IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIM
US006256393B1
(12) United States Patent ao) Patent No.: us 6,256,393 Bi
Safadi et al. (45) Date of Patent: Jul. 3,2001
(54) AUTHORIZATION AND ACCESS CONTROL OF SOFTWARE OBJECT RESIDING IN SETTOP TERMINALS
(75) Inventors: Reem Safadi, Horsham; Lawrence Vince, Lansdale, both of PA (US)
(73) Assignee: General Instrument Corporation,
Horsham, PA (US)
( * ) Notice: Subject to any disclaimer, the term of this patent is extended or adjusted under 35 U.S.C. 154(b) by 0 days.
(21) Appl. No.: 09/257,274
(22) Filed: Feb. 24, 1999
Related U.S. Application Data
(60) Provisional application No. 60/090,297, filed on Jun. 23, 1998.
(51) Int. C I. II04N 7/167
(52) U.S. CI 380/232; 380/211; 380/229;
380/231; 380/233; 380/234; 380/241; 380/242; 705/58; 705/59; 705/77; 713/165; 713/166;
713/167; 713/187; 713/191
(58) Field of Search 380/211, 229,
380/231, 232, 233, 234, 241, 242; 705/58, 59, 77; 713/165, 166, 167, 187, 191
(56) References Cited
U.S. PATENT DOCUMENTS
4,712,239 12/1987 Frezze et al 380/20
5,003,591 3/1991 Kauffman et al 380/10
5,572,590 11/1996 Chess 380/4
5,724,425 * 3/1998 Chang et al 380/25
5,740,246 * 4/1998 Saito 380/21
5,870,474 * 2/1999 Wasilewski et al 380/21
5,943,422 * 8/1999 Van Wie et al 390/9
6,061,451 * 5/2000 Mratani et al 380/201
6,069,647 * 5/2000 Sullivan et al 380/5.5
FOREIGN PATENT DOCUMENTS
0 813 133 A2 12/1997 (EP) G06F/1/00
A method for providing authentication, authorization and access control of software object residing in digital set-top terminals creates a fingerprint ("signature") for each software object, associates each fingerprint with a service tier, encodes each association and creates an association table containing the information and downloads the association table to the digital set-top terminal. In addition, the method utilizes an entitlement management message, sent to each set-top terminal, indicating what software objects the set-top terminal may utilize, and provides a system routine at the digital set-top terminal that is invoked whenever software object is about to be utilized. The entitlement management message contains the access rights given to a particular set-top terminal, which must match the software object's access requirements for the software object to be utilized. The entitlement management message may also contain set-top terminal resource control access rights that a given software object may utilize. When the software object requires the utilization of a set-top resource, a second conditional access routine may be invoked to determine the authorization rights for using the resource. Measures to protect such means are also described. As such the method provides multiple system cable operators (MSO's) with additional capabilities to maintain secure control of features and applications running on their networks and within the associated set-top terminals.
31 Claims, 4 Drawing Sheets
