WO2014117851A1 - Proxy modules - Google Patents

Proxy modules Download PDF

Info

Publication number
WO2014117851A1
WO2014117851A1 PCT/EP2013/051963 EP2013051963W WO2014117851A1 WO 2014117851 A1 WO2014117851 A1 WO 2014117851A1 EP 2013051963 W EP2013051963 W EP 2013051963W WO 2014117851 A1 WO2014117851 A1 WO 2014117851A1
Authority
WO
WIPO (PCT)
Prior art keywords
content
ecm
control word
supplementary
module
Prior art date
Application number
PCT/EP2013/051963
Other languages
French (fr)
Inventor
Egbert Westerveld
Hans Dekker
Original Assignee
Irdeto B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Irdeto B.V. filed Critical Irdeto B.V.
Priority to PCT/EP2013/051963 priority Critical patent/WO2014117851A1/en
Publication of WO2014117851A1 publication Critical patent/WO2014117851A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04HBROADCAST COMMUNICATION
    • H04H60/00Arrangements for broadcast applications with a direct linking to broadcast information or broadcast space-time; Broadcast-related systems
    • H04H60/09Arrangements for device control with a direct linkage to broadcast information or to broadcast space-time; Arrangements for control of broadcast-related services
    • H04H60/14Arrangements for conditional access to broadcast information or to broadcast-related services
    • H04H60/23Arrangements for conditional access to broadcast information or to broadcast-related services using cryptography, e.g. encryption, authentication, key distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26606Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]

