MXPA97001242A - Access control system based on intelligent cards with better security - Google Patents

Access control system based on intelligent cards with better security

Info

Publication number
MXPA97001242A
MXPA97001242A MXPA/A/1997/001242A MX9701242A MXPA97001242A MX PA97001242 A MXPA97001242 A MX PA97001242A MX 9701242 A MX9701242 A MX 9701242A MX PA97001242 A MXPA97001242 A MX PA97001242A
Authority
MX
Mexico
Prior art keywords
signal
smart card
data
demodulated
produce
Prior art date
Application number
MXPA/A/1997/001242A
Other languages
Spanish (es)
Other versions
MX9701242A (en
Inventor
William Chaney John
Original Assignee
William Chaney John
Thomson Consumer Electronics Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from PCT/US1995/009953 external-priority patent/WO1996006504A1/en
Application filed by William Chaney John, Thomson Consumer Electronics Inc filed Critical William Chaney John
Publication of MX9701242A publication Critical patent/MX9701242A/en
Publication of MXPA97001242A publication Critical patent/MXPA97001242A/en

Links

Abstract

The present invention relates to a smart card including a demodulator for demodulating authorized information and data providing improved access control by controlling the manner in which the authorized information portion of data stream is passed through the smart card. The authorization data that is demodulated and used in the smart card for functions such as key generation is reinserted in a demodulated form in the high-speed output data signal of the smart card. A variable delay device is included in the smart card to be controlled when the modulated authorization data is reinserted into the data stream. The variation of the delay allows establishing a desired time relation between the reinserted data and other data in the data stream leaving the smart card. For example, the authorized data modulated in the output data stream can be made to exhibit substantially the same time relationship for other data that exists in the data stream of input.

