US20140068656A1 - Reliable and non-manipulatable processing of data streams in a receiver - Google Patents
Reliable and non-manipulatable processing of data streams in a receiver Download PDFInfo
- Publication number
- US20140068656A1 US20140068656A1 US14/078,092 US201314078092A US2014068656A1 US 20140068656 A1 US20140068656 A1 US 20140068656A1 US 201314078092 A US201314078092 A US 201314078092A US 2014068656 A1 US2014068656 A1 US 2014068656A1
- Authority
- US
- United States
- Prior art keywords
- packet identifier
- identifier
- content type
- receiver
- payload
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/60—Network streaming of media packets
- H04L65/75—Media network packet handling
- H04L65/764—Media network packet handling at the destination
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/426—Internal components of the client ; Characteristics thereof
- H04N21/42607—Internal components of the client ; Characteristics thereof for processing the incoming bitstream
- H04N21/42623—Internal components of the client ; Characteristics thereof for processing the incoming bitstream involving specific decryption arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention provides a solution for secure and non-manipulatable processing of a data stream in a receiver, possibly in conjunction with a smartcard. A packet identity and a content type identifier associated with the packet identifier are received in encrypted form and securely processed within the receiver to allow an encrypted payload of the data stream to be processed without the possibility to manipulate the content type identifier in an attempt to intercept the payload after decryption.
Description
- The present patent application claims the benefit of priority under 35 U.S.C. §119 to European Patent Application (EPO) No. 09168907.5, filed Aug. 28, 2009, the entire contents of which are incorporated herein by reference.
- The present invention relates to secure decryption and decoding of data streams in a receiver, possibly in conjunction with a smartcard.
- Pay TV applications in a conditional access (CA) system use scrambling (also known as encryption) to secure digital TV broadcast streams. Receivers are used to obtain the relevant decryption keys to descramble the stream prior to the rendering of the digital TV streams. Such decryption key is also known as a control word or CW. In a head-end of a digital TV station a sequence of CWs is associated with one or more elementary streams such as audio, video, subtitling, teletext and/or applets. For MPEG2 streams, the elementary streams are identified by a PID (packet identifier). The stream of CWs is usually identifiable by a CW_stream_Id. In the MPEG2 standard, the list of PIDs that make up a TV service (a program stream in MPEG2 terminology) is contained in a clear text PMT (program map table). The CA system employs a similar data structure to map the CW_Stream_ID to a number of PIDs. A decoder in de receiver processes the PMT and a smartcard of the CA system processes the information that links the CW_Stream_ID(s) to the relevant PIDs and sets up the receiver to load the relevant keys to descramble the elementary streams.
- To prevent unauthorized access to clear text digital TV streams, it is known to implement the descrambling and the decoding of the digital TV signals in a secure domain of the receiver, typically in a secure chip or chipset.
- Known receivers typically take the following steps in processing a MPEG2 stream. MPEG2 packets are received and demodulated. The PID and a scrambling control field are extracted from the MPEG2 header. A CW lookup table in a memory of the receiver is searched for an entry with a matching PID value and associated CW keys are read from the table. The scrambling control field value is used to select from the associated CW keys the CW that needs to be loaded in the descrambler. The scrambled payload of the MPEG2 packet is decrypted in de descrambler using the CW. Information from the clear text MPEG2 PMT is used to determine a stream_type of the packet. The stream_type is a content type identifier identifying the type of content, e.g. audio, video, subtitling, teletext or applet. The stream_type is used to send the packet to the appropriate decoding module.
- For the processing of the MPEG2 stream the receiver typically uses the following inputs: the PID value and the scrambling control field from the MPEG2 Packet header and the clear text MPEG2 PMT information of which in particular the PID of the elementary stream and the stream_type associated with the PID.
- In order to ensure the intended operation of the receiver, all these input data need to provide accurate information. As the PMT and the MPEG2 packet header are provided in clear text, they can be manipulated before the processing in the receiver. This enables an attacker to change a PID value or a stream_type value and e.g. have a video and audio elementary stream look like a teletext stream. Video streams and audio streams are typically processed in a secured domain of the receiver, while, after descrambling, teletext streams are processed outside the secured domain. Such manipulating of the inputs thus causes the descrambled video and audio elementary stream to exit the secure domain, enabling unauthorized access to these streams and making the processing of the streams unreliable.
- It is an object of the invention to improve secure processing of data streams.
- According to an aspect of the invention a method in a receiver is proposed for processing a data stream. The data stream comprises a header and an encrypted payload. The header comprises a first packet identifier. The method comprises the step of decrypting the encrypted payload to obtain a decrypted payload. The method further comprises the step of receiving an encrypted second packet identifier and an encrypted first content type identifier. The method further comprises the step of obtaining a second packet identifier from the encrypted second packet identifier within a secured environment. The method further comprises the step of obtaining a first content type identifier associated with the second packet identifier from the encrypted first content type identifier within the secured environment. The method further comprises the step of comparing the first packet identifier with the second identifier to obtain a first comparison result. The method further comprises the step of: if the first comparison result matches a first predetermined condition, selecting a first decoding module based on the first content type identifier and routing the decrypted payload to the first decoding module for decoding the decrypted payload.