Definitions

  • the present invention relates to a proxy module for use in a head-end, and to a method of providing encrypted content using the head-end proxy module.
  • the invention further relates to an associated proxy module for use in a receiver, and to a method of enabling a receiver to access encrypted content using the receiver proxy module.
  • content or “item of content” refers to data comprising one or more of video data, image data, audio data, media or multimedia data, text data, or any other form of content data.
  • Some watermarking techniques are designed to be "fragile", in the sense that the embedded watermark cannot be successfully decoded if the watermarked item of content has undergone subsequent processing or modification. Some watermarking techniques are designed such that the difference between the original item of content and the watermarked item of content is substantially imperceptible to a human user (e.g. the original item of content and the watermarked item of content are visually and/or audibly indistinguishable to a human user). Other criteria for how a watermark is added to an item of content exist.
  • Fingerprint watermarking is increasingly being used to trace or identify the source of (or a party/device involved in) the unauthorized distribution or publication or release of content.
  • the watermarked content provided to a receiver contains a watermark specific to that receiver (i.e. the watermark carries or encodes a payload or codeword specific to that receiver and identifying that receiver).
  • Each of the receivers receives a copy of the original item of content with their respective watermark embedded therein. Then, if an unauthorized copy of the item of content is located, the watermark can be decoded from that item of content and the receiver that corresponds to the decoded watermark can be identified as the source of (or a party/device involved in providing/releasing) the unauthorized copy.
  • FIG. 1a of the accompanying drawings schematically illustrates a system 100 providing secure content delivery.
  • the system 100 comprises a content provider system 102, a network 104 and a receiver 106.
  • the content provider system 102 is arranged to transmit data to the receiver 106 via the network 104.
  • the network 104 may be any kind of network suitable for transmitting or communicating data from the content provider system 102 to the receiver 106.
  • the network 104 could comprise one or more of a local area network, a wide area network, a metropolitan area network, the internet, a wireless communications network, a cable network, a digital broadcast network, a satellite communication network, a telephone network, etc.
  • the content provider system 102 may then communicate with the receiver 106 over the network 104 via any suitable communication mechanism/protocol in order to communicate data from the content provider system 102 to the receiver 106.
  • the content provider system 102 may be any system that is suitable for communicating data to the receiver 106 via the network 104.
  • the content provider system 102 comprises one or more processors 110, a memory 1 12 and a network interface 114.
  • the network interface 114 is arranged to interface with the network 104 to enable the content provider system 102 to communicate with the network 104 (so that the content provider system 102 can then communicate with the receiver 106 via the network 104).
  • the content provider system 102 may store, in the memory 112, data to be transmitted to the receiver 106. This data may be generated by the processor(s) 110 and/or may be data that the content provider system 102 receives from another system (not shown in Figure 1a).
  • the content provider system 102 could be a head-end system of a digital broadcast system (in which case the network 104 could comprise a terrestrial broadcast network or a satellite broadcast network) or the content provider system 102 could be a head-end system of a cable network system (in which case the network 104 could comprise a cable network).
  • the content provider system 102 could comprise one or more servers for transmitting, or providing access to, data over the internet (in which case the network 104 may comprise the internet).
  • the content provider system 102 may take other forms instead.
  • the data to be transmitted from the content provider system 102 to the receiver 106 comprises content M and conditional access data.
  • the content M may be any form of content, and may comprise one or more of video data, image data, audio data, multimedia data, text data, etc.
  • the content M may be provided to the content provider system 102 by a separate system (not shown in Figure 1a) for the content provider system 102 to then provide to the receiver 106.
  • the content M is transmitted in encrypted (scrambled) form.
  • one or more sections of the content M may be encrypted with a respective control word CW (an encryption/decryption key) - the CW to be used to encrypt a current amount of content M may be changed on a regular basis, e.g. once every couple of seconds.
  • CW an encryption/decryption key
  • Figure 1a illustrates encrypted content ⁇ M ⁇ cw being transmitted from the content provider system 102 to the receiver system 106 in general, throughout this description, an amount of data X that is encrypted and for which a decryption key K is required to decrypt the encrypted data to obtain the cleartext data X is represented as ⁇ .
  • the conditional access data may comprise data which the receiver 106 can, if sufficiently authorised, use to gain access to the encrypted content - this typically includes entitlement control messages (ECMs) and entitlement management messages (EMMs). This shall be described in more detail shortly.
  • ECMs entitlement control messages
  • EMMs entitlement management messages
  • the content provider system 102 may comprise one or more conditional access (CA) and/or digital rights management (DRM) systems or modules (which may be executed by the processor(s) 110) which are responsible for performing the encryption of the content M, the generation and cycling of CWs, and the generation of the conditional access data (e.g. ECMs and EMMs) according to the authorization of subscribers.
  • CA conditional access
  • DRM digital rights management
  • the receiver 106 may be any system that is suitable for receiving data from the content provider system 102 over the network 104.
  • the receiver 106 comprises a network interface 120, a receiver device (or module) 122, and a decoder 24.
  • the receiver device 122 is communicably coupled to a secured module 130 of a CA system.
  • the receiver device 122 may be implemented as hardware (e.g. a receiver chip set) or may be implemented as obfuscated software or firmware executed on a processor inside the receiver 106.
  • the receiver 106 may include a CA system application programming interface (API) which is a CA system specific interface in which the receiver firmware provides an abstraction of the hardware resources that are used by a CA system.
  • a standardised CA system API is part of the DVB Common Interface specification.
  • CA systems specify a proprietary API for their version of the CA system API.
  • Most of the functionality is generic, the receiver firmware manufacturer can easily map a generic internal CA system API to a proprietary one used in a specific CA system.
  • the network interface 120 is arranged to interface with the network 04 to enable the receiver 106 to receive data from the network 104. Data received by the network interface 120 is passed to the receiver device 122.
  • the receiver device 122 passes conditional access data that it receives to the secured module.
  • the secured module 130 processes the conditional access data and, if the secured module 130 is authorised to provide access to the received content M, the secured module 130 provides information over a communication channel or interface 140 to the receiver device 122 that enables the receiver device 122 to decrypt the encrypted content ⁇ M ⁇ C w - this information could be the CW itself or information from which the receiver device 122 is able to generate the CW.
  • the receiver device 122 upon obtaining a valid CW, decrypts the encrypted content ⁇ M ⁇ cw using the CW so as to produce the cleartext content M.
  • the receiver device 122 is arranged to pass the content M to the decoder module 124.
  • the decoder module 124 is arranged to perform any decoding necessary (e.g. data compression decoding), formatting, signal generation, etc. so as to output the content M in a suitable form (e.g. a signal for provision to a television).
  • the decoder module 124 is not part of the receiver 106 but may, instead, form part of a separate system (such as a television).
  • the decoder module 124 and the receiver device 122 may be
  • an ECM contains a CW that the receiver 106 needs to decrypt the encrypted content ⁇ M ⁇ cw, or at least information by which the receiver 106 can generate the CW.
  • the content of the ECM is encrypted using a key PK.
  • An EMM is transmitted to the receiver 106, where the EMM contains the key PK.
  • the key PK is contained in the EMM in encrypted form - this is performed in a manner that only the secured module 130 (or a group of secured modules 130) can decrypt (e.g. using a public key associated with a private key of the secured module 130, or using a secret key shared only by the secured module 130 and the content provider system 102).
  • the EMM is, therefore, targeted at the specific secured module 130 (or group of secured modules 130) and will only have been transmitted by the content provider system 102 if the content provider system 102 wishes (or has been instructed) to provide the subscriber/user associated with the secured module 130 access to the content M.
  • the secured module 130 to which the EMM is targeted can decrypt the content of the EMM to access the key PK.
  • the secured module 130 can then use the key PK to decrypt the content of the ECM, and can then pass some or all of the content of the ECM, via the interface 140, to the receiver device 122 to enable the receiver device 122 to decrypt the encrypted content ⁇ M ⁇ cw-
  • the secured module 130 (sometimes referred to as a conditional access
  • the secured module 130 may be a smart card with embedded software for carrying out the above functionality, the smart card being removable from the receiver 106; or the secured module 130 may be
  • EP2227015 implemented as obfuscated software or firmware executed on a processor inside the receiver 106 (an example of which is disclosed in EP2227015 - for example, Figures 3 and 7 thereof and their associated descriptions - the entire disclosure of EP2227015 is incorporated herein by reference).
  • the receiver 106 may comprise one or more of a set-top- box, a personal computer, a mobile telephone, a games console, etc., but it will be appreciated that the receiver 106 may take other forms instead.
  • each content provider system 102 may provide data to multiple receivers 106 over one or more networks 104, and each receiver 106 may receive data from multiple content provider systems 102 over one or more networks 104.
  • the CW (or information from which the receiver device 122 can obtain the CW) is communicated over the interface 140 from the secured module 130 to the receiver device 122.
  • the rest of the description shall refer to the CW itself being communicated to (or received at or obtained at) the receiver device 122, but it will be appreciated that the description applies equally to information from which the receiver device 122 can obtain the CW.
  • the interface 140 needs to be secure. If the interface 140 is not secure, then an attacker can monitor the interface 140 and read the CWs and distribute them to other receivers 106 whose subscribers/users (or, equivalently, their associated secured modules 130) are not authorised to access the content M so that those subscribers/users can access the content M in an unauthorised manner.
  • FIG. 1b of the accompanying drawings schematically illustrates more details of an example content provider system 102.
  • the CA system comprises an EMM generator (EMMG) and an ECM generator (ECMG) that generate EMMs and ECMs respectively
  • EMMG EMM generator
  • ECMG ECM generator
  • the content of an ECM is encrypted using a key PK.
  • the key PK is contained in an associated EMM.
  • the content of the EMM is encrypted using a key associated with a target secured module 130.
  • An EMM may, additionally or alternatively, contain a session key LK together with an encrypted form of that session key ⁇ LK ⁇ CSUK (encrypted using the key CSUK of a target receiver device 122).
  • the content provider system 102 comprises a multiplexer that multiplexes together (a) a content data stream; (b) a data stream comprising the EMMs generated by the EMMG; and (c) a data stream comprising the ECMs generated by the ECMG - the multiplexer outputs a transport stream.
  • a scrambler then scrambles portions of the content data stream in the transport stream using the generated CW. This scrambled transport stream may then be communicated to receivers 106 via the network 104.
  • FIGS. 2 and 3 of the accompanying drawings depict how the system 100 of figure 1 may be arranged to carry out adaptive content delivery with watermarking (or fingerprinting) based on the methods and systems set out in WO01/67667 and EP2429189.
  • Figure 2 schematically illustrates how an item of content 200 may be viewed as, or divided/separated into, a number of sections 202 (or content chunks).
  • the sections 202 are usually non-overlapping and, when concatenated together in order (i.e. in their time-based ordering), form the item of content 200.
  • Each section 202 may contain, or represent, a few seconds of content or a number of frames/fields of audio/video (or some other time-based quantity of content).
  • the sections 202 may be of the same length, or may be of different lengths.
  • a version 204 of a section 202 may be generated by encoding a copy of that section 202 (e.g. data compression, formatting, etc.) to achieve a corresponding quality level or a corresponding bandwidth requirement - the lower the quality level, the less bandwidth is required to communicate the section version 204 across the network 106 to the receiver 106.
  • These different quality levels can be achieved by, for example, changing the resolution of video/image data (higher qualities may use higher resolutions), changing quantisation or sampling levels (higher qualities corresponding to less quantisation), etc., as is well-known in the art.
  • n versions 204 of that section Si there are n versions 204 of that section Si labelled S ⁇ Q ⁇ , SiQ 2 SiQ n , (where n>1).
  • a label "SjQj" indicates the i-th section S, encoded to a quality level Q j .
  • a version 204 of a section 202 may be generated by watermarking a copy of that section 202 to embed a corresponding message/payload/symbol therein.
  • t there are t (where t ⁇ 2) watermarked versions 204 of that section S 2 labelled S 2 Mi, S 2 M 2 ,... ,S2M t , that all have their own respective (relatively different) watermarks embedded therein, so that they are all distinct versions of the section S 2 .
  • a label “SjQj” indicates the i-th section S, encoded to a quality level Q j .
  • a version 204 of a section 202 may be generated by watermarking a copy of
  • SjM k indicates the k-th watermarked version of the i-th section S,.
  • the encoding and watermarking may be combined, so that a version 204 of a section 202 may be generated by watermarking a copy of that section 202 that has been encoded in a manner to achieve a corresponding quality level or a corresponding bandwidth requirement, in order to embed a corresponding
  • the number of different watermarked versions of a section 202 encoded at those quality levels may be different from each other, and the watermarks embedded for one quality level may differ from the watermarks embedded for another quality level.
  • Different sections 202 may have different numbers of versions 204 generated using (a) different numbers of quality levels (and the actual quality levels used may vary from section 202 to section 202) and/or (b) different numbers of watermarks (and the actual watermarks embedded may vary from section 202 to section 202).
