WO2020109623A1 - Secured transmission of content - Google Patents

Secured transmission of content Download PDF

Info

Publication number
WO2020109623A1
WO2020109623A1 PCT/EP2019/083314 EP2019083314W WO2020109623A1 WO 2020109623 A1 WO2020109623 A1 WO 2020109623A1 EP 2019083314 W EP2019083314 W EP 2019083314W WO 2020109623 A1 WO2020109623 A1 WO 2020109623A1
Authority
WO
WIPO (PCT)
Prior art keywords
content
remote server
encryption key
encrypted
chipset
Prior art date
Application number
PCT/EP2019/083314
Other languages
French (fr)
Inventor
Marco Macchetti
Jérôme PERRINE
Didier Hunacek
Christian Wirz
Original Assignee
Nagravision S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nagravision S.A. filed Critical Nagravision S.A.
Publication of WO2020109623A1 publication Critical patent/WO2020109623A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B13/00Burglar, theft or intruder alarms
    • G08B13/18Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength
    • G08B13/189Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems
    • G08B13/194Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems using image scanning and comparing systems
    • G08B13/196Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems using image scanning and comparing systems using television cameras
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/601Broadcast encryption

Definitions

  • the present disclosure relates to a method for securing transmission of content from a device such as a surveillance device or a security camera to a remote server.
  • the disclosure further relates to a chipset, a device comprising the chipset, a computer program product, a computer-readable storage medium, and a monitoring system for securing transmission of content from the device to the remote server.
  • Cameras are usually connected via the Internet to a centralized monitoring system (VMS) which receives video streams and where security decisions are taken.
  • VMS centralized monitoring system
  • the cameras can be subject to cyber-attacks depending on the robustness of the used software and hardware. Therefore there is a need for assuring a good level of device security.
  • Camera chipsets may include a Trusted Execution Environment (TEE) for secured processing of data, such as to authenticate an applet or protect cryptographic keys.
  • TEE Trusted Execution Environment
  • the security of the TEE can be compromised, for example by back doors, cyber-attacks, poor design, or weaknesses in the operating system.
  • the VMS can no more rely on the camera because alarms may be suppressed, old video streams may be replayed, etc.
  • a method for securing a transmission of content from a device to a remote server.
  • the method can comprise receiving an encryption key in the device from the remote server, wherein the encryption key is generated in the remote server.
  • the method can further comprise encrypting the content in the device using the encryption key to obtain encrypted content.
  • the method can further comprise transmitting the encrypted content from the device to the remote server.
  • the encryption key can change periodically.
  • the encryption key can be a control word and the control word can be received in an entitlement control message generated in the remote server.
  • the device can comprise a chipset comprising a trusted execution environment.
  • the encrypted content can be transmitted via the trusted execution environment.
  • the device can comprise a chipset comprising a trusted execution environment.
  • the encryption key can be received via the trusted execution environment.
  • the chipset can further comprises a secure perimeter part.
  • the method can further comprise receiving raw content originating from one or more sensors in the secure perimeter part.
  • the method can further comprise encoding the raw content within the secure perimeter part to obtain encoded content.
  • the method can further comprise encrypting the encoded content within the secure perimeter part to obtain the encrypted content.
  • the method can further comprise transmitting the encrypted content from the secure perimeter part to the remote server via the trusted execution environment.
  • the method can further comprise receiving metadata in the device from the remote server, wherein the metadata is bound to the encryption key.
  • the device can be a surveillance device and/or a security camera.
  • the content can comprise image data and/or video data captured by the device.
  • a method for securing a transmission of content from a device to a remote server.
  • the method can comprise generating an encryption key in the remote server.
  • the method can further comprise transmitting the encryption key from the remote server to the device.
  • the method can further comprise receiving encrypting content from the device in the remote server, wherein the encrypted content is encrypted using the encryption key.
  • the method can further comprise generating metadata in the remote server.
  • the method can further comprise binding the metadata to the encryption key.
  • the method can further comprise transmitting the metadata bound to the encryption key to the device.
  • a device comprising a chipset as described above.
  • the device can be a surveillance device and/or a security camera, wherein the device is configured to capture content comprising video data.
  • a computer program product can be implemented on a computer-readable non-transitory storage medium.
  • the computer program product can comprise computer executable instructions which, when executed by a processor, cause the processor to carry out one or more of the above described steps.
  • a computer-readable non-transitory storage medium comprising computer executable instructions which, when executed by a processor, cause the processor to carry out one or more of the above described steps.
  • a system for securing a transmission of content from a device to a remote server using the above described method.
  • FIG. 1 shows a prior art example of a chipset including a key ladder mechanism for loading control words
  • FIG. 2 shows a prior art conditional access system
  • FIG. 3 shows a device according to an exemplary embodiment
  • FIG. 4 shows a system according to an exemplary embodiment
  • FIG. 5 shows a device according to another exemplary embodiment
  • FIG. 6 shows a flow chart of an exemplary method.
