Abstract: A watermarking method converts a watermark message into a Frequency Shift Keying (FSK) signal and embeds the FSK signal in a host signal. The spectral properties of the FSK watermark signal facilitate its detection, even in applications where the watermarked signal is corrupted. Because of these properties, the FSK watermark signal can perform the dual function of identifying the watermark's presence and orientation in potentially corrupted media, and also conveying a hidden message in the host signal. Such a watermark may be referred to as a self-orienting watermark.

Abstract: A digital cable network architecture includes hosts that include a receiver with a hash function generator that calculates hash values based on a hash function and data from memory blocks in the receiver. A policy file store contains policy files having a service provider section, a consumer section, and/or a manufacturer section that can be updated by the service provider, a consumer and/or a receiver manufacturer. A service provider downloads monitor applications (MAs) and policy files to the hosts over the cable medium. The MAs access the service provider section, the consumer section, and/or the manufacturer section of the policy file to alter resource contention, service provisioning, and/or alter fraudulent receiver identification calculations. The hash function of the receiver outputs the hash values to the MA, which compares the hash values to expected hash values to identify fraudulent access.

Abstract: A method for providing secure access to console functions of a computer system and authentication of a console device is disclosed. The method comprises first initiating a first EKE sequence to generate a unique shared secret per device utilizing a default device identifier and associated default shared secret on a system-attached device from which a console operation is desired to be enabled. Then, a shared secret is generated from the first EKE sequence, and the generated shared secret is utilized in place of the default device shared secret in subsequent console authentication procedures for that device. Following, the shared secret is securely stored within a storage location of the system and on the system-attached device. The device's shared secret is subsequently replaced on each connection from that device.

Abstract: An optical medium uses a single structure or format (such as identical materials, layers and the like) for both a region for holding mastered data and a writeable area. In one aspect, a writeable region of a medium with mastered content is used in connection with paying, collecting or accounting for usage or royalties for proprietary intellectual property embodied in or associated with the content. In one embodiment, the (preferably write-once) writeable area can be used for storing later-written information such as annotations, highlighting, reordering, remixing, modifications, supplements, collections, additions, bookmarks, cross references, hypertext or hyperlinks and the like. Preferably, annotations and similar materials can be associated, by the user, with particular portions or content of the mastered data.

Abstract: Method and a device for guaranteeing the integrity and authenticity of data transmitted between a management center and one or several receiver units, wherein each receiver unit comprises a decoder (IRD) and a security unit (SC) and means for communicating (NET, REC) with the management center. The method consists in calculating a check information (Hx) representative of the result of a unidirectional and collision-free function, performed on all or part of the transmitted data and in transmitting the result to the management center for verification. The center will be able to inform the decoder concerning the authenticity of the data through return channels or through the main channel.

Abstract: In an information delivery system, a security device (SD) manages an access to information (INF). The security device (SD) is capable of providing a pointer (PO) which indicates a location (LO) from which additional data (ADA) may be obtained. The additional data (ADA) may be a description of the information (INF) which is offered. For example, in a pay TV system, the information (INF) may be a particular movie of which the description is “James Bond, Dr. No, action category, 12 year and older, broadcast April 19, at 20H30.” In that case, the pointer (PO) may be used to inform a subscriber that his security device (SD) allows him to watch this particular movie. However, the additional data (ADA) contained in the location (LO) indicated by the pointer (PO), may also be software for various purposes such as, for example, playing games or configuring a receiver (REC) which co-operates with the security device (SD).

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: A storage apparatus is capable of using a storage medium having at least a first region for storing therein data and a second region for storing therein both use permission discrimination information indicative of permission of a predetermined access operation and use limit information with respect to the storage medium.

Abstract: Device ID detecting means detects an ID of a device on another party. Next, it is checked whether the device ID is included in historical information stored in authentication histories storing means. If the device ID is included in the historical information, authenticating means performs authentication with authenticating means on another party. Thereafter, when an AV data transmission direction is provided from a user to command input means, the command is notified through command control means to AV data transmitting means which starts transmission of AV data.

