PROCESS FOR REINFORCING THE SECURITY OF A PAY TELEVISION SYSTEM BASED ON PERIODIC MANDATORY BACK-COMMUNICATION

Abstract

The invention relates to a process for transmitting streaming digital content to a client device for access to digital content. The inventive process makes it possible, in particular, to apply an access control system to the protection of direct-mode video streams. The process also makes it possible to significantly improve the security and safety of the system, based on a periodic mandatory back-communication on the part of the client device.

Claims

1. A process for transmitting streaming digital content on an Internet data communication network, said Internet network being structured according to a multi-broadcasting routing mode, said process being implemented by a digital content transmission system comprising: a digital rights management device (12, 13) including: at least one digital content encryption module (121, 122; 42), connected to a streaming digital content source (111) via said Internet data communication network; a module (124) for storing cryptographic encryption keys and content identifiers, connected to the encryption module (121, 122); a client device (14) for accessing said streaming digital content, connected to the digital rights management device (12, 13) via said Internet data communication network, and including: a module (141) for access, browsing and display of said streaming digital content; a client module (142) for digital rights management, connected to the module (141) for access, browsing and display of said streaming digital content; each module (121-124, 141-142, 42) being formed by a software component, a hardware component, or a set of hardware and software components; the process including the following steps: the transmission to the encryption module (121, 122; 42) of digital content, by the digital content source (111), of streaming digital content (31), via the Internet data communication network; the encryption, by the digital content encryption module (121, 122; 42), of said digital content (31) via a secret cryptographic encryption key; the determination, by the digital content encryption module (121, 122; 42), if the client device (14) has previously transmitted to the encryption module (121, 122; 42) the value of a variable representative of a state of the client device (14); and, depending on the particular case, the comparison, by the digital content encryption module (121, 122; 42), between the current value and preceding value of said variable, then the determination, by the encryption module (121, 122; 42), of a level of similarity between the current value and the preceding value of said variable; if, on completion of the step of determining a level of similarity, the encryption module (121, 122; 42) determines that the level of similarity is greater than a predetermined threshold level: the transmission to the cryptographic encryption key and content identifier storage module (124), by the digital content encryption module (121, 122; 42), of access criteria required for a given channel, said channel containing all or some of said digital content; the translation, by the cryptographic encryption key and content identifier storage module (124), of said required access criteria in the form of a specific content identifier and a specific content key; the transmission to the digital content encryption module (121, 122; 42), by the cryptographic encryption key and content identifier storage module (124), of said specific content identifier and said specific content key; the insertion, by the digital content encryption module (121, 122; 42), of said specific content identifier and said specific content key, in the encrypted digital content, a multiplexed data stream (34, 35) being obtained upon completion of this insertion step, the multiplexed data stream (34, 35) containing said encrypted digital content, said specific content identifier and said specific content key; the transmission to the module for access, browsing and display (141) of the client device (14), by the digital content encryption module (121, 122; 42), of said multiplexed data stream (34, 35) via said Internet data communication network; the recovery, by the module for access, browsing, and display (141), of the specific content identifier contained in the multiplexed data stream (34, 35), and the transmission of said digital content identifier to the client digital rights management module (142); the verification, by the client digital rights management module (142), if an object corresponding to said specific content identifier exists, and, depending on the particular case, the delivery of a right to access, browse, and display digital content to the access, browsing and display module (141).

2. Process according to claim 1, characterized that, in the step of determining whether the client device (14) has previously transmitted, to the encryption module (121, 122; 42), the value of a variable representative of a state of the client device (14), the digital content encryption module (121, 122; 42) verifies whether the client device (14) has transmitted the value of said variable from a predetermined number of time units.

3. Process according to claim 1, characterized in that the variable representative of a state of the client device (14) is a list of data indicative of the state of the device (14); and the determination by the encryption module (121, 122; 42), of a level of similarity between the current value and the preceding value of said variable involves a comparison of the data of the current list and the data of the preceding list with one another so as to determine a level of identical data between the two lists.

4. Process according to claim 3, characterized in that the data of the list of data indicative of the state of the device (14) form a history of the display of digital content by the user.

5. Process according to claim 1, characterized in that the digital content encryption module (121, 122; 42) includes a first sub-module (121) for scrambling digital content, and a second sub-module (122) for generating control rights messages, connected to the first sub-module (121).

6. Process according to claim 5, characterized in that the first digital content scrambling sub-module (121) is a multiplexer.

7. Process according to claim 1, characterized in that the Internet data communication network is a network compliant with the IP television standard, the streaming digital content is a direct-mode audiovisual television stream.

8. Process according to claim 1, characterized in that the digital rights management device (12, 13) and the client device (14) form a client-server architecture, at least one of the modules (121-124, 141-142, 42) of the device (12, 13) for digital rights management being a server.

9. Non-transitory recording medium on which a computer program is recorded, including program code instructions for implementing the steps of the digital content transmission process according to claim 1.

Description

DESCRIPTION OF THE FIGURES

[0081] Other features and advantages of the technique proposed will become clearer in view of the following description of a preferred embodiment, provided simply as an illustrative and non-limiting example, and appended drawings, wherein:

[0082] FIG. 1 shows the inventive system;

[0083] FIG. 2 shows the process for transmission of streaming digital content according to the invention, implemented by the system of FIG. 1;

[0084] FIG. 3 shows a hardware and software architecture implementing the invention.

DESCRIPTION

[0085] The system of the invention is comprised of the following modules:

[0086] The modules belong to three categories: a “Back-End System” category (12), a “Front-End System” category (13) and a “client” category (14); and are interfaced with a fourth category, namely an “external system” category (11).

[0087] The “external system” category comprises the following elements:

[0088] The CDN Source (111) (“Content Delivery Network”): The CDN Source provides audiovisual content to the inventive system. The audiovisual content is acquired in form of a clear (intelligible) signal of various types of content providers (for example, satellite connections, content aggregators, direct broadcaster connections, etc.). The content is delivered to the head end in the form of an MPEG stream (“MPEG Single Program Transport Stream multicast”) with varying flow rates and varying video encoding formats (MPEG/AVC). This information travels via a plurality of Internet traffic points for content exchange.

[0089] The CRM System (112): The customer relationship management system manages the subscribers, their subscriptions, their packages and commercial offers, the devices for accessing subscriber content and subscriber rights. The CRM System (112) provides the information necessary for the billing process. The CRM System (112) is used by the commercial and operational services of the operator to assign content access rights to the clients and manage their technical data and billing data. The CRM System (112) is also designated by the acronym “SMS” (for “Subscriber Management System”). The CRM System (112) may be housed on the premises of an external service provider or, by contrast, be housed by the entity using the inventive system.

[0090] The “Back-End System” category comprises the following elements:

[0091] The scrambler (121): A scrambler is a multiplexer having the capacity to scramble an incoming MPEG transport stream. A typical scrambler uses “TS-packet”-type scrambling with a CW rotation and an AES-128 encryption of the video and audio signal and content of the subtitles. Another example of an embodiment is the use of DVB-CSA. To enable fast scrolling (forward or backward) of content, certain content portions may be left in clear form (PUSI packets, or, for example, 5% of packets).

[0092] The ECM generator (122): generates ECMs (“Entitlement Control Messages”) so that the multiplexer inserts said ECMs into the scrambled transport stream. The interface between the scrambler (121) and the ECM generator (122) is defined by the “Head-End Simulcrypt Standard (ETSI TS 103 197)”. The ECMs contain the DRM content identifier corresponding to a given package. The ECMs generator (122) uses a key server (124) to obtain the content key corresponding to the DRM content identifier received from the scrambler (121).

[0093] The DRM Back-End System (123): is a database of DRM objects and transactions that must be recovered by DRM Clients. Each DRM object is, for example, a digital content access license, a subscription node or a link between a DRM user and a digital content identifier. Thus, the DRM Back-End System (123) combines both the technical information of the DRM objects (DRM users, subscription nodes, content identifiers) and the associated commercial logic information (packages, devices). The DRM Back-End System (123) provides the DRM Front-End System (132) with all of the data necessary for generating the DRM elements such as licenses, nodes and links.

[0094] The key server (124): Manages the content identities and the content keys of all of the DRM packages. The key server (124) offers secure database services to the other components of the system when said other components of the system need to access content keys corresponding to specific content identifiers.

[0095] The Token Back-End System (125) is the core of the commercial logic of the Back-End System. The Token Back-End System (125) generates action tokens (lists of operations) for the DRM Clients (142), indicating to the DRM Clients (142) on which data the DRM Clients (142) should query the DRM Front-End System (132). The Token Back-End System (125) applies the CRM data to the subscriber packet data in order to generate the transactions for recovery of DRM objects corresponding to the subscriptions in the DRM Back-End System (123). On the basis of the CRM data, the Token Back-End System (125) also manages the current state of the status of the subscriber's content display device. The Token Back-End System (125) also manages the package data in the database of the DRM Back-End System (123).

[0096] The CRM Module (126) is the part of the inventive system responsible for communication with the CRM System (112). The CRM Module (126) is a content provider abstraction layer enabling integration of different CRM Systems. It is sufficient for a minimal set of required operations to be supported for any CRM System to be capable of being used to manage subscriber package data.

[0097] The “Front-End System” category comprises the following elements:

[0098] The Content Delivery Network (or “CDN”) (131) for IPTV channels: The channels are delivered to the operators in a scrambled multicast UDP MPEG SPTS format. This content delivery is performed via multiple Internet exchange points. The operators receive all of the IPTV traffic on their premises using a protocol-independent multicast router (or PIM router) or dynamically subscribe to the content required via the IGMP protocol (“Internet Group Management Protocol”) using a PIM head-end router.

[0099] The DRM Front-End System (132) is a DRM server provided by the Intertrust company (the DRM Front-End System (132) is also called “Bluewhale Server”). The DRM Front-End System (132) is responsible for secure communication with the DRM Clients (142). The DRM Front-End System (132) uses the DRM Back-End System (123) to recover the commercial data necessary for generating DRM objects required by the DRM Clients (142).

[0100] The Token Front-End System (133) is an HTTP Proxy server accessible by means of the Internet. The Token Front-End System (133) provides secure access to the services offered by the Token Back-End System (125) intended for User Interface UI Applications (143).

[0101] The “Client System” category comprises the following elements:

[0102] The IPTV Client (141) is part of the application stack of the subscriber's display device. The IPTV Client (141) is responsible for access to the IPTV content, and browsing of the content (or “media parsing”). The IPTV Client (141) is also responsible for displaying the content (“playout”). The IPTV Client (141) manipulates the incoming IPTV streams and the encoding thereof. The IPTV Client (141) uses the DRM Client (142) to obtain the keys necessary for descrambling the content.

[0103] The DRM Client (142) is a software library of the Intertrust company (known to a person skilled in the art as “Wasabi/ExpressPlay SDK”). The DRM Client (142) is on-board the subscriber's content access device. The DRM Client (142) communicates confidentially with the DRM Front-End System (132) to obtain the DRM objects and licenses and offers an application programming interface (or “API”) to the content display subsystem (or “media playout subsystem”) making it possible to verify the content rights with respect to the available licenses. The DRM objects are recovered using “action tokens” generated by the Token Back-End System (125) and are provided to the DRM Client (142) by the UI Application (143).

[0104] The User Interface UI Application (143) is a high-level user interface present in the subscriber's content access device (for example, telephone or tablet): Periodically, or in response to actions of the subscriber, the User Interface UI Application (143) contacts the Token Front-End System (133) to recover an “action token” for DRM rights. The action token is then passed on to the DRM Client library (142), which carries out the rights recovery operation. The User Interface UI Application (143) provides the user with an interface making it possible to start the display of content (for example, IPTV channel zapping) and enabling local management of DRM authorizations in the DRM Client library (142).

Description of a Particular Embodiment

[0105] In this embodiment, the system described above implements a two-phase operation:

DRM Rights Acquisition Phase

[0106] 1. The UI application (143) triggers a DRM rights update by sending the device identifier (“device ID”) and the Digital Rights Management identifier (“DRM ID”) to the token portal (133) of the inventive system.

[0107] 2. The request is transmitted by the Token Portal (133) to the Token Back End (125).

[0108] 3. On the basis of the “device ID”, the token back end (125) queries the CRM module (126) to recover the user rights.

[0109] 4. The request is transmitted by CRM module (126) to the external subscriber management system (112).

[0110] 5. The rights information recovered by the token back end (125) is sent to the DRM server (123). Said rights information is translated into DRM objects by the DRM back end (123). In each DRM object recovery transaction for a DRM client, the DRM back end assigns a unique identifier (ID).

[0111] 6. The UI application (143) gives an instruction to the DRM client (142) to recover the DRM objects by creating and by passing to the DRM front end (132) an action token containing the actions to be carried out as well as their respective IDs.

[0112] 7. The DRM client (142) contacts the DRM server (123) via the DRM front end (132) for each of the actions specified by passing a transaction ID in the action token.

[0113] 8. The DRM front end (132) recovers from the DRM back end (123) the DRM object corresponding to the DRM client (142) on the basis of the transaction ID.

[0114] 9. To construct a license for the DRM content, the DRM back end (123) contacts the key server (124) in order to translate the content ID into a key forming part of the license.

Content Delivery and Decryption Phase, Illustrated in FIG. 2

[0115] 1. The content in clear (31) is provided by the CDN source (111) to the scrambler (121) via a multicast Single-Program Transport Stream (“MPEG-TS over UDP”).

[0116] 2. The scrambler (121) contacts (32) the ECM generator (122) in order to construct an ECM datum containing the control word (33) and the access criteria required for a given channel. The ECM generator (122) verifies whether the client device (14) has already contacted the ECM generator (122). In a particular embodiment, the ECM generator verifies that the client device (14) receiving the ECM has contacted the ECM generator (122) since at least T time units. If not, the ECM generator (122) does not go on to step 3. During the contact between the ECM generator (122) and the client device (14), the ECM generator verifies whether the client device (14) has previously transmitted, to the ECM generator, the value of a variable E representative of a state of the client device (14). More specifically, during the contact between the ECM generator (122) and the client device (14), the ECM generator remotely verifies that the state E of the client device (14) is consistent with that of the client device during the previous contact. For example, state E may be a list {time_date_start[i], time_date_end[i], channel[i]} containing the user display history. It is considered in the present document that “state E[t] is consistent with state E[t−1]” if, after having determined a level of similarity between these two states, said level of similarity is greater than a predetermined threshold. In the particular embodiment described above, in which state E is a list containing the user display history, “state E[t] is consistent with state E[t−1]” if the range of intersection between the lists E[t] and E[t−1] is great enough, i.e. if the common elements between the lists E[t] and E[t−1] represent a percentage greater than a predetermined threshold percentage (for example 25% of the elements). When the client device (14) realizes that its current list E[t] differs significantly from E[t−1] (for example 50% of the elements), it triggers an interaction with the ECM generator. Thus, a pirate clone will very quickly be desynchronized and cease to operate.

[0117] 3. If the ECM generator (122) determines that the level of similarity between the two states E[t] and E[t−1] is greater than a predetermined threshold, the ECM generator (122) uses a key server (124) to translate the access criterion into a specific content ID and a specific content key.

[0118] 4. The scrambler (121) inserts the ECM (33) thus constructed into the encrypted data stream, thereby obtaining a multiplexed datum (34) send to the CDN (131).

[0119] 5. The encrypted data stream (35) is delivered to the IPTV client (141) via the CDN content delivery network (131).

[0120] 6. The client device (14) recovers the content ID from the ECM data and consults (36) the DRM client (142) in order to verify whether a license for said content ID exists. If so, the rights are granted.

OTHER FEATURES AND ADVANTAGES

[0121] A practical application of the inventive system is typically implemented on a hardware device, the hardware architecture of which is illustrated in FIG. 3. A processor 41, for example a microprocessor, is connected to a data input and output interface means 42, and to a memory 43 in which the processor reads instructions encoding a program 44 implementing the inventive process. The memory 43 is also used to read and write data, encrypted messages and keys.

[0122] A major advantage of the inventive system with respect to the prior art is the following: a pirate clone created at a time t will change from E[t] to E′[t+1]. During this time, the legitimate system will change to E[t+1]. Since the clone and the legitimate system are used by two different users, with a very high probability that E′[t+1] will differ from E[t+1], this difference will quickly be accentuated and be detected by the CAS system. This will result in stopping the operation of the clone. Thus, the system and the process according to the invention are designed so as to enable the security and safety of the system to be significantly improved.

[0123] The invention therefore effectively and definitively solves all of the disadvantages of the prior art.

PROCESS FOR REINFORCING THE SECURITY OF A PAY TELEVISION SYSTEM BASED ON PERIODIC MANDATORY BACK-COMMUNICATION

Assignee

Inventors

Cpc classification

Classification Explorer

H04H60/23

ELECTRICITY

Classification Explorer

H04H2201/11

ELECTRICITY

Classification Explorer

G06F21/10

PHYSICS

Classification Explorer

H04N21/00

ELECTRICITY

Classification Explorer

H04L2463/101

ELECTRICITY

Classification Explorer

H04N21/4181

ELECTRICITY

Classification Explorer

H04N21/4405

ELECTRICITY

Classification Explorer

H04N21/4627

ELECTRICITY

Classification Explorer

H04L63/123

ELECTRICITY

Classification Explorer

H04N21/63345

ELECTRICITY

Classification Explorer

H04N21/2541

ELECTRICITY

Classification Explorer

H04N21/2347

ELECTRICITY

International classification

Classification Explorer

H04H60/23

ELECTRICITY

Classification Explorer

H04L29/06

ELECTRICITY

Abstract

Claims

Description