  • the figures are meant for illustrative purposes only, and do not serve as restriction of the scope or the protection as laid down by the claims.
  • an ECM is filtered out of a transport stream and sent to a secure computing environment, e.g. a smartcard inserted in the receiver or software running in a secured environment of the receiver.
  • a secure computing environment e.g. a smartcard inserted in the receiver or software running in a secured environment of the receiver.
  • the secure computing environment is a smartcard
  • the broadcast service comprises TV channels.
  • the smartcard decrypts the ECM using a higher-level key, which is common to all smartcards that are authorized to receive the TV channels associated with that key.
  • the CW obtained from the ECM is returned from the smartcard to the receiver, which immediately loads the CW into the descrambler for descrambling data.
  • the smartcard is typically pre -provisioned with a unique serial number and a unique key.
  • the chipset of the receiver is typically pre -provisioned with a chip set serial number (CSSN).
  • CSSN chip set serial number
  • CSUK chip set unique key
  • CSSN chip set serial number
  • CSUK chip set unique key
  • FIG. 1 shows a prior art example of a chipset of a receiver 1, e.g. a set-top box, to load keys to descramble content.
  • Decryptors 10a, 10b and 10c use encrypted input data and an input key to obtain decrypted output data.
  • Elements 11 and 12 are read-only memory locations.
  • Elements 13 and 14 are read-and-write memory locations for temporary storing decrypted output data.
  • Content decoder 15 decodes descrambled content. Data flows between elements are indicated by arrows.
  • a content stream s is scrambled with a CW, denoted Ecw(s).
  • the scrambled content stream Ecw(s) is received in the secure chipset of the receiver 1.
  • the chipset supports secure loading of the associated CW using input ECSSK(CW), which is the CW encrypted with the CSSK.
  • the CSSK may be securely received encrypted with the CSUK, which is denoted by input ECSUK(CSSK).
  • the CSUK and a CSSN can be pre-installed in memory location 12 and memory location 11, respectively, and preferably cannot be altered.
  • the CSSN is typically available to software executing in the receiver 1 for identification purposes.
  • the CSUK is typically secured, such that is can only be used in the secure chipset to decrypt the CSSK from ECSUK(CSSK).
  • the content decoder 15 can be external to the chipset and is typically a part of the receiver 1. Output of the content decoder 15 is the descrambled content stream s, which may be displayed on an output device, such as a TV.
  • Known conditional access systems may use the key loading mechanism as shown in FIG. 1 by sending an entitlement management message (EMM) and entitlement control messages (ECMs) from a head-end system 3, via a network 2, to a smartcard embedded or inserted in the set-top box 1.
  • EMM typically contains the CSSK and/or its encrypted version ECSUK(CSSK).
  • the ECM typically contains the encrypted CW, i.e. ECSSK(CW).
  • the smartcard typically provides ECSUK(CSSK) to the receiver 1 and may use the CSSK as a session key for loading a sequence of CWs.
  • the receiver 1 descrambles or decrypts the scrambled or encrypted content stream Ecw(s) using the CW to obtain the content stream s.
  • the scrambled or encrypted content stream Ecw(s) is received from the head-end system 3.
  • the present disclosure is inspired by the DVB implementation for securing broadcast services as shown in FIGs. 1 and 2.
  • the EMMs, ECMs, including the cryptographic keys and the encrypted content originate from the same head- end system 3; and the content is decrypted in the end-user device.
  • cryptographic keys originate from a remote server, similar to DVB, but the encrypted content is transmitted from the device to the remote server, which is different from DVB, i.e. in the other direction.
  • FIG. 3 shows an exemplary embodiment of a device 100 of the present disclosure, wherein cryptographic keys in the form of CWs are received.
  • the device 100 is for example a surveillance device or a security camera, possibly implemented as an Intemet-of-Things (IoT) device.
  • the device 100 is configured to load cryptographic keys to encrypt content.
  • the content may be video content, audio content or a combination thereof, which may be captured by the device 100 or by sensors connected to the device 100.
  • Decryptors 110a and 110b use encrypted input data and an input key to obtain decrypted output data.
  • Encryptor 110c uses input data and an input key to obtain encrypted output data.
  • Elements 111 and 112 may be read-only memory locations.
  • Elements 113 and 114 may be read-and- write memory locations for temporary storing decrypted output data.
  • Content encoder 115 may encode content before encrypting the content. Data flows between elements are indicated by arrows.
  • content c is to be encrypted using a CW.
  • the resulting encrypted content is denoted Ecw(c).
  • the encrypted content Ecw(c) may be transmitted to a remote server.
  • the device 100 receives the CW from the remote server, preferably in an encrypted form.
  • the device 100 may support secure loading of the CW using input ECSS K (CW), which is the CW encrypted with the CSSK.
  • the CSSK may be securely received encrypted with the CSUK, which is denoted by input ECSU K (CSSK).
  • the CSUK and a CSSN may be pre-installed in memory location 112 and memory location 111, respectively, and preferably cannot be altered.
  • the CSSN is typically available to software executing in the receiver 100 for identification purposes.
  • the CSUK is typically secured, such that is can only be used in a secure chipset of the device 100 to decrypt the CSSK from ECSU K (CSSK).
  • the device 100 may include a content encoder 115. Before encrypting the content, the content may be encoded using the content decoder 115.
  • FIG. 4 shows an exemplary network configuration including a remote server 300 that is communicatively connected to a device 100 via a network 200.
  • the remote server may be a VMS.
  • the network may be the Internet or any other data network.
  • the remote server 300 is configured to send an entitlement management message EMM and one or more entitlement control messages ECMs to the device 100 via the network 200.
  • the EMM typically contains the CSSK and/or its encrypted version E CSUK (CSSK). It is possible to omit transmission of EMMs and use a CSSK or alternative thereof that is stored in the device 100 or otherwise provided to the device 100.