Abstract: A system for controlling the distribution and use of digital works using digital tickets. In the present invention, a “digital ticket” is used to entitle the ticket holder to exercise some usage right with respect to a digital work. Usage rights are used to define how a digital work may be used or distributed. Each usage right may specify a digital ticket which must be present before the right may be exercised. Digital works are stored in repositories which enforce a digital works usage rights. Each repository has a “generic ticket agent” which punches tickets. In some instances only the generic ticket agent is necessary. In other instances, punching by a “special ticket agent” residing on another repository maybe needed.

Abstract: A network transaction system applicable to cyberspace banking services using an open network, which allows customers to authenticate themselves through a simplified procedure. A customer's terminal station and a plurality of bank systems are interconnected via networks, and it is assumed that the customer wishes to newly open a bank account in a bank system among them, or a target bank system, and that the customer has an existing bank account in a different bank system, or an cooperative bank system. Using his/her terminal station, the customer applies for a new bank account by supplying the target bank system with a ciphertext message containing existing account information descriptive of the customer's bank account in the cooperative bank system. The target bank system requests the cooperative bank system to confirm the customer's existing bank account, while forwarding thereto a part of the ciphertext message containing the existing account information.

Abstract: The present invention relates to a method of providing secure communication of information between at least a first and second digital audiovisual device (30, 52) and characterized in that the first device (30) communicates to the second device (52) a certificate Ct(KpubT) comprising a transport public key KpubT encrypted by a management private key KpriMan, the second device (52) decrypting the certificate using an equivalent management public key KpubMan and thereafter using the transport public key KpubT to encrypt information sent to the first device, the first device using an equivalent private key KpriT to decrypt the information. The present invention is particularly applicable to a method of providing secure communication between a first and second decoder.

Abstract: An audio playback/recording apparatus includes an audio input processing section which receives analog audio data, and converts the analog audio data to digital audio data; a playback/recording processing section which compresses digital audio data output from the audio input processing section and stores the compressed digital audio data into a RAM and which decompresses the compressed digital audio data according to attribution data indicating a type of compression; an audio output processing section which receives the decompressed digital audio data, converts the decompressed digital audio data to analog audio data, and outputs the analog audio data to an output apparatus; and an external recording circuit section which records compressed digital audio data stored in the RAM into an external recording medium, reads out the compressed digital audio data, and stores the data into the RAM.

Abstract: The remote servicing of a secure computer system employs an intermediate network entity accessible to both a remote service provider and to an agent running on the secure computer system to be serviced. A service provider's computer runs a manager software module, while the system being serviced, or an agent on its behalf, runs an agent software module. An intermediary software module runs on the intermediate network entity. The mutually accessible intermediate network entity may be located outside firewalls protecting the system to be serviced or inside such firewalls though with the firewalls configured to allow selected access. Access to the intermediate network entity is limited by secure access protocols. After authentication, the manager submits to the intermediary one or more directives to be executed by the agent. The intermediary then sends the directives to the agent over a secure connection to the agent.

Abstract: A content reading apparatus only permits the use of contents such as images, music, and the like within a permitted usage period. In a recording medium having an authentication function, secure data that includes a decryption key and a remaining usage period is recorded in a protected area, and an encrypted content corresponding to the secure data is recorded in a user area. A decrypting of the encrypted content by a decryption unit, and an outputting of the decrypted content by an output unit to a user is only permitted for the duration that the usage rights judgment unit judges the remaining usage period to be greater than zero. The remaining usage period is updated by the usage rights judgment unit in accordance with a usage period of the content by the user and rewritten back into the protected area.

Abstract: A copy prevention apparatus and method in a digital broadcasting receiving system protects information stored in a storage medium from being illegally duplicated by an unauthorized third party. The copy prevention apparatus includes a demultiplexer for descrambling scrambled transport stream (TS) patterned data of a user selective and desired channel among a received multi-channel broadcasting and outputting the descrambled result, a scrambler for scrambling again the descrambled TS patterned data from the TS demultiplexer, a key encryption unit for decrypting the encrypted key of the scrambler and encrypting the decrypted key again, to thereby produce a new encryption key, and a system controller for controlling a storage medium to store the scrambled TS patterned data from the scrambler together with the encrypted scrambler key output from the key encryption unit during storing.

