MXPA01000489A - Method and apparatus for secure communication of information between a plurality of digital audiovisual devices - Google Patents

Method and apparatus for secure communication of information between a plurality of digital audiovisual devices

Info

Publication number
MXPA01000489A
MXPA01000489A MXPA/A/2001/000489A MXPA01000489A MXPA01000489A MX PA01000489 A MXPA01000489 A MX PA01000489A MX PA01000489 A MXPA01000489 A MX PA01000489A MX PA01000489 A MXPA01000489 A MX PA01000489A
Authority
MX
Mexico
Prior art keywords
key
cryptically
decoder
recording
information
Prior art date
Application number
MXPA/A/2001/000489A
Other languages
Spanish (es)
Inventor
Christian Benardeau
Jeanluc Dauvois
Original Assignee
Canal+ Societe Anonyme
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canal+ Societe Anonyme filed Critical Canal+ Societe Anonyme
Publication of MXPA01000489A publication Critical patent/MXPA01000489A/en

Links

Abstract

The present invention relates to a method of providing secure communication of information between at least a first and second digital audiovisual device (30, 52) and characterised in that the first device (30) communicates to the second device (52) a certificate Ct(KpubT) comprising a transport public key KpubT encrypted by a management private key KpriMan, the second device (52) decrypting the certificate using an equivalent management public key KpubMan and thereafter using the transport public key KpubT to encrypt information sent to the first device, the first device using an equivalent private key KpriT to decrypt the information. The present invention is particularly applicable to a method of providing secure communication between a first and second decoder.

Description

METHOD AND APPARATUS FOR SECURE COMMUNICATION OF INFORMATION BETWEEN A PLURALITY OF DEVICES DIGITAL AUDIOVISUALS DESCRIPTION OF THE INVENTION The present invention relates to a method and an apparatus for the secure communication of information between a plurality of digital audiovisual devices connected in a network. The present invention is particularly applicable to the field of digital television, where mixed audio-visual information is broadcast to a number of subscribers, each subscriber possessing an integrated decoder or receiver / decoder (IRD) capable of decoding or undoing the transmitted program for subsequent vision. . In a typical system, mixed digital audio data is transmitted along with a control word to decode the digital data, the same control word being cryptically encoded by an operating key and transmitted in cryptically encoded form. A decoder receives the mixed digital data and the cryptically encoded control word which uses an equivalent of the operation key to cryptically decode the control word encoded cryptically and then decode the transmitted data. A paid subscriber will periodically receive the operating key necessary to cryptically decode the critically encoded control word in order to allow viewing of a particular program. The encoding and decoding keys in cryptic form are conventionally stored according to the portable security module, such as a smart card used to customize the decoder. A particular problem arises in the case of a user who has two or more decoders, since the existing subscription management systems usually have difficulty opening a second subscription for the same person at the same address. Consequently, in such circumstances, it may be advantageous to allow two or more decoders to operate using the same subscription. The PCT patent application WO 97/35430 in the name of News Datacom Limited shows a possible solution to this problem. In this system, a pair of decoders is organized in a master / slave configuration. The subscription rights are managed by the master decoder and its associated smart card. In order to transfer the rights to the slave decoder, the slave smart card must be inserted at regular intervals in the master decoder. The disadvantage of this system is that a user is forced to manually withdraw, reload and replace the card in the slave decoder. Other proposed solutions have included the generation of a smart card in duplicate containing exactly the same rights as those present in a master smart card. Said solution is also undesirable, since it is not desired to give exactly the same rights to multiple decoders, and since the creation of a clone or card in duplicate always incurs the risk of fraud. Another particular problem associated with the data transmitted in a digital system lies in its ease of reproduction without any loss of quality. When a decoded program is passed through an analog link (for example, the "Peritel" link) to view and record through a standard VCR, the quality remains no higher than that associated with a standard analog cassette recording. In contrast, any decoded digital data that passes through a direct digital link to one of a new generation of digital recording devices (eg, a DVHS or DVD player) will be of the same quality as the originally transmitted program and of this way it can be reproduced any number of times without any degradation of the image or sound quality. Therefore, there is a considerable risk that the reproduced decoded data will be used as a master recording to make pirated copies. French Patent Application 95 03859 shows a way to overcome this problem. In this system, the decoded digital data is never recorded directly on the digital recording medium. Rather, the decoder described in this application advances the data to be recorded in the support medium in its mixed form. The control word necessary to decode the data is encoded again in cryptic form through other keys and stored in the recording medium with the mixed data. This new key is known only by the receiver / decoder and replaces the operating key needed to obtain the control word to view the program. The advantage of such a system is that the data is never stored in a "transparent" way and can not be seen in the possession of the new key, stored in the decoder. The system also has the advantage that, since the exploitation key changes on a monthly basis, the use of a key selected by the decoder to cryptically re-encode the control word recorded on the digital tape means that the decoder will continue being able to cryptically decode the control word recorded in the letter even after the end of a subscription month. The disadvantage of the system proposed in this prior patent application is that the recording can only be viewed with that particular decoder. If that decoder is interrupted, or is replaced, the recording can no longer be reproduced. Likewise, it is not possible to play the recording directly on a digital recorder without connecting the decoder to the system.
