EP1698176A1 - Verfahren und system mit bedingtem zugang, angewandt auf den schutz von inhalt - Google Patents

Verfahren und system mit bedingtem zugang, angewandt auf den schutz von inhalt

Info

Publication number
EP1698176A1
EP1698176A1 EP03810016A EP03810016A EP1698176A1 EP 1698176 A1 EP1698176 A1 EP 1698176A1 EP 03810016 A EP03810016 A EP 03810016A EP 03810016 A EP03810016 A EP 03810016A EP 1698176 A1 EP1698176 A1 EP 1698176A1
Authority
EP
European Patent Office
Prior art keywords
ecm
key
message
cwi
content
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP03810016A
Other languages
English (en)
French (fr)
Inventor
Gilles Dubroeucq
Jean-Pierre Vigarie
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Viaccess SAS
Original Assignee
Viaccess SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Viaccess SAS filed Critical Viaccess SAS
Publication of EP1698176A1 publication Critical patent/EP1698176A1/de
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/163Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26606Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/432Content retrieval operation from a local storage medium, e.g. hard-disk
    • H04N21/4325Content retrieval operation from a local storage medium, e.g. hard-disk by playing back content from the storage medium
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/433Content storage operation, e.g. storage operation in response to a pause request, caching operations
    • H04N21/4334Recording operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Definitions

  • the invention relates to the field of access control and relates more particularly to a method and a system for transmitting / receiving information with access control through an MPEG2 broadcasting network. This method is applicable to any multiplex data stream based on the use of packet or frame.
  • the invention also relates to a scrambling platform and a descrambling receiver intended to implement this method. More specifically, the invention relates to a method and a system for controlling access to a digital data stream broadcast and scrambled beforehand by a CW encryption key transmitted in encrypted form in an ECM access title control message (for "Entitlement Control Message") comprising at least one CA criterion for controlling access to the data of the stream.
  • the transmitted data may be decrypted on the fly or saved as is in a receiving terminal.
  • FIG. 1 represents a general diagram of an access control system of the prior art in which a scrambling platform 2, generally arranged at the head of the network, receives a clear flow F x and provides a receiver terminal 4 encrypted content F xs .
  • the platform 2 comprises a generator 6 of CWi scrambling and descrambling keys, a generator for access title control messages (ECM) 8, and a generator for access title management messages (EMM) (for "Entitlement Management Message) 10.
  • the receiver terminal 4 comprises a descrambling module 12, a security processor 14 comprising a decryption module 16 of the control keys CWi and a memory 18. Before the data streams are broadcast, these are scrambled by the scrambling platform 2 by means of the CWi keys. In order to allow descrambling of the content of the broadcast streams, the CWi descrambling keys are transmitted to the terminals 4 in encrypted form in the title title control messages. ECM access with at least one access control criterion CA. After verification of the access criteria by means of a comparator 20 to rights previously transmitted to the terminals 4, in the management messages access card (EMM) and written in memory 18, the descrambling keys C i are decrypted then transmitted to the descrambling module 12.
  • ECM management messages access card
  • the descrambling keys C i change regularly on crypto-periods CPi (typically a few seconds) and are generally applied to the descrambler 12 by couple [CW ⁇ , CW i + ⁇ ] where CWi represents the descrambling key valid during the CPi crypto-period, and CWi + i representing the descrambling key valid during the CPi + i crypto-period.
  • Each descrambling key to be used is referenced by a bit indicating the parity of i so that on each change of ECM, two descrambling keys, an ECW pair and an odd OCW, are configured on the descrambler before the effective change of crypto-period.
  • a known technique for protecting the content once broadcast consists of recording this content with the associated conditional access signaling.
  • a first drawback of this solution stems from the fact that it does not make it possible to associate separate access criteria for the phases: - direct viewing of the content from the stream; - content recording; and - viewing the flow from the locally recorded content.
  • a second drawback of this technique stems from the fact that the secret operating keys stored in a security processor and used for decrypting the ECMs are regularly updated.
  • the ECMs stored with the content are not more valid and the latter becomes unusable even if the customer has acquired rights of use beyond this period.
  • a third drawback is linked to the synchronization aspects between the supply and the exploitation of the descrambling keys C i during an exploitation of recorded content. In this case, the reverse read function cannot be performed in a simple way, because the anticipated value of the next descrambling key (representing the previous descrambling key) is not provided in the ECM.
  • DRM Digital Right Management
  • This type of solution is based on: - the use of certificates to establish a chain of trust between the components of the system; - content encryption or pre-scrambling using a private key algorithm; - the online sending of this private key associated with the rights of use to form an encrypted license using an encryption algorithm using a public key of the client.
  • This solution is not adapted to the context of television broadcasting in which the use of a return channel is not systematic.
  • this type of solution does not make it possible to condition access to content through the possession of registered rights either over the air or online in a security processor.
  • the aim of the ⁇ nvention is to overcome the drawbacks of the prior art described above by means of a method and a device using a scrambling process based on periodic changes of control words and ensuring a backward compatibility with previous conditional access systems.
  • the invention recommends a method for controlling access to a digital data stream broadcast and previously scrambled by means of a CW encryption key transmitted in encrypted form in an ECM access title control message. further comprising at least one CA criterion for access control, said digital data being capable of being recorded as such in a receiving terminal or decrypted on the fly.
  • this method comprises the following steps: on transmission:
  • the keys CW, KR C and KP C are encrypted by a first service key K s .
  • the keys CW, KR C and KP C are encrypted by three different service keys respectively K s , K SR and K SP .
  • the transmission phase comprises the following steps: for each data stream - cutting out the scrambling period into a series of crypto-periods CPi each defining a period of validity of an individual key CWi , and at each change of crypto-period, - scramble the content of the stream using the key CWi, and store a value p (i) representative of the parity of i, - calculate an access title control message SC -ECMi based on encryption keys CWi_ ⁇ , CWi, C i + i previously defined, of the value p (i) and of the criterion CAi, said message SC-ECMi being intended to convey access rights to a segment Si of data corresponding to at least two crypto- periods, - encrypt the keys CWi-i, CWi, CWi + ⁇ using the replay key KP C , - encrypt the encryption result from the previous step using a second service key K ' s , - encrypt the encryption
  • the transmission phase comprises the following steps: for each data stream: - cutting the scrambling period into a series of CPi crypto-periods each defining a period of validity of an individual key CWi, and, at each change of crypto-period i, - scramble the content of the stream using the CWi key, and store a value p (i) representative of the parity of i, - calculate a title control message d SC-ECMi as a function of the encryption keys CWi-i, CWi, CWi + i previously defined, the value p (i) and the criterion CAi, said message SC-ECMi being intended to convey access rights to a segment Si of data corresponding to at least two cryptoperiods, - encrypt the keys CWi_ ⁇ , CWi, CW i + ⁇ using a second service key K ' sr - encrypt the encryption result from the previous step using the replay key KP C ,
  • ECMi ECMi
  • P-ECM C ECMi
  • R-ECM c ECMi
  • SC-ECMi SECMi
  • These can either be broadcast on the ECM channel associated with the content of the Si segment, or be delivered in part to the receiving terminal from a Server.
  • Authorization at the head of the network on request and depending on the type of exploitation of the content envisaged.
  • R-ECM and / or P-ECM messages can be delivered to the receiving terminal on request from an Authorization Server at the head of the network if recording and / or re-reading are envisaged.
  • the reception phase includes the following steps: - recovering the ECM channel of the ECMi message from the signaling attached to the service broadcasting the data stream, and at each change of i , - analyze the message ECMi in order to recover the even control words OCW, and odd ECW, to descramble the content of the broadcast stream so as to obtain direct access to this content.
  • the reception phase includes the following steps: - recovering the ECM channel from P-ECM C messages,
  • R-ECM C SC-ECMi from the signaling attached to the service broadcasting the content; - analyze the R-ECM C message to check the criteria for accessing the CRR record - memorize the KR C record key; - retrieve the P-ECM C message and store it with the content; and for each crypto-period i: - recover the message SC-ECMi, - decrypt the message SC-ECMi using the registration key KR C , and - record the message SC — ECMi decrypted with the content.
  • the reading of the content of the recorded stream is obtained according to the following steps: - recovering the P-ECM C message in the content and analyzing it to verify the access criteria for reading CRP, - memorizing the reading key KP C ; and - retrieve the message from the content
  • SC-ECMi current decrypt the message SC-ECMi with the replay key KP C and check the access criteria, - recover the encrypted keys CWi-i, CWi, C i + i and the value p (i) indicating the parity of i, and - deciphering, by means of the second key K ' s , said keys according to the direction of reading in order to deduce therefrom ECW and OCW; then, - apply either ECW or OCW to descramble the content during proofreading.
  • access to the rereading of the content of the stream is obtained according to the following steps: - retrieving the P-ECM C message in the content, - analyzing the P-ECM C message to verify the criteria for accessing CRP reading, - memorize KP C , and - recover the message from the content
  • SC-ECMi current decrypt the message SC-ECMi with the second service key K ' s and check the access criteria, - recover the encrypted keys CWi_ ⁇ , CWi, C i + i and the value p (i) indicating the parity of i, and - deciphering, by means of the second key KRc, said keys according to the direction of reading in order to deduce therefrom ECW and OCW; then, - apply either ECW or OCW to descramble the content.
  • the reception phase also comprises the following steps: generate a local key K ⁇ from attributes contained in the R-ECM message and at least one parameter relating to the identity of the receiving terminal, locally encrypt the content to be recorded with this Ki key. - on re-reading, regenerate the key Ki from attributes contained in the P-ECM message and at least one parameter relating to the identity of the receiver-terminal, - decrypt the recorded content using the key Kj. regenerated.
  • the digital data broadcast represents audiovisual programs.
  • the invention also relates to a system for controlling access to a digital data stream comprising a scrambling platform comprising at least one generator for ECM access title control messages and at least one descrambling receiver provided with 'a security processor.
  • the scrambling platform further comprises: - a R-ECM C message generator for controlling the title of access to the recording of the content of the received stream and a P-ECM C message generator for controlling the access title to the replay of the content of a recorded stream
  • the descrambling receiver comprises: - means for recovering the ECM channel of the P-ECM C , R-ECM C messages, - means for decrypting the content of a stream received to record it, - means for decrypting the content of a recorded stream to replay it.
  • the descrambling receiver further comprises means for generating a local key Ki from attributes contained in the R-ECM message and from the identity of the receiver terminal to locally encrypt / decrypt the content of the received stream.
  • the invention also relates to a scrambling platform comprising at least one generator for ECM access title control messages to a data stream broadcast in scrambled form, an R-ECM C message generator for access title control. at the recording of the content of a received stream and a P-ECM C message generator for controlling the title of access to the replay of the content of a recorded stream.
  • the scrambling platform further comprises: - means for cutting the scrambling period into a series of crypto-periods CPi each defining a period of validity of an individual key CWi, - means for encrypting the content of the flow at each change of crypto-period i by means of the key CWi, - means for calculating an access title control message SC-ECMi as a function of the keys CWi_ ⁇ , CWi, C i + i corresponding respectively to the cryptoperiods CPi , CPi-i and CPi + i, a parity parameter p (i) and the access control criterion CAi, said message SC-ECMi being intended to convey access rights to a segment Si of corresponding data at least two crypto-periods, - means for encrypting the keys C ⁇ -i, CWi, CWi + i by means of a replay key KP C , - means for encrypting the encryption result of the previous
  • the invention also relates to a descrambling receiver for a data stream broadcast in scrambled form by a scrambling key C i comprising a security processor in which is stored at least one registration key KR C intended to descramble access control messages to the recording R-ECM C and at least one replay key KP C intended to descramble messages access control to replay P-ECM C.
  • this receiver comprises: - means for recovering the ECM channel P-C ECM messages, and R-C ECM messages from the signaling connected the service broadcasting the content; - means for decrypting the message R-ECMc using the registration key KR C to verify the right to record the content of a received stream, - means for decrypting the message P-ECMc using the key re-reading KP C to verify the right to re-read the content of a recorded stream,
  • the receiver according to the invention further comprises means for generating a key Ki from the identity of the receiver to locally encrypt and decrypt the content of the received stream.
  • the security processor is a smart card.
  • FIG. 1 represents a general diagram of an access control system of the prior art
  • - Figure 2 shows a block diagram illustrating the scrambling phase of the streams to be broadcast by an access control system according to the invention
  • - Figure 3 schematically illustrates the process of controlling access to the recording of a data flow according to the invention
  • FIG. 4 schematically illustrates the process of controlling access to the replay of the data flow recorded according to the invention.
  • the method is based on a broadcasting of content through a structure of multiplexed packets whose form is indicated in appendix 1.
  • the signaling of the program broadcasting the content includes a precise description indicating the channels of the multiplex by an identifier of “Packet Identifier” package in English useful for receiving the content as well as the nature of the data transmitted in each channel (sound, video or other component).
  • This signaling includes a conditional access descriptor "CA_descriptor" indicating the presence and location of the channels transporting the ECMs.
  • This descriptor is associated either at the global level of the program, or at the level of each declaration of a component channel.
  • the format of this descriptor is standard in the case of an MPEG2 broadcast IS013818-1 shown in appendix 2.
  • the private data "private_data_byte" for the described method are described in appendix 3 for an embodiment. They have an XID suffix in the header of the ECMs and serve as a discriminator to distinguish the ECMs possibly carried on the same packet channel.
  • Step 30 consists in generating a secret registration key KR C for controlling access to the recording and a replay secret key KP C for controlling access to the replay.
  • Step 32 consists of cutting out, for each data stream, the scrambling period into a series of crypto-periods CPi each defining a period of validity of an individual key CWi.
  • the packets thus formed are then applied to a scrambling and multiplexing module 34 which receives in parallel an ECMi message containing the descrambling keys CWi, C i + i for controlling the title of access to the content of the stream and at least one criterion.
  • a message SC-ECMi containing the descrambling keys CWi-i, CWi, CWi + i for controlling the title of access to the contents of a segment Si of data corresponding to at least two crypto-periods, one R-ECM C message containing the KR C registration control key for access to the recording of the content of the segment Si and at least one CRR criterion defining a right to the recording of this content, and a P-ECM message c containing the KP replay key C for controlling access to the replay of the content of the segment If recorded and at least one CRP access control criterion for replaying the content of this segment.
  • step 36 the descrambling keys CWi, CWi + ⁇ are encrypted by a first secret service key K s extracted from a smart card 38, and in step 40, the descrambling keys CWi- i, CWi, CWi + i are successively encrypted by the registration key KR C then by the replay key KP C , in step 42, the key KP C is encrypted by a second service key K ' s extracted from the smart card 38, and in step 44, the key KR C is encrypted by the second service key K ' s .
  • step 42 amounts to performing an over-encryption of the control words CWi-i, CWi, C i + i successively by means of the replay key KP C , the second service key K ' s , then the KR C registration key.
  • FIG. 3 schematically illustrates the phase of reception and descrambling of a broadcast content with a view to its recording.
  • Step 50 consists in searching for the ECM channels present in P-ECM C , R-ECM C , SC-ECMi messages in the signaling attached to the service broadcasting the content. Step 51 is only carried out if the message
  • Step 51 consists in connecting to an Authorization Server by declining the identifier of the content to be recorded and the identity of the client terminal. According to criteria known to the Authorization Server, the latter delivers online the R-ECM C necessary for recording the content.
  • the message R-ECM C is presented to the security processor which, after verification of the criteria for accessing the recording, stores the key KR C. Step 52 is only carried out if the P-ECM C message is broadcast.
  • step 54 the P-ECM C message is retrieved and then stored as is in the header of the content storage file.
  • step 56 for each crypto-period i, the message SC-ECMi is recovered then presented to the security processor which deciphers it with the key KR C to recover a decrypted message SC-ECMi which is then recorded with the multiplex packets constituting the content.
  • these multiplex packets are encrypted locally (step 58) with a key Kj. generated in step 60 from attributes contained in the K-EMC C message and a parameter relating to the identity of the decoder.
  • this parameter can be the serial number of the decoder, the unique identifier (UA) of the smart card or even the serial number of a hard disk fitted to the receiving terminal.
  • FIG. 4 schematically illustrates the descrambling phase of content recorded in a recording medium 60 with a view to its replay. Step 62 consists in searching for the message
  • Step 63 consists in connecting to an Authorization Server by declining the identifier of the content to be read and the identity of the client terminal. According to criteria known to the Authorization Server, the latter delivers online P-ECM C necessary for reading the content.
  • the message P-ECM C found is presented to the security processor which, after verification of the read access criteria, stores the replay key KP C in the smart card 38.
  • the local identity key Ki is then calculated from the identity information of the receiving terminal (step 68), and for each cryptoperiod i, the multiplex content is decrypted on the fly with the Kj key . (step 70).
  • the key Ki upon re-reading, the key Ki is regenerated from attributes contained in the P-ECM message and from at least one parameter relating to the identity of the terminal receiver and is used to decrypt recorded content.
  • the current SC-ECMi message is retrieved, then presented to the security processor
  • step 74 which deciphers it with the key KP C to check the CRP access criteria for re-reading and recover the control words CWi_ ⁇ , CWi, CWi + i and the parity of i.
  • one of the descrambling keys ECW or OCW is supplied to the descrambler to descramble the data segment Si.
  • the method according to the invention makes it possible to search for the channel ECM and the index of ECMi in the signaling attached to the service broadcasting the content at each change of i and applying the ECMi to the security processor to recover the even and odd control words OCW, ECW and applying them to the descrambler 80 .
  • ANNEX 1 ANNEX 1
  • the payload sequence is broken down into Payload () ⁇ data bytes m bytes padding bytes p bytes
  • ECM channel present in the mul tiplex see): ⁇ ECM_CHANNEL_TAG 1 byte channel descriptor indicator SC_ECM ECM_XID; 1 byte indexes of the ECM Stream in the ECM_CI packet channel; 1 byte version of the crypto-algorithm for the ECM Stream ECM_SOID; 3 bytes reference of the private key set used for the Stream ⁇ If SC_ECM channel present in the mul tiplex: (// Extension of the system SC_ECM_CHANNEL_TAG 1 byte indicator of descriptor channel SC_ECM PPS_ECM_CI; 1 byte
  • R_ECM R_ECM_PID x packet channel identity bytes for R_ECM R_ECM _ XID; 1 byte indexes R_ECM in the packet channel ⁇ If P_ECM channel present in the mul tiplex: ⁇ P_ECM_CHANNEL_TAG 1 byte indicator descriptor channel P ECM P_ECM_SOID; 3 bytes

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Storage Device Security (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)
EP03810016A 2003-12-23 2003-12-23 Verfahren und system mit bedingtem zugang, angewandt auf den schutz von inhalt Ceased EP1698176A1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/FR2003/050207 WO2005071963A1 (fr) 2003-12-23 2003-12-23 Procede et systeme d'acces conditionnel applique a la protection de contenu

Publications (1)

Publication Number Publication Date
EP1698176A1 true EP1698176A1 (de) 2006-09-06

Family

ID=34803301

Family Applications (1)

Application Number Title Priority Date Filing Date
EP03810016A Ceased EP1698176A1 (de) 2003-12-23 2003-12-23 Verfahren und system mit bedingtem zugang, angewandt auf den schutz von inhalt

Country Status (6)

Country Link
US (1) US7647641B2 (de)
EP (1) EP1698176A1 (de)
KR (1) KR101035893B1 (de)
CN (1) CN100592787C (de)
AU (1) AU2003302200A1 (de)
WO (1) WO2005071963A1 (de)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2871017B1 (fr) * 2004-05-28 2008-02-29 Viaccess Sa Procede de diffusion de donnees numeriques a un parc de terminaux recepteurs cible
EP1742475A1 (de) * 2005-07-07 2007-01-10 Nagravision S.A. Verfahren und Vorrichtung zu verschlüsselten Daten mit bedingtem Zugriff
FR2894757B1 (fr) * 2005-12-13 2008-05-09 Viaccess Sa Procede de controle d'acces a un contenu embrouille
EP2439946B1 (de) * 2006-05-04 2013-07-10 NDS Limited Verschlüsseltes Digitales Datenelement
US9277295B2 (en) 2006-06-16 2016-03-01 Cisco Technology, Inc. Securing media content using interchangeable encryption key
US9137480B2 (en) 2006-06-30 2015-09-15 Cisco Technology, Inc. Secure escrow and recovery of media device content keys
US20080137850A1 (en) * 2006-12-07 2008-06-12 Rajesh Mamidwar Method and system for a generic key packet for mpeg-2 transport scrambling
US8509435B2 (en) * 2006-12-07 2013-08-13 Broadcom Corporation Method and system for a transport single key change point for all package identifier channels
US8108680B2 (en) * 2007-07-23 2012-01-31 Murray Mark R Preventing unauthorized poaching of set top box assets
US8385545B2 (en) * 2007-07-27 2013-02-26 Howard G. Pinder Secure content key distribution using multiple distinct methods
US20090067625A1 (en) * 2007-09-07 2009-03-12 Aceurity, Inc. Method for protection of digital rights at points of vulnerability in real time
US20090080665A1 (en) * 2007-09-25 2009-03-26 Aceurity, Inc. Method of Generating Secure Codes for a Randomized Scrambling Scheme for the Protection of Unprotected Transient Information
US7949133B2 (en) * 2007-09-26 2011-05-24 Pinder Howard G Controlled cryptoperiod timing to reduce decoder processing load
US8726352B2 (en) * 2007-11-06 2014-05-13 International Business Machines Corporation Administration of access control keys in a virtual world
FR2931972A1 (fr) * 2008-05-27 2009-12-04 France Telecom Controle d'acces a un contenu audiovisuel.
EP2334069A1 (de) * 2009-12-11 2011-06-15 Irdeto Access B.V. Bereitstellung von Steuerwörtern an einen Empfänger
IL213611A0 (en) * 2011-06-16 2011-07-31 Erez Waisbard Secure fast channel changing
US8819407B2 (en) * 2011-09-26 2014-08-26 Verizon New Jersey Inc. Personal messaging security
US9888283B2 (en) 2013-03-13 2018-02-06 Nagrastar Llc Systems and methods for performing transport I/O
US9647997B2 (en) 2013-03-13 2017-05-09 Nagrastar, Llc USB interface for performing transport I/O
USD759022S1 (en) 2013-03-13 2016-06-14 Nagrastar Llc Smart card interface
USD758372S1 (en) 2013-03-13 2016-06-07 Nagrastar Llc Smart card interface
US9485533B2 (en) 2013-03-13 2016-11-01 Nagrastar Llc Systems and methods for assembling and extracting command and control data
USD729808S1 (en) 2013-03-13 2015-05-19 Nagrastar Llc Smart card interface
USD780763S1 (en) 2015-03-20 2017-03-07 Nagrastar Llc Smart card interface
USD864968S1 (en) 2015-04-30 2019-10-29 Echostar Technologies L.L.C. Smart card interface

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5991400A (en) * 1995-10-31 1999-11-23 U.S. Philips Corporation Time-shifted conditional access
EP1143722A1 (de) * 2000-04-07 2001-10-10 Irdeto Access B.V. Datenverschlüsselungs und -entschlüsselungssystem

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1244306B1 (de) * 1994-07-08 2008-02-06 Sony Corporation Empfang von Rundfunksignalen mit Zugangskontrolle für Mehrfach-Wiedergabe
US6178242B1 (en) * 1997-02-07 2001-01-23 Nds Limited Digital recording protection system
EP0936774A1 (de) 1998-02-13 1999-08-18 CANAL+ Société Anonyme Aufzeichnung von verschlüsselten digitalen Daten
JP4517436B2 (ja) 2000-02-09 2010-08-04 ソニー株式会社 受信システム、受信装置、及び受信システムの制御方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5991400A (en) * 1995-10-31 1999-11-23 U.S. Philips Corporation Time-shifted conditional access
EP1143722A1 (de) * 2000-04-07 2001-10-10 Irdeto Access B.V. Datenverschlüsselungs und -entschlüsselungssystem

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
U. M. MAURER, J. L. MASSEY: "Cascade Ciphers: The Importance of Being First", JOURNAL OF CRYPTOLOGY, vol. 6, no. 1, March 1993 (1993-03-01), pages 55 - 61, XP002108137, ISSN: 1432-1378 *

Also Published As

Publication number Publication date
WO2005071963A1 (fr) 2005-08-04
CN1910923A (zh) 2007-02-07
US20070150960A1 (en) 2007-06-28
KR20060101788A (ko) 2006-09-26
KR101035893B1 (ko) 2011-05-23
AU2003302200A1 (en) 2005-08-11
CN100592787C (zh) 2010-02-24
US7647641B2 (en) 2010-01-12

Similar Documents

Publication Publication Date Title
EP1698176A1 (de) Verfahren und system mit bedingtem zugang, angewandt auf den schutz von inhalt
EP1305948B1 (de) Verfahren zur gesicherten digitalen multimediadatenverteilung
EP2055102B1 (de) Verfahren zur übertragung eines zusätzlichen datum zu einem empfangsendgerät
EP2052539B1 (de) Verfahren für den widerruf von sicherheitsmodulen zur sicherung von rundfunknachrichten
US20060229992A1 (en) Securely relaying content using key chains
FR2755809A1 (fr) Procede de protection d'information transmise d'un element de securite vers un decodeur et systeme de protection utilisant un tel procede
FR2974475A1 (fr) Procede de protection d'un contenu multimedia enregistre
CA2478114A1 (fr) Methode de stockage securise de donnees encryptees
WO2011138333A1 (fr) Procedes de dechiffrement, de transmission et de reception de mots de controle, support d'enregistrement et serveur de mots de controle pour la mise en oeuvre de ces procedes
EP2548371A1 (de) Verfahren und system für sichere ausstrahlung von digitalen datenströmen
EP1479234B1 (de) Verarbeitungsverfahren für daten, die für einen ersten bereich verschlüsselt sind und in einem zu einem zweiten bereich gehörenden netzwerk empfangen wurden
WO2004056114A1 (fr) Synchronisation de flux audiovisuels securises
EP1419640B1 (de) Verfahren zur herstellung von neuer vorrichtungen und verfahren zum empfang und zur rundfunk von daten in einem digitalen lokalen netzwerk
EP1994718B1 (de) Verfahren und vorrichtung zur verteilung sicherer digitaler audiovisueller inhalte mittels kompatibler lösungen
FR2843257A1 (fr) Procede et systeme d'acces conditionnel applique a la protection de contenu
WO2005039098A1 (fr) Procede et systeme repartis securises pour la distribution de flux audiovisuels
EP1474923B1 (de) Verfahren zum kontrollieren des zugriffs auf inhaltsdaten durch ein endgerät, endgerät, benutzungrechteserver, ausgabeautomat, bereitstellender server, datenträger und system dazu
US8656499B1 (en) Client-side bit-stripping system and method
EP2326035B1 (de) Verarbeitungsverfahren durch ein Nachrichtensicherheitsmodul mit Zugriffskontrolle auf einen Inhalt, und damit verbundenes Sicherheitsmodul
EP2334007A1 (de) Verfahren zur Datenentschlüsselung durch eine Benutzereinrichtung bestehend aus einem Endgerät und einem Sicherheitsmodul
FR2846831A1 (fr) Pseudo video a la demande(pvod)
WO2004032508A1 (fr) Method pour la transmission securisee de fichiers audiovisuels

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20060621

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20100809

APBK Appeal reference recorded

Free format text: ORIGINAL CODE: EPIDOSNREFNE

APBN Date of receipt of notice of appeal recorded

Free format text: ORIGINAL CODE: EPIDOSNNOA2E

APBR Date of receipt of statement of grounds of appeal recorded

Free format text: ORIGINAL CODE: EPIDOSNNOA3E

APAF Appeal reference modified

Free format text: ORIGINAL CODE: EPIDOSCREFNE

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

APBT Appeal procedure closed

Free format text: ORIGINAL CODE: EPIDOSNNOA9E

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20201207