  • Some sections 202 may only have a single version 204 (which could be the same as, or different from, that original section 202).
  • the content provider system 102 is arranged to provide one or more versions 204 of that section.
  • the content provider system 102 may store the section versions 204 in the memory 1 12 (possibly along with the original content sections 202).
  • the content provider system 102 can then choose to provide to the receiver 106 a section version 204 with a lower bandwidth characteristic (i.e. a lower quality level). If/when more bandwidth becomes available for communicating content to the receiver 106, this may be detected by the content provider system 102 and the content provider system 102 can choose to provide to the receiver 06 a section version 204 with a higher bandwidth characteristic (i.e. a higher quality level).
  • the receiver 106 (or a user, or a group of receivers 106 or users) is provided access to a corresponding specific sequence (or set or group) of watermarked section versions 204 (be they versions SjMk or SjQjM k ).
  • This specific sequence is different from sequences of watermarked section versions 204 used by other receivers.
  • the w-th receiver (1 ⁇ w ⁇ W) may be associated with a sequence of watermarked section versions Sj( Wi i)Mk( W ,i), Sj(w,2)M k (w,2), ⁇ ⁇ ⁇ , Si(w,p)M k (w,p), where there are P watermarked section versions 204 in the specific sequence associated with the w-th receiver, and for 1 ⁇ p ⁇ P, the p- th section version 204 in the specific sequence is Sj( W ,p)M k ( W , P ) for some indices i(w,p) and k(w,p).
  • This sequence of watermarked section versions Sj( W ,i)M k (w,i), Si(w,2)M k(Wi 2), Si(w,p)M k( w,p), (or the sequence of index pairs (i(w,1),k(w,1)), (i(w,2),k(w,2)),..., (i(w,P),k(w,P)) ) is unique to the w-th receiver. It will be appreciated that section versions using different quality levels could be involved in the above sequence too.
  • the receiver 106 upon receiving the section versions 204 from the content provider system 02, may combine (e.g.
  • a watermark decoder can be used to identify that that specific sequence of watermarked section versions 204 was used to form that version of the original item of content 200, and hence identify that particular receiver.
  • watermarked section versions 204 need not be of fixed length (length P above) but could, for example, keep increasing in size as more and more section versions are provided to a receiver.
  • the sequence of watermarked section versions 204 may be predetermined for a receiver or may be dynamically generated as and when the section versions 204 are being provided to the receiver. It will be appreciated that other mechanisms for determining a specific sequence of watermarked section versions 204 associated with a particular receiver could be used. However, in general, the content provider system 102 determines (or generates or calculates) the specific sequence of watermarked section versions 204 to associate with a particular receiver and may store data identifying (or from which can be calculated) that specific sequence of
  • watermarked section versions 204 e.g. the sequence of index pairs mention above, or a seed value used for randomly choosing a watermarked section version 204.
  • FIG 3 schematically illustrates a process and architecture for the content provider system 102 to prepare the item of content 200 for adaptive content delivery with watermarking (or fingerprinting). This may be carried out by the processor(s) 1 10 executing one or more software processes; additionally or alternatively, this may be carried out by one or more hardware components of the content provider system 102 (not shown in Figure 1).
  • the original item of content 200 is either received by an input 300 or is generated by a content generator 302.
  • This original item of content 200 may contain a watermark (e.g. a watermark identifying information such as an owner of copyright in the content 200 or other metadata concerning the content 200) - such a watermark may have been embedded into the content 200 by another system (not shown in the Figures).
  • a watermark e.g. a watermark identifying information such as an owner of copyright in the content 200 or other metadata concerning the content 200
  • the item of content 200 is provided to content encoders 304.
  • content encoders 304 In Figure 3, two content encoders 304(1) and 304(2) are illustrated, and each content encoder 304 is arranged to encode the item of content 200 at a respective quality encoding level different from the quality encoding level used by the other content encoders 304. It will, of course, be appreciated that more than two content encoders 304 could be used, each arranged to encode the item of content 200 at its own respective quality encoding level different from the quality encoding levels used by the other content encoders 304.
  • a single content encoder 304 could be used so that, instead of encoding the item of content 200 at different quality levels in parallel (as is shown in Figure 2), the item of content 200 may be encoded by the single content encoder 304 at a first quality level, then the item of content 200 may be encoded by the same content encoder 304 at a second quality level, and so on.
  • a mixture of such encoder configurations is possible.
  • Each of these encoded items of content is split (or divided or separated) into a number of section versions 204 by respective section generators 306.
  • the content encoders 304 in Figure 3 two section generators 306(1) and 306(2) are illustrated, and each section generator 306 is arranged to generate section versions 204 from the encoded item of content 200 provided by a corresponding content encoder 304. It will, of course, be appreciated that more than two section generators 306 could be used, for example if more than two content encoders 304 are used.
  • a section generator 306 may generate section versions 204 out of encoded items of content 200 provided by multiple content encoders 304 - for example, a single section generator 306 could be used in Figure 3, where this single section generator 306 is arranged to generate a first set of section versions 204 from the encoded item of content 200 output by the first content encoder 304(1) and to then generate a second set of section versions 204 from the encoded item of content 200 output by the second content encoder 304(2), and so on.
  • a mixture of such section generator configurations is possible.
  • a time alignment module 308 coordinates the generation of the section versions 204 by the section generators 306 so that the section versions 204 generated from respective encoded items of content 200 (output by the content encoders 304) are time-aligned, i.e. so that two section versions SjQ q i and SjQ q 2 for the i-th section 202 of the original item of content 200 encoded at different quality levels q1 and q2 will start at the same point within the original item of content 200 and will end at the same point within the original item of content 200.
  • a version of the item of content 200 can be formed by selecting, for each section 202 of the item of content 200, a respective section version 204 and then concatenating those section versions 204 in order - different section versions 204 corresponding to the same section 202 of the item of content 200 can be interchanged as they are time-aligned.
  • seamless switching between section versions 204 with different encoding quality can be carried out.
  • Each of the section versions 204 output by the section generators 306 is then supplied to a modifier module 307.
  • the modifier module 307 is arranged to modify or process a section version 204 that it has received in order to create a modified section version 204. This modification may be, for example, by watermarking the received section version 204 so as to embed a corresponding symbol or payload into the received section version 204 - this may be achieved by know watermarking techniques.
  • a first modifier module 307(1) receives the section versions 204 output by the first section generator 306(1) and embeds a first symbol into those section versions 204 to output a first set of final section versions 204
  • a second modifier module 307(2) receives the section versions 204 output by the first section generator 306(1 ) and embeds a second symbol into those section versions 204 to output a second set of final section versions 204
  • a third modifier module 307(3) receives the section versions 204 output by the second section generator 306(2) and embeds the first symbol into those section versions 204 to output a third set of final section versions 204
  • a fourth modifier module 307(4) receives the section versions 204 output by the second section generator 306(2) and embeds the second symbol into those section versions 204 to output a fourth set of final section versions 204.
  • a modifier module 307 may be arranged to receive sections generated by multiple section generators 306. A mixture of such modified module configurations is possible.
  • the content sections 202 may be generated initially by one or more section generators 306 from the original item of content 200, and these sections 202 may then be passed to content encoders 304 which then encode the sections 202 to generate the section versions 204 and these may then be modified by modifier modules 307.
  • different watermarked versions of the original item of content 200 may be generated by one or more modifier modules 307, these modified items of content may then be encoded to different quality levels by respective content encoders 306, following which the sections versions 204 may be generated by one or more section generators 306 from the encoded modified items of content.
  • Other arrangements are, of course, possible to result in the generation of the section versions 204.
  • the generated section versions 204 are stored in the memory 112.
  • Figure 3 illustrates the generation of content versions 204 that are encoded at different quality levels and that have respective watermarks
  • section versions SjQjMk embedded therein
  • section versions SjQjMk it will be appreciated that not all section versions 204 need to be watermarked, e.g. some of the section versions 204 output by the section generators 306 may be stored directly into the memory 112 in addition to, or possibly without being, passed to a modified module 307 - in this way, section versions SjQj may be generated and stored in the memory 112.
  • a section generator 306 may receive the original item of content 200 instead of receiving an encoded item of content - in this way, section versions SjMk, or even just section versions Si, may be generated and stored in the memory 112.
  • a content format module 310 may determine, for each of the section versions 204, a corresponding reference (or identifier) with which that section version 204 can be identified, accessed and retrieved from the memory 112.
  • the content format module 310 may also generate additional/other metadata 3 2 that can ultimately be used by the receiver 106 to generate the references that the receiver 106 will need to request and retrieve the appropriate/desired section versions 204.
  • this metadata 310 may take the form of a playlist (i.e.
  • this playlist may then be provided to the receiver 06 so that the receiver 106 can select one or more section versions 204 identified in the playlist and then request those selected section versions 204 from the content provider system 102.
  • the content provider system 102 may provide a content file to the receiver 106 containing one or more section versions 204, and the metadata 310 may take the form of a manifest (i.e. a portion of the content file provided to the receiver 106) that identifies where, within the content file, the section versions 204 are located.
  • the section versions 204 identified in the playlist or manifest provided to a receiver will include the specific sequence of watermarked section versions 204 associated with that receiver.
  • a proxy module for use in a receiver arranged to receive entitlement control messages (ECMs) and encrypted content.
  • the receiver comprises a secured module arranged to process an ECM so as to provide a control word.
  • the receiver further comprises a decryption module arranged to decrypt encrypted content using a control word.
  • the proxy module is arranged to use the secured module to obtain a supplementary control word (CWSA or CWSB) from a supplementary ECM.
  • the proxy module is further arranged to use the
  • CWSA supplementary control word
  • CWA content control word
  • CWB content control word
  • the present invention provides a receiver proxy module that can use the existing CA system API in the receiver firmware to remove functional CA system support limitations of the receiver.
  • the use of a receiver proxy module makes updating the firmware relatively easy.
  • the receiver proxy module can circumvent functional restrictions in the firmware processing. It can introduce a secondary "virtual" CA system in order to avoid CA system descriptor constraints and to enable the support for a second CA data stream component. It also can filter ECMs before forwarding them to the secured device to avoid processing of ECMs that result in an error message. It alternatively can intercept the I/O communication channel to block a specific type of CA system error messages.
  • the receiver proxy module may implement some specific CA functionality that is not suitably supported in the legacy receiver 106. For the secured device, the receiver proxy module looks like the receiver firmware and, for the receiver firmware, the receiver proxy module looks like a secured device. For both elements the receiver proxy module has no noticeable effect.
  • the proxy module is arranged to use the secured module to attempt to obtain a first supplementary control word (CWSA) from a first supplementary ECM.
  • the proxy module is further arranged to use the secured module to attempt to obtain a second supplementary control word (CWSB) from a second supplementary ECM.
  • Only one of the first and second supplementary control words (CWSA or CWSB) is validly obtainable by the secured module.
  • the validly obtained one of the first and second supplementary control words (CWSA or CWSB) is defined as the supplementary control word, and the corresponding one of the first and second supplementary ECMs is defined as the supplementary ECM.
  • the content ECM output by the decryption module includes at least one invalid ECM section
  • the proxy module is further arranged to remove said at least one invalid ECM section from the content ECM before using the secured module to obtain the content control word from the content ECM.
  • a receiver comprising a secured module, a decryption module and a proxy module according to the first aspect.
  • the secured module is a smart card or an obfuscated software module.
  • a method of enabling a receiver to access encrypted content comprises a secured module arranged to process an ECM so as to provide a control word.
  • the receiver further comprises a decryption module arranged to decrypt encrypted content using a control word.
  • the method comprises the steps of: (a) using the secured module to obtain a supplementary control word (CWSA or CWSB) from a supplementary ECM; (b) using the supplementary control word (CWSA or CWSB) in the decryption module to obtain a content ECM from an encrypted version of the content ECM; (c) using the secured module to obtain a content control word (CWA or CWB) from the content ECM; and (d) using the content control word (CWA or CWB) in the decryption module to decrypt encrypted content.
  • CWSA or CWSB supplementary control word
  • CWA or CWB content control word
  • the step (a) comprises using the secured module to attempt to obtain a first supplementary control word (CWSA) from a first supplementary ECM, and using the secured module to attempt to obtain a second supplementary control word (CWSB) from a second supplementary ECM. Only one of the first and second supplementary control words (CWSA or CWSB) is validly obtainable by the secured module.
  • the validly obtained one of the first and second supplementary control words (CWSA or CWSB) is defined as the supplementary control word, and the corresponding one of the first and second supplementary ECMs is defined as the supplementary ECM.
