Concept of efficiently distributing access authorization information
Description
The present invention relates to a concept of efficiently distributing access authorization
information for a digital rights management system or an access authorization system. The
present invention also relates to a device and a method for controlling a service access
authorization, to a device and a method for providing an authorization message, and to a
system for controlling a service access authorization.
Digital rights management systems, also referred to as DRM systems, are methods using
which the usage and distribution of digital media are to be checked on. Digital usage
management may particularly be employed in digital movie and sound recording, but also
in software, electronic documents or electronic books. It allows providers employing such
digital rights management systems for checking the usage of their data, to apply new ways
of billing, such as, for example, paying for rights of using data by means of licenses and
authorizations, instead of paying for the data themselves.
Authors and exploiters are often interested in checking or limiting the circulation and
usage of their intellectual property, even after passing same on. A digital rights
management system is to support allowing data to be used only to the extent defined by the
respective rights proprietors, i.e. the license.
Meanwhile, however, digital rights management systems are also to be found in many
other fields, such as, for example, in companies to protect documents, which are then also
referred to as corporate rights management systems.
Digital rights management systems are a technical safety measure of giving a rights
proprietor of information goods a way of technically enforcing the type of usage of his or
her property by users on the basis of a usage agreement made before.
In addition, digital rights management systems allow managing digital contents beyond a
purely flat-rate payment and allow individual licensing or billing depending on the
frequency, duration or range of usage. On the one hand, unlimited usage can be restricted
while, on the other hand, models of doing business which could hardly be realized so far
become possible upon request.
Examples of digital rights management systems are the system of Open Mobile Alliance,
referred to as OMA DRM, and the OMA standard in the versions OMA DRM V1.0
(http://www.openmobilealliance.org/Technical/release_prograrn/drm_v1_0.aspx), OMA
DRM V2.0
(http://www.openmobilealliance.org/teclinical/release_prograrn/drm_v2_0.aspx) and OMA
DRM V2.1
(http://www.openmobilealliance.org/technical/release_program/drm_v2_1.aspx), and the
system of ETSI standard EN 50094 referred to as EUROCRYPT, in the version BS EN
50094:1993 or Eurocrypt BE EN 50094:1993
(http://www.beuth.de/langanzeige/BS+EN+50094/9799264.html). Additionally, there are a
large number of proprietary digital rights management systems which are partly specified
on open platforms.
The article "Digital rights management" published by the online encyclopedia Wikipedia
on April 23rd 2008 gives an overview of digital rights management systems and briefly
describes the "Fairplay" system by the manufacturer "Apple" under the term of application
"ITunes Store", and the "Windows Media DRM" system by the manufacturer "Microsoft".
The most widespread digital rights management systems are "Fairplay" by the
manufacturer Apple, "Windows Media DRM" by the manufacturer Microsoft and the
OMA DRM system by Open Mobile Alliance Standardization. They allow the
authorizations to be set precisely and may be used for different audio and video files. The
market leader Apple, for example, uses "Fairplay" in an application referred to as "ITunes
Store". Other providers of digital contents are, for example, Napster or Musicload. Video
providing services predominantly use the DRM system by the manufacturer Microsoft. The
OMA DRM system is used for ring tones, images, but also for mobile music and TV
transmission, such as, for example, by the contents providers Vodafone or T-Mobile, in
almost every mobile phone. The OMA DRM and Windows Media DRM systems are
frequently combined to allow interoperability between mobile phones and PCs. The
providers Musicload and Vodafone are exemplary here.
Digital rights management systems may play a more important role in the future in many
other fields, such as, for example, in the automobile field, for example for protecting
software or real-time navigation or online navigation, or in the field of embedded systems.
Digital rights management systems mostly use cryptographic methods for controlling
access to digital contents. This may exemplarily be realized by binding any digital contents
unambiguously to a license by means of encryption. Without the valid license belonging to
the digital contents, the user may purchase the apparatus or data carrier, but cannot access
the contents. The contents management computer exemplarily manages the digital contents
to be protected and encrypts same for being used in a digital rights management system,
thereby making the contents at first unreadable. The license management computer may,
upon request, generate the license required in connection with the respective keys for user
authentication and contents decryption. When the user wants to access protected contents,
he can request the license necessary for reproduction from the license management
computer by means of the digital rights management controller. In case authenticity and
integrity of a reproduction program have been verified successfully, the contents, for
example, are decrypted using the key contained in the license, in this way rendered
readable again and passed on to the reproduction program.
Access authorization systems or access encryption systems, also referred to as conditional
access (CA) systems, exemplarily include the systems employed in pay TV or in pay video
fetch applications for encrypting and decrypting program contents which may meanwhile
be employed also in other digital broadcast/radio systems and for vehicle assistance.
In order for a receiver to be able to decrypt the contents, he requires a continuously
changing control word, for example. Having the receiver obtain this control word and thus
only addressing certain receivers is one of the tasks of the access authorization systems.
Exemplarily, the provider transmits, in parallel to the useful data, separate data packages as
management messages which are also referred to as ECM messages. By means of these
ECM messages, a receiver having the respective authorization may exemplarily calculate
the control word valid at that time and transmit same to the contents decoder. Same is then
able to decrypt the contents received. On the receiver side, an access authorization system
is, for example, mapped by an authorization card bound to the customer in the form of a
smart card, and a customer-anonymous access authorization module. The module here can
filter those packages including management messages from the data stream and calculate
the corresponding control word by means of the information given in connection with the
authorization card. Logic of the access authorization system may be distributed, on the one
hand, to the module and, on the other hand, to the authorization card. Holding customer-
specific data on the authorization card and rendering them unreadable by third parties is,
for example, a conventional procedure.
In addition to the information which may already be on the authorization card of the
customer, the methods may transmit management messages including management
commands via the incoming data stream. These management messages, also referred to as
EMM messages, serve specifically enabling and disabling customer cards. There is a way
of offering the customer more or fewer rights with regard to individual offer packages,
without the customer having to exchange the authorization card.
Examples of digital access authorization systems are the "Betacrypt" and "Betacrypt II"
systems for digital pay TV which were developed for an application referred to as D-Box,
further the system referred to as "Videoguard" for pay TV, broadband TV and mobile
applications, and a system, referred to as "Nagravision Aladin" offering access
authorization methods for both satellite and cable TV.
In the article "Conditional access" of the online encyclopedia Wikipedia of March 12th
2008, the digital PayTV systems "Videoguard" and "Nagravision Aladin" are mentioned
and described briefly in the linked articles "Nagravision" of January 8th 2008 and
"Videoguard" of April 20th 2008. The Wikipedia article "Conditional access system" of
December 21st 2007 mentions Betacrypt as another access authorization system which has
meanwhile been replaced by the Betacrypt II system.
Since, in unidirectional broadcast systems, receivers are usually not able to confirm
messages received, and are not always switched on, all the messages, for example, may
have to be transmitted repeatedly in order to ensure high receive quality. In order to ensure
a high security standard, the access authorization messages can be encrypted securely such
that decryption without having a valid access key is either not feasible economically or
technically almost impossible. Additionally, different individual access authorization
systems may be separated from one another such that they do not influence one another.
