PREVENTING REPLAY ATTACKS ON DIGITAL INFORMATION DISTRIBUTED BY NETWORK SERVICE PROVIDERS

摘要

A technique for preventing replay attacks on digital information distributed by network services providers. At the beginning of a subscription period for a service, a network service provider sends entitlement messages to the subscriber which provide the subscriber for the service with a session key (110) and authorization information (214). The authorization information specifies a service (213) and a period of time (205). When an encrypted instance of a service is distributed on the network, it is accompanied by a series of entitlement control messages. Each of the messages includes a value which can be used with the session key to obtain a control word for decrypting the encrypted instance and a time specifier. The subscriber equipment which decrypts the instance of the service does so only if the time specifier in the entitlement control message specifies a time within the time period specified by the authorization information.