MXPA00005716A - Conditional access system for digital receivers - Google Patents
Conditional access system for digital receiversInfo
- Publication number
- MXPA00005716A MXPA00005716A MXPA/A/2000/005716A MXPA00005716A MXPA00005716A MX PA00005716 A MXPA00005716 A MX PA00005716A MX PA00005716 A MXPA00005716 A MX PA00005716A MX PA00005716 A MXPA00005716 A MX PA00005716A
- Authority
- MX
- Mexico
- Prior art keywords
- seed value
- smart card
- signal
- service provider
- key
- Prior art date
Links
- 230000001808 coupling Effects 0.000 claims description 2
- 238000010168 coupling process Methods 0.000 claims description 2
- 238000005859 coupling reaction Methods 0.000 claims description 2
- 238000000034 method Methods 0.000 claims 1
- 230000000007 visual effect Effects 0.000 abstract description 4
- 238000011084 recovery Methods 0.000 abstract description 3
- 230000004075 alteration Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 240000000691 Houttuynia cordata Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 235000021190 leftovers Nutrition 0.000 description 1
- 230000003442 weekly Effects 0.000 description 1
Abstract
A method for providing conditional access (i.e., managing access) to a received scrambled audio/visual (A/V) signal from a variety of sources by utilizing secret sharing for key recovery. Secret sharing eliminates the necessity to protect and transfer the complete descrambling keys between devices, because a portion of the key is stored in the device or a smart card coupled thereto.
Description
CONDITIONAL ACCESS SYSTEM FOR DIGITAL RECEIVERS
FIELD OF THE INVENTION
This invention still relates to a system for providing conditional access (i.e., handling access) to a received audio / visual (A / V) signal, encoded from a variety of sources, such as broadcasting television networks, cable television networks, digital satellite networks, and Internet service providers. Using the concept of shared secret, the system does not require complete decoding keys that are sent to the receiving device under cryptic encoding. The keys are retrieved using a seed value received from the service provider and a seed value stored in the device.
BACKGROUND OF THE INVENTION
Currently, a user can receive services from a variety of service providers, such as broadcast television networks, cable television networks, digital satellite systems and Internet service providers. Most television receivers are capable of receiving information or programs that are not encoded directly from the broadcasting and cable networks. The cable networks that provide programs
i .i-at.a-, fc «- aj¡, > j.
encoded (or cryptically encoded) usually require a separate independent cable TV box to decode (or cryptically decode) the program. Similarly, digital satellite systems usually provide encrypted programs that also require the use of a separate cable TV box. These cable TV boxes can use a removable smart card, which contains the necessary keys to recover the encoding or decoding keys. The protection of these important keys is huge to avoid the unauthorized copying of programs. European Patent Application No. EP-A-0658054 describes the generation of a decoding key using two pieces of transmitted data.
COMPENDIUM OF THE INVENTION
In a conditional access (CA) system, signals are usually encoded using symmetric numbers such as the Cryptographic Data Coding Standard (DES). For security reasons, the encryption key is changed frequently, the period of change being as frequent as a few seconds. The protection of the decoding keys, which need to be sent with the signals, is usually provided by public key cryptography. Public key cryptography introduces problems associated with the
^? ^^^^^ j ^^^^^ fe ^^^^^^^^ taßa ^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ of the keys. This invention resides, in part, in the recognition of the problem described and, in part, in providing a solution to the problem. A signal (e.g., an event or program) as described herein, comprises information such as (1) audio / visual data (e.g., a movie, a weekly "television" show or a documentary); (2) textual data (for example, an electronic magazine, paper or weather news); (3) computer software; (4) binary data (for example, images); (5) HTML data (for example, web pages) or any other information for which access control may be involved. Service providers include any provider broadcasting event, eg, traditional broadcast television networks, cable networks, digital satellite networks, electronic event list providers, such as electronic program guide providers, and in certain Internet service providers cases. Generally, the present invention defines a method for managing access to a signal, representative of an event of a service provider, using a smart card. That is, this method comprises receiving on a smart card, a signal that is encoded using an encoding key, receiving data representative of a first seed value, generating the decoding key using the first seed value and a second seed value which is stored on the smart card and
- - ^ a - ^ iiiií ^ aAaa-i decoding the signal using the generated coding key to provide a decoded signal. According to one aspect of the present invention, the first and second seed values are points on a plane
Euclidean and the step of generating the coding key comprises calculating the Y intercept of the line formed on the Euclidean plane by the first and second seed values. According to a further aspect of the present invention, a device for managing access between a service provider and
a device having a smart card attached to the device, involves the device that performs the steps of receiving the service provider a signal representative of an event, which is encoded using a coding key, receive from the service provider, data representative of a first seed value
selected from a Euclidean plane, and coupling the encoded signal and the first seed value to the smart card. The smart card has means for processing access control comprising means for generating a coding key by calculating the Y intercept of the line formed in the plane
Euclidean for the first seed value and a second seed value stored in the smart card and means for decoding the signal by decoding the generated coding key to generate a decoded signal. These and other aspects of the invention will be explained with
Reference to a preferred embodiment of the invention shown in
^ sass ^^ á? tsi annexed drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram illustrating an architecture for interconnecting a cable TV box common to a variety of service providers; Figure 2 is a block diagram of an illustrative implementation of a system for managing access to a device according to the invention; Figure 3a is a graphical representation of the determination of the coding key according to an embodiment of this invention; and Figure 3b is a graphical representation of a single-scale, non-overlapping distribution for each service provider according to Figure 3a.
