DESC:Field of the invention

[001] The present invention relates to a method for authorising a subscriber’s device. More particularly, the present invention relates to a method for authorising a subscriber’s device for broadcasting upon receiving a new subscription request from a subscriber which is used to limit the access of a TV signal to only an authorized viewers.

Background of the invention

[002] Generally, a broadcasting system uses a Conditional Access System. The Conditional Access System is used for limiting the access of TV signals to only authorized viewers. The conditional access system (CAS) is a description used for a set of hardware devices and connected software (including a Set-Top Box) used at different stages of distribution of a TV channel through which normally the pay channels are transmitted in encrypted form. The subscriber is given an authorization depending upon the request to view one or more of such encrypted pay channels of his choice. The subscriber pays for only chosen channels for viewing. The authorization is given and controlled usually by a Multi-System Operator (MSO) or an Independent Cable Operator (ICO), who deploys the Conditional Access System in a Cable Television Network. An MSO is often assisted by the Local Cable Operators (LCO).

[003] Basically, the Conditional Access System of the existing broadcasting system is the protection of a content by predefined requirements to be met before granting access to the content. The signal is encrypted to prevent unauthorized reception. A set-top box embedded with a module of Conditional Access system, is used in the customer premises to receive and decrypt the signal.

[004] The existing conditional access system has a higher Probability of Content compromise, and the flexibility to recoup the system in case of any compromise is low. Also, the existing systems have a very high cost to the feature ratio. The existing systems are not having provisions of viewing cards and cloning of smart cards and similar compromises or breaches.

[005] To overcome one or all drawback of the existing method, there is a need for a method to authorise a subscribers' device for broadcasting a content such as an audio or a video content upon receiving a subscription request from a subscriber and to limit access of the content only to the authorized subscribers'.

Object of the invention

[006] An object of the present invention is to provide a method for authorising a subscriber’s device.

[007] Another object of the present invention is to provide a method for authorising a subscriber’s device, which provides an end to end system design.

[008] One more object of the present invention is to provide a method for authorising a subscriber’s device, which provides an entitlement control message and entitlement management message in encrypted form.

[009] Another object of the present invention is to provide a method for authorising a subscriber’s device, which provides easy recovery mechanism in an eventuality thereby protecting prestigious electronic hardware deployed in the field, valuable content and revenue generated by the broadcaster and the service provider.

[0010] Further one more object of the present invention is to provide a method for authorising a subscriber’s device, which ensures the cost of its implementation, production as well as operation are significantly lower than other systems.

[0011] Still one more object of the present invention is to provide a method for authorising a subscriber’s device, which is robust in operation.

Summary of the invention

[0012] According to the present invention, there is provided with a method for authorising a subscriber’s device for broadcasting upon receiving a new subscription request from a subscriber. The method is having a subscriber device, a broadcaster, a scrambler and a descrambler. The subscriber device is a set-top-box (STB), and the like. The MSO Headend system is one who distributes/broadcast a content such as an audio or video content to the subscriber upon receiving a subscription request and limit the access of the content to the STB. Specifically, the MSO Headend system sends the subscription and the limit to access the content to the STB. The content is available only for the authorized subscriber.

[0013] The method is using a Subscriber Authorisation System (SAS) and a Conditional Access Kernel (CAK). The SAS is integrated with a Headend system of the MSO, and the CAK is embedded with the set-top-box (STB). All the cryptographical operations on a server-side are handled by a subscriber authorization system and by the CAK (Conditional Access kernel) on the Subscriber's device.

[0014] In the method, the clear content is scrambled by using a control word (CW). The CW is having a 3 layers key configured for descrambling the scrambled content at the subscriber’s device. The 3 layers key holds a Subscriber Authorisation System (SAS). The SAS generated an Entitlement Management Messages (EMM) and Entitlement Control Messages (ECM) upon receiving an instruction from a Subscriber Management System (SMS). The Subscriber Management System is a combination of hardware and application, integrated with the Headend system of the MSO. The EMM and the ECM are a form of encrypted messages broadcasted by the SAS to a conditional access kernel (CAK) of the subscriber’s device. Specifically, the ECM is provided in the encrypted form with the CW, and the EMM is provided with the subscriber’s entitlement message in the encrypted form.

[0015] The CAK decodes the subscriber’s entitlement message from the EMM using the 3 layers key. The created EMM is broadcasted to the subscriber's device, and the ECM is broadcasted with the 3 layers key of the CW to the new subscriber' device. Further, the entitlement message of the generated EMM is matched with an entitlement message (ID) of the subscriber’ device for authenticating the subscribers’ device. The 3 layers key of the CW is accessible to the STB. The STB shares the 3 layers key to a descrambler of the subscribers’ device for descrambling the scrambled content.

[0016] If the entitlement message from the EMM does not match with the entitlement of the subscriber device (in the case where the subscriber does not have the valid subscription), access to the CW of the ECM is restricted to the subscriber.

