GB2297017A - Encryption of television services - Google Patents

Encryption of television services Download PDF

Info

Publication number
GB2297017A
GB2297017A GB9500532A GB9500532A GB2297017A GB 2297017 A GB2297017 A GB 2297017A GB 9500532 A GB9500532 A GB 9500532A GB 9500532 A GB9500532 A GB 9500532A GB 2297017 A GB2297017 A GB 2297017A
Authority
GB
United Kingdom
Prior art keywords
data
service
services
encrypted
transmitting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB9500532A
Other versions
GB9500532D0 (en
Inventor
Andrew Jim Kelley Glasspool
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
FARNCOMBE TECHNOLOGY Ltd
Original Assignee
FARNCOMBE TECHNOLOGY Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by FARNCOMBE TECHNOLOGY Ltd filed Critical FARNCOMBE TECHNOLOGY Ltd
Priority to GB9500532A priority Critical patent/GB2297017A/en
Publication of GB9500532D0 publication Critical patent/GB9500532D0/en
Publication of GB2297017A publication Critical patent/GB2297017A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

Transmitting a single control word for a plurality of differently scrambled services enables much simpler encoding equipment to be used. A random number from a generator 1 is encrypted using respective session keys to derive control words cw1, cw2., used to scramble a respective service. The random number is also transmitted to a decoder 3 where the control words cw1, cw2., are derived by encrypting of the random number with the session keys sk1, sk2., stored at the decoder. In a preferred arrangement, the session keys are replaced by a common operating key modified by entitlement data which differs from service to service. The compression of TV services often relies upon the transmission of a TV frame, in compressed form and then the difference between that frame and the next frame. The image data and the difference image data are encrypted to different extents to enable partial viewing of an image by non subscribers.