Abstract: A method and system are provided for impulse purchasing of services over a communication network, such as a cable or satellite television network. Such services can include games or information accompanying television programming, home-shopping, e-mail services, streaming media and the like. Security is provided through entitlements generated by the access controller 14 and entitlement tokens generated by a secure processor. The secure processor is located at a subscriber terminal 16 through which a subscriber orders and obtains the services. A token is generated when the subscriber either selects the service, if pre-authorized, or when the service is purchased on impulse. The token is secure and signed, and may be used by a policy/proxy server 18 subtending to the Network Operator's ISP and associated services to further facilitate offering these services to the subscribers.

Abstract: A digital cable network architecture includes hosts that include a receiver with a hash function generator that calculates hash values based on a hash function and data from memory blocks in the receiver. A policy file store contains policy files having a service provider section, a consumer section, and/or a manufacturer section that can be updated by the service provider, a consumer and/or a receiver manufacturer. A service provider downloads monitor applications (MAs) and policy files to the hosts over the cable medium. The MAs access the service provider section, the consumer section, and/or the manufacturer section of the policy file to alter resource contention, service provisioning, and/or alter fraudulent receiver identification calculations. The hash function of the receiver outputs the hash values to the MA, which compares the hash values to expected hash values to identify fraudulent access.

Abstract: The invention relates to a method of storing data on a rewritable data storage medium, to a corresponding storage medium, to a corresponding recording apparatus and to a corresponding playback apparatus. Copy-protective measures require that on rewritable storage media some data must be stored which shall not be modifiable or erasable by consumer end products. A practical problem is the storage of large quantities of such data in a fixed data area. Typically the capacity is limited to a few bits. Meanwhile the amount of copy protection data that needs to be stored may well exceed the storage capacity available in the read-only fixed data area. The invention therefore proposes to write the copy protection data as system data in the recordable data area (4), e.g. as part of the formatting of the medium (1).

Abstract: Electronic steganographic techniques can be used to encode a rights management control signal onto an information signal carried over an insecure communications channel. Steganographic techniques ensure that the digital control information is substantially invisibly and substantially indelibly carried by the information signal. These techniques can provide end-to-end rights management protection of an information signal irrespective of transformations between analog and digital. An electronic appliance can recover the control information and use it for electronic rights management to provide compatibility with a Virtual Distribution Environment. In one example, the system encodes low data rate pointers within high bandwidth time periods of the content signal to improve overall control information read/seek times.

Abstract: An apparatus and method for activating a security module in a set-top terminal purchased from a retailer. A set-top terminal, along with a security device, is purchased from a retailer. This security device is a removable module that is inserted into the set-top terminal to permit reception of the services from the system operator. The security device includes a serial number that is registered with the system operator, and a physical layer key. The physical layer key cannot be read if the security device is disassembled. The set-top terminal is provided to the customer. The security device is retrieved by the retailer, who activates the security device by obtaining credit information from the customer, performing a credit check on the customer, establishing an account with the system operator, and retrieving an activation key from a system administrator. The activation key is a key that is downloaded to the security device to permit the reception of premium services from said system operator.

Abstract: This invention aims at providing a network system having high flexibility and easy changeability. When software programs &agr;, &bgr;, and &ggr; are run in terminal computers 141 to 146, a host computer (10) builds software networks &agr;, &bgr;, &ggr; (FIG. A). When the software is changed from the program &agr; to &bgr; at the terminal computer 143, the terminal, computer 143 is switched and connected to the network &bgr;. Similarly, the terminal computer 144, is switched and connected to the network &bgr;. In other words, a flexible network can be formed in accordance with the software used by the terminal computer. Further, management of an accessing party becomes easier by using a personal ID.

Abstract: A log of access to protected content is kept that has forced periodic updates, even if no access has occurred. Systems and methods make it difficult to determine when the access log will be modified next. A server securely sends a variable time period (VTP) and a time duration to the next connection (TDNC) to a client. These two values determine how often the client must update the access log and how long the client must wait before establishing communication with the server. Thus, the server is able to detect and deter rollback attacks.

