CN1483259A - Encryption technique scheme for conditional access system - Google Patents

Encryption technique scheme for conditional access system Download PDF

Info

Publication number
CN1483259A
CN1483259A CNA018196888A CN01819688A CN1483259A CN 1483259 A CN1483259 A CN 1483259A CN A018196888 A CNA018196888 A CN A018196888A CN 01819688 A CN01819688 A CN 01819688A CN 1483259 A CN1483259 A CN 1483259A
Authority
CN
China
Prior art keywords
score value
equal score
smart card
equal
signal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA018196888A
Other languages
Chinese (zh)
Inventor
A��M����˹���ݸ�¬
A·M·埃斯基茨奥格卢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
RCA Licensing Corp
Original Assignee
RCA Licensing Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by RCA Licensing Corp filed Critical RCA Licensing Corp
Publication of CN1483259A publication Critical patent/CN1483259A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26606Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25808Management of client data
    • H04N21/25816Management of client data involving client authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/163Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Graphics (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A method and apparatus for managing access to a signal representative of an event of a service provider, including receiving said signal in a smart card, said signal being scrambled using a scrambling key, receiving, in said smart card, data representative of a first share; constructing said scrambling key using said first share and at least one additional share, said additional share being stored in said smart card; and descrambling said signal using said constructed scrambling key to provide a descrambled signal, wherein the step of constructing said scrambling key comprises calculating the Y-intercept of the line formed on said Euclidean plane by said first, and said at least one additional share.

