|Publication number||USRE39166 E1|
|Application number||US 08/056,795|
|Publication date||Jul 11, 2006|
|Filing date||May 4, 1993|
|Priority date||Feb 1, 1990|
|Also published as||CA2049310A1, CA2049310C, DE69131285D1, DE69131285T2, DE69132198D1, DE69132198T2, EP0466916A1, EP0466916B1, EP0809402A1, EP0809402B1, US5029207, WO1991011884A1|
|Publication number||056795, 08056795, US RE39166 E1, US RE39166E1, US-E1-RE39166, USRE39166 E1, USRE39166E1|
|Inventors||Keith B. Gammie|
|Original Assignee||Scientific-Atlanta, Inc.|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (55), Non-Patent Citations (20), Referenced by (25), Classifications (7), Legal Events (1)|
|External Links: USPTO, USPTO Assignment, Espacenet|
1. Field of the Invention
The present invention relates generally to the field of scrambling systems and more specifically, to an external security module for a television signal decoder of a broadcast, satellite, or cable television transmission system. The present invention has particular application for B-type Multiplexed Analog Component (B-MAC) satellite transmission, but may also be used for NTSC (National Television Standards Committee), PAL, SECAM, or proposed high definition television formats. In addition, the scrambling system of the present invention can be used in applications in related fields such as electronic banking networks, telephone switching systems, cellular telephone networks, computer networks, etc. The system has particular application to so-called “conditional-access” multichannel television systems, where the viewer may have access to several “basic” channels, one or more “premium” or extra-cost channels as well as “pay-per-view” programs.
2. Description of the Relevant Art
In a pay television system, a pay television service provider typically protects the signal from unauthorized subscribers and pirates through scrambling.
For the purposes of the following discussion and this invention, the term “subscriber” means one who is paying for the television service. The “subscriber” could thus be an individual consumer with a decoder in his own home, or could be a system operator such as a local cable TV operator, or a small network operator such as a Hotel/Motel operator with a central decoder for all televisions in the Hotel or Motel. In addition, the “subscriber” could be an industrial user, as described in U.S. Pat. No. 4,866,770 assigned to the same assignee as the present application and incorporated herein by reference.
For the purposes of this invention, a network is defined as a program source, (such as a pay television provider), an encoder, (sometimes called a “head end”), a transmission means (satellite, cable, radio wave, etc.) and a series of decoders used by the subscribers as described above. A system is defined as a program source, an encoder, a transmission means, and a single receiving decoder. The system model is used to describe how an individual decoder in a network interacts with the encoder.
The scrambling process is accomplished via a key which may itself be encrypted. Each subscriber wishing to receive the signal is provided with a decoder having an identification number which is unique to the decoder. The decoder may be individually authorized with a key to descramble the scrambled signal, provided appropriate payments are made for service. Authorization is accomplished by distributing descrambling algorithms which work in combination with the key (and other information) to paying subscribers, and by denying that information to non-subscribers and to all would-be pirates.
The key may be transmitted as a data signal embedded in the normal television transmission associated with the identification number of the decoder. In a typical television signal, there are so-called “vertical blanking intervals” (VBI) occurring in each field and “horizontal blanking intervals” (HBI) occurring in each line between the chrominance and luminance signals. Various other signals can be sent “in-band” in the vertical and horizontal blanking intervals including additional audio channels, data, and teletext messages. The key can be embedded in these “blanking intervals” as is well known in the art. Attention is drawn to U.S. Pat. No. 4,829,569 assigned to the same assignee as the present application and incorporated herein by reference, showing how such data can be embedded in a B-MAC signal. Alternatively, the key may be sent “out-of-band” over a separate data channel or even over a telephone line.
Maintaining security in a conditional-access television network depends on the following requirements:
(i) The signal scrambling techniques must be sufficiently complex to insure that direct encryptographic attack is not practical.
(ii) keys distributed to an authorized decoder cannot be read out and transferred to other decoders.
The first condition can be satisfied by practical scrambling algorithms now available such as the DES (Data Encryption Standard) or related algorithmns.
The second condition requires the physical security of certain devices within the television signal decoder and is much more difficult to satisfy. Such a device must prevent observation of both the key decryption process and the partially decrypted key signals.
To overcome this difficulty and referring to prior art
Each secret serial number is unique to an individual decoder or, at least, unique to a group of decoders in order to be reasonably secure. The encrypted key may therefore be transmitted to each decoder individually by cycling through a database 211, containing all the secret serial numbers of the network in encoder 201 and forming a separate key distribution message in an addressed data packet individually addressed to each authorized decoder in the network. An individual decoder recognizes when its encrypted key has been received by reading the key distribution message attached to the encrypted key.
In known B-MAC systems, the key is distributed in an addressed data packet individually addressed to a particular subscriber's decoder by means of its unique identification number. The addressed data packet is typically inserted in lines 4 through 8 of the vertical blanking interval. Each addressed data packet is typically addressed to one individual decoder. As there are sixty fields generated per second (30 frames of 2 interlaced fields each) in a B-MAC or NTSC television signal, at the rate of one addressed data packet per field, a possible sixty different decoders (or groups of decoders) can be addressed each second, or 3600 per minute, 215,000 per hour, and over 5 million per day. Since each decoder need only be addressed when the service level or encryption level changes, there are sufficient frames available to individually address each decoder even in large systems. The address rate of the decoders may be increased by transmitting more than one addressed data packet per field. Additional data packets may be inserted in the vertical blanking interval or in the horizontal blanking intervals of each frame. The total number of possible addressable decoders is a function of the number on data bits available for decoder addresses. The B-MAC format typically uses 28 bits for decoder addresses, allowing for over 268 million possible decoder addresses. Attention is drawn to the United States Advanced Television Systems Committee Report T2/62, “MULTIPLEXED ANALOG COMPONENT TELEVISION BROADCAST SYSTEM PARAMETER SPECIFICATIONS”, incorporated herein by reference, which describes the data format in a B-MAC signal.