- According to an aspect of the invention a receiver is proposed for processing a data stream. The data stream comprises a header and an encrypted payload. The header comprises a first packet identifier. The receiver comprises a descrambler configured to decrypt the encrypted payload to obtain a decrypted payload. The receiver further comprises a first input module configured to receive an encrypted second packet identifier and an encrypted first content type identifier. The receiver further comprises a processor, a memory and a router. The processor is configured to obtain a second packet identifier from the encrypted second packet identifier. The processor is further configured to obtain a first content type identifier associated with the second packet identifier from the encrypted first content type identifier. The processor is further configured to store the second packet identifier and the first content type identifier in the memory. The processor is further configured to compare the first packet identifier with the second packet identifier stored in the memory to obtain a first comparison result. The processor is further configured to: if the first comparison result matches a first predetermined condition, provide the first content type identifier to the router. The router is configured to select a first decoding module based on the first content type identifier. The router is further configured to route the decrypted payload to the first decoding module for decoding the decrypted payload.
- The first predetermined condition is e.g. that the first packet identifier equals the second packet identifier.
- Thus, the first content type identifier and the associated second packet identifier are securely provided to the receiver for processing, i.e. received in encrypted and thereby non-manipulatable form. Moreover, the processing of the decrypted payload is dependent on the non-manipulatable first content type identifier. Advantageously, this considerably complicates changing the content type identifier before processing in the receiver.
- The embodiment of
claim 2 advantageously enables the use of entitlement control messages and/or entitlement management messages for the secured distribution of the first content type identifier. - According to an aspect of the invention a method in a receiver is proposed for processing a data stream. The data stream comprises a header and an encrypted payload. The header comprises a first packet identifier. The method comprises the step of decrypting the encrypted payload to obtain a decrypted payload within a secured environment. The method further comprises the step of obtaining a second packet identifier from a hardcoded memory within the secured environment. The method further comprises the step of obtaining a first content type identifier associated with the second packet identifier from the hardcoded memory. The method further comprises the step of comparing the first packet identifier with the second identifier to obtain a first comparison result. The method further comprises the step of: if the first comparison result matches a first predetermined condition, selecting a first decoding module based on the first content type identifier and routing the decrypted payload to the first decoding module for decoding the decrypted payload.
- According to an aspect of the invention a receiver is proposed for processing a data stream. The data stream comprises a header and an encrypted payload. The header comprises a first packet identifier. The receiver comprises a descrambler configured to decrypt the encrypted payload to obtain a decrypted payload. The receiver further comprises a processor and a router. The processor is configured to obtain a second packet identifier and a first content type identifier from a hardcoded memory. The processor is further configured to compare the first packet identifier with the second packet identifier stored in the hardcoded memory to obtain a first comparison result. The processor is further configured to: if the first comparison result matches a first predetermined condition, provide the first content type identifier to the router. The router is configured to select a first decoding module based on the first content type identifier. The router is further configured to rout the decrypted payload to the first decoding module for decoding the decrypted payload.
- The first predetermined condition is e.g. that the first packet identifier equals the second packet identifier.
- Thus, the first content type identifier and the associated second packet identifier are securely provided to the receiver for processing, i.e. obtained from a hardcoded memory and thereby non-manipulatable form. Moreover, the processing of the decrypted payload is dependent on the non-manipulatable first content type identifier. This advantageously makes it impossible to change the content type identifier before processing in the receiver.
- The embodiment of claim 4 advantageously enables the hardcoded memory within the receiver.
- The embodiment of claim 5 advantageously enables the hardcoded memory within a smartcard.
- The embodiments of
claims 6 and 11 advantageously enable restricting the output of the decoder to a predefined interface, such as e.g. a HDMI/HDCP-interface, a DVI/HDCP-interface or a DRM protected interface. HDMI, HDCP, DVI and DRM are known abbreviations for High-Definition Multimedia Interface, High-Bandwidth Digital Content Protection, Digital Visual Interface and Digital Rights Management, respectively. - The embodiments of
claims 7 and 12 advantageously enable less secured processing of decrypted payload for which unauthorized access would be allowable. The second predetermined condition is e.g. that the first packet identifier differs from the second packet identifier. The third predetermined condition is e.g. that the first packet identifier equals the third packet identifier. - The embodiment of claim 8 advantageously enables secure and non-manipulatable processing of MPEG2 streams.
- The embodiment of claim 13 advantageously prevents tapping of signals within the receiver.
