WO2001074003A1 - Systeme et procede d'emission-reception - Google Patents

Systeme et procede d'emission-reception Download PDF

Info

Publication number
WO2001074003A1
WO2001074003A1 PCT/US2001/009797 US0109797W WO0174003A1 WO 2001074003 A1 WO2001074003 A1 WO 2001074003A1 US 0109797 W US0109797 W US 0109797W WO 0174003 A1 WO0174003 A1 WO 0174003A1
Authority
WO
WIPO (PCT)
Prior art keywords
data stream
component
encryption unit
encryption
secure transmission
Prior art date
Application number
PCT/US2001/009797
Other languages
English (en)
Inventor
Jun Maruo
Atsushi Kagami
Original Assignee
Sony Electronics, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Electronics, Inc. filed Critical Sony Electronics, Inc.
Priority to AU2001249509A priority Critical patent/AU2001249509A1/en
Publication of WO2001074003A1 publication Critical patent/WO2001074003A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/438Interfacing the downstream path of the transmission network originating from a server, e.g. retrieving MPEG packets from an IP network
    • H04N21/4385Multiplex stream processing, e.g. multiplex stream decrypting
    • H04N21/43853Multiplex stream processing, e.g. multiplex stream decrypting involving multiplex stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/436Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
    • H04N21/4367Establishing a secure communication between the client and a peripheral device or smart card
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Definitions

