WO1995026107A1 - Data decryption apparatus in a subscription television signal receiving system - Google Patents

Data decryption apparatus in a subscription television signal receiving system Download PDF

Info

Publication number
WO1995026107A1
WO1995026107A1 PCT/US1994/002979 US9402979W WO9526107A1 WO 1995026107 A1 WO1995026107 A1 WO 1995026107A1 US 9402979 W US9402979 W US 9402979W WO 9526107 A1 WO9526107 A1 WO 9526107A1
Authority
WO
WIPO (PCT)
Prior art keywords
input
output
decryption
data
bit
Prior art date
Application number
PCT/US1994/002979
Other languages
French (fr)
Inventor
Peter Michael Murphy
Original Assignee
Thomson Consumer Electronics, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Consumer Electronics, Inc. filed Critical Thomson Consumer Electronics, Inc.
Priority to BR9408551A priority Critical patent/BR9408551A/en
Priority to JP7524610A priority patent/JPH09510593A/en
Priority to EP94914715A priority patent/EP0750821A4/en
Priority to PCT/US1994/002979 priority patent/WO1995026107A1/en
Priority to KR1019960705217A priority patent/KR970701972A/en
Priority to AU66969/94A priority patent/AU6696994A/en
Priority to SG1995000109A priority patent/SG24103A1/en
Publication of WO1995026107A1 publication Critical patent/WO1995026107A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/125Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/24Key scheduling, i.e. generating round keys or sub-keys for block encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/34Encoding or coding, e.g. Huffman coding or error correction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/601Broadcast encryption