- According to an aspect of the invention a smartcard is proposed for use in a receiver having one or more of the above described features. The smartcard comprises an input module configured to receive an encrypted second packet identifier and an encrypted first content type identifier from the receiver. The smartcard further comprises a decryptor configured to decrypt the encrypted second packet identifier to obtain a second packet identifier and to decrypt the encrypted first content type identifier to obtain a first content type identifier associated with the second packet identifier. The smartcard further comprises an output module configured to provide the second packet identifier and the first content type identifier to the receiver.
- Thus, a smartcard can advantageously be used for securely obtaining the second packet identifier and the first content type identifier and securely providing these to the receiver.
- According to an aspect of the invention a smartcard is proposed for use in a receiver having one or more of the above described features. The smartcard comprises a hardcoded memory. The hardcoded memory comprises a second packet identifier and a first content type identifier associated with the second packet identifier. The smartcard further comprises an output module configured to provide the second packet identifier and the first content type identifier to the receiver.
- Thus, a smartcard can advantageously be used for securely obtaining the second packet identifier and the first content type identifier and securely providing these to the receiver.
- Hereinafter, embodiments of the invention will be described in further detail. It should be appreciated, however, that these embodiments may not be construed as limiting the scope of protection for the present invention.
- Aspects of the invention will be explained in greater detail by reference to exemplary embodiments shown in the drawings, in which:
-
FIG. 1 a shows a receiver of an exemplary embodiment of the invention; -
FIG. 1 b shows a receiver of an exemplary embodiment of the invention; -
FIG. 2 a shows a smartcard of an exemplary embodiment of the invention; -
FIG. 2 b shows a smartcard of an exemplary embodiment of the invention; -
FIG. 3 shows data flows in a receiver and a smartcard of an exemplary embodiment of the invention; -
FIG. 4 a shows a schematic view of steps of a method performed in a receiver of an exemplary embodiment of the invention; -
FIG. 4 b shows a schematic view of steps of a method performed in a receiver of an exemplary embodiment of the invention; -
FIG. 5 shows a schematic view of steps of a method performed in a receiver of an exemplary embodiment of the invention. - In a CA system a receiver is a device that receives a data stream from which encrypted data packets are extracted and processed. The data stream can be received as a broadcast stream or originate from a file stored on e.g. a hard disk or DVD disc. The data packets have a header and an encrypted payload. In the receiver the encrypted payload is decrypted and decoded to allow playback on an end-user device such as a television, pc or audio playback device. Depending on the type of content a particular decoder is used. Types of content are e.g. audio, video, subtitling, teletext and applets. Some types of content are of particular interest to hackers because of its premium characteristics, such as video and audio streams.
- The data stream is e.g. a MPEG2 stream conforming with the ISO 13818-1 standard. The MPEG2 stream typically contains multiple elementary streams each containing data packets with a header and a payload. The header contains a packet identifier (PID). The payload contains content belonging to a particular content type. According to the MPEG2 standard a PMT is separately provided to the receiver in clear text, possibly as a data structure within the payload. The PMT contains information linking a PID to a content type identifier called stream_type. Comparing the PID received in the elementary stream with the PID received in the PMT makes it possible to find the stream_type of the payload. The nature of the PMT being clear text makes it manipulatable by hackers.
- The present invention provides protection against such manipulations by providing input data securely to the receiver. The input data includes, amongst others, the content type identifier for an identifiable payload. The input data is used within the receiver where it is protected from manipulation. Hereto the input data is either encrypted in the broadcast stream or, alternatively, hardcoded in a memory. In case a smartcard is used to obtain the input data, existing techniques can be used to securely exchange data between the receiver and the smartcard. Within the receiver the payload and input data are preferably processed within a secured chip or secured chipset ensuring that the data signals cannot be tapped.
