Method for supplying protected multimedia content to a terminal

Abstract

A Method for supplying protected multimedia content during which a terminal a) acquires a service date from a date server and b) evaluates a temporal criterion of a licence with respect to the last acquired service date. A headend associates with each segment of the multimedia content, its transmission date, and transmits it in a stream together with the segment. The terminal extracts from the stream the date of transmission of the segment, then it compares the extracted transmission date to the last acquired service date. And, only if the extracted transmission date is later than the last acquired service date, acquires it as service date, and uses it as last acquired service date on an execution of the step b) between two successive executions of the step a).

Claims

1. A process for participating in the distribution of multimedia content protected by a multimedia-content protection system, said process comprising, at a terminal, in response to execution of a transmission phase by a headend, executing a reception phase and a playing phase, wherein the transmission phase comprises, at said headend, a) requiring a necessary right of access and a license to enable a terminal to access any segment of a block of multimedia content in order to play the block, wherein the license includes the right of access and a temporal validity criterion, wherein each of the segments in the block of multimedia content includes at least one series of groups of video images or of audio frames, wherein the block comprises one or more segments, and b) transmitting, to the terminal, the license and a stream comprising each segment together with that segment's transmission date, wherein the reception phase comprises, at the terminal c) receiving the stream of multimedia content segments, and d) receiving the license, wherein the playing phase comprises e) authenticating a date server and, only if the date server is successfully authenticated, acquiring a service date from the date server, and f) evaluating the time criterion of the license with respect to the last acquired service date, then, if the result of the evaluation is positive, extracting the right of access from the license, thus allowing access to the segments and, otherwise, disabling the extraction of the right of access from the license, thus preventing access to the segments, g) extracting, from the stream, together with a segment, the segment's transmission date and comparing the extracted transmission date with the last acquired service date, and only if the extracted transmission date is later than the last acquired service date, acquiring it as service date, and using it as the last acquired service date in a next execution of step f) that occurs between two successive executions of step e), and playing the segments.

2. The process of claim 1, wherein step c) further comprises receiving a stream comprising each segment of the block of multimedia content segments, wherein step d) further comprises receiving a license that includes a right of access necessary for the terminal to access any segment of the block in order to play the block and a temporal validity criterion, wherein, step e) further comprises authenticating a date server and, only after having successfully authenticated the date server, acquiring a service date from the date server, wherein step f) further comprises evaluating the temporal validity criterion with respect to the last acquired service date, then, if the result of the evaluation is positive, extracting the right of access from the license, thus allowing access to the segments and, otherwise, disabling the extraction the right of access from the license, thus preventing the access to the segments, wherein step g) further comprises extracting, from the stream, together with a segment, the segment's transmission date, comparing the extracted transmission date with the last acquired service date, and only if the extracted transmission date is later than this last acquired service date, to acquiring it as a service date and using it as last acquired service date in a next execution of step f) that occurs between two successive executions of step e).

3. The process of claim 2, wherein the right of access comprises an intermediate key or a cryptogram of the intermediate key obtained by encrypting the intermediate key with a cryptographic key of the terminal, the intermediate key being a key used to encrypt the keys of all the segments of the block of segments, each key being the key used to encrypt a respective segment of the multimedia content.

4. The process of claim 2, wherein step g) further comprises comparing the extracted transmission date with the last acquired service date, and, only if the extracted transmission date is prior to this last service date by no more than a first predetermined duration, leaving the last acquired service date unchanged, as a result of which step f) is executed by using the last acquired service date, which has been left unchanged.

5. The process of claim 2, wherein step g) comprises comparing the extracted transmission date to the service date acquired on the last execution of step e) and re-executing step e) if the difference between the extracted transmission date and this service date is longer than a second predetermined duration and, otherwise, refraining from re-executing step e) in response to the comparison.

6. The process of claim 2, wherein step e) comprises determining that the connection to the date server cannot be established and in response, disabling the extraction of the right of access from the license, thus preventing access to the segments.

7. The process of claim 6, further comprising, at the terminal, counting the number of consecutive times in which the connection to the date server cannot be established and, in response to the number having crossed a predetermined threshold, disabling extraction of the right of access from the license, thus preventing the access to the segments and, otherwise, allowing extraction of the right of access from the license, thus allowing access to the segments.