In order that the decoder and the recorder may function more effectively, it is desired to provide a communication link secured or encoded cryptically between the devices. As will be appreciated from the foregoing description, the interaction of the decoder and the recorder can lead to problems, for example, when the mixed transmissions are recorded, but only where the decoder possesses the information necessary to cryptically decode such transmissions. The implementation of a security link between the devices can be used to enable the necessary information to prepare or play a recording so that it can be freely shared between the devices. It is an object of the present invention, in its general and specific embodiments, to overcome some or all of the problems of these systems of the prior art. According to the present invention, there is provided a method for providing a secure communication of information between at least a first and a second digital audiovisual device and wherein said second device receives a certificate comprising a public transport key cryptically encoded by a key. private, the second device cryptically decodes the certificate using an equivalent public key and then using the transport public key to cryptically encode the information sent to the first device, the first device using an equivalent private key to cryptically decode the information. In said method, the first device can assume the role of a master device, personalized with a certificate generated using a private key. The private management key is kept secret by the system administrator and may not be derived from the information stored in the certificate. The second device can assume the role of a slave device. The information encoded cryptically by the public transport key maintained by the second device can only be cryptically decoded by the equivalent private key maintained by the first device. As will be discussed later, this information can then be used to set up a bidirectional security link to transfer subscription rights and other information. Advantageously, the private / public transport key pair are only associated with the pair of the first and second devices. This ensures complete security of encrypted messages cryptically transmitted to the first device. As will be appreciated, although the use of unique keys allows a high level of security, it can be decided in some cases to use non-unique keys, for example, for different pairs of devices distributed in different territories, where the security risk associated with such Duplication is relatively low. Preferably, the cryptically encoded information sent by the second device comprises a session key, in particular, a session key generated by the second device and which can be used in conjunction with a symmetric cryptic encoding algorithm. This key, which can be generated at the beginning of a communication session to transfer the subscription, can then be used for bidirectional communication of information between the first and second devices. In an alternative mode, a session key pair corresponding to a private / public key pair of an asymmetric algorithm can be used. The advantage of a symmetric session key that can be changed lies in the high level of security that such key provides as well as the possibility of bidirectional communication that it enables. Other modalities, however, are possible, for example, where the information related to the transmission is directly encoded in cryptic form using the public transport key maintained by the second device. In a modality, the session key is used by the first device to cryptically code the control word information subsequently communicated to the second device. In such an embodiment, the second device cryptically decodes the control word information using the equivalent session key and then decodes or separates an associated transmission or program for presentation. In one embodiment, before the communication of the first certificate, the second device receives a secondary system certificate comprising the public key encrypted encoded by a system private key, the second device cryptically decoding the system certificate using a public key of the system. system in order to obtain the public key of handling used later to cryptically decode the encrypted public transport key cryptically. This mode can be implemented, for example, where there is a different source for the first and second devices. The private key of the system can be kept secret by, for example, the source of the second device. A system certificate will only be issued in the event that the source of the second device is assured of the integrity of the source security of the first device. Then, a strong of the first designated device will absorb this certificate in all the smart cards of the first device, so that a smart card of the second device can authenticate the origin of said cards. As will be understood, the source of the second device only needs to know the public key of handling the source of the first device in order to generate a system certificate and neither party needs to share its private cryptic encoding keys to perform these certification operations. The secure communication link between the devices can be used to transport many different types of information, including different information regarding. the decoding of a transmission or even other matters. In particular, although the above embodiments discuss the use of a session key in cryptic encoding and communication and control word information, other modalities are possible. For example, the audio and / or visual data that will be recorded can be directly encoded in cryptic form by the first device using a session key and communicate directly to the second device for cryptic decoding and presentation. Other modes may use the secure communication link to transmit, for example, operating keys present in the first device, so that the second device can perform all operations to cryptically decode the control word information and decode or separate a transmission in the same way as in the first device. Although the above description has described encoding and decoding operations in a cryptic manner with respect to a first and second devices, it should be understood that these operations and, in particular, the keys necessary in such operations, do not necessarily need to be handled or maintained by elements permanently. integrated in the same devices. In particular, in a preferred embodiment, the first and second devices further comprise first and second portable security modules used to perform some or all of the cryptic encoding and decoding steps described above. Said portable security devices can have any convenient shape, depending on the physical size and characteristics of the device. For example, although in some cases a smart card equivalent to a bank card can be used, other formats such as PCMCIA cards are also possible. The physical communication link between the two devices can take many forms, for example, a radio, telephone or infrared link. However, preferably, the communication link is implemented by connecting the first and second decoders in a busbar, for example, an IEEE 1394 busbar link. Although the invention has been described with reference to a first and second device, it will be appreciated that the same principle can be used to establish a chain of communication between a series of such devices, for example, between an individual master device and a plurality of slave devices. The present invention is particular, but not exclusively applicable to the implementation of a secure communication link between a first and second decoder. However, other applications of the invention for use with other digital audiovisual devices may be considered, for example, to cryptically encode information from a decoder to a digital VCR, between two digital VCRs, etc. In a preferred embodiment, the device comprises a decoding device and a recording device. In this manner, the present invention extends to a method for providing secure communication of information between a decoding