Abstract: A tokenless authorization of an electronic check between a payor and a payee using an electronic identicator and at least one payor bid biometric sample is described. The method comprises a payor registration step, wherein the payor registers with an electronic third party identicator at least one registration biometric sample, and at least one payor checking account data. An electronic financial transaction is formed between the payor and the payee, comprising at least one payor bid biometric sample, wherein the bid biometric sample is obtained from the payor's person, in a transaction formation step. Preferably in one transmission step the payor bid biometric sample is electronically forwarded to the electronic identicator. A comparator engine or the identification module of the electronic identicator compares the bid biometric sample with at least one registered biometric sample for producing either a successful or failed identification of the payor.

Abstract: In response to a user request to view specific digital content, the user's set top box (STB) accesses a verification entity via a persistent network connection. The STB establishes the user's identity with the verification entity, for instance, by reading identity credentials from a smart card. In response to the verification entity having stored a license for the user to view the digital content, the STB receives a license key from the verification entity. In addition, the STB receives an encrypted access key from an access key source corresponding to a segment of encrypted digital content. The license key is used to decrypt the encrypted access key, which is, in turn, used to decrypt the segment of encrypted digital content. A user may transfer his or her license in whole or in part to another user by sending a transfer request to the verification entity.

Abstract: A method of purchasing a soundtrack associated with A/V content. When A/V content is purchased by download or otherwise, the user is provided with an option to purchase or store the soundtrack. In one embodiment, the purchase of the motion picture secures usage rights to the soundtrack while another embodiment requires separate purchase of the soundtrack. In either case, the user is enabled to store the soundtrack as a separate file after having purchased rights to do so. The soundtrack is then stored, in some embodiments with digital rights management or copy protection to limit the number of copies that can be made of the soundtrack. The motion picture has a Table of Contents (TOC) indexing the soundtrack portions of the audio content of the motion picture to enable extraction of those portions of the motion picture forming the soundtrack.

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances”, or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.

Abstract: Disclosed is a method for causing either first content data transferred encrypted from a data transfer apparatus or second content data which are input unencrypted to be selectively recorded to a storage medium in a data recording apparatus. Given a command for editing the content data recorded on the storage medium, editing of the recorded data is inhibited or restricted if the data are judged to be the encrypted first content data. When the data recording apparatus is to return the encrypted first content data from the storage medium to the data transfer apparatus, the return of the first content data is inhibited if the data are judged to have been edited. Upon return of the encrypted first content data to the data transfer apparatus, a content ID held by the data recording apparatus regarding the first content data is matched against a content ID held by the data transfer apparatus regarding the same data.

Abstract: The method of cryptological authentification in a scanning identification system comprising a base station, which supplies energy via the alternating field to a transponder connected to the object to be identified, includes the following method steps. For essentially the entire communication between the base station and the transponder, the base station generates an inquiry signal. Upon receiving the inquiry signal transmitted by the base station, the transponder responds with an identification number stored in its memory. The base station then encodes a first bit sequence it has generated by using a key bit sequence that is allocated to the identification number of the transponder, and transmits the second bit sequence obtained in this manner to the transponder. When the second bit sequence is received, the transponder generates a checking bit sequence from the second bit sequence, and, following the complete reception of the second bit sequence, transmits this checking bit sequence to the base station.

Abstract: Electronic steganographic techniques can be used to encode a rights management control signal onto an information signal carried over an insecure communications channel. Steganographic techniques ensure that the digital control information is substantially invisibly and substantially indelibly carried by the information signal. These techniques can provide end-to-end rights management protection of an information signal irrespective of transformations between analog and digital. An electronic appliance can recover the control information and use it for electronic rights management to provide compatibility with a Virtual Distribution Environment. In one example, the system encodes low data rate pointers within high bandwidth time periods of the content signal to improve overall control information read/seek times.