  • the content ECM output by the decryption module in step (b) includes at least one invalid ECM section, and the method further comprises removing said at least one invalid ECM section from the content ECM before performing step (c).
  • a proxy module for use in a head-end.
  • the head-end comprises an entitlement control message (ECM) generator arranged to generate ECMs.
  • the head-end further comprises an encryption module arranged to encrypt content using a control word.
  • the proxy module is arranged to access a content control word (CWA or CWB).
  • the proxy module is further arranged to use the ECM generator to generate a content ECM including the content control word (CWA or CWB).
  • the proxy module is further arranged to generate a supplementary control word (CWSA or CWSB).
  • the proxy module is further arranged to use the ECM generator to generate a supplementary ECM including the supplementary control word (CWSA or CWSB).
  • the proxy module is further arranged to use the encryption module to encrypt the content ECM using the supplementary control word (CWSA or CWSB).
  • the proxy module is further arranged to use the encryption module to encrypt content using the content control word (CWA or CWB).
  • the content control word is a first content control word (CWA)
  • the content ECM is a first content ECM
  • the supplementary control word is a first supplementary control word (CWSA)
  • the supplementary ECM is a first supplementary ECM.
  • the proxy module is further arranged to access a second content control word (CWB).
  • the proxy module is further arranged to use the ECM generator to generate a second content ECM including the second content control word (CWB).
  • the proxy module is further arranged to generate a second supplementary control word (CWSB).
  • the proxy module is further arranged to use the ECM generator to generate a second supplementary ECM including the second supplementary control word (CWSB).
  • the proxy module is further arranged to use the encryption module to encrypt the second content ECM using the second supplementary control word (CWSB).
  • the proxy module is further arranged to use the encryption module to encrypt content using the second content control word (CWB).
  • the proxy module is further arranged to generate a supplementary ECM pair by
  • a head-end comprising an ECM generator, an encryption module and a proxy module according to the fourth aspect.
  • a method of providing encrypted content comprising the steps of: (a) accessing a content control word (CWA or CWB); (b) using an entitlement control message (ECM) generator to generate a content ECM including the content control word (CWA or CWB); (c) generating a supplementary control word
  • CWSA or CWSB using the ECM generator to generate a supplementary ECM including the supplementary control word (CWSA or CWSB); (e) using an encryption module to encrypt the content ECM using the supplementary control word (CWSA or CWSB); and (f) using the encryption module to encrypt content using the content control word (CWA or CWB).
  • the content control word is a first content control word
  • the method further comprises the steps of: (g) accessing a second content control word (CWB); (h) using the ECM generator to generate a second content ECM including the second content control word (CWB); (i) generating a second supplementary control word
  • the method further comprises generating a supplementary ECM pair by
  • the method further comprises generating a content ECM pair by concatenating the encrypted versions of the first and second content ECMs.
  • a computer program which, when executed by a processor, causes the processor to carry out a method according to the third aspect or the sixth aspect.
  • a computer readable medium storing a computer program according to the seventh aspect.
  • Figure 1a schematically illustrates a system providing secure content delivery
  • Figure 1 b schematically illustrates more details of an example content provider system
  • Figure 2 schematically illustrates how an item of content may be divided into a number of sections
  • Figure 3 schematically illustrates a process and architecture for a content provider system to prepare an item of content for adaptive content delivery with watermarking (or fingerprinting);
  • Figure 4 schematically illustrates a system according to an embodiment of the invention
  • Figure 5 schematically illustrates content processing .at the head-end according to an embodiment of the invention
  • FIG. 6 schematically illustrates control words and ECM processing at the head-end according to an embodiment of the invention.
  • FIG. 7 schematically illustrates processing at the receiver according to an embodiment of the invention. Detailed description of a preferred embodiment
  • Figure 4 schematically illustrates a system 400 according to an
  • the system 400 includes a head-end 402 connected to a receiver 406 by means of a network 404.
  • the head-end 402 is broadly similar to the content provider system 102 of Figure 1 a
  • the receiver 406 is broadly similar to the receiver 106 of Figure 1a
  • the network 404 is broadly similar to the network 104 of Figure 1a, with modifications as discussed below.
  • the head-end 402 comprises a third party ECM generator (ECMG) 410, a third party EMM generator (EMMG) 412, an encryption module 414 arranged to encrypt content using a control word, and a head-end proxy module 416.
  • the encryption module 414 may use a scrambling algorithm such as the DVB
  • the receiver 406 such as a set-top box (STB), comprises a third party secured module 420, such as a smart card, a decryption module 422 arranged to decrypt encrypted content using a control word, and a receiver proxy module 424.
  • the head-end proxy module 416 is fully DVB Simulcrypt
  • the proxy modules 416 and 424 enable content fingerprinting to be implemented without changes to the third party CA system (which includes the third party ECMG 410, the third party EMMG 412 and the third party secured module 420).
  • content is partly duplicated, watermarked and encrypted in the head-end proxy module 416.
  • Control words and meta-data are sent to the head-end proxy module 416.
  • the head-end proxy module 416 uses the third party ECMG 410 to create the "normal" third party ECMs containing the control words used to encrypt and decrypt the content.
  • These "normal" ECMs and associated control words are referred to hereinafter as "content ECMs" and "content control words” since these ECMs contain the control words used for encryption and decryption of the content.
  • Each content ECM is itself scrambled (or encrypted) with a "supplementary" control word.
  • the supplementary control word is "supplementary" in the sense that it is an extra control word in addition to the content control word used to encrypt and decrypt the content.
  • the head-end proxy module 416 uses the third party ECMG 410 to create a "supplementary ECM" containing the supplementary control word that is used to encrypt the content ECM.
  • the head-end proxy module 424 provides an additional level of security/encryption using the supplementary control words and supplementary ECMs.
  • the head-end proxy module 4 6 transmits the content ECMs and supplementary ECMs to the receiver 406 via the network 404.
  • the encrypted content is also sent from the head-end 402 to the receiver 406 by means of the network 404.
  • the third party EMMG 412 is unchanged and provides EMMs to the receiver 406 by means of the network 404.
  • the receiver proxy module 424 receives the
  • Each supplementary ECM is directed (or sent) to the third party secured module 420 to obtain the respective supplementary control word.
  • the supplementary control word may then be used to descramble (or decrypt) the content ECM using the decryption module 422 of the STB chipset.
  • the receiver proxy module 424 then uses the third party secured module 420 to obtain the content control word from the content ECM.
  • the content control word may then be used in the decryption module 422 (which may be a CSA descrambler) so as to decrypt the encrypted content.
  • Figures 5 and 6 show the head-end processing in more detail.
  • Figure 5 schematically illustrates the content processing at the head-end 402.
  • the content M (which may be audio or video or both) is partially duplicated by a section generator 306.
  • Each duplicated content section is then modified for future identification by a modifier 307 to provide two section versions.
  • the modification may be by watermarking so as to provide a first watermarked content portion MWMA using a first watermark WMA and a second watermarked content portion M W MB using a second watermark WMB.
  • These initial steps are performed under the control of the head-end proxy module 416. It will be appreciated that only a single quality level of each content section is shown in Figure 5, but multiple quality levels could be used as in Figure 3.
  • Each section version 204 is then scrambled with a different content control word using the encryption module 414.
  • the content control words are referred to as CWA and CWB hereinafter.
  • the duplicated and differently watermarked section versions 204 are then combined (e.g. by concatenation) for transmission to the receiver 406 via the network.
  • the watermarked content in the transmitted content stream is defined by:
  • Figure 6 schematically illustrates the control word and ECM processing at the head-end 402.
  • the third party EMMG 412 is not shown in Figure 6 for simplicity.
  • the proxy module 416 has access to the content control words CWA and CWB.
  • the proxy module also has access to a P-bit identification number (ID) associated with a particular receiver 406. This ID is used to uniquely fingerprint the content accessible by that receiver 406 as described above with reference to Figure 2.
  • ID P-bit identification number
  • the proxy module 416 uses the third party ECMG 410 to generate two content ECMs (one with CWA and one with CWB) which also contain access criteria (AC) defining the conditions under which access to the control words is granted.
  • the access criteria are configured for the third party CA system and may be either access criteria by pointer or access criteria by value.
  • First content ECM ECM(CWA+AC) (2)
  • the proxy module 416 generates two supplementary control words CWSA and CWSB.
  • the proxy module uses the third party ECMG 410 to generate two supplementary ECMs (one with CWSA and one with CWSB) and related access criteria.
  • the access criteria for the supplementary ECMs are mutually exclusive (as represented by "bif and "bi ' in Equations 4 and 5 below). Thus, a given receiver 406 will only be able to access one of the two supplementary control words (CWSA and CWSB).
  • First supplementary ECM ECM(CWSA+bit) (4)
  • Second supplementary ECM ECM(CWSB+bit) (5)
  • the supplementary control words CWSA and CWSB are delivered to the receiver 406 in a separate ECM pair which is revered to as the supplementary ECM pair.
  • the two supplementary ECM sections are combined (e.g.
  • the content ECMs are uniquely packetized and scrambled.
  • the proxy module 416 uses the encryption module 414(3) to encrypt the first content ECM using the first supplementary control word CWSA, and the proxy module 416 uses the encryption module 414(4) to encrypt the second content ECM using the second supplementary control word CWSB.
  • the scrambled content ECMs are then combined (e.g. concatenated) to form a content ECM pair.
  • head-end encryption modules 414(1), 414(2), 414(3) and 414(4) are shown as separate functional blocks for clarity in Figures 5 and 6. However, it will be appreciated that a single head-end encryption module may alternatively be used. Other implementations are also possible.
  • FIG. 7 schematically illustrates the processing at the receiver 406 according to an embodiment of the invention.
  • the supplementary ECM pair containing the two mutually exclusive supplementary ECMs is received by the receiver proxy module 424.
  • the proxy module 424 separates the two supplementary ECMs from the supplementary ECM pair and processes each supplementary ECM through the third party secured module 420, suppressing any error message which might result in error banners.
  • One of the supplementary ECMs will be successfully processed by the secured module 420, and the supplementary control word contained in this supplementary ECM will be provided to the proxy module 424. Only one of the two supplementary ECMs is able to be successfully descrambled due to the mutually exclusive access criteria represented by "bit" and "bit".
  • the proxy module 424 is able to gain access to either CWSA or CWSB by means of the secured module 420.
  • the proxy module 424 then passes the supplementary control word (CWSA or CWSB) to the decryption module 422(1) in order to partially
  • the output of the decryption module 422(1) is then processed by the proxy module 424 so as to filter out the random data.
  • the proxy module 424 acts to remove the "random" content ECM sections of the output which are not formatted in a valid ECM section. This filtering acts to negate any problems in the third party secured module 420 which might be triggered by receipt of invalid ECM sections.
  • the valid content ECM will be
  • ECM(CWA+AC) ECM(CWB+AC)
  • the output of the decryption module 422(2) will be:
  • the content control word (CWA or CWB) provided by the secured module 420 may be directed to the decryption module 422(2) by means of the proxy module 424.
  • the proxy module 424 governs all ECM/CW communications with the secured module 420 to ensure that all ECMs and CWs are correctly routed and controlled.
  • the proxy modules 416 and 424 it is possible to disable the proxy modules 416 and 424 in some instances.
  • the content M is not duplicated by the head-end 402 and only a single content ECM is required containing the content control word of the component (or service).
  • the content ECM is not scrambled and is sent directly to the third party secured module 420 of the receiver 406.
  • the receiver proxy module 424 will not be used.
  • the present invention may also be used in DVB Simulcrypt for
  • P-bit identification numbers are uniquely assigned to all secured devices 424.
  • the SCS must create content ECMs and supplementary ECMs for each secured device according to the methodology described above.
  • the head-end proxy module 416 is configured to create single content ECMs using the first content control word CWA only, and there is no scrambling of the single content ECM at the head-end.
  • the above-mentioned functionality may be implemented as one or more corresponding modules as hardware and/or software.
  • the above-mentioned functionality may be implemented as one or more software components for execution by a processor of the system.
  • the above-mentioned functionality may be implemented as hardware, such as on one or more field-programmable-gate-arrays (FPGAs), and/or one or more application-specific-integrated-circuits (ASICs), and/or one or more digital-signal-processors (DSPs), and/or other hardware arrangements.
  • FPGAs field-programmable-gate-arrays
  • ASICs application-specific-integrated-circuits
  • DSPs digital-signal-processors
  • the computer program may have one or more program instructions, or program code, which, when executed by a computer carries out an embodiment of the invention.
  • program may be a sequence of instructions designed for execution on a computer system, and may include a subroutine, a function, a procedure, a module, an object method, an object implementation, an executable application, an applet, a servlet, source code, object code, a shared library, a dynamic linked library, and/or other sequences of instructions designed for execution on a computer system.
  • the storage medium may be a magnetic disc (such as a hard drive or a floppy disc), an optical disc (such as a CD-ROM, a DVD-ROM or a BluRay disc), or a memory (such as a ROM, a RAM, EEPROM, EPROM, Flash memory or a portable/removable memory device), etc.
  • the transmission medium may be a communications signal, a data broadcast, a communications link between two or more computers, etc.