Definitions

  • This invention is related to the field of digital video signal processing, and more particularly to apparatus for decrypting a television signal received from a transmission channel such as a broadcast satellite, for example.
  • Subscriber video and television services such as cable and satellite broadcast/receiving systems, often encrypt various broadcast services, such as video and audio, by means of a control word or "key" to limit access to only paid subscribers.
  • the encrypting process at a transmitter may be in accordance with various techniques. Some of these techniques are described in "American National Standard Data Encryption Algorithm” ANSI X3.92- 1981, and in “American National Standard for Information Systems-Data Encryption Algorithm-Modes of Operation” ANSI X3.106-1983.
  • FIG. 1 is a block diagram of decrypting apparatus according to the principles of the present invention.
  • Figure 2 is a block diagram of a satellite video signal broadcasting and receiving system including the decrypting apparatus of Figure 1 in a transport unit of Figure 2.
  • Figures 3-13 depict block diagrams and tables which are helpful in understanding the decrypting operation of the apparatus shown in Figure 1.
  • Figures 14 and 15 respectively show a state diagram and an associated logic table for an input main state machine in the system of Figure 1.
  • Figures 16 and 17 respectively show a state diagram and an associated logic table for an output state machine in the system of Figure 1.
  • the decryption apparatus shown in Figure 1 operates in accordance with the Data Encryption/Decryption Algorithm (DEA), which is a standard algorithm for encrypting and decrypting digital data as discussed in "American National Standard Data Encryption Algorithm” ANSI X3.92-1981.
  • DEA Data Encryption/Decryption Algorithm
  • the Figure 1 apparatus operates in an "electronic codebook mode" as described in "American National Standard for Information
  • each key is a 64 bit word comprising 56 decryption bits and 8 parity check bits. In the disclosed system, the 8 parity bits are not used.
  • An input signal may comprise either encrypted ciphertext data, or unencrypted plaintext data.
  • plaintext is intelligible text or signals that have meaning and that can be read and used
  • decryption is the process of transforming ciphertext into plaintext by means of a standard algorithm.
  • the input signal is in the form of a parallel 8 byte datastream of 8 bits/byte.
  • An input 8 byte shift register 10 acquires input data one byte at a time in response to a clock.
  • the clock signals are not shown to simplify the drawing.
  • 8 bits (1 byte) are clocked into register 10 during each clock cycle, whereby 8 clock cycles are required to fully load register 10 with 64 bits.
  • Elements 12, 14, 16 and 18 form a decryption processor.
  • the loading of input register 10 is accomplished while the decryption processor is performing the data decryption algorithm on 64 bits of data from a previous input cycle. Since the standard data decryption algorithm (as will be discussed) is composed of 16 iterations, and 8 clock cycles are required to load register 10, the clocking speed of decryption processor elements 12, 14, 16 and 18 is twice as fast as that of input register 10, ie., twice as fast as the speed of acquiring the next 8 bytes of input data.
  • the decrypting operation is under the control of a state machine 20, eg., a microcontroller.
  • State machine 20 may be programmed to cause the system to wait between decrypting data while the rest of the next 64 bits of input data is acquired, or it may be programmed to cause the system to proceed directly to decrypting new data after completing the decryption of the previous data. State machine 20 responds to input control signals Start and Bypass, and produces an output Control signal.
  • the Bypass signal signifies that the normal decryption operation is to be modified so that input unscrambled plaintext data remains in the same form at an output of the decryption network, ie., the decryption process is to be bypassed.
  • An output Control signal from state machine 20 conveys this bypass instruction to decryption processing elements 12 and 16, and to output state machine 22.
  • state machine 20 causes "I" register 12 to be loaded from input register 10, then register 12 waits ("idles") for an interval encompassing the 16 decryption iterations (as will be discussed in connection with Figure 3) without performing the iterations, after which the contents of register 12 are passed to output register 26. Since a final data permutation (inverse permutation) at the input of output register 26 is predetermined to be the inverse of the initial permutation at the input of register
  • the plaintext output data from register 26 is identical to the input plaintext data.
  • the decryption bypass function is advantageously accomplished without resorting to the circuit and interface complexities which would be associated with the use of switching networks for switching the plaintext data around the decryption processing network.
  • An input ciphertext/plaintext digital signal received and processed by the disclosed system is in the form of data packets including a data component which is subject to encryption, and an associated header component which contains data-identifying information.
  • the header is not encrypted.
  • the input Bypass control signal to unit 20 is produced in reponse to a control bit included in the header of a received data packet that is sensed by an input signal processing network (not shown).
  • the Control signal from unit 20 contains information that instructs register 12 to idle for sixteen iterations in the plaintext bypass mode, as noted above.
  • the Control signal from unit 20 also contains information that instructs a multiplexer in register 12 to select either the output of unit 10 or the output of unit 18 for processing.
  • the Start signal input to unit 20 is generated by an input signal processing network preceding unit 20 (not shown) that senses the header of a received 8 byte data packet and, after eight bytes are sensed
  • Figures 14 and 15 respectively show a state diagram and an associated logic table for state machine 20.
  • unit 20 When the Start signal is received, unit 20 first initializes the decryption system by loading 64 bit input data from unit 10 to unit 12. Unit 20 then counts the 16 iterations of the decryption, after which unit 20 waits for the next Start signal. In anticipation of the last Start signal still being present at the end of die decryption process, unit
  • Figures 16 and 17 respectively show a state diagram and an associated logic table for output state machine 22.
  • unit 22 receives a Done (Not done) control signal from state machine 20, that signal indicates that data is being decrypted or is being passed through the apparatus in the bypass mode. Unit 22 then advances to a Ready state.
  • state machine 20 signals that the decryption process is Done
  • output state machine 22 counts out the 8 bytes (states SI through S8). Unit 22 then waits for the Done then Done signal sequence. If a Done signal is received while the 8 bytes are being distributed, unit 22 keeps track of this by finishing the count with state Rl through R8.
  • unit 22 goes to the Ready state and waits until the decryption process is completed. If a Done signal is received while states Rl through R8 are being used, then at the end of the count state machine 22 goes directly to distributing the next 8 bytes.
  • the codeword permutations defined by the DEA standard are implemented by appropriately arranging the data bits on the data links interconnecting units 12, 14, 16 and 18 in Figure 1.
  • a decipher bit selection function performed by unit 18 is advantageously implemented by a combinational logic network.
  • the bit selection function may be implemented by means of a 6-input, 4-output combinational logic arrangement as will be explained subsequently.
  • the use of combinational logic for performing the bit selection function is considered to result in economy of hardware and faster operation of the selection function compared to the use of a ROM-based Look-Up table, for example.
  • Output state machine 22 allows the plaintext output to be conveyed to the output channel via register 26 one byte at a time while the next 64 bit sequence is being processed by units 12-18, and while another 64 bit sequence is being acquired by input register 10.
  • Output state machine 22 may be programmed to either wait after the last byte of a given sequence has been conveyed by output register 26 (since the next 64 bits may not have been completely decrypted), or state machine 22 may immediately begin distributing the next 64 bit plaintext output sequence.
  • state machine 22 and output register 26 may wait in the case of data occurring at a slow or non-uniform rate, or unit 22 may cause data blocks to be shifted out of register 26 as they appear in the case of data occurring at a maximum rate.
  • Output state machine 22 determines whether or not new data is being processed by the decryption network, if new data is being processed but is not completely decrypted, or if new data is decrypted and is waiting to be distributed to the output channel via register 26. This is determined in response to, for example, Control signal information from unit 20 indicating that a given block has been decrypted after sixteen iterations.