  • the ECM typically comprises the encrypted CW, i.e. E CSSK (CW).
  • the device 100 may obtain the CW from the ECM as explained in conjunction with FIG. 3.
  • the device 100 encrypts the content using the CW to obtain the encrypted content Ecw(c).
  • the encrypted content Ecw(c) may then be transmitted from the device 100 to the remote server 300 via the network 200.
  • FIG. 5 shows an exemplary embodiment of a device 100’ of the present disclosure.
  • Device 100’ may be a surveillance device or a security camera device including a chipset part 120 and a memory part 130.
  • the chipset part 120 is for example a camera chipset.
  • the memory part 130 may be implemented as DDR memory or any other suitable memory.
  • the chipset part 120 may include an embedded operating system environment 121, such as a rich OS environment.
  • the embedded operating system environment 121 may be configured to exchange data with other parts of the device 100’, as depicted by the vertical block arrow.
  • the chipset part 120 may further comprise a trusted execution environment TEE 122 that is configured to communicate with the rich OS environment 121, as depicted by the vertical block arrow.
  • TEE 122 trusted execution environment
  • Device 100’ may obtain image and/or video data from external camera equipment that is connected to the device 100’ or from camera equipment that is part of the device 100’.
  • the image and/or video data may be received in the image/raw video subsystem 124 and stored as intermediate raw image/video data c2 in a first buffer memory 131.
  • the image/raw video subsystem 124 may preprocess the content c before buffering in the first buffer memory 131.
  • the intermediate raw image/video data c2 may be read from the first buffer memory 131 by the video encoder 125.
  • the video encoder 125 may be similar to video encoder 115.
  • the resulting encoded image/video data c3, which is typically in a compressed image/video data format, may be stored in a second buffer memory 132, from where it may be read by the cryptographic processor 126.
  • Cryptographic processor 126 may include a decryptor such as decryptor 110b and an encryptor such as encryptor 110c.
  • Cryptographic processor 126 may include a scrambler.
  • the cryptographic processor 126 may be configured to receive a CW, preferably via the TEE and preferably from an ECM received from a remote server.
  • the CW may be used to encrypt the encoded image/video data c3.
  • the thus obtained encrypted content Ecw(c) may be transmitted to the remote server or any other remote destination, preferably via the TEE.
  • Fig. 5 shows a flow chart of an exemplary method of the present disclosure.
  • an encryption key such as a CW
  • the encryption key is transmitted to a device 100, 100’, where it is received in step 1003.
  • the encryption key may be changed periodically, which is depicted by the loop from step 3002 to 3001.
  • content c is obtained.
  • the content may be encoded in step 1002.
  • the content is encrypted using the obtained encryption key.
  • step 1005 the encrypted content is transmitted to the remote server, where it is received in step 3003.
  • the remote server may decrypt the encrypted content, store the encrypted content or transmit the encrypted content to a further device for processing.
  • a VMS chooses video encryption keys and protects the encryption keys with ECMs.
  • the ECMs are sent to camera devices. Thanks to the cryptographic processor in the camera device, which includes a scrambler, the video data stream from the camera device will be encrypted with the current key and sent to the TEE. The TEE will then send the encrypted video data stream to the VMS using connectivity means of the chipset.
  • connectivity means of the chipset In this example, even if the TEE is compromised, video data cannot be tampered with, because the video data is already encrypted. Even trying to send old data to the VMS will not work, because the encryption key is frequently changed by the VMS. The VMS can thus easily detect old and out of-sync data.
  • the VMS can also send, cryptographically bound to the key, metadata such as time stamp, enforcement of the secure video path, etc., that can be used by the cryptographic processor in the device. If these keys are filtered by an attacker, the VMS will be able to detect the tampering because the encrypted video data will not be encrypted correctly.
  • One or more embodiments of the disclosure may be implemented as a computer program product for use with a computer system.
  • the program(s) of the program product may define functions of the embodiments (including the methods described herein) and can be contained on a variety of computer-readable storage media.
  • the computer-readable storage media may be non-transitory storage media.
  • Illustrative computer-readable storage media include, but are not limited to: (i) non- writable storage media (e.g., read-only memory devices within a computer such as CD-ROM disks readable by a CD-ROM drive, ROM chips or any type of solid-state non-volatile semiconductor memory) on which information may be permanently stored; and (ii) writable storage media (e.g., hard disk drive or any type of solid-state random-access semiconductor memory, flash memory) on which alterable information may be stored.
  • non- writable storage media e.g., read-only memory devices within a computer such as CD-ROM disks readable by a CD-ROM drive, ROM chips or any type of solid-state non-volatile semiconductor memory
  • writable storage media e.g., hard disk drive or any type of solid-state random-access semiconductor memory, flash memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The disclosure enables securing a transmission of content from a surveillance device to a remote server. The surveillance device is configured to obtain the content from observing a surroundings. The surveillance device is e.g. a security camera, in which case the content can comprise video data. The remote server is e.g. a centralized monitoring system or VMS. An encryption key that is generated in the remote server is received in the surveillance device from the remote server. The content is encrypted in the surveillance device using the encryption key and transmitted from the surveillance device to the remote server. The encryption key can be a control word that is received in an entitlement control message generated in the remote server.