Description

Access Control System Based on Smart Cards with Enhanced Security The present invention involves access control systems that include an integrated circuit (CI) card, or "smart" card, to limit access to information in signal processing applications . Systems such as pay TV systems include access control subsystems that limit access to certain programs or channels. Only users who are authorized (eg, who have paid a fee) are allowed to see the programs. One approach to limit access is to modify the signal, for example, by modulating or encrypting the signal. Normally modulation involves modifying the signal shape using methods such as synchronization pulse removal. Encryption involves modifying a data component included in the signal according to a particular cryptographic algorithm. Only the individuals who are authorized to have access are given the necessary "key" to demodulate or decipher the signal. The terms modular and demodulate as used below are intended to encompass access control techniques in general, including encryption and modulation. The access control systems may include a characteristic integrated circuit card (Cl). or "smart" card. A smart card is a plastic card the size of a credit card that has a signal processing Cl embedded in the plastic. A smart card is inserted into a card reader that couples signals to and from the Cl on the card. The 7816 standard of the International Standards Organization (ONI), establishes specifications for a CI card interface. In particular, the ONI standard 786-2 specifies that the electrical interface to the card will be through eight contacts placed on the surface of the card as shown in Figure 2A. Six of the eight signals at the contact points are defined as VCC (supply voltage), RST (reset signal), CLK (clock signal), GND (ground connection), VPP (programming voltage for programming memory in the Cl of the card), and E / S (serial data input / output). For future use, two contacts are reserved. The mapping of the contacts signals of the smart card is shown in Figure 2B. The Cl in a smart card, processes data such as security control information as part of an access control protocol. The Cl includes a microcontroller control, such as the 6805 processor of "'Motorola Semiconductor", Austtn, Texas, which includes ROM, EEPROM, and RAM. The processor performs various security control functions including authorization management and generating the key to demodulate the modulated data component of the signal. Authorization management involves modifying information stored on the card that specifies the owner's authorizations (ie, programs and services to which a user is authorized to have access). The processor adds and deletes authorizations in response to authorization information in the messages of authorizations (MMA) that are included in the input signal. Normally, MMA data indicates authorization for a particular service, eg, all programming on a particular channel, or a particular program offered by a service, eg, a movie on a particular channel offered by a service. , e.g., a movie in a particular channel. Because MMA refers to relatively long term authorization, MMA usually occurs rarely in a signal. Once a service or program is authorized, the demodulation of the service or program can only occur after generating a key to demodulate. The key generation is presented in response to the authorization control messages (MCA) that are also included in the input signal. The MCAs provide initialization data for key generation routines that are executed by the processor. Every time a service provider changes the modulation key, the MCA data is included in the signal in such a way that a system to which it is authorized to have access, can generate the corresponding new key to demodulate. To help prevent unauthorized access to modulated signals, the key is frequently changed, eg, every two seconds. Therefore, the MCA data is frequently presented in the signal. The MMA and MCA data are transferred to the smart card for processing via the serial I / O terminal of the ONI 7816 standard interface: The serial I / O terminal is also used to transfer the generated key from the card to a demodulator unit in the video signal processing channel. The demodulator demodulates the data component of the input signal, e.g., video and audio data, using the key to produce a demodulated or "clear text" signal. Demodulation involves reversing the effects of the modulation process, eg, reinserting synchronous pulses and deciphering the data using the inverse of the algorithm for encryption. The demodulated signal is further processed by the signal processing channel to produce suitable video and audio signals for coupling output devices such as a kinescope and a loudspeaker, respectively. The inclusion of a demodulator function in the video signal processing channel implies adding a demodulator hardware to the system. The program can be included in an electronic consumer device (EC), such as a television receiver, or it can be in a single decoding unit, such as cable box. The inclusion of the demodulator hardware in a separate EC device or decoding unit dedicates the device to a particular access control system. For example, the program may be appropriate to demodulate only a particular type of modulator algorithm. If the service provider decides to change to a different access control system, eg, due to security problems, the replacement of the demodulator hardware involves the costly and difficult work of modifying the EC devices and / or replacing the units. decoders. In addition, the transfer of data between a smart card and the system using the smart card provides an opportunity for a cutter to attack the security system. Since the Cl of the security control is embedded in the smart card, a cutter can not directly access the Cl as part of an attempt to "cut", that is, destroy the security algorithm. The attempt to delaminate the smart card to access the Cl will destroy the Cl. However, a cutter can monitor a transfer of data between a smart card and other parts of the system. By monitoring a data transfer, a cutter can intercept key data that is being transferred to an external demodulator, thus compromising the access control system. Similarly, a cutter can monitor an authorized data transfer to and from the smart card. By detecting changes between the authorized data that is being input to a smart card and the authorization information that is being removed from the smart card, a cutter can obtain information regarding the access control algorithm that is being used in the smart card. The invention resides, in part, in the recognition of the problems described and, in part, in the provision of a solution to the problems. In accordance with one aspect of the invention, a smart card processes a second and second signal components of a signal to produce corresponding first and second processed signals. The second processed signal is combined with the first signal component of the input signal to produce an output signal of the smart card. According to another aspect of the invention, the first signal component of the input signal is combined with the second processed signal to produce a predetermined time relationship between the first signal component and the second component processed in the output signal. According to another aspect of the invention, the first signal component of the input signal is delayed before being combined with the second processed signal so that the output signal exhibits the predetermined time relationship. According to another aspect of the invention, the predetermined time relationship is substantially the same as a time relationship that exists between the first and second signal components of the input signal. According to another aspect of the invention, the first signal component of the input signal is delayed through a first-output input memory