After receiving the addressed data packet, key decryptor 213 then decrypts the key using the secret serial number stored in SSN memory 212. If service to any decoder 206 in the network is to be terminated, the secret serial number for that decoder is simply deleted from SSN database 211, and decoder 206 is deauthorized at the beginning of the next key period.
In a decoder such as the one shown in
There are several disadvantages of relying on the physical security of the decoder to maintain system security. First, the pay television provider has to maintain ownership and control over all of the decoders of the network and then rent or lease the decoders to subscribers. The pay television provider is thus responsible for maintenance of all decoders and must maintain an expensive parts inventory and maintenance staff. In addition, in order to initiate service, a serviceperson must make a personal visit to the subscriber's location to install the decoder. In a pay television satellite system, such installation and service calls could be quite costly for remote installations which could be located anywhere in the world. Further, the physical security of a decoder could be breached without fear of discovery if a pirate could obtain a decoder that had been stolen either during the distribution process or from an individual subscriber's home.
Hence, the system of
(i) It must be impossible to read or modify the SSN and key memories in the decoder.
(ii) It must be impossible to observe the key decryption process, or the links between the four elements (207, 208, 212, and 213) of the decoder.
One way to achieve both of these goals is by the use of a so-called “secure microprocessor”.
Modern devices are close approximation to this ideal secure microprocessor. There is, however, one requirement which causes a variation from the ideal. Following manufacture, there must be a mechanism available to write into memory 422 the decoder specific secret serial number 430, as well as decryption algorithm 434. If this facility were available to a pirate, he could modify the secret serial number for the purpose of cloning. Therefore, this facility must be permanently disabled after the secret serial number has been entered.
A variety of techniques may be used to disable the facility for writing into the memory. Secure microprocessor 420 could be provided with on-chip fusible data links 431, a software lock, or similar means for enabling the secret serial number 430 and descrambling algorithm 434 to be loaded into memory 422 at manufacture. Then, for example, the fusible links shown in dashed lines are destroyed so that a pirate has no access to descrambling algorithm 434 or secret serial number 430 stored in program memory 422.
In an alternative embodiment, the microprocessor of
A pirate would have to have access to extensive micro-chip facilities and a significant budget to compromise such a secure microprocessor. The physical security of the processor would have to be breached, destroying the processor and contents. However, integrated circuit technology continuously improves, and unexpected developments could occur which might enable attacks to be made at the microscopic level which are more economic than those available today. Further, the worldwide market for pirate decoders for satellite transmissions would provide the economic incentive to the increasingly sophisticated pirate electronics industry to compromise such a unit.
Copying a single decoder comprising a microprocessor according to
Pay television providers are therefore at risk if security depends exclusively on the physical defenses of the secure microprocessor.
The same SSN is installed in secret serial number memory 512 in replaceable security module 514 which is removably attachable to decoder 506. Key decryptor 513 of replaceable security module 514 decrypts the key using the secret serial number stored in secret serial number memory 512. The decrypted key is then stored in key memory 507. Unlike
The use of a plug-in module gives the pay television provider the ability to upgrade the technology in the security device by swapping it out at very low cost. In the event of a security breach, a new replaceable security module containing the program scrambling algorithm and SSN could be mailed out to authorized subscribers. The authorized subscribers could then remove the old replaceable security module from their decoder and insert the new replaceable security module themselves. System security is thus recovered without the expense of replacing the entire decoder or the expense of sending a service person to replace the replaceable security modules in each decoder. In addition, it is not necessary for the pay television provider to own the decoder itself. The decoder can be a generic commercially available unit purchased by the subscriber, or even integrated into the television itself. To initiate service, the pay television provider need only mail the replaceable security module to the subscriber and no service call is necessary.
Although the replaceable security module has the advantages of providing a guarantee that network security is recoverable following a breach, it also has some disadvantages. All the security resides in replaceable security module 514, and decoder 506 itself is a generic unit. The key signal which is generated by replaceable security module 514 is observable at its transfer point to decoder 506. The key can, however, be changed sufficiently often to ensure that it has no value to a potential pirate.
The problem with this approach is that a given removable security module 514 will operate with any decoder 506, and that tampering with replaceable security module 514 does not involve damage to decoder 506. Consequently, if replaceable security module 514 were to be compromised, piracy would become widespread very rapidly.
Although the devices as described above show a single key to scramble the program signal (so-called “single layer encryption”) any of the prior art devices could also be practiced using a multiple key (“two layer”, “three layer”, etc.) scrambling system.
Key encryptor 610 encrypts the key selected from key memory 604 and outputs a series of encrypted keys ESSN[KOM] each encrypted with a secret serial number from secret serial number database 611, to data multiplexor 635. Seed memory 636 contains a “seed” which is used for scrambling the audio and video signals. The “seed” can also be a data code or a signal similar to the key described above. Seed encryptor 637 encrypts the seed with the key of the month and outputs the encrypted seed EKOM[SEED] to data multiplexor 635. Thus the key has been encrypted with the secret serial number, and the seed encrypted with the key. Neither the key nor the seed can be easily recovered during transmission.
