DEVICE FOR CONDITIONAL ACCESS TO A RECEIVER/DECODER IN CERTAIN TIME SLOTS
The present invention pertains to a device for conditional access to a receiver/decoder in certain time slots. It belongs to the field of the protection, by a user, of access to programmes transmitted by a digital television system comprising a receiver/decoder device. For example, within the context of parental control, parents may not want their children to watch television, other than a programme recorded by way of the receiver/decoder, after a certain time in the evening, so that they go to bed early, or for a certain period during the day, while they have homework to do. Parents may also not want other people to use their receiver/decoder in their absence. The term "digital television system" includes here for example satellite, cable, terrestrial systems and the like. The term "receiver/decoder device" includes here a receiver device for receiving either coded signals or uncoded signals, for example audio/video signals, preferably in the MPEG format. These signals may be sent by various means. The receiver/decoder device may be a device also referred to a "set-top box", connected to or integrated with a television set. The receiver/decoder device may be fixed or portable. The term "MPEG" refers here to the data transmission standard developed by the "Motion Pictures Expert Group" working group of the International Standard Organisation and in particular but not exclusively the MPEG-2 standard developed for digital television applications and the MPEG-4 standard as well as the other compatible MPEG standards. In the present invention, the term MPEG includes all of the variants, modifications and developments of MPEG formats applicable to the transmission of digital data including the DVB (Digital Video Broadcast) standard.
There presently exist access control systems making it possible for access to a given television channel to be locked by password. Such systems do not however provide for the possibility of conditional access as a function of time or of a particular time slot. Consequently, these systems have the drawback, for a user who does not know the access code, as preventing this user from accessing a channel whatever the time, while the programmes to which one wishes to restrict access occupy only a very limited time slot. Thus, to allow this user to watch other programmes on this same channel, it will be necessary to divulge the access code to him, then to modify this code later. Also known through document WO-A-02 01864 is a parental control system which makes it possible to lock access to a particular television programme or a specific website content or a certain computer file. This prior document briefly mentions the eventuality of locking certain channels only at certain dates and times. Nevertheless, it contains no description of the implementation of such locking as a function of time. An aim of the invention is to remedy the aforesaid drawbacks. With this aim, the present invention proposes a device for access control in a receiver/decoder, noteworthy in that it comprises various units for subjecting the use of the receiver/decoder to conditional access during at least one time slot defined by a user. Thus, the invention allows the use of the receiver/decoder during one or more time slots chosen by the user to be subordinated to the entry of an access code, whether it be a matter of using the receiver/decoder to view a programme or to record a programme, and to do so independently of the television channel concerned. This makes it possible to target the locking of the receiver/decoder, not only as a function of a particular programme, having a certain duration, but also as a function of a given time, deemed for example by parents to be too late for their children to watch the television or a recorded programme; this also allows the regular user of the receiver/decoder to prevent other people from making use thereof during a certain period in which this regular user will be absent.
Advantageously, the access control device comprises a unit for managing personal information for storing the start and the end of each of the aforesaid time slots and for receiving a secret code defined by a user, associated with each of these time slots, the secret codes conditioning the use of the receiver/decoder during the associated time slots. This allows the user to customise in a flexible and easy manner the mode of access to his receiver/decoder. Advantageously, the access control device furthermore comprises a parental control management unit suitable for receiving the secret codes originating from the personal information management unit and for storing them. This parental control management unit guarantees security of access to the receiver/decoder, by ensuring the management of the secret codes entered by the users and by conditioning access to a certain number of resources and functionalities of the receiver/decoder. Advantageously, the parental control management unit is suitable, in the course of viewing, by a user, of programmes transmitted or previously recorded by the receiver/decoder, when the time of transmission or the initial time slot of recording belongs at least in part to one of the aforesaid time slots, for inviting the user to enter the secret code associated with this time slot, viewing being suspended as long as the correct secret code is not entered. Advantageously, the parental control management unit is suitable, when a user turns on the receiver/decoder during one of the aforesaid time slots, for inviting the user to enter the secret code associated with this time slot, viewing and recording of programmes being impossible as long as the correct secret code is not entered. This parental control management unit therefore makes it possible to prohibit anybody who does not know the parental code from viewing, either a live or a previously recorded a programme, if the transmission schedule for this programme belongs at least in part to one of the aforesaid time slots. Advantageously, the parental control management unit is suitable, when a user programmes on the receiver/decoder a recording that has to occur at least in part during at least one of the aforesaid time slots, for inviting the