  • bypass mode when unencrypted plaintext input information is present, the input plaintext information is conveyed from input register 10 to output register 26 via decryption processor units 12 and 18, which exhibit modified operation in this mode. Specifically, the output of unit 18, corresponding to block 622 in Figure 6, is not used during the 16 iteration cycle over which decryption is otherwise performed.
  • the bypass mode is facilitated by causing register 12 to idle during the bypass mode, as follows.
  • the decryption processor and state machine 20 commence operation in substantially the same way as during a decryption operating mode. Data is transfered from shift register 10 to register 12 with a permutation of bit positions as described previously.
  • the right half of register 12 gets the previous left half of register 12, and the left half of register 12 gets the output of combinational logic circuit 18.
  • the bypass mode there is only one iteration in the bypass mode. In this one bypass iteration, the right half of register 12 gets the previous left half of register 12, and the left half of register 12 gets the previous right half of register 12.
  • Register 12 maintains its value until output register 26 is ready to accept data from register 12.
  • Register 12 maintains its value by conveying output to input on each clock.
  • the data encryption/decryption algorithm is designed to encipher and decipher 64 bit data blocks, under control of a 64 bit key.
  • Deciphering uses the same key that was used for enciphering, but with the schedule of addressing the key bits altered so that the deciphering process is the reverse of the enciphering process.
  • a block to be enciphered is subjected to an initial permutation "IP", then to a complex key-dependent computation, and finally to a permutation IP- 1 that is the inverse of the initial permutation.
  • the key-dependent permutation may be defined in terms of a cipher function "f” and a key schedule function "KS.” Descriptions of computation and enciphering operations are provided below. The following notation is convenient to an understanding of the following material. Given two blocks L and R of bits, LR denotes a block consisting of the bits of L followed by the bits of R. Since concatenation is associative, Bl, B2...B8, for example, denotes a block consisting of the bits of Bl followed by the bits of B2 ... followed by the bits of B8.
  • the enciphering computation is illustrated by Figure 3.
  • the 64 bits of an input block to be enciphered are first subjected to initial permutation IP, as given in table 1 of Figure 4, before being received by register 12 in Figure 1.
  • the permuted input has bit 58 of the input as its first bit, bit 50 as its second bit, and so on, with bit 7 as the last bit.
  • the permuted input block is then input to a complex, key-dependent computation described by the equations that follow below.
  • the output of that computation called the
  • preoutput is then subjected to the permutation given in table 2 of Figure 5, which is the inverse of the of the initial permutation.
  • the output of the algorithm has bit 40 of the preoutput block as its first bit, bit 8 as its second bit, and so on, until bit 25 of the preoutput block is the last bit of the output.
  • the initial permutation performed at the input of register 12 may be accomplished by rearranging the wiring that connects the output of unit 10 to the input of unit 12. Alternatively, this could be accomplished by using a logic network.
  • the inverse permutation performed at the input of output register 26 may be accomplished similarly.
  • the computation uses the permuted input block as input to produce the preoutput block. Except for a final interchange of blocks, the computation consists of 16 iterations of a set of operations including calculation of cipher function f, which operates on two blocks, one of 32 bits and one of 48 bits, and produces a block of 32 bits. For example, let the 64 bits of the input block to an iteration consist of a 32 bit block L followed by a 32 bit block R, so that the input block is designated as LR.
  • the input of the first iteration of the calculation is the permuted input block. If L'R' is the output of the sixteenth iteration, then R'L' is the preoutput block.
  • a different block K of key bits is selected from the 64 bit key designated as KEY. This is accomplished by selectable 56 bit shift register 16 in response to the Control signal from unit 20. Specifically, shift register 16 shifts the 56 bits of the then active key one or two places for each iteration, as a function of a predetermined key schedule, and 48 bits are selected each time as indicated by function "K" at the output of shift register 16. In this example the 48 bits are selected by appropriately configuring the wiring bus between units 16 and 18.
  • KS be a function that takes an integer "n” in the range from 1 to 16 and a 64 bit block KEY as input and yields as output a 48 bit block Kn, which is a permuted selection of bits from KEY.
  • Kn is determined by the bits in 48 distinct bit positions of KEY.
  • KS is called the key schedule because the block K used in the nth iteration of Equation 1 above is the block Kn determined by
  • the preoutput block is then Ri ⁇ Li ⁇ .
  • the key schedule KS produces the 16 values of Kn that are required for the algorithm, as discussed in greater detail in the DEA publication "American National Standard Data Encryption Algorithm," American National
  • the inverse permutation IP -1 (the final permutation in Figure 1) which is applied to the preout block is the inverse of the initial permutation IP applied to the input.
  • Ln-i Rn + f(Ln,Kn) (Equation 5) where now R16L 16 is the permuted input block for the deciphering calculation and L0R0 is the preoutput block. That is, for the deciphering calculation with Ri6 Li6 as the permuted input, Ki6 is used in the first iteration, K15 in the second, and so on, with Ki used in the sixteenth iteration.
  • permutations performed at the transmitter/encryptor are the inverse of permutation performed at the receiver/decryptor.
  • initial permutation (IP) at the decryptor in Figure 1 has a corresponding inverse permutation performed at the encryptor.
  • the sixteen step iteration process involves the calculation of 16 key-dependent cipher functions f(R,K) performed by combinational logic bit selection network 18 in Figure 1. It should be understood that f(R,K) are actually decipher functions in the context of the decryption apparatus of Figure 1.
  • the decipher functions are the inverse of the cipher functions performed at the transmitter/encoder.
  • Figure 6 shows additional details of network 18. Referring to Figure 6, each calculation is performed with respect to a 32 bit block "R" designated as 610, and a 48 bit block "K” designated as 616. Block R is one-half of an input 64 bit data block, and K is a block of 48 bits chosen from a 64 bit key. Block R is expanded to 48 bits (block 614) by function "E" performed by unit 612, to be compatible with the length of block K when blocks
  • a combinational logic bit selection network 628 includes a plurality of unique selection functions SI, ... S8 which essentially form the basis of the cipher/decipher function.
  • Each selection function SI, ... S8 produces a unique combination of 4 output bits in response to 6 input bits received from an exclusive-OR logic network 626. That is, each of the selection functions substitutes one set of original bits for another set of bits.
  • the 6 bit to 4 bit substitution is in accordance with the DEA standard.
  • the original bits for which the substitution is made are either plaintext bits or encrypted bits, depending on whether the operation is being performed at a transmitter/encryptor or a receiver/decryptor.
  • block 610 represents an input data block to unit 12 of Figure 1
  • element E represents an expansion function performed within unit 12 in Figure 1.
  • Block 614 represents a 48 bit output block from unit 12 in Figure 1.
  • Block 616 represents an output data block from unit 16 of Figure 1 as applied to an input of unit 18 in Figure 1.
  • Network 626, processor 628 and a permutation function P indicated by element 620 are included within unit 18 in Figure 1, which produces an output 32 bit data block designated by 622 in Figure 6.
  • Elements 612, 614, 620 and 628 of Figure 6 perform the cipher function "f" shown in Figure 3.
  • the elements of Figure 6, particularly elements 612, 614, 626, 628 and 620 may be employed in both the encryption and decryption processes.
  • element E denotes an expansion function that receives an input block of 32 bits and produces an output block of 48 bits.
  • Function E is such that the 48 output bits, written as 8 blocks of six bits each, are obtained by selecting the input bits in the order indicated by table 3 in Figure 7.
  • the first three bits of E(R) are the bits in positions 32, 1, and 2 of R
  • the last two bits of E(R) are the bits in positions 32 and 1.
  • Each of the unique bit selection functions SI, S2, ...S8 receives a 6 bit input block and produces a 4 bit output block. This process is illustrated by table 4 of Figure 8, which contains values for function SI. If SI is the function defined by table 4, and B is a block of 6 bits, then S1(B) is determined as follows.
  • the first and last bits of B represent, in base 2 binary form, a number in the range 0 to 3. Let that number be "i.”
  • the middle four bits of B represent, in base 2, a number in the range 0 to 15.
  • the number in the ith row and the jth column is a number in the range 0 to 15 and is uniquely represented by a 4 bit block. That block is the output of S1(B) of SI for input B.
  • the row is binary 01 (ie., row 1) and the column is determined by binary 1101 (ie., column 13).
  • the number 5 appears, so the binary output is 0101.
