Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2000-03-28
2001-09-04
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C380S255000, C380S268000
Reexamination Certificate
active
06286103
ABSTRACT:
The present invention relates to a method and apparatus for use with an encrypted or scrambled transmission, for example a scrambled television broadcast.
Transmission of encrypted data is well-known in the field of pay TV systems, where scrambled audiovisual information is usually broadcast by satellite to a number of subscribers, each subscriber possessing a decoder or receiver/decoder capable of descrambling the transmitted program for subsequent viewing.
In a typical system, scrambled data is transmitted together with a control word for descrambling of the data, the control word itself being encrypted by a so-called exploitation key and transmitted in encrypted form. The scrambled data and encrypted control word are then received by a decoder having access to an equivalent of the exploitation key stored on a smart card inserted in the decoder to decrypt the encrypted control word and thereafter descramble the transmitted data. A paid-up subscriber will receive in a monthly ECM (Entitlement Control Message) the exploitation key necessary to decrypt the encrypted control word so as to permit viewing of the transmission.
In order to try to improve the security of the system, the control word is usually changed every ten seconds or so. This avoids the situation with a static or slowly changing control word where the control word may become publicly known. In such circumstances, it would be relatively simple for a fraudulent user to feed the known control word to the descrambling unit on his decoder to descramble the transmission.
Notwithstanding this security measure, a problem has arisen in recent years where the stream of control words sent during a broadcast film, for example, becomes known. This information may be used by any unauthorised user who has recorded the still scrambled film on a video recorder. If the film is replayed at the same time as the stream of control words is fed to the decoder, visualisation of the film becomes possible. Provided the user manages to synchronise the film with the control stream there are no great technical problems in carrying out such a fraud, particularly since the hardware elements necessary to build the descrambler are easily obtained.
This problem has been exacerbated with the rise of the internet and it is now not uncommon to find any number of internet sites that publish the stream of control words emitted during a given transmission.
It is an object of the present invention to overcome the problems associated with known prior art techniques for scrambled transmissions so as to provide a secure decoder configuration resistant to attacks such as those described above.
According to the present invention there is provided a method of transmission and reception of a scrambled data stream in which the scrambled data stream is transmitted to a decoder, and thereafter passed to and descrambled by a portable security module inserted in the decoder and characterised in that the data stream is passed from the security module to the decoder in an encrypted form, to be decrypted and subsequently used by the decoder.
As discussed above, in conventional systems, a control word is encrypted by an exploitation key and passed from the decoder to the smart card for decryption before being passed in a decrypted form to the control unit in the decoder for descrambling of the transmission. The weak point in such techniques lies in the transmission of the control word “in clear” between the card and the decoder unit, since it is relatively easy to determine the connections between the card and the decoder and to thereafter record the control word information passing along these connections.
By identifying this weakness, and proposing a solution in which data is descrambled by a portable security module before being passed back to the decoder in an encrypted form the present invention overcomes the problems with these techniques.
According to a first type of realisation of the invention, the data stream is encrypted in the security module by a first encryption key before being passed back to the decoder for decryption using an equivalent of the first key. However, as will be described below, other realisations of the invention are possible, in which the data is passed from security module to decoder in encrypted form but in which the encryption takes place at the transmission level.
In one embodiment of the above realisation, the data stream is encrypted in the security module by a first encryption key variable in dependence on a decoder identity value, the decoder possessing an equivalent of the key and value necessary to decrypt the data. For example, the decoder identity value can correspond to the serial or batch number of the decoder.
The decoder identity value may be encrypted by a personalised key known to the security module and transmitter, the decoder identity value being transmitted in an encrypted form to the decoder for communication to the security module. Once decrypted by the personalised key within the security module the decoder identity value and first encryption key can be used by the security module to create the encrypted data stream.
Communication of the decoder identity value to the security module will necessarily involve a signal being sent from the decoder to the security module. As we have seen, the transmission of messages across this channel is relatively easy to monitor and it is thus preferable to transfer the identity value in a non-readable form to the security module.
Personalised keys of this type are known in relation to EMMs or Entitlement Management Messages, which transmit each month in encrypted form a management key for decrypting that month's ECM to a selected subscriber or group of subscribers possessing the necessary personalised key to decrypt the EMM.
In an another solution, the decoder identity value may be encrypted by a personalised key known to the security module, the encrypted decoder identity value being stored in the decoder during manufacture of the decoder for communication to the security module upon insertion of the security module in the decoder.
In an alternative to the use of a fixed decoder identity value, the first encryption key may be dependent on a random or pseudo-random number generated, for example, by the decoder and communicated to the security module.
Preferably, and in view of the problems associated in communicating non-encrypted data between the decoder and the security module, the random number is encrypted by a second encryption key before being communicated between the decoder and security module, or vice versa.
In one embodiment, the random number may be generated and encrypted by a second encryption key at the decoder and communicated to the security module for decryption by an equivalent of this second key stored in the security module.
In an alternative embodiment, the operation of the security module and decoder may simply be reversed, such that the random number is generated and encrypted by a second key in the security module and communicated to the decoder for decryption by an equivalent of the second key stored in the decoder.
In the examples given above, the first and second encryption key, the peisonalised security module key etc may all be created in accordance with a known symmetric encryption algorithm, such as DES, RC2 etc. However, in a preferred embodiment where the decoder is responsible for generation of the random number, the second key used to encrypt the random number corresponds to a public key, the security module being provided with the equivalent private key necessary to decrypt the random number value.
As compared with a portable security module such as a smart card, the hardware component in the decoder used to store the first and second encryption keys (typically a ROM) is relatively easy to isolate and monitor by means of attached contacts etc.
A dedicated fraudulent user may therefore obtain the first and second keys and, by monitoring communications between the security module and decoder, the encrypted value of the random number. If a s
Benardeau Christian
Dauvois Jean-Luc
Maillard Michel
Canal+Societe Anonyme
Peeso Thomas R.
Rosenthal & Osha L.L.P.
LandOfFree
Method and apparatus for encrypted data stream transmission does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for encrypted data stream transmission, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for encrypted data stream transmission will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2517146