DETAILED DESCRIPTION OF THE DRAWINGS
The present invention provides a conditional access system, which can be used to obtain services from a plurality of sources. The conditional access system when implemented within a device, such as a digital television, digital cassette recorder or cable TV box, provides convenient handling of the decoding keys since only a portion of the seed value necessary for the cable generation is stored in it. For simplicity, the description presented below of the invention will be directed to an implementation using a digital television and a smart card. In Figure 1, the system 30 represents the general architecture for managing access to a digital television (DTV) 40. The smart card (SC) 42 is inserted into or coupled to an intelligent card reader 43 of the DTV 40; an internal busbar 45 interconnects the DTV 40 and the SC 42 thus allowing the transfer of data between them. Said smart cards include ISO 7816 cards having a card body with a plurality of terminals arranged on a surface in accordance with National Renewable Security Standard (NRSS) Part A or PCMCIA cards according to NRSS Part B. conceptually, when said smart card is coupled to a smart card reader, the functionality of the smart card can be considered to share the functionality of the device (for example, DTV 40) thus removing the "borders" created by the physical card body of the smart card. The DTV 40 can receive services from a plurality of service providers (SPs) such as a broadcast television provider 50, a cable television service provider 52, a satellite system service provider 54, and an Internet service provider 56. The Conditional Access Organization (CA) 75 is not only connected to any of the service providers or STB 40, but also has to do with the handling of keys and key pairs of public and private broadcasts, which can be used, if necessary, as explained below. The present invention employs the concept of shared secret, which eliminates the requirement to use public key cryptography to ensure the secure transmission of the audio / visual (A / V) stream from a service provider. A variation of a secret shared scheme, developed by Adi Shamir, is known as a threshold scheme. A threshold scheme (m, n) involves breaking a secret into n pieces (which can be called leftovers) in such a way that at least (<; = n) of the pieces are required to reconstruct the secret. A preferred threshold scheme is a threshold scheme where a recognition of m-1 or minor shadows does not provide any information about the secret. For example, with a (3,4) -threshold scheme, the secret is divided into four parts, but only three of the four portions are required to reconstruct the secret. Two of the portions, however, can not reconstruct the secret. In the Shamir threshold scheme (m, m), selecting a higher value for m, and storing secrets (m-1) in the card, could increase the system's resistance to attacks only of encrypted text, but can lead to more calculations for the polynomial construction.
Said threshold scheme reduces the computation requirements for the card in the DES key recovery. For each new key, only a simple operation is performed (that is, the polynomial value at x = 0 is calculated) as compared to the cryptic decoding of RSA, which involves modular exponentiation. In addition, the security is "perfect" (ie, given recognition of (x, y ^, all values of the secret remain equally likely.) Figures 2 and 3 together show one embodiment of the present invention. stored in SC 42 is a first seed value (or data point) The first seed value can be considered as an individual point on a Euclidean point, ie in the form of xO, yO). The service provider 58 transmits a signal (or event or program) that can be encoded through a symmetric key, for example, a Cryptographic Data Coding Standard (DES) key. In addition to the encoded signal, the service provider 58 transmits a second seed value. Similarly, the second seed value can be a second individual point for the same Euclidean plane, that is, in the form of (x1, y1). The coded A / V signal and the second seed value is received by DTV and is coupled to SC 42 for processing. The smart card 42 receives the second seed value and uses both the first stored seed value and the second seed value received to reconstruct (or recover) the symmetric key.