  • the complete set of selection functions SI, S2, ... S8 is shown in table 6 in Figure 9.
  • Table 4 which defines selection function SI, may be used as shown, ie., as shown in the specification of the DEA standard noted above. However, in the illustrated Figure 1 system, table 4 in Figure 8 was rearranged as shown in Figure 11 to facilitate the use of a combinational logic network rather than Look-Up tables.
  • the table was rearranged so that 6 bit input B represents (in base 2) a number in the range 0 to 63, without altering the order of the bits in B.
  • the "Output" represents the quantity S1(B) discussed above.
  • the table of Figure 11 was further arranged, as indicated by the table of Figure 12, so that the unique 4 bit ouputs (representing numbers in the range 0-16) could be used to determine the four possible 6 bit B inputs (representing numbers in the range 0-63) that produce the output. That is, the table of
  • Figure 12 represents the relationship between a 4 bit output and possible 6 bit B inputs.
  • a Boolean algebra expression was created that describes the function represented by the table shown in Figure 12. This Boolean expression is used to synthesize a combinational logic circuit, using conventional logic circuit design techniques, for the selection function indicated by the table of Figure 12.
  • Figure 13 shows the VHDL code for implementing the Boolean expression of the table in Figure 12. Techniques similar to that described above for the tables shown in Figures 8 and 11-13 for selection function SI are used to create Boolean expressions for synthesizing combinational logic circuits for each of the other bit selection functions S2, ... S8, which selection functions are shown in table 6 of Figure 9. The described re-arranging of decryption tables could also be done at a transmitter/encryptor, but it is not necessary to do so.
  • the permutation function P yields a 32 bit output block from a 32 bit input block by permuting the bits of the input block.
  • the permutation function is defined by table 5 in Figure 10.
  • the output P(L) for the function P defined by this table is obtained from the input L by taking the 16th bit of L as the first bit of P(L), the seventh bit of L as the second bit of P(L), and so on until the 25th bit of L is taken as the 32nd bit of P(L).
  • ... S8 are eight distinct selection functions
  • P is the permutation function function
  • E is the expansion function.
  • blocks Bl, ... B8 are defined as blocks of 6 bits each for which
  • K+E(R) is first divided into the eight blocks as indicated in Equation 6. Then each Bi is taken as an input to Si, and the 8 blocks S1(B1),S2(B2), ... S8(B8) of 4 bits each are consolidated into a single block of 32 bits that forms the input to P. The output (shown in Equation 7) is then the output of the function f for inputs R and K.
  • a transmitter section processes signals from a source 30.
  • source 30 includes a plurality of audio and video sources, eg., including television signal sources which contain information in the form of transport packets including a payload data component and an associated header component which describes the contents of an associated data component.
  • the data packets from the respective sources are subjected to asynchronous time division multiplexing (ATDM) onto an output path before being processed by units 32 and 34.
  • ATDM synchronous time division multiplexing
  • Signals from source 30 are encoded and compressed by a unit 32, which in this example includes MPEG coding apparatus.
  • MPEG is an international standard developed by the Moving Pictures Expert Group of the International Standards Organization for coded representation of moving pictures and associated audio stored on a digital storage medium.
  • Encoded signals from unit 32 are provided to a Quaternary Phase Shift Keyed (QPSK) modulator and FEC (Forward Error Corrector) 34, which encodes the signal with error correction data and QPSK modulates the encoded signal onto a carrier.
  • Unit 34 performs both convolutional and Reed Solomon (RS) coding.
  • Uplink unit 36 transmits the compressed and encoded signal to satellite 40, which broadcasts the signal to a selected geographic reception area.
  • satellite 40 operates in two modes, which trade off channel capacity and transmission power. In one mode, satellite 40 transmits 16 channels at 120 watts each, and in other mode transmits 8 channels at 240 watts each.
  • the signal from satellite 40 is received by an antenna (not shown) and is coupled to an input tuner circuit 44 of a receiver.
  • An output signal from tuner 44 is QPSK demodulated by unit 46, decoded by means of units 48, 50 and 52, and applied to a transport processor 56.
  • a QPSK demodulator suitable for use as unit 46 is commercially available from Hughes Network Systems of Germantown, MD (integrated circuit type No. 1016212), and from Comstream Corp., San Diego, California (No. CD 2000).
  • Transport processor 56 transports a decoded output signal from unit 52 to appropriate decoders within unit 62 depending upon the content of the signal from unit 52, eg., audio or video information.
  • Transport unit 56 receives corrected data packets from unit 52 and examines the header of each packet to determine its routing.
  • Transport unit 56 includes the decryption apparatus shown in Figure 1.
  • unencrypted plaintext information includes header data, decryption keys, listings of available program material for each of the several sources, audio and miscellaneous items.
  • a satellite system typically provides many more channels than broadcast or cable systems, with many more program listings which advantageously should not be decrypted.
  • Audio and video output signals from unit 62 are respectively applied to an audio processor 66, and to an NTSC television signal video encoder 64 which encodes the video signal to a format suitable for use by signal processing circuits in a standard NTSC consumer television receiver 68.
  • the audio signals from unit 66 are applied to an audio input of receiver 68.
  • a microcontroller 60 responds to an input User Control signal, eg., from a remote control device, and operates interactively with tuner 44, demodulator 46, decoder units 48 and 50, and transport processor 56, as described in detail in a copending PCT patent application (RCA 87,182) of John S. Stewart.
  • microcontroller 60 provides a Frequency control signal to tuner 44 in response to a user's channel selection, causing tuner 44 to tune to the appropriate channel.
  • QPSK demodulator 46 synchronizes with the tuned channel, provides a demodulated signal to decoder 48, and also provides a Signal Quality control signal to microcontroller 60 indicative of the quality (eg., signal to noise ratio) of a received signal.
  • Demodulator 46 also provides a Demodulator Lock control signal to microcontroller 60 indicating whether or not demodulator 46 is synchronized with the input signal.
  • Decoder 48 uses a Viterbi algorithm to decode and correct bit errors in the demodulated signal from unit 46.
  • Decoder 48 includes internal networks, as known, to synchronize its operation to the incoming demodulated signal in order to effectively decode the demodulated signal. Decoder 48 operates at one of two error correction decoding rates, which correspond to error correction coding rates provided at the transmitter. When satellite 40 operates in a low power mode, the transmitted signal uses a rate 2/3 error correction code, for example. When satellite 40 operates in a high power mode, the transmitted signal uses a rate 6/7 error correction code.
  • a Code Rate control signal eg., a binary signal developed by a comparator network in microcontroller 60, signifies either that the code rate used by decoder 48 should remain unchanged, or should be switched to another programmed code rate.
  • the Code Rate control signal may instruct decoder 48 to change the code rate as a function of the Signal Quality signal which indicates a low quality received signal, or as a function of the Demodulator Lock signal which indicates that demodulator 46 is not locked to (synchronized with) the received signal, coupled with an Error signal from Reed-Solomon decoder 52 indicating the occurrence of a decoding error.
  • decoder 48 If decoder 48 is using an incorrect error correction code rate for a given input signal, it is unlikely that RS decoder 52 will provide a normal output. An Error signal from decoder 52 will be analysed with regard to the Signal Quality and Demodulator Lock signals from demodulator 46. If the latter two signals indicate that the input signal is of acceptable quality and that demodulator 46 is synchronized with the input signal, it is likely that a decoding error manifested by the Error signal is caused by the fact that decoder 48 is using a code rate different from that of the received signal, ie., the error correction code rate of the transmitted signal was changed at the transmitter.
  • the Error signal may be due to these factors (eg., caused by rain fade) rather than to an incorrect code rate being used by decoder 48.
  • Microprocessor 60 may then wait a predetermined time before examining the control signals again.
  • De-interleaver 50 restores the ordering of data signal packets to an original sequence, and forms Reed-Solomon blocks in accordance with known techniques.
  • de- interleaver 27 relies upon an 8 bit sync word inserted by the encoder at the beginning of each RS block, thereby providing RS block synchronization.
  • the de-interleaved signal is supplied to Reed-Solomon decoder 28.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Error Detection And Correction (AREA)