Description

The encryption technique scheme that is used for conditional access system
Invention field
The present invention relates to provide for from various information sources, for example the condition of scrambling audio/video (A/V) signal that receives of broadcasting and television network, cable television network, digital satellite system and the Internet service provider inserts a system of (i.e. management inserts).Use secret composition to divide equally the design of (secretsharing), native system does not require under the encryption condition delivers to this receiving system to complete descramble key.At least one equal score value (share) that use receives from the service supplier and be stored at least two equal score values the device is to recover this key.
Background of invention
Now, the user can receive service from various service suppliers, for example broadcasting and television network, cable television network, digital satellite system and the Internet service provider.Most television receiver can be directly receives the information or the program of not scrambling from broadcasting and cable network.Provide the cable network of scrambled program to require independent set-top box to come this program of descrambling usually.Similarly, the scrambled program that provides usually of digital satellite system also needs to use an independent set-top box.These set-top box can be used a movably smart card, and it comprises in order to recover the needed key of this descramble key.In order to prevent that the unwarranted of program from duplicating, the protection of these critical keys is vital.
Conditional access system allows for example to authorize, identify and register, the service of being linked into (for example television broadcasting thing, internet etc.) according to payment and/or other requirement.In a conditional access system, user (subscriber) enters into a service agreement with a service supplier, to obtain access right.
Fig. 7 illustrates a traditional conditional access system structure.Before information or content (for example TV programme, film etc.) and this authorization message are passed to the user, this information or content and this authorization message protected (encrypted).Current, there are two class authority information relevant with each program or service.Entitlement Control Message (ECMS) carries the concise and to the point description (for example number of programs, date, time, price etc.) of descramble key (being called sometimes ' control word ') and program.Entitlement Management Message (EMMS) is stipulated the relevant authorization mechanism of this service (for example, indication type or service, the duration of service etc.).This EMMs can be as service distribution on same channel, or can for example send on a telephone wire on an individual channel.This ECMs is usually by multiplexed and send with related-program.
Fig. 8 represents the structure of a traditional transmit leg of a conditional access system for example shown in Figure 7.Such as will be appreciated, by scrambling, modulate and send to receiver (being the user) before, from the data flow of audio frequency, video and data of service by multiplexed.
Fig. 9 represents a traditional recipient's of a conditional access system for example shown in Figure 7 structure.As will be understood, dividing other audio frequency, video and data flow to deliver to this display unit (for example video screen) before, the bit data flow of reception is by demodulation, deciphering and decompression.
Be widely used in protecting the content of this distribution based on the technology of encrypting.If the user is authorized to watch a specific protection program, then this program is by descrambling and send to a display (for example video screen) for watching.In most of conditional access system, the user will use a digital device (for example set-top box, Digital Television, digital VCR), and it comprises a smart card that is used for according to EMM and this program of ECMS descrambling.
Usually, use symmetric cryptography, for example data encryption standard (DES) scrambled program.For the reason of safety, scrambling key (so this ECM) is frequent to be changed, and the cycle of variation is the order of magnitude in several seconds.Though condition inserts the protection that supplier defines this ECMS often privately, the common key art is a kind of feasible instrument that is used for key is transferred to from the service supplier user.At transmit leg,, and recover by corresponding private key (being stored in the smart card of receiver) the recipient with this descramble key of a kind of public-key encryption.
Yet the common key art has significant defective.For example, the Public key scheme is more a lot of slowly than symmetrical cipher key scheme, and long key (being that key has more letter-numerical chracter) is usually arranged.In addition, need be for the computation requests algorithm (for example above-mentioned RSA) that recovers this key.
In these digital devices, it is important separating this safety function from guide function (being the passage surfing).Separating makes the manufacturer of device produce the device that its operation is independent of this actual conditions connecting system.For following two reasons, this point is important:
(1) up to date, set-top box is difficult to obtain in the retail shop; They are made for cable companies, have directly offered the user.Main consumer electronics device manufacturer and electronic installation retailer oppose as this practice of monopolizing.
(2) from the position of safety, if key is to find (' hacker '), this condition access supplier only needs to substitute the smart card in the influenced device (for example set-top box), rather than re-constructs whole system.
Therefore, current needs are a kind of schemes, use one the design rather than for example the common key art of threshold value encryption technology come protection information.
Brief summary of the invention
The present invention defines a kind of method and apparatus, is used for the access of smart card management of management and utilization for a signal of expression service supplier's a incident.This method comprises step: receive a signal that uses the scrambling of a kind of symmetrical scrambling key with a smart card; Receive the data of one first equal score value of expression; At least two additional equal score values that use this first equal score value and be stored in this smart card constitute this scrambling key; And the scrambling key that uses this formation provides the signal of a descrambling.
According to first most preferred embodiment of the present invention, use first, second and the 3rd equal score value.This first, second and the 3rd equal score value be point on an Euclidean plane, and the step that constitutes this scrambling key comprises step: by this first, second and the 3rd equal score value calculating be formed on parabolical Y intercept on this Euclidean plane.