The smart card 42 uses the reconstructed symmetric key to cryptically decode the encoded A / V signal received and generate a decoded A / V signal. This decoded A / V signal is provided to the DTV 40 for presentation. The recovery of the symmetric key is achieved by constructing a polynomial using the first and second seed values; the y-intercept of the constructed polynominal is the symmetric key. For example, given (xO, yO and (x1, y1), the symmetric key is constructed by calculating the value of [ { (Y1-y0) / (x1 -x0).}. (X-x0)] + yO ax = 0. Figure 3a illustrates a graphical representation of the present invention, which allows more than one service provider to share the second stored seed value (xO, yO), each service provider can then be free to select The probability of building polynomials with intercepts and identical identifiers (ie, identical symmetric keys) is low, however, the scale of possible second seed values can be distributed so that each service provider has It is also within the scope of the present invention that each service provider can select its own first seed value, which can be cryptically encoded using the public key of the smart card. ant It's from the download. The seed value can be recovered by the smart card using your stored private key (KScpp).
The overall architecture of the system 30 leads by itself to achieve the goal of minimizing the amount of information (or key) that needs to be stored on a smart card to allow access to more than one service provider. The rigidity of the defined system can be improved by coding portions of the event with different keys and transmitting different second seed values. Furthermore, it is within the scope of the invention that more than two seed values can be used to recover the symmetric key. For example, two or more seed values can be stored in the smart card and a seed value can be transmitted with the cryptically encoded A / V signal. The symmetric key can be recovered using all the seed values. Although the invention has been described in detail with respect to its numerous embodiments, it will be apparent that after reading and understanding the foregoing, numerous alterations to the described embodiment will occur to those skilled in the art, and are intended to include such alterations within. of the scope of the appended claims.
Claims (7)
1. - A method for managing access to a signal representative of an event of a service provider, said method comprising: a) receiving the signal on a smart card, said signal being encoded using a coding key; b) receiving, in said smart card, data representative of a first seed value; wherein: c) generating said coding key using the first seed value and a second seed value, the second seed value being pre-stored in said smart card; and d) decoding the signal using the generated coding key to provide a decoded signal.
2. The method according to claim 1, wherein the first and second values are points on a Euclidean plane.
3. - The method according to claim 2, wherein the step of generating the coding key comprises calculating the intercept Y- of a line formed on the Euclidean plane through the first and second values.
4. The method according to claim 1, wherein said smart card has a card body having a plurality of terminals arranged on a surface of the card body according to one of the ISO 7816 and PCMCIA card standards.
5. In combination in sm to manage the access between a service provider and a device having a smart card coupled to it, said device performing the steps of: a) receiving from the service provider a signal representative of an event, said signal being encoded using a coding key; b) receiving data representative of a first seed value from the service provider, said first seed value being selected from a Euclidean plane; wherein: c) coupling the encoded signal and the first seed value to the smart card, the smart card having means to process the access control; the access control processing means comprises means for generating the coding key by calculating the Y- intercept of a line on the Euclidean plane through a first seed value and a second seed value, said second seed value being pre-stored on the smart card and means for decoding the signal using the generated coding key to generate a decoded signal; and d) receiving a decoded signal from the smart card.
6. The combination according to claim 5, wherein the device is a cable TV box.
7. - The combination according to claim 5, wherein the device is a digital television.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US60/069,063 | 1997-12-10 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| MXPA00005716A true MXPA00005716A (en) | 2002-02-26 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6108422A (en) | Conditional access system, downloading of cryptographic information | |
| CN100438619C (en) | Authentification of data in a digital transmission system | |
| EP1110399B1 (en) | System and method for copy protecting transmitted information | |
| WO2001022724A1 (en) | Multimedia digital terminal and detachable module cooperating with the terminal comprising an interface protected against copying | |
| CN1158202A (en) | Safety improved access control system using intelligence card | |
| CN1265806A (en) | Transcoder for decoding encoded TV programs | |
| KR100564709B1 (en) | Interface module and decoder for host | |
| US7224806B2 (en) | Threshold cryptography scheme for conditional access systems | |
| EP1671485B1 (en) | Portable security module pairing | |
| JP2004515159A (en) | Threshold encryption method and system for conditional access system | |
| US9210137B2 (en) | Local digital network, methods for installing new devices and data broadcast and reception methods in such a network | |
| US20060083371A1 (en) | Management messages transmission method by a management center intended to a plurality of multimedia units | |
| EP1040661B1 (en) | Conditional access system for digital receivers | |
| MXPA00005716A (en) | Conditional access system for digital receivers | |
| US20040047472A1 (en) | Threshold cryptography scheme for conditional access systems | |
| Kuhn | Attacks on Pay-TV access control systems | |
| KR100939005B1 (en) | Remote control protocol for a local action to generate a command message | |
| WO2010040477A1 (en) | Method and device for authorising access to data | |
| JPH06197104A (en) | Decoder device | |
| MXPA04011537A (en) | Key transport tamper protection. | |
| JPH11289526A (en) | Illegal data detection method and pay broadcast receiver using the method |