In this embodiment, source program 602 comprises a Multiplexed Analog Video (MAC) signal 639 with the typical chrominance and luminance signals described previously, along with multiplexed audio data 638 which may comprise several different audio and non-audio (data) signals. For example, there may be at least two channels of audio (stereo) and additional channels of teletext for the hearing impaired. In addition, there may be additional channels of audio related to the video signal such as foreign language translations, unrelated audio signals such as radio programs or data signals such as subscriber messages, computer data, etc. All of these signals are digitized and multiplexed together, as is well known in the art, and the resulting multiplexed audio data 638 is then ready to be scrambled.
The seed passes through pseudo-random bit sequencer (PRBS) 643 and then is added to multiplexed audio data 638 in adder 644. Together, pseudo-random bit sequencer (PRBS) 643 and adder 644 comprise a bit-by-bit encryptor 645 as is well known in the art. The resulting scrambled multiplexed audio data is then passed to data multiplexor 635 and is multiplexed with the encrypted seed and key.
MAC video signal 639 is scrambled in line translation scrambler 603 which scrambles the lines of the MAC signal using the “seed” from seed memory 636 for the scrambling algorithm. The resulting scrambled MAC signal is then sent to multiplexor 632 which multiplexes the scrambled MAC signal with the output from data multiplexor 635. The multiplexed data output of data multiplexer 635 is modulated into pulse amplitude modulation (PAM) format by P.A.M. modulator 645. The output B-MAC signal 646 contains MAC video signal 639 and multiplexed PAM audio data 638, both scrambled with the seed, along with the seed encrypted with the key of the month, and a series of keys of the month which have been encrypted with the secret serial numbers of the subscriber's decoders, all multiplexed together.
In order to descramble the B-MAC signal 646, a pirate must be able to decrypt one of the encrypted keys, and use that key to decrypt the seed. However, as in the single layer encryption device described in
In view of the deficiencies of the above prior art devices, it still remains a requirement in the art to provide a scrambling system for pay television systems which does not rely solely on the physical security of the decoder components to maintain system integrity.
Therefore, it is an object of the present invention to provide a system of double-encrypting the key using two different secret serial numbers respectively assigned to a subscriber's decoder and removable security module.
It is a further object of the present invention to provide a replaceable security module for a television signal decoder where the replaceable security module will work with only one decoder and cannot be used with another decoder.
It is a further object of the present invention to provide a decoder with a data interface for a removable security module.
Many of the above-stated problems and related problems of the prior art encryption devices have been solved by the principles of the present invention which twice-encrypts the key prior to transmission, first with a first secret serial number (SSN1) (SSN0 ) of the subscriber's replaceable security module decoder, and again with a second secret serial number (SSN0) (SSN1 ) of the subscriber's decoder replaceable security module. The double-encryption technique discourages copying the replaceable security module, as each replaceable security module will work only with its mating decoder. The system also allows the replaceable security module to be replaced following a system breach, thus allowing for recovery of system security.
The system comprises an encoder for encoding a signal, for encoder further comprising a signal scrambler and a first and second key encrypters. The signal scrambler scrambles the signal and outputs a scrambled signal and a key for descrambling the scrambled signal. The first key encryptor is coupled to the signal scrambler and performs a first encryption on the key using a first secret serial number and outputs a once-encrypted key. The second key encryptor is coupled to the first key encryptor and performs a further encryption on the once-encrypted key using a second secret serial number and outputs a twice-encrypted key.
The system further comprises a transmitter coupled to the signal scrambler and the second key encryptor for transmitting the scrambled signal and twice-encrypted key.
The system further comprises a decoder coupled to the transmitter for receiving and descrambling the scrambled signal. The decoder comprises first and second key decryptors and a descrambler. The first key decryptor is coupled to the transmitter and performs a first key decryption on the twice-encrypted key using the second secret serial number and outputs a partially decrypted key. The second key decryptor is coupled to the first key decryptor and perform a second key decryption on the partially decrypted key using the first secret serial number and outputs the decrypted key. The descrambler is coupled to the second key decryptor and the transmitter and descrambles the scrambled signal using the decrypted key and outputs the descrambled signal.
In an alternative embodiment of the present invention, the decoder may function without the use of a replaceable security module. In the event of a system breach or a service level change, a replaceable security module may then be inserted into the decoder to “upgrade” the decoder.
These and other objects and advantages of the invention, as well as the details of an illustrative embodiment, will be more fully understood from the following specification and drawings in which similar elements in different figures are assigned the same last two digits to their reference numeral (i.e., encoder 701 of FIG. 7 and encoder 801 of FIG. 8).
The encoder 701 has a key memory 704 containing the key used to scramble program 702 in program scrambler 703. The key is first encrypted in first key encryptor 710 with a first secret serial number (SSN0) stored in SSN0 database 711. The key is further encrypted in second key encryptor 715 with a second secret serial number (SSN1) from SSN1 database 716. This produces a series of twice-encrypted keys which are then transmitted along with the scrambled program via satellite link 705. The decoder 706 receives the encrypted scrambled program and one of the twice-encrypted keys and performs a first key decryption in replaceable security module 714. The replaceable security module 714 contains a second secret serial number (SSN1), which could be assigned to a particular security module or series of modules, in SSN1 memory 717. The replaceable security module 714 performs a first key decryption in first key decryptor 718 and outputs a partially decrypted key. The partially decrypted key, still unreadable to a pirate, is sent to second key decryptor 713 located in decoder 706 itself. There, the key is fully decrypted using the first secret serial number stored in SSN0 memory 712. The fully decrypted key is now stored in key memory 707 and used to descramble the scrambled program received from satellite link 705 in program descrambler 708 and output descrambled program 709.
Both replaceable security module 714 and an internal security element 719 of decoder 706 may be constructed according to the principles of FIG. 4. For example, the second secret serial number SSN1 may be loaded into SSN1 memory 717 of Module 714 and fusible links used for loading the memory destroyed during manufacture. Similarly, SSN0 memory 712 of internal security element 719 may be loaded during manufacture over a fusible link and the link destroyed. Also over a fusible link, algorithms may be loaded into key decryptors 718, 713 during manufacture and the fusible links subsequently destroyed.