Description

SECURED TRANSMISSION OF CONTENT
TECHNICAL FIELD
[0001] The present disclosure relates to a method for securing transmission of content from a device such as a surveillance device or a security camera to a remote server. The disclosure further relates to a chipset, a device comprising the chipset, a computer program product, a computer-readable storage medium, and a monitoring system for securing transmission of content from the device to the remote server.
BACKGROUND ART
[0002] Today security cameras are becoming more and more complex connected devices. They are often based on high-end dedicated chipsets which run latest operative systems like Android. More and more functionality are pushed on the device side, like connectivity, image analysis and processing, alarm detection, video source selection, etc.
[0003] Cameras are usually connected via the Internet to a centralized monitoring system (VMS) which receives video streams and where security decisions are taken.
[0004] The cameras can be subject to cyber-attacks depending on the robustness of the used software and hardware. Therefore there is a need for assuring a good level of device security.
[0005] Camera chipsets may include a Trusted Execution Environment (TEE) for secured processing of data, such as to authenticate an applet or protect cryptographic keys. However, even in case the chipset is featuring a TEE, the security of the TEE can be compromised, for example by back doors, cyber-attacks, poor design, or weaknesses in the operating system. When security of the TEE is compromised, the VMS can no more rely on the camera because alarms may be suppressed, old video streams may be replayed, etc.
SUMMARY
[0006] According to an aspect of the present disclosure, a method is proposed for securing a transmission of content from a device to a remote server. The method can comprise receiving an encryption key in the device from the remote server, wherein the encryption key is generated in the remote server. The method can further comprise encrypting the content in the device using the encryption key to obtain encrypted content. The method can further comprise transmitting the encrypted content from the device to the remote server.
[0007] In an embodiment the encryption key can change periodically.
[0008] In an embodiment the encryption key can be a control word and the control word can be received in an entitlement control message generated in the remote server.
[0009] In an embodiment the device can comprise a chipset comprising a trusted execution environment. The encrypted content can be transmitted via the trusted execution environment.
[0010] In an embodiment the device can comprise a chipset comprising a trusted execution environment. The encryption key can be received via the trusted execution environment.
[0011] In an embodiment the chipset can further comprises a secure perimeter part. The method can further comprise receiving raw content originating from one or more sensors in the secure perimeter part. The method can further comprise encoding the raw content within the secure perimeter part to obtain encoded content. The method can further comprise encrypting the encoded content within the secure perimeter part to obtain the encrypted content. The method can further comprise transmitting the encrypted content from the secure perimeter part to the remote server via the trusted execution environment.
[0012] In an embodiment the method can further comprise receiving metadata in the device from the remote server, wherein the metadata is bound to the encryption key.
[0013] In an embodiment the device can be a surveillance device and/or a security camera. The content can comprise image data and/or video data captured by the device.
[0014] According to an aspect of the disclosure, a method is proposed for securing a transmission of content from a device to a remote server. The method can comprise generating an encryption key in the remote server. The method can further comprise transmitting the encryption key from the remote server to the device. The method can further comprise receiving encrypting content from the device in the remote server, wherein the encrypted content is encrypted using the encryption key.
[0015] In an embodiment the method can further comprise generating metadata in the remote server. The method can further comprise binding the metadata to the encryption key. The method can further comprise transmitting the metadata bound to the encryption key to the device. [0016] According to an aspect of the disclosure a chipset is proposed that is configured to perform one or more of the above described steps.
[0017] According to an aspect of the disclosure a device is proposed comprising a chipset as described above.
[0018] In an embodiment the device can be a surveillance device and/or a security camera, wherein the device is configured to capture content comprising video data.
[0019] According to an aspect of the disclosure a computer program product is proposed that can be implemented on a computer-readable non-transitory storage medium. The computer program product can comprise computer executable instructions which, when executed by a processor, cause the processor to carry out one or more of the above described steps.