user to enter the secret codes associated with the time slots concerned, programming being impossible as long as the correct secret codes are not entered. This parental control management unit therefore makes it possible to prohibit anybody who does not know the parental code from recording a programme if the transmission schedule for this programme belongs at least in part to one of the aforesaid time slots. Advantageously, the access control device in accordance with the invention furthermore comprises an alarm management unit suitable for storing the start time of at least one of the aforesaid time slots and for advising the parental control management unit when the current time is equivalent to the time stored. Advantageously, the access control device in accordance with the invention furthermore comprises an initialisation management unit suitable for initialising the personnel information management unit when a user turns the receiver/decoder on. This thus makes it possible to configure the personal information management unit for all future uses thereof. Advantageously, the access control device in accordance with the invention furthermore comprises a recording management unit suitable for advising the personal information management unit when a user programmes a recording on the receiver/decoder The present invention is also aimed at a receiver/decoder comprising a device such as hereinabove. The particular characteristics and the advantages of the receiver/decoder being similar to those of the device according to the invention, they are not recalled here. Other aspects and advantages of the invention will become apparent on reading the detailed description which follows of particular embodiments given by way of nonlimiting example. The description refers to the drawings which accompany it, in which:
- Figure 1 diagrammatically represents a digital television system according to the prior art; - Figure 2 diagrammatically represents the structure of a terminal according to the prior art; - Figure 3 diagrammatically represents the overall architecture of a receiver/decoder device comprising a conditional access device in accordance with the present invention, in a particular embodiment; and - Figures 4a to 4f are schematics illustrating the various scenarios of implementation of a conditional access device in accordance with the present invention, in particular embodiments. With reference to Figure 1, a communication system, of digital television type 106, in accordance with the prior art, comprises a transmission centre 101 and at least one terminal 111 belonging to a pool of terminals. The terminal 111 comprises a receiver/decoder device 102 possessing a software and/or hardware architecture 103, and viewing equipment 113. The communication system 106 furthermore comprises, on the one hand, an interactive device 104 playing the role of return path, and on the other hand, a conditional access system 105. In a general manner, the digital television system 106 uses an
MPEG-2 type compression system to transmit compressed digital signals. At the level of the transmission centre 101, a compressor facility 107 receives a digital stream, typically a stream of audio and/or video signals, and transforms this stream into digital signals in the MPEG-2 format. The compressor facility 107 is connected by a link to a facility forming a multiplexer and scrambler 108. The facility forming the multiplexer and scrambler 108 receives a plurality of transformed sources and/or data (application and application data), musters these sources and/or data into a single channel, and sends the compressed digital streams to a transmitter (modulator/transmission dish) 109 of the transmission centre 101.
The transmitter 109 sends the data streams 10 via a first link (satellite, terrestrial, cable, combination of two or more means of transmission) to a station 110 which will forward them via a second link to receivers 112, for example, through dishes or antennas. The data streams 10 are transmitted over a predetermined frequency range, called the bandwidth. The latter is split up into a certain number of elementary streams corresponding to a service. The signals received by the receivers (antennas) 112 are transmitted to the receiver/decoder device 102 of the terminal 111 of the user, to which device the viewing equipment 113, for example a television set, is connected. The receiver/decoder device 102 filters a portion of the overall data stream corresponding to the service expected by the user. Thereafter, the receiver/decoder device 102 decodes the compressed MPEG-2 signal into a video data stream or the like for the viewing equipment 113. The interactive device 104 is connected to the facility forming a multiplexer and scrambler 108 on the one hand, and to the receiver/decoder device 102 on the other hand. In practice, the interactive device 104 is located partially in the transmission centre 101 and partially in the terminal 111. The interactive device 104 allows the user to interact with a certain number of applications via a return channel. The return channel or path may for example be a communication channel of switched network or PSTN (Public Switched
Telephone Network) type or a mobile communication channel of GPRS or
UMTS type. The conditional access system 105 is also connected to the facility forming a multiplexer and scrambler 108 and to the receiver/decoder device
102. The conditional access system 105 is also located partially in the transmission centre 101 and partially in the receiver/decoder device 102. The conditional access system 105 allows the user to access the transmissions of digital television data transmitted by one or more providers. The conditional access system is geared around a chip card owned by the user. The chip card is capable of decrypting the messages in relation to
commercial offers. The chip card communicates with a chip card reader (not represented) with which the receiver/decoder device 102 is equipped. In practice, part of the programmes transmitted by the transmission centre 101 are coded, the encryption keys and conditions applied to a transmission being determined by the access control system. In a general manner, the coded data are transmitted with a control word for decoding the data. The control word is itself encrypted by an operating key and transmitted in encrypted form. The coded data and the encrypted control word are received by the receiver/decoder device 102 having access to the operating key recorded in chip card inserted into the receiver/decoder device 102, so as to decrypt the encrypted control word and thereafter decode the transmitted data. With reference to Figure 2, the structure of a conventional user terminal 200 comprises a receiver/decoder device 201 possessing a part forming a receiver 202 and a part forming a decoder 203. The terminal 200 receives the data stream 10 transmitted by the transmission source. The part forming the decoder 203 comprises a memory 207 and a processing unit 209 communicating with viewing equipment 210. The part forming the receiver 202 comprises at least one reception channel formed by a tuner 204, a demodulator 205 and a demultiplexer 206. The demultiplexer 206 carries out the separation of the various information transmitted in the stream (encrypted control word, scrambled components) so as to be able to descramble them later. According to the information received, the demultiplexer 206 transmits, on the one hand, signalling information to a signalling processing unit 211 and, on the other hand, audio/video data in the buffer memory 207. The information read in the memory 207 is thereafter read by the processing unit 209 which descrambles the programme, if the latter is scrambled, and if the user has the corresponding access rights. The result of the processing is thereafter routed to the viewing equipment 210.
The signalling processing unit 211 has the role of processing all of the signalling information. For example, the signalling information includes the signalling of PSI (Program Specific information) type, the SI (Information Signalling) signalling exhibiting a means of navigating around a collection of services and events, as well as the tables in accordance with the DVB (Digital Video Broadcasting) standard, such as the SDT (Service Description Table) table, the BAT (Bouquet Association Table) table, the NIT (Network Information Table) table, etc. The memory 207 is a temporary memory which is able to contain all the information required to allow the part forming the decoder 203 to reconstitute the signal to be viewed. As a variant, a terminal can comprise two reception channels each comprising a tuner, a demodulator and a demultiplexer. Such a receiver/decoder device with two reception channels can thus allow the recording of a first data stream on a first reception channel, and in parallel the viewing of a second data stream on the basis of the second reception channel. With reference to Figure 3, the overall architecture of the platform 300 containing a receiver/decoder device having a conditional access device in accordance with the present invention comprises several layers. A first layer 322 called the "application layer" provides the functionalities for the applications executed by the platform on a receiver/decoder device. This application layer 322 is under the control of the devices of service providers. An application 322 can: - be associated with a channel, with a group of channels or with all the channels; - be resident or dynamically loaded into the receiver/decoder device; - execute independently or in conjunction with the audio/video/data stream of one or more television programmes; and/or - make requests on servers via a return path and display the responses on the viewing screen.
The platform also comprises a virtual machine 320 providing among other things an interpreter of intermediate codes, a storage medium and various processing directories. The platform furthermore comprises a devices manager 318 and the corresponding devices (display device 316, input/output device 314). The devices manager 318 is a standardized interface disposed between the interactive applications 322 and the physical elements (316, 314, drivers 312, hardware part 310) of the receiver/decoder device. The devices manager 318 provides interoperability for the interactive applications with the hardware of the receiver/decoder. In accordance with the present invention, at the level of the application layer, there exists: - a parental control management unit 324: this ensures the management of a code referred to as the "parent code". This code can be used to condition access to a certain number of resources and functionalities of the receiver/decoder: only people able to correctly enter this code have access to the resources and functionalities protected; - an alarm management unit 326: this makes it possible to record alarms consisting of a date, of a schedule and of an action. It guarantees the triggering of this action when the current date and current time are equivalent to the date and time of the alarm; - a personal information management unit 328: this allows the user to configure a certain number of preferences of use of his receiver/decoder; - an initialisation management unit 330: this manages all the operations for initialising the terminal when it is started up after having been placed on standby; - a recording management unit 332: this manages the recording of audio/video programmes and the viewing of these recordings. Various situations in which the access control device in accordance with the present invention is implemented will now be described in conjunction with Figures 4a to 4f.