The effect of twice-encrypting the key is to ensure that replaceable security module 714 must correspond to a particular decoder 706 and will not operate with any other decoder. Loss of replaceable security module 714 during distribution no longer presents a potential security breach. To compromise the system, it is now necessary to break the physical security of both replaceable security module 714 and internal security element 719. In order to fully compromise the system, the internal security element 719 must be attacked, restoring the risk to the subscriber that his decoder will be damaged.
At the same time, the replaceable security module provides the pay television provider with the option of replacing system security by mailing out new replaceable security modules to all authorized subscribers. Returned replaceable security modules 714 could be re-used for a different subscriber decoder by reprogramming the SSN0 and SSN1 databases 711 and 716 to correspond to the combination of the first secret serial number of decoder 706 with the second secret serial number of security module 714. Alternatively, the returned replaceable security modules 714 could be destroyed, and a new replaceable security module 714 sent out, incorporating changes and improvements in the security technology to thwart potential pirates. In the event of a security breach, it is only necessary to replace the replaceable security module and not the complete decoder in order to restore system security.
Alternatively, the decoder 706 may function optionally without the use of the replaceable security module 717. In such a system, encoder 701 may be programmed to perform single level key encryption by encrypting the key from key memory 704 once in second key encryptor 715, bypassing first key encryptor 710. Decoder 706 would sense the absence of removable security module 717 and perform only a single key decryption in second key decryptor 713.
If a system breach occurs, the pay television provider then mails out replaceable security modules to subscribers, uses the double encryption technique, and thus recovers system security. The optional usage of the replaceable security module has other attractive benefits as well. Subscribers who do not pay for any premium channels may not be sent a replaceable security module, as the “basic” channels may only use a once-encrypted key or may even be sent in the clear. If the subscriber wishes to upgrade to a premium channel of channels, the pay television provider may then mail that subscriber the appropriate replaceable security module.
In addition, the replaceable security module may be used to add other additional features. Many cable television systems offer optional services such as IPPV (Impulse-Pay-Per-View) which require two-way communication between the decoder 706 and the head end. In the past, if a subscriber wished to upgrade to IPPV service, a subscriber's decoder would have to be altered by inserting a IPPV module internally or by adding an IPPV “side car” externally. Alternatively, the entire decoder would have to be replaced. All three options would necessitate a service call, causing inconvenience to the subscriber, and expense to the pay television provider. Similarly, when a pay television provider wishes to upgrade its entire encoder/decoder system, it must provide a new decoder to each subscriber which will work in the interim with both the old and new encoding techniques, as it is nearly impossible to replace all subscriber decoders simultaneously. Then a decoder manufacturer is faced with the added expense of providing his state-of-the-art decoder with extra circuitry in order to function with the pay television provider's old encoder for the few months during the change over period.
In both the above instances, the replaceable security module 714 may be used to upgrade the decoder 706 without the expense and inconvenience of a service call. The replaceable security module 714 may be mailed to the subscriber and the subscriber can then insert the replaceable security module 714 and instantly upgrade the decoder and add additional features (such as IPPV), alter the encoding technique, or providing an external level of security.
The replaceable security module 714 may take one of several forms. In the preferred embodiment, the module may comprise a “smart card”, a plastic “credit card” with a built-in micro-processor, such as described by the International Standards Organization in standard ISO 7816/1 and ISO7816/2. Attention is drawn on U.S. Pat. No. 4,841,133 issued Jun. 20, 1989 and incorporated herein by reference, describing such a “smart card.” The “smart card” may be equipped with a series of electrical contacts which connect to contacts in the decoder 706. The contacts may provide power to the card, along with clock signals and data transmission.
The decoder 806 receives the encrypted program and demultiplexes the twice encrypted keys from the scrambled program signal in demultiplexor 833. The decoder 806 then chooses the proper twice encrypted key based on the key message associated with the proper key for that decoder, and performs a first key decryption in replaceable security module 814. The partially decrypted key is then sent to second key decryptor 813 located in the decoder 806 itself. There, the key is fully decrypted using the unique first secret serial number stored in SSN0 memory 812. The fully decrypted key is now stored in key memory 807 and used to decrypt the program in the program descrambler 808 and output the decrypted program 809. The second key decryptor 813, key memory 807, and SSN0 memory 812 together comprise fixed internal security element 819.
Pay-per-view programming is defined here as any programming where the subscriber can request authorization to watch a particular program. In many pay television systems, pay-per-view programming is used for sporting events (boxing, wrestling, etc.) which are not transmitted on a regular basis. A subscriber wishing to view the event must receive authorization in the form of a special descrambler mechanism, or in the form of a special code transmitted or input to the subscriber's decoder. Some pay-per-view television systems allow the subscriber to request a pay-per-view program (i.e. - movies) to watch. The pay television provider then transmits the requested program and authorizes that subscriber's decoder to receive the signal.
Impulse pay-per-view (IPPV) programming is defined here as any programming where the subscriber has a pre-authorized number of “credits” saved in his individual decoder. If a subscriber wishes to view a particular program, the subscriber merely actuates the decoder, the appropriate number of credits are subtracted from the subscriber's remaining credits, and the subscriber is immediately able to view the program.
In a pay-per-view embodiment of the present invention, the decoder may send a signal to the head end via the telephone controller 940 with a request for authorization to decode a pay-per-view program. Alternately, the decoder 906 may store authorization information (i.e. -credits) for pay-per-view programming, and forward actual pay-per-view data via the telephone controller 940 at a later time.