[0020] According to an aspect of the disclosure a computer-readable non-transitory storage medium is proposed comprising computer executable instructions which, when executed by a processor, cause the processor to carry out one or more of the above described steps.
[0021] According to an aspect of the disclosure a system is proposed for securing a transmission of content from a device to a remote server using the above described method.
[0022] Hereinafter, embodiments of the disclosure will be described in further detail. It should be appreciated, however, that these embodiments may not be construed as limiting the scope of protection for the present disclosure.
BRIEF DESCRIPTION OF DRAWINGS
[0023] Embodiments will now be described, by way of example only, with reference to the accompanying schematic drawings in which corresponding reference symbols indicate corresponding parts, and in which:
[0024] FIG. 1 shows a prior art example of a chipset including a key ladder mechanism for loading control words;
[0025] FIG. 2 shows a prior art conditional access system;
[0026] FIG. 3 shows a device according to an exemplary embodiment;
[0027] FIG. 4 shows a system according to an exemplary embodiment;
[0028] FIG. 5 shows a device according to another exemplary embodiment;
[0029] FIG. 6 shows a flow chart of an exemplary method. [0030] The figures are meant for illustrative purposes only, and do not serve as restriction of the scope or the protection as laid down by the claims.
DESCRIPTION OF EMBODIMENTS
[0031] In the field of conditional access systems for digital video broadcast (DVB), it is known that transmissions of pay television services can be secured by using encryption and provisioning of decryption keys to the end-user’s equipment. Such systems provide secure transmission of a broadcast stream comprising one or more services, such as a pay television service, to a digital receiver contained for example in a set-top box or a mobile terminal. To protect the broadcast services from unauthorized viewing, the data packets in the broadcast stream are typically scrambled - encrypted - with an encryption key commonly referred to as a control word (CW). Further security may be provided by periodically changing the CWs so they are only valid for a certain period. Typically, CWs are transmitted in encrypted form to the receiver using so-called entitlement control messages (ECMs).
[0032] In the receiver, an ECM is filtered out of a transport stream and sent to a secure computing environment, e.g. a smartcard inserted in the receiver or software running in a secured environment of the receiver. In the following example the secure computing environment is a smartcard, and the broadcast service comprises TV channels. The smartcard decrypts the ECM using a higher-level key, which is common to all smartcards that are authorized to receive the TV channels associated with that key. The CW obtained from the ECM is returned from the smartcard to the receiver, which immediately loads the CW into the descrambler for descrambling data.
[0033] The smartcard is typically pre -provisioned with a unique serial number and a unique key. The chipset of the receiver is typically pre -provisioned with a chip set serial number (CSSN). Moreover, a chip set unique key (CSUK) may be stored in a secured portion of the receiver, and the CSSN and CSUK are typically linked. CSSN and CSUK typically cannot be changed after being provisioned in the receiver. The CSUK is typically not stored in the smartcard.
[0034] FIG. 1 shows a prior art example of a chipset of a receiver 1, e.g. a set-top box, to load keys to descramble content. Decryptors 10a, 10b and 10c use encrypted input data and an input key to obtain decrypted output data. Elements 11 and 12 are read-only memory locations. Elements 13 and 14 are read-and-write memory locations for temporary storing decrypted output data. Content decoder 15 decodes descrambled content. Data flows between elements are indicated by arrows.
[0035] In the example of FIG. 1, a content stream s is scrambled with a CW, denoted Ecw(s). The scrambled content stream Ecw(s) is received in the secure chipset of the receiver 1. The chipset supports secure loading of the associated CW using input ECSSK(CW), which is the CW encrypted with the CSSK. The CSSK may be securely received encrypted with the CSUK, which is denoted by input ECSUK(CSSK). The CSUK and a CSSN can be pre-installed in memory location 12 and memory location 11, respectively, and preferably cannot be altered. The CSSN is typically available to software executing in the receiver 1 for identification purposes. The CSUK is typically secured, such that is can only be used in the secure chipset to decrypt the CSSK from ECSUK(CSSK).
[0036] The content decoder 15 can be external to the chipset and is typically a part of the receiver 1. Output of the content decoder 15 is the descrambled content stream s, which may be displayed on an output device, such as a TV.