Digital rights management systems and access authorization systems allow a service
provider to distribute protected multimedia contents to closed groups of users. Distributing
may take place using different systems, exemplarily via an analog or digital video or audio
broadcast system, via a mobile radio communications system, via an Internet protocol
system or a digital multimedia transmission system. DVB (digital video broadcast)
systems, GSM (global system for mobile communications) systems, IP (Internet protocol)
systems and DAB/DMB (digital audio/multimedia broadcast) systems are, among others,
common systems.
The contents may be encrypted before distributed. The usage rules and the cryptographic
keys required may be distributed in additional management messages. The contents may be
grouped relating to services. The users of a service are, for example, a group of persons
who may be managed on the transmitter side.
A user may access a service when having stored the authorizations required in his
apparatus or in a security component connected to the apparatus, such as, for example, an
authorization card (chip card). A user may obtain the authorization in a personalization
process.
A common business model between a service provider and a service user is regulating
access using a subscription. The service authorization is exemplarily valid for a certain
period of time and may, when expired, be extended in case there is an ongoing business
relationship between the service provider and the service user. The extension (Vn) is
exemplarily done by a management message which may relate to a certain service. It may
contain parameters in which the extension period of time (startn, endn) may be coded,
exemplarily by means of an extension start time (startn) and an extension end time (endn).
When a digital rights management system or an access authorization system is employed in
an environment in which a plurality of receivers can receive the signal transmitted ("point-
to-multipoint"), such as, for example, a digital broadcast system, an extension message
may be directed to several service users at the same time. This means that an extension
message may comprise an address region in which a list of the service users to be extended
is located. With these service users, both the time of extension, exemplarily December 31st,
and the extension period, exemplarily 3 months, may be identical.
When a subscription is not extended, no extension method is, for example, transmitted for
the corresponding service user. His access authorization expires.
The end of an access authorization usually coincides with the time of expiry of a
subscription.
Subscriber management systems managing a plurality of subscriber data of service users of
digital rights management systems or access authorization systems may, for the
management of the subscriber data, require personalization in which a service-dependent
user identification, referred to here as "i", may be allocated to an apparatus of a user having
an apparatus identification, referred to here as "g", for a certain service having a service
identification, referred to here as "d", wherein the service-dependent user identification
may depend on the apparatus identification and service identification. As a formula, this is
expressed as: i=f(g,d), wherein "f()" is to refer to an association function. Other
associations are also possible when personalizing.
The apparatus identification, the service identification and the user identification may be
stored on the transmitting side in a subscriber management system.
The peripheral exemplarily knows the apparatus identification allocated to it for the
personalization of an additional service. After personalizing a plurality, exemplarily a
number n, of services the apparatus may store a list of service-dependent user
identifications permanently (or temporarily), wherein the list may exemplarily be
represented as a sequence of numbers (d1, i1),..., (dn, in) of n pairs of service identification
and user identification having an index between 1 and n. The apparatus exemplarily knows
its own user identification i for every active service having the service identification d and
can be addressed using same.
The service-dependent user identification is exemplarily temporary for the period of time
for which there is a corresponding service authorization.
It is the object of the present invention to provide a concept allowing efficient distribution
of service access authorization information.
This object is achieved by a device for controlling a service access authorization in
accordance with claim 1 or a method for this in accordance with claim 29, a device for
providing an authorization message in accordance with claim 9, or a method for this in
accordance with claim 30, or a system for controlling a service access authorization in
accordance with claim 18.
Some embodiments of the present invention are based on a device for controlling a service
access authorization for a user device with regard to an access-restricted service setting a
period of time in which the service access authorization is valid, responsive to an
authorization message provided with a service-dependent user identifier, wherein setting
may be dependent on a predetermined duration having passed since an end of a last
authorization time interval.
Some embodiments are additionally based on a device for providing an authorization
message for a user device with regard to an access-restricted service leaving a service-
dependent user identifier unused for at least a predetermined duration after the expiry of
the authorization time interval of the user device to which the service-dependent user
identifier was associated last.
Some embodiments are based on the finding that user identifiers being released again may
be allocated again in a controlled manner so as to limit the address space required, i.e. the
number of potential service-dependent user identifiers, also referred to as i, and to ensure ,
when applicable, optimum group formation for efficient user addressing in the long run.
Address space limitation results, for example, in a smaller number of bits which have to be
transmitted for providing the service access authorization when the service-dependent user
identifiers may, for example, be represented as a sequence of bits. If fewer bits are required
for transmitting service-dependent user identifiers, a message including a service access
authorization may be transmitted via a channel of smaller bandwidth, and additionally the
subscriber management system needs to reserve a smaller number of data sets for
managing the service-dependent user identifiers.
The inventive concept is able to prevent, after re-allocating the user identifiers released, a
user, whose user identification is already invalid and who is also referred to as "old user",
from being able to access the contents again using his apparatus. In addition, it can be
prevented that a user who has extended his subscription but whose peripheral has not yet
received the extension message is excluded immediately from further service usage. In
other words, the inventive method causes user satisfaction which may usually also be
referred to as "good user feeling".
It is to be mentioned here that an apparatus cannot receive an extension message when it
remains switched off for a longer period of time or when it is located at a position of
insufficient receive quality, such as, for example, when parking the car in an underground
car park or when the apparatus is, for example, installed in the vehicle, when going on
holiday by car.
Limitations in operational convenience are to be expected for users who have extended
their subscriptions but whose apparatuses have not been ready for reception over a very
long period of time and thus have not been able to receive extension messages. The
apparatus may be excluded from service usage with these users. Then, the user may
exemplarily contact his service provider to be provided with a new user identification or to
have the disabled parameters and keys for the respective service in his apparatus restored
again for his old user identification still registered in the subscriber management system.
Preferred embodiments of the present invention will be detailed subsequently referring to
the appended drawings, in which:
Fig. la shows a block circuit diagram of a device for controlling a service access
authorization in accordance with an embodiment of the present invention;
Fig. lb shows a block circuit diagram of a device for controlling a service access
authorization in accordance with another embodiment of the present invention;
Fig. 2a shows a block circuit diagram of a device for providing an authorization
message in accordance with an embodiment of the present invention;
Fig. 2b shows a block circuit diagram of a device for providing an authorization
message in accordance with another embodiment of the present invention;
Fig. 3 shows an embodiment in the form of a flowchart of a method for controlling a
service access authorization;
Fig. 4 shows an embodiment in the form of a flowchart of a method for providing an
authorization message;
Fig. 5 shows an example of a time line of a service extension by means of extension
messages;
Fig. 6a shows an example of a time line of a service extension, wherein not all the
extension messages belonging to the subscription have been received;
Fig. 6b shows another example of a time line of a service extension, wherein there is a
period of time in which no extension messages were received, between a first
and a second extension message;
Fig. 7a shows an example of a time line of a service extension including an extension
message, an apparatus restart time and a life-sustaining period;
Fig. 7b shows an example of a time line of a service extension including a first
extension message, a second extension message and a life-sustaining period;
Fig. 8 shows an embodiment in the form of a block diagram of a system for controlling
a service access authorization.
Fig. 1a shows a block circuit diagram of a device 100 for controlling a service access
authorization for a user device with regard to an access-restricted service in accordance
with an embodiment of the present invention. The device 100 includes a service access
authorization provider 101, the service access authorization provider 101 being configured
to determine a period of time in which the service access authorization 104 is valid, and the
determination being responsive to an authorization message 103 provided with a service-
dependent user identifier 102. The service access authorization provider 101 is configured
to disable 105 an authorization which allows extending or reactivating the service access
authorization 104 using the previous service-dependent user identifier 102 when at least a
predetermined period of time has passed since an end of the last authorization time interval
106 for which a service access authorization 104 was determined by the device 100.
Another embodiment for disabling 105 the authorization which allows extending or
reactivating the service access authorization 104 is shown in Fig. lb.
Fig. 1b shows a block circuit diagram of a device 100 for controlling a service access
authorization for a user device with regard to an access-restricted service in accordance
with another embodiment of the present invention. The device 100 includes a service
access authorization provider 101 receiving an authorization message 103 which includes a
service-dependent user identifier 102 and an authorization time interval 106 or information
describing an authorization time interval 106. The following five steps, which are
identified by their functional blocks 111, 112, 113, 114 and 115, are performed in the
service access authorization provider 101 in dependence on the authorization message 103.
In a first step 111, the service access authorization provider 101 receives the authorization
message 103 including the authorization time interval 106.
In a second step 112, the service access authorization provider 101 compares the
authorization time interval 106 received to the last authorization time interval 107 present
in the device 100. The duration 120 having passed since the end 121 of the last
authorization time interval 107 and the start 122 of the authorization time interval 106
received is determined.
In a third step 113, the service access authorization provider 101 compares the duration
120 having passed to the predetermined duration 123. If the duration 120 having passed is
greater than or equal to the predetermined duration 123, the service access authorization
provider 101 will perform step 4a 114; if, however, the duration 120 having passed is
smaller than the predetermined duration 123, the service access authorization provider 101
will perform step 4b 115.
In step 4a 114, the authorization for extending or reactivating using the previous service-
dependent user identifier 102 is disabled 105. In step 4b 115, the service access
authorization 104 is extended or reactivated and the authorization for extending or
reactivating using the previous service-dependent user identifier 102 is maintained.
The decisive parameter determining the behavior of the device 100 is the predetermined
duration 123, which is also referred to as the "keep alive period" or KAP. Using this
parameter, the device 100 controls whether the authorization for extending or reactivating
using the previous service-dependent user identifier 102 is disabled 105 or maintained.
The embodiment of the device 100 for controlling a service access authorization may be
employed on most different apparatuses, exemplarily for an audio, video or multimedia
service on a pay TV system or a pay video system or on a driving assistance system,
wherein the systems may be implemented on a mobile or a fixedly installed apparatus.
Furthermore, the device 100 may be used for a data service or multimedia service on a
mobile phone or for a chargeable and/or access-controlled service on a portable or
stationary computer with or without Internet access.
Determining the duration 120 having passed may be responsive to a time when the device
is switched on, instead of the start time 122 of the authorization time interval 106. In this
case, the duration 120 having passed is the duration between the end 121 of the last
authorization time interval 107 and a time when the device 100 is switched on. This is, for
example, the case when the apparatus has been switched off since the end 121 of the last
authorization interval 107 and is only switched on at a later time. It may then happen that
the apparatus has not received extension messages meanwhile transmitted by the service
provider and that the duration 120 having passed in the meantime (since the last extension
message received) determines whether the user may keep his service access authorization
104 and/or the authorization for extending the service access authorization using the
previous service-dependent user identifier 102.
The service access authorization provider 101 exemplarily receives an authorization
message 103 which may include an enabling or extension message and determine from it
an authorization time interval 106 having an authorization start time 122 and an
authorization end time 124. The service access authorization provider 101 is configured to
enable the service access authorization 104 when the authorization end time 124 is
temporally after a current time measured in the device 100, i.e. when the service access
authorization 104 is valid at the current time.
The authorization message 103 may in another embodiment, apart form the service-
dependent user identifier 102 and the authorization time interval 106, also include an
apparatus identifier, wherein the service access authorization provider 101 exemplarily,
before providing the authorization time interval 106, at first checks the apparatus identifier
received in the authorization message 103 and compares same to an apparatus identifier of
the peripheral on which the device 100 is implemented, and, if matching, reads the
authorization time interval 106 from the authorization message 103.
The service access authorization provider 101 is configured to maintain the authorization
allowing extending or reactivating the service access authorization 104 using the previous
service-dependent user identifier 102. This is shown in step 4b 115. This means that, after
receiving an authorization message 103 and extending and/or reactivating the service
access authorization 104, the duration of the authorization for extending or reactivating
using the previous service-dependent user identifier 102 extends for the predetermined
duration 123 beyond the end of the period of time for which a service access authorization
is valid. This predetermined duration 123 is also referred to as the keep alive period or
KAP. The predetermined time duration 123 is a characteristic parameter of the device 100.
The service access authorization provider 101 is additionally configured to disable the
service access authorization 104 after expiry of the authorization end time 121 when grant
of a service access authorization 104 has not been established by the device 100 before or
at the authorization end time 121. This means that the service access authorization 104 is
disabled at the end 121 of the last authorization time interval 107, even though the
authorization for extending or reactivating the service access authorization using the
previous service-dependent user identifier 102 is maintained. This authorization for
extending or reactivating using the previous service-dependent user identifier 102 is
maintained for another duration which corresponds to the predetermined duration 123.
Disabling 105 the authorization for extending or reactivating using the previous service-
dependent user identifier 102 may exemplarily take place by means of erasing or rendering
unreadable or blocking the parameters or keys associated to the service access
authorization 104 using the previous service-dependent user identifier 102.
The device 100 including the service access authorization provider 101 may exemplarily
be implemented to be an electronic circuit. It may be a computer or part of a computer or a
circuit in a mobile phone, a stationary or portable computer, a navigation system, a driving
assistance system or a cable or satellite receiver.
Fig. 2a shows a block circuit diagram of a device 200 for providing an authorization
message for a user device with regard to an access-restricted service in accordance with an
embodiment of the present invention. The device 200 includes an identifier manager 201
and an authorization message creator 202. The authorization message creator is configured
to generate an authorization message 103 in the form of an enabling message for enabling
a service access authorization 104 or an extension message for extending a service access
authorization 104, the enabling message 103 or the extending message 103 being provided
with a service-dependent user identifier 102 provided by the identifier manager 201. The
identifier manager 201 is configured to leave a service-dependent user identifier 102
unused 203 for at least a predetermined duration 123 after expiry of an authorization time
interval 106 of a user device to which the service-dependent user identifier 102 was last
associated, and to release 204 the service-dependent user identifier 102 for being used
again by the authorization message creator 202 after expiry of the predetermined duration
123.
The identifier manager 201 exemplarily includes three blocks comprising service-
dependent user identifiers: the first block 205 includes associated service-dependent user
identifiers 102 in which the authorization time interval 106 of the user device is running,
the second block 206 includes unused 203 service-dependent user identifiers 102 in which
the authorization time interval 106 of the user device has expired by less than the
predetermined duration 123, and the third block 207 includes service-dependent user
identifiers released 204 for being used again.
A controller 208 within the identifier manager 201 controls which service-dependent user
identifier 102 is to be made available to the authorization message creator 202. The
controller 208 here controls providing associated service-dependent user identifiers 102 of
block 205 or unused 203 service-dependent user identifiers 102 of block 206 or providing
service-dependent user identifiers 102 released 204 for being used again of block 207.