Abstract

A receiver of satellite-broadcast signals including high definition television signals includes apparatus (12-26) for decrypting encrypted signals. When unencrypted 'plaintext' signal information which is not to be decrypted is received, the plaintext information is applied to the decrypting apparatus. Normal decrypting operation is modified so that the input plaintext information appears as unaltered plaintext information at the output of the decrypting apparatus. A bit selection network (628; S1, ... S8) associated with a decipher function (f(R,K)) of the decryption apparatus employs a combinational logic network (18, 628) rather than Look up Tables.

Description

Data Decryption Apparatus In a Subscription Television Signal Receiving System
Background of the Invention
This invention is related to the field of digital video signal processing, and more particularly to apparatus for decrypting a television signal received from a transmission channel such as a broadcast satellite, for example.
Subscriber video and television services, such as cable and satellite broadcast/receiving systems, often encrypt various broadcast services, such as video and audio, by means of a control word or "key" to limit access to only paid subscribers. The encrypting process at a transmitter may be in accordance with various techniques. Some of these techniques are described in "American National Standard Data Encryption Algorithm" ANSI X3.92- 1981, and in "American National Standard for Information Systems-Data Encryption Algorithm-Modes of Operation" ANSI X3.106-1983.
Summary of the Invention
In accordance with the principles of the invention, when predetermined information such as "plaintext" information which is not to be decrypted is received by decryption apparatus, such predetermined information is conveyed via the decryption processor rather than being routed around (ie., physically bypassing) the decryption processor. The normal operation of the decryption processor is modified so that the input predetermined information is conveyed by the decryption processor and appears unmodified at an output of the decryption processor. Brief Description of the Drawings
In the drawings:
Figure 1 is a block diagram of decrypting apparatus according to the principles of the present invention.
Figure 2 is a block diagram of a satellite video signal broadcasting and receiving system including the decrypting apparatus of Figure 1 in a transport unit of Figure 2.
Figures 3-13 depict block diagrams and tables which are helpful in understanding the decrypting operation of the apparatus shown in Figure 1. Figures 14 and 15 respectively show a state diagram and an associated logic table for an input main state machine in the system of Figure 1.
Figures 16 and 17 respectively show a state diagram and an associated logic table for an output state machine in the system of Figure 1.
Detailed Description
The decryption apparatus shown in Figure 1 operates in accordance with the Data Encryption/Decryption Algorithm (DEA), which is a standard algorithm for encrypting and decrypting digital data as discussed in "American National Standard Data Encryption Algorithm" ANSI X3.92-1981. In particular, the Figure 1 apparatus operates in an "electronic codebook mode" as described in "American National Standard for Information
Systems-Data Encryption Algorithm-Modes of Operation" ANSI X3.106- 1983. In this example it is assumed that a received input datastream contains data from five sources or "services" associated with a subscription television system, and that the decryption apparatus provides ten decryption keys, two for each service. The use of two alternate keys for each service advantageously allows a given key, which is not currently in use, to be modified periodically without disrupting current decryption processing using the other key. According to the DEA standard, each key is a 64 bit word comprising 56 decryption bits and 8 parity check bits. In the disclosed system, the 8 parity bits are not used. An input signal may comprise either encrypted ciphertext data, or unencrypted plaintext data. In accordance with the DEA standard, "plaintext" is intelligible text or signals that have meaning and that can be read and used, and decryption is the process of transforming ciphertext into plaintext by means of a standard algorithm. The input signal is in the form of a parallel 8 byte datastream of 8 bits/byte. An input 8 byte shift register 10 acquires input data one byte at a time in response to a clock. The clock signals are not shown to simplify the drawing. Thus 8 bits (1 byte) are clocked into register 10 during each clock cycle, whereby 8 clock cycles are required to fully load register 10 with 64 bits. Elements 12, 14, 16 and 18 form a decryption processor. The loading of input register 10 is accomplished while the decryption processor is performing the data decryption algorithm on 64 bits of data from a previous input cycle. Since the standard data decryption algorithm (as will be discussed) is composed of 16 iterations, and 8 clock cycles are required to load register 10, the clocking speed of decryption processor elements 12, 14, 16 and 18 is twice as fast as that of input register 10, ie., twice as fast as the speed of acquiring the next 8 bytes of input data. The decrypting operation is under the control of a state machine 20, eg., a microcontroller. State machine 20 may be programmed to cause the system to wait between decrypting data while the rest of the next 64 bits of input data is acquired, or it may be programmed to cause the system to proceed directly to decrypting new data after completing the decryption of the previous data. State machine 20 responds to input control signals Start and Bypass, and produces an output Control signal.
The Bypass signal signifies that the normal decryption operation is to be modified so that input unscrambled plaintext data remains in the same form at an output of the decryption network, ie., the decryption process is to be bypassed. An output Control signal from state machine 20 conveys this bypass instruction to decryption processing elements 12 and 16, and to output state machine 22. To bypass the decryption operation for a plaintext data input, state machine 20 causes "I" register 12 to be loaded from input register 10, then register 12 waits ("idles") for an interval encompassing the 16 decryption iterations (as will be discussed in connection with Figure 3) without performing the iterations, after which the contents of register 12 are passed to output register 26. Since a final data permutation (inverse permutation) at the input of output register 26 is predetermined to be the inverse of the initial permutation at the input of register
12, the plaintext output data from register 26 is identical to the input plaintext data. Thus the decryption bypass function is advantageously accomplished without resorting to the circuit and interface complexities which would be associated with the use of switching networks for switching the plaintext data around the decryption processing network.
An input ciphertext/plaintext digital signal received and processed by the disclosed system is in the form of data packets including a data component which is subject to encryption, and an associated header component which contains data-identifying information. The header is not encrypted. The input Bypass control signal to unit 20 is produced in reponse to a control bit included in the header of a received data packet that is sensed by an input signal processing network (not shown). The Control signal from unit 20 contains information that instructs register 12 to idle for sixteen iterations in the plaintext bypass mode, as noted above. The Control signal from unit 20 also contains information that instructs a multiplexer in register 12 to select either the output of unit 10 or the output of unit 18 for processing. The Start signal input to unit 20 is generated by an input signal processing network preceding unit 20 (not shown) that senses the header of a received 8 byte data packet and, after eight bytes are sensed
(indicating that input register 10 is full), generates information on the Control signal line that causes the output of input register 10 to be loaded into register 12. This information also informs output state machine 22 that another block of data has entered the data processing pipeline, which data block will be output from shift register 26 under control of unit 22 after the sixteen-step iterative decryption process has been completed as will be discussed.
Figures 14 and 15 respectively show a state diagram and an associated logic table for state machine 20. When the Start signal is received, unit 20 first initializes the decryption system by loading 64 bit input data from unit 10 to unit 12. Unit 20 then counts the 16 iterations of the decryption, after which unit 20 waits for the next Start signal. In anticipation of the last Start signal still being present at the end of die decryption process, unit
20 goes to state "Done-Wait" and waits for the Start signal to disappear, after which unit 20 waits for the next Start signal. The 13 states associated with the 5-bit data words between 10001 and 11111 are not used and do not occur, since only 19 states are needed as shown in this example.
Figures 16 and 17 respectively show a state diagram and an associated logic table for output state machine 22. When unit 22 receives a Done (Not done) control signal from state machine 20, that signal indicates that data is being decrypted or is being passed through the apparatus in the bypass mode. Unit 22 then advances to a Ready state. When state machine 20 signals that the decryption process is Done, output state machine 22 counts out the 8 bytes (states SI through S8). Unit 22 then waits for the Done then Done signal sequence. If a Done signal is received while the 8 bytes are being distributed, unit 22 keeps track of this by finishing the count with state Rl through R8. If at the end of the count the decryption is still not done, unit 22 goes to the Ready state and waits until the decryption process is completed. If a Done signal is received while states Rl through R8 are being used, then at the end of the count state machine 22 goes directly to distributing the next 8 bytes.
The codeword permutations defined by the DEA standard are implemented by appropriately arranging the data bits on the data links interconnecting units 12, 14, 16 and 18 in Figure 1. A decipher bit selection function performed by unit 18 is advantageously implemented by a combinational logic network. Specifically, the bit selection function may be implemented by means of a 6-input, 4-output combinational logic arrangement as will be explained subsequently. The use of combinational logic for performing the bit selection function is considered to result in economy of hardware and faster operation of the selection function compared to the use of a ROM-based Look-Up table, for example.