  • bi-directional set-top boxes used by the cable television industry. Specifically, the
  • present disclosure pertains to a method and system for selective encryption of data
  • Digital broadcast systems include direct broadcast digital satellite
  • CA Conditional Access
  • MSOs Multiple System Operators
  • Subscribers receive digital broadcasts (including satellite, cable and Web broadcasts) via set-top-boxes or other similar consumer electronic equipment located in the subscriber's home.
  • a subscriber can transmit messages to the MSO.
  • the bi-directional set-top box generally, a "transceiver” or “intelligent transceiver"
  • the subscriber selects a premium service, and the subscriber's selection as well as information needed for billing purposes is transmitted to the MSO.
  • a "smart card” stores the information needed for billing, and on a periodic basis (perhaps once per month) an automatic connection is made between the transceiver and the MSO so that the billing information can be transmitted to the MSO.
  • Digital broadcast content is vulnerable to unauthorized use and duplication ("pirating") while it is being broadcast, or after it has been received and is being processed in the electronic device.
  • the signal could be intercepted and displayed (or duplicated and rebroadcast) using a transceiver not provided by the MSO.
  • the signal could be diverted within the transceiver so that the smart card is bypassed. In either case, copyrights are circumvented.
  • the MSO is unaware of the unauthorized use and so does not have the information needed to collect the fees it is owed.
  • MSOs typically broadcast a scrambled signal.
  • the scrambled signal is then descrambled by a descrambling unit in the transceiver (e.g., using a key provided by the MSO, for example, in the smart card).
  • the typical transceiver includes a number of internal components or functional blocks.
  • the descrambed signal needs to be coupled to one or more additional internal components of the transceiver for further processing.
  • certain secure transmission techniques use encryption and decryption to protect the descrambled signal as it is transmitted among the internal components, for example, along one or more internal busses.
  • the descrambled signal is not exposed “in the clear” as it is transmitted between the internal components to thwart the pirates.
  • Prior Art Figure 1 is a block diagram showing some of the elements in one transceiver (e.g., a set-top box). It should be noted that for clarity, not all of the elements of the set-top box are shown.
  • Front-end unit 20 of the set-top box comprises a tuner (not shown), as well as other devices known in the art, for receiving a digital broadcast signal 90.
  • POD 10 typically is adapted to receive a smart card (not shown) that, as described above, can be used to provide billing information to the MSO.
  • the smart card also typically contains a key provided by the MSO that is used to descramble digital broadcast signal 90.
  • POD 10 includes a descrambling encryption unit 40 that uses the key provided by the MSO to descramble broadcast signal 90 (if the signal is scrambled). Descrambling/ encryption unit 40 also encrypts the signal (if the signal is not encrypted). It is appreciated that, in other prior art embodiments, descrambling functionality and the encryption functionality of unit 40 may consist of separate elements, one for descrambling and one for encrypting.
  • Front-end unit 20 also includes decryption unit 50 for decrypting an encrypted broadcast signal before the signal is sent to audio/visual (A/V) decoder 30.
  • A/V decoder 3Q is used for demultiplexing the signal and for decoding, for example, MPEG (Moving Picture Experts Group) video signals and/or Dolby AC 3 audio signals.
  • digital broadcast signal 90 is received by the set-top box at front-end unit 20 and forwarded to POD 10.
  • Broadcast signal 90 is descrambled by descrambling/encryption unit 40. Once descrambled, broadcast signal 90 is encrypted to prevent unauthorized duplication. Further downstream in the set-top box, broadcast signal 90 is decrypted using decryption unit 50 so that it can be decoded (e.g., MPEG or AC3 decoding) in A/V decoder 30, and subsequently processed so that it can be viewed and/or listened to by an authorized subscriber.
  • decryption unit 50 so that it can be decoded (e.g., MPEG or AC3 decoding) in A/V decoder 30, and subsequently processed so that it can be viewed and/or listened to by an authorized subscriber.
  • a problem with this embodiment is that, between decryption unit 50 and A/V decoder 30, broadcast signal 90 is transmitted in the clear at point 12 (that is, it is not scrambled nor is it encrypted at this point). Thus, at point 12, broadcast signal 90 can be intercepted and duplicated. As a digital signal, it is possible to make near perfect copies which can be readily distributed to unauthorized parties (e.g., rebroadcast via the Internet, copied onto a compact disk, etc.). While the MSO may receive payment for a one-time use, subsequent use by unauthorized users is made without proper compensation to the MSO or the copyright owners.
  • Prior Art Figure 2 illustrates some of the elements in another embodiment of a set-top box (for clarity, not all of the elements are shown).
  • Front-end unit 20, descrambling/encryption unit 40, POD 10, decryption unit 50, and A/V decoder 30 each function in a manner as described above in conjunction with Figure 1.
  • an additional encryption unit 55 is included in front end unit 20 and a corresponding decryption unit is included in A/V decoder 30.
  • broadcast signal 90 is again encrypted (by encryption unit 55) before transmission across bus 57 to A/V decoder 30.
  • A/V decoder 30 then decrypts broadcast signal 90 using decryption unit 56.
  • a problem with the embodiment of Figure 2 is that multiple encryption and decryption units need to be coordinated and operated. There exists a significant amount of overhead involved in maintaining the encrypt-decrypt processing of broadcast signal 90. For example, in one embodiment, multiple encryption/decryption keys need to be distributed and controlled among the various encryption and decryption units (e.g., units 40, 50, 55 and 56). This overhead imposes a significant processing penalty on the components of the set-top box. The overhead penalty is also imposed on the set top box embodiment of Figure 1.
  • a method and system that can prevent pirating of a descrambled and decrypted digital signal between multiple components (e.g., functional blocks) of an audio/video transceiver.
  • a method and system to prevent pirating that can be implemented in a transceiver (e.g., a set-top box) used in a digital broadcast system.
  • a method and system to prevent pirating that also reduces the overhead involved in managing an encryption/decryption process within a transceiver: •
  • the present invention includes a method and system that satisfies the above needs.