The telephone controller 940 could be a computer modem type device, or could work using touch-tone signals to communicate with the head end. Preferably, the telephone controller is a modem type device, communicating with the head end using a TSK protocol. Attention is drawn to copending application Ser. No. 187,978 filed Apr. 29, 1989 describing TSK operation and incorporated herein by reference. The pay television provider can thus send appropriate authorization information (TEL) to the subscriber, encrypted with the subscriber's secret telephone number (STN). The secret telephone number is not a telephone number in the ordinary sense, but rather another type of secret serial number, which could be assigned to a given telephone controller 940 or series of telephone controllers. Once received by the decoder 906, the authorization information may be used to enable descrambling of a particular pay-per-view program or programs.
In another embodiment, which could be used in conjunction with the pay-per-view embodiment described above, the telephone controller can be used to receive the key encrypted with the secret telephone number. The scrambled program signal 941 is input to the decoder 906 which provides the input signal 941 to a clock/data recovery unit 942 and the video/audio descrambler 908. The clock/data recovery unit 942 provides sync and data for the program signal fed to the fixed security element 919. Fixed security element 919 contains a key decryptor, key memory and SSN0 memory. The telephone controller 940 receives the key, encrypted with the secret telephone number of the decoder (STN) stored in the replaceable security module 914. The telephone controller 940 typically commences communication and can be programmed to call the head end at a predetermined time or at a predetermined time interval, or upon receiving a signal from the head end preferably when phone usage is at a minimum (i.e. - early morning hours). The telephone controller can call the head end via a toll free 1-800 number, a so-called “watts” line, or via a local call to a commercial data link such as TYMNET of TELENET. Once the call is connected and communications established, the decoder 906 uploads to the head end a record of pay-per-view usage encrypted with the secret telephone STN1. The head end may then download data similarly encrypted to the decoder 906 including new keys, secret serial numbers, or decryption algorithms. The encrypted key may be sent to the fixed security element 919, which has removably attached thereto the replaceable security module 914. The key is then decrypted in the replaceable security module using the secret telephone number, and decoder control information is sent to the program descrambler 908 to produce the descrambled program 909.
As discussed above, a new secret serial number or decryption algorithm, encrypted with the secret telephone number, may be sent from the head end to a decoder through telephone controller 940. The encrypted secret serial number of decryption algorithm is then decrypted and stored in the replaceable security module. The downloading of decryption algorithms and secret serial numbers via the telephone controller 940 is sometimes called an “E2 patch”, and allows the pay television provider to maintain or recover system security by loading new information into a decoder's EEPROM. An E2 patch does not necessarily entail changing the entire decryption algorithm in the decoder 906. The secret serial number or merely a portion of the decryption algorithm, such as a particular byte or data table need only be changed in order to sufficiently alter the decryption algorithm. The E2 patch allows the pay television provider or upgrade the encryption system to fix “bugs” and recover system security.
After receiving a signal through the telephone controller 940, the head end will send an acknowledment signal to the decoder, indicating that information has been received. Similarly, after data has been downloaded from the head end to the decoder through the telephone controller, the decoder will return an acknowledgement signal to the head end that data has been received.
In addition to pay-per-view requests or records, telephone controller 940 can also be used to upload other signals from the decoder. For example, tamper protection information such as described in connection with
In general, any data that can be delivered via the B-MAC input 941 of
The telephone information (TEL) encrypted with the secret telephone number (STN) remains encrypted throughout the decoder 906 and may only be decrypted in the replaceable security module 914. The decrypted telephone information does not pass out of the replaceable security module 914, in order to prevent observation by a pirate. In order for the decoder 906 to descramble a scrambled program, both the telephone information and the addressed data packet received through the B-MAC input 941 must be present. By relying on both information sources, piracy is virtually impossible, as the potential pirate must break into the pay television provider's telephone system as well as decrypt the twice-encrypted key.
Fixed security element 1019 comprises a secure microprocessor 1050 which receives signals 1053, 1054, and 1055 as inputs. Signal 1053 is the program (SYS) which has been scrambled with a key-of-the-month (KOM) and is represented by the symbol EKOM1(SYS). Signal 1054 is the key-of-the-month (KOM) which has been twice-encrypted with the two secret serial numbers (SSN0 and SSN1) of the fixed and replaceable security modules 1019 and 1014, respectively and is represented by the symbol ESSN0(ESSN1(KOM1)).
Signal 1055 is an additional signal, ESTN1(TEL), which is the telephone data encrypted with a secret telephone number (STN) described in
Secure microprocessor 1050 performs a first decryption of twice-encrypted key 1054 using the first secret serial number SSN0 stored within secure microprocessor 1050. Secure microprocessor 1050 passes partially decrypted key-of-the-month ESSN1(KOM) 1061 to replaceable security module 1014 along with scrambled program EKOM1(SYS) 1062 and encrypted telephone data ESTN1(TEL) 1060.