device and a recording device and wherein the first of one of the devices communicates to the second device a certificate comprising a public key. device encoded cryptically by a private key, the second device cryptically decoding the certificate using an equivalent public key and then using the public key of the device to cryptically encode the information sent to the first device, the first device using a private key of equivalent device to cryptically decode information. In such a method, the first device that initiates the communication is personalized with a certificate generated by a private key, the private key is kept secret by the source responsible for this device (for example, the manufacturer of a device). recording) and may not be derived from the information stored in the certificate. The communication of said certificate, therefore, provides the second device with a level of security concerning the identity and origin of the device initiating the communication. In addition, the information cryptically encoded by the device public key maintained by the second device can only be cryptically decoded by the equivalent private key maintained by the first device, thus allowing the second device to communicate the confidential information to the first device. As will be described later, this information can then be used to establish J? safe bidirectional link. Preferably, before the communication of the certificate of the first device, the first device communicates to the second device a system certificate comprising the public handling code cryptically encoded by a private system key, the second device cryptically decoding the system certificate using a system public key in order to obtain the public management key used later to cryptically decode the device certificate. The system key that can no longer be kept secret, for example, by the source of the second device (for example, a broadcasting system administrator responsible for the decoder), a system certificate will only be issued in the event that the The source of the second device is sure of the integrity of the security at the source of the first device, that is, that the source of the second device is secure that the private key is only known by the source of the first device and that they have been taken the necessary measures to keep this key secret. As will be understood, the source of the second device only needs to know the public management key at the source of the first device in order to generate a system certificate and neither party needs to share their private cryptic encryption keys to perform these certification operations. Advantageously, the private / public device key pair is only associated with the first device. Slo ensures complete security of encrypted messages cryptically transmitted to the first device. In addition, advantageously, the private / public key management pair is only associated with the source of the first device and the pair private / public keys of the system, (if present) will only be associated with the source of the second device. As will be appreciated, although the use of unique keys enables an increased level of security, this can be decided in some cases to be used as non-unique keys. For example, in the case of high volume of production of first devices, certain of these devices may share the same private device key, if said devices are distributed in different territories, since the security risk associated with said duplication is relatively low. . Preferably, the cryptically encoded information sent by the second device comprises a session key, in particular, a session key generated by the second device and which can be used in conjunction with a symmetric cryptic encoding algorithm. This key, which can be generated at the beginning of a recording session, can then be used for bidirectional communication and information between the first and second devices. In an alternative embodiment, a pair of session keys corresponding to a private / public key pair of an asymmetric algorithm may be used. The advantage of a session key that can change lies in the high level of security that such a key provides, as well as the possibility of secure bidirectional communication that is allowed if a symmetric session key is selected. Other embodiments, however, are possible, for example, wherein the information associated with a recording operation can be directly encoded cryptically using the public device key maintained by the second device. In one embodiment, the session key is used by the decoder device to cryptically encode control word information subsequently communicated to the recording device. In such an embodiment, the recording device can cryptically decode the control word information using the equivalent session key, and then re-encode the control word information cryptically using a cryptic recording encoding key, the word information. Control that is again cryptically encoded is stored by the recording device in a recording medium together with the mixed transmission data associated with that control word information. The cryptic coding of the control word information using a recording key maintained by the recording device allows the recording device to reproduce a recorded transmission at any time recorded independently of the decoder device originally used to receive and advance the transmission. Advantageously, the recording device communicates to the decoder device a copy of the cryptic recording decoding key. This can be conveniently encoded in a cryptic manner by the session key before communication. This copy can then be decoded cryptically by the decoder and a backup copy of the recording key is stored in the decoder. As will be understood, the secure communication link can be used to transport many different types of information. In particular, although the above embodiments discuss the use of a session key in the cryptic encoding and communication of word information of the control to be used in a recording operation, other modalities are possible. For example, the audio and / or visual data that will be recorded directly can be cryptically encoded by the decoder using a session key and communicated to the recording device for cryptic decoding and subsequent additional cryptic encoding before recording. Other modes may use the same secure communication link to transfer, for example, decoder operation keys to the recording device, so that the recording device can perform all the operations to cryptically decode the control word information and / or decoding or separating a transmission before its recording in a cryptically encoded form again, or mixed again in a recording medium. Although the above description has described cryptic coding and decoding operations in relation to a decoder device or recording device, it should be understood that these operations and, in particular, the keys necessary in such operations, do not necessarily need to be handled by elements permanently integrated in the same devices. In particular, in a preferred embodiment, the recording and / or decoding device may further comprise a portable security module associated with that device and used to perform some or all of the cryptic encoding or decoding steps described above. Said portable security devices may have any convenient shape, depending on the physical size and characteristics of the decoder or recording. For example, a smart card or a PCMCIA type card can be used with a decoder, and a SIM card or the like with a recording device. In a particularly preferred embodiment of the invention, the first device corresponds to a recording device, and the second device to a decoding device. In said system, the administrator of the decoder system will have final control, for example, on the generation of system certificates issued to the manufacturers of recording devices. Similarly, the communication will be initiated by the recording device, the decoder only communicating a cryptically encoded message containing the information that will be necessary to establish a bidirectional communication in the event