Output state machine 22 allows the plaintext output to be conveyed to the output channel via register 26 one byte at a time while the next 64 bit sequence is being processed by units 12-18, and while another 64 bit sequence is being acquired by input register 10. Output state machine 22 may be programmed to either wait after the last byte of a given sequence has been conveyed by output register 26 (since the next 64 bits may not have been completely decrypted), or state machine 22 may immediately begin distributing the next 64 bit plaintext output sequence. Thus state machine 22 and output register 26 may wait in the case of data occurring at a slow or non-uniform rate, or unit 22 may cause data blocks to be shifted out of register 26 as they appear in the case of data occurring at a maximum rate. Output state machine 22 determines whether or not new data is being processed by the decryption network, if new data is being processed but is not completely decrypted, or if new data is decrypted and is waiting to be distributed to the output channel via register 26. This is determined in response to, for example, Control signal information from unit 20 indicating that a given block has been decrypted after sixteen iterations.
In the "bypass" mode, when unencrypted plaintext input information is present, the input plaintext information is conveyed from input register 10 to output register 26 via decryption processor units 12 and 18, which exhibit modified operation in this mode. Specifically, the output of unit 18, corresponding to block 622 in Figure 6, is not used during the 16 iteration cycle over which decryption is otherwise performed. The bypass mode is facilitated by causing register 12 to idle during the bypass mode, as follows. When a 64 bit input has been received in the bypass mode, the decryption processor and state machine 20 commence operation in substantially the same way as during a decryption operating mode. Data is transfered from shift register 10 to register 12 with a permutation of bit positions as described previously. In each of the 16 iterations of a decryption, the right half of register 12 gets the previous left half of register 12, and the left half of register 12 gets the output of combinational logic circuit 18. However, there is only one iteration in the bypass mode. In this one bypass iteration, the right half of register 12 gets the previous left half of register 12, and the left half of register 12 gets the previous right half of register 12. Register 12 maintains its value until output register 26 is ready to accept data from register 12. Register 12 maintains its value by conveying output to input on each clock. More specific information concerning the DEA Data Encryption/Decryption Algorithm performed by the apparatus of Figure 1 follows immediately below, based on the DEA publication "American National Standard Data Encryption Algorithm," American National Standard X3.92- 1981. The decryption process is essentially the inverse of the encryption process which is described in more detail below.
The data encryption/decryption algorithm is designed to encipher and decipher 64 bit data blocks, under control of a 64 bit key. Deciphering uses the same key that was used for enciphering, but with the schedule of addressing the key bits altered so that the deciphering process is the reverse of the enciphering process.
A block to be enciphered is subjected to an initial permutation "IP", then to a complex key-dependent computation, and finally to a permutation IP-1 that is the inverse of the initial permutation. The key-dependent permutation may be defined in terms of a cipher function "f" and a key schedule function "KS." Descriptions of computation and enciphering operations are provided below. The following notation is convenient to an understanding of the following material. Given two blocks L and R of bits, LR denotes a block consisting of the bits of L followed by the bits of R. Since concatenation is associative, Bl, B2...B8, for example, denotes a block consisting of the bits of Bl followed by the bits of B2 ... followed by the bits of B8.
The enciphering computation is illustrated by Figure 3. The 64 bits of an input block to be enciphered are first subjected to initial permutation IP, as given in table 1 of Figure 4, before being received by register 12 in Figure 1. The permuted input has bit 58 of the input as its first bit, bit 50 as its second bit, and so on, with bit 7 as the last bit. The permuted input block is then input to a complex, key-dependent computation described by the equations that follow below. The output of that computation, called the
"preoutput", is then subjected to the permutation given in table 2 of Figure 5, which is the inverse of the of the initial permutation. Thus, the output of the algorithm has bit 40 of the preoutput block as its first bit, bit 8 as its second bit, and so on, until bit 25 of the preoutput block is the last bit of the output. The initial permutation performed at the input of register 12 may be accomplished by rearranging the wiring that connects the output of unit 10 to the input of unit 12. Alternatively, this could be accomplished by using a logic network. The inverse permutation performed at the input of output register 26 may be accomplished similarly.
The computation uses the permuted input block as input to produce the preoutput block. Except for a final interchange of blocks, the computation consists of 16 iterations of a set of operations including calculation of cipher function f, which operates on two blocks, one of 32 bits and one of 48 bits, and produces a block of 32 bits. For example, let the 64 bits of the input block to an iteration consist of a 32 bit block L followed by a 32 bit block R, so that the input block is designated as LR. If K is a block of 48 bits chosen from the 64 bit key, then the output L'R' of an iteration with input LR is defined by L' =R R' =L + f(R,K) (Equation 1) where in this example "+" denotes bit-by-bit modulo 2 addition.
As stated earlier, the input of the first iteration of the calculation is the permuted input block. If L'R' is the output of the sixteenth iteration, then R'L' is the preoutput block. At each iteration a different block K of key bits is selected from the 64 bit key designated as KEY. This is accomplished by selectable 56 bit shift register 16 in response to the Control signal from unit 20. Specifically, shift register 16 shifts the 56 bits of the then active key one or two places for each iteration, as a function of a predetermined key schedule, and 48 bits are selected each time as indicated by function "K" at the output of shift register 16. In this example the 48 bits are selected by appropriately configuring the wiring bus between units 16 and 18. An example of such a key schedule is described in "American National Standard Data Encryption Algorithm" ANSI X3.92- 1981 mentioned previously. The iterations of the computation can now be described in more detail. Let KS be a function that takes an integer "n" in the range from 1 to 16 and a 64 bit block KEY as input and yields as output a 48 bit block Kn, which is a permuted selection of bits from KEY.
Kn = KS(n,KEY) (Equation 2)
Kn is determined by the bits in 48 distinct bit positions of KEY. KS is called the key schedule because the block K used in the nth iteration of Equation 1 above is the block Kn determined by
Equation 2. As before, let the permuted input block be LR. Let Lo and Ro be respectively L and R, and let Ln and Rn be respectively L' and R' of equation 1, when L and R are respectively Ln-i and Rn- l and K is Kn. That is, when n is in the range 1 to 16 Ln = Rn-l
Rn = Ln-i + f(Rn-ι,Kn) (Equation 3)
The preoutput block is then RiδLiό. The key schedule KS produces the 16 values of Kn that are required for the algorithm, as discussed in greater detail in the DEA publication "American National Standard Data Encryption Algorithm," American National
Standard X3.92- 1981.
During the deciphering operation performed by the apparatus of Figure 1, the inverse permutation IP-1 (the final permutation in Figure 1) which is applied to the preout block is the inverse of the initial permutation IP applied to the input.
From Equation 1 it follows that
R = L'
L = R' + f(L\K) (Equation 4)
Consequently, to decipher it is only necessary to apply the same algorithm to an enciphered message block, taking care that at each iteration of the computation the same block of key bits K is used during deciphering as was used during the enciphering of the block. This concept can be expressed as follows:
Rn-l = Ln
Ln-i = Rn + f(Ln,Kn) (Equation 5) where now R16L 16 is the permuted input block for the deciphering calculation and L0R0 is the preoutput block. That is, for the deciphering calculation with Ri6 Li6 as the permuted input, Ki6 is used in the first iteration, K15 in the second, and so on, with Ki used in the sixteenth iteration. In connection with the above it is noted that permutations performed at the transmitter/encryptor are the inverse of permutation performed at the receiver/decryptor. Thus initial permutation (IP) at the decryptor in Figure 1 has a corresponding inverse permutation performed at the encryptor.
The sixteen step iteration process (Figure 3) involves the calculation of 16 key-dependent cipher functions f(R,K) performed by combinational logic bit selection network 18 in Figure 1. It should be understood that f(R,K) are actually decipher functions in the context of the decryption apparatus of Figure 1. The decipher functions are the inverse of the cipher functions performed at the transmitter/encoder. Figure 6 shows additional details of network 18. Referring to Figure 6, each calculation is performed with respect to a 32 bit block "R" designated as 610, and a 48 bit block "K" designated as 616. Block R is one-half of an input 64 bit data block, and K is a block of 48 bits chosen from a 64 bit key. Block R is expanded to 48 bits (block 614) by function "E" performed by unit 612, to be compatible with the length of block K when blocks
R and K are combined by unit 626. As noted previously, for each iteration a different block K of 48 key bits is chosen (permuted) from the (shifted) 64 bit key according to a predetermined schedule. A combinational logic bit selection network 628 includes a plurality of unique selection functions SI, ... S8 which essentially form the basis of the cipher/decipher function. Each selection function SI, ... S8 produces a unique combination of 4 output bits in response to 6 input bits received from an exclusive-OR logic network 626. That is, each of the selection functions substitutes one set of original bits for another set of bits. The 6 bit to 4 bit substitution is in accordance with the DEA standard. The original bits for which the substitution is made are either plaintext bits or encrypted bits, depending on whether the operation is being performed at a transmitter/encryptor or a receiver/decryptor.
More specifically, in Figure 6, block 610 represents an input data block to unit 12 of Figure 1, and element E represents an expansion function performed within unit 12 in Figure 1. Block 614 represents a 48 bit output block from unit 12 in Figure 1. Block 616 represents an output data block from unit 16 of Figure 1 as applied to an input of unit 18 in Figure 1. Network 626, processor 628 and a permutation function P indicated by element 620 are included within unit 18 in Figure 1, which produces an output 32 bit data block designated by 622 in Figure 6. Elements 612, 614, 620 and 628 of Figure 6 perform the cipher function "f" shown in Figure 3. The elements of Figure 6, particularly elements 612, 614, 626, 628 and 620, may be employed in both the encryption and decryption processes.