Replaceable security module 1014 comprises secure microprocessor 1051 which has secure memory 1052 where the second secret serial number SSN1 is stored along with the secret telephone number STN1, the encryption algorithm E, and other authorization information. Secure microprocessor 1051 performs a further decryption on partially decrypted key-of-the-month ESSN1(KOM) 1061 received from fixed security element 1019, using the second secret serial number SSN1 and encryption algorithm E stored within secure memory 1052. The decrypted key-of-the-month (KOM1) is stored in the secure memory 1052 of secure microprocessor 1051. As discussed in
Secure microprocessor 1051 also decrypts the telephone data (TEL) using the secret telephone number STN1 stored within the secure memory 1052 of the secure microprocessor 1051. If the key-of-the-month (KOM1) can be decrypted, and authorization is present (for pay-per-view), or unnecessary (for other channels), then scrambled program EKOM1(SYS) 1062 can be descrambled in replaceable security module 1014, producing decoder control information DCI1 1058. Decoder control information DCI1 1058 typically contains the line translation scrambling information for the video signal, and decryption information for the multiplexed audio data along with other information such as whether teletext is enabled and which audio channel is to be selected. The program control information DCI1 1058 and the encrypted telephone data ESTN1(TEL) are sent to the fixed security element 1019. If authorization is present (for IPPV) or unnecessary (for other channels), the secure microprocessor 1050 outputs the program control data 1058 to the rest of the decoder (not shown) for program descrambling. On-screen display support information (OSD) 1057 is decoded from the encrypted program signal EKOM1(SYS) EKOM1 (SYS) and provides information how on-screen display is controlled by fixed security element 1019 to display personal messages, control a barker channel, indicate the number of remaining credits, indicate authorized channels as well as other ways of controlling displayed information.
Secure microprocessor 1150 decrypts encrypted telephone data ESTN0(TEL) 1155 using the secret telephone number STN0 stored in secure memory 1152. The decrypted telephone data (TEL) is also stored in secure memory 1152 to prevent observation by pirates. The telephone data (TEL) may provide authorization information to decode 1106 as to whether decoder 1106 is presently authorized to decrypt some or all of the received scrambled programs. In addition, other information may be transferred between the decoder and the head end as discussed in connection with FIG. 9.
If authorization is present, secure microprocessor 1150 uses the first secret serial number SSN0 stored in secure memory 1152 to decrypt the key KOM0. As in
While the present invention has been disclosed with respect to a preferred embodiment and modifications thereto, further modifications will be apparent to those of ordinary skill in the art within the scope of the claims that follow. It is not intended that the invention be limited by the disclosure, but instead that its scope be determined entirely by reference to the claims which follow herein below.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US2656408||May 21, 1949||Oct 20, 1953||Zenith Radio Corp||Subscriber signaling system|
|US4281216 *||Apr 2, 1979||Jul 28, 1981||Motorola Inc.||Key management for encryption/decryption systems|
|US4317957 *||Mar 10, 1980||Mar 2, 1982||Marvin Sendrow||System for authenticating users and devices in on-line transaction networks|
|US4337483 *||Jan 31, 1980||Jun 29, 1982||Etablissement Public De Diffusion Dit "Telediffusion De France"||Text video-transmission system provided with means for controlling access to the information|
|US4377483||Jul 15, 1980||Mar 22, 1983||Nippon Kokan Kabushiki Kaisha||Method of removing dissolved heavy metals from aqueous waste liquids|
|US4386233 *||Sep 29, 1980||May 31, 1983||Smid Miles E||Crytographic key notarization methods and apparatus|
|US4386266 *||Feb 11, 1980||May 31, 1983||International Business Machines Corporation||Method for operating a transaction execution system having improved verification of personal identification|
|US4388643 *||Apr 6, 1981||Jun 14, 1983||Northern Telecom Limited||Method of controlling scrambling and unscrambling in a pay TV system|
|US4399323 *||Feb 9, 1981||Aug 16, 1983||Bell Telephone Laboratories, Incorporated||Fast real-time public key cryptography|
|US4484025 *||Feb 3, 1981||Nov 20, 1984||Licentia Patent-Verwaltungs-Gmbh||System for enciphering and deciphering data|
|US4484027 *||Nov 19, 1981||Nov 20, 1984||Communications Satellite Corporation||Security system for SSTV encryption|
|US4530008 *||Jun 27, 1984||Jul 16, 1985||Broadband Technologies, Inc.||Secured communications system|
|US4531020 *||Jul 23, 1982||Jul 23, 1985||Oak Industries Inc.||Multi-layer encryption system for the broadcast of encrypted information|
|US4531021 *||Aug 13, 1984||Jul 23, 1985||Oak Industries Inc.||Two level encripting of RF signals|
|US4535355||Sep 7, 1982||Aug 13, 1985||Microdesign Limited||Method and apparatus for scrambling and unscrambling data streams using encryption and decryption|
|US4558175 *||Aug 2, 1982||Dec 10, 1985||Leonard J. Genest||Security system and method for securely communicating therein|
|US4595950||Dec 17, 1984||Jun 17, 1986||Loefberg Bo||Method and apparatus for marking the information content of an information carrying signal|
|US4608456 *||May 27, 1983||Aug 26, 1986||M/A-Com Linkabit, Inc.||Digital audio scrambling system with error conditioning|