According to first most preferred embodiment of the present invention, use the first, second, third and the 4th equal score value.This first, second, third and the 4th shared be point on an Euclidean plane, and the step that constitutes this scrambling key comprises: calculate the Y intercept that is formed on this curve on this Euclidean plane by this first, second, third and the 4th equal score value.In general, according to the grade of safety requirements, can use the equal score value of any number.
Accompanying drawing is described
Fig. 1 is that expression is used for the block diagram of a shared set top box interface to various service suppliers' a structure.
Fig. 2 is the system block diagram that is used to manage for the access of a device according to of the present invention.
Fig. 3 a is the diagrammatic representation of determining of the scrambling key of first most preferred embodiment according to the present invention.
Fig. 3 b is the diagrammatic representation of the distribution of a monodrome (unique), and is not overlapping with the scope according to each service supplier of Fig. 3 a.
Fig. 4 is the diagrammatic representation of determining of the scrambling key of second most preferred embodiment according to the present invention.
Fig. 5 is the diagrammatic representation of determining of the scrambling key of the 3rd most preferred embodiment according to the present invention.
Fig. 6 is the diagrammatic representation of determining of a plurality of scrambling keys of the 4th most preferred embodiment according to the present invention.
Fig. 7 is the block diagram of a conventional conditions connecting system of expression.
Fig. 8 is the block diagram that expression is used for traditional transmit leg structure of a conditional access system.
Fig. 9 is the block diagram that expression is used for traditional recipient's structure of a conditional access system.
Describe in detail
In condition access (CA) system, usually use for example symmetric cryptography scrambled signals of data encryption standards (DES). For the reason of safety, the scrambling key frequently changes, and the cycle of variation is the order of magnitude in several seconds. The protection of this descramble key (sending with signal) usually is provided by public's Key Encryption Technology, such as above-mentioned discussion, needs sizable computing capability and memory. The invention is intended to provides the scheme that addresses this problem in recognizing described problem.
A signal of describing herein (for example an event or program) comprises information, for example (1) audio/video data (for example " TV " or the documentary film of film, weekly projection); (2) text data (for example e-magazine, article or weather news); (3) computer software; (4) binary data (for example image); (5) HTML (HTML) data (for example webpage); Or other can comprise any information of Access Control. The service supplier comprises the supplier of any broadcast event, the supplier of traditional broadcasting and television network, wired network, digital satellite net for example, the supplier of the electronic inventory of event, for example electronic program guides supplier, and the Internet service provider in determining example.
The invention provides a kind of method and apparatus for transmitting safely this descramble key. The present invention has special application a conditional access system that can obtain from one of a plurality of information sources program or business. When implementing in a device of for example DTV, digital video cassette video tape recorder or STB, this method provides the easily management for this descramble key, because only need the part of these data to be used for therein storage key structure. For simplicity, of the present invention the following describes direct embodiment for using digital television intelligent card.
In Fig. 1, system 30 has described and has been used for the universal architecture of management to the access of a Digital Television (DTV) 40.Smart card (SC) 42 is inserted into or is coupled to the intelligent card reader 43 of DTV 40; Internal bus 45 interconnection DTV 40 and SC 42, thus the data that are implemented in wherein transmit.According to NRSS (National Renewable Security Standard) part A or meet the regulation of the pcmcia card of NRSS part B, this smart card comprises ISO 7816 cards, has the surface and goes up a card main body of arranging a plurality of end pins.
DTV 40 has from a plurality of service suppliers (SP), and for example radio and television SP 50, cable TV SP 52, satellite system SP 54 and internet SP 56 receive professional ability.As following the explanation, if necessary, condition inserts mechanism (CA) 75 and directly directly is not connected with service supplier or DTV 40, but the public and private key of arranging key management and distribution to be used.
The design that the present invention has adopted secret composition to divide equally, this design have been eliminated in order to guarantee the requirement of the use common key art (or any other encryption system) of an audio/video (A/V) data flow from service supplier (for example SP 50-56) safe transmission to user's smart card (for example SC 42).
The present invention has adopted a kind of application program of the equal offshoot program of a kind of secret composition by Adi Shamir original development, be referred to as ' threshold schemes ' or ' the threshold value encryption technology ' (referring to A.Shamir, ACM communicates by letter " how to divide equally a secret composition ", Vol.22, No.11, pp.612-613, in November, 1979).For example by one of Shamir suggestion (t, n) threshold scheme comprise a secret composition resolve into the n section (it can be called as ' divide equally ' or ' hidden '), mode be required at least t (<=n) section could be rebuild this secret composition.(t-1) in desirable threshold scheme or several sections (' divide equally ' or ' hidden ') understanding the information of relevant this secret composition is not provided.
For example, utilize (3, a 4) threshold scheme, secret composition is divided into four equal score values, but only needs three of this equal score value to rebuild this secret composition.But two of this equal score value can not be rebuild this secret composition.Shamir (t, n) in the threshold scheme, select a high t value and in smart card the scheme of storage (t-1) individual secret composition the resistance of an increase system for ciphertext only attack still will be caused the more calculating for polynomial construction.