The authorization message creator 202 includes a block 210 for creating an enabling or
extending message including the service-dependent user identifier 102 provided by the
identifier manager 201. Thus, the device 200 provides an authorization message 103
including a service-dependent user identifier 102.
Fig. 2b shows a block circuit diagram of a device 200 for providing an authorization
message for a user device with regard to an access-restricted service in accordance with
another embodiment of the present invention. The authorization message creator 202 is of
the same setup as the authorization message creator 202 in accordance with Fig. 2a. The
function of the controller 208 of Fig. 2a will be discussed in greater detail in Fig. 2b using
blocks 220, 221, 222 and 223. It is the object of the identifier manager 201 to provide a
service-dependent user identifier 102, which is illustrated by block 220. This may
alternatively also take place outside the identifier manager 201 or outside the device 200.
Providing includes several functionalities. In block 221, it is checked for a service-
dependent user identifier 102 up to then associated to a peripheral whether the
authorization time interval 106, 107 to which the service-dependent user identifier 102 is
associated has expired. Should the authorization time interval 106, 107 (during which the
previous user peripheral has access to a service) have not yet expired, the service-
dependent user identifier 102, associated to a peripheral up to then, may be used for
creating enabling or extending messages 103 for the previous user and/or the previous
peripheral. If, however, the authorization time interval 106, 107 has expired, the service-
dependent user identifier 102 will remain unused for a predetermined duration 123, which
is indicated in block 222. The service-dependent user identifier 102 may, before expiry of
the predetermined duration 123 since the end 121 of the authorization time interval 107, be
used to renew the authorization time interval for the previous peripheral.
In block 223, it is finally checked whether the predetermined duration 123 has expired.
Should the predetermined duration 123 have expired, the service-dependent user identifier
102 may be used again, wherein then a new user may obtain an authorization message 103
including the service-dependent user identifier 102 which was associated before to a
different user. If the predetermined duration 123 has not yet expired, the service-dependent
user identifier 102 cannot be released for a different user and/or a different peripheral. The
identifier manager 201 then provides, for the other peripheral, another service-dependent
user identifier 102 which may exemplarily be checked in blocks 221, 222 and 223 as to its
usability, and is provided to the authorization message creator 202 when usable, so that
same can create an authorization message 103 including the other service-dependent user
identifier 102.
The authorization message creator 202 may be configured to create a message 103 for
enabling or extending an audio, video or multimedia service, for example, for a pay TV
system or a driving assistance system on a mobile or fixedly installed apparatus or a data
service or multimedia service on a mobile phone or an access-controlled and/or chargeable
service on a portable or stationary computer with or without Internet access.
The authorization message creator 202 may additionally be configured to create the
authorization message 103 including the service-dependent user identifiers 102, wherein
the service-dependent user identifiers 102 may exemplarily be represented by a sequence
of bits. The authorization message creator 202 may be configured to transmit the
authorization message 103 including the service-dependent user identifiers 102 via a
message channel of limited bandwidth. Furthermore, the authorization message creator 202
and the identifier manager 201 may exemplarily be implemented as electronic circuits.
Efficient distribution of service access authorization information is caused by the efficient
controller 208. This is achieved by releasing again service-dependent user identifiers 102
for being used by another user and/or another user peripheral after a predetermined
duration 123 during which they remain unused. This results in a reduction in the number of
service-dependent user identifiers 102 required for identifying a service d on an apparatus
g. The authorization message 103 which includes the service-dependent user identifiers
102 may due to the reduced number of bits of the service-dependent user identifiers 102 be
transmitted at reduced bandwidth. In addition, less memory space is required for storing
the user data on a subscriber management system.
The identifier manager 201 is additionally configured to release the service-dependent user
identifier 102, after expiry of the predetermined duration 123, for being used again by
another user or another peripheral. After expiry of a subscription of a previous user of the
user device to which the service-dependent user identifier 102 was last associated, the
service-dependent user identifier 102 may, after expiry of the predetermined duration 123,
be used again for a new subscription of another user or the same user. The predetermined
duration 123 may exemplarily include a value in the range of three days to three months,
i.e. the predetermined duration may be adjusted to authorization time intervals as they
typically occur in pay TV or subscription services in the field of mobile telephony,
navigation systems, driving assistance systems or chargeable Internet services. The
authorization message 103 may exemplarily be directed to several receivers. The
transmission may exemplarily be on a system which is typically referred to as a "broadcast
system". However, it is also possible to provide the authorization message 103 to a group
of users or to transfer same to only one single user.
The enabling or extending message 103 may also be of a personalized form of such a type
that the service-dependent user identifier 102 is dependent on the apparatus identification
on the apparatus on which the service runs and on a service identification. Furthermore, the
enabling or extending message 103 may be grouped in such a manner that messages 103 to
users of the same authorization time interval 106 are united in a group. This allows
achieving a clear representation in the subscriber management system, wherein users
whose subscriptions have to be extended at the same times receive an extending message
103 at the same time, wherein the extending message 103 then only needs to be sent to
those users requiring an extension. Using grouping, it is easily possible to keep managing
the extending messages 103 in the subscriber management system at a clear level and to
avoid unnecessary extending messages 103.
The authorization time interval 106 may be specified using a start time 122 and an end
time 124 or also using the start time 122 and the duration. However, other possibilities are
also feasible.
Fig. 3 shows an example in the form of a flowchart of a method for controlling a service
access authorization with regard to an access-restricted service. The method 300 comprises
steps 301, 302, 303, 304, 305 and 306.
In the first step 301, an authorization message 103 including a service-dependent user
identifier 102 can be received. What follows is the second step 302 in which the
authorization start time 122 and the authorization end time 124 can be read out from the
authorization message 103. What follows is the third step 303 in which the authorization
start time 122 can be compared to the authorization end time 121 of the last authorization
time interval 107 for which there was a service access authorization 104. In a subsequent
fourth step 304 it can be checked whether a predetermined duration 123 has passed
between the authorization start time 122 and the authorization end time 121 of the last
authorization time interval 107 or between the authorization end time 121 and a current
time has passed. If the predetermined duration 123, the fifth step 305 can be performed in
which the authorization for extending or reactivating using the previous service-dependent
user identifier 102 can be disabled 105. If the predetermined duration 123 has not passed,
in the sixth step 306, the authorization for extending or reactivating using the previous
service-dependent user identifier 102 can be maintained and the service access
authorization 104 can be extended or reactivated.
Fig. 4 shows an example in the form of a flowchart of a method 400 for providing an
authorization message with regard to an access-restricted service. After starting 401 the
method 400, in a first step 402, a potential service-dependent user identifier 102 can be
provided, wherein it is subsequently checked whether the potential service-dependent user
identifier 102 is actually to be used. In a second step 403, it can be checked whether an
authorization time interval 106, 107 of a peripheral to which the service-dependent user
identifier 102 is associated has expired. If this is the case, in a third step 404, it can be
ordered or determined not to use the service-dependent user identifier 102 for a
predetermined duration 123 and/or not to use same for a peripheral other than that to which
the service-dependent user identifier has been associated so far. In a fourth step 405, it can
be checked whether the predetermined duration 123 has expired. If the predetermined
duration 123 has not expired, the method 400 can jump back to the first step 402 in which
a service-dependent user identifier 102 can be provided, wherein this time a different
service-dependent user identifier than in the previous check should be provided. If the
duration 123 predetermined in the fourth step 405 has expired, in a fifth step 406, an
enabling or extending message 103 including the service-dependent user identifier 102 can
be created and this message 103 be provided.