Description

Encryption of Television Services This invention relates to methods and apparatus for encrypting and decrypting television services.
Digital compression allows the transmission of multiple television (video, audio and possibly data) services within the RF bandwidth that a single video service occupies. Thus one cable RF channel may carry 10 television services. Compression of video, audio and data in this way allows for a television service to be transmitted down a conventional telephone line.
Each television service may be independently encrypted (or scrambled) so that it can be sold independently. It is expected, therefore, that at the transmission point that there will be the need to scramble hundreds or even thousands of services (e.g. 100 channel cable system, 10 TV services per channel).
Each service would normally be protected by a short life key of e.g. 64 bits, often referred to as a control word.
The control word might be changed and the new one transmitted every 10 seconds (this period may vary from a few milliseconds upwards) in encrypted form. For 1000 services there would need to be 1000 control words. This control word would be decrypted in the decoder using another secret key (the session key) Sk, and then used for decrypting the television service. The session key may be different for each service that is protected.
The encryption equipment is expensive and the control of the encryption of so many channels could become complicated. The present invention relates to techniques for limiting the encryption required and limiting the data required to control the encryption.
According to one aspect of the invention there is provided a method of transmitting television services, the method comprising independently encrypting each of a plurality of such services using respective control words, and transmitting common control data for all said services, whereby the common control data can be modified using respective key data for each said service to derive said respective control words for use in decrypting the respective services.
By using different session keys, the same encrypted control word may be used for each service since the result of the decryption will depend on the key Sk. Only those decoders that hold the correct key Sk for the service will be able to derive the correct control word.
Transmitting a single control word for a plurality of differently-scrambled services enables much simpler encoding equipment to be used.
However in a practical decoder there may be one Sk applying to many services. The decoder will instead allow access to the service according to the state of a bit (a tier) in its memory. The tier represents the decoders entitlement to the service; it may be time limited or it may be extended to include other data. The transmitted service may include identifying data which the decoder will compare with its stored entitlement data.
The decoder may therefore have the information to decrypt the service but will not do so unless it also holds the corresponding entitlement. In this case, by spoofing the decoder into thinking it is decrypting one service when it is decrypting another, it will be possible to gain unauthorised access to services that were not intended to be decrypted by the decoder. Spoofing the decoder may be easy if many decoders operate in response to a single control word.
According to a preferred aspect of the invention, the decryption of the control word is performed using previously received entitlement data, which would differ from service to service. Thus for example if at the time the subscriber purchases a programme some secret data is transmitted to the decoder, possibly with the entitlement update, this secret data can be used to modify the control word that is generated for that service. Using this technique, it is no longer necessary to have different session keys for different services (although this is still possible if desired). Indeed it would be possible to eliminate the session key, although this is not preferred because for economy of data transmission it is preferred to have a relatively long session key modified by relatively short entitlement data.
Referring to the accompanying Figure 1, which schematically illustrates one example of a transmission technique according to the invention, in the encoder section a random number generator 1 generates a random number which is delivered to respective encryption blocks 2. In each encryption block, the random number is encrypted using a respective session key Skl, Sk2, etc.
to derive a respective control word CW1, CW2, etc. which is then used to scramble a respective service.
The random number is also transmitted to a decoder, where it is received at 3, and then delivered to one or more encryption blocks 4. The decoder stores the session key Sk for each service which it is authorised to descramble. Thus, the control word CW1, CW2, etc. for any of the services for which the session key Skl, Sk2, etc.
is held can be derived by encrypting the random number with the session key, thereby permitting de-scrambling of the respective service.
The random number is expected to be changed frequently, possibly once every 40 mS, but it may be valid for as long as, e.g., 10 seconds. The session keys may also be arranged to change frequently, in a predetermined way.
The encryption processes as shown in the figure may be replaced by decryption processes.
The preferred embodiment of the invention modifies the arrangement shown above in the following way. The session keys Skl, Sk2, etc. are replaced by a common operating key K, but instead of using only this key in the encryption/decryption processes, the key is modified by entitlement data E which differs from service to service, to produce a modified operating key K'. If a subscriber purchases a service, they can be sent entitlement data possibly formed by a message containing a description of the service (possibly non-scrambled) and possibly some secret data in a message authenticated with a management key. This should be a unique description.
A sequence number, the date or other period of validity is a typical method of achieving this. If secret data is needed it can be encrypted with the same management key that was used to authenticate the message and possibly to send key K in the first instance. It is to be noted that the entitlement data isn't necessarily secret data; this is unnecessary if the data has to be authenticated with the management key. However, secret data improves the security of the system.
The entitlement data E is then used to modify the operating key K to derive K', which is then used for deriving the control word for the subsequentlytransmitted service.
This approach means that it is no longer essential for the decoder to store many keys, and the amount of data required to be transmitted when services are differentlyscrambled is very small.
In a preferred embodiment, the operating key K is arranged to change at frequent intervals in a known manner. The entitlement data E may be used to initialise the key K.
If a single control word is to be transmitted to cover all (or a plurality of) services on the RF channel there should be a means of synchronising the application of the control word. Since each service will operate at a different data rate we cannot synchronise the data transmission. Instead we can signal the change in control word; whenever it changes the next packet of data for that service should be encrypted under the new control word. The change in control word can be signalled in the data packets, for example by the modification of a bit from 1 - 0 - 1 - 0 etc. There are many schemes for achieving this type of synchronisation for a single service; they can easily be extended to cover a group of services.
The main cost of encrypting a television service is the encryption of the data. In the MPEG compression standard it is proposed that there should be a block cipher used to encrypt/decrypt blocks of data. Each block of data may be treated independently or they may be linked to together by a technique referred to as cipher block chaining. Alternatively the data may be Xored with a psuedo-random binary sequence (PRBS) that is initialised by the control word. The PRBS would be reset every period.
The compression of TV services often relies upon the transmission of a TV frame, in compressed form, and then the differences between that frame and the next frame.
For example a complete frame (I frame) may be sent every half a second (every 12 frames), the difference information being used to generate the intermediate frames. The difference information may refer to the previous or next I frame. In practice there may be many I frames, each one only applying to part of the complete TV frame at a time so that there are not discrete changes each time the whole I frame is updated.
According to another aspect of the invention (which may but is not necessarily combined with the aspect mentioned above) the image (or part-image) data on the one hand and the difference image data on the other hand are encrypted to different extents. One may be completely nonencrypted, or encrypted at a level or tier which permits viewing by a group of subscribers, whereas the other is encrypted to a higher extent.
The invention will be described in the context of the MPEG standard, where the image or part-image data is represented by I frames, but is applicable to other compression techniques.
If the I frames are encrypted, but none of the other data is encrypted it should not be possible to generate a TV picture. Thus the amount of data to be encrypted is significantly reduced, as is the cost of the encryption unit. The encryption may performed at the video service level where compression takes place, or at the transport layer in which case the encoder must know which packets contain I frames (or part of I frames). The decoder only needs to know which packets are encrypted.
If the I frames or part of the I frames are left in the clear and the remaining data is encrypted the broadcaster can offer a form of free preview since the picture would not be enjoyable, but it would be distinguishable.
Clearly this could be extended to part of the I frame or a combination of the I frame and part of the difference information.
The present invention may be applied to services transmitted by cable or by other media. The invention extends not only to methods of transmission, but also to methods of reception, methods of encrypting and decrypting, and apparatus for encrypting, decrypting, transmission and reception of television services.