This threshold scheme has reduced the calculation requirement at smart card in symmetric key recovers.For each new key, compare with the RSA deciphering that comprises the module power, only carry out a kind of shirtsleeve operation (promptly calculating the polynomial value of x=0).In addition, fail safe is desirablely (promptly to provide (x 1, y 1) understand, all values of this secret composition keep equal possibility).
The principle that the present invention uses the secret composition of Shamir to divide equally is eliminated the identification for a key of a scrambled signals of descrambling in a conditional access system.Specifically, the present invention has advised a scheme, and wherein this scrambling key comprises a concrete straight line or the crooked Y intercept that is formed by two or more points in the Euclidean plane.
In the simple embodiment of this scheme, receiver (for example smart card) utilizes (as following the discussion, often be called this scheme be ' pre-determined bit (pripositioned) ' equal offshoot program of secret composition) be stored in that one of them equal score value or several equal score value make.The equal score value of this storage is used to calculate the key that is used for a signal of scrambling an emission.When sending the signal of this scrambling, one additional or ' start ' all score value is sent thereupon.Should be noted that being somebody's turn to do in this scheme ' startup ' all score value does not need to encrypt, and is because under the condition of the equal score value of not learning storage, nonsensical to this understanding that starts equal score value.Receive should ' start ' all during score value, this receiver uses a descramble key to rebuild this scrambled signals, this descramble key be by find by the equal score value of this storage and should ' start ' all Y intercept calculating of score value this straight line of forming.All need a new key at every turn, can transmitter select one new ' start ' equal score values, change thus by the equal score value of this storage and should ' start ' equal Y intercepts of this straight line of forming of score value.In this way, countless scrambling keys can be defined and use and smart card or this receiver hardware or software needn't be changed.
By carrying out a program of the following step, can operate this key automatically and produce and distribution process:
(a) select a secret composition S; This will be a value along the Y-axis of an Euclidean plane.
(b) through point (0, S) and another point (x 0, y 0) formation one-level polynomial f (x).
(c) calculate at x 1F (x), x wherein 1Be not equal to x 0
(d) utilize the distribution of content (x that protects with S 1, y 1).
Above-mentioned this scheme often is referred to as the secret composition scheme of one ' pre-determined bit ' divide equally because a part that should the secret composition by with this receiver ' pre-determined bit '.In above-mentioned example, should ' score value of pre-determined bit ' all is to be stored in equal score value in the smart card with receiver.This ' pre-determined bit ' as to divide equally secret composition scheme in the cryptography field, to discuss (referring to G.J.Sinnnons by other, " How to (really) share a secret; " Advances in Cryptology-CRYPTO ' 88 Proceedings, Springer-Verlag, pp.390-448,1990; G.J.Simmons, " Prepositioned shared secret and/or shared controlschemes, " Advances in Cryptology-ELTROCRYPT ' 89 Proceedings, Springer-Verlag, pp.436-467,1990).By definite equal score value of pre-determined bit or several equal score value, the scrambling key can quite easily change and needn't change any circuit of receiver; Only need to change should ' start ' equal score values.
Should be noted that above-mentioned algorithm summarizes the equal score value scheme of the secret composition of pre-determined bit that and utilized a secret composition S (being two points of a straight line on the Euclidean plane) who only has two equal score values.Certainly, can generate more complicated secret composition S with how equal score value (point).The importance of an equal score value scheme of the secret composition of pre-determined bit is, with receiver ' pre-determined bit ' some equal score value.
Present invention resides in a secret composition of a concrete position (for example in a smart card memory) storage several equal score values one of at least.The equal score value of this storage is used subsequently with one ' startup ' all score value combines.For example in (4, a 4) scheme, preferably three these four equal score values are stored in concrete position (for example smart card).Subsequently, this last equal score value (also being referred to as ' start ' equal score value) is sent to this position, so that obtain this secret composition.Importantly to point out out this secret composition be not this equal score value itself in the present invention, but the straight line that forms by this equal score value during the point on being shown in the Euclidean plane or the Y intercept of curve (being used for higher order polynomial).
Fig. 2 and 3 together exhibit first most preferred embodiment of the present invention.In this first most preferred embodiment, use a secret composition with two equal score values.As noted before, each equal score value is all by a some definition on the Euclidean plane.Specifically, being stored among the SC 42 is one first equal score value (being data point).The first equal score value can be considered to be in a single point (i.e. (x on the Euclidean plane 0, y 0) form).Service supplier 58 sends can pass through a symmetric key, a data encryption standard (DES) key for example, a signal (or incident or program) of scrambling.Except this scrambled signals, it is shared that service supplier 58 also sends one second (promptly ' start ').Similarly, this second equal score value can be one the second single point (i.e. (x from same Euclidean plane 1, y 1) form).
The A/V signal of scrambling and this second (' startup ') equal score value receive and deliver to SC42 by DTV 40 and be used for handling.SC 42 receives this second (' startup ') all score values, and utilizes first equal score value of storage and the second equal score value of this reception to rebuild (or recovery) this symmetric key.SC 42 uses the symmetric key of this reconstruction to come the scrambling A/V signal of this reception of descrambling subsequently, and produces the A/V signal of a descrambling.The A/V signal of descrambling is provided to DTV 40 and is used for showing.
Utilize a multinomial of the first and second equal score values to realize the recovery of this symmetric key by formation; The polynomial y-intercept of this formation is this symmetric key.For example, given (x 0, y 0) and (x 1, y 1), constitute this symmetric key by the value of in the finite field that provides, calculating S:
s=f(0)=y 0-((y 1-y 0)/(x 1-x 0))*(x 0)