Abstract

There is described a proxy module for use in a head-end. The head-end comprises an entitlement control message (ECM) generator arranged to generate ECMs. The head-end further comprises an encryption module arranged to encrypt content using a control word. The proxy module is arranged to: access a content control word; use the ECM generator to generate a content ECM including the content control word; generate a supplementary control word; use the ECM generator to generate a supplementary ECM including the supplementary control word; use the encryption module to encrypt the content ECM using the supplementary control word; and use the encryption module to encrypt content using the content control word. A corresponding method of providing encrypted content is also provided. There is also described a proxy module for use in a receiver arranged to receive entitlement control messages (ECMs) and encrypted content. The receiver comprises a secured module arranged to process an ECM so as to provide a control word. The receiver further comprises a decryption module arranged to decrypt encrypted content using a control word. The proxy module is arranged to: use the secured module to obtain a supplementary control word from a supplementary ECM; use the supplementary control word in the decryption module to obtain a content ECM from an encrypted version of the content ECM; use the secured module to obtain a content control word from the content ECM; and use the content control word in the decryption module to decrypt encrypted content. A corresponding method of enabling a receiver to access encrypted content is also provided.

Description

PROXY MODULES
Field of the invention The present invention relates to a proxy module for use in a head-end, and to a method of providing encrypted content using the head-end proxy module. The invention further relates to an associated proxy module for use in a receiver, and to a method of enabling a receiver to access encrypted content using the receiver proxy module.
Background of the invention
Digital watermarking Of content is very well known. Herein, the term "content" or "item of content" refers to data comprising one or more of video data, image data, audio data, media or multimedia data, text data, or any other form of content data.
There are many methods for performing digital watermarking of content but, in general, they all involve adding a watermark to an item of content. This involves embedding, or adding, watermark symbols (or a watermark codeword or payload data) into the original item of content to form a watermarked item of content. The watermarked item of content can then be distributed to one or more users (or recipients or receivers). The method used for adding a watermark to an item of content depends on the intended purpose of the watermark. Some watermarking techniques are designed to be "robust", in the sense that the embedded watermark can be successfully decoded even if the watermarked item of content has undergone subsequent processing (be that malicious or otherwise). Some watermarking techniques are designed to be "fragile", in the sense that the embedded watermark cannot be successfully decoded if the watermarked item of content has undergone subsequent processing or modification. Some watermarking techniques are designed such that the difference between the original item of content and the watermarked item of content is substantially imperceptible to a human user (e.g. the original item of content and the watermarked item of content are visually and/or audibly indistinguishable to a human user). Other criteria for how a watermark is added to an item of content exist.
Fingerprint watermarking is increasingly being used to trace or identify the source of (or a party/device involved in) the unauthorized distribution or publication or release of content. For this type of watermarking process, the watermarked content provided to a receiver contains a watermark specific to that receiver (i.e. the watermark carries or encodes a payload or codeword specific to that receiver and identifying that receiver). Each of the receivers receives a copy of the original item of content with their respective watermark embedded therein. Then, if an unauthorized copy of the item of content is located, the watermark can be decoded from that item of content and the receiver that corresponds to the decoded watermark can be identified as the source of (or a party/device involved in providing/releasing) the unauthorized copy.
Figure 1a of the accompanying drawings schematically illustrates a system 100 providing secure content delivery. The system 100 comprises a content provider system 102, a network 104 and a receiver 106. The content provider system 102 is arranged to transmit data to the receiver 106 via the network 104.
The network 104 may be any kind of network suitable for transmitting or communicating data from the content provider system 102 to the receiver 106. For example, the network 104 could comprise one or more of a local area network, a wide area network, a metropolitan area network, the internet, a wireless communications network, a cable network, a digital broadcast network, a satellite communication network, a telephone network, etc. The content provider system 102 may then communicate with the receiver 106 over the network 104 via any suitable communication mechanism/protocol in order to communicate data from the content provider system 102 to the receiver 106.
The content provider system 102 may be any system that is suitable for communicating data to the receiver 106 via the network 104. The content provider system 102 comprises one or more processors 110, a memory 1 12 and a network interface 114. The network interface 114 is arranged to interface with the network 104 to enable the content provider system 102 to communicate with the network 104 (so that the content provider system 102 can then communicate with the receiver 106 via the network 104). The content provider system 102 may store, in the memory 112, data to be transmitted to the receiver 106. This data may be generated by the processor(s) 110 and/or may be data that the content provider system 102 receives from another system (not shown in Figure 1a).
As examples, the content provider system 102 could be a head-end system of a digital broadcast system (in which case the network 104 could comprise a terrestrial broadcast network or a satellite broadcast network) or the content provider system 102 could be a head-end system of a cable network system (in which case the network 104 could comprise a cable network). The content provider system 102 could comprise one or more servers for transmitting, or providing access to, data over the internet (in which case the network 104 may comprise the internet). However, it will be appreciated that the content provider system 102 may take other forms instead.
The data to be transmitted from the content provider system 102 to the receiver 106 comprises content M and conditional access data. The content M may be any form of content, and may comprise one or more of video data, image data, audio data, multimedia data, text data, etc. The content M may be provided to the content provider system 102 by a separate system (not shown in Figure 1a) for the content provider system 102 to then provide to the receiver 106. The content M is transmitted in encrypted (scrambled) form. In particular, one or more sections of the content M may be encrypted with a respective control word CW (an encryption/decryption key) - the CW to be used to encrypt a current amount of content M may be changed on a regular basis, e.g. once every couple of seconds. Figure 1a illustrates encrypted content {M}cw being transmitted from the content provider system 102 to the receiver system 106 in general, throughout this description, an amount of data X that is encrypted and for which a decryption key K is required to decrypt the encrypted data to obtain the cleartext data X is represented as {Χ}κ. The conditional access data may comprise data which the receiver 106 can, if sufficiently authorised, use to gain access to the encrypted content - this typically includes entitlement control messages (ECMs) and entitlement management messages (EMMs). This shall be described in more detail shortly. The content M and the conditional access data may be encoded as respective data streams that are multiplexed together in a single transport stream that is transmitted from the content provider system 102 to the receiver 106 via the network 104.
The content provider system 102 may comprise one or more conditional access (CA) and/or digital rights management (DRM) systems or modules (which may be executed by the processor(s) 110) which are responsible for performing the encryption of the content M, the generation and cycling of CWs, and the generation of the conditional access data (e.g. ECMs and EMMs) according to the authorization of subscribers. This is illustrated in more detail in Figure 1 b of the accompanying drawings, as set out in more detail later.
The receiver 106 may be any system that is suitable for receiving data from the content provider system 102 over the network 104. The receiver 106 comprises a network interface 120, a receiver device (or module) 122, and a decoder 24. The receiver device 122 is communicably coupled to a secured module 130 of a CA system. The receiver device 122 may be implemented as hardware (e.g. a receiver chip set) or may be implemented as obfuscated software or firmware executed on a processor inside the receiver 106. The receiver 106 may include a CA system application programming interface (API) which is a CA system specific interface in which the receiver firmware provides an abstraction of the hardware resources that are used by a CA system. A standardised CA system API is part of the DVB Common Interface specification. Some examples of the hardware resources that might be supported in the CA system API are:
• Loading a CW into a hardware descrambler (e.g. the DVB-CSA descrambler).
• Establishing a secure communication interface for loading the CW.
• Configuring data filters for pre processing the broadcast CA data stream (ECMs and EMMs).
• Secure data storage for key information. • Display of messages to the user.
• Receiving input from an end user (e.g. a PIN code).
Most CA systems specify a proprietary API for their version of the CA system API. Most of the functionality is generic, the receiver firmware manufacturer can easily map a generic internal CA system API to a proprietary one used in a specific CA system.
The network interface 120 is arranged to interface with the network 04 to enable the receiver 106 to receive data from the network 104. Data received by the network interface 120 is passed to the receiver device 122. The receiver device 122 passes conditional access data that it receives to the secured module. The secured module 130 processes the conditional access data and, if the secured module 130 is authorised to provide access to the received content M, the secured module 130 provides information over a communication channel or interface 140 to the receiver device 122 that enables the receiver device 122 to decrypt the encrypted content {M}Cw - this information could be the CW itself or information from which the receiver device 122 is able to generate the CW. The receiver device 122, upon obtaining a valid CW, decrypts the encrypted content {M}cw using the CW so as to produce the cleartext content M. The receiver device 122 is arranged to pass the content M to the decoder module 124. The decoder module 124 is arranged to perform any decoding necessary (e.g. data compression decoding), formatting, signal generation, etc. so as to output the content M in a suitable form (e.g. a signal for provision to a television). In some systems, the decoder module 124 is not part of the receiver 106 but may, instead, form part of a separate system (such as a television). In other systems, the decoder module 124 and the receiver device 122 may be
implemented within the same hardware and/or software.
Typically, an ECM contains a CW that the receiver 106 needs to decrypt the encrypted content {M}cw, or at least information by which the receiver 106 can generate the CW. In order to secure the CW so that only authorised receivers 106 can access the content M, the content of the ECM is encrypted using a key PK. An EMM is transmitted to the receiver 106, where the EMM contains the key PK. The key PK is contained in the EMM in encrypted form - this is performed in a manner that only the secured module 130 (or a group of secured modules 130) can decrypt (e.g. using a public key associated with a private key of the secured module 130, or using a secret key shared only by the secured module 130 and the content provider system 102). The EMM is, therefore, targeted at the specific secured module 130 (or group of secured modules 130) and will only have been transmitted by the content provider system 102 if the content provider system 102 wishes (or has been instructed) to provide the subscriber/user associated with the secured module 130 access to the content M. The secured module 130 to which the EMM is targeted can decrypt the content of the EMM to access the key PK. The secured module 130 can then use the key PK to decrypt the content of the ECM, and can then pass some or all of the content of the ECM, via the interface 140, to the receiver device 122 to enable the receiver device 122 to decrypt the encrypted content {M}cw- The secured module 130 (sometimes referred to as a conditional access
(CA) client and/or a digital rights management (DRM) client) may take one of several forms. For example, the secured module 130 may be a smart card with embedded software for carrying out the above functionality, the smart card being removable from the receiver 106; or the secured module 130 may be
implemented as obfuscated software or firmware executed on a processor inside the receiver 106 (an example of which is disclosed in EP2227015 - for example, Figures 3 and 7 thereof and their associated descriptions - the entire disclosure of EP2227015 is incorporated herein by reference).
As examples, the receiver 106 may comprise one or more of a set-top- box, a personal computer, a mobile telephone, a games console, etc., but it will be appreciated that the receiver 106 may take other forms instead.
Although a single content provider system 102, a single network 104 and a single receiver 106 are illustrated in Figure 1a, it will be appreciated that the system 100 could comprise multiple content provider systems 102, multiple networks 104 and multiple receivers 106, and that Figure 1a has been simplified for ease of illustration. In particular, each content provider system 102 may provide data to multiple receivers 106 over one or more networks 104, and each receiver 106 may receive data from multiple content provider systems 102 over one or more networks 104.
As mentioned above, the CW (or information from which the receiver device 122 can obtain the CW) is communicated over the interface 140 from the secured module 130 to the receiver device 122. For ease of explanation, the rest of the description shall refer to the CW itself being communicated to (or received at or obtained at) the receiver device 122, but it will be appreciated that the description applies equally to information from which the receiver device 122 can obtain the CW.
The interface 140 needs to be secure. If the interface 140 is not secure, then an attacker can monitor the interface 140 and read the CWs and distribute them to other receivers 106 whose subscribers/users (or, equivalently, their associated secured modules 130) are not authorised to access the content M so that those subscribers/users can access the content M in an unauthorised manner.
Figure 1b of the accompanying drawings schematically illustrates more details of an example content provider system 102. The CA system comprises an EMM generator (EMMG) and an ECM generator (ECMG) that generate EMMs and ECMs respectively As mentioned above, the content of an ECM is encrypted using a key PK. The key PK is contained in an associated EMM. The content of the EMM is encrypted using a key associated with a target secured module 130. An EMM may, additionally or alternatively, contain a session key LK together with an encrypted form of that session key {LK}CSUK (encrypted using the key CSUK of a target receiver device 122). The content provider system 102 comprises a multiplexer that multiplexes together (a) a content data stream; (b) a data stream comprising the EMMs generated by the EMMG; and (c) a data stream comprising the ECMs generated by the ECMG - the multiplexer outputs a transport stream. A scrambler then scrambles portions of the content data stream in the transport stream using the generated CW. This scrambled transport stream may then be communicated to receivers 106 via the network 104. The above description of Figure 1 b is well-known in this field of technology and shall not be described in more detail herein.
The skilled person will appreciate that the above system 100 and variants thereof are well known and, therefore, no further details need be provided herein for such conventional systems.
International patent application WO01/67667 (the entire disclosure of which is incorporated herein by reference) describes a technique in which content can be delivered in an encrypted form to a plurality of receivers in such a manner that the content stream recovered at each receiver or subset of receivers carries a different set of watermark symbols, or fingerprint, from that recovered at other receivers or subsets of receivers. This is achieved by including in a content stream multiple (typically two) copies of some or all portions of the content, each copy carrying a different watermark symbol and being encrypted using a different control word than the other copies of the same content portion. By controlling the control words available at each receiver, the set of watermark symbols, or fingerprint, present in a content stream reconstructed at each receiver is controlled. European patent application EP2429189 (the entire disclosure of which is incorporated herein by reference) discloses how to use a system such as the system 100 of figure 1 to carry out adaptive content delivery with
watermarking (or fingerprinting). Figures 2 and 3 of the accompanying drawings depict how the system 100 of figure 1 may be arranged to carry out adaptive content delivery with watermarking (or fingerprinting) based on the methods and systems set out in WO01/67667 and EP2429189.
Figure 2 schematically illustrates how an item of content 200 may be viewed as, or divided/separated into, a number of sections 202 (or content chunks). In Figure 2, there are m sections 202 labelled S-i , S2, S3l S4, Sm. The sections 202 are usually non-overlapping and, when concatenated together in order (i.e. in their time-based ordering), form the item of content 200. Each section 202 may contain, or represent, a few seconds of content or a number of frames/fields of audio/video (or some other time-based quantity of content). The sections 202 may be of the same length, or may be of different lengths.
For one or more of the sections 202, there may be multiple versions (or variants) 204 of that section 202. A version 204 of a section 202 may be generated by encoding a copy of that section 202 (e.g. data compression, formatting, etc.) to achieve a corresponding quality level or a corresponding bandwidth requirement - the lower the quality level, the less bandwidth is required to communicate the section version 204 across the network 106 to the receiver 106. These different quality levels (or bandwidth characteristics) can be achieved by, for example, changing the resolution of video/image data (higher qualities may use higher resolutions), changing quantisation or sampling levels (higher qualities corresponding to less quantisation), etc., as is well-known in the art. In Figure 2, for section Si, there are n versions 204 of that section Si labelled S^Q^, SiQ2 SiQn, (where n>1). Herein, a label "SjQj" indicates the i-th section S, encoded to a quality level Qj. A version 204 of a section 202 may be generated by watermarking a copy of that section 202 to embed a corresponding message/payload/symbol therein. In Figure 2, for section S2) there are t (where t≥2) watermarked versions 204 of that section S2 labelled S2Mi, S2M2,... ,S2Mt, that all have their own respective (relatively different) watermarks embedded therein, so that they are all distinct versions of the section S2. Herein, a label
"SjMk" indicates the k-th watermarked version of the i-th section S,. The encoding and watermarking may be combined, so that a version 204 of a section 202 may be generated by watermarking a copy of that section 202 that has been encoded in a manner to achieve a corresponding quality level or a corresponding bandwidth requirement, in order to embed a corresponding
message/payload/symbol therein. In Figure 2, for section S4, there are n quality levels for that section S4, and for each one of those n quality levels, there are t watermarked versions 204 - these are labelled S4Q1M1 , S4Qn t (where n≥1 and t≥2). The watermarks used for any given quality level are different from each other. Herein, a label "SiQjMk" indicates the k-th watermarked version of the i-th section S, encoded at quality level Qj. It will be appreciated that for different quality levels Qji and Qj2) the number of different watermarked versions of a section 202 encoded at those quality levels may be different from each other, and the watermarks embedded for one quality level may differ from the watermarks embedded for another quality level. Different sections 202 may have different numbers of versions 204 generated using (a) different numbers of quality levels (and the actual quality levels used may vary from section 202 to section 202) and/or (b) different numbers of watermarks (and the actual watermarks embedded may vary from section 202 to section 202).
Some sections 202 may only have a single version 204 (which could be the same as, or different from, that original section 202).
Thus, for each of the plurality of sections 202 of the item of content 200, the content provider system 102 is arranged to provide one or more versions 204 of that section. To achieve the fingerprint watermarking, there is at least one section 202 for which the content provider system 02 is arranged to provide a plurality of differently watermarked versions of that section 202 (be they versions SjMk not encoded to different quality levels or versions SjQjMk that are encoded to different quality levels). The content provider system 102 may store the section versions 204 in the memory 1 12 (possibly along with the original content sections 202).
If limited bandwidth is available for communicating content to the receiver 106, this may be detected by the receiver 106 and the receiver 106 can then choose to request a section version 204 with a lower bandwidth characteristic (i.e. a lower quality level). If/when more bandwidth becomes available for communicating content to the receiver 06, this may be detected by the receiver 106 and the receiver 106 can choose to request a section version 204 with a higher bandwidth characteristic (i.e. a higher quality level). These requests can be satisfied by the content provider system 102 providing the receiver 106 with the requested section version 204 encoded at a quality level appropriate to the requested bandwidth characteristic. Similarly, if limited bandwidth is available for communicating content to the receiver 106, this may be detected by the content provider system 102 and the content provider system 02 can then choose to provide to the receiver 106 a section version 204 with a lower bandwidth characteristic (i.e. a lower quality level). If/when more bandwidth becomes available for communicating content to the receiver 106, this may be detected by the content provider system 102 and the content provider system 102 can choose to provide to the receiver 06 a section version 204 with a higher bandwidth characteristic (i.e. a higher quality level).
To achieve fingerprint watermarking, the receiver 106 (or a user, or a group of receivers 106 or users) is provided access to a corresponding specific sequence (or set or group) of watermarked section versions 204 (be they versions SjMk or SjQjMk). This specific sequence is different from sequences of watermarked section versions 204 used by other receivers. In particular, if there are W receivers in a population of receivers, then the w-th receiver (1≤w≤W) may be associated with a sequence of watermarked section versions Sj(Wii)Mk(W,i), Sj(w,2)Mk(w,2), · · · , Si(w,p)Mk(w,p), where there are P watermarked section versions 204 in the specific sequence associated with the w-th receiver, and for 1≤p≤P, the p- th section version 204 in the specific sequence is Sj(W,p)Mk(W,P) for some indices i(w,p) and k(w,p). This sequence of watermarked section versions Sj(W,i)Mk(w,i), Si(w,2)Mk(Wi2), Si(w,p)Mk(w,p), (or the sequence of index pairs (i(w,1),k(w,1)), (i(w,2),k(w,2)),..., (i(w,P),k(w,P)) ) is unique to the w-th receiver. It will be appreciated that section versions using different quality levels could be involved in the above sequence too. The receiver 106, upon receiving the section versions 204 from the content provider system 02, may combine (e.g.
concatenate) the received section versions 204 to form a version of the original item of content 200. As this version of the original item of content 200 will use the specific sequence of watermarked section versions 204, it will be specific to that receiver 106. Therefore, if that version of the original item of content 200 is distributed or released in an unauthorised manner, a watermark decoder can be used to identify that that specific sequence of watermarked section versions 204 was used to form that version of the original item of content 200, and hence identify that particular receiver.
As an example, the content provider system 102 may associate each receiver with a corresponding P-bit identification number - let the i-th bit of the identification number be b(i) (1<i≤P). If P sections Si , ... ,SP are available and each of these sections 202 has corresponding differently watermarked sections versions SjMo and SjMi (1<i≤P) (i.e. a version 204 watermarked with a symbol representing a "0" and a version 204 watermarked with a symbol representing a "1"), then a receiver's P-bit identification number may be associated with a sequence of watermarked sections corresponding to that P-bit identification number - in particular, the i-th section version 204 in that sequence will be SjMb(i). For example, if P=6 and the identification number associated with a particular receiver is 110101 , then that receiver may be provided access to watermarked section versions SI ML S2ML S3M0, S4M1 , S5M0 and SeMi.
The use of an identification number in this way is not essential. The sequence of watermarked section versions 204 associated with a particular receiver could be randomly determined/generated. The sequence of
watermarked section versions 204 need not be of fixed length (length P above) but could, for example, keep increasing in size as more and more section versions are provided to a receiver. The sequence of watermarked section versions 204 may be predetermined for a receiver or may be dynamically generated as and when the section versions 204 are being provided to the receiver. It will be appreciated that other mechanisms for determining a specific sequence of watermarked section versions 204 associated with a particular receiver could be used. However, in general, the content provider system 102 determines (or generates or calculates) the specific sequence of watermarked section versions 204 to associate with a particular receiver and may store data identifying (or from which can be calculated) that specific sequence of
watermarked section versions 204 (e.g. the sequence of index pairs mention above, or a seed value used for randomly choosing a watermarked section version 204).
Figure 3 schematically illustrates a process and architecture for the content provider system 102 to prepare the item of content 200 for adaptive content delivery with watermarking (or fingerprinting). This may be carried out by the processor(s) 1 10 executing one or more software processes; additionally or alternatively, this may be carried out by one or more hardware components of the content provider system 102 (not shown in Figure 1). The original item of content 200 is either received by an input 300 or is generated by a content generator 302. This original item of content 200 may contain a watermark (e.g. a watermark identifying information such as an owner of copyright in the content 200 or other metadata concerning the content 200) - such a watermark may have been embedded into the content 200 by another system (not shown in the Figures).
The item of content 200 is provided to content encoders 304. In Figure 3, two content encoders 304(1) and 304(2) are illustrated, and each content encoder 304 is arranged to encode the item of content 200 at a respective quality encoding level different from the quality encoding level used by the other content encoders 304. It will, of course, be appreciated that more than two content encoders 304 could be used, each arranged to encode the item of content 200 at its own respective quality encoding level different from the quality encoding levels used by the other content encoders 304. It will, additionally, be appreciated that a single content encoder 304 could be used so that, instead of encoding the item of content 200 at different quality levels in parallel (as is shown in Figure 2), the item of content 200 may be encoded by the single content encoder 304 at a first quality level, then the item of content 200 may be encoded by the same content encoder 304 at a second quality level, and so on. A mixture of such encoder configurations is possible.
Each of these encoded items of content is split (or divided or separated) into a number of section versions 204 by respective section generators 306. As for the content encoders 304, in Figure 3 two section generators 306(1) and 306(2) are illustrated, and each section generator 306 is arranged to generate section versions 204 from the encoded item of content 200 provided by a corresponding content encoder 304. It will, of course, be appreciated that more than two section generators 306 could be used, for example if more than two content encoders 304 are used. It will, additionally, be appreciated that a section generator 306 may generate section versions 204 out of encoded items of content 200 provided by multiple content encoders 304 - for example, a single section generator 306 could be used in Figure 3, where this single section generator 306 is arranged to generate a first set of section versions 204 from the encoded item of content 200 output by the first content encoder 304(1) and to then generate a second set of section versions 204 from the encoded item of content 200 output by the second content encoder 304(2), and so on. A mixture of such section generator configurations is possible.
A time alignment module 308 coordinates the generation of the section versions 204 by the section generators 306 so that the section versions 204 generated from respective encoded items of content 200 (output by the content encoders 304) are time-aligned, i.e. so that two section versions SjQqi and SjQq2 for the i-th section 202 of the original item of content 200 encoded at different quality levels q1 and q2 will start at the same point within the original item of content 200 and will end at the same point within the original item of content 200. In this way, a version of the item of content 200 can be formed by selecting, for each section 202 of the item of content 200, a respective section version 204 and then concatenating those section versions 204 in order - different section versions 204 corresponding to the same section 202 of the item of content 200 can be interchanged as they are time-aligned. In other words, seamless switching between section versions 204 with different encoding quality can be carried out.
Each of the section versions 204 output by the section generators 306 is then supplied to a modifier module 307. The modifier module 307 is arranged to modify or process a section version 204 that it has received in order to create a modified section version 204. This modification may be, for example, by watermarking the received section version 204 so as to embed a corresponding symbol or payload into the received section version 204 - this may be achieved by know watermarking techniques. In Figure 3, four modifier modules 307(1)- 307(4) are illustrated: a first modifier module 307(1) receives the section versions 204 output by the first section generator 306(1) and embeds a first symbol into those section versions 204 to output a first set of final section versions 204; a second modifier module 307(2) receives the section versions 204 output by the first section generator 306(1 ) and embeds a second symbol into those section versions 204 to output a second set of final section versions 204; a third modifier module 307(3) receives the section versions 204 output by the second section generator 306(2) and embeds the first symbol into those section versions 204 to output a third set of final section versions 204; and a fourth modifier module 307(4) receives the section versions 204 output by the second section generator 306(2) and embeds the second symbol into those section versions 204 to output a fourth set of final section versions 204. In this particular configuration, for an initial section Sj of the original item of content 200, there will be generated four corresponding sections versions SjQiMi, SiQiM2, SiQ2Mi, SiQ2M2. It will, of course, be appreciated that a different number of modifier modules 307 could be used. For example, if t watermarked versions of a section output by a section generator 306 are to be generated, then t modifier modules 307 could be implemented and coupled to that section generator 306. It will, additionally, be appreciated that a modified module 307 may be arranged to modify a section in a first manner to output a first section version 204 (e.g. by embedding a first watermark symbol) and may then modify that initial received section in a second manner to output a second section version 204 (e.g. by embedding a second different watermark symbol), and so on. A modifier module 307 may be arranged to receive sections generated by multiple section generators 306. A mixture of such modified module configurations is possible.
It will be appreciated that the functionality provided by the content encoders 304 and/or the section generators 306 and/or the modifier modules 307 may be implemented in whole or in part in together by a single module, rather than by separate modules as shown in Figure 3.
The ordering in which the processing is illustrated in Figure 3 may be changed. For example, the content sections 202 may be generated initially by one or more section generators 306 from the original item of content 200, and these sections 202 may then be passed to content encoders 304 which then encode the sections 202 to generate the section versions 204 and these may then be modified by modifier modules 307. Similarly, different watermarked versions of the original item of content 200 may be generated by one or more modifier modules 307, these modified items of content may then be encoded to different quality levels by respective content encoders 306, following which the sections versions 204 may be generated by one or more section generators 306 from the encoded modified items of content. Other arrangements are, of course, possible to result in the generation of the section versions 204.
The generated section versions 204 are stored in the memory 112.
Whilst Figure 3 illustrates the generation of content versions 204 that are encoded at different quality levels and that have respective watermarks
embedded therein (i.e. section versions SjQjMk), it will be appreciated that not all section versions 204 need to be watermarked, e.g. some of the section versions 204 output by the section generators 306 may be stored directly into the memory 112 in addition to, or possibly without being, passed to a modified module 307 - in this way, section versions SjQj may be generated and stored in the memory 112. Similarly, it will be appreciated that not all section versions 204 need to be encoded to a particular quality level, e.g. a section generator 306 may receive the original item of content 200 instead of receiving an encoded item of content - in this way, section versions SjMk, or even just section versions Si, may be generated and stored in the memory 112.
It will be appreciated, therefore, that the arrangement shown in Figure 3 is purely exemplary and that alternatives are possible to achieve the types of section version generation discussed above with reference to Figure 2.
A content format module 310 may determine, for each of the section versions 204, a corresponding reference (or identifier) with which that section version 204 can be identified, accessed and retrieved from the memory 112. The content format module 310 may also generate additional/other metadata 3 2 that can ultimately be used by the receiver 106 to generate the references that the receiver 106 will need to request and retrieve the appropriate/desired section versions 204. For example, this metadata 310 may take the form of a playlist (i.e. a file separate from the content and containing links or references to locations, such as URLs, for the content versions 204) - this playlist may then be provided to the receiver 06 so that the receiver 106 can select one or more section versions 204 identified in the playlist and then request those selected section versions 204 from the content provider system 102. Alternatively, the content provider system 102 may provide a content file to the receiver 106 containing one or more section versions 204, and the metadata 310 may take the form of a manifest (i.e. a portion of the content file provided to the receiver 106) that identifies where, within the content file, the section versions 204 are located. For performing fingerprint watermarking, the section versions 204 identified in the playlist or manifest provided to a receiver will include the specific sequence of watermarked section versions 204 associated with that receiver.
Some existing CA systems have legacy receivers that are not compatible with the fingerprinting techniques described in WO01/67667 and EP2429189. Nonetheless, it would be desirable to be able to implement these fingerprinting techniques in such legacy receivers so as to provide additional security and functionality to existing CA systems. The present invention aims to provide such an implementation without requiring changes to the secured module of the legacy receiver. Summary of the invention
According to a first aspect of the present invention, there is provided a proxy module for use in a receiver arranged to receive entitlement control messages (ECMs) and encrypted content. The receiver comprises a secured module arranged to process an ECM so as to provide a control word. The receiver further comprises a decryption module arranged to decrypt encrypted content using a control word. The proxy module is arranged to use the secured module to obtain a supplementary control word (CWSA or CWSB) from a supplementary ECM. The proxy module is further arranged to use the
supplementary control word (CWSA or CWSB) in the decryption module to obtain a content ECM from an encrypted version of the content ECM. The proxy module is further arranged to use the secured module to obtain a content control word (CWA or CWB) from the content ECM. The proxy module is further arranged to use the content control word (CWA or CWB) in the decryption module to decrypt encrypted content.
Thus, the present invention provides a receiver proxy module that can use the existing CA system API in the receiver firmware to remove functional CA system support limitations of the receiver. The use of a receiver proxy module makes updating the firmware relatively easy. The receiver proxy module can circumvent functional restrictions in the firmware processing. It can introduce a secondary "virtual" CA system in order to avoid CA system descriptor constraints and to enable the support for a second CA data stream component. It also can filter ECMs before forwarding them to the secured device to avoid processing of ECMs that result in an error message. It alternatively can intercept the I/O communication channel to block a specific type of CA system error messages. In a further variant, the receiver proxy module may implement some specific CA functionality that is not suitably supported in the legacy receiver 106. For the secured device, the receiver proxy module looks like the receiver firmware and, for the receiver firmware, the receiver proxy module looks like a secured device. For both elements the receiver proxy module has no noticeable effect.
In one embodiment, the proxy module is arranged to use the secured module to attempt to obtain a first supplementary control word (CWSA) from a first supplementary ECM. The proxy module is further arranged to use the secured module to attempt to obtain a second supplementary control word (CWSB) from a second supplementary ECM. Only one of the first and second supplementary control words (CWSA or CWSB) is validly obtainable by the secured module. The validly obtained one of the first and second supplementary control words (CWSA or CWSB) is defined as the supplementary control word, and the corresponding one of the first and second supplementary ECMs is defined as the supplementary ECM.
In one embodiment, the content ECM output by the decryption module includes at least one invalid ECM section, and the proxy module is further arranged to remove said at least one invalid ECM section from the content ECM before using the secured module to obtain the content control word from the content ECM. According to a second aspect of the present invention, there is provided a receiver comprising a secured module, a decryption module and a proxy module according to the first aspect. ln one embodiment, the secured module is a smart card or an obfuscated software module.
According to a third aspect of the present invention, there is provided a method of enabling a receiver to access encrypted content. The receiver comprises a secured module arranged to process an ECM so as to provide a control word. The receiver further comprises a decryption module arranged to decrypt encrypted content using a control word. The method comprises the steps of: (a) using the secured module to obtain a supplementary control word (CWSA or CWSB) from a supplementary ECM; (b) using the supplementary control word (CWSA or CWSB) in the decryption module to obtain a content ECM from an encrypted version of the content ECM; (c) using the secured module to obtain a content control word (CWA or CWB) from the content ECM; and (d) using the content control word (CWA or CWB) in the decryption module to decrypt encrypted content.
In one embodiment, the step (a) comprises using the secured module to attempt to obtain a first supplementary control word (CWSA) from a first supplementary ECM, and using the secured module to attempt to obtain a second supplementary control word (CWSB) from a second supplementary ECM. Only one of the first and second supplementary control words (CWSA or CWSB) is validly obtainable by the secured module. The validly obtained one of the first and second supplementary control words (CWSA or CWSB) is defined as the supplementary control word, and the corresponding one of the first and second supplementary ECMs is defined as the supplementary ECM.
In one embodiment, the content ECM output by the decryption module in step (b) includes at least one invalid ECM section, and the method further comprises removing said at least one invalid ECM section from the content ECM before performing step (c). According to a fourth aspect of the present invention, there is provided a proxy module for use in a head-end. The head-end comprises an entitlement control message (ECM) generator arranged to generate ECMs. The head-end further comprises an encryption module arranged to encrypt content using a control word. The proxy module is arranged to access a content control word (CWA or CWB). The proxy module is further arranged to use the ECM generator to generate a content ECM including the content control word (CWA or CWB). The proxy module is further arranged to generate a supplementary control word (CWSA or CWSB). The proxy module is further arranged to use the ECM generator to generate a supplementary ECM including the supplementary control word (CWSA or CWSB). The proxy module is further arranged to use the encryption module to encrypt the content ECM using the supplementary control word (CWSA or CWSB). The proxy module is further arranged to use the encryption module to encrypt content using the content control word (CWA or CWB).