[0037] Known conditional access systems, such as shown in FIG. 2, may use the key loading mechanism as shown in FIG. 1 by sending an entitlement management message (EMM) and entitlement control messages (ECMs) from a head-end system 3, via a network 2, to a smartcard embedded or inserted in the set-top box 1. The EMM typically contains the CSSK and/or its encrypted version ECSUK(CSSK). The ECM typically contains the encrypted CW, i.e. ECSSK(CW). The smartcard typically provides ECSUK(CSSK) to the receiver 1 and may use the CSSK as a session key for loading a sequence of CWs. The receiver 1 descrambles or decrypts the scrambled or encrypted content stream Ecw(s) using the CW to obtain the content stream s. The scrambled or encrypted content stream Ecw(s) is received from the head-end system 3.
[0038] The present disclosure is inspired by the DVB implementation for securing broadcast services as shown in FIGs. 1 and 2. In the DVB example: the EMMs, ECMs, including the cryptographic keys and the encrypted content originate from the same head- end system 3; and the content is decrypted in the end-user device. In the present disclosure: cryptographic keys originate from a remote server, similar to DVB, but the encrypted content is transmitted from the device to the remote server, which is different from DVB, i.e. in the other direction. [0039] FIG. 3 shows an exemplary embodiment of a device 100 of the present disclosure, wherein cryptographic keys in the form of CWs are received. The device 100 is for example a surveillance device or a security camera, possibly implemented as an Intemet-of-Things (IoT) device. The device 100 is configured to load cryptographic keys to encrypt content. The content may be video content, audio content or a combination thereof, which may be captured by the device 100 or by sensors connected to the device 100.
[0040] Decryptors 110a and 110b use encrypted input data and an input key to obtain decrypted output data. Encryptor 110c uses input data and an input key to obtain encrypted output data. Elements 111 and 112 may be read-only memory locations. Elements 113 and 114 may be read-and- write memory locations for temporary storing decrypted output data. Content encoder 115 may encode content before encrypting the content. Data flows between elements are indicated by arrows.
[0041] In the example of FIG. 3 content c is to be encrypted using a CW. The resulting encrypted content is denoted Ecw(c). The encrypted content Ecw(c) may be transmitted to a remote server. The device 100 receives the CW from the remote server, preferably in an encrypted form. The device 100 may support secure loading of the CW using input ECSSK(CW), which is the CW encrypted with the CSSK. The CSSK may be securely received encrypted with the CSUK, which is denoted by input ECSUK(CSSK). The CSUK and a CSSN may be pre-installed in memory location 112 and memory location 111, respectively, and preferably cannot be altered. The CSSN is typically available to software executing in the receiver 100 for identification purposes. The CSUK is typically secured, such that is can only be used in a secure chipset of the device 100 to decrypt the CSSK from ECSUK(CSSK).
[0042] The device 100 may include a content encoder 115. Before encrypting the content, the content may be encoded using the content decoder 115.
[0043] The key loading mechanism as shown in FIG. 3 may be used in a system as shown in FIG. 4. FIG. 4 shows an exemplary network configuration including a remote server 300 that is communicatively connected to a device 100 via a network 200. The remote server may be a VMS. The network may be the Internet or any other data network. In the example of FIG. 4, the remote server 300 is configured to send an entitlement management message EMM and one or more entitlement control messages ECMs to the device 100 via the network 200. The EMM typically contains the CSSK and/or its encrypted version ECSUK(CSSK). It is possible to omit transmission of EMMs and use a CSSK or alternative thereof that is stored in the device 100 or otherwise provided to the device 100. The ECM typically comprises the encrypted CW, i.e. ECSSK(CW). The device 100 may obtain the CW from the ECM as explained in conjunction with FIG. 3. The device 100 encrypts the content using the CW to obtain the encrypted content Ecw(c). The encrypted content Ecw(c) may then be transmitted from the device 100 to the remote server 300 via the network 200.