- In
FIG. 1 a a receiver 1 a is shown. Through afirst input module 12 input data is securely received. The input data as received is encrypted and contains a PID and a stream_type associated with the PID.Processor 13 a obtains the PID and stream_type from the input data, e.g. by decrypting the input data within the receiver 1 a or by having the input data decrypted by a smartcard. The obtained PID and stream_type are stored in thememory 14 a for later reference. Multiple PIDs and associated stream_types can be obtained and stored in thememory 14 a. It is possible to have ranges of PIDs associated with a stream_type to allow a more efficient storage in thememory 14 a. - The receiver 1 a further contains a
descrambler 11 for decrypting an encrypted payload of a data packet. The encrypted payload originates e.g. from an MPEG2 elementary stream or from a file. The data packet has a header containing a PID identifying the payload. After decrypting the encrypted payload, the decrypted payload is to be decoded by a particular decoder. The decoder is selected by comparing the PID from the header of the data packet with the PIDs stored in thememory 14 a. When a match is found, the associated stream_type is read from the memory and acorresponding decoder module 16 is selected. The stream_type is e.g. indicative of thedecoder module 16 to be used or the stream_type allows a lookup in a table to find thecorresponding decoder module 16. Any other mechanisms to find thedecoder module 16 with the stream_type may be used. Therouter 15 routes the decrypted payload to the selecteddecoder module 16 where it can be decoded. - In
FIG. 1 b analternative receiver 1 b is shown. Inreceiver 1 b PIDs and associated stream_types are hardcoded in amemory 14 b and thus need not be provided through an input module, such asinput module 12, in receiver 1 a. Apart from the secure reception of the input data throughinput module 12,receiver 1 b operates in a similar manner as receiver 1 a. InFIG. 1 b thememory 14 b is internal to thereceiver 1 b. Thememory 14 b can alternatively be provided in a smartcard accessible by thereceiver 1 b. - In
FIG. 2 a asmartcard 2 a is shown that can be used with the receiver 1 a as shown inFIG. 1 a to obtain the PID and associated stream_type.Input module 21 receives the encrypted input data containing the encrypted PID and encrypted stream_type from the receiver.Decryptor 22 decrypts the input data and the thus obtained decrypted PID and stream_type is provided to the receiver 1 a throughoutput module 23. The interface between thesmartcard 2 a and the receiver 1 a is secured using any known smartcard interface technology. -
FIG. 2 b shows analternative smartcard 2 b that can be used with thereceiver 1 b as shown inFIG. 1 b to obtain the PID and associated stream_type. The PID and associated stream_type are stored in hardcodedmemory 24 and provided to thereceiver 1 b throughoutput module 23. - In
FIG. 3 shows in more detail how data is processed in a receiver of an exemplary embodiment of the invention. For simplification purposes, theprocessor Memory memory 14 b in which case thesmartcard memory 14 a in which case thesmartcard smartcard 2 a or obtain the PID and associated stream_type from a hardcodedmemory 24 insmartcard 2 b. - In the
memory -
Trusted Information Lookup Table PID CW_odd CW_even Stream_type 101 CW1 CW2 video 201-299 CW3 CW4 1 {ō100} ≧ 0 CW1 CW2 audio - The trusted information lookup table contains three rows with data. In the first row a PID with value “101”, an odd CW with value “CW1”, an even CW with value “CW2” and a stream_type with value “video” are stored. Thus CW1 and CW2 are associated with
PID 101 and thePID 101 is associated to the stream_type video. In the second row a range of PIDs 201-299 are associated to CW3, CW4 andstream_type 1, wherein thevalue 1 of the stream_type represents e.g. video. In the third row a range of PIDs {ō100}≧0 i.e. {0,100,200, . . . }, is associated to CW1, CW2 and stream_type audio. - Referring to
FIG. 3 , in the following example a PID and associated CWs are received in an ECM, and a PID and associated stream_type are received in an entitlement management message (EMM). The ECM and EMM are received by afirst input module 12 in asecured domain 30 of receiver 1 a and forwarded tosmartcard 2 a through a secure interface between the receiver 1 a and thesmartcard 2 a. Encryptedodd CW 112 a and encrypted evenCW 112 b are decrypted in thesmartcard 2 a and provided through the secure interface as decryptedodd CW 113 a and decrypted evenCW 113 b, together with PID information from the ECM, to the receiver 1 a where they are stored inmemory 14 a.Encrypted PID 105 andencrypted stream_type 106 are also decrypted in thesmartcard 2 a and provided as decryptedPID 107 and decryptedstream_type 108 to the receiver 1 a where they are stored inmemory 14 a. When an MPEG2 elementary stream is received, data fields are extracted from theheader 101 of the elementary stream and theencrypted payload 102 of the elementary is fed intodescrambler 11. Among the data fields extracted from the header are thePID 103 identifying the payload and the scramblingcontrol field 111 identifying whether the odd CW or the even CW is to be used for decrypting the encrypted payload. - The
CWs 113 a; 113 b forPID 103 are looked up in thememory 14 a and based on the value of the scramblingcontrol field 111switch 10 provides eitherodd CW 113 a or evenCW 113 b to thedescrambler 11.Descrambler 11 decrypts theencrypted payload 102 using the providedodd CW 113 a or evenCW 113 b. After decrypting the payload, thestream_type 108 is sent to arouter module 15 along with the decryptedpayload 104. Therouter module 15 uses stream_type 108 from the Trusted Information Lookup Table stored inmemory 14 a to select the appropriate decoder for decoding the decryptedpayload 104. Contrary to prior art,PID 109 andstream_type 110 information provided in a clear text PMT and received throughsecond input module 18 are thus not used. If the stream_type is empty (nil), i.e. not available in thememory 14 a, or invalid, the router can be configured to use the information from the PMT. Thesecond input module 18 and thefirst input module 12 can be one and the same. - The