  • the present invention is implemented as a system for selective encryption of data as the data is transmitted between internal components of a transceiver.
  • the selective encryption provides for a system for selectively implementing secure transmission of a data stream (e.g., MPEG-2 data) between internal components of the transceiver, in accordance with the specific type of the data.
  • the transceiver includes a first component (e.g., an A/V MPEG-2 decode block) for receiving a data stream from an external source (e.g., an MSO) and the first component includes descrambling functionality (e.g., to descramble the data stream if scrambled).
  • a first encryption unit is coupled to the first component for J encrypting the data stream to produce an encrypted data stream.
  • the transceiver also includes a second component (e.g., a graphics block) coupled to the first component via a bus to receive the encrypted data stream.
  • a second encryption unit is coupled to the second component for decrypting the encrypted data stream.
  • the first encryption unit is configured to read a flag included in the data stream that indicates ,whether the data stream requires secure transmission. When- the flag indicates- that secure transmission is required, the first encryption unit encrypts the data stream and transmits via the bus the resulting encrypted data stream to the second component for further processing. When the flag indicates secure transmission is not required, the data stream is transmitted via the bus to the second component without encryption.
  • two separate memories are used to buffer the data stream prior to transmission. One memory buffers the data stream prior to encryption and subsequent transmission while the other memory buffers the data stream prior to transmission in-the-clear (e.g., when secure transmission is not required).
  • the encryption/decryption processes of the transceiver are coordinated and controlled by a processor included in the transceiver.
  • the management of the encryption/decryption process causes a significant amount of processor overhead.
  • processor cycles are consumed managing the encrypt decrypt process.
  • This frees processor cycles for other applications, such as, for example, a richer user interface, additional user interface features, etc.
  • less internal bus bandwidth is occupied managing the exchange of keys required for implementing the encrypt decrypt process.
  • the present invention provides a method and system that can prevent pirating of a descrambled and decrypted digital signal between multiple components (e.g., functional blocks) of an audio/video transceiver.
  • the present invention provides a method and system to prevent pirating that can be readily implemented in a transceiver (e.g., a set- top box) used in a digital broadcast system.
  • the method and system of the present invention prevents pirating while also reducing the overhead involved in managing the encryption-decryption process within the transceiver.
  • the data stream from the external source is a digital audio/visual media signal delivered to the intelligent transceiver using, for example, a terrestrial line (e.g., a cable system), the World Wide Web (e.g., a connection to the Internet), or a wireless transmission (e.g., a satellite broadcast).
  • a terrestrial line e.g., a cable system
  • the World Wide Web e.g., a connection to the Internet
  • a wireless transmission e.g., a satellite broadcast.
  • the encrypted signal is encrypted using an encryption routine compliant with the Data Encryption Standard Electronic Code Book (DES ECB).
  • DES ECB Data Encryption Standard Electronic Code Book
  • Prior Art Figure 1 is a block diagram showing some of the elements in one embodiment of a prior art transceiver (e.g., a set-top box).
  • a prior art transceiver e.g., a set-top box
  • Prior Art Figure 2 illustrates some of the elements in another embodiment of a prior art transceiver.
  • FIG. 3A shows an overview diagram of a transceiver in accordance with one embodiment of the present invention.
  • Figure 3B shows an overview diagram depicting the relationship of the transceiver from Figure 3A to the broadcast systems available to an MSO.
  • FIG. 4 shows a more detailed block diagram of a transceiver in accordance with one embodiment of the present invention.
  • FIG. 5 shows a block diagram of another embodiment of a transceiver in accordance with one embodiment of the present invention.
  • Figure 6 shows a more detailed diagram of a transceiver showing additional details of the embodiments of Figure 4 and Figure 5.
  • Figure 7 shows a flow chart of the steps of a selective encryption process in accordance with one embodiment of the present invention.
  • Embodiments of the present invention are directed to a method and system for selective encryption of data signals on a data bus in a transceiver.
  • the present invention provides a method and system that can prevent pirating of a descrambled and decrypted digital signal between multiple components (e.g., functional blocks) of an audio/video transceiver.
  • the present invention provides a method and system to prevent pirating that can be readily implemented in a transceiver (e.g., a set-top box) used in a digital broadcast system.
  • the method and system of the present invention prevents pirating while also reducing the overhead involved in managing the encryption/decryption process within the transceiver.
  • the present invention and its benefits are further described below.
  • the present invention is described in the context of an intelligent transceiver (e.g., a ' set-top box) that can be used as part of a digital broadcast system. However, it ip appreciated that the present invention may be utilized in other types of devices including consumer electronic devices where it may be necessary to decrypt and encrypt a digital signal.
  • an intelligent transceiver e.g., a ' set-top box
  • the present invention may be utilized in other types of devices including consumer electronic devices where it may be necessary to decrypt and encrypt a digital signal.
  • Transceiver 300 includes a first component, A/V decode block 340, a second component, graphics block 350, and a CPU 360.
  • A/V decode block 340, graphics block 350, and CPU 360 are coupled via a bus 305.
  • the A/V decode block 340 includes functionality for descrambling an incoming digital broadcast signal 370.
  • transceiver 300 implements a system for selective encryption of data as the data is transmitted between internal components (e.g., A V decode block 340 and graphics block 350) of a transceiver.
  • An incoming data stream (e.g., digital broadcast signal 370) is descrambled and decoded in A/V decode block 340 and selectively encrypted using a first encryption unit 345 before transmission via bus 305 to graphics block 350 for decryption using a second enciyption unit 346.