The same fifth step 406 can be performed in the case that, in the second step 403, the
authorization time interval 106, 107 of the peripheral to which the service-dependent user
identifier 102 is associated has not yet expired. Even for this case an enabling or extending
message 103 can be created in the fifth step 406, including the service-dependent user
identifier 102. The difference between the transition from the second step 403 to the fifth
step 406 and the transition from the fourth step 405 to the fifth step 406 is that in the first
case the enabling or extending message 103 including the service-dependent user identifier
102 is provided to the previous user, whereas in the latter case the enabling or extending
message 103 including the service-dependent user identifier 102 is provided to a new user
which, however, may also include the previous user.
Fig. 5 shows an example of a time line of a service extension by means of extending
messages and represents the course of a service extension by means of the extending
messages Vk 500, V1 501, Vm 502 and Vn 503. The end of the access authorization 504 is
indicated by the time endn 517. A service for which there is an access authorization can be
extended using extending messages. In this embodiment, a service user receives an
extending message Vk 500 at a time 505, wherein the extending message Vk 500 includes
two parameters of an access authorization interval, namely startk 510 and endk 511,
indicating which period of time the extension of the service access authorization includes.
If the service user has, for example, initiated or applied for (such as, e.g., by payment) an
extension of his service access authorization beyond the time endk 511, he can receive,
within a period shortly before the endk 511, an extending message V1 501 which extends
his access authorization by a period which is indicated in the extending message V1 501 by
means of the parameters start1 512 and end1 513. The extending message V1 501 may be
transmitted repeatedly by the service provider shortly before the end of the respective
subscription and allows the service user to extend his service access authorization. Since it
is possible for the service user not to have his apparatus always switched on or for him to
be located at a position of poor receive quality, the extending message V1 501 may
exemplarily be transmitted several times one after the other at times shortly before the end
of the respective subscription, i.e. endk.
If the service user has exemplarily extended his access authorization up to the time end1
513 and also extended his subscription, the service provider can transmit, shortly before
the end of the time end1 513, to him an extending message Vm 502 using which the service
user can extend his service access authorization from the time startm 514 up to the time
endm 515. When the subscription continues to be valid, the service provider can transmit
another extending message Vn 503, exemplarily shortly before the time endm 515, so that
the service user can extend his service access authorization for the time interval startn 516
to endn 517. When, for example, the subscription ends, as is shown in Fig. 5, at the time
endn 517, which here coincides with the end of the access authorization 504, the service
provider will exemplarily not transmit further extending messages to the service user and
the service access authorization of the service user expires. In Fig. 5, the respective service
access authorization intervals 520, 521, 522 and 523 are exemplarily successive in time.
However, this need not necessarily be the case. Exemplarily, a small period of time may be
between the time interval 521 and the time interval 520, during which the service user has
no service access authorization, for example when not having extended his subscription in
due time, and an extending message 501 is only transmitted to him after the time endk 501
of the first authorization interval 520. However, Fig. 5 also shows that a service access
authorization of a service user may be dependent on a message being transmitted to him by
the service provider, and that the service user, for extending his service access
authorization, may be dependent on receiving an extending message 500, 501, 502, 503
from the service provider. Maintaining his service access authorization will, for example,
not be possible for the service user without same.
Fig. 6a shows a similar example of a time line of a service extension, not all of the
extending messages belonging to the subscription having been received here. In contrast to
Fig. 5, the extending messages V1 501 and V1 502 have not been received. The
consequence is that there is no service access authorization for the user for the
authorization time interval 521, i.e. from start1 512 to end1 513, and for the authorization
time interval 522, i.e. from startm 514 to endm 515. The predetermined duration 123 is
indicated in Fig. 6a and is referred to as KAP 600 or keep alive period, the predetermined
duration 123 corresponding to KAP 600.
Fig. 6a shows the case in which the authorization start time 122 and 516 is temporally
before the authorization end time 121 and 511, respectively, of the last authorization time
interval 107 and 520, respectively extended by the predetermined duration 123 and 600,
respectively. Thus, the authorization for extending or reactivating the service access
authorization including the previous service-dependent user identifier 102 may be
maintained and the service access authorization 104 may be extended or reactivated at the
time startn 516. This can be recognized in Fig. 6a by the fact that the time endk 511 which
represents the authorization end time of the authorization interval 520 of the extending
message Vk 500, extended by the predetermined duration KAP 600, results in a time which
is temporally after the authorization start time startn 516 of the authorization time interval
523 of the extending message Vn 503. The service user may maintain his previous service-
dependent user identifier 102 and extend or reactivate the service access authorization.
Fig. 6b shows an alternative embodiment of the time line of a service extension compared
to Fig. 6a. Whereas in Fig. 6a the two extending messages V1 501 and Vm 502 have been
identified as not received, they are not indicated in Fig. 6b, i.e. even several extending
messages may exemplarily not have been received between Vk 500 and Vn 503. In Fig. 6b,
a keep alive period, or KAP, is specified which corresponds to the predetermined duration
123. This keep alive period KAP is known to both the subscriber management system and
to the peripheral. It may either be communicated when enabling the service or be a fixed
quantity or be determinable from known parameters.
When a user subscription has expired, the end of a keep alive period is, for example,
waited for before the corresponding user identification may be used again by the subscriber
management system for a new subscription (such as, for example, for a user or peripheral
other than the previous one).
When restarting an apparatus, as is explained in greater detail in Fig. 7a, or when receiving
an extending message Vn 503 based on an authorization interval 523 which is specified by
an authorization start time, "startn", and an authorization end time, "endn", the peripheral
can check whether the keep alive period, i.e. KAP, has expired. The keep alive period, i.e.
KAP 600, may be added here to the end endk 511 of the last stored authorization time
interval 520.
Should the sum of endk 511 and KAP 600 be temporally after the restart of the apparatus
(or the time when the apparatus is restarted) and/or the authorization start time startn of the
current authorization time interval 523 of the extending message Vn 503, the keep alive
period KAP 600 has not yet expired. Extending messages V1 501 and Vm 502 lying in
between may not have been received for one of the reasons mentioned before. The
peripheral may perform an extension. The user identification has not yet been allocated
again by the subscriber management system. The extending message is directed to the
previous user.
The example of Fig. 6b shows extending messages Vk 500 and Vn 503 received; at the time
startn 516, the keep alive period KAP 600 has not yet expired, i.e. expressed as a formula:
(endk + KAP < startn). The access authorization may be extended.
A user having extended his subscription, but whose peripheral could not receive the
extending message, can be prevented from being excluded immediately from further
service usage, i.e. user satisfaction is ensured, which is usually referred to as good user
feeling.
Fig. 7a shows an example of a time line of a service extension including an extending
message Vk 500, an apparatus restart time, referred to here as T 700, and a keep alive
period KAP 600 which puts the authorization end time endk 511 of the authorization time
interval 520 of the extending message Vk 500 in context with the time T 700 of the
apparatus restart. It can be seen in this embodiment that, after the end endk 511 of the
authorization time interval 520 to the apparatus restart T 700, a longer duration has
already passed than is provided for by the keep alive period KAP 600. Apparatus restart T
700 here exemplarily means the time when the device 100 is switched on. Since a longer
time has already passed up to the time T 700 than is provided for by KAP 600, the
peripheral has to disable 105 its authorization for extending or reactivating including the
previous service-dependent user identifier 102. It can be assumed that a service access
authorization 104 including the previous service-dependent user identifier 102 has already
been allocated to another user.
If, as is shown in Fig. 7a, the sum of the authorization end time endk 511 of the last
authorization time interval 520 received and the keep alive period KAP 600 results in a
time which is temporally before the time of switching on the apparatus 100 or the
apparatus restart time T 700, the keep alive period KAP 600 has already expired. The
peripheral should disable in a secure manner its parameters and keys stored in connection
with this service. The user identification may already have been allocated to another user
by the subscriber management system.
In the example in accordance with Fig. 7a, a received extending message endk 500 is
illustrated; at the time of the apparatus restart T 700, the "keep alive period" KAP 600 has
already expired, which may be expressed using the following formula (endk + KAP < T).
The service parameters are disabled.
Fig. 7b shows an example of a time line of a service extension including two extending
messages Vk 500 and Vn 503 and their relation to the keep alive period KAP 600. In Fig.
7b, when the extending message Vn 503 including the respective authorization start time
startn 516 arrives, the keep alive period KAP 600 which began with the end endk of the last
authorization time interval 520 of the extending message Vk 500 has already expired. In
this case, too, the peripheral should disable 105 its authorization for extending or
reactivating including the previous service-dependent user identifier 102.
If, as is shown in Fig. 7b, when an extending message Vn 503 arrives, the sum of the
authorization end time endk 511 of the last received authorization time interval 520 and the
keep alive period KAP 600 results in a time which is temporally before the authorization
start time startn 516 of the current extending message V„ 503 that has arrived (or
temporally before the arrival of the extending message Vn 503), the keep alive period KAP
600 has already expired. The peripheral should then disable in a secure manner its
parameters and/or keys stored in connection with this service. This may exemplarily be
about an extending message which has already been directed to a new user. The user
identification 102 may also have been newly allocated to another user by the subscriber
management system. This is illustrated in Fig. 7b. Received extending messages Vk 500
and Vn 503 indicate that, at the time startn 516, the keep alive period KAP 600 has already
expired, which may be expressed by a formula (endk + KAP < startn). The access
authorization is not extended.
Thus, the user whose identification 102 is already invalid, i.e. the user also referred to as
old user, can be prevented from accessing the contents again using his apparatus after the
released user identification 102 has been newly allocated.
However, what cannot be prevented is the fact that this may be about a user who has
extended his subscription, but whose apparatus has not been ready to receive over a very
long period of time, and who has consequently been excluded from service usage. This
user should get in touch with his service provider in order to be provided with a new user
identification 102, for example, or to have the disabled parameters and keys for the
respective service in his apparatus restored again for his old user identification 102 still
registered in the subscriber management system.
The method described here of re-allocating user identifications 102 has a regulating effect
on how released user identifications 102 can be allocated again. This allows limiting the
address space required and ensures optimum group formation in the long run. This function
has not been described in common digital rights management systems and access
authorization systems, such as, for example, CA or DRM systems, but may be applied in
most different systems, on the server or client side, i.e. by a control computer or by a
computer to be controlled.
The method presented requires a peripheral operating in conformity with regulations and a
subscriber management system operating in conformity with regulations to be present. The
concept does not result in limitations of common business models. It has been developed
due to current requirements and represents a reliable solution.
Fig. 8 shows an embodiment of a system 800 for controlling a service access authorization
in the form of a block diagram. The system includes a device 200 for providing an
authorization message, a first device 100 for controlling a service access authorization 104,
and a second device 100 for controlling a service access authorization 104.
The system 800 is configured to at first allocate a predetermined service-dependent user
identifier 102 to the first device 100 for controlling a service access authorization 104 and
to allocate the predetermined service-dependent user identifier 102, after becoming vacant
for use again, to the second device 100 for controlling a service access authorization 104.
Furthermore, the system is configured such that the authorization for extending or
reactivating the service access authorization 104 using a predetermined service-dependent
user identifier 102 is active in at most one of the first device 100 for controlling a service
access authorization 104 and the second device 100 for controlling a service access
authorization 104, wherein the first device 100 for controlling a service access
authorization 104 and the second device 100 for controlling a service access authorization
104 are coupled to the device 200 for providing an authorization message 103 so as to
receive the authorization message 103.
The system 800 may exemplarily be configured to transmit the authorization message 103
via a digital video or audio broadcast system, a mobile radio system, a line-switched or
package-switched voice or data network or via an Internet protocol system, a GSM, UMTS
or CDMA system, a GPS system or a DSL system in a conducted manner or wirelessly.
The system 800 may also include several devices 100 for controlling a service access
authorization 104. It may exemplarily be configured to be a system of electronic circuits
and the authorization message 103 may be a data message which may be transmitted from
the device 200 for providing an authorization message 103 to the first device 100 for
controlling a service access authorization 104, to the second device 100 for controlling a
service access authorization 104 and to other devices 100 for controlling a service access
authorization present.
The service-dependent user identifier 102 may be represented by a sequence of bits,
wherein the range of values of the service-dependent user identifier 102 exemplarily
includes a range smaller than the product of the number of registered users in the system
800 and the number of registered services in the system 800. This may indicate that,
without re-using the service-dependent user identifier 102, a number of service-dependent
user identifiers 102 which corresponds to the number of registered services in the system
800, i.e. the number of services which the user may make use of, is to be kept exemplarily
for every user including a user device. When utilizing the system 800 completely, as many
service-dependent user identifiers 102 may be allocated to each user as there are services
registered. The inventive idea of re-using the service-dependent user identifier 102 allows
not having to keep the maximum number of all potential combinations, but a smaller
number being sufficient.
The predetermined duration 123 or the keep alive period KAP 600 represents an important
parameter of the inventive method and of the system 800. Exemplarily, the KAP 600 may
be predetermined in the device 200 for providing an authorization message 103 and, when
enabling a service, be transmitted to the first device 100 and to the second device 100. The
KAP 600, however, may also be considered to be a fixed quantity of the system 800 or be
determinable from known parameters of the system 800. Alternatively, a system 800 in
which the KAP 600 is predetermined in one of the devices 100 and, from there, transmitted
to the other devices 100 and the device 200, is also feasible. The system 800 may
preferably also be configured to allocate the service-dependent user identifier 102
temporarily and to block same for the user of the user device to which the service-
dependent user identifier 102 was allocated to last after expiry of the service access
authorization 104 to the expiry of the predetermined time 123. Thus, the system 800 can
prevent a user having an expired service access authorization 104 from being able to
access, using access data still present, the service access authorization 104 of another user
including the same service-dependent user identifier 102 which has meanwhile been
allocated again.
In one preferred embodiment, the system 800 may be a cryptographic system which is able
to transmit the authorization message 103 in an encrypted or partly encrypted manner
exemplarily using a symmetrical cryptographic key using, for example, an AES encryption
algorithm, which is also referred to as advanced encryption standard, or using a DES
encryption algorithm, also referred to as data encryption standard. The system 800 may be
a digital rights management system, exemplarily in accordance with one of the OMA
DRM, ETSI-EUROCRYPT or ISMA standards, wherein the designations of the standards
have already been mentioned above.