Abstract: A method of authenticating a pair of correspondents C,S to permit the exchange of information therebetween, each of the correspondents having a respective private key, e, d and a public key, Qu, and Qs derived from a generator element of a group and a respective ones of the private keys e,d, the method comprising the steps of: a first of the correspondents C generating a session value x; the first correspondent generating a private value t, a public value derived from the private value t and the generator and a shared secret value derived from the private value t and the public key Qs of the second correspondent; the second correspondent generating a challenge value y and transmitting the challenge value y to the first correspondent; the first correspondent in response thereto computing a value h by applying a function H to the challenge value y, the session value x, the public value an of the first correspondent; the first correspondent signing the value h utilizing the private key e; the first correspondent

Abstract: A digital signature apparatus of the present invention includes a digital signature analyzing means for receiving information which identifies at least a signature object data, and a file including a digital signature which contains signatory identifying information, analyzing the relationship between said digital signature and the signature object data of said digital signature, verifying the signature and outputting a result of the signature analysis, and a digital signature display image generating means for generating a digital signature display image in which the content of said signature object data together with the result of said signature analysis. The content of the signature object data and the information on the digital signature are displayed on one and the same screen.

Abstract: Copyright information embedded in a digital content can always be sampled and the copyright of the digital content can be protected reliably, by using a sampling program which is automatically activated and samples the copyright information from the digital content. For example, the digital content added with the sampling program is distributed or an application program added with the sampling program for utilizing the digital content is distributed so that the copyright information can be reliably sampled from the digital content and the utilization of the digital content can be controlled in accordance with the copyright information. If a file containing a plurality of digital contents is used, copyright information is embedded in each digital content and the copyright information is sampled from each digital content. It is possible to control the utilization of each digital content in accordance with the sampled copyright information.

Abstract: Electronic steganographic techniques can be used to encode a rights management control signal onto an information signal carried over an insecure communications channel. Steganographic techniques ensure that the digital control information is substantially invisibly and substantially indelibly carried by the information signal. These techniques can provide end-to-end rights management protection of an information signal irrespective of transformations between analog and digital. An electronic appliance can recover the control information and use it for electronic rights management to provide compatibility with a Virtual Distribution Environment. In one example, the system encodes low data rate pointers within high bandwidth time periods of the content signal to improve overall control information read/seek times.

Abstract: A digital information storage system has a storage. A user bought the digital information from a server built on a network by using a user device and possesses it in the storage. The system has a host-function device as well. The host-function device operates based on a command coming from the user device through the network and duplicate conditions of the stored digital information. The host-function device enables not only the delivery (output) of the storage-stored digital information to the user device via the network but also the return (input) of the digital information from the user device to the storage via the network.

Abstract: A client receives encrypted content from content server. The header of the content includes license-identifying information for identifying a license required to utilize the content. The client requests a license server to transmit the license identified by the license-identifying information. When receiving the request for a license, the license server carries out a charging process before transmitting the license to the client. The client stores the license received from the license server. The stored license serves as a condition for encrypting and playing back the content. As a result, content can be distributed with a high degree of freedom and only an authorized user is capable of utilizing the content.

Abstract: A method of and a system for securely distributing data files to a user. A first key is encrypted using a second key. The encrypted first key is stored on an integrated circuit card that is associated with the user. The integrated circuit card is provided to the user. Data files are encrypted using the first key to get an encrypted data file at a first party. The encryption parameters are exchanged between the first party and integrated circuit card.

Abstract: Recipient machine sends a contents request message with recipient's public key to entitlement granter machine. On the entitlement granter machine, digital rights data relevant to the contents request is encrypted with the recipient's public key. Encrypted digital rights data with the entitlement granter's digital signature thereon is returned to recipient machine. On the recipient machine, encrypted digital rights data is decrypted with the recipient's secret key. The recipient machine sends a message containing digital rights data thus decrypted, recipient's public key, and the above encrypted data to contents distributor machine.

Abstract: A contents utilization control apparatus includes an input unit for inputting a) contents with control module that consist of contents and a control module, and b) a license with control module that consists of a license prepared from contents utilization approval information and a control module. The control module in the contents with control module and the control module in the license with control module cooperate with each other to carry out a control relating to the utilization of the contents.

Abstract: A network-based authentication scheme is provided that performs authentication in a centralized manner for the stand-alone computers of a particular organization. Since authentication is centralized, the individual computers do not need to store authentication information, and control over all of the computers rests in a single location, enabling the system administrator to manage access and utilization of the computers from this location. The network-based authentication scheme includes an authentication manager, remotely located with respect to a local computer, that performs authentication for the local computer. The authentication manager receives login information from the local computer, verifies this information against an authentication file, and returns indications of the services on the local computer that the user is able to utilize. The local computer receives these indications and displays icons representing the services available to that user.