first included in the smart card before being combined with the second processed signal. According to another aspect of the invention, the first and second signal components of the input signal include modulated information. The first and second processed signals include demodulated information corresponding to the modulated information in the first and second signal components of the input signal. According to another aspect of the invention, the first signal component of the input signal comprises modulated authorized data for a pay-per-access service, such as a pay TV channel, and the second signal component of the pay signal. input comprises modulated data provided by the pay-per-access service provider, such as modulated video or audio data. The invention can be better understood by referring to the accompanying drawing in which: Figure 1 shows, in the form of a block diagram, a signal processing system that includes a smart card that provides processing rights and demodulated; Figure 2A shows the location of contacts of signals on the surface of a smart card according to the norm 7816-2 of ONI; Figure 2B shows the assignment of smart card interface signals to signal contacts shown in Figure 2A according to the norm 7816-2 of ONI; Figure 3 shows a format that can display data included in a signal processed by the system shown in Figure 1; Figure 4 shows, in the form of a block diagram, a mode of signal processing functions included in a smart card suitable for use with the system shown in Figure 1; Figures 5 to 8, illustrate the signal routine through the smart card shown in Figure 4 during various modes of operation of the system shown in Figure 1; One embodiment of a smart card access control system including the invention will be described with reference to an illustrative video signal processing system shown in block diagram form in Figure 1. The system shown in FIG. Figure 1 includes signal processing functions that can be found in various signal processing systems. A specific example is the direct broadcast satellite television system DSS® developed by Thomson Consumer Electronics, Inc. For a pay TV service involving an access control system based on smart card, a user who wishes to purchase the service he contacts the service provider, pays a service access fee and receives a smart card. A card is issued to a user with initial authorization information stored in the "EEPROM" of the card. The authorization information may include data identifying the user and data specifying the scope of initial access rights (eg, duration and / or specific programs paid by the user). In addition, the key generation software specific to the application is stored in the memory of the card.
The authorization information stored on the card can be modified by the service provider from a remote location using authorization management suggestions (MMA) and authorization control suggestions (MCA) and inserted into portions of the signal. The MMA includes information indicating the subscription (long-term access) and payment-by-event services (a single access to the program) for which the user has paid. An MMA can be directed to a particular smart card including identification information in MMA data corresponding to the identification information stored in the particular smart card. MCA includes data such as the initialization data required for general demodulation keys. Therefore, a signal for a particular program includes both a modulated data component comprising video and audio data, and a control information component comprising EM and MCA. When the user wishes to have access to a pay TV service, the smart card 180 of Figure 1 is inserted into a card reader 190. The card reader 190 couples signals between the smart card 180 and a signal processing channel. comprising units 100 to 170 in Figure 1. More specifically, the card reader 190 is connected to eight terminals that are located on the surface of the smart card 180 as specified in rule 7816-2 of ONI (see Figure 2). ). The connection established by the card reader 190 creates the interface 187 between the smart card 180 and the signal processing channel. In accordance with an aspect of the invention described below, the eight signals on the interface 187 include the signals 184 that appear in a high-speed data input / output (I / O) port for the smart card 180 and the signals 182 representing a subgroup of the Cl card interface signals of the ONI standard. The desired program or service is selected by tuning the receiver to the appropriate channel using the tuner 100. The tuner 100 is controlled by the microcontroller 160 in response to user inputs. For example, the microcontroller 160 may receive channel selection signals from a remote control (not shown in Figure 1) activated by a user. In response to the channel selection signals, the microcontroller 160 generates control signals which cause the tuner 100 to tune to the selected channel. The output of the tuner 100, is coupled to the future error corrector (CEF) 110. The CEF 110, monitors error control information, such as parity characters in the tuned signal, to detect errors and, depending on the control protocol of error, to correct errors. The microcontroller 160 is coupled to CEF 110 to monitor the presence of errors in the signal and control the processing of errors. CEF 110 also performs an analog-to-digital (CAD) conversion function, to convert the analog output to tuner 100 to a digital signal at the output of CEF 110.
The transport unit 120 processes the CEF signal 110 to detect and separate various types of data in the tuned signal. The data in the signal can be arranged in several formats. Figure 3 shows an illustrative data format that serves as the basis for the following description. The signal described in Figure 3 comprises a stream of data organized into packets of octets of data characters, i.e., "packed" data. Each packet is associated with a particular type, or secondary stream, of information in the data stream of tuned channels. For example, the signal includes program guide information packages, control information (e.g., MCA or MMA), video information, audio information. The secondary stream with which a particular packet is associated is defined by the data included in a portion of the header of each packet. One payload portion of each package, includes the package data. The illustrative data format shown in Figure 3 includes two octets of characters (16 characters) of data in the header and 186 octets of data characters in the payload. The first twelve characters of the header in each packet are program identification data (IDP) characters. The IDP data identifies the secondary data stream with which the payload data is associated. An example of the information provided by IDP data is as follows: TABLE 1 IDP value Payload content 1 program guide information 4 MMA 10 video data for 101 channels 11 audio data for 101 channels.