In Figure 6, element E denotes an expansion function that receives an input block of 32 bits and produces an output block of 48 bits. Function E is such that the 48 output bits, written as 8 blocks of six bits each, are obtained by selecting the input bits in the order indicated by table 3 in Figure 7. Thus, the first three bits of E(R) are the bits in positions 32, 1, and 2 of R, and the last two bits of E(R) are the bits in positions 32 and 1. Each of the unique bit selection functions SI, S2, ...S8 receives a 6 bit input block and produces a 4 bit output block. This process is illustrated by table 4 of Figure 8, which contains values for function SI. If SI is the function defined by table 4, and B is a block of 6 bits, then S1(B) is determined as follows. The first and last bits of B represent, in base 2 binary form, a number in the range 0 to 3. Let that number be "i." The middle four bits of B represent, in base 2, a number in the range 0 to 15. Let that number be "j." In table 4, the number in the ith row and the jth column is a number in the range 0 to 15 and is uniquely represented by a 4 bit block. That block is the output of S1(B) of SI for input B. For example, for binary input 011011 the row is binary 01 (ie., row 1) and the column is determined by binary 1101 (ie., column 13). In row 1, column 13, the number 5 appears, so the binary output is 0101. The complete set of selection functions SI, S2, ... S8 is shown in table 6 in Figure 9.
Table 4, which defines selection function SI, may be used as shown, ie., as shown in the specification of the DEA standard noted above. However, in the illustrated Figure 1 system, table 4 in Figure 8 was rearranged as shown in Figure 11 to facilitate the use of a combinational logic network rather than Look-Up tables.
Specifically, as shown by the table in Figure 11, the table was rearranged so that 6 bit input B represents (in base 2) a number in the range 0 to 63, without altering the order of the bits in B. In the table of Figure 11, the "Output" represents the quantity S1(B) discussed above.
The table of Figure 11 was further arranged, as indicated by the table of Figure 12, so that the unique 4 bit ouputs (representing numbers in the range 0-16) could be used to determine the four possible 6 bit B inputs (representing numbers in the range 0-63) that produce the output. That is, the table of
Figure 12 represents the relationship between a 4 bit output and possible 6 bit B inputs. Finally, a Boolean algebra expression was created that describes the function represented by the table shown in Figure 12. This Boolean expression is used to synthesize a combinational logic circuit, using conventional logic circuit design techniques, for the selection function indicated by the table of Figure 12. Figure 13 shows the VHDL code for implementing the Boolean expression of the table in Figure 12. Techniques similar to that described above for the tables shown in Figures 8 and 11-13 for selection function SI are used to create Boolean expressions for synthesizing combinational logic circuits for each of the other bit selection functions S2, ... S8, which selection functions are shown in table 6 of Figure 9. The described re-arranging of decryption tables could also be done at a transmitter/encryptor, but it is not necessary to do so.
The permutation function P yields a 32 bit output block from a 32 bit input block by permuting the bits of the input block. The permutation function is defined by table 5 in Figure 10. The output P(L) for the function P defined by this table is obtained from the input L by taking the 16th bit of L as the first bit of P(L), the seventh bit of L as the second bit of P(L), and so on until the 25th bit of L is taken as the 32nd bit of P(L). Assuming SI, ... S8 are eight distinct selection functions, P is the permutation function function, and E is the expansion function. To define f(R,K), blocks Bl, ... B8 are defined as blocks of 6 bits each for which
B1B2 ... B8 = K + E(R). (Equation 6)
The block f(R,K) is then defined to be P(S1(B1)S2(B2) ... S8(B8)). (Equation 7)
Thus, K+E(R) is first divided into the eight blocks as indicated in Equation 6. Then each Bi is taken as an input to Si, and the 8 blocks S1(B1),S2(B2), ... S8(B8) of 4 bits each are consolidated into a single block of 32 bits that forms the input to P. The output (shown in Equation 7) is then the output of the function f for inputs R and K.
In the satellite transmitter/receiver system of Figure 2, a transmitter section processes signals from a source 30. In this example source 30 includes a plurality of audio and video sources, eg., including television signal sources which contain information in the form of transport packets including a payload data component and an associated header component which describes the contents of an associated data component. The data packets from the respective sources are subjected to asynchronous time division multiplexing (ATDM) onto an output path before being processed by units 32 and 34.
Signals from source 30 are encoded and compressed by a unit 32, which in this example includes MPEG coding apparatus. MPEG is an international standard developed by the Moving Pictures Expert Group of the International Standards Organization for coded representation of moving pictures and associated audio stored on a digital storage medium. Encoded signals from unit 32 are provided to a Quaternary Phase Shift Keyed (QPSK) modulator and FEC (Forward Error Corrector) 34, which encodes the signal with error correction data and QPSK modulates the encoded signal onto a carrier. Unit 34 performs both convolutional and Reed Solomon (RS) coding. Uplink unit 36 transmits the compressed and encoded signal to satellite 40, which broadcasts the signal to a selected geographic reception area. In this example satellite 40 operates in two modes, which trade off channel capacity and transmission power. In one mode, satellite 40 transmits 16 channels at 120 watts each, and in other mode transmits 8 channels at 240 watts each.
The signal from satellite 40 is received by an antenna (not shown) and is coupled to an input tuner circuit 44 of a receiver. An output signal from tuner 44 is QPSK demodulated by unit 46, decoded by means of units 48, 50 and 52, and applied to a transport processor 56. A QPSK demodulator suitable for use as unit 46 is commercially available from Hughes Network Systems of Germantown, MD (integrated circuit type No. 1016212), and from Comstream Corp., San Diego, California (No. CD 2000). Transport processor 56 transports a decoded output signal from unit 52 to appropriate decoders within unit 62 depending upon the content of the signal from unit 52, eg., audio or video information. Transport unit 56 receives corrected data packets from unit 52 and examines the header of each packet to determine its routing. Transport unit 56 includes the decryption apparatus shown in Figure 1. In this satelllite subscription system, unencrypted plaintext information includes header data, decryption keys, listings of available program material for each of the several sources, audio and miscellaneous items. A satellite system typically provides many more channels than broadcast or cable systems, with many more program listings which advantageously should not be decrypted.
Audio and video output signals from unit 62 are respectively applied to an audio processor 66, and to an NTSC television signal video encoder 64 which encodes the video signal to a format suitable for use by signal processing circuits in a standard NTSC consumer television receiver 68. The audio signals from unit 66 are applied to an audio input of receiver 68. A microcontroller 60 responds to an input User Control signal, eg., from a remote control device, and operates interactively with tuner 44, demodulator 46, decoder units 48 and 50, and transport processor 56, as described in detail in a copending PCT patent application (RCA 87,182) of John S. Stewart. Briefly, microcontroller 60 provides a Frequency control signal to tuner 44 in response to a user's channel selection, causing tuner 44 to tune to the appropriate channel. QPSK demodulator 46 synchronizes with the tuned channel, provides a demodulated signal to decoder 48, and also provides a Signal Quality control signal to microcontroller 60 indicative of the quality (eg., signal to noise ratio) of a received signal. Demodulator 46 also provides a Demodulator Lock control signal to microcontroller 60 indicating whether or not demodulator 46 is synchronized with the input signal. Decoder 48 uses a Viterbi algorithm to decode and correct bit errors in the demodulated signal from unit 46. Decoder 48 includes internal networks, as known, to synchronize its operation to the incoming demodulated signal in order to effectively decode the demodulated signal. Decoder 48 operates at one of two error correction decoding rates, which correspond to error correction coding rates provided at the transmitter. When satellite 40 operates in a low power mode, the transmitted signal uses a rate 2/3 error correction code, for example. When satellite 40 operates in a high power mode, the transmitted signal uses a rate 6/7 error correction code. A Code Rate control signal, eg., a binary signal developed by a comparator network in microcontroller 60, signifies either that the code rate used by decoder 48 should remain unchanged, or should be switched to another programmed code rate. The Code Rate control signal may instruct decoder 48 to change the code rate as a function of the Signal Quality signal which indicates a low quality received signal, or as a function of the Demodulator Lock signal which indicates that demodulator 46 is not locked to (synchronized with) the received signal, coupled with an Error signal from Reed-Solomon decoder 52 indicating the occurrence of a decoding error.
If decoder 48 is using an incorrect error correction code rate for a given input signal, it is unlikely that RS decoder 52 will provide a normal output. An Error signal from decoder 52 will be analysed with regard to the Signal Quality and Demodulator Lock signals from demodulator 46. If the latter two signals indicate that the input signal is of acceptable quality and that demodulator 46 is synchronized with the input signal, it is likely that a decoding error manifested by the Error signal is caused by the fact that decoder 48 is using a code rate different from that of the received signal, ie., the error correction code rate of the transmitted signal was changed at the transmitter. If the Signal Quality or Demodulator Lock signal indicate a poor quality received signal or lack of demodulator synchronism, the Error signal may be due to these factors (eg., caused by rain fade) rather than to an incorrect code rate being used by decoder 48. Microprocessor 60 may then wait a predetermined time before examining the control signals again.
De-interleaver 50 restores the ordering of data signal packets to an original sequence, and forms Reed-Solomon blocks in accordance with known techniques. For this purpose de- interleaver 27 relies upon an 8 bit sync word inserted by the encoder at the beginning of each RS block, thereby providing RS block synchronization. The de-interleaved signal is supplied to Reed-Solomon decoder 28.

Claims

What Is Claimed Is:
1. In a system for receiving, from a communications channel, a video signal digital datastream including encrypted information and unencrypted information, datastream processing apparatus comprising: input means (10) for receiving said datastream; information decryption means (12-18) for receiving signals containing encrypted and unencrypted information from said input means, said decryption means (a) in a normal first mode exhibiting normal decrypting operation in response to a received signal containing encrypted information, and (b) in a second mode exhibiting modified operation in response to a received signal containing unencrypted information such that said unencrypted information is conveyed via said decryption means essentially unaltered to an output of said decryption means; and output means (26) for conveying signals from said output of said decryption means to an output channel.
2. Apparatus according to claim 1, wherein said apparatus in included in a subscription satellite broadcast system for broadcasting information from a plurality of sources including a plurality of unencrypted program guides and decryption keys.
3. Apparatus according to claim 1, wherein said input means comprises an input shift register (10); said output means comprises an output shift register (26); said decryption means includes an input storage device (26) for receiving data from said input shift register; and said decryption means performs iterative data permutations in said normal first mode, and in said second mode idles for a prescribed interval without performing said iterations, after which interval data are passed from said decryption means to said output shift register.
4. Apparatus according to claim 3, wherein said output shift register conveys data to said output channel while said decryption means is processing a subsequent data sequence and said input shift register is acquiring a further data sequence.
5. Apparatus according to claim 1, wherein said decryption means includes means for performing an initial data permutation (IP), a key-dependent iterative computation, and a final permutation that is the inverse of the initial permutation (IP*-1)-
6. Apparatus according to claim 1, wherein said decryption means comprises a storage device (12) having a first input for receiving data from said input means, a second input, a first output coupled to said output means, and second output; and a bit selection network (18) having an input coupled to said second output of said storage device, and an output coupled to said second input of said storage device.
7. Apparatus according to claim 6, wherein said bit selection network is responsive to key bits.
PCT/US1994/002979 1994-03-18 1994-03-18 Data decryption apparatus in a subscription television signal receiving system WO1995026107A1 (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
BR9408551A BR9408551A (en) 1994-03-18 1994-03-18 Apparatus for processing a data stream in a reception system from a communications channel a digital data stream from a video signal including encrypted information and unencrypted information
JP7524610A JPH09510593A (en) 1994-03-18 1994-03-18 Data decryption device for pay television signal receiving system
EP94914715A EP0750821A4 (en) 1994-03-18 1994-03-18 Data decryption apparatus in a subscription television signal receiving system
PCT/US1994/002979 WO1995026107A1 (en) 1994-03-18 1994-03-18 Data decryption apparatus in a subscription television signal receiving system
KR1019960705217A KR970701972A (en) 1994-03-18 1994-03-18 Data decryption apparatus in a subscription television signal receiving system
AU66969/94A AU6696994A (en) 1994-03-18 1994-03-18 Data decryption apparatus in a subscription television signal receiving system
SG1995000109A SG24103A1 (en) 1994-03-18 1995-03-16 Data decryption apparatus in a subscription television signal receiving system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
BR9408551A BR9408551A (en) 1994-03-18 1994-03-18 Apparatus for processing a data stream in a reception system from a communications channel a digital data stream from a video signal including encrypted information and unencrypted information
PCT/US1994/002979 WO1995026107A1 (en) 1994-03-18 1994-03-18 Data decryption apparatus in a subscription television signal receiving system

Publications (1)

Publication Number Publication Date
WO1995026107A1 true WO1995026107A1 (en) 1995-09-28

Family

ID=25664661

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1994/002979 WO1995026107A1 (en) 1994-03-18 1994-03-18 Data decryption apparatus in a subscription television signal receiving system

Country Status (5)

Country Link
EP (1) EP0750821A4 (en)
JP (1) JPH09510593A (en)
AU (1) AU6696994A (en)
BR (1) BR9408551A (en)
WO (1) WO1995026107A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100423575C (en) * 2002-12-25 2008-10-01 潍坊北大青鸟华光电子有限公司 Method for controlling digital TV receive
EP2315440A3 (en) * 2002-01-02 2012-05-09 Sony Electronics Inc. Television apparatus and circuit

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4167700A (en) * 1977-05-02 1979-09-11 Motorola, Inc. Digital voice protection system and method
US4944006A (en) * 1987-03-12 1990-07-24 Zenith Electronics Corporation Secure data packet transmission system and method
US5144663A (en) * 1986-04-18 1992-09-01 Kudelski S.A. Fabrique D'engregistreurs Nagra Method of interactive communication between a subscriber and a decoder of a system of pay-television and decoder thereof
US5199067A (en) * 1989-12-08 1993-03-30 Laboratoire Europeen De Recherches Electroniques Avancees Societe En Nom Collectif Process for promotion of pay television broadcasts, and device for use of the process
US5274706A (en) * 1991-08-09 1993-12-28 Sony Corporation Tuning system for television signal

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5001554A (en) * 1988-12-23 1991-03-19 Scientific-Atlanta, Inc. Terminal authorization method
JPH05130604A (en) * 1991-11-06 1993-05-25 Sony Corp Receiving equipment for scramble signal
US5247364A (en) * 1991-11-29 1993-09-21 Scientific-Atlanta, Inc. Method and apparatus for tuning data channels in a subscription television system having in-band data transmissions

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4167700A (en) * 1977-05-02 1979-09-11 Motorola, Inc. Digital voice protection system and method
US5144663A (en) * 1986-04-18 1992-09-01 Kudelski S.A. Fabrique D'engregistreurs Nagra Method of interactive communication between a subscriber and a decoder of a system of pay-television and decoder thereof
US4944006A (en) * 1987-03-12 1990-07-24 Zenith Electronics Corporation Secure data packet transmission system and method
US5199067A (en) * 1989-12-08 1993-03-30 Laboratoire Europeen De Recherches Electroniques Avancees Societe En Nom Collectif Process for promotion of pay television broadcasts, and device for use of the process
US5274706A (en) * 1991-08-09 1993-12-28 Sony Corporation Tuning system for television signal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP0750821A4 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2315440A3 (en) * 2002-01-02 2012-05-09 Sony Electronics Inc. Television apparatus and circuit
CN100423575C (en) * 2002-12-25 2008-10-01 潍坊北大青鸟华光电子有限公司 Method for controlling digital TV receive

Also Published As

Publication number Publication date
BR9408551A (en) 1997-08-19
EP0750821A1 (en) 1997-01-02
EP0750821A4 (en) 1997-07-23
AU6696994A (en) 1995-10-09
JPH09510593A (en) 1997-10-21

Similar Documents

Publication Publication Date Title
JP3655921B2 (en) Method and apparatus for uniquely encrypting multiple services at a transmission point
US5285497A (en) Methods and apparatus for scrambling and unscrambling compressed data streams
US5550825A (en) Headend processing for a digital transmission system
JP3789469B2 (en) Method and apparatus for uniquely encrypting terminal data
US8054974B2 (en) Opportunistic use of null packets during encryption/decryption
US4803725A (en) Cryptographic system using interchangeable key blocks and selectable key fragments
US7062048B2 (en) Apparatus and method for single encryption with multiple authorization of distributed content data
US20100284537A1 (en) Method for efficiently decoding a number of data channels
JPS61208941A (en) Cryptographer
KR20050103928A (en) Robust system for transmitting and receiving map data
JP2007133400A (en) Methods of scrambling and descrambling unit of data
JPH11176091A (en) Digital information input output device, receiving device, recording device, and reproducing device
JPH0756831A (en) Method for transmission and reception of program for personal use
JPH05500298A (en) encryption device
CN1524362A (en) Streamcipher information redundant in next packet of encrypted frame
WO1995026107A1 (en) Data decryption apparatus in a subscription television signal receiving system
WO1995026086A1 (en) Data decryption apparatus in a subscription television signal receiving system
Drury DVB channel coding standards for broadcasting compressed video services
JPH11239125A (en) Method and system for cryptographic communication
CN108124182B (en) Multi-path demultiplexing method and device
US7583800B2 (en) Encryption apparatus and method in a wireless communications system
Samarakoon et al. Encrypted video over TETRA
JP2542584B2 (en) Subscription broadcasting system
CA2168748C (en) Method and apparatus for uniquely encrypting a plurality of services at a transmission site
JPH08202262A (en) Device and method for signal processing

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 94195060.3

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): AT AU BB BG BR BY CA CH CN CZ DE DK ES FI GB HU JP KP KR KZ LK LU LV MG MN MW NL NO NZ PL PT RO RU SD SE SK UA US UZ VN

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)

Free format text: NL

ENP Entry into the national phase

Ref document number: 1996 702509

Country of ref document: US

Date of ref document: 19960830

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 1994914715

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1994914715

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: CA

WWW Wipo information: withdrawn in national office

Ref document number: 1994914715

Country of ref document: EP