that the recording device has communicated correct system and / or management certificates. . Although the invention is particularly convenient when the decoder and the recording device are physically separate, the invention can equally be used in a recording / decoding apparatus in combination, to provide, for example, a secure bus link between the devices of recording and decoder within the combined device. The present invention is particular, but not exclusively adapted for use with a digital television transmission system, wherein the decoders are adapted to receive a digital television transmission. The present invention has been described above in relation to a communication method. The invention also extends to first and second devices adapted for use in such a method and one or more portable security models adapted for use in said system. Suitable algorithms for use in this invention for generating private / public keys may include, for example, RSA or Diffie-Hellman, and suitable symmetric key algorithms, which may include DES-type algorithms, for example. However, unless it is mandatory in view of the context or unless otherwise specified, no general distinction is made between the keys associated with symmetric algorithms and those associated with public / private algorithms. The terms "mixed" and "cryptically encoded" and "control word" and "key" have been used in various parts of the text for the purpose of language clarity. However, it will be understood that no fundamental distinction must be made between "mixed data" and "cryptically encoding data", or between a "control word" and a "key". Similarly, the term "equivalent key" is used to refer to a key adapted to cryptically decode data encoded cryptically by a first mentioned key, or vice versa. The term "receiver / decoder" or "decoder", as used herein, may include a receiver for receiving either coded or uncoded signals, for example, television and / or radio signals, which may be broadcast or transmitted by some other means. The term may also include a decode to decode received signals. The modes of said decoders may also include an integral decoder with the receiver for decoding the received signals, for example, in a "cable TV box", a decoder operating in combination with a physically separate receiver, or said decoder including additional functions. , such as a web browser or a video recorder or a television. As used herein, the term "digital transmission system" includes any transmission system for transmitting or broadcasting, for example, digital audio-visual or multimedia data. Although the present invention is particularly applicable to a digital broadcasting television system, the invention may also be applicable to a fixed telecommunications network for multimedia Internet applications, to a closed-circuit television, etc. As used herein, the term "digital television system" includes, for example, any satellite, terrestrial, cable, or other system. A number of embodiments of the invention will now be described, by way of example only, with reference to the following drawings in which: Figure 1 shows the total architecture of a digital television system according to this embodiment; Figure 2 shows the architecture of the conditional access system of Figure 1; Figure 3 shows the levels of cryptic encoding in the conditional access system; Figure 4 shows the representation of a first and second decoder; Figure 5 shows the steps associated with establishing a secure communication link between the first and the second decoder; Figure 6 shows the operation of the first and second decoders to transfer the control word information through the secure communication link. Figure 7 shows the representation of a decoder and digital recording device; and Figure 8 shows the steps associated with the customization of the decoder and recording security modules and with the subsequent operations performed to establish a secure communication link between the devices. A summary of a digital television broadcasting and reception system 1 is shown in Figure 1. The invention includes a very conventional digital television system 2, which uses the MPEG-2 compression system to transmit compressed digital signals. In greater detail the MPEG-2 compressor 3 in a broadcasting center receives a digital signal stream (e.g., a stream of audio or video signals). I? I compressor 3 is connected to a multiplexer and mixer 4 through link 5. Multiplexer 4 receives a plurality of additional input signals, assembles one or more transport streams and transmits compressed digital signals to a transmitter 6 of the center of broadcasting through link 7, which, of course, can have a wide variety of forms, including telecommunication links. The transmitter 6 transmits electromagnetic signals through the uplink 8 to a satellite transponder 9, where they are electronically processed and broadcast via a notional downlink 10 to a terrestrial receiver 11, conventionally in the form of a proprietary dish or rented by the end user. The signals received by the receiver 11 are transmitted to an integrated receiver / decoder 12 owned or rented by the end user and connected to the television set 13 of the end user. The receiver / decoder 12 decodes the compressed MPEG-2 signal to a television signal for the television set 13. A conditional access system 20 is connected to a multiplexer 4, and the receiver / decoder 12, and is partially located in the broadcasting center and partially in the decoder. It allows the end user to have access to digital television broadcasts from one or more broadcasting providers. A smart card, capable of cryptically decoding messages in relation to commercial offers (ie, one or more television programs sold by the broadcasting provider), can be inserted into the receiver / decoder 12. By using the decoder 12 and the card Smart, the end user can buy events in any subscription mode or in a pay-per-event mode. An interactive system 17, also connected to the multiplexer 4 and the receiver / decoder 12 and again located partially in the broadcasting center and partially in the decoder, can be provided to allow the end user to interact with several applications through a channel Modem registration 16. The conditional access system 20 will now be described in more detail. With reference to Figure 2, in summary, the conditional access system 20 includes a Subscriber Authorization System (SAS) 21. The SAS 21 is connected to one or more Subscriber Management Systems (SMS) 22, an SMS for each broadcasting provider, for example, through a respective TCP-IP link 23 (although alternative types of link may be used). Alternatively, an SMS can be shared between two broadcasting providers, or a provider can use two SMS, etc. First units of cryptic coding in the form of digit units 24 using "mother" smart cards 2.5 are connected to the SAS through link 26. Second units of cryptic coding again in the form of number units 27 using mother smart cards 28 they are connected to the multiplexer 4 via the link 29. The receiver / decoder 12 receives a portable security module, for example, in the form of a "daughter" smart card. This is directly connected to SAS 21 through Communication Servers 31 via the return channel via modem 16. The SAS sends, among other things, subscription rights to the daughter smart card after the request. Smart cards contain the secrets of one or more commercial operators. The "mother" smart card cryptically encoded the following types of messages and the "daughters" smart cards cryptically decode the messages, if they have the rights to do so. The first and second digit units 24 and 27 comprise a support, an electronic VME card with software stored in an EEPROM, up to 20 electronic cards and a smart card 25 and 28, respectively, for each electronic card, a card 28 for cryptically encoding the NDEs and a card 25 to cryptically code EMMs. The operation of the conditional access system 20 cel digital television system will now be described in greater detail with reference to the various components of the television system 2 and the conditional access system 20.