Other IDP values identify video and audio data for other channels. As part of the tuning process, the microcontroller 160 refers to an IDP "map" stored in the microcontroller's memory to determine the IDP values associated with the channel tuned. The appropriate IDP values are loaded into the IDP registers in the transport unit 120. For example, when the channel 101 is selected, the microcontroller 160 has access to the stored IDP map, determines with which video and audio data for 101 channels are associated IDP values of 10 and 11 respectively, and load values 10 and 11 into respective video and audio IDP registers in transport unit 120. The IDP data in IDP packets to determine the content of the payload of each packet. The microcontroller 160 can update the data of the iDP map in response to the information of IDP correspondence to channel in the "program guide" packages (IDP value of 1). The last four characters of the header portion for each packet, further defines the content of the payload in the following manner: 25 TABLE 2 Designation Character Header function 13 MCA message indicates whether the payload is MCA 14 reserved ENC message indicates whether the payload is encrypted 16 key message indicates whether the payload key is A key or B key. The MCA message being active, eg, in the logical 1, indicates that the payload includes MCA data such as initialization data for key generation. If the ENC message is activated, it indicates that the payload is encrypted and, therefore, must be demodulated. The key message determines which of the two keys, key A or key B, should be used to modulate the payload (eg, logical 0 indicates key A, logical 1 indicates key B). The use of the key message is described below with respect to Figure 7. The transport unit 120 in Figure 1 extracts and processes the header data in response to a clock signal from the packet shown in Figure 3. The The clock signal of the packet is generated and synchronized with the data stream by CEF 110. Each transition of the packet clock signal indicates the beginning of a packet. The transport unit 120 processes the 16 characters of the header data following each transition of the signal to determine the destination for the payload of the packet. For example, the transport unit 120 transfers useful loads containing MMA (IDP value of 4) and MCA for the security controller 183 on the smart card 180 via the microcontroller 160. The video and audio data is directed to the demultiplexer / demodulator 130 for demodulating and demultiplexing into video and audio signals. The program guide data (IDP value of 1) is directed to the microcontroller 160 to update the IDP map. The security controller 183 processes MMA and MCA data to provide access control functions including authorization management and key generation. The security controller 183 is included in the integrated circuit (Cl) 181 and comprises a microprocessor such as the Motorola 6805 processor. Authorization management involves processing MMA data to determine how and when the authorization information stored in Cl 181 should be updated, ie add and delete authorizations. The MCA data provides initial values necessary for the security controller 183 to generate ciaves to be demodulated. After a key is generated by the security controller 183, it is transferred via the microcontroller 160 to the decoder 130 where the modulated data component of the input signal v., Demodulates the video and audio program data of the video signal. tuned channel. In accordance with the principles of the invention which are described below, the demodulator 185 included in Cl 181, may also provide the function of demodulation. The demodulated video and audio data is decompressed in video decompressor 140 and audio decompressor 145, respectively. The program data is compressed into the program source using any of a variety of known data compression algorithms. The decompressors 140 and 145 reverse the effects of the compression algorithm. The outputs of video and audio decompressors 140 and 145 are coupled to the respective video and audio signal processors 150 and 155. The audio signal processor 155 may include functions such as generation of stereo signals and conversion from digital to analog to convert the digital output signal of the decompressor 145 to an analog audio output signal AOUT from the processor 155 that can be attach to a speaker (not shown in Figure 1). The video signal processor 150 also includes digital-to-analog conversion capability to convert the digital output of the decompressor 140 to an analog video output signal VOUT that is suitable to be displayed on a display device such as a kinescope. The video processor 150 also provides signal switching necessary to include an on-screen display signal (EEP), produced by the EEP processor 170, in the VOUT signal. The EEP signal represents, for example, graphic information such as a channel number display that must be included in the displayed image. The video switches in the video processor 150 multiplex the EEP signal into VOUT signal as required to produce the desired display. The operation of the EEP processor 170 is controlled by the microcontroller 160.
Returning to the access control aspects of the system shown in Figure 1, the aspects and function of the smart card 180 can be better understood by referring to the block diagram of the smart card Cl 181 shown in Figure 4. The numbers of reference in Figure 4 which are the same as in Figure 1, indicate the same or similar aspects. In Figure 4, the integrated circuit (Cl) 181 includes the security controller 183 which comprises a central processing unit (UPC) 421, RAM 426, ROM 425, EEPROM 423 and serial I / O unit 424. The UPC 421 is a processor such as the Motorola 6805. The key generation and authorization management software is stored in ROM 425 and EEPROM 423. Data specifying current rights is also stored in EEPROM 423 and modified in response to information in authorization management messages (MMA). in the received signal. When the transport processor 120 in Figure 1 (IDP value of the pack of 4) detects an MMA packet, the microcontroller 160 in Figure 1, transfers the payload in packet to the security controller 183 via the E unit. / S in series 424. The UPC 421 transfers the MMA data in the payload to RAM 426. The UPC 421 processes the MMA data and consequently modifies the data of rights stored in EEPROM 423 The payloads of the package that include messages of Rights control (MCA), as indicated by the MCA message in the activated packet header, is transferred from the transport unit 120 to the security control 183 via the microcontroller 160 and the serial I / O unit 424. Any type of package, eg, MMA, video, or audio, may include MCA. The MCA data is used to generate the demodulator key for a particular class of data. For example, the MCA data in an MMA packet is used to generate an MMA demodulatory key. When transferred to security controller 183, the MCA data is stored in RAM 426 until processed by the UPC 421. The key generation software stored in EEPROM 423 and ROM 425 is executed by the UPC 421 using the MCA data in RAM 426 to generate a particular key. The MCA data provides information such as initial values required by the key generation algorithms. The resulting key is stored in RAM 426 until it is transferred by UPC 421 to demodulator 130 via unit 324 of serial I / O and microcontroller 160. The MMA and MCA data can be encrypted as indicated by the message of ENC to encrypt in the activated packet header. The encrypted data was transferred from the transport unit 12 to the demodulator 130 to be demodulated before being transferred to the security processor 183 for authorization management or ciave generation processing. The aspects and operation of Cl 181 that have been described are the normal ones of known smart card systems. However, as stated above, the use of a demodulator unit external to a smart card, such as demodulator 130, substantially degrades the security system and undesirably changes the demodulator hardware. The arrangement shown in Figures 1 and 4 includes aspects that significantly improve security compared to known smart card systems. In particular, the Cl 181 of the smart card 180 includes the demodulator unit 185 and the synchronous interface 184 of high data rate comprising serial data in and serial data outside the lines separately. The combination of demodulator 185 and interface 184 makes it possible for all to have access to control processing or to beresolved within smart card 180. In Figure 1, the reader of card 190 couples both interface signals 165 of the standard of ONI of the microcontroller 160 and high-speed interface signals 125 of the transport unit 120 to the smart card 180 via smart card interface portions 187 which are marked 182 and 184, respectively. Figure 4 shows the signals included in interface 187. Signs 