Fig. 3 a represents the diagrammatic representation of the present invention's first most preferred embodiment, and exemplary equal score value (x is shown 0, y 0) and (x 1, y 1) and the straight line that forms thus, intersect a specified point (this point is a key) with Y-axis.For illustrative purposes, the curve among Fig. 3 a is to use actual number rather than module arithmetic to obtain.
With reference to the such scheme of this first example embodiment, allow the second equal score value (x of shared this storage of more than one service supplier 0, y 0) (promptly ' start ' equal score value).Each service supplier will freely select its oneself the first equal score value (i.e. (x then 1, y 1)).It is low constituting polynomial probability (being identical symmetric key) with identical y-intercept.Yet, can specify the scope of the possible second equal score value, make each service supplier have monodrome and non-overlapped scope (referring to Fig. 3 b).And, within the scope of the present invention, each service supplier can both select its oneself can use before the first equal score value encrypted of the smart card Public key downloaded.This equal score value will be by using its private key K SCpriSmart card recover.In addition, as described below, the scrambling with incident of different keys partly can increase the reliability of this define system with the second different equal score value of transmission.
In order to consider an example according to first example embodiment of the present invention, postulated point (x 0, y 0)=(17,15) and (x 1, y 1And p=23)=(5,10).The one-level multinomial:
F (x)=a 1X+a 0(pattern 23)
Can constitute process (x by following finding the solution 0, y 0) and (x 1, y 1):
a 1(17)+a 0=15 (patterns 23) and
a 1(5)+a 0=10 (patterns 23)
This separates (a 1, a 0)=(10,6) provide multinomial:
F (x)=10x+6 (pattern 23)
By calculating the value that f (0) can find secret composition S:
S=f (0)=6 (pattern 23)
Therefore, according to above-mentioned example, the value of this secret composition and therefore this scrambling key will be 6 (moulds 23).Certainly, the value of this secret composition will be along with each (x 1, y 1) different value and change.
Fig. 4 illustrates a key recovery scheme of second example embodiment according to the present invention, and this recovery scheme has used three equal score values (relative with two equal score values of first most preferred embodiment).In this second most preferred embodiment, by using first, second and the 3rd equal score value ((x for example 0, y 0), (x 1, y 1), (x 2, y 2)) constitute the recovery that a secondary multinomial is realized this symmetric key; The polynomial y-intercept of the secondary of this formation is this symmetric key.
In order to consider an example of second most preferred embodiment, postulated point (x according to the present invention 0, y 0)=(17,15), (x 1, y 1)=(5,10) and (x 2, y 2)=(12,6) and p=23.This secondary multinomial:
F (x)=a 2x 2+ a 1X+a 0(pattern 23)
Can constitute through (x by following finding the solution 0, y 0), (x 1, y 1) and (x 2, y 2):
a 2* (17 2)+a 1* (17)+a 0=15 (patterns 23)
a 2* (12 2)+a 1* (12)+a 0=6 (patterns 23) and
a 2* (5 2)+a 1* (5)+a 0=10 (patterns 23)
This separates (a 2, a 1, a 0)=(10,20,5) provide multinomial:
F (x)=10x 2+ 20x+5 (pattern 23)
By calculating the value that f (0) can find secret composition S:
S=f (0)=5 (pattern 23)
As shown in Figure 4, this first, second and the 3rd equal score value can be shown in point on the Euclidean plane.For illustrative purposes, the curve among Fig. 4 is to use actual number rather than pattern arithmetic to obtain.
Fig. 5 illustrates a key recovery scheme of the 3rd example embodiment of the present invention of using four equal score values.In the 3rd most preferred embodiment, by using the first, second, third and the 4th equal score value ((x for example 0, y 0), (x 1, y 1), (x 2, y 2), (x 3, y 3)) constitute the recovery that three grades of multinomials are realized this symmetric key; Three grades of polynomial y-intercepts of this formation are this symmetric keys.
In order to consider an example of the 3rd most preferred embodiment, postulated point (x according to the present invention 0, y 0)=(17,15), (x 1, y 1)=(5,10), (x 2, y 2)=(12,6) and (x 3, y 3)=(3,12) and p=23.These three grades of multinomials:
F (x)=a 2x 3+ a 2x 2+ a 1X+a 0(pattern 23)
Can constitute through (x by following finding the solution 0, y 0), (x 1, y 1) and (x 2, y 3):
a 3* (17 3)+a 2* (17 2)+a 1* (17)+a 0=15 (patterns 23)
a 3* (12 3)+a 2* (12 2)+a 1* (12)+a 0=6 (patterns 23)
a 3* (5 3)+a 2* (5 2)+a 1* (5)+a 0=10 (patterns 23)
a 3* (3 3)+a 2* (3 2)+a 1* (3)+a 0=12 (patterns 23)
This separates (a 3, a 2, a 1, a 0)=(18,19,0,22) provide this multinomial:
F (x)=18x 3+ 19x 2+ 0x+22 (pattern 23)
By calculating the value that f (0) can find secret composition S:
S=f (0)=22 (pattern 23)
As shown in Figure 5, this first, second, third and the 4th equal score value can be shown in the point on the Euclidean plane.For illustrative purposes, the curve among Fig. 5 is to use actual number rather than pattern arithmetic to obtain.
Aforesaid a plurality of equal score value can also be used to set up be used for a conditional access system one key managing project easily.The conditional access system operator often defines the key of Three Estate: (1) individual, (2) group and (3) zone.The user of this conditional access system can specify one or more these different authorization mechanisms by the anisomerous equal score value of storage in its smart card separately.
Consider a conditional access system, the population of the smart card of one of them regulation is used to control the access for this system.Can make three different cards types:
(1) grade 1 smart card-this broadcasting ' zone ' in all designated common equal score value of smart card (promptly common equal score value) to the smart card in this zone;
(2) grade 2 smart cards-stipulate all designated additional common equal score value of all smart cards in the group (promptly this being stipulated another common equal score value of smart card in the group) at one; With
(3) the additional equal score value of grade 3 smart cards-designated monodrome of each smart card.
Above-mentioned smart card can be in conjunction with one ' startup ' all score value uses, so that the program that descrambling is determined.Grade 3 smart cards comprise 3 equal score values because grade 1 smart card only comprises an equal score value, and grade 2 smart cards comprise two equal score values, so each card will provide different descramble key settings.Therefore, all smart cards in broadcast area (being grade 1 smart card) all will have the ability of reception and this general broadcast of descrambling (for example basic television channel), and only the smart card of grade 2 will have and receive and some additional program of descrambling (HBO for example, Showtime etc.) ability, and only grade 3 smart cards just will have and receive and the ability of some other additional program of descrambling (for example PPV film etc.).Be noted that the equal score value that is provided with in level 1-3 smart card comprises ' pre-determined bit ' information, this information can be in conjunction with one ' startup ' all score value uses, so that calculate a secret composition (for example descramble key).
