Patent 8291236

Obviousness

Combinations of prior art that suggest the claimed invention would have been obvious under 35 U.S.C. § 103.

Active provider: Google · gemini-2.5-flash

Obviousness

Combinations of prior art that suggest the claimed invention would have been obvious under 35 U.S.C. § 103.

✓ Generated

Obviousness Analysis of US Patent 8291236 Under 35 U.S.C. § 103

This analysis considers whether the independent claims of US Patent 8291236, titled "Methods and apparatuses for secondary conditional access server," would have been obvious to a person having ordinary skill in the art (POSITA) at the time of the invention's priority date (December 7, 2004), based on the prior art described within the patent itself.

Understanding the Prior Art from the Patent's Background

The patent's "BACKGROUND" section and "Prior art keywords" describe the state of the art at the time of filing:

  1. Broadcast Conditional Access (CA) Systems (Prior Art A): These systems were well-known for controlling access to media content (e.g., digital cable/satellite TV). They involved:

    • Scrambled Content: Media content encrypted with a "control word" (CW).
    • Control Words (CWs): Keys that change frequently (e.g., every 0.1 second) used to descramble content.
    • Service Keys (SKs): Keys used to protect (encrypt) CWs, changing periodically (e.g., monthly).
    • Entitlement Control Messages (ECMs): Broadcast messages containing encrypted CWs, decrypted using SKs after checking access criteria.
    • Entitlement Management Messages (EMMs): Individually addressed messages containing authorization data (e.g., entitlements) and securely delivering SKs to specific security devices (e.g., set-top boxes). These are decrypted using a unique "user key" (UK) of the security device.
    • Set-Top Boxes (STBs): Standard receiving devices that de-multiplex, descramble, and decode content for viewing.
    • Primary CA Server: Implicitly, a central server managing these CA operations.

  2. Digital Rights Management (DRM) Systems (Prior Art B): These systems were known for managing digital rights, using encryption to protect content, and employing:

    • DRM Server Software: Wraps digital content through encryption according to policies.
    • DRM Client Software: Unwraps content and makes it accessible in accordance with rights.
    • DRM Clients: Various devices like desktop PCs, handheld devices, set-top boxes, and mobile phones.

  3. Networked Environments (Prior Art C): General knowledge of local area networks (LANs) and wireless LANs (WLANs) for connecting devices within a home or organization.

Motivation for Combination

A POSITA in 2004 would have understood the limitations of traditional broadcast CA systems (Prior Art A), which typically tied content consumption to a single STB with its unique subscriber identity. With the rise of home networking (Prior Art C) and the proliferation of personal devices capable of media playback (e.g., PCs, PDAs, media players, which could act as DRM clients, Prior Art B), there would be a strong motivation to allow legitimate subscribers to access their entitled broadcast content on multiple devices within their home network.

The problem a POSITA would face is how to securely and legitimately extend the authorization and decryption keys from the primary CA system (which only recognizes the STB as a subscriber) to these other, diverse devices in the home network. A DRM system (Prior Art B) is a natural candidate for managing rights and content across heterogeneous devices within a local network.

Therefore, a POSITA would be motivated to combine these known elements to create an intermediary solution: a device that acts as a legitimate subscriber to the primary CA system and then re-distributes or re-secures the content and/or keys for consumption by other devices in a secondary (e.g., home) network using a different security scheme, such as DRM. This intermediary device effectively "bridges" the two security domains. The patent itself describes this goal: "Methods and apparatuses for bridging two security systems so that a primary security system can control premium content distribution to external devices secured by a secondary security system."

Obviousness Analysis of Independent Claims

Claim 1: Method to Control Content Presentation

Claim 1: "A method to control a presentation of content, comprising: receiving a representation of content from a first CA server which provides the content in an encrypted form and uses a first set of cryptographic keys to protect the content from unauthorized access; and presenting the content, at a user's request, through a second CA server which is coupled to the first CA server, wherein the presenting of the content is authorized through a client server relationship between the second and the first CA servers respectively, and wherein the second CA server uses a second set of cryptographic keys to protect the content from unauthorized access in presenting the content."

Obviousness Argument:
A POSITA, motivated to enable home network devices to access CA-protected content, would recognize that an intermediary "second CA server" is needed. This second server would necessarily act as a legitimate client to the existing "first CA server" (Prior Art A) to receive the encrypted content and its primary cryptographic keys. To then distribute and "present the content" to multiple devices within a secondary network (Prior Art C), it would be obvious to employ a different security mechanism. A DRM system (Prior Art B) is a known method for protecting content with a "second set of cryptographic keys" and distributing it to various clients. The "client server relationship" between the second and first CA servers is a logical consequence of the secondary server needing to acquire authorization from the primary system. The patent states that "a secondary CA server acts as a legitimate primary CA client; the secondary CA server tries to recover the protected content and to provide with the protected content a new set of entitlement data and/or decryption keys consistent with the original entitlements to one or more secondary CA clients." This functionality would be an obvious combination of existing CA client and DRM server functionalities to solve the identified problem.

Claim 10: Method for a Secondary CA Server Processing EMMs

Claim 10: "A method for a secondary CA server, comprising: processing entitlement management messages from a primary CA server; and transmitting to secondary CA clients through a network connection access controlled data that is in an access controlled format and that is at least partially derived from the entitlement management messages."

Obviousness Argument:
Given a secondary CA server (as argued for in Claim 1), it would be obvious to a POSITA that this server would need to "process entitlement management messages (EMMs) from a primary CA server" (Prior Art A) to understand the subscriber's entitlements. To extend these entitlements to "secondary CA clients" in a different security domain (e.g., home network, Prior Art C), the secondary CA server would logically "derive" new "access controlled data" from the original EMMs. This derived data would then be transmitted "in an access controlled format" (e.g., using a DRM system, Prior Art B) suitable for the secondary network over a "network connection" (Prior Art C). The patent notes that the "secondary CA server translates authorization from the primary security domain into authorization in the secondary security domain." This translation and re-packaging of entitlements for a secondary domain using known networking and DRM principles would be obvious.

Claim 16: Method for a Secondary CA Client Receiving Data

Claim 16: "A method to process media content provided by a primary security system, comprising: receiving, at a secondary CA client from a secondary CA server through a network connection, access controlled data that is in an access controlled format and that is at least partially derived from entitlement management messages of the primary security system."

Obviousness Argument:
This claim describes the client-side operation corresponding to the server's transmission in Claim 10. If it would be obvious for a secondary CA server to transmit derived, access-controlled data to secondary CA clients (as argued for Claim 10), then it would be equally obvious for a "secondary CA client" (e.g., a DRM client, Prior Art B) to "receive" this data from the secondary CA server "through a network connection" (Prior Art C). This is a standard client behavior in a client-server DRM architecture.

Claim 22: Secondary CA Server Apparatus

Claim 22: "A secondary CA server apparatus, comprising: a processor; and a memory coupled to the processor, the memory storing instructions which, when executed by the processor, cause the processor to perform a method, the method comprising: receiving entitlement management messages from a primary security system; processing the entitlement management messages on the secondary CA server, wherein the secondary CA server has a user key representing a subscriber of the primary security system and wherein processing the entitlement management messages includes decrypting an entitlement management message to obtain a service key of the primary security system; and transmitting to secondary CA clients through a network connection access controlled data that is in an access controlled format and that is at least partially derived from the entitlement management messages."

Obviousness Argument:
A POSITA, tasked with building the "secondary CA server" (as conceived in the motivation and Claim 1), would naturally use a computing apparatus with a "processor" and "memory" (Prior Art C, e.g., the "typical computer system" of FIG. 1). To operate as a legitimate primary client, this apparatus would need to incorporate the known capabilities of an STB (Prior Art A), including having a "user key" to decrypt EMMs and obtain a "service key." To then serve secondary clients, it would incorporate the known functionalities of a DRM server (Prior Art B), transmitting derived access-controlled data over a network. Implementing these functions as "instructions" stored in "memory" for execution by a "processor" is a fundamental aspect of software development and would be obvious.

Claim 27: System for Conditional Access

Claim 27: "A system for conditional access, comprising: a first CA server to provide content in an encrypted form and use a first set of cryptographic keys to protect the content from unauthorized access; and a second CA server coupled to the first CA server, wherein the second CA server is authorized by the first CA server to present the content through a client server relationship between the second and the first CA servers respectively, and wherein the second CA server uses a second set of cryptographic keys to protect the content from unauthorized access in presenting the content."

Obviousness Argument:
This claim describes a system that is the physical embodiment of the method of Claim 1. The "first CA server" is explicitly known (Prior Art A). The addition of a "second CA server" that is "coupled to" the first, acts as an authorized client to it, and then uses a "second set of cryptographic keys" to protect content for subsequent presentation, directly reflects the motivated combination of Prior Art A (primary CA server), Prior Art B (DRM's re-protection with different keys), and Prior Art C (networking that enables coupling and distribution). The client-server authorization mechanism is a standard way for a new entity to gain rights within an existing system.

Claim 33: Secondary CA Client Apparatus

Claim 33: "A secondary CA client apparatus, comprising: a processor; and a memory coupled to the processor, the memory storing instructions which, when executed by the processor, cause the processor to perform a method, the method comprising: receiving from a secondary CA server through a network connection access controlled data that is in an access controlled format and that is at least partially derived from entitlement management messages of a primary security system."

Obviousness Argument:
This claim describes the apparatus counterpart to the method of Claim 16. Given the existence of various "DRM client apparatuses" (Prior Art B) like PCs and handhelds, equipped with a "processor" and "memory," it would be obvious for a POSITA to configure such an apparatus with "instructions" to "receive" "access controlled data" from a "secondary CA server" via a "network connection" (Prior Art C). This is standard practice for networked client devices in a DRM system.

Claim 37: Machine Readable Medium for Secondary CA Server

Claim 37: "A machine readable medium storing instructions which, when executed by a secondary CA server, cause the secondary CA server to perform a method, the method comprising: receiving entitlement management messages from a primary security system; processing the entitlement management messages on the secondary CA server, wherein the secondary CA server has a user key representing a subscriber of the primary security system and wherein processing the entitlement management messages includes decrypting an entitlement management message to obtain a service key of the primary security system; and transmitting to secondary CA clients through a network connection access controlled data that is in an access controlled format and that is at least partially derived from the entitlement management messages."

Obviousness Argument:
Given the established obviousness of the secondary CA server apparatus (Claim 22) and its method (Claim 10), it would be an obvious step for a POSITA to store the "instructions" that cause the apparatus to perform these methods on a "machine readable medium." This is standard software engineering practice for implementing functional requirements on computing devices.

Claim 41: Machine Readable Medium for Secondary CA Client

Claim 41: "A machine readable medium storing instructions which, when executed by a secondary CA client, cause the secondary CA client to perform a method, the method comprising: receiving from a secondary CA server through a network connection access controlled data that is in an access controlled format and that is at least partially derived from entitlement management messages of a primary security system."

Obviousness Argument:
Similarly, given the obviousness of the secondary CA client apparatus (Claim 33) and its method (Claim 16), it would be an obvious step for a POSITA to store the "instructions" that cause the client apparatus to perform its receiving method on a "machine readable medium."

Conclusion

Based on the explicit descriptions of prior art within US8291236 itself, the core concept of a "secondary conditional access server" appears to be an obvious combination of existing conditional access (CA) systems, digital rights management (DRM) systems, and general home networking technologies. A person having ordinary skill in the art would have been motivated to combine these known elements to extend the utility of CA-protected content from a single set-top box to multiple, diverse devices within a subscriber's home network, using the intermediary "secondary CA server" as a bridge to translate and manage entitlements across the different security domains. The specific mechanisms described in the claims (processing EMMs, deriving/translating access data, using a client-server relationship for authorization, re-protecting with different keys for secondary clients) are logical and straightforward applications of known principles from these combined prior art fields.

Generated 5/15/2026, 12:48:55 PM