  • the selective encryption provides for selectively implementing secure transmission of the data stream (e.g., MPEG-2 data) between blocks 340 and 350 of transceiver 300, in accordance with the specific type of the data.
  • transceiver 300 includes A/V decode block 340 for receiving digital broadcast signal 370 from an external source (e.g., an MSO) and descrambling the digital broadcast signal into a resulting data stream.
  • Graphics block 350 is coupled to the A/V decode block 350 via bus 305 to receive the encrypted data stream.
  • Encryption unit 346 is built into graphics block 350 for decrypting the encrypted data stream. Once decrypted, the data stream is processed by graphics block 350 to produce component audio and video signals 371 and 372 for a television 375.
  • transceiver 300 thus implements a conditional access (CA) function that allows selective access to valuable copyrighted information.
  • Such information includes, for example, pay-per view movies, premium sporting events, etc.
  • the producers of the movies, events, etc. require that access to the premium services be controlled in order to protect and enforce their copyrights, protect copyright ownership, and protect their commercial interests as well.
  • the secure transmission process of the present embodiment ensures the copyrighted premium services are provided to authorized users only, thereby protecting the commercial interests of the MSOs.
  • encryption unit 345 is configured to read a flag included in the digital broadcast signal that indicates whether the resulting data stream (e.g., the descrambled signal) requires secure transmission.
  • the flag indicates secure transmission is required (e.g., the digital broadcast signal is for, a copyrighted premium service)
  • the first enciyption unit 345 encrypts the data stream and transmits via the bus the resulting encrypted data stream to the graphics block 350 for further processing.
  • the data stream is transmitted via the bus to graphics block 305 without encryption, thereby reducing the overhead involved in managing the encryption/decryption process within the transceiver 300.
  • the encryption-decryption processes of transceiver 300 are coordinated and controlled by CPU 360.
  • CPU 360 contains a processor (not shown) for processing information and instructions.
  • CPU 360 also may contain random access memory, read only memory, one or more caches, a flash memory and the like (not shown) for storing information and instructions.
  • the management of the encryption/decryption process causes a significant amount of CPU overhead.
  • CPU overhead By providing secure transmission for only those data streams which require it (e.g., copyrighted premium services), less CPU cycles are consumed managing the encrypt-decrypt process. This frees CPU cycles for other applications, such as, for example, a richer user interface, additional user interface features, etc.
  • less bandwidth of bus 305 is occupied, for example, managing the exchange of encryption keys required for implementing the encrypt-decrypt process.
  • ⁇ W decode block 340 and graphics block 350 are integrated circuit devices, there is no point where an in-the-clear signal can be externally accessed and intercepted.
  • the transceiver 300 provides system that can prevent pirating of a descrambled and decrypted digital signal between multiple components (e.g., functional blocks) of an audio/video transceiver.
  • Figure 3A depicts two such components, A/V/ decode block 340 and graphics block 350
  • additional components of transceiver 300 can access the data stream via bus 305 using the selective encryption process of the present embodiment.
  • each additional component would have its respective encryption unit (e.g., encryption unit 346) for accessing the data stream when the data stream is encrypted.
  • Transceiver 300 receives digital broadcast signal 370 from a MSO (not shown).
  • digital broadcast signal 370 is a media signal comprising audio and video content.
  • Digital broadcast signal 370 can be delivered to transceiver 300 using any of the various mechanisms currently in use or envisioned, such as a terrestrial fine (e.g., a cable system), the World Wide Web (e.g., a connection to the Internet), or a wireless transmission (e.g., a satellite broadcast).
  • a number of different digital broadcast signal formats in use or envisioned can be used, such as the Advanced Television Systems Committee (ATSC) digital television format. Which ever format or means of reception is used, the copyright flag indicates whether secure transmission is required.
  • ATSC Advanced Television Systems Committee
  • the copyright flag identifies the data as being premium, copyrighted, limited access, etc.
  • AV decode block 340 descrambles digital broadcast signal 370 and reads the flag to determine whether the resulting data stream requires secure transmission or not. If the data requires secure transmission, the data is buffered in a first memory 373 subsequent encryption prior to transmission across bus 305 to the other components. If the data does not require secure transmission, the data is buffered in a second memory 374 for subsequent transmission in the clear across the internal bus to the other components. This data from memory 374 is not encrypted prior to transmission on bus 305.
  • a single memory can be used wherein the integrity between the data types (e.g., data requiring secure transmission and data not requiring secure transmission) is still maintained. Integrity can be maintained through use of memory mapping schemes, separate data structures, address partitioning, or other well known memory management techniques.
  • FIG 3B shows an overview diagram depicting the relationship of transceiver 300 to the broadcast means of the MSO.
  • digital broadcast signal 370 can be delivered to transceiver 300 using any of the various mechanisms currently in use or envisioned, such as a terrestrial line (e%g., a cable system), the World Wide Web (e.g., a connection to the Internet), or a wireless transmission (e.g., a satellite broadcast or terrestrial broadcast).
  • a terrestrial line e%g., a cable system
  • the World Wide Web e.g., a connection to the Internet
  • a wireless transmission e.g., a satellite broadcast or terrestrial broadcast.
  • digital broadcast signal 370a from internet cable 391
  • digital broadcast signal 370b from satellite/terrestrial broadcast 392.
  • the selective encryption method of the present embodiment ensures premium copyrighted services are securely transmitted from signals 370a-370b to television 375.
  • transceiver 400 includes a front-end block 310 coupled to bus 305, interface card 330 coupled to front-end block 310 and bus 305, audio/video (A/V) decode block 340 coupled to interface card 330 and bus 305, graphics block 350 coupled to A/V decode block 340 and bus 305, and central processing unit 360 coupled to bus 305.
  • Interface card 330 also referred to as a point of deployment (POD) is adapted to receive smart card 325.