Fig. 6 illustrates the mode of using the Euclidean plane to constitute a plurality of equal score value schemes.Such as will be appreciated, three different authorization mechanisms are corresponding to three y-intercepts (i.e. " region keys ", " group key ", " personal key ").This one-level multinomial (corresponding to grade 1 or ' zone ' mandate) comprise by one ' start equal score value ' straight line and the common equal score value of grade 1.This secondary multinomial (corresponding to grade 2 or ' group ' mandate) comprise by one ' start equal score value ' common equal score value of parabola, grade 1 and the common equal score value of grade 2.These three grades of multinomials (corresponding to grade 3 or ' individual ' mandate) comprise by one ' start equal score value ' common equal score value, grade 2 equal score values and the grade 3 equal score values of curve, grade 1.In above-mentioned example, should be noted that this ' start ' all score value is used to calculate each different key (i.e. individual, group and zone).Be noted that for illustrative purposes the curve among Fig. 6 is to use actual number rather than pattern arithmetic to obtain.
Use above-mentioned example, following form description equal score value and should the difference authorization mechanism between relation:
The point One-level grade 1 Secondary grade 2 Three grades of grades 3
Start equal score value=(5,10) Be Be Be
Grade 1 common all score value=(17,15) Be Be Be
Grade 2 equal score value=(12,6) Be Be
Grade 3 equal score value=(3,12) Be
Though the environment in a conditional access system that is used for providing content of multimedia has been described said method and device, principle of the present invention also can be used to be used for the method and apparatus of secure communication between the transmitter of information and receiver.
The advantage of said method and device comprises:
(a) reduce the calculation requirement (promptly be used for each key, only carry out a shirtsleeve operation) of receiver in symmetric key recovers.This is to compare with the RSA deciphering that comprises the module power.
(b) fail safe is desirable.In other words, given being somebody's turn to do starts equal score value, and whole values of secret composition keep equal possibility.Concerning senior multinomial, determine that the task of the secret composition of the equal score value of given startup becomes more difficult.
(c) between transmitter and receiver, divide equally ' a given setting of pre-determined bit ' information, can easily obtain different symmetric keys and by frequent the use (promptly by change should ' start ' equal score values).
(d) can define different authorization mechanisms by different all score values are assigned to different receivers.
(e) fail safe does not rely on uncertified assumptions (fail safe that is RSA is the degree of difficulty according to this integer factors resolution problem).
Such scheme has made up the advantage of symmetry and open key system effectively.Should ' pre-determined bit ' information can think the private key of receiver.The symmetric key that will constitute is to determine by the common information that the part as ECM sends.Because descramble key is not the information source generation in broadcasting, then do not need additional password to protect this descramble key in the air.
The effective performance of such scheme improves in every way, comprising:
(1) the scrambling key is defined as a function of this secret composition of dividing equally: usually, can produce this key by predefined function of value assessment with this secret composition.For example, if this secret composition of dividing equally (for example Y-intercept of function f (x)) is a real number 7, then key can be defined as 7 square root.In this way, even a people finds this secret composition, this people also not necessarily has can carry out descrambling.In addition, in case obtain this polynomial coefficient, then can use any other definition.In fact, this function may need to have an entropy retention properties (being entropy (secret composition)=entropy [f (secret composition)]).
(2) make the progression (and number of the equal score value of secret composition that therefore should needs discovery) of this polynomial function become the secret composition system parameters of a time correlation: for example, to define grade will the changing of polynomial f (x) of this secret composition according to every day, when per etc.For the adversary, cryptanalysis will become a thing that has more the workload demand, because they must at first determine this polynomial progression.
(3) before sending shielding this start equal score value: the equal score value of startup that sends with this scrambled content can be subsequently by this receiver with a predetermined process screen unlocking.The example of a shielding is to use this hashed value that starts equal score value to be used for content scrambling, but not sending this starts equal score value.Subsequently, receiver will be carried out hash and handle to determine this actual value.
(4) add the redundant equal score value of startup: with in fact start the equal score value of additional startup that equal score value sends can be subsequently by accessory receiver with a predetermined process filtering.
Any combination of above-mentioned corrective measure all will be used for hiding the equal score value of startup real-valued of this transmissions, and introducing is used for an additional level of this content security.
Though in forming the process of a secret composition, described the present invention according to an equal offshoot program of secret composition of the polynomial equation that can use first, second and the third level, but it will be understood by those skilled in the art that the polynomial equation (for example level Four, Pyatyi etc.) that can use any grade.In fact, the saving grace of senior polynomial function is, owing to the increase of the number of the equal score value that must estimate provides the added security that surpasses rudimentary polynomial function.In addition, though foregoing description concentrates on the have single smart card system of (for example smart card 42), it will be understood by those skilled in the art that available a plurality of smart card, each smart card all has and is stored in one of them or a plurality of equal score value value.