182 of the ONI standard include power, grounding, reset and I / O in Figure 4 (correspond to VCC, GND, RST, and E). / O in Figure 2B). The high-speed interface signals 184 comprise signals of data input and high-speed data output, a clock signal, and a high-frequency clock signal (e.g., 50 MHz). The VPP signal of the ONI standard (programming voltage) is replaced by the clock packet signal that allows the 187 interface, including both high and low speed interfaces, to be implemented using the ONI standard configuration of eight contacts shown in Figure 2A. The elimination of the VPP signal does not prevent the system shown in Figure 1 from operating with smart cards of the existing ONI standard that do not include demodulator 185 and high-speed data interface 184. Existing smart cards usually include circuits of EEPROM that do not require a separate programming voltage. A "charge pump" aspect generates the required programming voltage of the card supply voltage when programming is needed. Therefore, the VPP signal as specified by the ONl standard is an "unused" terminal for most smart cards of the existing ONI standard. The use of the system with the existing smart cards does not require modifying the operation of the system so that the high speed interface 184 and the demodulator 185 are not used. The modification needed can be achieved by only changing the control software by the controller 160 The demodulator 185 operates at a high data rate in response to the high frequency signal signal while the security controller 183 needs a lower frequency clock signal. The divider 422 in Cl 181, divides the 50 MHz clock signal to produce a lower frequency clock signal suitable for the security controller 183. Therefore, the high frequency clock signal alone, serves as a signal of time to control the operation of both the security controller 183 and the demodulator 185. Using the splitter 422, it is avoided to dedicate two of the eight smart card interface signals to separate high and low frequency clock signals. The demodulator 185 includes transport decoder unit 472, filter unit 474 IDP and MCA and filter unit 476 addressed to MMA to provide functions similar to the functions described before the transport unit 120 in Figure 1. The input signals of data and data output of the interface 187, couples the high-speed data stream of the input signal between the transport unit 120 and the demodulator 185. The inclusion of functions of the transport unit 120 within the smart card 180 , allows the smart card 180 to process data packets that enter the high data rate of the input signal. Both the data input signals and the packet clock signals are coupled to the unit 472. In response to each transition in the clocked packet signal, the unit 472 processes the 16 characters of the header data. The first 12 characters of the header are program identification data (DlP) which are directed to the DIP filtering unit 474 and MCA. The unit 474 compares the DIP data of the packet with the DiP values stored in the unit 474 for each type of packet included in the tuned channel Similar to the operation described before the transport unit 120 (see Table 1 above and associated description ), the comparison of DIP in unit 474, determines the type of data that contains the payload, eg, program guide, MMA, video or audio. The DIP values that identify the types of packets in the signal currently tuned, are stored in registers in unit 474. The registers are loaded as part of the tuning process described above for the system in Figure 1. More specifically, microcontroller 160 has access to the stored DIP "map", as described above. and transfers DiP values associated with the channel currently tuned to the registers in the unit 474 via the signals 182 and the security controller 183 of the smart card 180. The data transfer between the security controller 183 and the functions of the demodulator 185 , such as unit 474, occurs via an internal data bus to Cl 181 that is not shown in Figure 4. The manner in which payload data is processed by smart card 180, is determined by both ios results of the DIP comparison in unit 474, as per the content of characters 13 to 16 of the header of the package extracted by unit 474. Using the previous sample that refers to channel 101 (see Table 1), the DIP data identifies: program guide data (DIP = 1) which is processed by microcontroller 160 to update the DIP map, MMA data (DIP = 4) which processes the security controller 183 to modify rights, video data (DIP = 19) and audio data (DIP = 11). The characters 13 to 16 of the security-related operations of the header control (see Table 2 above and the associated description) on the smart card 180. If the character 13 is activated (MCA message), the payload includes MCA data. which require key generation processing by security controller 183. If character 15 is activated (ENC message), the payload is encrypted and demodulated in demodulation unit 478 within decrypher 185. Character 16 determines whether key A or key B will be used in unit 478 to demodulate. The cryptographic state ENC character determines how the data will be processed by the demodulator unit 478. The payload data that is not encrypted passes without change from the high speed data entry terminal of the smart card 180 to the demodulator unit 478 to the speed data output terminal. The encrypted data is demodulated to the data rate by unit 478. The demodulated video and audio data is passed to the high-speed data output terminal of smart card 180. In each demodulated audio video packet, the character ENC in the header of the package it is set to logical 0 indicating that the package is "clean", that is, demodulated. To ensure that unauthorized users do not have access to data related to authorizations or ciaves, the demodulated MMA or MCA data does not leave the smart card 180 via our high-speed data terminal. One approach is for the smart card to remove the MMA or MCA data component from the data stream at the output of the smart card. However, monitoring changes that occur in the data stream data enters the data input and output of the smart card 180, a cutter can obtain useful information with respect to the processing that is presented in the smart card 180. For example , this could assume the information removed from the data stream by the data card belonging to the service. This problem is overcome by passing the control information component of the original MMA or modulated MCA, with the character of ENC set to logical 1, to through the smart card 180 of the high-speed data input terminal to the high-speed data output terminal. More specifically, a first signal component of the input signal, such as the modulated ECM or EMM control information, is processed, e.g., demodulated by demodulator 478 to produce a processed signal digit such as required demodulator data. for the generation of keys. The information such as key information in the first processed signal is used by the demodulator 478 to process a second component of the input signal to produce a second processed signal, which, for example, represents demodulated video or audio data. The signal component of the input signal was combined with the second processed signal to produce the output data stream of the smart card 180. Thus, for example, the authorized information modulated in the input signal is it can be modified and used by smart card 180, but the corresponding data in the output is not changed, thus reducing the information that can be obtained by a cutter that monitors the data stream. To further obscure the nature of the processing occurring in the smart card 180, the oriignal component of the input signal is delayed before being reinserted into the output data stream. The delay ensures that the time relationship between the modulated control information, such as MMA and / or MCA, and the demodulated data, such as video and / or audio