Brief Description of the Drawings

[0017] The advantages and features of the present invention will become better understood with reference to the following detailed description and claims taken in conjunction with the accompanying drawings, wherein like elements are identified with like symbols, and in which:

[0018] Figure 1 illustrates a flowchart of a method for authorising a subscriber’s device in accordance with the present invention;

[0019] Figure 2 illustrates a graphical representation of the method in accordance with the figure 1;

[0020] Figure 3a illustrates a communication between SAS and CAK for establishing a subscription on a set-top-box (STB) of a subscriber with a server of a broadcaster; and

[0021] Figure 3a and 3b illustrate the communication between SAS and CAK for establishing an entitlement according to the purchased product/package subscription.

Detail Description of the Invention

[0022] An embodiment of this invention, illustrating its features, will now be described in detail. The words "comprising," having, "containing," and "including," and other forms thereof, are intended to be equivalent in meaning and be open-ended in that an item or items following any one of these words is not meant to be an exhaustive listing such item or items or meant to be limited to only the listed item or items.

[0023] The terms “first,” “second,” and the like, herein do not denote any order, quantity, or importance, but rather are used to distinguish one element from another, and the terms “an” and “a” herein do not denote a limitation of quantity, but rather denote the presence of at least one of the referenced item.

[0024] The method for authorising a subscribers' device for broadcasting a content such as an audio or a video content. The method is used for providing security. In this method, the subscriber device is an STB (set-top-box), and the like is authorise by a broadcaster upon receiving a new subscription request from a subscriber. The broadcaster is one who distributes/broadcast an audio or video content to the subscriber upon receiving a subscription request and limit the access of the content for only authorized subscriber. The method uses a conditional access system (CAS). The CAS protects the content by requiring a predefined requirements to be met before granting access to the content. Specifically, the CAS is used for protection of content and limits the access of the content for only authorized subscribers by requiring a specific requirements to be met before granting access to the broadcasted content.

[0025] The disclosed embodiments are merely exemplary of the invention, which may be embodied in various forms.

[0026] Referring now to figure 1, a method is used for authorising a subscriber’s device for broadcasting upon receiving a new subscription request from a subscriber in accordance with the present invention is illustrated. The method is used for scrambling a content before broadcasting and allowing access to an authorised subscribers' device to descramble the scrambled content. The scrambling of the content is done on a server of a broadcaster, and the descrambling is done on the subscribers’ device, such as a set-up-box (STB). The scrambled content may be broadcasted through a cable system or a satellite broadcasting. The method 100 is having a Subscriber Authorisation System (SAS) and a Conditional Access Kernel (CAK) as shown in figure 2. The SAS is integrated with a Multi-Service Operators (MSOS), and the CAK is embedded with the receiver of the content like the subscribers' device which may be a set-top-box (STB). The MSO (Multi System operators) is the one who installs the Headend system to receive the Contents from Content Provider and integrates the CAS server with the Headend system. In the present method, the MSO is also called as a broadcaster which broadcasts the contents in encrypted form to the end-users.

[0027] The method 100 of scrambling, broadcasting and descrambling of the broadcasted signal on the subscriber device is illustrated on the following steps:
[0028] The method starts at step 110.

[0029] At step 120, a clear content is scrambled by a scrambler. The scrambler encodes the content received from the broadcaster and makes the content unintelligible at a subscribers' device. Specifically, the scrambler scrambles the content using a control word (CW). The CW is also a key used for scrambling and descrambling the scrambled content.

[0030] At step 130, the CW has a 3 layers key which is configured for descrambling the scrambled content at the subscriber’s device. The implementation of the 3 layers key such as an access key 1, an access key 2 and an encrypted CW. Further, the 3 layers key of the CW is stored in the SAS. The SAS performs the cryptographical operations such as encryption of the clear content and the like on the server-side of the broadcaster using the 3 layers key of the CW.

[0031] Further at step 140, an Entitlement Management Messages (EMM) and an Entitlement Control Messages (ECM) is generated using the 3 layers key of the CW. Specifically, the SAS generates the ECM and the EMM upon receiving an instruction from a Subscriber Management System. The Subscriber Management System is a combination of hardware and application, integrated with the server of the broadcaster. The Subscriber Management System provides all the information about the subscriber, the subscriber device (STB), broadcaster and package and product provided by the broadcaster.
[0032] Also, the Subscriber Management System activate and deactivate the subscribers’ device according to their content subscription. The Subscriber Management System also hold the Subscribers device (STB) number in a subscriber profile generated and stored on the broadcaster server. In the present method, the Subscriber Authorization System receives usage rights information from a Subscriber Management System (SMS), subscription package definitions from the program planners, and configuration information from the subscriber device as input. The Subscriber Management System is a combination of hardware and application, integrated with the Headend system of the MSO.

[0033] At step 150, the created EMM and the ECM with 3 layers key are in encrypted form, is broadcasted. Specifically, the EMM and the ECM with 3 layers key is broadcasted in a form of an RF signal. Further, the STB of the subscriber receives the EMM and the ECM with the 3 layers key of the CW. The EMM and the ECM can be sent to the STB either by cable or by satellite broadcasting.