Claims (8)

CLAIMS:
1. A method of transmitting television services, the method comprising independently encrypting each of a plurality of such services using respective control words, and transmitting common control data for all said services, whereby the common control data can be modified using respective key data for each said service to derive said respective control words for use in decrypting the respective services.
2. A method as claimed in claim 1, including the step of transmitting to selected decoders entitlement data which is used to determine at least part of said respective key data.
3. A method as claimed in claim 2, wherein the entitlement data is used to initialise key data which is arranged to change periodically.
4. A method as claimed in claim 2 or claim 3, wherein the entitlement data is used to modify key data which is common for a plurality of services.
5. A method as claimed in any preceding claim, wherein the television services are transmitted using compression techniques on a single channel.
6. A method of transmitting a television service in compressed form, by transmitting first data defining images or part images and second data defining changes to the images or part images defined by the first data, the method comprising encrypting the transmission, and controlling the encryption of data in dependence on whether the data is first data or second data.
7. A method as claimed in claim 6, wherein at least part of the first data is encrypted to a greater extent than at least most of the second data, thereby substantially to prevent viewing of any significant part of the service without decryption of the encrypted first data.
8. A method as claimed in claim 6, wherein at least part of the second data is encrypted to a greater extent than at least most of the first data, thereby to allow impaired viewing of the service without decryption of said encrypted second data.
GB9500532A 1995-01-11 1995-01-11 Encryption of television services Withdrawn GB2297017A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB9500532A GB2297017A (en) 1995-01-11 1995-01-11 Encryption of television services

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB9500532A GB2297017A (en) 1995-01-11 1995-01-11 Encryption of television services

Publications (2)

Publication Number Publication Date
GB9500532D0 GB9500532D0 (en) 1995-03-01
GB2297017A true GB2297017A (en) 1996-07-17

Family

ID=10767889

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9500532A Withdrawn GB2297017A (en) 1995-01-11 1995-01-11 Encryption of television services

Country Status (1)