|US4613901 *||May 27, 1983||Sep 23, 1986||M/A-Com Linkabit, Inc.||Signal encryption and distribution system for controlling scrambling and selective remote descrambling of television signals|
|US4634808 *||Mar 15, 1984||Jan 6, 1987||M/A-Com Government Systems, Inc.||Descrambler subscriber key production system utilizing key seeds stored in descrambler|
|US4658292 *||Apr 27, 1983||Apr 14, 1987||Nec Corporation||Enciphering key distribution system for subscription TV broadcast or catv system|
|US4663664||Oct 31, 1983||May 5, 1987||R. F. Monolithics, Inc.||Electronic ticket method and apparatus for television signal scrambling and descrambling|
|US4694491||Mar 11, 1985||Sep 15, 1987||General Instrument Corp.||Cryptographic system using interchangeable key blocks and selectable key fragments|
|US4696034 *||Oct 12, 1984||Sep 22, 1987||Signal Security Technologies||High security pay television system|
|US4712238 *||Jun 8, 1984||Dec 8, 1987||M/A-Com Government Systems, Inc.||Selective-subscription descrambling|
|US4736422||Jul 2, 1984||Apr 5, 1988||Independent Broadcasting Authority||Encrypted broadcast television system|
|US4757532||Apr 21, 1986||Jul 12, 1988||Alcatel Business Systems Limited||Secure transport of information between electronic stations|
|US4785166 *||May 5, 1986||Nov 15, 1988||Kabushiki Kaisha Toshiba||Reader/writer for portable recording medium with power supply abnormality detection|
|US4792973||Dec 4, 1987||Dec 20, 1988||M/A-Com Government Systems Inc.||Selective enablement of descramblers|
|US4799635||Dec 23, 1985||Jan 24, 1989||Nintendo Co., Ltd.||System for determining authenticity of an external memory used in an information processing apparatus|
|US4802214||Apr 23, 1982||Jan 31, 1989||Eagle Comtronics, Inc.||Method and apparatus for identifying and rendering operative particular descramblers in a television signal scrambling system|
|US4802215||Jul 2, 1984||Jan 31, 1989||Independent Broadcasting Authority||Security system for television signal encryption|
|US4803725||May 14, 1987||Feb 7, 1989||General Instrument Corp.||Cryptographic system using interchangeable key blocks and selectable key fragments|
|US4807286||Apr 22, 1987||Feb 21, 1989||Wiedemer John D||High security pay television system|
|US4829569 *||Jul 8, 1986||May 9, 1989||Scientific-Atlanta, Inc.||Communication of individual messages to subscribers in a subscription television system|
|US4841133 *||Mar 30, 1988||Jun 20, 1989||Motorola, Inc.||Data card circuits|
|US4849927||Sep 22, 1987||Jul 18, 1989||Ncr Corporation||Method of controlling the operation of security modules|
|US4864615||May 27, 1988||Sep 5, 1989||General Instrument Corporation||Reproduction of secure keys by using distributed key generation data|
|US4866770 *||Aug 14, 1986||Sep 12, 1989||Scientific Atlanta, Inc.||Method and apparatus for communication of video, audio, teletext, and data to groups of decoders in a communication system|
|US4885788 *||Feb 12, 1987||Dec 5, 1989||Hitachi, Ltd.||IC card|
|US4890321||Sep 30, 1988||Dec 26, 1989||Scientific Atlanta, Inc.||Communications format for a subscription television system permitting transmission of individual text messages to subscribers|
|US4897875 *||Sep 3, 1987||Jan 30, 1990||The Manitoba Telephone System||Key management system for open communication environments|
|US4905280 *||Sep 22, 1987||Feb 27, 1990||Wiedemer John D||High security videotext and videogame system|
|US4907271||Jul 11, 1988||Mar 6, 1990||Alcatel Business Systems Limited||Secure transmission of information between electronic stations|
|US4907273 *||Sep 22, 1987||Mar 6, 1990||Wiedemer John D||High security pay television system|
|US4908834 *||Sep 22, 1987||Mar 13, 1990||Wiedemer John D||High security pay television system|
|US4926444||Apr 29, 1988||May 15, 1990||Scientific-Atlanta, Inc.||Data transmission method and apparatus by period shift keying (TSK)|
|US4933898 *||Jan 12, 1989||Jun 12, 1990||General Instrument Corporation||Secure integrated circuit chip with conductive shield|
|US5237609||Mar 26, 1990||Aug 17, 1993||Mitsubishi Denki Kabushiki Kaisha||Portable secure semiconductor memory device|
|USRE33189 *||Sep 18, 1989||Mar 27, 1990||Communications Satellite Corporation||Security system for SSTV encryption|
|EP0132401A2||Jul 23, 1984||Jan 30, 1985||Kabushiki Kaisha Toshiba||Information transmission system|
|EP0308219A2||Sep 15, 1988||Mar 22, 1989||General Instrument Corporation||Microcomputer with internal RAM security during external program mode|
|GB2151886A||Title not available|
|WO1985000491A1||Jul 2, 1984||Jan 31, 1985||Independent Broadcasting Authority||Encrypted broadcast television system|
|WO1986006240A1||Apr 11, 1986||Oct 23, 1986||Paytel Limited||Video transmission system|
|1||*||"A Method of Authentication in EFT Networks Using DES Without Downline Loading of Working Keys", Marvin Sendrow, Trends and Applications, 5-80.|
|2||"HDTV To Alter Cable Security Technology" Published Sep. 25, 1989 by Multichannel News.|
|3||*||"HDTV To Alter Cable Security Technology", Multichannel News, Sep. 25, '89.|
|4||*||"Smart Card Conditional Access Microcomputers Memories", Motorola, 1988.|
|5||*||A Method of Authentication in EFT Networks Using DES Without Downline Loading of Working Keys, by Marvin Sendrow, Trends and Applications, 5-80.|
|6||Annex 1 To Proposal For New Part 6 Of The EBU Specification For The MAC/Packet Family, Version of 21, Published Oct. 1988.|
|7||Annex 2 To Proposal For New Part 6 Of The EBU Specification For The MAC/Packet Family, Version of 4, Published Oct. 1988.|
|8||Annex 3 To Proposal For New Part 6 Of The EBU Specification For The MAC/Packet Family, Version of 24, Published Oct. 1988.|