In one embodiment, the content control word is a first content control word (CWA), the content ECM is a first content ECM, the supplementary control word is a first supplementary control word (CWSA), and the supplementary ECM is a first supplementary ECM. In this embodiment, the proxy module is further arranged to access a second content control word (CWB). The proxy module is further arranged to use the ECM generator to generate a second content ECM including the second content control word (CWB). The proxy module is further arranged to generate a second supplementary control word (CWSB). The proxy module is further arranged to use the ECM generator to generate a second supplementary ECM including the second supplementary control word (CWSB). The proxy module is further arranged to use the encryption module to encrypt the second content ECM using the second supplementary control word (CWSB). The proxy module is further arranged to use the encryption module to encrypt content using the second content control word (CWB). Optionally, the proxy module is further arranged to generate a supplementary ECM pair by
concatenating the first and second supplementary ECMs. Optionally, the proxy module is further arranged to generate a content ECM pair by concatenating the encrypted versions of the first and second content ECMs. According to a fifth aspect of the present invention, there is provided a head-end comprising an ECM generator, an encryption module and a proxy module according to the fourth aspect. According to a sixth aspect of the present invention, there is provided a method of providing encrypted content, the method comprising the steps of: (a) accessing a content control word (CWA or CWB); (b) using an entitlement control message (ECM) generator to generate a content ECM including the content control word (CWA or CWB); (c) generating a supplementary control word
(CWSA or CWSB); (d) using the ECM generator to generate a supplementary ECM including the supplementary control word (CWSA or CWSB); (e) using an encryption module to encrypt the content ECM using the supplementary control word (CWSA or CWSB); and (f) using the encryption module to encrypt content using the content control word (CWA or CWB).
In one embodiment, the content control word is a first content control word
(CWA), the content ECM is a first content ECM, the supplementary control word is a first supplementary control word (CWSA), and the supplementary ECM is a first supplementary ECM. In this embodiment, the method further comprises the steps of: (g) accessing a second content control word (CWB); (h) using the ECM generator to generate a second content ECM including the second content control word (CWB); (i) generating a second supplementary control word
(CWSB); (j) using the ECM generator to generate a second supplementary ECM including the second supplementary control word (CWSB); (k) using the encryption module to encrypt the second content ECM using the second supplementary control word (CWSB); and (I) using the encryption module to encrypt content using the second content control word (CWB). Optionally, the method further comprises generating a supplementary ECM pair by
concatenating the first and second supplementary ECMs. Optionally, the method further comprises generating a content ECM pair by concatenating the encrypted versions of the first and second content ECMs. According to a seventh aspect of the present invention, there is provided a computer program which, when executed by a processor, causes the processor to carry out a method according to the third aspect or the sixth aspect. According to a eighth aspect of the present invention, there is provided a computer readable medium storing a computer program according to the seventh aspect.
Other preferred features of the present invention are set out in the appended claims.
Brief description of the drawings
Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings, in which:
Figure 1a schematically illustrates a system providing secure content delivery;
Figure 1 b schematically illustrates more details of an example content provider system;
Figure 2 schematically illustrates how an item of content may be divided into a number of sections;
Figure 3 schematically illustrates a process and architecture for a content provider system to prepare an item of content for adaptive content delivery with watermarking (or fingerprinting);
Figure 4 schematically illustrates a system according to an embodiment of the invention;
Figure 5 schematically illustrates content processing .at the head-end according to an embodiment of the invention;
Figure 6 schematically illustrates control words and ECM processing at the head-end according to an embodiment of the invention; and
Figure 7 schematically illustrates processing at the receiver according to an embodiment of the invention. Detailed description of a preferred embodiment
In the description that follows and in the figures, certain embodiments of the invention are described. However, it will be appreciated that the invention is not limited to the embodiments that are described and that some embodiments may not include all of the features that are described below. It will be evident, however, that various modifications and changes may be made herein without departing from the broader spirit and scope of the invention as set forth in the appended claims.
Figure 4 schematically illustrates a system 400 according to an
embodiment of the invention. The system 400 includes a head-end 402 connected to a receiver 406 by means of a network 404. The head-end 402 is broadly similar to the content provider system 102 of Figure 1 a, the receiver 406 is broadly similar to the receiver 106 of Figure 1a, and the network 404 is broadly similar to the network 104 of Figure 1a, with modifications as discussed below.
The head-end 402 comprises a third party ECM generator (ECMG) 410, a third party EMM generator (EMMG) 412, an encryption module 414 arranged to encrypt content using a control word, and a head-end proxy module 416. The encryption module 414 may use a scrambling algorithm such as the DVB
Common Scrambling Algorithm (DVB-CSA). Other standards may also be used, such as Data Encryption Standard (DES) or Advanced Encryption Standard (AES), for example. The receiver 406, such as a set-top box (STB), comprises a third party secured module 420, such as a smart card, a decryption module 422 arranged to decrypt encrypted content using a control word, and a receiver proxy module 424. The head-end proxy module 416 is fully DVB Simulcrypt
compatible. A brief summary of the system is provided below, with further details being described thereafter with reference to Figures 5 and 6.
The proxy modules 416 and 424 enable content fingerprinting to be implemented without changes to the third party CA system (which includes the third party ECMG 410, the third party EMMG 412 and the third party secured module 420). In particular, content is partly duplicated, watermarked and encrypted in the head-end proxy module 416. Control words and meta-data are sent to the head-end proxy module 416. The head-end proxy module 416 uses the third party ECMG 410 to create the "normal" third party ECMs containing the control words used to encrypt and decrypt the content. These "normal" ECMs and associated control words are referred to hereinafter as "content ECMs" and "content control words" since these ECMs contain the control words used for encryption and decryption of the content. Each content ECM is itself scrambled (or encrypted) with a "supplementary" control word. The supplementary control word is "supplementary" in the sense that it is an extra control word in addition to the content control word used to encrypt and decrypt the content. The head-end proxy module 416 uses the third party ECMG 410 to create a "supplementary ECM" containing the supplementary control word that is used to encrypt the content ECM. Thus, the head-end proxy module 424 provides an additional level of security/encryption using the supplementary control words and supplementary ECMs. The head-end proxy module 4 6 transmits the content ECMs and supplementary ECMs to the receiver 406 via the network 404. The encrypted content is also sent from the head-end 402 to the receiver 406 by means of the network 404. The third party EMMG 412 is unchanged and provides EMMs to the receiver 406 by means of the network 404.
On the STB side, the receiver proxy module 424 receives the
supplementary ECMs containing the supplementary control words for
descrambling the content ECMs. Each supplementary ECM is directed (or sent) to the third party secured module 420 to obtain the respective supplementary control word. The supplementary control word may then be used to descramble (or decrypt) the content ECM using the decryption module 422 of the STB chipset. The receiver proxy module 424 then uses the third party secured module 420 to obtain the content control word from the content ECM. The content control word may then be used in the decryption module 422 (which may be a CSA descrambler) so as to decrypt the encrypted content.
Figures 5 and 6 show the head-end processing in more detail. Figure 5 schematically illustrates the content processing at the head-end 402. In order to provide fingerprinting functionality, the content M (which may be audio or video or both) is partially duplicated by a section generator 306. Each duplicated content section is then modified for future identification by a modifier 307 to provide two section versions. The modification may be by watermarking so as to provide a first watermarked content portion MWMA using a first watermark WMA and a second watermarked content portion MWMB using a second watermark WMB. These initial steps are performed under the control of the head-end proxy module 416. It will be appreciated that only a single quality level of each content section is shown in Figure 5, but multiple quality levels could be used as in Figure 3. In addition, it will be appreciated that only two content versions are produced at a given quality in Figure 5, but more could be produced if desired. Each section version 204 is then scrambled with a different content control word using the encryption module 414. The content control words are referred to as CWA and CWB hereinafter. The duplicated and differently watermarked section versions 204 are then combined (e.g. by concatenation) for transmission to the receiver 406 via the network. The watermarked content in the transmitted content stream is defined by:
{MWMA}CWA II {MWMB}CWB (1)
Figure 6 schematically illustrates the control word and ECM processing at the head-end 402. The third party EMMG 412 is not shown in Figure 6 for simplicity.
The proxy module 416 has access to the content control words CWA and CWB. The proxy module also has access to a P-bit identification number (ID) associated with a particular receiver 406. This ID is used to uniquely fingerprint the content accessible by that receiver 406 as described above with reference to Figure 2.
The proxy module 416 uses the third party ECMG 410 to generate two content ECMs (one with CWA and one with CWB) which also contain access criteria (AC) defining the conditions under which access to the control words is granted. The access criteria are configured for the third party CA system and may be either access criteria by pointer or access criteria by value. First content ECM = ECM(CWA+AC) (2)
Second content ECM = ECM(CWB+AC) (3)
The proxy module 416 generates two supplementary control words CWSA and CWSB. The proxy module then uses the third party ECMG 410 to generate two supplementary ECMs (one with CWSA and one with CWSB) and related access criteria. The access criteria for the supplementary ECMs are mutually exclusive (as represented by "bif and "bi ' in Equations 4 and 5 below). Thus, a given receiver 406 will only be able to access one of the two supplementary control words (CWSA and CWSB).
First supplementary ECM = ECM(CWSA+bit) (4) Second supplementary ECM = ECM(CWSB+bit) (5)
The supplementary control words CWSA and CWSB are delivered to the receiver 406 in a separate ECM pair which is revered to as the supplementary ECM pair. The two supplementary ECM sections are combined (e.g.
concatenated) to form the supplementary ECM pair (no encryption is required):
Supplementary ECM pair =
ECM(CWSA+bit) \\ ECM(CWSB+bit) (6)
It may be required to add additional metadata to the concatenation of the two supplementary ECMs.
The content ECMs are uniquely packetized and scrambled. In particular, the proxy module 416 uses the encryption module 414(3) to encrypt the first content ECM using the first supplementary control word CWSA, and the proxy module 416 uses the encryption module 414(4) to encrypt the second content ECM using the second supplementary control word CWSB. The scrambled content ECMs are then combined (e.g. concatenated) to form a content ECM pair.
Content E CM pair =
{ECM(CWA+AC)}CWSA II {ECM(CWB+AC)}CWSB (7)
The head-end encryption modules 414(1), 414(2), 414(3) and 414(4) are shown as separate functional blocks for clarity in Figures 5 and 6. However, it will be appreciated that a single head-end encryption module may alternatively be used. Other implementations are also possible.
Figure 7 schematically illustrates the processing at the receiver 406 according to an embodiment of the invention.
Within the client architecture of the receiver 406 no changes are made in the third party secured module, the only changes which are made are contained in the additional receiver proxy module 424 and the glue code of the STB manufacturer to bind the components together.
Referring to Figure 7, the supplementary ECM pair containing the two mutually exclusive supplementary ECMs is received by the receiver proxy module 424. The proxy module 424 separates the two supplementary ECMs from the supplementary ECM pair and processes each supplementary ECM through the third party secured module 420, suppressing any error message which might result in error banners. One of the supplementary ECMs will be successfully processed by the secured module 420, and the supplementary control word contained in this supplementary ECM will be provided to the proxy module 424. Only one of the two supplementary ECMs is able to be successfully descrambled due to the mutually exclusive access criteria represented by "bit" and "bit". Which supplementary ECM is successfully descrambled will depend on the value of one specific bit in the P-bit ID for that specific receiver 406. For example, if the specific bit is "0" then the first supplementary control word CWSA is returned, and if the specific bit is "1" then the second supplementary control word CWSB is returned. Thus, the proxy module 424 is able to gain access to either CWSA or CWSB by means of the secured module 420.
The proxy module 424 then passes the supplementary control word (CWSA or CWSB) to the decryption module 422(1) in order to partially
descramble the content ECM pair as defined in Equation 7 above. If the first supplementary control word CWSA is passed to the decryption module 422(1), then the output of the decryption module 422(1) will be:
Output = ECM(CWA+AC) \\ random (8)
NB a descrambling of content with another key than the one used for scrambling is considered herein to produce random data. Alternatively, if the second supplementary control word CWSB is passed to the decryption module 422(1), then the output of the decryption module 422(1) will be:
Output = random \\ ECM(CWB+AC) (9)
The output of the decryption module 422(1) is then processed by the proxy module 424 so as to filter out the random data. In other words, the proxy module 424 acts to remove the "random" content ECM sections of the output which are not formatted in a valid ECM section. This filtering acts to negate any problems in the third party secured module 420 which might be triggered by receipt of invalid ECM sections. Thus, only the content ECM which is formatted as a valid ECM section is forwarded to the third party secured module 420 for processing. For an output as shown in Equation 8, the valid content ECM will be
ECM(CWA+AC), and for an output as shown in Equation 9, the valid content ECM will be ECM(CWB+AC). If the access criteria AC in the content ECM match the secured module's configuration, the appropriate content control word (CWA or CWB) is returned and used in the decryption module 422(2) to descramble the encrypted content {MWMA}CWA II {MWMB}CWB as defined in Equation 1. If the first content control word CWA is used to descramble the encrypted content, the output of the decryption module 422(2) will be: Output = MWMA II random (10)
If the second content control word CWB is used to descramble the encrypted content, the output of the decryption module 422(2) will be:
Output = random || MWMB (11)
If the access criteria AC do not match, then no content control word is provided and an error message will be displayed.
Although not shown in Figure 7, the content control word (CWA or CWB) provided by the secured module 420 may be directed to the decryption module 422(2) by means of the proxy module 424. In this configuration, the proxy module 424 governs all ECM/CW communications with the secured module 420 to ensure that all ECMs and CWs are correctly routed and controlled.
It is possible to disable the proxy modules 416 and 424 in some instances. For example, for services which do not require fingerprinting, the content M is not duplicated by the head-end 402 and only a single content ECM is required containing the content control word of the component (or service). The content ECM is not scrambled and is sent directly to the third party secured module 420 of the receiver 406. The receiver proxy module 424 will not be used.
The present invention may also be used in DVB Simulcrypt for
fingerprinting on multiple third party secured devices 424 of multiple receivers 406. P-bit identification numbers (IDs) are uniquely assigned to all secured devices 424. In a DVB SimulCrypt embodiment the SCS must create content ECMs and supplementary ECMs for each secured device according to the methodology described above.
In some DVB Simulcrypt embodiments it may be required to exclude the fingerprinting functionality for a particular secured device 424 of a particular receiver 406. This may be accomplished by providing the excluded receiver 406 with only a single content control word CWA. The result is that any content descrambled with this receiver 406 is identified by a fingerprint of all zeros (or all ones). In this embodiment the head-end proxy module 416 is configured to create single content ECMs using the first content control word CWA only, and there is no scrambling of the single content ECM at the head-end.
It will be appreciated that the methods described have been shown as individual steps carried out in a specific order. However, the skilled person will appreciate that these steps may be combined or carried out in a different order whilst still achieving the desired result.
It will be appreciated that embodiments of the invention may be
implemented using a variety of different information processing systems. In particular, although the figures and the discussion thereof provide an exemplary broadcasting system and methods, these are presented merely to provide a useful reference in discussing various aspects of the invention. Embodiments of the invention may be carried out on any suitable data processing device, such as a personal computer, laptop, personal digital assistant, mobile telephone, set top box, television, server computer, etc. Of course, the description of the systems and methods has been simplified for purposes of discussion, and they are just one of many different types of system and method that may be used for embodiments of the invention. It will be appreciated that the boundaries between logic blocks are merely illustrative and that alternative embodiments may merge logic blocks or elements, or may impose an alternate decomposition of
functionality upon various logic blocks or elements.
It will be appreciated that the above-mentioned functionality may be implemented as one or more corresponding modules as hardware and/or software. For example, the above-mentioned functionality may be implemented as one or more software components for execution by a processor of the system. Alternatively, the above-mentioned functionality may be implemented as hardware, such as on one or more field-programmable-gate-arrays (FPGAs), and/or one or more application-specific-integrated-circuits (ASICs), and/or one or more digital-signal-processors (DSPs), and/or other hardware arrangements. Method steps implemented in flowcharts contained herein, or as described above, may each be implemented by corresponding respective modules; multiple method steps implemented in flowcharts contained herein, or as described above, may together be implemented by a single module.
It will be appreciated that, insofar as embodiments of the invention are implemented by a computer program, then a storage medium and a transmission medium carrying the computer program form aspects of the invention. The computer program may have one or more program instructions, or program code, which, when executed by a computer carries out an embodiment of the invention. The term "program," as used herein, may be a sequence of instructions designed for execution on a computer system, and may include a subroutine, a function, a procedure, a module, an object method, an object implementation, an executable application, an applet, a servlet, source code, object code, a shared library, a dynamic linked library, and/or other sequences of instructions designed for execution on a computer system. The storage medium may be a magnetic disc (such as a hard drive or a floppy disc), an optical disc (such as a CD-ROM, a DVD-ROM or a BluRay disc), or a memory (such as a ROM, a RAM, EEPROM, EPROM, Flash memory or a portable/removable memory device), etc. The transmission medium may be a communications signal, a data broadcast, a communications link between two or more computers, etc.

