1. Field of the Invention
This invention relates generally to security in data communication systems, and more specifically to a system and a method for providing security in data communication systems where multiple users are coupled to a common receiving system.
2. Related Art
In any data transmission system, security is a major concern. The sender of data wants to ensure that only authorized users may gain access to the data, but not unauthorized users. In general, where there is only one user connected to a receiver, such as in a typical Direct Broadcast Satellite (DBS) system used for television services, a method known as Conditional Access is used to provide the user with the data. Conditional Access is a method for providing authorized reception of DBS transmissions.
In a DBS transmission system, a service provider uses a Broadcast Operation Center to provide the transmission. For example, suppose a movie or other program is to be transmitted to a customer. According to the Conditional Access method, at the Broadcast Operation Center, the data representing the movie is scrambled and transmitted via satellite. The transmission is performed with an uplink from the Broadcast Operation Center to a satellite and then to customers. The downlink indiscriminately covers a wide geographical area known as a footprint. Many customers within the footprint will be able to receive the transmission, but only those customers who have been authorized by the DBS service provider (i.e., those customers who have ordered the movie) will be able to descramble the signal. To receive and descramble the signal, a customer uses a satellite receiver dish and a decoder. The decoder contains the algorithms needed to descramble the signal, but will require certain data keys or additional algorithms to do so. These are provided by the DBS service provider, either on demand for transmissions such as pay-per-view movie, or on a subscriber basis for transmissions such as a movie channel.
In the example of a DBS transmission, the transmission signal is in the MPEG-2 format. MPEG-2 transmits several types of messages. One of these types is called the Entitlement Control Message. The Entitlement Control Message describes the content of the transmission, such as identifying the movie, and is intended for all service subscribers. The subscriber uses the Entitlement Control Message to identify which transmission they are to receive. Another type of message is called the Entitlement Management Message. The Entitlement Management Message describes the permission, or the Conditional Access method, and is intended for authorized recipients only. Another message stream is the content itself (i.e., the scrambled movie).
For example, the Broadcast Operation Center sends a transmission which the Entitlement Control Message declares it to be a pay-per-view movie and a subscriber needs permission #999 to view it. The subscriber orders this movie and receives permission #999. This may be done over phone lines, as is the case for many current DBS systems. The Entitlement Management Message is then used to validate the permission and to provide the keys or algorithms needed to descramble the content of the message.