stream_type 108 in thesecured domain 30 can contain or have associated routing information fordecoding modules 16. This enables that e.g. transmission of premium content is restricted tosecured output interfaces 17 such as HDMI and not on unprotected high quality analogue interfaces such as SCART and S-video. There are a number of ways to implement the loading and provisioning of trusted stream_types. A CA system usually provides a mechanism to associate PID values with a stream of CWs referenced by a CW_Stream_ID. This mechanism allows several elementary streams to share a CW value. The association of a CW_Stream_ID with PID values occurs prior to the transmission of the sequence of CWs for that CW_Stream_ID. The ECMs thus contain at least an encrypted version of the CW_Stream_ID and theCW stream_type 107. Instead of a single PID value, the CW_Stream_ID association then consists of an array of {PID 107, stream_type 108} pairs. After processing the list of CW_Stream_ID associations, the smartcard 1 a can use a secure information loading protocol to transmit the trustedstream_type 108 to thesecured domain 30 of the receiver 1 a. - Alternatively a special data stream is defined containing the trusted
stream_type 108 for a number of PID values 107. In order to prevent modifications to the data, this special data stream is encrypted. The special data stream is decrypted in a descrambler in thesecured domain 30 of the receiver, possiblydescrambler 11. The association betweenPID 107 andstream_type 108 is parsed and stored inmemory 14 a for use in thesecured domain 30. - Alternatively two separate CW Lookup tables and separate key ladders are created to load the CWs. Known key ladder modules can be used for this purpose. One CW lookup table contains information for streams that need to stay within the
secured domain 30 and the other CW lookup table covers elementary streams that are allowed to be decoded bydecoders 19 outside thesecured domain 30. A binary stream_type can he used for this purpose having either the value of 1 or the value of 0. The key ladder module implements a secure session process to loadCWs secured domain 30 of a chip using a simple key hierarchy that is embedded into a one time programmable memory structure of the chip. - Other alternative methods may be used for the provisioning of the CWs and stream_types to the receiver 1 a.
-
FIG. 4 a shows the steps of a method performed in a receiver of an exemplary embodiment of the invention, e.g. the receiver shown inFIG. 1 a. Preferably the steps are performed in asecured chip 30 of the receiver 1 a. Instep 1001encrypted payload 102 of an elementary stream such as encrypted video payload is decrypted into decryptedvideo 104. Instep 1002 an ECM or EMM is received with anencrypted PID 105 andencrypted stream_type 106.PID 105 is decrypted and stored inmemory 14 a instep 1003 andstream_type 106 is decrypted and stored inmemory 14 a instep 1004. The decryptedPID 107 is compared with aPID 103 of the video payload instep 1005. Hereto thePID 103 is extracted from the header of the elementary stream and compared with PIDs stored in thememory 14 a. If a match is found, which is indicated bystep 1006, thestream_type 108 associated with the PID 103 (orPID 107, which is identical in this case) is read from thememory 14 a and used instep 1007 to select avideo decoding module 16 for decoding the video payload. Instep 1008 the decrypted video payload is routed to thevideo decoding module 16. -
FIG. 4 b shows the steps of an alternative method performed in a receiver of an exemplary embodiment of the invention, e.g. in the receiver shown inFIG. 1 b. The method differs fromFIG. 1 a in that instead of receiving an ECM or EMM to obtain thePID 107 and associatedstream_type 108, thePID 107 andstream_type 109 are hardcoded in a memory, e.g. in hardcodedmemory 14 b ofreceiver 1 b or in hardcodedmemory 24 ofsmartcard 2 b. Instep 1011 thePID 107 is read from the hardcodedmemory step 1012 the stream_type is read from the hardcodedmemory - In
FIG. 5 additional optional steps are shown of a method performed in a receiver of an exemplary embodiment of the invention, e.g. the receiver shown inFIG. 1 a. In addition to the steps shown inFIG. 4 a, in the exemplary embodiment ofFIG. 5 aninterface 17 is selected instep 1013 to restrict the output ofdecoder 16 to instep 1014. If the stream_type is not found inmemory 14 a, the receiver 1 a can be configured to rout the decryptedpayload 104, which in this case is e.g. teletext payload, based on input data that is insecurely received in the receiver. The input data containing aclear text HD 109 andclear text stream_type 110 associated with theHD 109 is e.g. received in a PMT. Instep 1015 the PMT is received. Instep 1016 thePID 109 from the PMT is compared with thePID 103 of theteletext payload 104. If the PIDs match, which is indicated bystep 1017, ateletext decoding module 19 outside thesecured domain 30 of the receiver is selected instep 1018. Instep 1019 theteletext payload 104 is routed to theteletext decoding unit 19. - The additional optional steps as shown in
FIG. 5 can similarly be applied to the example ofFIG. 4 b. - One embodiment of the invention may be implemented as a program product for use with a computer system. The program(s) of the program product define functions of the embodiments (including the methods described herein) and an be contained on a variety of computer-readable storage media. Illustrative computer-readable storage media include, but are not limited to: (i) non-writable storage media (e.g., read-only memory devices within a computer such as CD-ROM disks readable by a CD-ROM drive, flash memory, ROM chips or any type of solid-state non-volatile semiconductor memory) on which information is permanently stored; and (ii) writable storage media (e.g., floppy disks within a diskette drive or hard-disk drive or any type of solid-state random-access semiconductor memory) on which alterable information is stored.