Claims

1. A proxy module for use in a receiver arranged to receive entitlement control messages (ECMs) and encrypted content, the receiver comprising a secured module arranged to process an ECM so as to provide a control word, the receiver further comprising a decryption module arranged to decrypt encrypted content using a control word, the proxy module being arranged to:
use the secured module to obtain a supplementary control word (CWSA or CWSB) from a supplementary ECM;
use the supplementary control word (CWSA or CWSB) in the decryption module to obtain a content ECM from an encrypted version of the content ECM; use the secured module to obtain a content control word (CWA or CWB) from the content ECM; and
use the content control word (CWA or CWB) in the decryption module to decrypt encrypted content.
2. The proxy module of claim 1 wherein the proxy module is arranged to: use the secured module to attempt to obtain a first supplementary control word (CWSA) from a first supplementary ECM; and
use the secured module to attempt to obtain a second supplementary control word (CWSB) from a second supplementary ECM;
wherein only one of the first and second supplementary control words (CWSA or CWSB) is validly obtainable by the secured module; and
wherein the validly obtained one of the first and second supplementary control words (CWSA or CWSB) is defined as the supplementary control word, and wherein the corresponding one of the first and second supplementary ECMs is defined as the supplementary ECM.
3. The proxy module of any preceding claim wherein the content ECM output by the decryption module includes at least one invalid ECM section, and the proxy module is further arranged to remove said at least one invalid ECM section from the content ECM before using the secured module to obtain the content control word from the content ECM.
4. A receiver comprising a secured module, a decryption module and a proxy 5 module according to any preceding claim.
5. The receiver of claim 4 wherein the secured module is a smart card or an obfuscated software module. 0
6. A method of enabling a receiver to access encrypted content, the receiver comprising a secured module arranged to process an ECM so as to provide a control word, the receiver further comprising a decryption module arranged to decrypt encrypted content using a control word, the method comprising the steps of:
5 (a) using the secured module to obtain a supplementary control word
(CWSA or CWSB) from a supplementary ECM;
(b) using the supplementary control word (CWSA or CWSB) in the decryption module to obtain a content ECM from an encrypted version of the content ECM;
0 (c) using the secured module to obtain a content control word (CWA or
CWB) from the content ECM; and
(d) using the content control word (CWA or CWB) in the decryption module to decrypt encrypted content. 5
7. The method of claim 6 wherein the step (a) comprises:
using the secured module to attempt to obtain a first supplementary control word (CWSA) from a first supplementary ECM; and
using the secured module to attempt to obtain a second supplementary control word (CWSB) from a second supplementary ECM;
o wherein only one of the first and second supplementary control words
(CWSA or CWSB) is validly obtainable by the secured module; and wherein the validly obtained one of the first and second supplementary control words (CWSA or CWSB) is defined as the supplementary control word, and wherein the corresponding one of the first and second supplementary ECMs is defined as the supplementary ECM.
5
8. The method of claim 6 or claim 7 wherein the content ECM output by the decryption module in step (b) includes at least one invalid ECM section, and wherein the method further comprises removing said at least one invalid ECM section from the content ECM before performing step (c).
0
9. A proxy module for use in a head-end, the head-end comprising an entitlement control message (ECM) generator arranged to generate ECMs, the head-end further comprising an encryption module arranged to encrypt content using a control word, the proxy module being arranged to:
5 access a content control word (CWA or CWB);
use the ECM generator to generate a content ECM including the content control word (CWA or CWB);
generate a supplementary control word (CWSA or CWSB);
use the ECM generator to generate a supplementary ECM including the o supplementary control word (CWSA or CWSB);
use the encryption module to encrypt the content ECM using the supplementary control word (CWSA or CWSB); and
use the encryption module to encrypt content using the content control word (CWA or CWB).
5
10. The proxy module of claim 9 wherein the content control word is a first content control word (CWA), the content ECM is a first content ECM, the supplementary control word is a first supplementary control word (CWSA), the supplementary ECM is a first supplementary ECM, and the proxy module is o further arranged to:
access a second content control word (CWB); use the ECM generator to generate a second content ECM including the second content control word (CWB);
generate a second supplementary control word (CWSB);
use the ECM generator to generate a second supplementary ECM including the second supplementary control word (CWSB);
use the encryption module to encrypt the second content ECM using the second supplementary control word (CWSB); and
use the encryption module to encrypt content using the second content control word (CWB).
11. The proxy module of claim 10 wherein the proxy module is further arranged to generate a supplementary ECM pair by concatenating the first and second supplementary ECMs.
12. The proxy module of claim 10 or claim 1 1 wherein the proxy module is further arranged to generate a content ECM pair by concatenating the encrypted versions of the first and second content ECMs.
13. A head-end comprising an ECM generator, an encryption module and a proxy module according to any one of claims 9 to 12.
14. A method of providing encrypted content, the method comprising the steps of:
(a) accessing a content control word (CWA or CWB);
(b) using an entitlement control message (ECM) generator to generate a content ECM including the content control word (CWA or CWB);
(c) generating a supplementary control word (CWSA or CWSB);
(d) using the ECM generator to generate a supplementary ECM including the supplementary control word (CWSA or CWSB);
(e) using an encryption module to encrypt the content ECM using the supplementary control word (CWSA or CWSB); and (f) using the encryption module to encrypt content using the content control word (CWA or CWB).
15. The method of claim 14 wherein the content control word is a first content control word (CWA), the content ECM is a first content ECM, the supplementary control word is a first supplementary control word (CWSA), the supplementary ECM is a first supplementary ECM, and the method further comprises:
accessing a second content control word (CWB);
using the ECM generator to generate a second content ECM including the second content control word (CWB);
generating a second supplementary control word (CWSB);
using the ECM generator to generate a second supplementary ECM including the second supplementary control word (CWSB);
using the encryption module to encrypt the second content ECM using the second supplementary control word (CWSB); and
using the encryption module to encrypt content using the second content control word (CWB).
16. The method of claim 15 further comprising generating a supplementary ECM pair by concatenating the first and second supplementary ECMs.
17. The method of claim 15 or claim 16 further comprising generating a content ECM pair by concatenating the encrypted versions of the first and second content ECMs.
18. A computer program which, when executed by a processor, causes the processor to carry out a method according to any one of claims 6 to 8 and 14 to 17.
19. A computer readable medium storing a computer program according to claim 18.
PCT/EP2013/051963 2013-01-31 2013-01-31 Proxy modules WO2014117851A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2013/051963 WO2014117851A1 (en) 2013-01-31 2013-01-31 Proxy modules

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2013/051963 WO2014117851A1 (en) 2013-01-31 2013-01-31 Proxy modules

Publications (1)

Publication Number Publication Date
WO2014117851A1 true WO2014117851A1 (en) 2014-08-07

Family

ID=47630373

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2013/051963 WO2014117851A1 (en) 2013-01-31 2013-01-31 Proxy modules

Country Status (1)

Country Link
WO (1) WO2014117851A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001067667A1 (en) 2000-03-06 2001-09-13 Entriq Method and system to uniquely associate multicast content with each of multiple recipients
US20010042203A1 (en) * 1999-03-29 2001-11-15 Avi Watchfogel System for determining successful reception of a message
EP2227015A2 (en) 2009-03-02 2010-09-08 Irdeto Access B.V. Conditional entitlement processing for obtaining a control word
EP2429189A1 (en) 2010-09-09 2012-03-14 Irdeto B.V. Method and system for providing content to a recipient device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010042203A1 (en) * 1999-03-29 2001-11-15 Avi Watchfogel System for determining successful reception of a message
WO2001067667A1 (en) 2000-03-06 2001-09-13 Entriq Method and system to uniquely associate multicast content with each of multiple recipients
EP2227015A2 (en) 2009-03-02 2010-09-08 Irdeto Access B.V. Conditional entitlement processing for obtaining a control word
EP2429189A1 (en) 2010-09-09 2012-03-14 Irdeto B.V. Method and system for providing content to a recipient device

Similar Documents

Publication Publication Date Title
US8595854B2 (en) Processing recordable content in a stream
US8229117B2 (en) Process and system for the secure broadcasting of protected audiovisual streams to a dynamic group of receivers
KR101705010B1 (en) Processing recordable content in a stream
KR20160026857A (en) Methods, information providing system, and reception apparatus for protecting content
EP2772062B1 (en) Constructing a transport stream
EP2829073B1 (en) Controlling access to ip streaming content
US10454671B2 (en) Securing communication in a playback device with a control module using a key contribution
US10269086B2 (en) Method and system for secure sharing of recorded copies of a multicast audiovisual program using scrambling and watermarking techniques
EP2815578B1 (en) Generating content data for provision to receivers
US11259057B2 (en) Methods, devices and system for generating a watermarked stream
EP2805328B1 (en) Distributing content to multiple receivers using multicast channels
KR101005844B1 (en) Conditional access system for ts packet processing based on memory card
US7577842B2 (en) Methods of scrambling and unscrambling a video signal, a system, an encoder, a decoder, a broadcast server, and a data medium for implementing the methods
WO2014117851A1 (en) Proxy modules
Chang et al. Layered access control schemes on watermarked scalable media

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13702057

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13702057

Country of ref document: EP

Kind code of ref document: A1