U.S. patent application number 14/917090 was filed with the patent office on 2016-07-28 for method for controlling access to broadcast content.
The applicant listed for this patent is NAGRAVISION S.A.. Invention is credited to Scott JANTZ, Nir LIVAY, Jose-Emmanuel PONT, David SERVIGNAT, Frederic THOMAS.
Application Number | 20160219319 14/917090 |
Document ID | / |
Family ID | 49237109 |
Filed Date | 2016-07-28 |
United States Patent
Application |
20160219319 |
Kind Code |
A1 |
SERVIGNAT; David ; et
al. |
July 28, 2016 |
METHOD FOR CONTROLLING ACCESS TO BROADCAST CONTENT
Abstract
The present invention relates to the domain of control of access
to audiovisual content transmitted to a receiver, in particular
control based on the localization of the receiver. This invention
proposes a method of control of access to content transmitted to a
receiver, said receiver being part of an access geographic control
system comprising verification means and security means, the method
comprising the following steps: acquisition of a current
localization by a portable device, transfer of the current
localization to the verification means, extraction, in a memory of
the verification means, of a localization data set defining at
least one area, verification, by the verification means, that the
current localization is included in said area, and if so,
transmission of an authorization message for the reception of the
audiovisual content to the security means relative to the
receiver.
Inventors: |
SERVIGNAT; David; (Ceyreste,
FR) ; PONT; Jose-Emmanuel; (Cheseaux-sur-Lausanne,
CH) ; THOMAS; Frederic; (Onex, CH) ; JANTZ;
Scott; (Gainesville, FL) ; LIVAY; Nir;
(Gainesville, FL) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
NAGRAVISION S.A. |
Cheseaux-sur-Lausanne |
|
CH |
|
|
Family ID: |
49237109 |
Appl. No.: |
14/917090 |
Filed: |
September 4, 2014 |
PCT Filed: |
September 4, 2014 |
PCT NO: |
PCT/EP2014/068805 |
371 Date: |
March 7, 2016 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
61877297 |
Sep 13, 2013 |
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04N 21/422 20130101;
H04N 21/2541 20130101; H04N 21/41407 20130101; H04N 21/4524
20130101; H04N 21/4627 20130101; H04N 21/25816 20130101; H04N
21/26606 20130101; H04N 21/4126 20130101; H04N 21/4753 20130101;
H04N 21/25841 20130101; H04N 21/4181 20130101; H04N 21/4623
20130101; H04N 21/42204 20130101; H04N 21/4223 20130101 |
International
Class: |
H04N 21/258 20060101
H04N021/258; H04N 21/414 20060101 H04N021/414; H04N 21/266 20060101
H04N021/266; H04N 21/4627 20060101 H04N021/4627; H04N 21/475
20060101 H04N021/475; H04N 21/422 20060101 H04N021/422; H04N 21/254
20060101 H04N021/254; H04N 21/45 20060101 H04N021/45 |
Foreign Application Data
Date |
Code |
Application Number |
Sep 27, 2013 |
EP |
13186380.5 |
Claims
1. A method for controlling access to content transmitted to a
receiver, said receiver being part of an access geographic control
system comprising verification means and security means, the method
comprising: receiving a verification invitation message by the
receiver; obtaining or generating a unique code by the receiver;
transmitting, to said verification means, said unique code or
information that allows verification of the unique code;
transmitting said unique code to a portable device; receiving, by
the verification means, a current localization and the unique code
from the portable device; verifying the unique code received by the
verification means, and if the code is correct; extracting, from a
memory of the verification means, a localization data set defining
at least one area; and verifying by the verification means that the
current localization is included in said area, and transmitting an
authorization message for the reception of the audiovisual content
to the security means of said receiver in response to the current
localization being included in the area.
2. The method according to claim 1, wherein the receiver on
reception of the verification invitation message, generates the
unique code and transmits the unique code to the portable device
and to the verification means.
3. The method according to claim 1, wherein the receiver extracts
the unique code from the invitation message and transmits the
unique code to the portable device and to the verification
means.
4. The method according to claim 1, wherein the receiver displays
the unique code on a screen connected to said receiver and the
portable device comprises means for acquiring the unique code.
5. The method according to claim 4, wherein the receiver displays
an alphanumeric image on the screen representing the unique code,
the portable device comprises a keyboard for entering the unique
code.
6. The method according to claim 4, wherein the receiver displays
an image representing the unique code, and further comprising:
acquisition of acquiring the image by an optical reading device of
said portable device; and converting the image to obtain the unique
code in order to add it to the current localization.
7. The method according to claim 3, wherein the receiver includes
local communication means with the portable device, the unique code
being sent via the local communication means.
8. The method according to claim 1, wherein the receiver has a
remote control, and wherein the portable device is the remote
control of said receiver.
9. The method according to claim 1, wherein the verification means
are integrated into said receiver, and the receiver comprises local
means for communication with the portable device for receiving the
current localization and the unique code.
10. The method according to claim 1, in which the portable device
is a smart accessory comprising a Global Positioning System (GPS)
module and having local means for communication with said receiver,
said communication means using an encryption key to secure the
message exchanges, further comprising, carried out by the smart
accessory: downloading and loading an application in a memory of
said smart accessory; accessing a management center and identifying
the receiver at said management center; retrieving, from the
management center, an encryption key corresponding to said
receiver; and using said encryption key to encrypt and/or sign the
current localization data.
11. The method according to claim 1, wherein the verification means
are located in a management center and wherein the portable device
includes means for communication with said management center
independent of the receiver.
12. The method according to claim 1, wherein the verification means
are located in the receiver, and that the portable device includes
means for communication with said management center independent of
the receiver, said center transmitting a message to said receiver
containing at least the received localization and the unique
code.
13. A system for reception of transmitted audiovisual content,
comprising: a receiver comprising verification means and security
means and a screen output; and a portable device configured to
acquire a current localization and transfer said current
localization to the receiver; the receiver being configured to
transmit a unique code to said portable device, the portable device
being configured to receive said unique code and to compose and
transmit to the receiver a message comprising a current
localization and said unique code, said verification means being
configured to verify the unique code and to determine if the
current localization is included in an authorization area and, in
response to the current localization being in the authorization
area, to transmit an authorization message for the reception of the
audiovisual content to the security means.
14. The system according to claim 13, wherein the receiver includes
means for generating the unique code, to transmit the unique code
to the screen output and to the verification means.
15. The system according to claim 13 wherein the portable device
includes an optical reading device configured to acquire an image
being displayed on the screen connect to the screen output and
converting it in order to obtain the unique code.
16. The system according to claim 13, wherein the portable device
is a remote control configured for controlling the receiver, or a
smart phone.
17. A receiver for reception of transmitted audiovisual content,
comprising: an interface for receiving the audiovisual content; a
verification means; and a security means; the receiver being
configured to transmit a unique code to a portable device, and
receive from the portable device a message comprising a current
localization and said unique code, said verification means being
configured to verify the unique code and to determine if the
current localization is included in an authorization area and, in
response to the current localization being in the authorization
area, to transmit an authorization message for the reception of the
audiovisual content to the security means.
Description
[0001] The present invention relates to the domain of control of
access to audiovisual content transmitted to a receiver, in
particular control based on the localization of the receiver.
PRIOR ART
[0002] There are several applications which require the geolocation
of a receiver in the domain of transmission of audiovisual content.
A first reason is the blackout function which consists in
preventing the receivers in certain regions from accessing the
content. This function has been introduced by the organizers of
sports events in order to forbid the receivers which are in the
same region as the event to access the event. This is to encourage
the interested people to come and see the event rather than
watching it in front of a television screen.
[0003] A second reason is the "account packing" function, that is
the offer of a second or third content receiver at a reduced price.
The condition is that these receivers remain in the same household
to take advantage of the reduction. It is tempting to buy a second
receiver at reduced price and install it at a friend's home. The
knowledge of the position of the receivers allows to verify if the
condition of proximity of the receivers is met.
[0004] A third reason which is similar to the "blackout" function
is the management of broadcast rights by territory. An operator
acquires the broadcast rights for a given territory. Nevertheless,
a transmitted signal cannot follow arbitrary frontiers and the
signal extends beyond the authorization area. The operator is then
asked, in order to comply with their legal obligations, to set up
technical means to avoid that the receivers out of their area be
able to access the content.
[0005] That is why according to prior art (for example U.S.
6,317,500) it has been proposed to integrate a geolocation system
in the receivers in order to control the access to the content.
[0006] The defect of these systems is that the reception of the
geolocation satellites is not generally possible inside houses or
flats. The object of the present invention is to provide a solution
to this problem.
BRIEF DESCRIPTION OF THE INVENTION
[0007] The object of the present invention is to propose a
localization verification method which cannot be circumvented by
the simple transmission of a localization by a portable device
situated far from the receiver, in particular to avoid that when
the receiver is out of the authorization area, a portable device
situated in the area is used for acquiring the localization and
transmit it to verification means.
[0008] The present invention proposes a method for controlling
access to content transmitted to a receiver, said receiver being
part of an access geographic control system comprising verification
means and security means, the method comprising the following
steps: [0009] receiving a verification invitation message by the
receiver, [0010] obtaining or generating of a unique code by the
receiver, [0011] transmitting, to said verification means, said
unique code or means to verify said unique code, [0012]
transmitting said unique code to a portable device, [0013]
acquiring a current localization by the portable device, [0014]
transferring the current localization and the unique code of the
portable device to the verification means, [0015] verifying the
unique code received by the verification means, and if the code is
correct, [0016] extracting, in a memory of the verification means,
a localization data set defining at least one area, [0017]
verifying by the verification means that the current localization
is included in said area, and if so, transmitting an authorization
message for the reception of the audiovisual content to the
security means of said receiver.
[0018] The particularity of transmitted content is that it is sent
to a plurality of receivers without the transmitter having a
control over the receiver, as it happens in a point-to-point
connection. This kind of transmission can be made by radio waves,
by cable, by satellites or by broadcast over IP.
[0019] The particularity of this method is to use existing
localization means of a portable device such as a smart accessory
(mobile phone, tablet, multimedia reader) to complete the
functionalities of the receiver. According to a particular
embodiment, the portable device is the remote control of the
receiver in which localization functions (such as a GPS) are
integrated. The localization acquired by the remote control is then
transmitted to the receiver.
[0020] The localization is not limited to GPS data but can be also
obtained by reception of identifiers of antennas of mobile phone
network or broadcast-type transmission with identifier of the
transmitter. The identifier of such an antenna is thus a
"localisation" in the sense of the present invention. The
localization means include the acquisition of GPS coordinates, the
acquisition of a mobile network or local broadcast identifier.
[0021] According to the different embodiments, it is considered
that the security means are part of the receiver. The verification
means can be integrated in the receiver or be part of a management
centre. In the first case, the verification means as well as the
security means may be only one security element located in the
receiver. In the second case, the verification means of the
management centre interact with the security means of the receiver
to authorize/forbid access to the content.
[0022] As mentioned above, the portable device includes
localization means.
[0023] There are two types of portable device, the first type
having its own communication means with the management centre and
the second type in the impossibility to communicate with the
management centre.
[0024] The remote control is part of the second category and will
communicate the localization acquired directly to the receiver. To
this aim the portable device has means for local communication with
the receiver, which may be the infrared communication of the remote
control, a connection according to NFC protocol or Bluetooth.
[0025] In the case of the first type, the communication of the
localization can also be made directly to the receiver by local
communication means (NFC, Bluetooth) or be addressed to the
management centre. The devices of the first type may thus have
local communication means and remote communication means. It is
possible to have a device which has the two communication means
(for example a smartphone) but only uses one kind of means in the
context of this invention.
[0026] According to a preferred embodiment, the communication
between the portable device and the receiver is secure. This means
that only a portable device known by the receiver can communicate
with it.
[0027] In order to achieve this aim, the data exchanged between the
portable device and the receiver is encrypted by a key shared by
the portable device and the receiver.
[0028] In case of the remote control, this key can be loaded in the
two entities during initialization and no adjustment has to be done
afterwards. In the case of a smart accessory, an initialization
operation is to be done by the user before being able to authorize
the dialogue with the receiver. This initialization allows to load
the encryption key in the smart accessory corresponding to the
receiver.
[0029] The receiver receives a message from the management centre
of the totality of the receivers containing an instruction for
localization verification. This message, transmitted by the
broadcast means or via a dedicated channel, may be addressed to a
receiver, a group of receivers, or all the receivers.
[0030] The message may contain a localization data set which will
define the authorization area for the receiver or the group of
receivers, or simply contain a verification command. In the latter
case, the data set defining the authorization area has been
memorized in the receiver, either at the initialization preceding
the activation, or thanks to a setup message (EMM) sent to the
receiver or to a group of receivers. In the case of a globally
addressed message, if the message contains the data set defining
the authorization area, this area defines the whole activity area
of the operator. The data set can be in the form of several points
of geographic coordinates (for example 3 to define a triangle)
defining a polygon containing the authorization area. This set can
be a list of antenna identifiers to which the smart accessory is
supposed to connect, for example mobile phone network antennas or
DVB-H transmission antenna.
[0031] Once the message is received by the receiver, a unique code
is determined by the receiver, which code may be either contained
in the verification message or generated by the receiver. This code
is also transmitted to the verification means, or the data allowing
the verification means to verify the code. The unique code is then
transmitted to the portable device, either in an electronic way by
using local communication means (Bluetooth; NFC) or via the display
of a piece of information on the screen, information which is then
acquired by the portable device to obtain the unique code.
[0032] The user will thus use the portable device to acquire their
position. In case of the remote control, a button triggers the
research of the localization (for example research of the
geolocation satellites) and the user may place themselves near a
window to have a good reception.
[0033] Once the position is acquired, the portable device composes
a localization message containing at least the current localization
and the unique code. According to one embodiment, the receiver is
located near the receiver and the transmission of the localization
message can be done. According to another method, the receiver has
remote communication means and can thus send the localization
message directly to the management centre.
[0034] The receiver extracts from the data a localization and
control data. The control data is used to ensure that the
localization has just taken place by verifying for example the date
attached to the data.
[0035] In the mode in which the portable device has means for
communication with the management centre, these localization data
are transmitted to the management centre which has two options,
either directly carrying out the verification to ensure that the
localization is in the authorized area (the verification means are
thus at the management centre), or transmit, in a personal message
(EMM), this localization to the receiver for it to carry out the
verification (the verification means are thus in the receiver).
BRIEF DESCRIPTION OF THE DRAWINGS
[0036] The present application will be better understood thanks to
the detailed description based on the figures:
[0037] FIG. 1 shows the system of the invention,
[0038] FIG. 2 shows the communication operation between a smart
accessory and a management centre,
[0039] FIG. 3 shows the data exchange using the SMS technique,
[0040] FIG. 4 shows the elements in the data exchange using the SMS
technique,
[0041] FIG. 5 shows the display of an identification code on the
screen of the receiver.
DETAILED DESCRIPTION
[0042] Several ways of realisation are proposed in the context of
the present application. The common points are: [0043] a receiver
STB receives transmitted data for which it is desired to
geographically control the access, [0044] a screen SCR is connected
to the receiver and allows to display the transmitted data, [0045]
a portable device which is not connected in a permanent way to the
receiver, allows to acquire a localization. This localization can
be a geolocation (GPS) or the reception of an identifier
transmitted by a local antenna. This antenna can be a mobile phone
network antenna (GSM) or a broadcast antenna of the type DVB-H,
[0046] verification means, which contain one or more reference
localizations and which allow to verify if the current
localization, as acquired by the portable device, is in an
authorization area. These reference data can be specific to a user,
a user group, or all the receivers of an operator. [0047] a
transmission by the portable device of the acquired localization
towards the verification means in order to carry out the above
described verification, [0048] security means, connected to the
receiver, to authorize or forbid the access to the transmitted
data, according to the result of the verification done by the
verification means, [0049] a unique code, unique in the sense that
it will not be reutilized during the next localization
verification, is transmitted from the receiver to the portable
device, the latter associating the localization data with the
unique code, the verification means being capable of verifying the
authenticity of said unique code received with the localization
data. This code is unique per verification process, namely it can
further be unique per receiver or the same at a given time on
several receivers.
[0050] The user's receiver STB includes means for receiving a flow
of transmitted audiovisual data. Several reception types can be
supported by the receiver like reception by cable, by satellite,
over the air or by IP flow. All these flows have in common the fact
that the same flow is transmitted to a large number of receivers
and that is why the implementation of the access authorization
verification is done at the receiver level. The field of the
present application also covers on-demand transmission such as VOD,
Replay TV. Preferably, the receiver has security means which can be
in several forms: [0051] a dedicated circuit, mounted on the
printed circuit of the receiver and which carries out all the
security operations. This circuit contains a secure memory which
stores the keys and the rights of the user. [0052] a silicon area
of a specialized circuit. The specialized circuit integrates all
the functions of the receiver, in particular the selection of a
flow among several flows, the separation of the audio and video
flows, the decompression, and the management of the display. A
section of this circuit is reserved to security operations and
contains a secure memory storing the data specific to a user.
[0053] an independent module, such as a dongle or a smart card
comprising processing means and at least one secure memory. This
module is connected for example by an USB connector or ISO 7816.
The receiver filters the management messages of the access control
system and sends them to the independent module. The latter treats
them and sends back the keys or information useful for the
functioning of the receiver. [0054] a software module. The central
unit of the receiver can treat several contexts and the security
function is a software which is executed by the same central unit
as the management of the receiver. A special section of the memory
is reserved to this programme and the access to the other
programmes running on the receiver is limited.
[0055] A receiver is identified by a unique number UA. This number
is stored preferably in a memory of the receiver in a permanent way
so as not to be able to be modified without authorization. This
number is not necessarily secret and it is generally printed on the
back of the receiver.
[0056] According to a particular form, the receiver is a module
which connects in a connector of the screen. A known form is the
module PCMCIA but other types of connection (such as USB, FireWire)
are possible. In this case, the supply is provided by the screen
and the dialogue with the user transits through the connector and
uses the means (remote control) of the screen. These modules are
known under the name of CAM (Conditional Access Module).
[0057] Unique Code
[0058] This unique code is at least unique per verification session
and will not be reutilized during another verification stage. It
can be generated by the management centre and sent in the
invitation message to verification or be generated by the receiver
such as a random number. In this case, it will further be unique
per receiver.
[0059] This code is then transmitted to the portable device. This
can be done either by the mediation of the screen (display of the
code on the screen and re-transcription in the portable device) or
directly transmitted thanks to local communication means to the
portable device.
[0060] This unique code must be verifiable by the verification
means. To this aim, these means also receive the unique code
generated in order to be able to compare it with the one
transmitted with the current localization. Alternatively, the
verification means do not receive the unique code but can verify
the authenticity of said code via the personal key of the receiver.