Claims (22)
1-21. (canceled)
22. A method in a receiver for processing a data stream, the method comprising:
receiving the data stream including a payload and a first packet identifier associated with the payload;
receiving a second packet identifier and a first content type identifier associated with the second packet identifier;
comparing the first packet identifier with the second packet identifier to obtain a first comparison result; and
in response to the first comparison result, selecting a first decoding module from a plurality of decoding modules based on the first content type identifier to decode the payload.
23. The method according to claim 22 , comprising:
comparing the first comparison result with a first condition; and
in response to determining that the first comparison result matches the first condition, executing the selection of the first decoding module from the plurality of decoding modules.
24. The method according to claim 22 , comprising:
receiving a third packet identifier and a second content type identifier associated with the third packet identifier;
in response to determining that the first comparison result matches a second condition, comparing the first packet identifier with the third packet identifier to obtain a second comparison result for selection of a second decoding module from the plurality of decoding modules.
25. The method according to claim 24 , comprising:
in response to determining that the second comparison result matches a third condition, selecting the second decoding module from the plurality of decoding modules based on the second content type identifier to decode the payload.
26. The method according to claim 24 , wherein receiving a third packet identifier and a second content type identifier comprises:
receiving a clear text third packet identifier and a clear text second content type identifier associated with the clear text third packet identifier; and/or.
receiving the third packet identifier and the second content type identifier in a program map table in a MPEG2 transport stream
27. The method according to claim 26 , wherein receiving the data stream comprises:
receiving the data stream comprising the payload and the header having the first packet identifier, the payload and the header being part of an elementary stream in a MPEG transport stream.
28. The method according to claim 22 , wherein receiving a second packet identifier and a first content type identifier comprises:
receiving the second packet identifier and the first content type identifier in an encrypted form, from a secure environment.
29. The method according to claim 28 , wherein receiving a second packet identifier and a first content type identifier comprises:
receiving the encrypted second packet identifier and the encrypted first content type identifier in an encrypted entitlement message; and
transmitting the encrypted entitlement message to a smartcard, the second packet identifier and the first content type identifier being provided from the smartcard over a secure connection.
30. The method according to claim 22 , wherein receiving a second packet identifier and a first content type identifier comprises:
receiving the second packet identifier and the first content type identifier from a secure environment comprising either one or more of a hardcoded memory of the receiver and a smartcard.
31. The method according to claim 22 , comprising:
selecting an interface from a plurality of interfaces based on the first content type identifier; and
restricting an output of the first decoding module to the selected interface.
32. A receiver for processing a data stream, comprising:
a processor configured to:
receive the data stream including a payload and a first packet identifier associated with the payload,
receive a second packet identifier and a first content type identifier associated with the second packet identifier, and
compare the first packet identifier with the second packet identifier to obtain a first comparison result; and
a router configured to:
in response to the first comparison result, select a first decoding module from a plurality of decoding modules based on the first content type identifier; and
route the payload to the first decoding module to decode the payload.
33. The receiver according to claim 32 , wherein the processor is configured to:
compare the first comparison result with a first condition; and
in response to determining that the first comparison result matches the first condition, executing the selection of the first decoding module.
34. The receiver according to claim 32 , wherein the processor is configured to:
receive a third packet identifier and a second content type identifier associated with the third packet identifier; and
in response to determining that the first comparison result matches a second condition, comparing the first packet identifier with the third packet identifier to obtain a second comparison result for selection of a second decoding module from the plurality of decoding modules.
35. The receiver according to claim 34 , wherein the processor is configured to:
determine that the second comparison result matches a third condition to select the second decoding module from the plurality of decoding modules based on the second content type identifier to decode the payload.
36. The receiver according to claim 34 , wherein the processor is configured to:
receive a clear text third packet identifier and a clear text second content type identifier associated with the clear text third packet identifier; and/or
receive the third packet identifier and the second content type identifier in a program map table in a MPEG2 transport stream
37. The receiver according to claim 32 , wherein the receiver receives the data stream comprising the payload and the header having the first packet identifier, the payload and the header being part of an elementary stream in a MPEG transport stream.
38. The receiver according to claim 34 , wherein either one or more of the first decoding module and the second decoding module comprises a video decoder, an audio decoder in a secured chipset of the receiver, a teletext decoder, a subtitling decoder and/or a software applet that is external to the secured chipset.
39. The receiver according to claim 32 , wherein the processor is configured to:
receive the second packet identifier and the first content type identifier in an encrypted form, in an encrypted entitlement message; and
transmitting the encrypted entitlement message to a smartcard, the second packet identifier and the first content type identifier being provided from the smartcard over a secure connection.