The system 800 for controlling a service access authorization can couple the device 200 to
the first device 100 and to the second device 100. Coupling may take place via a computer
network, exemplarily via Ethernet or IP protocols, wherein the network may be realized in
a wire-based or wireless manner. Exemplarily, coupling may take place via a cable
network of a cable operator, a radio relay system, a satellite radio system, a mobile radio
system, such as, for example a GSM system of a UMTS system or a CDMA system or a
time-multiplex system. Coupling may be effected via an LAN network, MAN network,
WLAN network or via an optical transmission network. Additionally, coupling may be
effected via the power supply network, also referred to as powerline transmission, and via
an ATM network or by means of a DSL method.
The concept may be employed in access authorization systems, or conditional access
systems, or in digital rights management or DRM systems, both on the server side and the
client side, wherein server side refers to the side of the control computer and client side
refers to the side of the controlled computer. In the embodiment in accordance with Fig. 8,
the device 200 may, for example, be considered to be on the server side, i.e. on the control
computer side, and the first device 100 for controlling a service access authorization 104
and the second device 100 to be on the client side, i.e. belong to the side to be controlled.
Depending on the circumstances, the inventive method may be implemented in either
hardware or software. The implementation may be on a digital storage medium, in
particular on a disc or a CD, using control signals which may be read out electronically
which are able to cooperate with a programmable computer system such that the respective
method will be executed. Generally, the invention is also in a computer program product
comprising program code, stored on a machine-readable carrier, for performing the
inventive method when the computer program product runs on a computer. In other words,
the invention may also be realized as a computer program comprising program code for
performing the method when the computer program runs on a computer.
We claim:
1. A device (100) for controlling a service access authorization for a user device with
regard to an access-restricted service, comprising:
a service access authorization provider (101), the service access authorization
provider (101) being configured to set a period of time in which the service access
authorization (104) is valid, responsive to an authorization message (103) provided
with a service-dependent user identifier (102), and the service access authorization
provider (101) being configured to disable (105) an authorization allowing the
service access authorization (104) to be extended or reactivated using the previous
service-dependent user identifier (102) depending on whether at least a
predetermined duration (123) has passed since an end of a last authorization time
interval (106) for which a service access authorization (104) was determined by the
device (100),
wherein the service access authorization provider (101) is configured to determine
the duration having passed and to compare same to the predetermined duration,
and to disable the authorization for extending or reactivating using the previous
service-dependent user identifier (102) when the duration (120) having passed is
greater than or equal to the predetermined duration.
2. The device (100) in accordance with claim 1, wherein the service access
authorization provider (101) is configured to disable the authorization for extending
or reactivating using the previous service-dependent user identifier (102) such that
an old user is prevented from accessing again contents after re-allocating the
service-dependent user identifier (102) to another user.
3. The device (100) in accordance with claims 1 or 2, wherein the service access
authorization provider (101) is configured to provide the service access
authorization (104) for an audio service, video service, multimedia service or data
service for a pay video system or for a driving assistance system on a mobile or
fixedly installed apparatus or for a data service on a mobile phone or for a
chargeable and/or access-restricted service on a portable or stationary computer
with or without Internet access.
4. The device (100) in accordance with claim 1 or claim 2 or claim 3, wherein the
service access authorization provider (101) is configured to disable (105),
responsive to the device (100) being switched on, an authorization of extending or
reactivating the service access authorization (104) using the previous service-
dependent user identifier (102) when, at a time when the device (100) is switched
on, at least the predetermined duration (123) has passed since the end (121) of the
last authorization time interval (107) for which a service access authorization (104)
was determined by the device (100).
5. The device (100) in accordance with one of the preceding claims, wherein the
service access authorization provider (101) is configured to determine, from a
received enabling message or extending message (103) which includes an apparatus
identifier and a service-dependent user identifier (102), when the apparatus
identifier matches an apparatus identifier of the device, an authorization time
interval (106) and to enable the service access authorization (104) when an end
time (124) of the authorization time interval (106) is temporally after the current
time, and when the duration between the start time (122) of the authorization time
interval (106) and the end time (121) of the previous authorization time interval
(107) for which a service access authorization (104) was determined by the device
(100) is shorter than the predetermined duration (123).
6. The device (100) in accordance with claim 5, wherein the service access
authorization provider (101) is configured to extend, by the predetermined duration
(123), the authorization of extending or reactivating the service access authorization
(104) using the previous service-dependent user identifier (102) when a service
access authorization (104) is determined by the device (100) due to an enabling
message or extending message (103).
7. The device (100) in accordance with one of the preceding claims, wherein the
service access authorization provider (101) is configured to disable the service
access authorization (104) after expiry of the end time (124) of the authorization
time interval (106), when no new service access authorization (104) was
determined by the device (100) at the end time (124).
8. The device (100) in accordance with one of the preceding claims, wherein the
service access authorization provider (101) is configured to cause disabling (105) of
the authorization of extending or reactivating the service access authorization using
the previous service-dependent user identifier (102) by means of clearing or making
unreadable or blocking the parameters or keys associated to the service access
authorization (104) or the previous service-dependent user identifier (102).
9. The device (100) in accordance with one of the preceding claims, wherein the
service access authorization provider (101) is implemented to be an electronic
circuit.
10. A device (200) for providing an authorization message for a user device with regard
to an access-restricted service, comprising:
an authorization message creator (202); and
an identifier manager (201),
wherein the authorization message creator (202) is configured to generate an
enabling message (103) for enabling a service access authorization (104) or an
extending message (103) for extending a service access authorization (104), the
enabling message (103) or the extending message (103) being provided with a
service-dependent user identifier (102) provided by the identifier manager (201);
wherein the identifier manager comprises a first block (205) of associated service-
dependent user identifiers (102) in which an authorization time interval (106) of a
user device is running,
a second block (206) of unused service-dependent user identifiers (102) in which
the authorization time interval (206) of the user device has expired by less than the
predetermined duration (123), and
a third block (207) of service-dependent user identifiers (102) released for being
used again;
and wherein the identifier manager (201) is configured to leave a service-dependent
user identifier (102) unused (203) for at least a predetermined duration (123) after
expiry of an authorization time interval (106) of a user device to which the service-
dependent user identifier (102) was associated last, and to release (204) the service-
dependent user identifier (102) for being used again by the authorization message
creator (202) after expiry of the predetermined duration (123).
11. The device (200) in accordance with claim 10, wherein the authorization message
creator (202) is configured to create a message (103) for enabling or extending an
audio service, video service, multimedia service or data service for a pay video
system or for a driving assistance system on a mobile or fixedly installed apparatus
or for a data service on a mobile phone or for a chargeable and/or access-restricted
service on a portable or stationary computer with or without Internet access.
12. The device (200) in accordance with one of claims 10 or 11, wherein the
authorization message creator (202) is configured to create the authorization
message (103) including one or several service-dependent user identifiers (102),
wherein the service-dependent user identifiers (102) are represented by a sequence
of bits, and wherein the authorization message creator (202) is implemented to be
an electronic circuit, and wherein the authorization message creator (103) is
configured to transmit the message (103) including the service-dependent user
identifier (102) via a message channel of limited bandwidth, and wherein the
identifier manager (201) is implemented to be an electronic circuit.