8. The process of claim 2, further comprising, between two consecutive executions of step f), extracting one or more received segment transmission dates and, each time a transmission date is extracted that is later than the last acquired service date, acquiring that transmission date as the service date to be used as a last acquired service date on the next execution of step f).

9. A manufacture comprising a tangible and non-transitory information storage medium having encoded thereon instructions that, when executed by a terminal, cause said terminal to participate in distribution of multimedia content protected by a multimedia-content protection system, wherein said instructions comprise instructions for executing a reception phase and a playing phase in response to execution of a transmission phase by a headend, wherein said transmission phase comprises, at said headend, a) requiring a necessary right of access and a license to enable a terminal to access any segment of a block of one or more segments of multimedia content in order to play said block, wherein said license includes a right of access and a temporal validity criterion, wherein each of said segments includes at least one series of groups of video images or groups of audio frames, wherein said block comprises one or more segments, and b) transmitting, to said terminal, said license and a stream comprising each segment together with that segment's transmission date, wherein said reception phase comprises, at said terminal c) receiving said stream of multimedia content segments, and d) receiving said license, wherein said playing phase comprises e) authenticating a date server and, only if said date server is successfully authenticated, acquiring a service date from said date server, and f) evaluating said time criterion of the license with respect to a last acquired service date, then, if the result of said evaluation is positive, extracting said right of access from the license, thus allowing access to said one or more segments and, otherwise, disabling said extraction of said right of access from said license, thus preventing access to said one or more segments, g) extracting, from said stream, together with a segment, said segment's transmission date, comparing said extracted transmission date with said last acquired service date, and only if said extracted transmission date is later than said last acquired service date, acquiring said extracted transmission date as said service date, and using said service date as the last acquired service date in a next execution of step f) that occurs between two successive executions of step e), and playing said segments at said terminal.

10. An apparatus comprising a terminal comprising a processor and a memory, wherein said memory stores instructions that, when executed by said processor, cause said processor to participate in distribution of multimedia content protected by a multimedia-content protection system, wherein said instructions comprise instructions for executing a reception phase and a playing phase in response to execution of a transmission phase by a headend, wherein said transmission phase comprises, at said headend, a) requiring a necessary right of access and a license to enable a terminal to access any segment of a block of one or more segments of multimedia content in order to play said block, wherein said license includes a right of access and a temporal validity criterion, wherein each of said segments includes at least one series of groups of video images or groups of audio frames, wherein said block comprises one or more segments, and b) transmitting, to said terminal, said license and a stream comprising each segment together with that segment's transmission date, wherein said reception phase comprises, at said terminal c) receiving said stream of multimedia content segments, and d) receiving said license, wherein said playing phase comprises e) authenticating a date server and, only if said date server is successfully authenticated, acquiring a service date from said date server, and f) evaluating said time criterion of the license with respect to a last acquired service date, then, if the result of said evaluation is positive, extracting said right of access from the license, thus allowing access to said one or more segments and, otherwise, disabling said extraction of said right of access from said license, thus preventing access to said one or more segments, g) extracting, from said stream, together with a segment, said segment's transmission date, comparing said extracted transmission date with said last acquired service date, and only if said extracted transmission date is later than said last acquired service date, acquiring said extracted transmission date as said service date, and using said service date as the last acquired service date in a next execution of step f) that occurs between two successive executions of step e), and playing said segments at said terminal.