40. The receiver according to claim 32 , wherein the processor is configured to:
receive the second packet identifier and the first content type identifier from a secure environment comprising either one or more of a hardcoded memory of the receiver and a smartcard.
41. The receiver according to claim 32 , wherein the processor is configured to:
select an interface from a plurality of interfaces based on the first content type identifier; and
restrict an output of the first decoding module to the selected interface.
42. A computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a receiver with a computer processor, cause the receiver with the computer processor to perform a method comprising:
receiving the data stream including a payload and a first packet identifier associated with the payload;
receiving a second packet identifier and a first content type identifier associated with the second packet identifier;
comparing the first packet identifier with the second packet identifier to obtain a first comparison result; and
in response to the first comparison result, selecting a first decoding module from a plurality of decoding modules based on the first content type identifier to decode the payload.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/078,092 US20140068656A1 (en) | 2009-08-28 | 2013-11-12 | Reliable and non-manipulatable processing of data streams in a receiver |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP09168907A EP2290943B1 (en) | 2009-08-28 | 2009-08-28 | Reliable and non-manipulatable processing of data streams in a receiver |
EP09168907.5 | 2009-08-28 | ||
US12/869,218 US8599916B2 (en) | 2009-08-28 | 2010-08-26 | Reliable and non-manipulatable processing of data streams in a receiver |
US14/078,092 US20140068656A1 (en) | 2009-08-28 | 2013-11-12 | Reliable and non-manipulatable processing of data streams in a receiver |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/869,218 Continuation US8599916B2 (en) | 2009-08-28 | 2010-08-26 | Reliable and non-manipulatable processing of data streams in a receiver |
Publications (1)
Publication Number | Publication Date |
---|---|
US20140068656A1 true US20140068656A1 (en) | 2014-03-06 |
Family
ID=42470697
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/869,218 Active 2031-08-11 US8599916B2 (en) | 2009-08-28 | 2010-08-26 | Reliable and non-manipulatable processing of data streams in a receiver |
US14/078,092 Abandoned US20140068656A1 (en) | 2009-08-28 | 2013-11-12 | Reliable and non-manipulatable processing of data streams in a receiver |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/869,218 Active 2031-08-11 US8599916B2 (en) | 2009-08-28 | 2010-08-26 | Reliable and non-manipulatable processing of data streams in a receiver |
Country Status (6)
Country | Link |
---|---|
US (2) | US8599916B2 (en) |
EP (1) | EP2290943B1 (en) |
JP (1) | JP5551023B2 (en) |
KR (1) | KR20110023817A (en) |
CN (1) | CN102075813B (en) |
CA (1) | CA2713764C (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9355279B1 (en) * | 2013-03-29 | 2016-05-31 | Secturion Systems, Inc. | Multi-tenancy architecture |
KR102536860B1 (en) * | 2016-09-12 | 2023-05-26 | 주식회사 메디인사이드 | A method for generating an encryted data stream and an apparatus therefor |
US10944572B2 (en) | 2017-01-02 | 2021-03-09 | Western Digital Technologies, Inc. | Decryption and variant processing |
US20180359090A1 (en) * | 2017-06-08 | 2018-12-13 | Qualcomm Incorporated | Avoiding link integrity failures on displayport during hcdp 2.2 by using sink side optimizations |
CN110489971A (en) * | 2018-05-15 | 2019-11-22 | 微软技术许可有限责任公司 | The data set management of safety |
KR102524377B1 (en) * | 2022-11-25 | 2023-04-21 | 주식회사 유니온플레이스 | Method of communicating vehicle data for vehicle control |
KR102524379B1 (en) * | 2022-12-05 | 2023-04-21 | 주식회사 유니온플레이스 | Data processing apparatus for railed vehicle control |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020035623A1 (en) * | 1997-05-02 | 2002-03-21 | Lawande Sachin S. | Method and apparatus for operating the internet protocol over a high-speed serial bus |
US20040148501A1 (en) * | 2003-01-27 | 2004-07-29 | Livaditis Elias J | Apparatus and method for single encryption with multiple authorization of distributed content data |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4349695A (en) * | 1979-06-25 | 1982-09-14 | Datotek, Inc. | Recipient and message authentication method and system |
US4985895A (en) * | 1988-11-14 | 1991-01-15 | Wegener Communications, Inc. | Remote controlled receiving system apparatus and method |
JP3680365B2 (en) * | 1995-08-07 | 2005-08-10 | ソニー株式会社 | Descrambling device, descrambling method, scrambled broadcasting transmission / reception device, scrambled broadcasting method |
JP2000013696A (en) * | 1998-06-19 | 2000-01-14 | Sony Corp | Digital broadcasting receiver, its channel selecting method and data transmitting method |
KR100390841B1 (en) * | 2001-03-27 | 2003-07-10 | 주식회사 하이닉스반도체 | Apparatus for storing and comparing PID to speed up detection of PID and its method |
JP3699023B2 (en) * | 2001-08-29 | 2005-09-28 | Necマグナスコミュニケーションズ株式会社 | Digital broadcast viewing control system and digital broadcast viewing control method |
GB0208373D0 (en) * | 2002-04-11 | 2002-05-22 | Nokia Corp | Digital video broadcasting receiver |
EP1392060A1 (en) | 2002-08-21 | 2004-02-25 | Canal+ Technologies Société Anonyme | System and method for broadcast testing |
US20060098649A1 (en) * | 2004-11-10 | 2006-05-11 | Trusted Network Technologies, Inc. | System, apparatuses, methods, and computer-readable media for determining security realm identity before permitting network connection |
JP4190870B2 (en) * | 2002-11-21 | 2008-12-03 | ソニー株式会社 | BROADCASTING SYSTEM, RECEPTION DEVICE, BROADCAST DATA PROTECTION METHOD, AND RECEPTION METHOD |
WO2005022344A2 (en) * | 2003-08-29 | 2005-03-10 | Opentv, Inc. | Targeted content broadcast and reception system |
US7848227B2 (en) * | 2005-01-26 | 2010-12-07 | Cisco Technology, Inc. | Retransmit timeout suppression in large scale networks |
JP2007096896A (en) * | 2005-09-29 | 2007-04-12 | Sanyo Electric Co Ltd | Broadcast recorder, broadcast recording and reproducing device and broadcast recording and reproduction program |
KR100810318B1 (en) * | 2006-02-08 | 2008-03-07 | 삼성전자주식회사 | Digital multimedia broadcasting conditional access system and method thereof |
US8275132B2 (en) * | 2006-05-15 | 2012-09-25 | Buchen Neil B | System and method for dynamically allocating stream identifiers in a multi-encryption transport system |
JP5098292B2 (en) * | 2006-10-30 | 2012-12-12 | 株式会社日立製作所 | Content decryption key extraction method and content reception device |
KR101467785B1 (en) * | 2007-07-06 | 2014-12-04 | 엘지전자 주식회사 | Digital broadcasting system and method of processing data in digital broadcasting system |
-
2009
- 2009-08-28 EP EP09168907A patent/EP2290943B1/en active Active
-
2010
- 2010-08-26 US US12/869,218 patent/US8599916B2/en active Active
- 2010-08-27 CA CA2713764A patent/CA2713764C/en not_active Expired - Fee Related
- 2010-08-27 CN CN201010511656.1A patent/CN102075813B/en not_active Expired - Fee Related
- 2010-08-30 KR KR1020100083883A patent/KR20110023817A/en not_active Application Discontinuation
- 2010-08-30 JP JP2010192178A patent/JP5551023B2/en not_active Expired - Fee Related
-
2013
- 2013-11-12 US US14/078,092 patent/US20140068656A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020035623A1 (en) * | 1997-05-02 | 2002-03-21 | Lawande Sachin S. | Method and apparatus for operating the internet protocol over a high-speed serial bus |
US20040148501A1 (en) * | 2003-01-27 | 2004-07-29 | Livaditis Elias J | Apparatus and method for single encryption with multiple authorization of distributed content data |
Also Published As
Publication number | Publication date |
---|---|
JP5551023B2 (en) | 2014-07-16 |
CN102075813B (en) | 2015-06-17 |
CA2713764C (en) | 2018-07-24 |
KR20110023817A (en) | 2011-03-08 |
US20110069222A1 (en) | 2011-03-24 |
CA2713764A1 (en) | 2011-02-28 |
EP2290943A1 (en) | 2011-03-02 |
EP2290943B1 (en) | 2012-05-16 |
JP2011050056A (en) | 2011-03-10 |
CN102075813A (en) | 2011-05-25 |
US8599916B2 (en) | 2013-12-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20140068656A1 (en) | Reliable and non-manipulatable processing of data streams in a receiver | |
EP1800480B1 (en) | Digital rights management of a digital device | |
US9479825B2 (en) | Terminal based on conditional access technology | |
US7895616B2 (en) | Reconstitution of program streams split across multiple packet identifiers | |
JP5710273B2 (en) | Encryption system for satellite distribution television. | |
US9455829B2 (en) | Method and system for decrypting a transport stream | |
US8631430B2 (en) | Enabling DRM-encrypted broadcast content through gateway into the home | |
EP2699017B1 (en) | Security processing unit with secure connection to head end | |
KR101980928B1 (en) | Method, cryptographic system and security module for descrambling content packets of a digital transport stream | |
EP2362635B1 (en) | Disabling a cleartext control word loading mechanism in a conditional access system | |
US9756365B2 (en) | Broadcast reception device, operating method of broadcast reception device, conditional access module and operating method of conditional access module |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |