Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/41—Structure of client; Structure of client peripherals
  • H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
  • H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
  • H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
  • H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
  • H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
  • H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N7/00—Television systems
  • H04N7/16—Analogue secrecy systems; Analogue subscription systems
  • H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
  • H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only

Definitions

• the present invention relates to a method of transmitting management messages by a management center to a plurality of multimedia units.
• access to data disseminated by a data provider is subject to the acquisition of rights. These rights are sent in EMM authorization messages. Access to the data is generally subject to obtaining keys, which are generally cw control words, sent as ECM management messages. The presence of a right for each subscriber and each event is verified by means of a security module.
• the security module can be made essentially in four distinct forms.
• One of them is a microprocessor card, a smart card, or more generally an electronic module (having a shape of key, badge, ).
• Such a module is generally removable and connectable to the decoder.
• the form with electrical contacts is the most used, but does not exclude a contactless connection, for example type ISO 14443.
• a second known form is that of an integrated circuit package placed, generally definitively and irremovable in the housing of the decoder.
• a variant consists of a circuit mounted on a base or connector such as a SIM module connector.
• the security module is integrated in an integrated circuit package also having another function, for example in a descrambling module of the decoder or the microprocessor of the decoder.
• the security module is not implemented in hardware form, but its function is implemented in software-only form. Since in all four cases, although the security level differs, the function is identical, we will talk about security module regardless of how to perform its function or the form that can take this module.
• a falsified module skips the rights verification step performed in a conventional module. Instead, it processes the ECM management messages to extract the control words and can access the data in the same way as a conventional module.
• part of the content for example the video portion of an audio / video content is sent in the clear.
• the audio part is encrypted according to the different encryption methods compatible with the decoders of the set-top box. This data is sent several times in several different encryption formats.
• This invention is therefore not intended to handle fully encrypted content. This creates a security problem since some of the content is not encrypted at all.
• WO 03/061289 does not make it possible to replace only a part of the decoders giving access to an encrypted content made available by a content provider. Indeed, if one wishes to prevent access to the content by cloned decoders, it is necessary to change all the decoders that allow access to this content.
• the present invention proposes to overcome the disadvantages of the devices of the prior art by providing a system and a method in which the knowledge of the secrets of a security module does not allow to know the secrets of all the modules. This implies that in case of cloning of security modules allowing unauthorized access to content made available by a content provider, it is not necessary to replace all the security modules linked to this provider, but only some of them.
• a management message transmission method by a management center to a plurality of multimedia units, each unit having a security module comprising at least one global encryption key used in connection with an encryption module, characterized in that it consists in dividing the set of security modules allowing access to encrypted data from a given provider in at least two groups, a first group of security module having a first configuration of the security elements and a second group of security modules having a second configuration of the security elements, the first configuration being different from the second configuration.
• FIG. 2 represents a first control message format such that it can be used in the method of the invention
• FIGS. 3 and 4 show other control message formats that can be used in the invention
• FIG. 5 schematically illustrates authorization and control messages according to the present invention
• FIG. 6 schematically illustrates a variant of types of authorization and control messages used in the present invention.
• the system for implementing the method of the invention comprises a management center CG in charge of managing a plurality of multimedia units, these multimedia units comprising an STB decoder, a security module SC and means for receiving messages.
• the management center CG is in charge of sending EMM authorization messages and ECM control messages in particular. These messages are transmitted by means of transmission and are called management messages.
• the ECM control messages contain in particular one or more CW control words that make it possible to decrypt encrypted data. These control messages are encrypted by means of a transmission key.
• the transmission key is sent to the concerned security modules in EMM authorization messages, themselves encrypted by means of a global key.
• the management center manages three multimedia units divided into two groups.
• a management center can be in charge of several hundred thousand multimedia units, or even several million. According to the invention, these can be divided into a number of groups that varies between two and about twenty. The upper limit is not technically defined, but too many groups make messaging difficult.
• the security modules of the represented groups all allow access to the data transmitted by the same data provider.
• the multimedia units of the first group GR1 use an initial configuration different from the configuration of the units of the second group GR2. This configuration can be one or more of the following: • Global key, key length, module or encryption algorithm, message format.
• the security level of each of the configurations is substantially equivalent.
• a security module may for example initially be made so as to belong to any group. The membership of a given group can be done for example after the installation of the security module in a decoder of a buyer, by removing the means of interpreting messages intended for other groups than the one chosen for this security module. This allows in particular to link a security module to a postal code of a buyer.
• ECM control messages can be sent to two different groups according to the formats illustrated in FIGS. 3.
• the ECM control message 1 contains a control word CW, AC access conditions to a determined content, possibly other non-represented fields and a padding value PAD which can for example be a random value or a predefined fixed value.
• the content of these fields is encrypted by means of a transmission key TK using a first encryption algorithm noted alg. 1.
• an ECM control message 2 intended for the second group of users GR2 contains the same fields as before, that is to say a control word CW, the conditions of access AC and the value PAD filling. It should be noted that this filling value can be identical to that of the ECM control message 1 or on the contrary be different.
• the contents of these fields are encrypted using the same transmission key TK as the ECM control message 1, but by means of a different encryption algorithm alg. 2.
• Usable encryption algorithms are well known and can be for example DES, IDEA, 3-DES, AES.
• the messages have a common part which is on the one hand their content in clear and on the other hand, the transmission key.
• ECM control messages may be sent to two different groups according to the formats illustrated in FIGS. 2 and 4.
• the content of the ECM control message 1 has been detailed above.
• the ECM control message 3, illustrated by FIG. 4 contains the same fields as before, that is to say a control word CW, the access conditions AC and the padding value PAD, but they are not placed in the same order as before.
• the access conditions may for example be first, the second control word and the third fill value. It is clear that an indication must also appear in the control message or in another place indicating the order of the fields.
• the values contained in these fields are encrypted by a transmission key and an algorithm that may be the same as those used in the case of the first ECM control message 1.
• the common part between the control messages sent to the groups of decoders is formed of the content of the message, the transmission key and the encryption algorithm. Only the order of the content of the messages changes.
• a combination of the two previous embodiments can also be realized.
• the order of the fields is different between the two messages and the algorithm for encrypting messages from two different groups is also different.
• FIG. 5 illustrates an embodiment of the method in which the EMM authorization messages are common to the members of groups of different security modules. These authorization messages contain transmission keys TK1, TK2 associated with different groups of security modules. In the case shown, different ECM control messages are sent to the different security modules of different groups, the messages intended for one of the groups being encrypted by means of a first transmission key TK1 and the messages of the other group of security modules being encrypted by means of another transmission key TK2.
• FIG. 6 illustrates another "inverse" variant of that of FIG. 5.
• the ECM control messages are common to the different groups of multimedia units concerned.
• the EMM authorization messages are different for each group of multimedia units. These messages may be different at the level of the encryption algorithm used, the key, in value and / or length or content formatting in particular.
• the rights transmitted by these EMM authorization messages are different for each group of security modules.
• This embodiment has the advantage that the control messages, which are those requiring the largest bandwidth, are common to several groups of security modules or to all groups.
• the authorization messages which require less bandwidth, are different for the different groups of security modules.
• the messages, and in particular the ECM control messages are sent to some multimedia units of the first group GR1 as well as to multimedia units of the second group GR2.
• the management center determines, according to a table stored in this center, what is the initial configuration of the multimedia unit concerned. He will determine the keys to use for each multimedia unit. The key in question is then introduced into a corresponding encryption module EN, so as to encrypt the EMM authorization messages. This is shown in particular in FIG.
• Each media unit group has its own information, so that a media unit of a given group is able to decrypt and process a message that is intended for that group when it will not be able to process a message to another group.
• This method has the advantage that it is not necessary to replace all the security modules when one or more clones are detected. Only the group containing the clones must be replaced. This greatly simplifies module changes and also greatly reduces the costs associated with such a change. This also has the consequence that it is interesting to modify the configuration of a group as soon as a relatively small number of clone modules is detected or that the existence of a relatively small number of clone modules is suspected.

Landscapes

• Engineering & Computer Science (AREA)
• Signal Processing (AREA)
• Multimedia (AREA)
• Databases & Information Systems (AREA)
• Computer Security & Cryptography (AREA)
• Computer Networks & Wireless Communication (AREA)
• Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
• Storage Device Security (AREA)
• Data Exchanges In Wide-Area Networks (AREA)

Priority Applications (1)

Applications Claiming Priority (3)

Publications (1)

Family

ID=34929709

Family Applications (2)

Family Applications Before (1)

Country Status (7)

Families Citing this family (5)

Citations (3)

Family Cites Families (8)

• 2004
  • 2004-10-15 EP EP04105093A patent/EP1648170A1/de not_active Withdrawn
• 2005
  • 2005-10-12 TW TW094135561A patent/TW200629902A/zh unknown
  • 2005-10-12 US US11/247,224 patent/US20060083371A1/en not_active Abandoned
  • 2005-10-13 KR KR1020077008397A patent/KR20070064630A/ko not_active Application Discontinuation
  • 2005-10-13 CN CN2005800350292A patent/CN101040525B/zh active Active
  • 2005-10-13 WO PCT/EP2005/055249 patent/WO2006040346A2/fr active Application Filing
  • 2005-10-13 EP EP05810921A patent/EP1803296A2/de not_active Ceased
  • 2005-10-13 CA CA002583977A patent/CA2583977A1/en not_active Abandoned

Patent Citations (3)

Also Published As

Similar Documents

Legal Events