11. A process for participating in the distribution of multimedia content protected by a multimedia content protection system, said process comprising executing a transmission phase, causing execution of a reception phase, and causing execution of a playing phase, wherein the transmission phase, comprises, at the headend, a) requiring a license and a necessary right of access to access any segment of a block of multimedia content segments, wherein the necessary right of access enables a terminal to access any segment of the block in order to play the block, wherein the license includes the right of access and a temporal validity criterion, wherein each of the segments includes at least one series of groups of video images or of audio frames, wherein the block comprises one or more segments, and b) transmitting, to the terminal, the license and a stream that comprises each segment and that segment's transmission date, wherein the reception phase comprises, at the terminal, c) receiving the stream of multimedia content segments, and d) receiving the license, wherein the playing phase comprises, at the terminal, in addition to playing the segments, e) authenticating a date server and, only if the date server is successfully authenticated, acquiring a service date from the date server, f) evaluating the time criterion of the license with respect to the last acquired service date, then, if the result of the evaluation is positive, extracting the right of access from the license, thus allowing access to the segments and, otherwise, disabling the extraction of the right of access from the license, thus preventing access to the segments, g) extracting, from the stream, together with a segment, the segment's transmission date, comparing the extracted transmission date with the last acquired service date, and, only if the extracted transmission date is later than the last acquired service date, acquiring it as the service date and to using it as last acquired service date in a next execution of step f) that occurs between two successive executions of step e).

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) FIG. 1 is a schematic representation of the architecture of system for supplying protected multimedia content,

(2) FIG. 2 is a schematic representation of an intermediate licence,

(3) FIG. 3 is a schematic representation of a terminal licence,

(4) FIG. 4 is a schematic representation of a stream transmitted by a headend to a terminal in the system of FIG. 1,

(5) FIG. 5 is a schematic representation of a method for supplying protected multimedia content using the system of FIG. 1.

(6) In these figures, the same references are given to denote the same elements.

DETAILED DESCRIPTION

(7) Hereinbelow in this description, the features that are well known to those skilled in the art are not described in detail.

(8) FIG. 1 represents a system for supplying protected multimedia content. This system comprises a plurality, typically thousands, of terminals linked, via a network 3, on the one hand to a headend 1, and on the other hand to a date server 2. Here, it is assumed that all these terminals are identical. Thus, to simplify the illustration, only one terminal 4 is represented in FIG. 1.

(9) The terminal 4 is suitable for accessing a content in order to play it. To this end, the terminal 4 comprises a programmable electronic computer 44 and a memory 46. The computer 44 is suitable for executing instructions stored in the memory 46. The memory 46 comprises the instructions for the execution of the method of FIG. 5. The memory 46 also comprises the last acquired service date TE and a service date TTs acquired upon the last connection to the server 2.

(10) The network 3 is a wide area network for distributing information that makes it possible to establish a two-way communication between the terminal 4 and the headend 1 and the server 2. For example, the network 3 is the worldwide web, better known as the Internet network.

(11) The headend 1 is suitable for protecting a content, and for transmitting it to the terminal 4. To this end, the head 1 comprises a clock 12. This clock 12 supplies, to the head 1, the date of transmission of a content segment. This clock 12 is here synchronized, according to the network time protocol NTP, with a first reference clock external to the head 1.

(12) The date server 2 is suitable for supplying, to the terminal 4, a service date in response to a request. The server 2 is here synchronized, according to the NTP protocol, with a second reference clock external to the system.

(13) The first and second reference clocks are, or are not, the same clock. By virtue of the hierarchical architecture, in levels called strata, associated with the NTP protocol, the first and second reference clocks are themselves, in the same way, each synchronized with a reference clock of the stratum immediately above, and so on, step by step and finally, each synchronized with a reference clock of the stratum 1. On each stratum, these reference clocks are, or are not, the same clock.

(14) Here, for the head 1 and the server 2, only the differences with respect to a conventional headend and a conventional date server are described in detail. For information concerning a conventional headend and a conventional date server, the reader can refer to the prior art cited in the introduction to this patent application.

(15) FIG. 2 represents an intermediate licence L.sub.i. This licence L.sub.i notably comprises a cryptogram (K.sub.si)*K.sub.Gp 51 obtained by encrypting a key K.sub.si with an intermediate key K.sub.Gp. The key K.sub.si is the key used to encrypt the segment S.sub.i of the multimedia content. The intermediate key K.sub.Gp is the key used to encrypt the keys K.sub.si of all the segments of the block G.sub.p. The intermediate licence L.sub.i also comprises:

(16) an identifier Id(K.sub.Gp) 50 of this intermediate key K.sub.Gp, and

(17) a date TS.sub.i 53 of transmission of the segment S.sub.i.

(18) The notations used in this figure and FIG. 3 are described in more detail with reference to FIG. 5.

(19) FIG. 3 represents a licence L.sub.p, or terminal licence, of a digital rights management system. This licence comprises a right 52 of access, and a temporal validity criterion 54 as defined in the introductory part of this patent application. The right 52 of access here comprises a cryptogram of this intermediate key K.sub.Gp. The licence L.sub.p also comprises the intermediate key identifier Id(K.sub.Gp) 50.

(20) FIG. 4 represents a stream 6 transmitted by the headend 1 to the terminal 4 upon the implementation of the method of FIG. 5. The stream 6 comprises a plurality of blocks of multimedia content segments. For example, the stream 6 comprises more than 2, 10 or 100 blocks of segments. To simplify FIG. 3, only two blocks 62, 63 have been represented. In this figure, the symbol between the blocks 62, 63 indicates that blocks have not been represented. Here, it is assumed that all these blocks are structurally identical and differ from one another only by the content encoded in each of the segments. In particular, all the blocks comprise the same number of segments. Thus, only the structure of the block 62 will now be described in more detail.

(21) The block 62 comprises a plurality of segments. Typically, the block 62 comprises more than 10 or 100 successive segments. The block 62 comprises only a restricted part of all the segments. The concatenation of all the blocks forms the content as a whole. Here, only three segments 622, 623 and 624 have been represented in FIG. 4. The symbol . . . between the segments 623 and 624 indicates that other segments have not been represented. Here, all these segments are structurally identical and differ from one another only by the information encoded in each of them. Thus, only the segment 622 is now described in more detail.

(22) The segment 622 conforms to the definition of the term segment given in the introduction of this text. The segment 622 has associated with it an intermediate licence 642, transmitted together with this segment in the stream 6. Here this association is produced by synchronizing the segment 622 and the intermediate licence 642 in the stream. Typically, this synchronization is produced by the adjacency of the segment 622 and of the intermediate licence 642 in the stream, and, when the time comes, by their joint transmission. Similarly, intermediate licences 643 and 644 are associated with, respectively, segments 623 and 624.

(23) The operation of the system of FIG. 1 will now be described with reference to the method of FIG. 5.

(24) Initially, in a step 1000, as is known to those skilled in the art, the headend 1 obtains a free-to-air temporal multimedia content. It then encodes this content.

(25) Then, in a step 1002, the head splits the encoded multimedia content into a plurality of successive content segments S.sub.i. These segments S.sub.i are ordered temporally relative to one another, and their complete sequence constitutes the content. Hereinafter in this description, the index i is the serial number of the segment S.sub.i in this temporal series of segments.

(26) The headend then ensures the individual protection, by a digital rights management system, of each of the segments S.sub.i. In this respect, in a step 1004, it encrypts each segment S.sub.i with a specific content key K.sub.si which not used to encrypt another segment of the same sequence of segments.

(27) Then, in a step 1006, the headend 1 constructs blocks G.sub.p of successive segments. The index p is the serial number of the block in the duly constructed series of successive blocks. Here, to this end, the headend 1 sets the number of segments contained in each block. For each block comprising this number of successive segments, it then generates an intermediate key K.sub.Gp. The intermediate key K.sub.Gp is different for each block of the protected multimedia content. Then it encrypts the encryption key K.sub.si of each of the segments S.sub.i of the block G.sub.p with the intermediate key K.sub.Gp. It therefore obtains, for each segment S.sub.i of the block G.sub.p the cryptogram (k.sub.si)*k.sub.Gp 51. The headend 1 then inserts the identifier Id(K.sub.Gp) 50 of the intermediate key K.sub.Gp and the cryptogram (K.sub.si)*K.sub.Gp 51 into the intermediate licence L.sub.i that it associates with this segment S.sub.i as described with reference to FIG. 3.

(28) In parallel, for example with one of the steps 1000, 1002, 1004 and 1006 in a step 1100, the headend 1 receives, from the terminal 4, a request for the purpose of obtaining the content. This request notably contains an identifier of a terminal key K.sub.T. The key K.sub.T is here unique for each terminal. As is known to those skilled in the art, the key K.sub.T has been obtained by the terminal in its manufacturing or customization phase. The key K.sub.T has then been obtained by the headend 1 in a phase of registration of the terminal 4 before the implementation of the method of FIG. 5.

(29) In response to the request received in the step 1100, the headend 1 implements the steps 1200, 1202, 1204 and 1206.

(30) In the step 1200, the headend 1 encrypts each intermediate key K.sub.Gp used with the key K.sub.T of the terminal 4 to obtain the cryptogram (K.sub.Gp)*K.sub.T. Then, for each block G.sub.p, it inserts, as right 52 of access to this block, the cryptogram (K.sub.Gp)*K.sub.T into the licence L.sub.p of this terminal intended for the terminal 4. The identifier Id(K.sub.Gp) 50 of the intermediate key K.sub.Gp is also inserted into the licence L.sub.p and into each intermediate licence L.sub.i associated with any segment S.sub.i of the block G.sub.p. The licence L.sub.p is thus associated with each of the segments S.sub.i, and therefore with the block G.sub.p, by this identifier Id(K.sub.Gp). Finally, the headend 1 inserts, into the licence L.sub.p, the temporal validity criterion 54 of this licence. For example, this criterion 54 specifies that the licence L.sub.p can be used only between the 1 Jan. 2014 and the 1 Mar. 2014.

(31) Then, in a step 1202, the headend 1 associates, with each of the segments S.sub.i, its transmission date TS.sub.i. Here, it obtains the date of transmission of the segment S.sub.i from the clock 12. Then, it inserts this transmission date TS.sub.i into the intermediate licence L.sub.i associated with the segment S.sub.i. Typically, this date of transmission is that of the end of the computation of the intermediate licence L.sub.i associated with the segment S.sub.i. It therefore precedes by very little, typically by a fraction of a second, the start of the transmission over the network 3 of this segment S.sub.i. It is preferably inserted, integrity-protected, into the licence L.sub.i.

(32) The headend 1 thus generates, step by step, the stream 6 comprising each of the segments S.sub.i of the block G.sub.p concerned and its associated intermediate licence L.sub.i which itself comprises its transmission date TS.sub.i.

(33) The headend 1 finally transmits, to the terminal 4, in the step 1204, the licence L.sub.p, and in the step 1206, the stream 6.

(34) As is known to those skilled in the art, notably depending on the nature of service for supplying contents concerned and the request from the terminal, the steps 1204 and 1206 can be synchronized, or independent in time. For example, here, the service for supplying contents concerned is a content broadcasting service, and the request received in the step 1100, aims to obtain the content to play it on the fly as it is received. The step 1204 then precedes the step 1206 of broadcasting of the content, such that the licence L.sub.p is received and processed by the terminal before the block G.sub.p is played. The same applies if the request received in the step 1100 aims to obtain the content in order to make of it, on the fly as it is received, any other use controlled by the content protection system, such as its recording.

(35) The terminal thus receives, in a step 1300, the licence L.sub.p, and in a step 1302, the stream 6.

(36) In a way that corresponds to that of the steps 1204 and 1206, the steps 1300 and 1302 can be synchronized, or independent in time. For example, here, the step 1300 precedes the step 1302, so that the licence L.sub.p is processed by the terminal before the block G.sub.p is played.

(37) Then, the terminal undertakes a phase of playing the content. During this phase, it proceeds, in succession for each of the segments S.sub.i of the received stream 6, with the steps 1400 to 1422.

(38) In the step 1400, the terminal extracts the segment S.sub.i and its associated intermediate licence L.sub.i from the stream 6.

(39) Then, in the step 1402, the terminal extracts, from the licence L.sub.i, the date TS.sub.i of transmission of the segment S.sub.i.

(40) Then, in the step 1404, the terminal compares the date of transmission TS.sub.i to the last acquired service date, here denoted TE.

(41) If TS.sub.i is later than TE, then, in the step 1406, the terminal 4 replaces the value of the date TE with the value of the date TS.sub.i extracted in the step 1402. Then, still in the step 1406, the terminal 4 compares this new date TE to the last service date acquired from the date server 2, here denoted TTs.

(42) If TE is later than TTs by at least a predetermined duration, here denoted ETTD, then the terminal proceeds with the step 1408 of acquiring the service date from the date server 2. Otherwise, the terminal proceeds directly to the step 1410. The terminal 4 is thus forced to regularly connect to the server 2.

(43) The predetermined duration ETTD can have been initialized in the terminal 4 during the production of the system, or by the service operator. Its value is typically greater than 10 or 20 minutes. The value of the duration ETTD is also generally less than 10, 50 or 100 hours.

(44) The values of the dates TE and TTs can initially have been acquired by the terminal 4, in a so-called installation, activation or customization phase for example, from the date server 2, or initialized, for example, at 0.

(45) In the step 1404, if TS.sub.i is prior to TE by more than a predetermined duration, here denoted TSW, then the terminal proceeds directly to the step 1408 of acquiring the service date from the date server 2. Thus, when it has not been possible to rely on the date of transmission, it is essentially the service date communicated by the date server 2 which is used.

(46) Finally, in the step 1404, if TS.sub.i lies between TE and TE-TSW, then the method continues directly with the step 1410. In this case, the date TE is not updated according to the date TS.sub.i extracted in the step 1402. This situation occurs when a segment is played by the terminal with a slight delay in relation to the moment of reception of this segment by this terminal. The value of the slight delay that is admissible is here equal to TSW.

(47) The predetermined duration TSW can have been initialized in the terminal 4 during the production of the system, or by the service operator. Its value is typically greater than 10 or 20 minutes. Generally, its value is also less than an hour or 10 hours.

(48) In the step 1408, the terminal 4 authenticates the server 2, for example using an electronic certificate. The terminal 4 also transmits, to the date server 2, a date request, and obtains a date in return. Only if the server 2 is successfully authenticated, the terminal 4 then acquires this date and replaces the value of the date TT.sub.s and of the date TE with the value of this date obtained from the server 2.

(49) Here, in the step 1408, if the connection to the date server 2 cannot be established or if the authentication fails, the terminal 4 increments a connection failure counter. If the value of this counter does not cross a predetermined threshold, here denoted Max_tts_bypass, the terminal 4 proceeds to the step 1410 without modifying the values of the dates TT.sub.s and TE. If the value of this counter crosses the threshold Max_tts_bypass, the terminal 4 disables the step 1410 and subsequent steps of the method, notably the extraction of the right of access from the terminal licence L.sub.p, thus preventing the access to the segment S.sub.i. Then, the failure counter can be reinitialized to its initial value by the service operator. It can also be reinitialized automatically after a predetermined duration, for example greater than 30 min or 1 hour or 10 hours.

(50) The threshold Max_tts_bypass can have been initialized in the terminal 4 during the production of the system, or by the service operator. Its value is typically greater than 2, 3 or 5 and, for example, less than 10, 20 or 50.

(51) In the step 1410, the terminal 4 extracts, from the intermediate licence L.sub.i, the identifier Id(K.sub.Gp) 50 of the intermediate key K.sub.Gp.

(52) Then, in the step 1412, the terminal 4 searches, among the terminal licences received, for the licence L which includes the identifier Id(K.sub.Gp) 50.

(53) In the step 1414, the terminal 4 extracts the temporal criterion 54 from the licence L.sub.p found in the step 1412. Then, it evaluates this criterion with respect to the last acquired service date TE. If this service date satisfies the temporal criterion 54, then the terminal 4 implements the step 1416 and subsequent steps of the method. Otherwise, it disables the step 1416 and subsequent steps of the method, notably the extraction of the right of access from the licence L.sub.p, thus preventing the access to the segments, and returns to the step 1400 to process the next segment S.sub.i+1.

(54) In the step 1416, if the intermediate key K.sub.Gp contained in the right of access 52 has not already been extracted therefrom since the start of the playing phase, then the terminal 4 extracts, from the licence L.sub.p found in the step 1412, the cryptogram (K.sub.gp)*K.sub.T.

(55) Then, in the step 1418, the terminal 4 decrypts the cryptogram (K.sub.Gp)*K.sub.T with its terminal key K.sub.T, thus obtaining the intermediate key K.sub.Gp.

(56) Then, in the step 1420, the terminal 4 decrypts the cryptogram (K.sub.si)*K.sub.Gp with the intermediate key K.sub.Gp decrypted in the step 1418, thus obtaining the specific key K.sub.si.

(57) Finally, in the step 1422, the terminal 4 decrypts the cryptogram of the segment S.sub.i with the specific key K.sub.si obtained in the step 1420, so as to obtain the segment S.sub.i in free-to-air form. The segment S.sub.i in free-to-air form can then be transmitted by the terminal 4 to any multimedia appliance to be played. The method then returns to the step 1400 to receive and play the next segment S.sub.i+1.

(58) Numerous other embodiments of the invention are possible. For example, the content is supplied, by the system for supplying protected multimedia content, encrypted with a plurality of keys as part of its protection by the digital rights management system. A plurality of licences, each containing at least one of these content keys, are then necessary for the terminal to access the content. The method claimed is then applied to at least one of these licences.

(59) In another embodiment, the right of access 52 of the licence L.sub.p comprises the intermediate key K.sub.Gp and not the cryptogram (K.sub.Gp)*K.sub.T. In this embodiment, the terminal licence is not necessary.

(60) In the preceding embodiment, the right of access is a cryptogram of the key K.sub.Gp obtained by encrypting it with the cryptographic key K.sub.T. A cryptogram is an item of information that is insufficient in itself to retrieve the content key K.sub.si. Thus, if the transmission of the licence is intercepted, the content key that makes it possible to descramble a segment of the multimedia content cannot be retrieved if only the cryptogram is known. To retrieve the content key uncoded, that is to say the content key that makes it possible to directly descramble the segment of the multimedia content, the cryptogram must be combined with a secret information item. In the preceding example, the secret information item is the cryptographic key K.sub.T that make it possible to decrypt the cryptogram (K.sub.Gp)*K.sub.T. Other ways of obtaining the cryptogram contained in the right of access are possible. For example, the cryptogram can be a pointer to a cryptographic key stored uncoded in a table containing a multitude of possible intermediate keys. In this case, the secret information item is the table associating, an uncoded cryptographic key with each pointer. The cryptogram can also be: an identifier of this cryptographic key, to be supplied to the headend, via a return channel, thus making it possible to request the key from the headend, then to receive, in response and typically only after a successful authentication of the terminal, the cryptographic key or an initialization value that enables the terminal to reconstruct this cryptographic key; a link, typically a URL (Uniform Resource Locator), that makes it possible to go and read, typically only in the case of a successful authentication of the terminal, this cryptographic key on a cryptographic key server; or an initialization value, enabling the terminal to reconstruct this cryptographic key, typically by performing a computation of the value of this key by using, for example, a secret algorithm known only to the terminal and to the headend.

(61) Alternatively, the content is supplied protected by a digital rights management system but without being encrypted. The content key is not then included in the access data inserted into the licence.

(62) In another embodiment, the multimedia content is supplied protected by a conditional access system, or CAS. The terminology of the field of conditional access systems is then used. The interested reader will be able, for example, to find a more comprehensive presentation thereof in the document: Functional Model of a Conditional Access System, EBU Review, Technical European Broadcasting Union, Brussels, BE, N 266, 21 Dec. 1995. A segment is then a cryptoperiod, a terminal licence is an EMM, and the intermediate licence is an ECM. The date of transmission is then typically inserted into an ECM.

(63) In another embodiment, the content is supplied, by the system, protected by any other type of content protection system, such as, for example, a more conventional data protection system that does not perform any access rights management. The method claimed is then applied to the supply of the messages necessary for the routing of the decryption keys, for example.

(64) In another embodiment, all the segments of a block of content segments do not immediately follow one another in the temporal unfolding of the content. Some of these segments are then separated therein by segments not belonging to the block concerned.

(65) As a variant, a terminal shares, with at least one other, its so-called terminal encryption and decryption keys.

(66) As a variant, the network 3 comprises a first one-way information transmission subnetwork between the head 1 and the terminal 4 and a second two-way information transmission subnetwork between the server 2 and the terminal 4. For example, the first subnetwork is a satellite transmission network and the second subnetwork is the Internet network.