Claims (19)

1. be used to manage the method that inserts for a signal, said method comprises step:
In a smart card, receive the data of one first equal score value of expression;
Use the said first equal score value and at least two additional equal score values to constitute a symmetrical scrambling key, said at least two additional equal score values are to be stored in the said smart card; With
Use the scrambling key of said formation and signal of descrambling, so that the signal of a descrambling is provided.
2. the process of claim 1 wherein that said first, second and the 3rd equal score value are the points on an Euclidean plane.
3. be used to manage the cut-in method for the signal of an incident representing a service supplier, said method comprises step:
Receive the said signal in the smart card, said signal is used the scrambling of a symmetrical scrambling key institute;
In said smart card, receive the data of the expression said first equal score value;
Use the said first equal score value and the second and the 3rd equal score value to constitute said scrambling key, the said second and the 3rd equal score value is stored in the said smart card; And
Use the said signal of scrambling key descrambling of said formation, so that the signal of a descrambling is provided,
The step that wherein constitutes said scrambling key comprises step: the Y intercept of the curve that forms on said Euclidean plane by said first, second and the calculating of the 3rd equal score value.
4. the method for claim 3, wherein said first, second and the 3rd equal score value are the points on an Euclidean plane.
5. the method for claim 3, wherein said smart card have a card main body, comprise according to a plurality of end pins one of ISO 7816 and pcmcia card standard, that arrange on a surface of said card main body.
6. be used to manage a kind of service supplier and be coupled with the system of the access between the device of a smart card, said device execution in step:
Receive the said signal in the smart card, said signal is used the scrambling of a symmetrical scrambling key institute;
In said smart card, receive the data of one first equal score value of expression; Use the said first equal score value and the second and the 3rd equal score value to constitute said scrambling key, the said second and the 3rd equal score value is stored in the said smart card; With
Use the said signal of scrambling key descrambling of said formation, so that the signal of a descrambling is provided,
The step that wherein constitutes said scrambling key comprises step: the Y intercept of the curve that forms on said Euclidean plane by said first, second and the calculating of the 3rd equal score value.
7. a conditional access system comprises:
At least one program service supplier; With,
A digital device that comprises at least one smart card is used to receive scrambled signals and one the first equal score value that is sent by at least one program service supplier;
Wherein said at least one smart card comprises the second and the 3rd equal score value that is used for this scrambled signals of descrambling that is stored in wherein, and the said second and the 3rd shared and said first equal score value is used in combination, so that the said scrambled signals of descrambling.
8. the process of claim 1 wherein that the said first equal score value and said at least two additional equal score values are the points at least one secondary polynomial function.
9. the process of claim 1 wherein that these at least two additional equal score values comprise at least three additional equal score values, make that the said first equal score value and said at least three additional equal score values are the points at least one three grades of polynomial function.
10. the process of claim 1 wherein this scrambling key comprise from this first and at least two secret composition values that additional equal score value calculates.
11. the process of claim 1 wherein this scrambling key comprise from this first and functions of a secret composition value calculating of at least two additional equal score values.
12. the process of claim 1 wherein that this first equal score value and these at least two additional equal score values are included in the point at least one polynomial function.
13. the method for claim 12, wherein the progression of this polynomial function is changed periodically.
14. the method according to claim 1 comprises further step:
This first equal score value of shielding receive this first equal score value with this smart card before.
15. the method according to claim 14 comprises further step:
Calculate this first equal score value from the version of the shielding of this first equal score value.
16. the method according to claim 1 comprises further step:
Send one first equal score value and at least one redundant all score value.
17. the method according to claim 16 comprises further step:
Receive the said first equal score value with said smart card after, said at least one the redundant all score value of filtering.
18. be used to operate the method for a conditional access system, comprise step:
The signal of a scrambling and one first equal score value are sent to a digital device from a service supplier;
Receive the said scrambled signals and the said first equal score value with this digital device;
Use the said first equal score value and at least two additional equal score values to constitute a symmetrical scrambling key, said at least two additional equal score values are to be stored in the smart card of this digital device; With
Use the scrambling key of said formation and this signal of descrambling, so that the signal of this descrambling is provided.
19. a conditional access system comprises:
A transmitter; And,
A receiver that comprises at least one smart card is used to receive scrambled signals and one the first equal score value that is sent by this transmitter;
Wherein said at least one smart card comprises the second and the 3rd equal score value that is used for this scrambled signals of descrambling that is stored in wherein, and the said second and the 3rd shared and said first equal score value is used in combination, so that the said scrambled signals of descrambling.
CNA018196888A 2000-11-29 2001-09-24 Encryption technique scheme for conditional access system Pending CN1483259A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US25378100P 2000-11-29 2000-11-29
US60/253,781 2000-11-29