In this case, the verification means contain the personal key of
the receiver and a means to identify the receiver in order to be
able to find its key. By decrypting the unique code received with
the personal key of the receiver supposed to have produced this
unique code, the verification means can verify that the decoded
code meets the rules fixed and known by the receiver and the
verification means. For example, the unique code can be the result
of an encryption of the current date by the personal key of the
receiver. The verification means receive the unique code and the
identifier of the receiver. Thanks to this identifier, the personal
key is retrieved and applied on the unique code. The result of the
decryption should have the format of a date (ex. year, month, day)
for the code to be considered as authentic.
[0061] Several variants of this unique code are provided within the
context of the invention: [0062] this code is contained in the
invitation message and thus generated at the management centre. The
invitation message can be global, that is the unique code will be
the same for all the receivers, or with unique addressing, allowing
to generate, by the management centre, a unique code for each
receiver. If the verification means are located in the management
centre, the unique code is directly transmitted to said means.
[0063] this code is generated by the receiver. It can be a random
number or a datum such as the hour or the date combined with a
personal key. For example, date and time are encrypted by this key
and form the code. The management centre, after having received the
message from the smart accessory comprising code and localization,
can verify the code received by decrypting this code with the
personal key of the receiver. This key is retrieved by identifying
the smart accessory and the receiver to which it is associated.
Once the receiver is known, the personal key which is stored in a
database of the management centre is retrieved. Once the code is
decoded, it is possible to verify that the hour and the date
correspond to a time window following the transmission of the
message by the management centre and thus to validate the unique
code.
[0064] In case of the transmission of this code onto the screen,
the display of this code can be done in an alphanumeric or graphic
form. In this case this code is in the form of an image of the
barcode or QR code type, the smart accessory comprising a camera
for reading this code. This image can contain a large quantity of
information such as the identifier of the receiver or security
means, the date and/or the hour, a unique code. This image is
acquired by a camera of the smart accessory and converted by said
accessory into a data string. This string is then associated to the
localization data which is transmitted to the management centre.
The management centre will be able to verify, in addition to the
localization, that the string corresponds to the image displayed by
the receiver.
First Embodiment
[0065] This first mode is characterized in that the current
localization, acquired by the portable device, is transmitted to
the receiver. It is shown by FIG. 1 and 2. The local device can be
the remote control RMT of the receiver (or of the screen SCR in the
case of the CAM module) and the communication may simply be
infrared connection. The remote control may have another
communication channel such as Bluetooth or NFC. Once the
localization has been acquired and temporarily memorized in the
remote control, the user approaches the receiver and launches the
transfer of this localization towards the receiver STB. The unique
code previously received is joined to the localization data. In
order to secure this localization, the data sent by the remote
control can be further encrypted by a key previously loaded in the
receiver and the remote control. Thus, a couple is created not to
allow another remote control to be used for this purpose.
[0066] In the mode using a smart accessory SP, the principle is the
same, that is the latter acquires the current localization (either
by GPS, by an antenna identifier, or by transmitter triangulation
such as of mobile phone network) and transmits it to the receiver
STB by local communication means with the unique code previously
received. In one embodiment, the communication of the exchanged
data is secured by an encryption. The encryption key can be loaded
by a preliminary connection by the smart accessory to a management
centre during an initialization process. During this process, the
smart accessory receives an invitation to identify the receiver for
example by indicating its identifier. The management centre
searches its database for the encryption key corresponding to said
receiver and sends it to the smart accessory. The latter stores
this key and uses it for transmitting the localization data to the
receiver.
[0067] The management centre can also send an application which is
loaded on the smart accessory and which will manage the
localization acquisition and the transmission of this data to the
receiver. This application will have the personal encryption key of
the receiver dissimulated in the application.
[0068] This localization operation is released by an invitation
message transmitted by the management centre to the receivers to
which it is connected. The message can be sent in the transmitted
signal BS or addressed to a receiver via a direct connection (by IP
protocol by example). This message triggers the obtainment of the
unique code according to the above description.
[0069] The invitation message will also be able to comprise a
maximum duration which is memorized by the receiver, preferably in
its security means. This information allows to verify a duration
that was necessary to obtain a response of the portable device.
During the reception of the localization data and of the unique
code, the duration between the apparition of the message and the
reception of the data is calculated and compared to the maximum
duration. If this calculated duration is superior to the maximum
duration, the verification leads to the rejection of the current
localization.
[0070] It may happen that the invitation message arrives at an
inconvenient time and the window which invites the user to verify
includes a delay option. The user has the possibility for example
to postpone this verification by 30 minutes. Once the time has
elapsed and the user is ready to carry out the verification, the
receiver transmits the unique code. Without the introduction of
this code, the localization by the portable device cannot start. It
is thus not possible to take advantage of the 30-minute delay to
move the portable device to another area.
[0071] Once the localization has been established by the portable
device, the data is sent to the receiver with the unique code
previously introduced. The receiver can then verify that the
received code is the same as the one displayed with the invitation
and calculate the current duration. If the code is correct and the
duration does not exceed the maximum duration contained in the
message, the localization is accepted.
[0072] Once this step is over, the receiver has two options, either
doing the verification itself or delegating this verification to
the management centre.
[0073] In the first case, this means that the verification means
are contained in the receiver. These means are located with the
security means. The receiver has first transmitted the unique code
to said verification means. The verification means have a memory
containing the localization data defining at least one
authorization area. These data can be in the form of a surface
defined by the geolocation positions or a set of antenna
identifiers in the case of a localization by antenna identifier.
The verification means verify that the unique code received from
the portable device is correct, and if so, they verify that the
current localization received from the portable device is within
the area. If so, the receiver continues to function as usual. In
the negative, the receiver can take different measures such as the
transmission of a message to a management centre (this message
comprising the identifier of the receiver and the type of problem
observed), or block, limit, or degrade the functionalities of the
receiver (for example by blocking the HD content and leaving the SD
content).
[0074] For carrying out this verification, the verification means
must have the authorization area. This information can be contained
in the invitation message or be already present in the verification
means, for example loaded during an initialization phase or by the
reception of a setup message such as an EMM (Entitlement Management
Message).
[0075] In the second case, the receiver can have a means for
communication with the management centre, for example by an IP
connection. The current localization and the unique code received
from the portable device are sent to the management centre with the
identifier of the receiver. The management centre includes the
verification means which will, for the received identifier,
retrieve the authorization area and verify if the current
localization is comprised in the area as well as verify the unique
code.
[0076] The management centre can take several measures if the
current localization is outside the area: [0077] mark this
identifier as blocked and no longer send messages containing the
keys which allow the continuation of the reception for this
receiver; the keys are periodically renewed and the receiver has to
receive the new keys to access the content, and/or [0078] send a
blocking message, either by broadcasting, or by the IP way; this
message is treated by the security means of the receiver which will
cease to supply the decryption keys to the decoder of the
receiver.
[0079] Conversely, if the localization is inside the area, the
management centre can also send an EMM message which will renew the
expiration date of the reception rights. This message can be sent
immediately after the verification or later when the keys of the
content encryption system change.
Second Embodiment
[0080] This second mode is characterized in that the current
localization, acquired by the portable device, is transmitted
directly to the management centre with the unique code. For this
purpose, the portable device includes means for localization and
remote communication with the management centre, for example by the
Wi-Fi network, or 3G/4G. This will then be the case of a smart
accessory.
[0081] This mode is preferably associated to a specific application
loaded in the smart accessory which executes the operation of
acquisition of the localization and the transmission of the data.
This localization is triggered in the same way as previously, that
is the transmission of the unique code from the receiver towards
the portable device according to one of the above described
methods.
