1. Field of the Invention
The invention relates to interactive television systems and more particularly to a system and method for selectively inhibiting verification of interactive television content which can be trusted while verifying content which is not trusted.
2. Description of Related Art
An interactive television network may implement a variety of measures to maintain the security and quality of transmitted programs. Different networks may not implement the same measures, so the different networks may have different levels of security or quality.
Some networks may have very low levels of security and/or quality. For example, in a horizontal xe2x80x9cfree to airxe2x80x9d television network, many service providers may be allowed to transmit interactive television content directly to a user without network operator control and without any assurance that the content meets the level of quality expected by the manufacturer of the interactive television receiver. As another example, shared media such as the Internet or cable networks may allow third parties to easily modify content which is being transmitted from a sending party to a receiving party. In these networks, content that reaches a receiver cannot be trusted to meet the security and/or quality standards of the receiver, either because a third party may have tampered with it, or because it may not have been initially transmitted with the expected level of quality.
Other networks may have much higher levels of security and/or quality. For example, a network may be completely controlled by a network operator or its partners e.g., a vertical pay TV satellite network.) The content transmitted over this network can be verified before it is transmitted so that it will have the level of quality expected by the receiver. Furthermore, it may be extremely costly for a third party to tamper with the content transmitted over this type of network, so it may be assumed that the content has not been modified by a third party. The content that reaches the receiver can therefore be trusted to meet the applicable quality and security standards.
In order to ensure that interactive television content delivered to a receiver meets the appropriate quality and security requirements of that receiver, the content may be verified by the receiver. Verification may ensure that a piece of content was created by a particular producer (i.e., authenticating it,) that the piece of content has not been tampered with during transmission, that the piece of content has appropriate access rights, or that the piece of content complies with a particular specification (e.g., a programming specification.) Verification may entail processing signatures or credentials which accompany a particular piece of content (e.g., in authentication,) comparing data structures to a specification (e.g., in byte code verification against a programming specification,) or other time-and resource-consuming operations.
It may not always be desirable to verify each piece of content. While content in a low security network may need to be authenticated to ensure that it has not been tampered with, content in a high security network may not need to be authenticated because there is little risk that the content has been produced by an unauthorized source, or has been tampered with. Further, if the quality of the content could be ensured prior to transmission, there would be no need to verify the quality of the content at the receiver. In situations in which there is some assurance of quality and/or security, verification of the content would be a waste of time and resources. It would therefore be desirable to provide a system and method for distributing interactive television content which allows verification procedures to be performed on a selective basis.
The invention comprises a system and method for controlling verification of interactive television content which may include both trusted and non-trusted information. Trusted content may include information received from a trusted source. Trusted content may also include information which, although received from a nontrusted source, is itself identified as trusted information. xe2x80x9cTrustedxe2x80x9d is used herein to refer to content and/or sources of content for which a receiver has assurance that there is no need to verify the content. For example, there may be assurance that the content is authentic or that the content meets a level of quality expected by the receiver, so that it is not necessary to verify these qualities.
In one embodiment, a method comprises providing a notification to an interactive television receiver to enable the receiver to skip costly verification procedures. Interactive television content which is transmitted to the receiver is identified as trusted or non-trusted content. Portions of the interactive television content which are nontrusted are verified using normal procedures. Portions of the interactive television content which are trusted do not have to be verified, so verification of the trusted content is inhibited.
The identification of the trusted content may be through identification of one or more trusted sources of content, or through identification of particular pieces of content which can be trusted. The trusted content may be identified either positively (e.g., xe2x80x9capplication A is trusted,xe2x80x9d) or negatively (e.g., xe2x80x9call applications except application B are trusted.xe2x80x9d) The authenticity of the notification itself may be ensured by delivery through a trusted means, identification as trusted content, or verification of the notification (e.g., by using a signature.) The notification may include an expiration date after which the notification is no longer valid. The notification may also include an identifier and a version number. When a notification having the same identifier and a later version number than a previous notification is received, the subsequent notification supersedes the previous one.
The notification may be transmitted to the receiver with the trusted content or it may be transmitted prior to transmission of the trusted content. The notification may also be fetched by the receiver when particular content has been received. The notification may be transmitted to the receiver using the same means as the interactive television content, or it may be delivered by different means. If the notification is to be transmitted with the trusted content, it may be included in the system information for the transmission (e.g., descriptors associated with the transmission.) The notification may also be included in signed data for a particular application or module. If the notification is to be transmitted apart from the trusted content, it may, for example, be pushed in a conditional access Entitlement Management Message (EMM,) or it can be transmitted (either pushed or pulled) over a point-to-point connection.
In one embodiment, an interactive television receiver is configured to receive interactive television content. A notification is provided to the receiver. The notification identifies as trusted content some portion of the interactive television content which is delivered to the receiver. The receiver is configured to verify content which is not trusted, but is configured to inhibit verification of trusted content. The receiver thereby avoids re-verification of content which is already trusted. (In another embodiment, the receiver may be configured as a default to not verify any content unless it is identified as non-trusted.)
The receiver is employed in an interactive television system. The receiver is coupled to one or more sources of interactive television content through delivery mechanisms such as a broadcast networks or a point-to-point connections. The sources provide trusted and/or non-trusted content to the receiver. Notifications may be delivered to the receiver through the same delivery mechanisms as the interactive television content itself, or they may be delivered by a separate mechanism. After the content has been verified, or verification of the content has been inhibited, the content is processed by the receiver and output to a television (or remote control or other device) for presentation to a user.