Multiplexer and Mixer With reference to Figures 1 and 2, in the center (Je broadcasting, the digital audio or video signal is first compressed (or reduced in bit rate), using the MPEG-2 compressor 3. This compressed signal it is then transmitted to the multiplexer and the mixer 4 through link 5 in order to be multiplexed with other data, such as other compressed data.The mixer generates a control word used in the mixing process and included in the MPEG stream -2 in the multiplexer.The control word is generated internally and allows the user's built-in receiver / decoder to decode or separate the program.The access criteria, indicating how the program is marketed are also added to the MPEG stream. 2. The program can be marketed either from one of a number of "subscription" modes and / or one of a number of "Pay Per View" (PPV) modes or events. ion, the end user subscribes to one or more commercial offers, or "bouquets" thus obtaining the rights to each channel within those bouquets. In the preferred modality, up to 960 commercial offers can be selected from a bunch of channels. In Pay Per View mode, the end user is provided with the ability to buy events as desired. This can be achieved either by pre-booking the event previously ("pre-booking mode") or by purchasing the event as soon as possible to be broadcast ("impulse mode"). In the preferred mode, all users are subscribers, whether or not they watch the subscription or the PPV mode, but of course the PPV viewers do not necessarily need to be subscribed.
Title Control Messages Both the control word and the access criteria are used to develop a Title Control Message (ECM). This is a message sent in relation to a mixed program; the message contains a control word (which allows the cryptic decoding of the program) and the criterion accesses of the broadcast program. The criterion accesses and the control word are transmitted to the second cryptic encoding unit 27 via link 29. In this unit, an ECM is generated, cryptically encoded and transmitted to the multiplexer and mixer 4. During a transmission of Broadcasting, the control word typically changes every second, and thus the ECMs are also periodically transmitted to allow the change control word to be decoded. For redundancy purposes, each ECM typically includes two control words; the present control word and the next control word. Each service broadcast by a broadcasting provider in a data stream comprises a number of different components; for example, a television program includes a video component, an audio component, a subtitle component, etc. Each of these components of a service is individually mixed and cryptically encoded for the subsequent broadcasting to the transponder 9. With respect to each mixed service component, a separate ECM is required. Alternatively, an individual ECM may be required for all mixed components of a service. They also generate multiple ECMs in the case where multiple conditional access systems have access to the same transmitted program.
Title Management Message (EMMs) The EMM is a message dedicated to an individual end user (subscriber) or to a group of end users. Each group can contain a given number of end users. This organization as a group is intended to use bandwidth; that is, access to a group can allow a greater number of end users to be reached.
Several specific types of EMM can be used. The Individual EMMs are dedicated to individual subscribers, and are typically used in the provision of Pay Per Services Event; these contain the group identifier and the position cel subscriber in that group. Group subscription EMMs are dedicated to groups of, that is, 256 individual users, and are typically used in the administration of some subscription services.
This EMM has a group identifier and a group bitmap of subscribers. Audience EMMs are dedicated to complete audiences, and, for example, can be used by a particular operator to provide certain free services. An "audience is the total number of subscribers who have smart cards that carry the same identifier of the conditional access system (CA ID)." Finally, a "unique" EMM is addressed to the unique identifier of the smart card. Through various operators to control access to rights associated with the programs transmitted by the operators as presented above, EMMs can also be generated by the conditional access system administrator to configure aspects of the conditional access system in general. 2) Program Transmission The multiplexer 4 receives electrical signals comprising cryptically encoded EMMs from SAS 21, cryptically encoded ECMs from the second cryptic encoding unit 27 and compressed compressor 3 programs. Multiplexer 4 mixes the programs and sends the mixed programs , the cryptically encoded EMMs and the ECMs encoded cryptically to a transmitter 6 of the center (Je broadcasting through the link 7. The transmitter 6 transmits electromagnetic signals to the satellite transponder 9 through the uplink 8.
Reception of Programs The satellite transponder 9 receives and processes the electromagnetic signals transmitted by the transmitter 6 and transmits the signals in the receiver to ground 11, conventionally in the form of a plate owned or rented by the end user, through the link descending 10. The signals received by the receiver 11 are transmitted to the integrated receiver / decoder 12, belonging to or rented by the end user and connected to the television set 13 of the end user. The receiver / decoder 12 demultiplexes the signals to obtain programs mixed with cryptically encoded EMMs and cryptically encoded ECMs. If the program is not mixed, that is, no ECM has been transmitted with the MPEG-2 current, the receiver / decoder 12 decompresses the data and transforms the signal to a video signal for transmission to the television set 13. If the program is mixed, the receiver / decoder 12 extracts the corresponding ECM from the MPEG-2 stream and passes the ECM to the "daughter" smart card 30 of the end user. This is divided into a housing in the receiver / decoder 12. The daughter master card 30 controls whether the end user has the right to cryptically decode the ECM and has access to the program. If not, a negative state is passed to receiver / decoder 12 to indicate that the program can not be decoded or separated. If the end user does not have the rights, the ECM is cryptically decoded and the control word is extracted. The decoder 12 can then decode or separate the program using this control word. The MPEG-2 stream is decompressed and translated into a video signal for transmission to the television set 13.