  • POD point of deployment
  • Transceiver 400 of Figure 4 is substantially similar to transceiver 300 of Figure 3A. However, Transceiver 400 receives digital broadcast signal 370 via a separate front end block 310 and is transmitted to interface card 330 for descrambling and subsequent transmission to A/V decode block 340.
  • front-end block 310 contains one or more tuners for receiving digital broadcast signal 370.
  • front-end block 310 can contain a tuner for receiving a wireless transmission (e.g., " a satellite broadcast) and another tuner for receiving a cable transmission
  • r ⁇ ront-rend block 310 can also include a device (e.g., a modem) that allows a telephone or digital subscriber line (DSL) connection to be made to the World Wide Web so that a broadcast signal can be received via the Internet.
  • a device e.g., a modem
  • Smart card 325 stores information needed by a cable system operator or digital broadcast system operator (e.g., a Multiple System Operator, MSO) in order to bill a subscriber for services used by the subscriber (for example, the viewing of a pay-per-view movie or event).
  • MSO Multiple System Operator
  • smart card 325 also includes a key that is used to descramble digital broadcast signal 370 (if the signal is scrambled).
  • smart card 325 is inserted into interface card 330; however, it is appreciated that in other embodiments smart card 325 may be coupled in a different manner to intelligent transceiver 300 (for example, it may be inserted into either front-end block 310 or A/V decode block 340).
  • interface card 330 descrambles digital broadcast signal 370.
  • interface card 330 includes buffers 473-474 which function in a manner similar to buffers 373-374 of Figure 3A. Interface card 330 descrambles digital broadcast signal 370 and reads the flag to determine whether the resulting data stream requires secure transmission or not. If the data requires secure transmission, the data is buffered in a first memory 473 subsequent encryption. If the data does not require secure transmission, the data is buffered in a second memory 474 for subsequent transmission in the clear.
  • interface card 330 contains an encryption unit (not shown) that encrypts digital broadcast signal 370.
  • the encryption unit uses a well-known DES ECB (Data Enciyption Standard Electronic Code Book) encryption routine and a key length of 56 bits.
  • DES ECB Data Enciyption Standard Electronic Code Book
  • A/V decode block 340 is an integrated circuit device comprising a functional block and a encryption unit 345 integrated therein.
  • Enciyption unit 345 is integral with A V decode block 340 (that is, as a single integrated circuit, or "chip") and coupled to front-end block 310 via interface card 330.
  • the link between interface card 330 and A V decode block 340 (specifically, encryption unit 345) is separate from bus 305; that is, there is a direct connection between interface card 330 and encryption unit 345 that bypasses bus 305.
  • Enciyption unit 345 decrypts an encrypted signal (e.g., digital broadcast signal 370) received by A/V decode block 340.
  • the output of encryption unit 345 is a decrypted digital signal that is "in the clear.”
  • the signal in the clear is transmitted within A/V decode block 340 for decoding.
  • the clear signal is encrypted by enciyption unit 345 prior to transmission outside of A V decode block 340.
  • the present invention provides a secure interface between interface card 330 and enciyption unit 345 and also between encryption unit 345 and A/V decode block 340, and thus between front-end block 310 and A/V decode block 340.
  • the present invention can prevent pirating of a descrambled and decrypted digital signal.
  • the in-the-clear signal is transmitted between interface card 330, A/V decode block 340, and graphics block 350.
  • A/V decode block 340 when secure transmission is required, receives encrypted digital broadcast signal 370 from interface card 330, decrypts the signal using enciyption unit 345, and decodes the video content and the audio content of digital broadcast signal 370.
  • an MPEG (Moving Pictures Experts Group) video decoder and an AC3 (Digital Dolby) audio decoder are used; however, it is appreciated that other video or audio decoders can be used in accordance with the present invention.
  • A/V decode block 340 is capable of handling video and audio analog signals.
  • FIG. 5 is a block diagram of a transceiver 500 in accordance with another embodiment of the present invention.
  • point of deployment (POD) 320 is separate from interface card 330, and smart card 325 is plugged into POD 320 instead of interface card 330.
  • Selective enciyption in accordance with the copyright flag embedded in digital broadcast signal 370 is still implemented in interface card 330 in the manner described above.
  • smart card 325 contains a key for descrambling digital broadcast signal 370, and this key is used by POD 320 to descramble digital broadcast signal 370.
  • POD 320 also encrypts digital broadcast signal 370 using an enciyption engine (not shown).
  • POD 320 is separate from interface card 330 in this embodiment, interface card 330 can still exist in intelligent transceiver 500.
  • Figure 6 is a block diagram of a transceiver 600 (e.g., a bi-directional set- top box) showing additional details of the embodiments illustrated by Figure 4 and Figure 5.
  • Table 1 is a list of the various elements and acronyms contained in Figure 6.
  • front-end block 310 receives a scrambled digital broadcast signal (e.g., digital broadcast signal 370 of Figures 3A and 3B) from a digital broadcaster via in-band tuner 401, OOB " tuner 402 and/or MCNS FAT tuner 403.
  • Smart card 325 includes a key to descramble the digital broadcast signal. It is appreciated that Figure 4 shows some elements from the embodiments illustrated by Figures 3, 4, and 5. In the case of the embodiment illustrated by Figure 4, smart card 325 is inserted into interface card 330, and interface card 330 descrambles and encrypts the digital broadcast signal. In the case of the embodiment illustrated by Figure 5, smart card 325 is plugged into POD 320.
  • the descrambling and encrypting functions are performed in POD 320, and so these functions are bypassed in interface card 330.
  • the separate buffers 373 and 374 are included in block 340 for the encrypted data stream and non-encrypted data stream.
  • decryption engine 345 is integrated into demultiplexer ("demux") 410, which is itself integrated into A/V decode block 340.
  • Decryption engine 345 contains an decryption engine for decrypting digital broadcast signal 370.
  • Decryption engine 345 is integral with A/V decode block 340 and is coupled to front-end block 310 via interface card 330.
  • Decryption engine 345 decrypts an enciypted signal (e.g., digital broadcast signal 370) received by A/V decode block 340 via interface card 330.
  • the in-the-clear signal is immediately transmitted within the integrated circuit of A/V decode block 340 for decoding.