Figure 4a diagrammatically illustrates a scenario for configuring the receiver/decoder with a parent code. The user enters, by way of various control interfaces of his receiver/decoder (remote control, keypad, etc) the current value of the parent code. The personal information management unit 328 retrieves this data (arrow 1 a in the drawing) and provides it to the parental control management unit 324 (arrow 2a). The parental control management unit 324 verifies the validity of the value of this data item and stores it. Figure 4b diagrammatically illustrates a scenario for configuring the receiver/decoder with viewing time slots protected by the parent code. The user enters, by way of various control interfaces of his receiver/decoder (remote control, keypad, etc) the value of a time slot that he wishes to protect through the parent code (arrow 1 b in the drawing). The personal information management unit 328 retrieves this data, stores them and programmes the alarm management unit 326 with the corresponding alarms (arrow 2b). The alarm management unit 326 stores the alarms corresponding to the start and to the end of the time slot to be protected through parent code. When the current time is equivalent to the stored time of start of time slot, the alarm management unit 326 will advise the parental control management unit 324. Figure 4c diagra mmatically illustrates a scenario for control of the parent code during the viewing of programmes, currently transmitted or recorded, during a time slot protected through parent code. The alarm management unit 326 advises the parental control management unit 324 at the start time of the time slot protected through parent code (arrow 1c). The parental control management unit 324 then invites the user to enter the parent code (arrow 2c). As long as this code is not correctly entered, the viewing of the programmes is suspended. When the user enters the parent code, the value of the code is verified by the parental control management unit 324 (arrow 3c). Following correct entry of the parent code, the viewing of the programmes is allowed again. Figure 4d diagram matically illustrates a scenario for control of the parent code when turning on the receiver/decoder during a protected time slot.
The user turns on his receiver/decoder during a time slot protected through parent code (arrow 1d), either to view a programme, or to record one. The initialisation management unit 330 initialises the personal information management unit 328 (arrow 2d). During its initialisation, the personal information management unit 328 verifies the current time and the configurations previously chosen by the user; all this information leads the personal information management unit 328 to advise the parental control management unit 324 (arrow 3d) to make a parent code entry request to the user (arrow 4d). The user enters the parent code (arrow 5d). The value of the parent code is verified by the parental control management unit 324. As long as a correct parent code is not entered, the viewing and the recording of the programmes are impossible; following the correct entry of the parent code, the viewing or recording of the requested programmes is allowed. Figure 4e diagrammatically illustrates a scenario of parent code control during the programming of a recording required to be performed during a protected time slot. The user programmes a recording required to be performed during a time slot protected through parent code (arrow 1e). The recording management unit 322 advises the personal information management unit 328 that a recording request has been formulated (arrow 2e). The personal information management unit 328 verifies the time of the recording and the configurations previously chosen by the user; all this information leads the personal information management unit 328 to advise the parental control management unit 324 (arrow 3e) so that the latter makes a parent code entry request to the user. The parental control management unit 324 then invites the user to enter the parent code (arrow 4e). As long as this code is not correctly entered, the programming of the recording is not permitted. When the user enters the parent code (arrow 5e), the value of the code entered is verified by the parental control management unit 324. Following correct entry of the parent code, the programming of the recording is allowed.
It should be noted that it is sufficient for the recording that the user wishes to programme to take place at least in part during a protected time slot in order for the parent code request mechanism to be implemented. Figure 4f diagrammatically illustrates a scenario of parent code control during the viewing of a programme recorded during a protected time slot. The user makes a request to view a recorded programme whose initial transmission schedule covers, at least partially, a time slot protected through parent code (arrow 1f). The recording management unit 332 advises the personal information management unit 328 of a request to view a recorded programme (arrow 2f). The personal information management unit 328 verifies the initial time of transmission of the programme and the configurations previously chosen by the user; all this information leads the personal information management unit 328 to advise the parental control management unit 324 (arrow 3f) so that the latter makes a parent code entry request to the user. The parental control management unit 324 then invites the user to enter the parent code (arrow 4f). As long as this code is not correctly entered, the viewing of the recording is not permitted. When the user enters the parent code (arrow 5f), the value of the code entered is verified by the parental control management unit 324. Following correct entry of the parent code, the viewing of the recording is allowed.