Abstract: The present invention is intended to prevent sold digital information from being used in a non-compliant manner. Digital information accumulation capability 212 accumulates digital information 6 to be sold. License generating capability 227 generates the usage conditions for digital information 6. Encryption capability 229 encrypts digital information 6. Digital information key generating capability 228 generates a cryptographic key for decrypting encrypted digital information 6. Authentication capability 214 authenticates recording medium with license management capability 102-1 loaded in digital information vending apparatus 101. Licensed digital information writing capability 230 writes encrypted digital information and its usage conditions and cryptographic key onto authenticated recording medium with license management capability 102-1.

Abstract: Multiple digital watermarks, each of which has different characteristics, are embedded in a document. The characteristics of the various watermarks are chosen so that each of the watermarks will be affected in a different manner if the document is subsequently copied and reproduced. The detection process or mechanism reads each of the watermark and compares their characteristics. While wear and handling may change the characteristics of the digital watermarks in a document, the relationship between the characteristic of multiple digital watermarks in a document will never-the-less give an indication as to whether a document is an original or a copy of an original.

Abstract: There is provided an information processing apparatus/method characterized by inputting information data, generating security data to be used to protect the information data, encoding the information data to generate encoded data, extracting a unique predetermined code indicating a specific meaning from encoded data within a security section in accordance with the security data, superimposing the security data on the predetermined code, scrambling the encoded data except for the predetermined code within the security section, and outputting the superimposed predetermined code and the scrambled encoded data.

Abstract: A security document processing apparatus is provided having a feed path for receiving documents and at least one imaging assembly for capturing image data from documents received in the apparatus. The apparatus may include a material detection imaging assembly for detecting the material composition of certain materials on documents received in the apparatus. The material detection imaging assembly may detect material on a document by detecting transmissivity characteristics, or by sensing radiation emission characteristics of a document in the case received documents are of a type including radiation wavelength sensitive additives incorporated therein.

Abstract: Electronic steganographic techniques can be used to encode a rights management control signal onto an information signal carried over an insecure communications channel. Steganographic techniques ensure that the digital control information is substantially invisibly and substantially indelibly carried by the information signal. These techniques can provide end-to-end rights management protection of an information signal irrespective of transformations between analog and digital. An electronic appliance can recover the control information and use it for electronic rights management to provide compatibility with a Virtual Distribution Environment. In one example, the system encodes low data rate pointers within high bandwidth time periods of the content signal to improve overall control information read/seek times.

Abstract: A method for downloading a document via a communications medium operatively associated with a communications interface, the method including receiving the document from the communications medium, placing an information storage smart card in removable operative association with the communications interface, and conditionally transmitting the document from the communications interface to the information storage smart card and storing the document in the information storage smart card. Other related methods and apparatus are also provided.

Abstract: In a fee charging system for video information, scramble signals including video information and charging information can be recorded on a recording media such that the signals are read later therefrom. The recording of the scramble signals is free of charge. In an operation to reproduce original unscrambled video signals from the signals read from the media by a recording and reproducing apparatus, the charging information is detected to conduct a charging process. Consequently, although the scrambled signals may be freely copied onto another recording media, the charging process is executed for each copying operation. First charging information and second charging information other than the first charging information are arranged with the video information. The video information includes first video information as main video information and second video information.

Abstract: A method and a system for authenticating an electronic financial transaction conducted between a user owning a terminal and a third party via two-way transmissions between the terminal and a cable distribution hub which includes a validation server.

Abstract: A method for providing authentication, authorization and access control of software object residing in digital set-top terminals creates a fingerprint (“signature”) for each software object, associates each fingerprint with a service tier, encodes each association and creates an association table containing the information and downloads the association table to the digital set-top terminal. In addition, the method utilizes an entitlement management message, sent to each set-top terminal, indicating what software objects the set-top terminal may utilize, and provides a system routine at the digital set-top terminal that is invoked whenever software object is about to be utilized. The entitlement management message contains the access rights given to a particular set-top terminal, which must match the software object's access requirements for the software object to be utilized.

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances”, or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.