Country Link
GB (1) GB2297017A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2357651A (en) * 1999-12-21 2001-06-27 Mitsubishi Electric Corp Conditional access system enabling partial viewing
GB2417652A (en) * 2004-08-25 2006-03-01 Gen Instrument Corp Generating a content decryption key using a nonce and channel key data in an endpoint device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4388643A (en) * 1981-04-06 1983-06-14 Northern Telecom Limited Method of controlling scrambling and unscrambling in a pay TV system
EP0132401A2 (en) * 1983-07-21 1985-01-30 Kabushiki Kaisha Toshiba Information transmission system
US4916737A (en) * 1988-11-14 1990-04-10 Teleglobe Pay-Tv System, Inc. Secure anti-piracy encoded television system and method
US4944006A (en) * 1987-03-12 1990-07-24 Zenith Electronics Corporation Secure data packet transmission system and method
WO1994013081A1 (en) * 1992-12-02 1994-06-09 Scientific-Atlanta, Inc. Methods and apparatus for uniquely end encrypting data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4388643A (en) * 1981-04-06 1983-06-14 Northern Telecom Limited Method of controlling scrambling and unscrambling in a pay TV system
EP0132401A2 (en) * 1983-07-21 1985-01-30 Kabushiki Kaisha Toshiba Information transmission system
US4944006A (en) * 1987-03-12 1990-07-24 Zenith Electronics Corporation Secure data packet transmission system and method
US4916737A (en) * 1988-11-14 1990-04-10 Teleglobe Pay-Tv System, Inc. Secure anti-piracy encoded television system and method
WO1994013081A1 (en) * 1992-12-02 1994-06-09 Scientific-Atlanta, Inc. Methods and apparatus for uniquely end encrypting data

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2357651A (en) * 1999-12-21 2001-06-27 Mitsubishi Electric Corp Conditional access system enabling partial viewing
GB2357651B (en) * 1999-12-21 2002-07-17 Mitsubishi Electric Corp Conditional access system enabling partial viewing
US6920222B1 (en) 1999-12-21 2005-07-19 Mitsubishi Electric Corp Conditional access system enabling partial viewing
GB2417652A (en) * 2004-08-25 2006-03-01 Gen Instrument Corp Generating a content decryption key using a nonce and channel key data in an endpoint device

Also Published As

Publication number Publication date
GB9500532D0 (en) 1995-03-01

Similar Documents

Publication Publication Date Title
EP0194769B1 (en) Cryptographic system for a direct broadcast by satellite network
US4887296A (en) Cryptographic system for direct broadcast satellite system
US4803725A (en) Cryptographic system using interchangeable key blocks and selectable key fragments
US7590240B2 (en) Conditional access system and method prevention of replay attacks
US6351538B1 (en) Conditional access and copy protection scheme for MPEG encoded video data
EP0787391B1 (en) Conditional access system
US4736422A (en) Encrypted broadcast television system
CA2055132C (en) Apparatus and method for upgrading terminals to maintain a secure communication network
US5937067A (en) Apparatus and method for local encryption control of a global transport data stream
US4484027A (en) Security system for SSTV encryption
US6385317B1 (en) Method for providing a secure communication between two devices and application of this method
CA2748539C (en) Slice mask and moat pattern partial encryption
KR100605825B1 (en) A copy protection apparatus and method of a broadcast receiving system having a hdd
JP4818559B2 (en) How to operate a conditional access system to the broadcasting sector
KR101035893B1 (en) Method and conditional access system applied to the protection of content
US6920222B1 (en) Conditional access system enabling partial viewing
JP2004320819A (en) Method and apparatus for uniquely enciphering data for terminal office
AU3529799A (en) Mechanism for matching a receiver with a security module
EP0179612B1 (en) Cryptographic system for direct broadcast satellite network
JPH0795725B2 (en) Transformer control method and device in broadcasting facility
JP2003318874A (en) Contents copyright protection device and its program and method
GB2297017A (en) Encryption of television services
US20130132725A1 (en) Protection method, decryption method, recording medium and terminal for said protection method
EP1222819B1 (en) System and method of verifying authorization for communicating protected content
JP4542518B2 (en) Content usage control transmission device, content usage control reception device, content usage control system, content usage control transmission program, and content usage control reception program

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)