(67) As a variant, the clock 12 of the head 1 is synchronized with a reference dock according to a protocol distinct from NTP. In another variant, the clock 12 is synchronized with the date server 2. In another variant, the clock 12 is synchronized with a reference clock internal to the head 1. In a final variant, the clock 12 is itself a reference clock internal to the head 1. Similarly, the date server 2 can be synchronized with a reference clock according to a protocol distinct from NTP. In another variant, the server 2 itself comprises a reference clock with which it is synchronized. It is also possible for the dock 12 and the date server 2 to be synchronized with reference docks according to different protocols.

(68) As a variant, the date server 2 is incorporated in the headend 1.

(69) The number of blocks and segments per block can vary. For example, the stream 6 comprises a single block of content segments. In another variant, each block comprises a single segment. In another embodiment, the number of segments in each block is not necessarily the same from one block to another.

(70) The date TS.sub.i of transmission of the segment 622 can be inserted into a message or a data structure other than the intermediate licence associated with this segment. However, this message or this other data structure is transmitted together with the segment and with the intermediate licence. For example, the date of transmission is adjacent to each segment transmitted in the stream but does not form part of the data structure forming the licence L.sub.i.

(71) Other embodiments of the licence L.sub.p are possible. For example, the head 1 can, in the step 1200, to complement the right of access 52 of the licence L.sub.p, combine additional rules or access criteria with the cryptogram (K.sub.Gp)*K.sub.T. In the step 1416, these additional rules or criteria are then also extracted from the right of access 52 by the terminal 4, then evaluated. The success of this evaluation then conditions the implementation of the step 1418 of decrypting the cryptogram (K.sub.Gp)*K.sub.T.

(72) As a variant, the headend 1 obtains the date of transmission of a segment from the date server 2, or from a third-party date server external to the system of FIG. 1.

(73) As a variant, the service for supplying contents concerned is a service for broadcasting or downloading contents for which the recording is not controlled by the content protection system, and the purpose of the request received in the step 1100 is to obtain the content to record it in order to play it subsequently. The steps 1284 and 1206 are not then subject to any synchronization constraint, so that, depending on the dynamics of the service, they can be simultaneous or follow one another in either order. The same then applies to the steps 1300 and 1302.

(74) In another variant, the predetermined duration TSW is not used. This amounts to taking this duration TSW to be equal to 0 in the step 1404 of the method of FIG. 5. Similarly, it is not necessary to use the predetermined duration ETTD. This therefore amounts to considering that, in the step 1404 of FIG. 5, the duration ETTD is infinite. In this case, the updating of the date TT.sub.s is initiated otherwise. For example, this updating is initiated periodically or after having received a predetermined number of segments S.sub.i to be decrypted.

(75) As a variant, in the step 1408, if the value of the connection failure counter crosses the threshold Max_tts_bypass, the terminal 4 disables the step 1410 and subsequent steps of the method, notably the extraction of the right of access from the terminal licence L.sub.p, and, for example, terminates the phase of playing the protected multimedia content.

(76) As a variant, the terminal 4 does not include any counter of failures to connect to the date server 2. Thus, in the step 1408, from the very first time that the connection to this server could not be established, the terminal disables the extraction of the right of access from the licence thus preventing the access to the segments.

(77) In the step 1414, if the last acquired service date TE does not satisfy the temporal criterion 54 of the licence L.sub.p found in the step 1412, the terminal can search for or try to use another licence comprising the identifier Id(K.sub.Gp) 50 of the intermediate key K.sub.Gp. In another variant, it disables the step 1416 and subsequent steps of the method, notably the extraction of the right of access from the terminal licence L.sub.p, and, for example, terminates the phase of playing the protected multimedia content.

Method for supplying protected multimedia content to a terminal

Assignee

Inventors

Cpc classification

Classification Explorer

G06F1/14

PHYSICS

Classification Explorer

G06F21/10

PHYSICS

Classification Explorer

H04L2463/101

ELECTRICITY

Classification Explorer

H04L2209/603

ELECTRICITY

Classification Explorer

H04L63/123

ELECTRICITY

Classification Explorer

H04L63/08

ELECTRICITY

International classification

Classification Explorer

H04L29/06

ELECTRICITY

Classification Explorer

G06F21/10

PHYSICS

Classification Explorer

G06F1/14

PHYSICS

Abstract

Claims

Description