Publications (1)

Publication Number Publication Date
CN1483259A true CN1483259A (en) 2004-03-17

Family

ID=22961673

Family Applications (2)

Application Number Title Priority Date Filing Date
CNA018196888A Pending CN1483259A (en) 2000-11-29 2001-09-24 Encryption technique scheme for conditional access system
CNA01819723XA Pending CN1484901A (en) 2000-11-29 2001-09-24 Threshold cryptography scheme for message authentication system

Family Applications After (1)

Application Number Title Priority Date Filing Date
CNA01819723XA Pending CN1484901A (en) 2000-11-29 2001-09-24 Threshold cryptography scheme for message authentication system

Country Status (8)

Country Link
EP (2) EP1348276A2 (en)
JP (2) JP2004515160A (en)
KR (2) KR20040010565A (en)
CN (2) CN1483259A (en)
AU (2) AU2001296294A1 (en)
BR (2) BR0115575A (en)
MX (2) MXPA03004822A (en)
WO (2) WO2002045340A2 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7594275B2 (en) * 2003-10-14 2009-09-22 Microsoft Corporation Digital rights management system
US7620187B1 (en) 2005-03-30 2009-11-17 Rockwell Collins, Inc. Method and apparatus for ad hoc cryptographic key transfer
CN103647641B (en) * 2005-06-08 2017-07-11 皇家飞利浦电子股份有限公司 The method of the scalability, elasticity and performance of identification sensor and maximization wireless system
JP4776378B2 (en) * 2006-01-11 2011-09-21 日本電信電話株式会社 MULTI-KEY AUTHENTICATION TERMINAL DEVICE, MULTI-KEY AUTHENTICATION MANAGEMENT DEVICE, MULTI-KEY AUTHENTICATION SYSTEM, AND PROGRAM
JP4916915B2 (en) * 2007-02-28 2012-04-18 Kddi株式会社 Terminal device, data management device, and computer program
JP4909796B2 (en) * 2007-04-24 2012-04-04 Kddi株式会社 Secret information management system, secret information management method and program
GB2451505A (en) 2007-08-01 2009-02-04 Iti Scotland Ltd Key distribution in a network using key shares in a secret sharing scheme
US7958354B1 (en) 2008-02-14 2011-06-07 Rockwell Collins, Inc. High-order knowledge sharing system to distribute secret data
JP2008167505A (en) * 2008-03-26 2008-07-17 Dainippon Printing Co Ltd Public key encryption processing system and method
JP5608509B2 (en) * 2010-10-21 2014-10-15 Kddi株式会社 Key management system, key management method, and computer program
US11170094B2 (en) 2016-01-27 2021-11-09 Secret Double Octopus Ltd. System and method for securing a communication channel
WO2017130200A1 (en) * 2016-01-27 2017-08-03 Secret Double Octopus Ltd System and method for securing a communication channel

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7610614B1 (en) * 1999-02-17 2009-10-27 Certco, Inc. Cryptographic control and maintenance of organizational structure and functions

Also Published As

Publication number Publication date
AU2002212977A1 (en) 2002-06-11
MXPA03004822A (en) 2003-09-25
WO2002045340A2 (en) 2002-06-06
EP1348276A2 (en) 2003-10-01
JP2004515159A (en) 2004-05-20
BR0115575A (en) 2003-07-29
CN1484901A (en) 2004-03-24
BR0115573A (en) 2003-07-29
AU2001296294A1 (en) 2002-06-11
WO2002045340A3 (en) 2002-10-17
MXPA03004599A (en) 2003-09-04
JP2004515160A (en) 2004-05-20
WO2002045337A3 (en) 2002-09-06
KR20030094217A (en) 2003-12-11
KR20040010565A (en) 2004-01-31
WO2002045337A2 (en) 2002-06-06
EP1366594A2 (en) 2003-12-03

Similar Documents

Publication Publication Date Title
CN1150760C (en) Mehtod for protecting audio-visual data across NRSS interface
CN1146185C (en) Protecting information in system
US7698718B2 (en) Method and system for restricting use of data in a circuit
JP4845878B2 (en) Certificate validity check
US6895504B1 (en) Enabling secure communications with a client
US20130262869A1 (en) Control word protection
EP0658054A2 (en) Apparatus and method for securing communication systems
CN101040526A (en) Digital rights management of a digital device
CN1655503A (en) A secure key authentication and ladder system
JP2010193449A (en) Method of securely providing control word from smart card to conditional access module
EP1110399A1 (en) System and method for copy protecting transmitted information
CN104303511A (en) TV receiver device with multiple decryption modes
CN1483259A (en) Encryption technique scheme for conditional access system
US7224806B2 (en) Threshold cryptography scheme for conditional access systems
RU2547230C2 (en) Method of receiving multimedia content scrambled using control words
CN1547836A (en) Local digital network, methods for installing new devices and data broadcast and reception methods in such a network
US20040047472A1 (en) Threshold cryptography scheme for conditional access systems
US7664268B1 (en) Conditional access system for digital receivers
CN1930881A (en) Method for securing encrypted content broadcast by a broadcaster
EP2458777A1 (en) Deriving one or more cryptographic keys of a sequence of keys
KR20130003255A (en) Method for conditional access system of set top box using tv white space

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication