1. The Field of the Invention
The present invention relates to controlling the accessibility of resources at a computer system. In particular, the invention relates to using a conditional access system, such as those typically used by cable providers, to modify access control information at client computers, thereby selectively enabling access to or the availability of features of the client system.
2. The Prior State of the Art
During recent years there has been a vast increase in the amount of information available on the Internet and the number of users gaining access to the information. There are also several different ways whereby users can access information on the Internet. One typical technique involves the use of a personal computer equipped with a browser and a telephone modem that allows the computer to use standard telephone lines to access an Internet service provider. There have also been developed set-top boxes that have Internet access capabilities and use a conventional television to display information received from the Internet.
Advanced set-top boxes, which are those that have the ability to access the Internet or to provide other information or entertainment services beyond conventional television, have begun to blur the distinction between conventional television programming and Internet information. For example, viewers can effortlessly switch between viewing a television program and accessing a web site using advanced set-top boxes. The ability to control the information viewed on a television screen and to interactively respond thereto, offers the potential for television viewers to use their television sets to purchase goods, receive customized news, send and receive electronic mail, and perform substantially any other activity that can be performed over the Internet.
For years, cable television providers and digital satellite system (DSS) providers have used conditional access systems to set the level of television service received by customers. For convenience, conditional access systems are primarily discussed herein in the context of cable service providers, although it should be understood that DSS providers and other entities operate comparable conditional access systems. Depending on a programming plan selected and paid for the viewer, the cable operator delivers basic television service, premium channels, pay-per-view, video-on-demand, and other services. In the early days of cable television, when a viewer desired to purchase, say, a premium channel, the cable operator sent a technician to the viewer""s home to manually set a switch in the cable television network in the vicinity of the viewer""s home, thereby enabling the requested premium channels. Later, cable television providers developed automated conditional access systems that allowed a technician at a central location to control which services were to be received by viewers.
A conventional conditional access system operated by a cable service provider includes set-top boxes in the homes of viewers and a conditional access controller at the cable head end. Each community served by a particular cable service provider might have a single cable head end with its associated conditional access controller. When a customer requests enhanced cable television services, such as a premium channel, a technician at the cable head end enters a code into the conditional access controller. The conditional access controller then electronically transmits a command to the set-top box at the viewer""s home via coaxial cable, fiber optics, or another transmission link. The set-top box responds to the command by activating the requested premium channel by, for example, enabling a signal descrambler at the set-top box. Likewise, the cable service provider can deactivate programming services by sending an appropriate command to the set-top box from the conditional access controller.
Including processors, modems, and other components in set-top boxes to allow them to access the Internet has greatly increased the variety and scope of entertainment and information services that can be delivered to viewers from cable television providers, DSS providers, Internet service providers, web sites, and other content providers. With the increase in the number and variety of services available, it has become desirable from a business standpoint to allow subscribers to select which entertainment and information services are received. Permitting subscribers to select which entertainment and information services are to be received could allow content providers to offer a range of service plans, thereby enabling consumers to pay for only the services that are of interest. Those who want enhanced services can pay a premium, while those who want no more than basic service need to pay only a relatively small fee.
There are basic server-based and client-based techniques for enabling an Internet users to have access to a particular level of Internet service, such as unlimited World Wide Web access, hourly access, or simple e-mail access. For example, when an Internet user logs on to an Internet service provider, the Internet service provider can deliver an appropriate level of service and can bill the user on a flat fee basis or an hourly rate based on the identity of the user. This approach to enabling access to selected levels of an information service is based at the server. An alternate, client-based approach uses software at the client for enabling access to selected levels of an information service. The client-based approach requires the service provider to have access to the client software to change access settings in response to the level of service provided by the user.