13. The device (200) in accordance with one of claims 10 to 12, wherein the identifier
manager (201) is configured to release the service-dependent user identifier (102)
for being used again by another user or another peripheral after expiry of the
predetermined duration (123).
14. The device (200) in accordance with one of claims 10 to 13, wherein the identifier
manager (201) is configured to use, after a subscription of a user of a user device to
which the service-dependent user identifier (102) was associated last has ended, the
service-dependent user identifier (102) again for a new subscription of another user
or the same user after expiry of the predetermined duration (123) since the
subscription has ended.
15. The device (200) in accordance with one of claims 10 to 14, wherein the identifier
manager (201) is configured to allocate a value in the range of three days to three
months to the predetermined duration (123).
16. The device (200) in accordance with one of claims 10 to 15, wherein the
authorization message creator (202) is configured to generate a message directed to
a plurality of receivers.
17. The device (200) in accordance with one of claims 10 to 16, wherein the
authorization message creator (202) is configured to personalize the enabling
message or extending message (103) such that the service-dependent user identifier
(102) depends on the apparatus identification of the apparatus on which the service
runs and on a service identification, and wherein the authorization message creator
(202) is configured to group several enabling messages or extending messages
(103) in a manner such that messages (103) to users having the same authorization
time interval (106) are united in one group.
18. The device (200) in accordance with one of claims 10 to 17, wherein the
authorization time interval (106) is specified by means of a start time (122) and an
end time (124) or is specified by means of a start time (122) and a duration.
19. A system (800) for controlling a service access authorization (104) with regard to
an access-restricted service, comprising:
a device (200) for providing an authorization message (103) in accordance with one
of claims 10-18;
a first device (100) for controlling a service access authorization (104) in
accordance with one of claims 1-9; and
a second device (100) for controlling a service access authorization (104) in
accordance with one of claims 1-9,
wherein the system (800) is configured to associate a predetermined service-
dependent user identifier (102) at first to the first device (100) for controlling a
service access authorization (104), and to associate the predetermined service-
dependent user identifier (102), after being released for being used again, to the
second device (100) for controlling a service access authorization (104),
and wherein the system (800) is configured such that the authorization for
extending or reactivating the service access authorization (104) using a
predetermined service-dependent user identifier (102) is active in at most one of the
first device (100) for controlling a service access authorization (104) and the second
device (100) for controlling a service access authorization (104), and wherein the
first device (100) for controlling a service access authorization (104) and the second
device (100) for controlling a service access authorization (104) are coupled to the
device (200) for providing an authorization message (103) so as to receive the
authorization message (103).
20. The system (800) in accordance with claim 19, wherein the system (800) is
configured to transmit the authorization message (103) via a digital video broadcast
system or audio broadcast system, via a mobile radio system, via a line-switched or
package-switched voice network or data network, an Internet protocol system, a
GSM system or UMTS system or CDMA system, a GPS system or a DSL system
in a conducted or wireless manner.
21. The system (800) in accordance with one of claims 19 or 20, wherein the system
(800) is configured to use the same predetermined duration (123) for the device
(200) for providing an authorization message (103), for the first device (100) for
controlling a service access authorization (104) and for the second device (100) for
controlling a service access authorization (104), and wherein the system (800) is
configured to transmit the predetermined duration (123) when enabling the service
or to consider same to be a fixed quantity of the system (800) or to determine same
from known parameters of the system (800).
22. The system (800) in accordance with one of claims 19 to 21, wherein the device
(200) for providing an authorization message (103) is configured to provide a
service-dependent user identifier (102) which includes a range of values smaller
than the product of a number of users registered in the system (800) and a number
of services registered in the system (800).
23. The system (800) in accordance with one of claims 19 to 22, wherein the identifier
manager (201) of the device (200) for providing an authorization message (103) is
configured to allocate the service-dependent user identifier (102) temporarily, and
wherein the system (800) is configured to block the service-dependent user
identifier (102) for the user of the user device to which the service-dependent user
identifier (102) was associated last after expiry of the service access authorization
(104) to the expiry of the predetermined duration (123).
24. The system (800) in accordance with one of claims 19 to 23, wherein the system
(800) is configured to partly or completely encrypt the authorization message (103)
with a cryptographic key using an encryption algorithm and to transmit same in a
partly or completely encrypted manner.
25. The system (800) in accordance with claim 24, wherein the system (800) is
configured to transmit the authorization message (103) in a partly or completely
encrypted manner using an encryption method.
26. The system (800) in accordance with one of claims 19 to 25, wherein the system
(800) is configured to identify the authorization message (103) using an electronic
authentication method or an electronic signature.
27. The system (800) in accordance with claim 26, wherein the system (800) is
configured to transmit the authorization message (103) together with a message
authentication code.
28. The system (800) in accordance with one of claims 19 to 27, wherein the
authorization message (103) is specified in accordance with one of the OMA DRM,
ETSI EUROCRYPT or ISMA standards.
29. The system (800) in accordance with one of claims 19 to 28, wherein a user having
an expired service access authorization (104) is prevented from being able to
access, by means of access data still present, the service access authorization (104)
of another user transmitted after expiry of the service access authorization (104)
using the same service-dependent user identifier (102).
30. A method (300) for controlling a service access authorization (104) with regard to
an access-restricted service, the method (300) comprising:
determining a period of time in which the service access authorization (104) is
valid, responsive to an authorization message (103) provided with a service-
dependent user identifier (102); and
disabling (105) an authorization of extending or reactivating the service access
authorization (104) using the previous service-dependent user identifier (102) when
at least a predetermined duration (123) has passed since an end of a last
authorization time interval (107) for which there was a service access authorization
(104),
wherein the duration having passed is determined, and wherein the authorization for
extending or reactivating using the previous service-dependent user identifier (102)
is disabled when the duration (120) having passed is greater than or equal to the
predetermined duration (123).
31. A method (400) for providing an authorization message (103) with regard to an
access-restricted service, the method (400) comprising:
generating an enabling message (103) for enabling a service access authorization
(104) or an extending message (103) for extending a service access authorization
(104), wherein the enabling message (103) or the extending message (103) is
provided with a service-dependent user identifier (102);
not using the service-dependent user identifier (102) for at least a predetermined
duration (123) after expiry of an authorization time interval (106) of a user device
to which the service-dependent user identifier (102) was associated last; and
after expiry of the predetermined duration (123), releasing the service-dependent
user identifier (102) for generating a new enabling message (103) or a new
extending message (103).
32. A computer program comprising program code for executing the method in
accordance with claims 30 or 31, when the computer program runs on a computer.

A device (100) for controlling a service access authorization for a user device with regard
to an access-restricted service includes a service access authorization provider (101), the
service access authorization provider (101) being configured to set a period of time in
which the service access authorization (104) is valid, responsive to an authorization
message (103) provided with a service-dependent user identifier (102), and the service
access authorization provider (101) being configured to disable (105) an authorization
allowing the service access authorization (104) to be extended or reactivated using the
previous service-dependent user identifier (102) when at least a predetermined duration
(123) has passed since an end of a last authorization time interval (106) for which a service
access authorization (104) was determined by the device (100).