It has been a problem to create a device that is capable of transmitting in a secure manner a set of movies of high visual quality in a numerical format of type MPEG (MPEG-1, MPEG-2, MPEG-4 or the like) or another type based on wavelets, to a screen of a personal computer, a television screen, and/or for being recorded on the hard disk of a box that connects the data communications network to the screen used for visualization, this all while preserving audiovisual quality, but avoiding fraudulent use such as the possibility of making pirate copies of movies or audiovisual programs recorded on the hard disk of a decoder box.
With current solutions it is possible to transmit movies and audiovisual programs in a numerical format via wireless, cable, satellite or the like, broadcasting networks, or via DSL (Digital Subscriber Line) or BLR (boucle locale radio) (“wireless local loop”) or DAB (Digital Audio Broadcasting) networks. To prevent pirating of the works broadcasted in this way, the last choices are often encrypted in various ways well known in the art.
However, the principal inconvenience of such current solutions (Tivo Inc., WO00165762) is that one must transmit not only the encrypted data to the users, but also the decryption keys. Transmission of the decryption keys can take place before, at the same time, or after the transmission of the audiovisual programs. To increase the security, and therefore the protection of the audiovisual works against mal-intended use, the decryption keys as well as the decryption methods of the audiovisual decoders can comprise means to improve security, such as chip cards or other physical keys that can, optionally, be updated remotely.
Hence, current solutions applied to a decoder box with the possibility to record locally audiovisual programs in numerical form on whatever type of hard disk or another type of memory, offer a mal-intended user the possibility to make unauthorized copies of the programs thus recorded because, at a given moment, this user possesses with a numerical decoder box, combined or not with systems of chip cards, all the information, the software programs and data to permit complete decryption of the audiovisual programs. As a consequence of such possession of data, the mal-intended user will have the possibility to make illegal copies without anyone detecting this fraudulent copy at the moment that it is made.
A solution therefore consists of transmitting all or part of an audiovisual program in numerical form only on demand (video and program services on demand) over a broadband telecommunication network, for example, of the type fiber optics, ADSL, cable, or satellite, without authorizing local recording of the audiovisual programs. Here, the inconvenience is very different and originates in the performance of these networks which do not guarantee continuous streams of several megabits per second every time used, as is needed for streams of MPEG which require bandwidths of a couple of hundreds of kilobits to several megabits per second.
Under these conditions, a solution is to separate the stream into two parts, each of which alone will not be usable. For example, WO 099908428 (Gilles Maton) discloses a procedure for the multi-purpose treatment of a localizable active terminal within which one establishes at least a link with an identifiable program that is dedicated to the execution of an application, the program dictating its operating conditions to the terminal to make available its functionality. The terminal dialogue punctually, by the use of a link, with the central administration of the establishment of, if necessary, the inputs and outputs of the capacities of the latter, the central administration becoming a slave or not of the terminal on the level of the application vis-à-vis the program input. That invention also concerns the identification procedure of the program and the terminal in use. That procedure divides the stream into a part that serves to identify the user and a part that contains the program properly speaking. In particular, the aforementioned program is not unusable, but only locked by the first party.
EP 0778513 (Matsushita) discloses a procedure for allowing the prevention of the illegal use of information by adding to it control information to verify the rights of the user. The system allows one to know permanently which part of the information is used and by which user, and, through this knowledge, whether the user is in an illegal position or not. That procedure therefore secures the data by combining it with additional information that distorts the initial information.
WO 0049483 (Netquartz) also offers procedures and systems for creating a connection between the users and an editor of the numerical entities. The procedure includes at least one of the following stages: the stage in which the aforementioned numerical entity is divided in two parts; the stage in which one part is stored in an area in memory of the server that is connected to the information network; the stage in which the other part is transmitted to at least a user that has data-processing equipment; the stage in which the aforementioned data-processing equipment is connected to the aforementioned information network; the stage in which a functional link is established between the aforementioned first and the aforementioned second part. Those procedures and systems do not specify whether the part that is stored on the server can be stored by the user, thereby allowing the user to pirate the aforementioned numerical entity.
U.S. Pat. No. 5,937,164 utilizes the solution that consists of separating the stream into two parts of which the smaller contains the information that is necessary for using the larger. However, that patent is not sufficient in addressing the identified problem. In fact, deletion of a part of the stream alters the format of the stream, and is therefore not recognizable as a standard stream that can be used with general application software. That procedure requires at the same time specific software on the server, for the separation of the two parts, and another specific software application which does not only allow the reconstruction of the stream, but also the acquisition of the principal stream and its processing according to a proprietary format of the solution. This proprietary format is not the original format of the stream before it is separated into two parts, in this known solution.
U.S. Pat. No. 5,892,825 goes back to the preceding document, but in a less large framework because the streams are always encrypted. U.S. Pat. No. 6,035,329 is based on the same principle. It concerns a procedure that allows the reading of a disk of type CD-ROM or DVD-ROM conditionally upon the identification of rights by the insertion of a chip card on which the information that is necessary for reading is stored. That procedure is still not sufficient since it does not guarantee that the modified stream has the same format as the original. U.S. Pat. No. 6,185,306 concerns a procedure for transmitting encrypted data from a Web site to a requesting computer. That procedure, however, allows the user to have at a certain moment all the tools necessary for copying the data.
WO 01/97520 discloses methods, procedures, and devices for controlling the transmission and recording of the numerical content of type MPEG-2. However, that publication does not present anything specific for audiovisual documents of type MPEG-4. Moreover, the method is inadequate for small bandwidth telecommunication networks, because it substitutes all or part of the images [here the original French text contains the character ‘I’ which is untranslatable—Tr.] of which the byte load is very costly during transmission of the second stream.
Finally, “Cryptographie des télécommunications” (“Cryptography of telecommunication”) by Henri Gilbert and Marc Girault, journal “pour la science” (“For the science”), series July-October 2002, pages 80 to 85, discloses a system to secure a chip card with a dynamical certificate: a chip identifies itself to an access administrator by supplying an identifier and a variable “question” produced by the access administrator. That system guarantees that if an individual clones a chip card with the intention of using it in a fraudulent way, the clone would not be able to identify itself to the access administrator. This system is however limited by its asymmetry.