[0044] FIG. 5 shows an exemplary embodiment of a device 100’ of the present disclosure. Device 100’ may be a surveillance device or a security camera device including a chipset part 120 and a memory part 130. The chipset part 120 is for example a camera chipset. The memory part 130 may be implemented as DDR memory or any other suitable memory. The chipset part 120 may include an embedded operating system environment 121, such as a rich OS environment. The embedded operating system environment 121 may be configured to exchange data with other parts of the device 100’, as depicted by the vertical block arrow. The chipset part 120 may further comprise a trusted execution environment TEE 122 that is configured to communicate with the rich OS environment 121, as depicted by the vertical block arrow. A secure perimeter 123 may be configured that is partly embedded in the chipset 120 and partly uses the memory 130. The part of the secure perimeter 120 within the chipset 120 may include an image/raw video subsystem 124 for receiving and processing incoming image and/or raw video data, a video encoder 125 for encoding image and/or raw video data, and a cryptographic processor 126 for encrypting image and/or video data. The image/raw video subsystem 124 and the video encoder 125 may be configurable via the TEE 122, as depicted by the black arrows from the TEE 122 to these parts 124 and 125. The memory part 130 may comprise one or more buffer memories 131, 132.
[0045] Device 100’ may obtain image and/or video data from external camera equipment that is connected to the device 100’ or from camera equipment that is part of the device 100’. The image and/or video data may be received in the image/raw video subsystem 124 and stored as intermediate raw image/video data c2 in a first buffer memory 131. The image/raw video subsystem 124 may preprocess the content c before buffering in the first buffer memory 131. The intermediate raw image/video data c2 may be read from the first buffer memory 131 by the video encoder 125. The video encoder 125 may be similar to video encoder 115. The resulting encoded image/video data c3, which is typically in a compressed image/video data format, may be stored in a second buffer memory 132, from where it may be read by the cryptographic processor 126.
[0046] Cryptographic processor 126 may include a decryptor such as decryptor 110b and an encryptor such as encryptor 110c. Cryptographic processor 126 may include a scrambler. The cryptographic processor 126 may be configured to receive a CW, preferably via the TEE and preferably from an ECM received from a remote server. The CW may be used to encrypt the encoded image/video data c3. The thus obtained encrypted content Ecw(c) may be transmitted to the remote server or any other remote destination, preferably via the TEE.
[0047] Fig. 5 shows a flow chart of an exemplary method of the present disclosure. In step 3001 an encryption key, such as a CW, is generated in a remote server 300. In step 3002 the encryption key is transmitted to a device 100, 100’, where it is received in step 1003. The encryption key may be changed periodically, which is depicted by the loop from step 3002 to 3001. In step 1001 content c is obtained. The content may be encoded in step 1002. In step 1004 the content is encrypted using the obtained encryption key. In step 1005 the encrypted content is transmitted to the remote server, where it is received in step 3003.
[0048] The remote server may decrypt the encrypted content, store the encrypted content or transmit the encrypted content to a further device for processing.
[0049] In an embodiment a VMS chooses video encryption keys and protects the encryption keys with ECMs. The ECMs are sent to camera devices. Thanks to the cryptographic processor in the camera device, which includes a scrambler, the video data stream from the camera device will be encrypted with the current key and sent to the TEE. The TEE will then send the encrypted video data stream to the VMS using connectivity means of the chipset. In this example, even if the TEE is compromised, video data cannot be tampered with, because the video data is already encrypted. Even trying to send old data to the VMS will not work, because the encryption key is frequently changed by the VMS. The VMS can thus easily detect old and out of-sync data.
[0050] In an embodiment the VMS can also send, cryptographically bound to the key, metadata such as time stamp, enforcement of the secure video path, etc., that can be used by the cryptographic processor in the device. If these keys are filtered by an attacker, the VMS will be able to detect the tampering because the encrypted video data will not be encrypted correctly.
[0051] In the above examples the notation image/video or image/raw video is used. Herein, the forward slash is to be interpreted as and/or.
[0052] One or more embodiments of the disclosure may be implemented as a computer program product for use with a computer system. The program(s) of the program product may define functions of the embodiments (including the methods described herein) and can be contained on a variety of computer-readable storage media. The computer-readable storage media may be non-transitory storage media. Illustrative computer-readable storage media include, but are not limited to: (i) non- writable storage media (e.g., read-only memory devices within a computer such as CD-ROM disks readable by a CD-ROM drive, ROM chips or any type of solid-state non-volatile semiconductor memory) on which information may be permanently stored; and (ii) writable storage media (e.g., hard disk drive or any type of solid-state random-access semiconductor memory, flash memory) on which alterable information may be stored.