Subscriber Management System (SMS) A Subscriber Management System (SMS) 22 includes a database 32, which handles, among other things, all end-user files, commercial offers, subscriptions, PPV details, and data regarding consumption and final user authorization. The SMS may be physically away from the SAS. Each SMS 22 transmits messages to SAS 21 through the respective link 23, which implies modifications or creations of Title Management Messages (EMMs) that will be transmitted to end users. SMS 22 also transmits messages to SAS 21, which imply no modification or creation of EMMs, but only involve a change in an end-user status (in relation to the authorization granted to the end user when ordering products or the amount that the end user will be charged). SAS 21 sends messages (typically requesting information such as return information or saturation information) to SMS 22, so that it will be evident that the communication between the two is in two directions.
Subscriber Authorization System (SAS) The messages generated by the SMS 22 are passed through the link 23 to the Subscriber Authorization System (SAS) 21, which in turn generates messages recognizing the reception of the messages generated by the SMS 21 and passes these acknowledgments to the SMS 22. In summary, the SAS comprises a Chain area of Subscription to grant rights for the subscription mode and to renew rights automatically every month, a Pay Per View chain area to grant rights for PPV events, and an EMM injector to pass the EMMs created by the chain areas of subscription and PPV to the multiplexer and mixer 4, and therefore to feed the MPEG stream with EMMs. If other rights are to be granted, such as the Right to Pay for File (PPF) in the case of downloading computer software to a Personal User Computer, other similar areas are also provided. One function of SAS 21 is to manage access rights to television programs, available as commercial offers in subscription mode or sold as PPV events according to different marketing modes (pre-booking mode, impulse mode). SAS 21, in accordance with those rights and with the information received from SMS 22, generates EMMs for the subscriber. The EMMs are passed to the Cipher Unit (CU) 24 to decipher with respect to the keys of operation and exploitation. The CU completes the signature in the EMM and passes the EMM back to a Message Generator (MG) in SAS 21, where a spindle is added. The EMMs are passed to a Message Emitter (ME) as complete EMMs. The Message Generator determines the start and stop time of the broadcasting and the emission speed of the EMMs, and passes this as appropriate addresses together with the EMMs to the Message Emitter. The MG only generates a given EMM at a time; this is the ME that performs the cyclic transmission of the EMMs. In the EMM generation, the MG assigns a unique identifier to the EMM. when the MG passes the EMM to the ME, the EMM ID also passes. This enables the identification of a particular EIVIM in both the MG and the ME. In systems such as a cryptic coding simulation which are adapted to handle multiple conditional access systems, for example, associated with multiple operators, EMM streams associated with each conditional access system are generated separately and multiplexed in conjunction with the multiplexer. 4 before the transmission.
Levels of Cryptic Coding of the Broadcasting System Referring now to Figure 3, a simplified summary of the levels of cryptic coding in a standard broadcasting system will be described. The cryptic coding steps associated with the broadcast of the digital data ee show at 41, the transmission channel (eg, a satellite link as described above) at 42 and the cryptic decoder stages at the receiver at 43. Digital data N are mixed by a word of control, CW before being transmitted to a multiplexer, Mp for subsequent transmission. As will be seen from the bottom of Figure 3, the transmitted data includes an ECM comprising, among other things, the control word CW cryptically encoded by a cryptic encoder Ch1, controlled by a Kex operating key. In the receiver / decoder, the signal passes through a demultiplexer DMp and decoder D before passing to a television 13 for viewing. A cryptic decoding unit DCh1 also having the key Kex cryptically decodes the ECM in the demultiplexed signal to obtain the control word CW subsequently used to separate or decode the signal. For security reasons, the control word CW embedded in the encoded ECM cryptically changes by an average of every 10 seconds or more. By contrast, the first Kex cryptic encoding key used by the receiver to decode the ECM is changed every month or so successively through an EMM operator. The Kex cryptic encoding key is encoded cryptically by a second ChP unit using a custom group key K1 (GN). If the subscriber is one of those selected to receive an updated Kex key, a cryptic decoding unit DChP in the decoder security module will cryptically decode the message using its group key K1 (GN) to obtain that Kex month key. The cryptographic decoding units DChp and DCh1, and the associated keys are maintained in a security module associated with the decoder, in this case, the smart card 30 provided to the subscriber and inserted into a smart card reader in the decoder. The keys can be generated, for example, according to any symmetric key algorithm generally used or according to a usual symmetric key algorithm.
As will be described, different keys may be associated with different operators or broadcasters, as well as in the conditional access system provider. In the above description, a group key K1 (GN) is maintained by the smart card associated with the decoder and used to cryptically decode EMM messages. In practice, different operators will have different unique subscriber keys K1 (Op1, GN), K (Op2, GN), etc. Each group key is generated by an operator and diversified by a value associated with the group to which the subscriber belongs. Different memory zones in the smart card keep the keys for different operators. Each operator may also have a unique key associated only with the smart card in question and an audience key for all subscribers for the sces provided by the operator (see above). In addition, a group of nails can also be maintained by the administrator of the conditional access system. In particular, a given smart card may include a KO user-specific key (NS) and an audience key K1 (C), common to all smart cards. Although operator keys are generally used to decode EMM messages associated with broadcasting rights, the conditional access manager keys may be used to cryptically decode EMM messages associated with changes to the conditional access system in general, as will be described below. The above description of the system shown in Figure 3 relates to the implementation of access control in a broadcasting system, wherein the transmissions are decoded or separated by an individual decoder and presented in an individual television pressure. Referring to Figure 4, a first and second decoder configuration will now be described.