data, in the data output signal of the smart card 180 , is substantially the same as the time relationship between the modulated control information and the modulated data in the data input signal of the smart card 180. As a result, it is more difficult for a choker to determine the characteristics of the smart card 180 such a device. the internal demodulator delay monitored the data run. The modulated original data is delayed and reinserted into the data stream via the first input-first-out memory (POPS) 477 and the 479 in the figure 4. The data entry signal to POPS 477 is the signal at the input data from the demodulator 478. The delay through POPS 477 can be adjusted by the control processor 183 to provide a delay through POPS 477 corresponding to the particular demodulator algorithm being executed in the demodulator 478. For example, the delay through POPS 477 can be increased or decreased by storing more or less data, respectively, in POPS before starting to read POPS data. The leader 479 combines delayed data from POPS 477 with demodulated data from the demodulator 478 under control of the control processor 183 to produce the data output signal from the smart card 180. The leader 479 may comprise a multiplexer to selectively couple both the POPS as the output of the demodulator to the data output of the smart card 180 in response to a control signal provided by the control processor 183. The MMA and MCA data that is demodulated in the demodulator unit 478 are temporarily stored in RAM 426 in the security controller 183 until they are processed by the security controller 183 for rights handling and key generation. The transport unit 120 of Figure 1 receives the data (either unchanged or demodulated) from the high-speed data output terminal of the smart card 180. The DP value of each packet is reviewed and the load useful is transferred to the appropriate function in Figure 1 to further process (e.g., microcontroller 160 or decompressors 140 and 145) The operation of the smart card 180 is controlled by the commands of the microcontroller 160 in Figure 1 which is communicate with the smart card 180 via the interface in sene of the ONI standard. In effect, the microcontroller 160 is the master processor and the security controller 183 is the slave processor. For example, the microcontroller 160 transfers DIP information to the smart card 180 and directs the card to demodulate the data in the corresponding data streams. The security controller 183 responds by reviewing authorizations and configuring the smart card 180 for the appropriate type of data processing such as rights processing, generation or demodulation of keys. In addition, the microcontroller 160 needs status information such as if demodulation is in progress. The commands communicate with the security controller 83 on the smart card 180 via the serial I / O terminal. Any response required by the command is returned to the microcontroller 160 via the serial I / O terminal. Thus, the serial I / O signal serves as a control signal between the system and the smart card 180 while the high speed data interface provides high speed input and output data signals between the card and the system. The serial communications between the microcontroller 160 and the smart card 180 are presented according to a protocol provided in the norm 7816-3 of ONI. A smart card notifies the system of the particular protocol that will be used by sending a number of type of protocols T to the system. More specifically, when a card is inserted into the card reader, the card reader applies power to the card and resets the card by activating the reset signal. The card responds to the reset signal with a "response to reset" data sequence specified in the ONI standard 7816-3 §6. The response to the reset includes an octet of TDi interface characters. The four octets of least significant characters TDi, define the protocol type number T (see rule 7816-3 of ONI §6.1.4.3). The type of protocol for the system shown in Figure 1 is type T = 5. A type 5 protocol is classified as "reserved", that is, currently undefined, in the ONI standard. For the system in Figure 1, protocol type 5 is identical to protocol type 0 (an asynchronous semiduplex protocol defined in ONI 7816-3 §8) except for the way in which the baud rate for the E / S series. The serial I / O in the card inierfaz is presented at a rate determined in accordance with Table 6 in the norm 7816-3 of ONI. The baud rate calculation is based on the rate at which security 183 is timed. For existing smart cards, the clock frequency for security controller 183 is equal to the clock frequency Fs on the security pin. card clock. As shown in Figure 4, the smart card 180 includes the divider 422 to divide the rate of air velocity input Fn by a factor N, ie, Fn / N, to set the rate of the clock for the security controller 183. Therefore, for a protocol type 5, Table 6 of the norm 7816-3 of ONI is modified by defining Fs = F, n / N As in the case of a protocol type 0, all commands for a type 5 protocol are initiated by the microcontroller 160. A command begins with a header of five octets of characters including an instruction class designation of a character octet (CLA), an instruction of a character octet ( INS), a parameter of two octets of characters (P1, P2) such as an address and a number of one octet of characters (P3) defining the number of octets of data characters that are part of the command and follow the header. For the system in Figure 1, the parameter P1, P2 is not necessary and, therefore, these octets of characters are not "important". Therefore the commands take the form: CLA I INS I - I - I P3 i data (character octets of P3). The commands recognized by the smart card 160 include a status command and a DIP transfer command. The smart card 160 responds to a status command of the microcontroller 160 by providing the processing state of the card, e.g., whether the card has complete key generation or if the card is demodulating data. Using a CIP transfer command, the microcontroller 160 transfers DIP numbers associated with the tuned channel. Other commands such as the commands to transfer MMA and MCA data, commands related to ciaves, and "purchase offer" commands are possible, and will be explained later.
The operation of smart card 180, and in particular demodulator 185, will now be described in greater detail with reference to Figures 5 to 8. When a new channel is tuned, microcontroller 160 transfers DIP values for the new map channel. from DIP to smart card 180 as shown in Figure 5. DIP data transfer is presented using a DIP transfer command including DIP N values, where N is specified in P3 bytes of command header characters . The command and DIP values communicate with the card via the serial data terminal of the smart card 180 and the input / output unit 424 in series. The UPC 421 receives the DIP data and directs the data to the appropriate DIP register in the registers 474 in the demodulator 185. Before a signal can be demodulated, a user must be authorized to access and the correct key must be loaded in the demodulator 185. After transferring the DIP data to the smart card 180, the security controller 183 compares the DIP values with the right data stored in EEPROM 423 to see if the user is authorized to have access to the tuned channel . Assuming that the user is authorized, the next step is the generation of the key. Generating the key involves processing MCA data. Therefore, the MCA must be received and processed to produce the key before the audio and video data can be demodulated. The MCA data is encrypted to reduce the probability of unauthorized ciaves being generated. A card with a key for demodulating MCA stored on the card in EEPROM 423 is issued. As illustrated in Figure 6, the MCA key is transferred via UPC 421 of EEPROM 423 to MCA key records in the demodulator unit 478. If the user is not authorized to access