Claims

1. A method for securing a transmission of content (c) from a device (100, 100’) to a remote server (300), the method being performed by the device and comprising:
receiving (1003) an encryption key in the device from the remote server, wherein the encryption key is generated in the remote server;
encrypting (1004) the content in the device using the encryption key to obtain encrypted content (Ecw(c)); and
transmitting (1005) the encrypted content from the device to the remote server.
2. The method according to claim 1, wherein the encryption key changes periodically.
3. The method according to claim 1 or 2, wherein the encryption key is a control word (CW), and wherein the control word is received in an entitlement control message (ECM) generated in the remote server.
4. The method according to any one of the claims 1-3, wherein the device comprises a chipset (120) comprising a trusted execution environment (122), and wherein the encrypted content is transmitted via the trusted execution environment.
5. The method according to any one of the claims 1-4, wherein the device comprises a chipset (120) comprising a trusted execution environment (122), and wherein the encryption key is received via the trusted execution environment.
6. The method according to claim 4 or 5, wherein the chipset further comprises a secure perimeter part (123), the method further comprising:
receiving raw content originating from one or more sensors in the secure perimeter part; and
encoding (1002) the raw content within the secure perimeter part to obtain encoded content,
and wherein:
encrypting the encoded content within the secure perimeter part to obtain the encrypted content; and transmitting the encrypted content from the secure perimeter part to the remote server via the trusted execution environment.
7. The method according to any one of the claims 1-6, further comprising receiving metadata in the device from the remote server, wherein the metadata is bound to the encryption key.
8. A method for securing a transmission of content (c) from a device (100, 100’) to a remote server (300), the method being performed by the remote server and comprising: generating (3001) an encryption key in the remote server;
transmitting (3002) the encryption key from the remote server to the device; and receiving (3003) encrypting content (Ecw(c)) from the device in the remote server, wherein the encrypted content is encrypted using the encryption key.
9. The method according to claim 8, wherein the encryption key changes periodically.
10. The method according to claim 8 or 9, wherein the encryption key is a control word (CW), and wherein the control word is transmitted in an entitlement control message (ECM) generated in the remote server.
11. The method according to any one of the claims 8-10, further comprising:
generating metadata in the remote server;
binding the metadata to the encryption key; and
transmitting the metadata bound to the encryption key to the device.
12. A chipset (120) configured to perform the steps of the method according to any one of the claims 1-7.
13. A device (100, 100’) comprising a chipset according to claim 12.
14. The device according to claim 13, wherein the device is at least one of a surveillance device and a security camera, and wherein the device is configured to capture content comprising video data.
15. A system for securing a transmission of content (c) from a device (100, 100’) to a remote server (300), wherein the system is configured to perform the method according to any one of the claims 8-11.
PCT/EP2019/083314 2018-11-30 2019-12-02 Secured transmission of content WO2020109623A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP18209610 2018-11-30
EP18209610.7 2018-11-30

Publications (1)

Publication Number Publication Date
WO2020109623A1 true WO2020109623A1 (en) 2020-06-04

Family

ID=64564720

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2019/083314 WO2020109623A1 (en) 2018-11-30 2019-12-02 Secured transmission of content

Country Status (1)

Country Link
WO (1) WO2020109623A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170323542A1 (en) * 2016-05-09 2017-11-09 System And Application Technologies Co., Ltd. Apparatus for security enhancement in closed circuit television using hardware security module and the method by using the same
US20180025175A1 (en) * 2015-01-15 2018-01-25 Nec Corporation Information output device, camera, information output system, information output method, and program
US20180069838A1 (en) * 2016-09-02 2018-03-08 Scenera, Inc. Security for Scene-Based Sensor Networks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180025175A1 (en) * 2015-01-15 2018-01-25 Nec Corporation Information output device, camera, information output system, information output method, and program
US20170323542A1 (en) * 2016-05-09 2017-11-09 System And Application Technologies Co., Ltd. Apparatus for security enhancement in closed circuit television using hardware security module and the method by using the same
US20180069838A1 (en) * 2016-09-02 2018-03-08 Scenera, Inc. Security for Scene-Based Sensor Networks

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"FUNCTIONAL MODEL OF A CONDITIONAL ACCESS SYSTEM", EBU REVIEW- TECHNICAL, EUROPEAN BROADCASTING UNION. BRUSSELS, BE, no. 266, 21 December 1995 (1995-12-21), pages 64 - 77, XP000559450, ISSN: 0251-0936 *
"Security engineering : a guide to building dependable distributed systems", 1 April 2008, WILEY, US, ISBN: 978-0-470-06852-6, article BRIAN GLADMAN ET AL: "Physical Tamper Resistance", pages: 483 - 521, XP055503972 *

Similar Documents

Publication Publication Date Title
JP4698106B2 (en) System and method for copy protection of transmitted information
US10057641B2 (en) Method to upgrade content encryption
US9479825B2 (en) Terminal based on conditional access technology
US20130262869A1 (en) Control word protection
KR20100092902A (en) Securely providing a control word from a smartcard to a conditional access module
EP1562318A1 (en) System and method for key transmission with strong pairing to destination client
US20080267411A1 (en) Method and Apparatus for Enhancing Security of a Device
EP2113152B1 (en) A conditional access system
ES2761309T3 (en) Method to detect illegal use of a security processor
JP6031360B2 (en) Access control program, transmission device, reception device, and information leakage source identification device
WO2020109623A1 (en) Secured transmission of content
KR101980928B1 (en) Method, cryptographic system and security module for descrambling content packets of a digital transport stream
EP2362635B1 (en) Disabling a cleartext control word loading mechanism in a conditional access system
KR100986236B1 (en) Key transport tamper protection
KR20080016038A (en) A method and an apparatus for exchanging message
US20090310780A1 (en) Broadcast receiving apparatus and broadcast receiving method
CN113497960A (en) Conditional access system based on smart phone
CN113497961A (en) Conditional access system based on smart phone

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19809118

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19809118

Country of ref document: EP

Kind code of ref document: A1