The present invention concerns the domain of receivers/decoders of conditional access services, in particular an access system to an encrypted data stream calculated by a unit of time.
As an example of such data stream, we mean an information service about the stock exchange, weather forecast, general interest television, a sports event or others. These contents can be broadcasted on user units such as a pay-TV decoder, a computer, a portable phone, a “palm-top”, a PDA, a radio, a television, or a multimedia terminal.
The digital stream is encrypted in order to be able to control use and define conditions for such use. This encryption is carried out thanks to control words, which are changed at regular intervals (between 5 and 30 seconds) in order to dissuade any attack aiming to find such a control word.
In order to allow the user unit to decode the stream encrypted by a control word, the latter is sent to it independently of the stream, in a control message (ECM) encrypted by a key suitable for the transmission system between the managing center (CAS) and the security module of the user unit.
In fact, the security operations are carried out in a security module (SC), which is generally in the form of an inviolably reputed microchip card. This unit can be either of a removable type or directly integrated to the user unit dealing with signals such as a paying TV decoder or a DAB receiver. In fact, the functioning of the invention authorizes the use of a user unit without a removable security module.
At the time of decrypting the control message (ECM), it is verified, in the security module (SC), that the right to accede to the considered stream is present.
This right can be managed by authorization messages (EMM), which load such a right into the unit (SC). Other possibilities are also possible such as the sending of decrypting keys.
The accounting of the use of such contents is today based on the principle of subscription, of purchasing events or of paying by time unit.
The subscription allows defining a right associated to one or several diffusion channels and allows the user to obtain these channels unscrambled if the right is present in his security module.
At the same time, it is possible to define rights specific to some contents, such as a film or a football match. The user can acquire this right (purchase for example) and these contents will be specifically managed by this right. This method is known under the denomination “pay-per-view” (PPV).
With regard to payment by the time unit, the security user unit comprises a credit that is debited according to the real consumption of the user. So for example, a unit will be debited each minute to this credit whichever the watched channel. It is possible according to the technical implementations, to vary the accounting unit, either in length, or in value per allowed time, even by combining these two parameters to adapt the invoicing to the kind of transmitted product.
At the time of decrypting the control words, it will be verified if an associated right to access conditions is present in the security module.
The control word is returned in a decrypted form to the user unit only when the comparison is positive.
This way of functioning demands that the managing center knows the user, his physical address, his bank details as well as all the payment traffic which allows him to renew his rights.
In fact, the principle of the subscription is based on the renewal obligation that is to say that a right cancels itself if it is not renewed. This way of proceeding avoids that anyone who subscribes to all the channels available terminates their subscription and arranges it so that the termination message does not ever reach its user unit. That is why such a right includes a time limit and its right for all the channels, if it is not renewed, cancels automatically at the end of a month for example.
One imagines thus the work necessary to follow the thousands of subscribers who regularly settle their invoices and to whom it is necessary to send a renewal message each month. Furthermore, such a message must be repeated for several days because the managing system does not know if the user unit is powered on.
It frequently happens that a user who was on holiday and who had switched off his apparatus finds on his return his user unit blocked. It is then necessary for him to call the managing center so that a personalized renewal message is sent to him.
So, a great part of the resources and the costs connected to the management of a center is allocated to the management of the subscribers.
A first solution using an electronic purse is described in document U.S. Pat. No. 6,282,293. The chip card contains a credit that is debited when an encrypted content is accessed. The accounting information is included in the transmitted signal and allows this accounting. To reload the credit, the user unit calls a managing center in order to send the consumed events and to reload the credit according to the terms agreed with this user, for example through a credit card.
In a large number of cases, on the one hand the user unit has no communication channel towards a managing center and on the other hand, one wish to avoid recording all users in a database with their payment means. Thus, this document do not allow to solve the aims of the invention, namely the creation of a set of user units without back channel and without the knowledge of each unit's owner.