  • the in-the-clear signal is not transmitted outside the physical block comprising A/V decode block 340 and decryption engine 345.
  • decryption engine 345 provides the interface between A/V decode block 340 and interface card 330. It is appreciated that in other embodiments integrated circuit 345 may be integrated into A/V decode block 340 in some different manner (that is, in a location other than demux 410) while still providing the interface with interface card 330.
  • the descrambled data stream is transmitted as an in-the-clear signal (e.g., descrambled and not enciypted) between interface card 330 and block 340, and between block 340 and block 350.
  • an in-the-clear signal e.g., descrambled and not enciypted
  • the descrambled data stream is first enciypted by interface card 330 prior to transmission to block 340, and enciypted by enciyption unit 345 prior to transmission to block 350, such that the descrambled data stream is not exposed as an in-the-clear signal (e.g., descrambled and not enciypted) between interface card 330, block 340, and block 350.
  • an in-the-clear signal e.g., descrambled and not enciypted
  • the selective encryption process of the present invention provides a secure interface between interface card 330 and decryption engine 345 and between decryption engine 345 and A/V decode block 340, and thus between front-end block 310 and A/V decode block 340 on an as-needed basis, thereby reducing overhead on CPU 360.
  • A/V decode block 340 includes an MPEG decoder (e.g., graphics block 411) and an audio decoder (e.g.; AC-3 block 412) to decode the video and audio content of digital broadcast signal 370.
  • Graphics block 350 processes the audio and video information received from A/V decode block 340.
  • Central processing unit 360 contains a processor (e.g., CPU core 430) and memory (e.g., instruction cache 420) for processing information and instructions used by intelligent transceiver 400.
  • Process 700 depicts the basic operating steps of a selective encryption process as implemented in a set-top box transceiver in accordance with one embodiment of the present invention (e.g., transceiver 300 of Figure 3A).
  • Process 700 begins in step 701, where a digital broadcast signal is received by transceiver 300.
  • the digital broadcast signal is transmitted from an MSO.
  • the digital broadcast signal (e.g., digital broadcast signal 370 of Figure 3A) includes a copyright flag that indicates whether the digital broadcast signal is, for example, a copyrighted premium service.
  • the digital broadcast signal is descrambled using descrambling circuits.
  • the digital broadcast signal is transmitted from the MSO in a scrambled form to prevent unauthorized reception by "pirating" users.
  • An authorized user can descramble the digital broadcast signal using a key provided by the MSO.
  • the descrambling functionality can be included in an A/V decode block (e.g., transceiver 300 of Figure 3A), or a separate interface card (e.g., interface card 330 of Figure 4).
  • step 703 the copyright flag in the descrambled data stream is read to determine whether secure transmission of the data stream is required. As described above, this flag indicates, for example, whether the digital broadcast signal is a copyrighted premium service. Depending upon the particular transceiver embodiment, the copyright flag can be read in an A/V decode block or a separate interface card.
  • step 704 if the copyright flag read in step 703 indicates secure transmission is required, process 700 proceeds to step 707, where the descrambled data stream is enciypted prior to transmission. If the copyright flag indicates secure transmission is not required, process 700 proceeds to step 705, where the descrambled data stream is transmitted among the internal components of the transceiver in the clear.
  • step 705 where secure transmission is not required as determined in step 704, the descrambled data stream is buffered in a first memory (e.g., memory 374 of Figure 3A). As described above, the data is buffered in the memory buffer for subsequent transmission in the clear across the internal bus to the other components. This data is not enciypted prior to transmission on the bus.
  • a first memory e.g., memory 374 of Figure 3A
  • step 706 the data stored in the memory buffer from step 705 is transmitted in the clear from, for example, the A/V decode block 340 to the graphics block 350 across the bus.
  • step 707 where secure transmission is required as determined in step 704, the descrambled datai stream is buffered in a second memory (e.g., memory 373 of Figure 3A).
  • a second memory e.g., memory 373 of Figure 3A.
  • This data is enciypted prior to transmission.
  • a single memory can be used wherein the integrity between the data types (e.g., data requiring secure transmission and data not requiring secure transmission) is still maintained. As described above, integrity can be maintained through use of memory mapping schemes, separate data structures, address partitioning, or other well known memory management techniques.
  • encryption/decryption keys are distributed by a CPU included in the transceiver (e.g., CPU 360 of Figure 3A) to each enciyption unit of the components of the transceiver.
  • a CPU included in the transceiver e.g., CPU 360 of Figure 3A
  • the descrambled data stream is enciypted prior to transmission from, for example, A/V decode block 340 to graphics block 350.
  • the encryption process e.g., a well-known DES ECB enciyption routine and a key lengths of 56 bits
  • a well-known DES ECB enciyption routine and a key lengths of 56 bits is managed and coordinated by the CPU.
  • the distributed encryption keys allow each enciyption unit (e.g., enciyption units 345-346) to encrypt and/or decrypt the data stream as needed.
  • the descramble data stream is enciypted prior to transmission across the internal busses of the transceiver. As described above, prior to transmission from each component or block, the data stream is encrypted to prevent any point of access for pirating the signal. Hence, when secure transmission is required, the descrambled data stream is not exposed outside any of the components or blocks of the transceiver.
  • the present invention provides a method and system for selective enciyption of data signals on a data bus in a transceiver.
  • the present invention provides a method and system that can prevent pirating of a descrambled and decrypted digital signal between multiple components (e.g., functional blocks) of an audio/video transceiver.
  • the present invention provides a method and system to prevent pirating that can be readily implemented in a transceiver (e.g., a set-top box) used in a digital broadcast system.
  • the method and system of the present invention prevents pirating while also reducing the overhead involved in managing the encryption/decryption process within the transceiver.

Abstract

Cette invention concerne un système permettant d'exécuter de transmettre sélectivement et de manière sure des données entre des composants internes d'émetteur-récepteur (FIG.3A). L'émetteur-récepteur comprend un premier composant qui reçoit un flux de données d'une source extérieure. Une première unité de cryptage est couplée au premier composant et crypte le flux de données. L'émetteur-récepteur comprend également un second composant couplé au premier composant via un bus, qui reçoit le flux de données cryptées. Une seconde unité de cryptage est couplée au second composant pour le décryptage du flux de données cryptées. La première unité de cryptage est configurée pour lire un drapeau, inclus dans le flux de données, lequel indique si le flux de données reçu par l'émetteur-récepteur doit être ou non transmis de manière sécurisée. Si oui (fig.7, #704), la première unité de cryptage crypte (FIG.7, #709) le flux de données et le transmet via le bus sous forme cryptée au second composant pour complément de traitement. Si non, le flux de données est transmis sans cryptage préalable au second composant (FIG. 7,#706).
PCT/US2001/009797 2000-03-29 2001-03-27 Systeme et procede d'emission-reception WO2001074003A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001249509A AU2001249509A1 (en) 2000-03-29 2001-03-27 Transceiver system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US53837300A 2000-03-29 2000-03-29
US09/538,373 2000-03-29

Publications (1)

Publication Number Publication Date
WO2001074003A1 true WO2001074003A1 (fr) 2001-10-04

Family

ID=24146657

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/009797 WO2001074003A1 (fr) 2000-03-29 2001-03-27 Systeme et procede d'emission-reception

Country Status (2)

Country Link
AU (1) AU2001249509A1 (fr)
WO (1) WO2001074003A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1510072A1 (fr) * 2002-06-03 2005-03-02 Sony Computer Entertainment Inc. Procedes et dispositif pour personnaliser un support de stockage reinscriptible
FR2859335A1 (fr) * 2003-08-27 2005-03-04 Samsung Electronics Co Ltd Procede, appareil et programme d'ordinateur pour traiter des signaux de donnees multimedias
EP1524817A1 (fr) * 2003-10-13 2005-04-20 General Electric Company Méthode et appareil pour le contrôle sélectif de données
EP1602193A1 (fr) * 2003-04-13 2005-12-07 NDS Limited Systeme de securisation d'acces a des flux de donnees
WO2007027848A3 (fr) * 2005-09-02 2007-06-07 Scientific Atlanta Point multipiece de module de deploiement
US7865925B2 (en) 2003-01-15 2011-01-04 Robertson Neil C Optimization of a full duplex wideband communications system
EP2696594A1 (fr) * 2011-04-08 2014-02-12 Unitend Technologies Inc. Procédé et appareil de transmission sécurisée pour un flux de transport
EP2699014A1 (fr) * 2011-04-11 2014-02-19 Unitend Technologies Inc. Terminal basé sur une technologie d'accès conditionnel
US8966550B2 (en) 2002-10-04 2015-02-24 Cisco Technology, Inc. Home communication systems
CN113261256A (zh) * 2018-12-03 2021-08-13 耐瑞唯信有限公司 在数据流中安全地传输数据

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4648122A (en) * 1984-09-19 1987-03-03 Pioneer Electronic Corporation Community antenna television communication system
US5054068A (en) * 1990-05-07 1991-10-01 Motorola, Inc. Trunked radio communication system having encrypted system control information
US5239584A (en) * 1991-12-26 1993-08-24 General Electric Corporation Method and apparatus for encryption/authentication of data in energy metering applications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4648122A (en) * 1984-09-19 1987-03-03 Pioneer Electronic Corporation Community antenna television communication system
US5054068A (en) * 1990-05-07 1991-10-01 Motorola, Inc. Trunked radio communication system having encrypted system control information
US5239584A (en) * 1991-12-26 1993-08-24 General Electric Corporation Method and apparatus for encryption/authentication of data in energy metering applications

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1510072A4 (fr) * 2002-06-03 2007-10-31 Sony Computer Entertainment Inc Procedes et dispositif pour personnaliser un support de stockage reinscriptible
EP1510072A1 (fr) * 2002-06-03 2005-03-02 Sony Computer Entertainment Inc. Procedes et dispositif pour personnaliser un support de stockage reinscriptible
US7412607B2 (en) 2002-06-03 2008-08-12 Sony Computer Entertainment Inc. Methods and apparatus for customizing a rewritable storage medium
US8966550B2 (en) 2002-10-04 2015-02-24 Cisco Technology, Inc. Home communication systems
US9762970B2 (en) 2002-10-04 2017-09-12 Tech 5 Access of stored video from peer devices in a local network
US7865925B2 (en) 2003-01-15 2011-01-04 Robertson Neil C Optimization of a full duplex wideband communications system
EP1602193A1 (fr) * 2003-04-13 2005-12-07 NDS Limited Systeme de securisation d'acces a des flux de donnees
EP1602193A4 (fr) * 2003-04-13 2009-11-04 Nds Ltd Systeme de securisation d'acces a des flux de donnees
EP2472897A1 (fr) * 2003-04-13 2012-07-04 NDS Limited Système pour sécuriser l'accès à des flux de données
US8755523B2 (en) 2003-04-13 2014-06-17 Cisco Technology Inc. System for securing access to data streams
FR2859335A1 (fr) * 2003-08-27 2005-03-04 Samsung Electronics Co Ltd Procede, appareil et programme d'ordinateur pour traiter des signaux de donnees multimedias
US7836514B2 (en) 2003-08-27 2010-11-16 Samsung Electronics Co., Ltd. Method, apparatus and computer program for processing multimedia data signals
EP1524817A1 (fr) * 2003-10-13 2005-04-20 General Electric Company Méthode et appareil pour le contrôle sélectif de données
US8332910B2 (en) 2003-10-13 2012-12-11 General Electric Company Method and apparatus for selective data control
WO2007027848A3 (fr) * 2005-09-02 2007-06-07 Scientific Atlanta Point multipiece de module de deploiement
EP2696594A1 (fr) * 2011-04-08 2014-02-12 Unitend Technologies Inc. Procédé et appareil de transmission sécurisée pour un flux de transport
EP2696594A4 (fr) * 2011-04-08 2015-04-15 Unitend Technologies Inc Procédé et appareil de transmission sécurisée pour un flux de transport
EP2699014A4 (fr) * 2011-04-11 2015-04-22 Unitend Technologies Inc Terminal basé sur une technologie d'accès conditionnel
US9479825B2 (en) 2011-04-11 2016-10-25 Unitend Technologies Inc. Terminal based on conditional access technology
EP2699014A1 (fr) * 2011-04-11 2014-02-19 Unitend Technologies Inc. Terminal basé sur une technologie d'accès conditionnel
CN113261256A (zh) * 2018-12-03 2021-08-13 耐瑞唯信有限公司 在数据流中安全地传输数据
CN113261256B (zh) * 2018-12-03 2023-08-22 耐瑞唯信有限公司 在数据流中安全地传输数据

Also Published As

Publication number Publication date
AU2001249509A1 (en) 2001-10-08

Similar Documents

Publication Publication Date Title
US7146007B1 (en) Secure conditional access port interface
US6757909B1 (en) Internet set-top box having an in-band tuner and cable modem
KR101019857B1 (ko) 레거시 장치에 미치는 영향을 최소화한 컨텐트 스크램블링
US9467658B2 (en) Method and apparatus for protecting the transfer of data
KR100600484B1 (ko) 통신 네트워크 및 방법
KR101081160B1 (ko) 데이터 전송을 보호하기 위한 방법 및 장치
US7797552B2 (en) Method and apparatus for controlling paired operation of a conditional access module and an integrated receiver and decoder
US20060133610A1 (en) Method and system for a secure high bandwidth bus in a transceiver device
US20080192934A1 (en) Conditional access system
JP2007516665A (ja) コンテンツ操作を伴うケーブルカード
JP4271863B2 (ja) ホームネットワーク用のコピー保護システム
WO2001074003A1 (fr) Systeme et procede d'emission-reception
WO2001074075A1 (fr) Interface amovible de carte a puce, destinee a un boitier de decodage
KR20070027135A (ko) 디지털 방송 수신기의 다중 암호 해독 시스템 및 방법
Clayson et al. Systems issues in the implementation of DVB simulcrypt conditional access
KR101492977B1 (ko) 스크램블 전송스트림의 복사 방지 방법 및 장치

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP