In accordance with a preferred embodiment of the present invention, the decoder comprises a mailbox for receiving data from broadcast transmissions and from the a first of the plurality of selectable executing apparatus. Further, in accordance with a preferred embodiment of the present invention, the executing apparatus is operative to access the mailbox. Such data may include, for example, activation data for enabling operation of the executing apparatus and entitlement information.

In accordance with a preferred embodiment of the present invention, the executing apparatus may contain information which can be accessed by the decoder for modifying software thereof.

In accordance with a preferred embodiment of the present invention, the executing apparatus comprises apparatus for generating displayed messages via the decoder.

In accordance with a preferred embodiment of the present invention, the decoder is operative to generate displayed messages originating from any of the following sources: the broadcast, the decoder and the executing apparatus.

Further, in accordance with a preferred embodiment of the present invention, the displayed messages may be assigned designated priorities.

There is provided, in accordance with the present invention, a system for transferring information comprising a plurality of portable card apparatus each comprising microprocessor apparatus for generating and transmitting data to be stored and fixed storage apparatus for receiving the data from a first of the plurality of card apparatus, for storing the data, and for enabling a second of the plurality of card apparatus to remove the data therefrom.

There is additionally provided, in accordance with the present invention, a system for transferring information comprising computing apparatus for generating and transmitting a first set of data to be stored, a plurality of portable card apparatus each comprising microprocessor apparatus for generating and transmitting a second set of data to be stored and fixed storage apparatus for receiving at least one of the first and second data from the computing apparatus and a first of the plurality of card apparatus, for storing the information, and for enabling a second of the plurality of card apparatus to remove the at least one of the first and second data therefrom.

BRIEF DESCRIPTION OF THE DRAWING

The present invention will be understood and appreciated more fully from the following detailed description, taken in conjunction with the drawings in which:

FIGS. 1/1 and 1/2 are generalized block diagram illustrations of a broadcast system constructed and operative in accordance with a preferred embodiment of the present invention;

FIG. 2 is a more detailed block diagram illustration of the transmission end of the system of FIG. 1;

FIG. 3 is a more detailed block diagram illustration of the reception end of the system of FIG. 1;

FIG. 4 is a generalized illustration of a communications protocol employed in accordance with a preferred embodiment of the invention;

FIG. 5 is an illustration of a information exchange protocol for use with a verifier and a smart card in accordance with a preferred embodiment of the present invention; and

FIG. 6 is an illustration of a Fiat-Shamir authentication protocol useful in the present invention.

DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT

Reference is now made to FIGS. 1-3, which illustrate the broadcast system constructed and operative in accordance with a preferred embodiment of the present invention. The broadcast system preferably comprises a security computer 10, such as an IBM AT having multiple serial communications links. The security computer 10 receives inputs from a security database computer 12, such as an IBM AT, which stores programming information as well as information relating to urgent or periodic subscriber actions. Typically an urgent subscriber action could consist of immediate, on-line activation, deactivation or re-activation of viewing entitlements. Typically a periodic subscriber action is a blacklisting order or a message to be transmitted periodically so that when the subscriber is tuned to the system, the order or message will be received and suitably processed.

The security computer 10 also receives an input from a subscriber management system 14, typically embodied in a large mainframe computer, commercially available from IBM or other major manufacturers. The subscriber management system stores details of all subscribers, their payment status and their entitlements.

In accordance with a preferred embodiment of the invention, the security computer 10 interfaces with one or more smart cards 16. Such smart cards are well known and are described in Smart Cards, The New Bank Cards, by Jerome Svigals. The smart cards preferably contain two computer programs. The first computer program contains a seed generating algorithm for producing a seed which is used in signal scrambling and descrambling at both ends of the system. The second program contains a signature protocol which appends a suitably hashed signature to all information regarding entitlements when transmitted over the system.

The security computer 10 supplies data, including, inter alia, unscrambled data, data bearing a signature and a seed to an encoder 18, which typically is located on the premises of a broadcasting station.

The operation of the apparatus of elements 10, 12, 14 and 16 may be emulated by a computer program whose object code is attached hereto as Annex A.

The encoder 18 is typically an encoder which is commercially available from Thomson CSF Laboratoires Electroniques de Rennes, Cesson-Sevigne, France. The encoder 18 is operative, using the seed received via the security computer 10, to scramble all or part of an audio-video TV program received from any suitable program source, such as a VCR. The encoder 18 is also operative to modulate the data which is received from the security computer so as to enable both the scrambled program and the data to be transmitted together. It will be appreciated that the seed is not modulated and thus, is not transmitted.

The modulation technique may be selected at will from known techniques provided that it is suitable for use with the encoder 18. In accordance with a preferred embodiment of the invention, the data is inserted on unused video lines.

The output of the encoder 18 is broadcast by any suitable technique, either by wire or wireless apparatus. In the illustrated embodiment, the encoder outputs to a ground station 20, which communicates via a satellite 22 in geosynchronous orbit of the earth with a multiplicity of receiving ground stations 24, each representing a subscriber.

The signals received by each receiving ground station 24 are supplied to a receiver 26, typically commercially available from Amstrad of the U.K. The receiver 26 is operative to convert the signals received thereby, which are selected by the subscriber, to baseband video. If the baseband video does not require descrambling, the receiver 26 remodulates the baseband video typically on a pre-selected channel for reception and display on a conventional television display 28.

Scrambled signals are supplied by the receiver 26 to a decoder 30, typically commercially available from Ferguson Limited, Enfield, Middlesex, England or from Thomson L.E.R.E.A. Illkirch, France.

In accordance with a preferred embodiment of the present invention, the decoder is operative together with a smart card 32, which contains a seed generation algorithm. It is a particular feature of the present invention, that the decoders contain no cryptographic secrets and that each of the smart cards 32 associated with the multiplicity of receivers 26 execute the identical seed generation algorithm on the data sent from the security computer 10 and thus, produce the identical seed used by encoder 18 to scramble the broadcast signal. It is an additional feature of the present invention that the receivers 26 are identical and the smart card 32 from one subscriber can operate in the receiver 26 of a second subscriber, thereby allowing the second subscriber to view, in his home, the programs received by the first subscriber.

In accordance with an alternative embodiment of the invention, the use of either or both of smart cards 16 and 32 may be eliminated in favor of simpler, but less secure memory cards. In such a case, the memory card contains data but not the seed generating algorithm. In such a case, the security computer transmits instructions to the decoder 30 enabling it to use the data in the memory card to reproduce the seed.

In the embodiment wherein cards 16 and 32 or at least card 32 is a smart card, the smart card 32 includes a first program which verifies the genuineness of the hashed signature produced by card 16 and transmitted through the system, thus rejecting entitlement data bearing no signature or a non-genuine signature. The smart card 32 also contains a program for generating the seed for enabling the decoder to descramble the video TV program. The object code for a smart card 32 manufactured by News Gem Smartcard International Ltd. of Livingston, Scotland, is attached hereto as Annex B.

Reference is now made to FIG. 2 which illustrates the transmission apparatus of the present invention. As mentioned hereinabove, security computer 10 receives subscriber and programming data from subscriber management system 14 and security database 12. Security computer 10 sends a portion of the data relating to operations to be performed by smart card 32 to the smart card 16, via a smart card coupler 34, such as those commercially available from GemPlus of Gemenos, France. Smart card 16 appends a digital signature to the data for smart card 32 whereby the digital signature is generated by the second algorithm stored within the smart card 16. The smart card 16 additionally generates the scrambling seed to be used by the encoder 18.

The two algorithms stored in smart cards 16 and 32 are typically hashing functions operating on the data for smart card 32. The hashing function of the second algorithm, that for digital signature generation, typically is iterated a few times. The hashing function of the first algorithm, that for seed generation, typically is iterated a multiplicity of times. Hashing functions are described in The Art of Computer Programming, Vol 2:Seminumerical Algorithms by Donald E. Knuth.

The data for smart card 32 and the scrambling seed are sent from the smart card 16 through the security computer 10 to the encoder 18. The scrambling seed in loaded into a Pseudo-random Bit Sequencer (PRBS) 40 which produces from it a pseudo-Random sequence of bits. The sequence of bits is sent to a scrambler 42 which utilizes it to scramble the broadcast signal, which may come from a VCR.

The programming and security data as well as the data for smart card 32 is appended to the scrambled broadcast signal, by means of a data inserter 44, and the combined signal is sent to the ground station 20 to be modulated and transmitted.

Reference is now made to FIG. 3 which illustrates the reception end of the system of FIG. 1. As mentioned hereinabove, the combined signal is received by receiving ground station 24 and is sent to receiver 26 which demodulates it into video baseband. The video baseband is then sent in parallel to both a descrambler 46 and a data demodulator 48 of decoder 30.

Data demodulator 48 extracts the data from the combined signal and sends it to a verifier 50. Verifier 50 then sends a portion of the data to the smart card 32 for verification of entitlements and for seed generation. The portion of the data which is sent is that dealing with entitlements and seed generation.

Smart card 32 receives the data portion and, if the entitlement information enclosed therein indicates that the subscriber is entitled to view the selected program, it utilizes the data portion to generate a decoding seed which is generally equivalent to the scrambling seed. If the subscriber is not entitled to receive the video signal, the decoding seed will not match the scrambling seed. Smart card 32 also generates on-screen displays based on the received data portion. For example, the received data portion typically includes a channel identification number and the current date. If the subscriber is not entitled to view the currently selected channel, an on-screen display message such as THIS CHANNEL IS BLOCKED, is generated. If the current date is beyond an expiration date stored in smart card 32, an on-screen display message such as YOUR CARD HAS EXPIRED is generated. It will be appreciated that typically only one on-screen display message can be displayed at one time.

The generated seed and on-screen displays, if any, are sent to the verifier 50. The verifier 50 sends the on-screen displays to an on-screen display inserter 52 which inserts the display into the baseband video after it has left the descrambler 46. The decoding seed is sent to a PRBS 54 which generates a pseudo-random bit sequence, generally identical to the scrambling seed, which is utilized by the descrambler 46 for descrambling the baseband video signal.

The verifier 50 performs the following six additional functions:

1. An authentication operation, as described hereinbelow and with reference to FIG. 6, for verifying that the smart card is authentic;

2. Generation of the decoding seed, in conjunction with the security computer 10, and management of pay-per-view programs, in the embodiment where the smart card 32 comprises a memory card. The algorithm used for seed generation is a hashing function operating on data from the security computer 10. The result is used as the decoding seed if the results of instructions such as comparisons between data stored in the memory card and data sent from the security computer 10 are positive;

3. comparison of priority levels of on-screen display messages, such as between those generated by smart card 32 and those sent from the security computer 10, for determining which message should be displayed and sending of the message to the on-screen display inserter 52;

4. display of the smart card 32 identification number upon request from the security computer 10;

5. blacklisting of smart cards 32 which contain an illegal identification number, as directed by the security computer 10; and

6. maintenance of a mailbox used to store messages from an old to a new smart card and from the security computer 10 to the smart card 32. Such messages may include enabling of the new card based on the message left by the old card. For pay-per-view systems where the smart card 32 stores the amount of money initially paid by the subscriber and deletes a predetermined amount of money for each program viewed, at the end of the subscription period, the old smart card 32 leaves in the mailbox an amount of money left to the subscriber (if any). The new smart card 32 adds to the amount stored within it the amount left in the mailbox.

Executable code for a verifier 50 incorporated into an 8052 processor from Intel is attached hereto as Annex C.

The on-screen display inserter 52 inserts the on-screen display messages into the baseband video output of the descrambler 46 and the combined signal is sent to the receiver 26 for remodulation and for transmission to the TV set 28.

Reference is now made to FIG. 4 which illustrates a communications protocol typically used in the system of the present invention. Beginning at the lowest level, the physical level, the ground station transmitter 20 transmits a broadcast signal via a satellite link to a receiver apparatus 60 which comprises ground station receiver 24 and receiver 26.

At the data level, the data is inserted into the vertical blanking interval of the broadcast signal via the data inserter 44 of the encoder 18 and removed via the data demodulator 48 of decoder 30. The encoder 18 and decoder 39 may communicate between themselves without affecting the operation of the system of the present invention.

At the session level, the security computer 10 communicates with the verifier 50 of decoder 30 via data packets of the data. In the preferred embodiment of the present invention, the data packets are 32-byte packets. The information passed is system and subscriber information, authorization to perform the authentication operation and/or to display the smart card identification number, as described hereinabove. The session level communicates with the data level via an RS-232 protocol between the security computer 10 and the encoder 18 and via a parallel communication protocol, described in Annex D, between the verifier 50 and the data demodulator 48.

Finally, the application level is a communication level between the smart card 16 attached to the security computer 10 and the smart card 32 attached to the decoder 30. The information passed relates to seed and signature generation, and channel and date information.

Reference is now made to FIG. 5 which illustrates a communications protocol between smart card 32 and verifier 50. Verifier 50 sends a data packet to the smart card 32 and the smart card 32 operates on the data packet to generate a decoding seed and on-screen display messages. Additionally, the smart card 32 receives mail from the mailbox of verifier 50 as well as sends mail to the mailbox.

In accordance with a preferred embodiment of the present invention, the verifier 50 reads the card identification number of the smart card 32 which is stored in the memory of the smart card. Moreover, upon instruction from the security computer 10, as transmitted in the data packet, the verifier 50 and smart card 32 perform an authentication process.

The authentication process is illustrated in FIG. 6 and discussed in detail in U.S. Pat. No. 4,748,668 to Shamir which is incorporated herein by reference. Smart card 32 has stored in it a card identification number, denoted V in FIG. 6, a second number, denoted S, and a modulus N, which is also stored in verifier 50. N is a public modulus which is a multiple of two values P and Q where P and Q ape two prime numbers, typically of many digits, known only to the system which generates the smart cards. S is defined as: ##EQU1## where the square root is performed as a modular square root. Modular arithmetic is discussed on pages 268-278 of The Art of Computer Programming, Vol. 2:Seminumerical Algorithms, written by Donald E. Knuth and published by Addison-Wesley Publishing Company, Reading, Mass.

The authentication process operates as follows. Verifier 50 requests a number X from smart card 32 where X is defined as:

X=R.sup.2 *Mod N (2)

where R is an arbitrary number. The verifier 50 then responds with a query bit Q, received from the security computer 10, whose value is randomly either 0 or 1. The smart card 32 then responds with a value Y where Y is defined as:

Y=R if Q=0 (3)

Y=(R*S)*Mod N if Q=1 (4)

The smart card 32 is authenticated if the verifier 50 calculates the following values for Y.sup.2.

Y.sup.2 =X*Mod N if Q=0 (5)

Y.sup.2 =(X*V)*Mod N if Q=1 (6)

where the verifier 50 received V from the smart card 32 prior to the authentication process.

It will be appreciated by persons skilled in the art that the present inventions is not limited by what has been particularly shown and described hereinabove. Rather the scope of the present invention is defined only by the claims which follow: ##SPC1##

* * * * *
Previous Patent (Method and an apparatus for preventing unauth...)Next Patent (Digital radio transceiver with encrypted key ...)
Custom CD - PDFs of patents similar to US5481609 - System for controlling access to broadcast transmissions
$19.95 (free shipping)