METHOD FOR OPERATING A CONDITIONAL ACCESS SYSTEM TO BE USED IN COMPUTER NETWORKS AND A SYSTEM FOR CARRYING OUT SAID METHOD

摘要

The invention relates to a broadcasting and receiving system and to a sys tem for conditional access thereto. Said invention makes it possible to retr ansmit a content protected by a provider in a computer network and to preser ve the subscriber control by the content provider. The inventive digital med ia system in a computer network comprises a set of servers which are used fo r adapting the provider content flows and assigning IP addresses of the comp uter system thereto and which are accessible via a set of network terminals (STB or personal computers) containing a content player (audio, video, game) , a descrambler (decoder) and a content request module connected to servers, which are used for controlling a subscriber access to a local computer netw ork, and to a validator server which provides session keys required for prot ecting control words of the provider content. The session keys and flow adap ting servers of a controllable computer system are used for encoding control words which protect the provider content and afterwards are introduced into control right messages of a content flow and the access control of the netw ork terminals of the subscribers to the IP addresses assigned to the adapted provider content flows are organised by control and configuration means of the controllable computer system. The reports on the access of the subscribe rs of a controllable computer system to the IP addresses of provider content flows are analysed by the access control server by comparing them with the messages of the validator computer. When the messages of the server validato r about the authorised access of a subscriber to the content, which is reque sted by said subscriber according to the IP address translation of the provi der content, are absent, the access control server denies the access. The ac cess is initiated by means of the message exchange procedures between the ac cess control server, network terminal and the validator server, and the succ essfully authorised access is used for transmitting the IP address of the co ntent flow selected by the subscriber and for forming a protected communicat ions channel between the network terminal and the server validator. The proc edure for reproducing the contemn flow to the network terminal consists in r eceiving by the terminal the content flow on the IP address thereof, in demu ltiplexing a right control message therefrom, in decoding control words by m eans of a session key, in descrembling the content data by means of the cont rol wards and in reproducing them by means of a player. The actual session k eys are received by the network terminal upon requests via a protected commu nications channel in the messages of the validator server. The control of th e content provider rights consists, in this case, in that the flow reproduct ion can be stopped by the computer network operator by denying the access of a given network terminal to the content IP address in the controllable comp uter system on a subscriber port and on the initiative of a validator server by the failure thereof to provide a session key requested by the terminal. The important advantage of said method consists in the possibility of paying for the provided content directly to the provider thereof by using the prep aid PIN-code cards issued by said provider.