[0034] In the present method, the EMM and the ECM are broadcasted by the SAS and received by the conditional access kernel (CAK) of the STB. The EMM is provided with the subscriber’s entitlement message in an encrypted form, and the ECM is provided in an encrypted form with the CW. Further, the CAK decodes the subscriber’s entitlement message from the EMM for verifying an entitlement message of the STB of the subscriber.
[0035] The CAS broadcast multiple messages targeted to the STB. The messages are sent from SAS to CAK, to activate the STB for a request received from a new subscriber. The sequence of the message to activate the new Subscribers STB is, the SAS sends an activation message to the CAK of the STB, then sends the 3 layer access key and thereafter sends the activation EMM message with the expiry date of the activation period as shown in figure 3a. Similarly, if the subscriber is subscribing a package entitlement and a product entitlement, the SAS sends a package/product entitlement to the CAK, thereafter sends the 3 layers key followed with the activation EMM with the expiry date of the activation period as shown in figures 3b and 3c.

[0036] At step 160, the entitlement message of the received EMM is comparing with the entitlement message (an ID-identifier) of the STB for authenticating the STB. If the received EMM message is matched with the entitlement message (ID) of the STB, the STB is authenticated. If the received entitlement message from the EMM does not match with the entitlement (ID) of the subscriber device (in the case where the subscriber does not have the valid subscription), the STB is not authenticated, and access to the CW of the ECM is restricted to the STB. Specifically, the CAK decodes the EMM and stores the authorization details. The ECM message is broadcasted, and the STB is not authenticated, and access to the CW of the ECM is restricted to the STB.

[0037] At step 170, the 3 layers key of the CW is shared to a descrambler of the subscribers’ device. The descrambler is provided for descrambling the received scrambled content.

[0038] The method 100 ends at step 180.

[0039] Therefore the advantage of the present invention is to provide a method 100 for authorising a subscriber’s device for broadcasting upon receiving a new subscription request from a subscriber. The method 100 provides an end to end system design. The method 100 provides an entitlement control message and entitlement management message in encrypted form. Also, the method 100 provides a secure recovery mechanism in an eventuality, thereby protecting prestigious electronic hardware deployed in the field, valuable content and revenue generated by the broadcaster and the service provider. Further, the method 100 ensures the cost of its implementation, production as well as operation are significantly lower than other systems and the method 100 is robust in operation also.

[0040] The foregoing descriptions of specific embodiments of the present invention have been presented for purposes of illustration and description. They are not intended to be exhaustive or to limit the present invention to the precise forms disclosed, and obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to explain the principles of the present invention best and its practical application, to thereby enable others skilled in the art to best utilize the present invention and various embodiments with various modifications as are suited to the particular use contemplated. It is understood that various omission and substitutions of equivalents are contemplated as circumstance may suggest or render expedient, but such are intended to cover the application or implementation without departing from the spirit or scope of the present invention.
,CLAIMS:We Claim:

1. A method for authorising a subscriber’s device for broadcasting upon receiving a new subscription request from a subscriber, the method comprising steps of:
scrambling a clear content received from a content provider by using a control word (CW);
configuring a 3 layers key in the CW for descrambling the scrambled content at the subscriber’s device;
generating an Entitlement Management Messages (EMM) and an Entitlement Control Messages (ECM) upon receiving an instruction from a Subscriber Management System (SMS), the created EMM is broadcasted to the subscriber’s device, and the ECM is broadcasted with the 3 layers key of the CW to the subscriber’ device;
matching an entitlement message of the generated EMM with an entitlement message of the subscriber’ device for authenticating the subscribers’ device, after sharing the 3 layers key of the CW to a descrambler of the subscribers’ device for descrambling the scrambled content.

2. A method for authorising a subscriber’s device as claimed in claim 1, wherein the EMM and the ECM are a form of encrypted messages broadcasted by the SAS to a conditional access kernel (CAK) of the subscriber’s device.

3. A method for authorising a subscriber’s device as claimed in claim 2, wherein the CAK is embedded with the subscriber’s device.

4. A method for authorising a subscriber’s device as claimed in claim 3, wherein the subscriber device is a set-top-box (STB).

5. A method for authorising a subscriber’s device as claimed in claim 1, wherein the clear content is scrambled by a scrambler.

6. A method for authorising a subscriber’s device as claimed in claim 1, wherein the ECM is provided in an encrypted form with the CW, and the EMM is provided with the subscriber’s entitlement message in an encrypted form.

7. A method for authorising a subscriber’s device as claimed in claim 1, wherein the CAK decodes the subscriber’s entitlement message from the EMM using the 3 layers key.

8. A method for authorising a subscriber's device as claimed in claim 1, wherein if the received entitlement message from the EMM does not match with the entitlement (ID-Identifier) of the subscriber device (in the case where the subscriber does not have the valid subscription), access to the CW of the ECM is restricted to the subscriber.

9. A method for authorising a subscriber's device as claimed in claim 1, wherein all the cryptographical operations on a server-side is handled by a subscriber authorization system and by the CAK (Conditional Access kernel) on the Subscriber's device.

10. A method for authorising a subscriber’s device as claimed in claim 1, wherein the subscriber authorization system also holds the 3 layers key of the CW.