[0082] The management centre can take several measures if the
current localization is outside the area: [0083] mark this
identifier as blocked and no longer send messages containing the
keys which allow the continuation of the reception for this
receiver; the keys are periodically renewed and the receivers have
to receive the new key to access the content, and/or [0084] send a
blocking message, either by broadcasting, or by the IP way; this
message is treated by the security means of the receiver which will
cease to supply the decryption keys to the decoder of the
receiver.
[0085] Conversely, if the localization is inside the area, the
management centre can also send an EMM message which will renew the
expiration date of the reception rights.
Third Embodiment
[0086] This third mode is based on an intrinsic localization of a
message received by the management centre MC. It is shown in FIGS.
3 and 4. It resumes all the explanations of the previous methods
relating to the mode in which the portable device directly
communicates with the management centre. To this aim the portable
device can be a simple mobile phone without additional
functionality.
[0087] The particularity is that the portable device can be a
mobile phone without localization means. It will not need to
acquire its localization. It will be only asked to send a SMS
message to the management centre, containing for example the
identifier of the receiver or an identification code displayed on
the screen and contained in the invitation message. This
information is not even necessary as the management centre, by
knowing the telephone number, can retrieve the identifier of the
receiver to which it is associated. The code can be produced
according to the above described embodiments.
[0088] The mobile phone sends a message 3 to the management centre
by using the nearest communication tower CT. The communication
tower CT relays the message 4 to the management centre by adding
service data such as the identifier of the tower CT.
[0089] At the reception of the message 4 by the management centre,
the latter extracts the service data in order to identify the tower
which served as first relay to the message sent by the mobile
phone. This identifier becomes the current localization as
described in relation with the above methods. The telephone number
associated with the message allows to retrieve the identifier of
the receiver and thus its data of authorization area(s).
[0090] The same options previously discussed in relation with the
response of the management centre are applicable here. The EMM
message (for example blocking or renewal message) is shown with
reference 5 in FIGS. 3 and 4.
[0091] Independent GPS Module
[0092] In the context of this invention, an independent GPS module
with autonomous supply is proposed, comprising means for wireless
communication with the receiver (such as Bluetooth). The position
of such a module has to be near a window or located outside, which
can make the supply via the network difficult. That is why this
independent GPS module is proposed, supplied by accumulator,
battery, and/or solar collector. An important point is that this
module can be in standby mode most of the time. According to one
embodiment, said module can comprise a clock which will awake the
module at a given time. According to a first embodiment, the
receiver permanently listens to the messages transmitted by said
module. A message will comprise the localization and can also
comprise a module identifier. According to this mode, the module
will transmit the current localization at regular intervals. The
latter is memorized in the receiver and when a verification is
requested by the management centre, the last received localization
is used. In order to optimize the stand-by time of the GPS module,
the management centre, in its invitation message to verification,
may indicate when a successive verification will be done. This
allows the receiver, during a communication with the GPS module, to
indicate when it has to awake. The GPS module can thus be in
standby mode (with a consumption compatible with a solar collector)
during several days. Little time before the arrival of the message
coming from the management centre, the clock of the GPS module
awakes the module and a localization is acquired and transmitted to
the receiver.
[0093] According to another embodiment, the activation of the GPS
module is initiated by pressing a button. When the receiver
displays the verification message, the user will press on the
activation button of the GPS module which will supply the module.
The module will engage the GPS chip and acquire the localization
and transmit it towards the receiver. Then, the module returns to
the standby mode.
[0094] In these embodiments, the module does not receive any unique
code from the receiver. The short range of wireless transmission
will be relied on for guaranteeing the proximity. It is
nevertheless possible to store, in the module and in the receiver,
an encryption key which is unique for this couple. Thus, even if a
third party intercepts the message transmitted by the GPS module,
it will not be understood by another receiver as the localization
data are encrypted with the encryption key specific to only one
couple module/receiver.
[0095] The above different methods and explanations allow to ensure
that the receiver is in a place which is compatible with the
reception rights.
* * * * *