Neither of these conventional approaches to granting access to a selected level of service of an information service are sufficiently flexible to allow service providers and users to pick and choose from among a large number of information and entertainment services. Neither of these approaches can be easily used by cable television providers in conjunction with set-top boxes, because they require a significant investment in computing resources or they require communication with clients in much different ways than have been traditionally practiced using conditional access systems. Moreover, for cable television providers and other entities that want to maintain control over the activity of set-top boxes or other client systems, the server-based approach is not particularly useful, since the access control activity takes place at the server, while the set-top box is potentially capable of interacting with other servers or content providers.
In view of the foregoing, there is a need in the art to provide access control systems residing primarily at the client that can be easily managed and configured by a cable television provider or another content provider. It would be advantageous to provide such access control systems that could be administered by cable television providers that have conditional access system without requiring the cable television providers make significant investments in computing resources. It would also be an advancement in the art if such access control systems were sufficiently flexible to regulate access of client systems to any desired type of number of resources, entertainment services, or information services.
The present invention relates to using a conditional access system, such as those used by cable television providers and DSS providers, that have been adapted to configure access control information at advanced set-top boxes or other client systems. The access control information can regulate the availability of information and entertainment services, such as Internet access, electronic programming guides, and the like. The access control information can also regulate the ability of scripts received by a client system from a web site to access objects defined at the client system. Controlling the ability of scripts to access or modify objects selectively limits the ability of web sites to control features and properties of client systems. Examples of access control information that can be adapted to function according to the invention are disclosed in co-pending U.S. patent application Ser. No. 09/287,666, filed Apr. 7, 1999, entitled xe2x80x9cSet Top Box Object Security System,xe2x80x9d which is hereby incorporated by reference.
According to one aspect of the invention, a client system maintains access control information that controls the availability of information or entertainment services or the ability of scripts to access objects at the client system. When a remote entity, such as a cable television provider, is to modify the access control information, a conditional access system controller at the remote entity generates a command and an associated token. The command represents instructions whereby the access control information is to be modified or supplemented. The token, as interpreted by the client system, indicates which portion of the access control information is to be modified or supplemented. The conditional access system controller and the communication link connecting the remote entity and the client system can be adapted from conventional conditional access systems that are used to control access to premium channels.
In one implementation of the invention, the access control information stored at the client system includes one or more entries each representing a particular television service, information service, or entertainment service. Each entry has a token identifier that corresponds to the tokens that accompany the commands that are sent from the conditional access system controller. In order to permit conventional conditional access systems to be readily adapted to perform the invention disclosed herein, the tokens can have a format that conforms to a television naming convention. For instance, conventional conditional access systems that regulate access to premium channels typically identify the premium channel by a short code, such as one having four alphanumeric characters. Similarly, a command to enable a particular information service can be accompanied by a token having a small number, such as four, of alphanumeric characters representing the information service. Comparing the identity of the token that accompanies a conditional access command with the token identifiers of the access control information determines which of the entries are to be modified by the command.
Depending on the capabilities of the conditional access system with which the invention is used, the commands can be instructions to change the access control information so as to switch a service on or off, or can be as complex as desired. For instance, the commands can cause an entirely new entry in the access control information, change the access permission granted to selected scripts with respect to objects at the client system, or otherwise modify the access control information.
The techniques of the invention enable cable television providers, DSS providers, and other entities that traditionally use conditional access systems to conveniently regulate the availability of resources, information services, and entertainment services to advanced set-top boxes. Cable television providers who provide advanced set-top boxes to customers do not need to establish an expensive system for controlling the ability of resources at the set-top box in addition to the conditional access system. Adapting a conventional conditional access system to perform the functions disclosed herein can significantly reduce the cost needed to establish enhanced information services through set-top boxes and allows cable television providers to use the billing systems, operator screens, and transmission equipment associated with conditional access systems in novel ways. The access control system of the invention are client-based, in that they employ access control information residing at client systems, yet can be configured by a remote entity.
Additional objects and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objects and advantages of the invention may be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. These and other objects and features of the present invention will become more fully apparent from the following description and appended claims, or may be learned by the practice of the invention as set forth hereinafter.