the tuned channel, the authorizations must be received before the key generation and the demodulated can be presented. Authorizations can be received via MMA. An "address" that identifies a particular smart card is stored in the MMA address unit 476 of the card when the card is issued. Including address information in MMA, a service provider can direct the MMA to a particular card. The smart card compares the address information in MMA with the address of the card stored in the unit 476 to detect MMA information addressed to the card. If a user is not authorized, the security controller 183 configures the card to process the MMA as shown in Figure 6, in the event that MMA data is received. As in the case of the MCA ciave, a card is issued with an MMA key stored in the card in EEPROM 423. In Figure 6, the MMA key is transferred from EEPROM 423 to the MMA key records in the demodulator unit 478 by UPC 421. The modulated MMA data of transport unit 120 in Figure 1 is input to the card via the high-speed data input port. After reviewing the MMA address in unit 476, the MMA data destined for the card is decrypted in unit 478. The decrypted MMA data is temporarily stored in RAM 426 and processed by the UPC 421 to update the updated authorization data stored in EEPROM 423. After the DIP values are loaded, the authorizations exist and the MCA key is placed in the demodulator 185, the card is ready to demodulate MCA data and generate the audio keys and video. In Figure 7, the ECN data in the signal is received by the smart card 180 via the high-speed data input terminal and is detected by the transport decoding unit 472. The MCA data is directed to the decipher 478 where the previously loaded MCA key is used to decrypt the MCA data. The decrypted MCA data is transferred from demodulator 478 to RAM 420. When decrypted MCA data is available, the UPC 421 executes keys generation algorithms stored in EEPROM 423 and ROM 425 using the MCA data decrypted in RAM 424 to generate the video and audio keys. The generated keys are transferred to the appropriate video and audio key registers in the demodulator 478. As shown in Figure 7, the demodulator 478 includes two key registers for video, video keys A and B and two key registers for audio, A and B audio keys. The key A or B that will be used to demodulate a particular packet is determined by the character of key signage in the packet header (see Table 2 above). The "multiple key" aspect is used to allow a new key to be generated while an existing key is being used to demodulate data. The processing of MCA data in the security controller 183 to generate a new key and transfer the new key to a key register in the demodulator 478 requires a significant number of instruction cycles in the UPC 421. If it interrupts the demodulation during the When generating and transferring a new key, the processing delay could require a person to see a program to monitor a modulated image until the new key was in place in the demodulator 478. Having key records A and B, allows the deciphered data use a key in a ciaves registry, eg, key record A, while a new key is being generated and loaded into the second key record, e.g., record B of ciaves. After initiating key generation by transmitting MCA data, a service provider waits a sufficient time to ensure that the new key B and on demodulator 478 was generated before encrypting the packets using key B. The signal of the key, notifies scrambler 185 when to start using the new key. After the operations shown in FIGS. 5, 6, and 7 have been initiated, demodulator 478 has been started with all the key information required to process the encrypted data in the tuned channel, including MMA, MCA, data. of video and audio.
Figure 8 shows the signal flow for data processing. The encrypted data is input to the smart card 180 via the high-speed serial data input terminal. The data is decrypted in the scrambler 478 using the keys previously loaded. For example, if the transport unit 472 determines from the header of an incoming packet that the payload data is video data associated with the video key A, the payload of the packet is decrypted in the demodulator 478 using video key A . The decrypted data is output directly from the smart card 180 via the high-speed serial data output terminal. Note that the data processing in Figure 8 does not require interaction between the demodulator unit 185 and the security control unit 183 allowing the demodulator 478 to process data at the high data rate of the input signal. The generation of keys in the security controller 183 combined with the demodulation aspects of the demodulator unit 478, provides full capacity in the smart card 180 for processing encrypted signals using a variety of algorithms including the normal algorithm for data encryption (NCD). and Rivest-Shamir-Adiemann (RSA) algorithms. By providing all the access control related to the processing within the smart card 180, the security-related data such as key data does not have to be transferred out of the smart card 180. As a result, the comparative security is significantly improved with systems that use an external demodulator to the smart card. Although the use of the internal demodulator 285 for the smart card 180 is advantageous, an external demodulator such as the demodulator 130 in Figure 1 can also be used. An external demodulator can be convenient for smart card compatibility written with the TV systems payers that generate the key on the smart card 180 and transfer the key to the demodulator 130. Alternatively, it may be convenient to use both the demodulator 185 and the demodulator 130. For example, security can be improved by twice encrypting a signal using two different keys. A twice encrypted signal may be deciphered using the system shown in Figure 1: decrypting the signal once in the demodulator 185 using the first key, transferring the partially decoded data to the demodulator 130, and deciphering the signal a second time in the demodulator 130 using the second key. The second ciave could be generated in the smart card 180 and transferred to the demodulator 130. For applications involving the demodulator 130 (i.e., applications in which the key data is transferred out of the smart card 180), commands to transfer are provided The key data via the serial I / O interface between the controller 160 and the smart card 180. For example, the microcontroller 160 sends MCA data to the card in a command and requests the key generation status with a command. of State. When the status data indicates that the key generation is complete, another command requests the key data and the card responds by sending the key data to the controller 160. Subsequently, the key is transferred to the demodulator 130. Different modifications of the keys are possible. described modalities. It will be readily apparent to one of ordinary skill in the art that the invention can be applied to video system and video signal protocols other than those described in Figure 3. Examples of other systems are the DSS & mentioned before and HDTV (HDTV). The described type of access control system can also be applied to signal processing systems such as cell phone systems in which processing authorizations may involve determination if a user is authorized to have access to a telephone system cellular and, if so, process a modulated cell phone signal. Applications such as a cell phone system involve generating an outgoing signal in addition to processing an incoming signal. The generation of an outgoing signal requires that it be encrypted. The described smart card can encrypt data if the appropriate encryption software is stored in EEPROM and ROM in the smart card 180. Therefore, the invention is applied to signaling applications such as telephone systems or "head-end" applications. end in cable TV systems These and other modifications are intended to be within the scope of the following claims.

Claims (17)

  1. CLAIMS 1. A smart card (180) comprising: A first terminal (DATA IN) for receiving an input signal that includes a first component of modulated signals (MCA or MMA) and a second component of modulated signals; a second terminal (DATA OUT) to provide an output signal; a signal processor for processing (183, 185) said first modulated signal component to produce a first internal demodulated signal for said smart card, said signal processor (183, 185) being responsible for said first demodulated signal for processing said second component of demodulated signals to produce a second demodulated signal, and means for combining (183, 185) said first modulated signal component of said input signal and said second demodulated signal to produce said output signal. The smart card of claim 1, wherein said means for combining said first signal component of said input signal and said second signal processed yielding a predetermined time relationship between said first signal component and said second signal processed on said exit sign. 3. The smart card of claim 2, wherein said means for combining said first signal component of said input signal and said second processed signal comprises: means for delaying said first signal component to produce a delay signal that substantially exhibits such a relationship of predetermined time with respect to said second processed signal; and means for combining said delayed signal and said second processed signal to produce said output signal. The smart card of claim 3, wherein said input signal exhibiting an input time relationship between said first signal component and said second signal component; and said predetermined time relationship being substantially the same as said input time relationship. The smart card of claim 4, wherein said first and second signal components of said input signal comprise first and second modulated signal components and said first and second processed signals comprise respective first and second demodulated signals. 6. The smart card of claim 5, wherein said means for delaying said first signal component of said input signal comprises a first memory device first input first. 7. The smart card of claim 6, further comprising means responsive to said first demodulated signal to produce control information; said means for producing said first and second demodulated signals by responding to said control information to produce said second demodulated signal. The smart card of claim 7, wherein said means for producing said first and second demodulated signals, said means for producing said control information and said means for combining said first modulated signal component and said second demodulated signal to produce said exit signal being included in a CI mounted on said smart card; and said first and second terminals being placed on a surface of said smart card. The smart card of claim 8, further comprising a third terminal placed on said surface of said smart card to receive a time signal; said means for producing said first and second demodulated signals by responding to said time signal to process said input signal to a first data rate to produce said output signal to said first data rate. 10. The smart card of claim 9, wherein said first data rate exceeds 1 mega-Hertz. 11. The smart card of claim 9, wherein the means for producing said information processes, said first signal demodulated to a second data rate to produce such control information. The smart card of claim 11, wherein said first data rate is greater than said second data rate. 13. The smart card of claim 12, further comprising a frequency divider coupled to receive said time signal to produce a clock signal at a frequency related to said second data rate.; said means for producing said control information by responding to said clock signal to produce said control information. The smart card of claim 5, wherein said first modulated signal component comprises authorizing handling information for a payment service to access; and said second component of modulated signals comprises data provided by said payment service to have access. 15. The smart card of claim 14, wherein said payment service for accessing comprises a pay TV service; said authorization management information comprises television programming authorization information; and said data provided by such payment service to have access comprises data of television programs 16. The smart card of claim 9 wherein said first, second and third terminals that are included in a plurality of terminals arranged on said surface of said smart card according to the norm 7816-2 of ONI. The smart card of claim 16, wherein said smart card exhibits a mechanical characteristic in accordance with the norm 7816-1 of ONi.
MXPA/A/1997/001242A 1994-08-19 1997-02-18 Access control system based on intelligent cards with better security MXPA97001242A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US29283094A 1994-08-19 1994-08-19
US292830 1994-08-19
PCT/US1995/009953 WO1996006504A1 (en) 1994-08-19 1995-08-04 Smart-card based access control system with improved security

Publications (2)

Publication Number Publication Date
MX9701242A MX9701242A (en) 1998-03-31
MXPA97001242A true MXPA97001242A (en) 1998-10-15

Family

ID=

Similar Documents

Publication Publication Date Title
AU701593B2 (en) Smart-card based access control system with improved security
US5852290A (en) Smart-card based access control system with improved security
US6035037A (en) System for processing a video signal via series-connected high speed signal processing smart cards
JP4422901B2 (en) Decoder and method for processing a transport packet stream
JP2003515286A (en) Digital television method and apparatus
EP1053633B1 (en) Configuring method and device
Giachetti et al. A common conditional access interface for digital video broadcasting decoders
WO2001037562A1 (en) Adaptive trans-scrambling mechanism for digital television multiple data transport system
MXPA97001242A (en) Access control system based on intelligent cards with better security
CA2318939C (en) Conditional access system for digital receivers
MXPA97001241A (en) System for processing a video signal through intelligent cards of processing high speed signals, connected to
KR100458843B1 (en) An Adaptive Decoding System for Processing Encrypted and Non-Encrypted Video Data
EUROPÉENNE Common Interface Specification for Conditional Access and other Digital Video Broadcasting Decoder Applications
MXPA00007588A (en) Configuring method and device