|9||Appendix 1 To Proposed New Part 6: Eurocypher ACM/Receiver Interface Message Definition, Version of 24. Published Oct. 1988.|
|10||Explanatory Report, ISO/IEC/DIS 7816-3 (N416), Jul. 1, 1988.|
|11||F. Coutrot, "A Conditional Access System for Broadband Networks: Satellite-CATV, Terrestrial TV, Pay TV", presented at First World Electronics Media Symposium on Oct. 4-7, 1989, proceedings published by International Telecommunications Union, Geneva Switzerland.|
|12||Identification cards-Part 1: Physical characteristics, ISO 7816-1, 1st Ed., Jul. 1, 1987.|
|13||Identification cards-Part 2: Dimensions and location of the contacts, ISO 7816-2, 1st Ed. May 15, 1988.|
|14||Proposal For New Part 6 Of The EBU Specification For The MAC/Packet Family, Version of 24, Published Oct. 1988.|
|15||Proposal to ANSI X3B10, Identification Cards-Integrated Circuit(s) Cards with Contacts, Sep. 8, 1988, ISO/IEC/DIS 7816-3.|
|16||*||Smart Card Conditional Access Microcomputers Memories, Motorola, 1988.|
|17||Smart Card Conditional Access Microcomputers Memories, Motorola, undated.|
|18||*||United Staes Advanced Television Systems Committee report, "Multiplexed Analog Television Broadcast System Parameter Specifications", published Apr. 18, 1987.|
|19||*||United States Advanced Televisioin Systems Committee Report, "Multiplexed Analog Component Television Broadcast System Parameter Specifications", published Apr. 18, 1987.|
|20||United States Advanced Television Systems Committee Report, "Multiplexed Analog Component Televsion Broadcast System Parameter Specifications", Published Apr. 18, 1987.|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US7233670 *||Feb 25, 2002||Jun 19, 2007||Nagravision, S.A.||Signal tracing system and method|
|US7539312||May 14, 2007||May 26, 2009||Panasonic Corporation||Program update method and server|
|US7546468||Oct 30, 2003||Jun 9, 2009||Panasonic Corporation||Program update method and server|
|US7617536 *||Dec 12, 2005||Nov 10, 2009||Panasonic Corporation||Unauthorized device detection device, unauthorized device detection system, unauthorized device detection method, program, recording medium, and device information update method|
|US7685435 *||Mar 23, 2010||Panasonic Corporation||Program development method, program development supporting system, and program installation method|
|US7832016 *||Mar 15, 2004||Nov 9, 2010||Robert Bosch Gmbh||Microprocessor system and method for detecting the exchange of modules of the system|
|US7849331||Dec 7, 2010||Panasonic Corporation||Program update method and server|
|US8190912||May 29, 2012||Panasonic Corporation||Program development method, program development supporting system, and program installation method|
|US8286889 *||Apr 23, 2012||Oct 16, 2012||Privasys, Inc||Electronic financial transaction cards and methods|
|US8549655||May 28, 2009||Oct 1, 2013||Nagravision S.A.||Unit and method for secure processing of access controlled audio/video data|
|US8782417||Jun 15, 2012||Jul 15, 2014||Nagravision S.A.||Method and processing unit for secure processing of access controlled audio/video data|
|US8819434||Dec 17, 2010||Aug 26, 2014||Nagravision S.A.||Method and processing unit for secure processing of access controlled audio/video data|
|US9215505||May 7, 2014||Dec 15, 2015||Nagravision S.A.||Method and system for secure processing a stream of encrypted digital audio/video data|
|US9268949 *||Jul 1, 2013||Feb 23, 2016||Verimatrix, Inc.||System and method for defining programmable processing steps applied when protecting the data|
|US20040076297 *||Feb 25, 2002||Apr 22, 2004||Maxime Goeke||Signal tracking system and method|
|US20040105548 *||Oct 30, 2003||Jun 3, 2004||Matsushita Electric Industrial Co., Ltd.||Program update method and server|
|US20040153657 *||Jul 23, 2003||Aug 5, 2004||Matsushita Electric Industrial Co., Ltd.||Program development method, program development supporting system, and program installation method|
|US20040260938 *||Mar 15, 2004||Dec 23, 2004||Jochen Weber||Microprocessor system and method for detecting the exchange of modules of the system|
|US20060280307 *||Jun 7, 2006||Dec 14, 2006||Tsuyoshi Ikushima||Data transmission apparatus and data reception apparatus|
|US20070198413 *||Mar 30, 2006||Aug 23, 2007||Yutaka Nagao||Content providing system, content reproducing device, content reproducing method, and computer program|
|US20070217614 *||May 14, 2007||Sep 20, 2007||Matsushita Electric Industrial Co., Ltd||Program update method and server|
|US20070283162 *||Dec 12, 2005||Dec 6, 2007||Masao Nonaka||Unauthorized Device Detection Device, Unauthorized Device Detection System, Unauthorized Device Detection Method, Program, Recording Medium, and Device Information Update Method|
|US20090037721 *||Jul 9, 2008||Feb 5, 2009||Matsushita Electric Industrial Co., Ltd.||Program development method, program development supporting system, and program installation method|
|US20090138728 *||Apr 23, 2008||May 28, 2009||Matsushita Electric Industrial Co., Ltd.||Program update method and server|
|US20130298255 *||Jul 1, 2013||Nov 7, 2013||Verimatrix, Inc.||System and method for defining programmable processing steps applied when protecting the data|
|U.S. Classification||380/228, 380/281, 380/239|
|International Classification||H04N7/167, H04L9/10|
|Nov 19, 2014||AS||Assignment|
Owner name: CISCO TECHNOLOGY, INC., CALIFORNIA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SCIENTIFIC-ATLANTA, LLC;REEL/FRAME:034300/0001
Effective date: 20141118
Owner name: SCIENTIFIC-ATLANTA, LLC, GEORGIA
Free format text: CHANGE OF NAME;ASSIGNOR:SCIENTIFIC-ATLANTA, INC.;REEL/FRAME:034299/0440
Effective date: 20081205