Decoder Configuration As discussed above, a decoder '2 receives mixed broadcast transmissions through a receiver 11. The decoder includes a portable security module 30, which can conveniently be in the form of a smart card, but which can be understand another suitable portable memory device or microprocessor. The decoder 12 is connected to a modem channel 16, for example, to communicate with srs that handle the conditional access information and is also adapted to pass separate or decoded audiovisual presentation information, for example, through a Peritel 53 link. , to a television 13. The system further includes a dependent decoder or slave 50 adapted to communicate with the decoder 12, for example, through an IEEE 1394 busbar 51. The decoder 50 may include a connection (not shown) to the receiver 11 or to another satellite receiver to directly receive mixed broadcast transmissions. Alternatively, this information can be passed from the first decoder 12 via the connection 51. The second decoder 50 is further adapted to operate with a portable security module 52. The portable security module 52 can conveniently be implemented as a smart card. However, any portable memory device and / or microprocessor, as is conventionally known, such as a PCMCIA card, a microprocessor key, etc., can be used. The operation of is: e module 52 in the separation of transmissions will be explained below. The decoder 50 also includes a link 54 to a television display 55 used to present separate or decoded transmissions. Although the decoder elements 12, 50 and the screens 13, 55 have been indicated separately, it is contemplated that some or all of these elements may be removed, for example, to provide a combined decoder / television set.
Secure Communication between Decoders As presented in the introduction, in order to avoid problems regarding the handling of subscription data, it is desirable that only a single subscription be opened for the owner of the decoders 12, 50. In the case where the decoder 12 being the main decoder or first in the system, the smart card 30 will be customized to receive the monthly operation key Kex as described above in relation to Figure 3. In order to enable decoding 50 to separate or decode and presenting a transmission through the presentation 55, it will be necessary to communicate certain information of the security module 30 to the security module 52 to allow this decoding or separation to be performed. In the present embodiment, the smart card 30 cryptically decodes the ECM messages associated with the transmission in order to obtain the control word value CW. This control word value is then communicated in a cryptically encoded manner through link 51 to decoder 50 and smart card 52, where it is used by decoder 50 and smart card 52 to decode the transmission and present the program. through presentation 55. However, modalities other than this control word modality are contemplated, for example, wherein a copy of the monthly operating key Kex is passed to the decoder and the smart card 50, 52 for enable the decoder 50 to operate independently afterwards. As will be appreciated, in order to avoid any fraud problem, it is essential that the word control information or, in fact any other information used to cryptically decode and decode a transmission, never be transmitted in a transparent manner over the link 51. Now a method that a secure communication link can be implemented will now be described with reference to Figures 5 and 6. For clarity, all cryptic encoding operations using a public / private key algorithm are indicated by the symbol fa, while all operations using a symmetric algorithm are indicated by the symbol fg. The cryptic decoding operations are indicated as fa'2 or fg? 2. Private / public key pairs can be generated according to any suitable asymmetric cryptic encoding algorithm such as RSA or Diffie-Hellman. Symmetric keys can be used with algorithms such as DES. In some cases, you can also use customary symmetric algorithms. Referring to Figure 5, the smart card 52 for the decoder 50 is customized with a KpubMan public key shown at 65 and equivalent to the public key associated with a private handling key KpriMan shown at 61. In practice, all cards smart 52 intended for use with dependent decoders or slaves will include the KpubMan key.
This step of personalization will normally be done privately in the general offices of the system administrator, either at the time of the first personalization of the card [if it is already contemplated to provide a second decoder) or when a user demands the inclusion of a second decoder in your subscription. Subsequently, the system administrator who possesses the secret private key KpriMan shown at 61 will communicate, in a dedicated EMM 62 message, a Ct certificate (KpubT) shown at 63. The certificate is prepared by cryptically encoding the KpubT public key with the administrator key private KpriMan. The EMM also includes a private key KpriT shown at 64 and stored together with the certificate Ct (KpubT) in the non-volatile memory of the smart card 30. This EMM by itself is cryptically encoded in the normal way for EMMs dedicated to a decoder using appropriate transmission or exploitation keys, so that only the decoder 12 and the card 30 can cryptically decode this EMM message. At the moment when the decoders are placed in communication through the link 51, IEEE 1394, the smart card 30 sends the certificate Ct (KpubT) to the smart card 52 as shown in 66. By using the public key KpubMan, the card cryptically decodes the certificate at 67 to obtain the public key KpubT as shown at 68. This public key KpubT will then only be associated with the decoder pairs 12, 50 and the cards 30, 52. The card 52 then generates a value of random key Ks shown at 69. As will be described, this random key is then used as a session key together with a symmetric algorithm to cryptically encode messages communicated in both directions between cards 30, 52. A new session key value can be generated at each subsequent reconnection of the decoder 50 on the card 52 in the system, i.e., each time the decoder 50 is switched by a user, or each time a session is watched, for example, in a pay-per-view movie. The symmetric key Ks is cryptically encoded at 70 using the public key KpubT and the encoded value cryptically sent to 71 to the smart card 30. The card 30 cryptically decodes the message at 73 with the private key KpriT and stores the session key value at 72. As will be understood, in view of the nature of the private / public cryptic encoding algorithms, the cryptically encoded message can only be cryptically decoded by a card possessing the private key KpriT, ie by the card 30. As described above the cards 30, 52 are programmed by the same system administrator who enters or communicates the values of KpriT, Ct (KpubT) and KpubMan to the respective cards 30, 52. In a further embodiment (not shown) a second layer of authorization can be provided using a private KpriSystem system key. In this embodiment, a certificate Ct (KpubMan) comprising the KpubMan key cryptically encoded by the KpriSystem system is stored on the card 30. In said embodiment, the card 52 further possesses a secondary system public key KpubSystem. During operation, the card 30 sends the cryptically encoded value of the Ct certificate (KpubMan) to card 52, which cryptically decodes this message using the KpubSystem key to obtain KpubMan. Then, the steps are the same as before, with the card 52 using the KpubMan key to obtain KpubT, etc. Returning now to Figure 6, the steps involved in secure communication of control word information from card 30 to card 52 will now be described. In normal operation, the slave decoder 50 and the card 52 receive a mixed transmission together with the cryptically encoded ECM messages containing the control word information necessary to decode the transmission. These ECM messages are passed at 75 through the IEEE 1394 link to the master decoder and the card 12, 30. Alternatively, the ECM messages for a transmission that will be presented through the slave decoder can be received directly by the master decoder and the receiver. card 12, 30 The card 30 then performs at 76, a standard verification step to verify that one or both decoders have access rights to this transmission, in the case where the decoders do not have the necessary rights, the message "invalid" 77 , it is returned to the decoder and the card 50, 52 and the process stops. Assuming that the subscriber possesses the necessary rights, the ECM message shown at 79 and containing the control word cryptically encoded CW after the cryptically decoded at 80 using the Kex monthly exploitation key shown at 81, associated with the system administrator or operator. The transparent value of the control word shown at 81 is then encoded again cryptically at 82, using the previously obtained session key Ks shown at 83. As will be understood, the cryptic encoding algorithm used at 82 to cryptically re-encode the The control word ro needs to correspond to that used in 80 and, in reality, for security reasons a different algorithm can be used. Conveniently, a custom algorithm owner for the system administrator can be used for the steps in relation to the Kex operation key including the cryptic decoding step shown at 80 and a generic algorithm such as DES used for cryptic message coding of session shown in 80.
In some cases, additional information, such as copyright notification information, may be entered between steps 81 and 82, so that the control word CW and this additional information are cryptically encoded by Ks and sent to the second decoder and card. The presence of said information is more important in cases where the second decoder is able to record or record the data or pass the information to a recording device. The copyright notification can be used as a flag to prevent the second decoder from recording or recording the data or recording and reproducing the data an infinite number (times, for example.) The control word encoded is cryptically returned to the decoder. and card 52, as shown at 83. Using the equivalent session key Ks shown at 84, the card cryptically decodes the message at 85 to obtain the control word in transparent as shown at 86. Next, this word value control is used by the decoder and the card 50, 52 to separate or decode the associated section of a transmission for the subsequent display in the associated television presentation 55. In some cases, it can be seen that the decoder 50 and the card 52 they may wish to pass information to another audiovisual device, such as a VCR, in such an example, the decoder 50 and the card 52 they can be supplied with the private keys necessary to assume the role of a "master" device and the same operations performed mutatis mutandis, between the decoder and the other device to establish a secure link. Although the above description has focused on the validation and communication of information in relation to a pair of decoders, the invention can also be expanded to cover a series of interconnected decoders, for example, an individual master decoder having a plurality of transport keys private KpriT for cryptic message decoding of a plurality of dependent decoders, each possessing its KpubT equivalent public key. Furthermore, although the data communicated from the decoder to the recording device comprises the control word in the described example, another type of information can be passed through this link, even including information not directly related to the decoding of a transmission. Likewise, the same principles established above can be applied to communications between other digital audiovisual devices, connected in a network, such as digital VCRs, digital televisions or any combination of these devices. For example, with reference to Figure 7, the elements of an access control system for mixed transmission recording and reproduction will now be described.
Configuration of the Decoder and Playback Device As previously done, a decoder 12 receives mixed broadcast transmissions through a receiver 11. The decoder includes a portable security module 30, which may conveniently be in the form of a smart card, but which may comprise any other suitable memory or microprocessor device. The decoder 12 includes a modem channel 16, for example, to communicate with servers that handle the conditional access information and is also adapted to pass decoded audiovisual presentation information, for example, through a Peritel 53 link to a television 13. The system further includes a digital recording device 100, such as a DVHS or DVD recording device, adapted to communicate with the decoder, for example, through an IEEE 1394 bus 101. The recording device 100 receives a digital recording medium (not shown) where information is recorded. The recording device 100 is further adapted to operate with a portable security module 102, containing, among other things, the keys used to control access to the reproduction of a recording. The portable security module can comprise any memory device and / or portable microprocessor as is conventionally known, such as a smart card, a PCMCIA card, a microprocessor key, etc. In the present case, the portable security module 102 has been designated as a SIM card, as is known in the field of portable telephones. The digital recording device 100 includes a direct link 104 to the display 13. In alternative embodiments, the digital audiovisual information can be passed from the recording device 100 to the decoder 12 before presentation. Similarly, although the elements of the decoder 12, the recording device 100 and the display 13 have been separately indicated, it is conceivable that some or all of these elements may be supplied, for example, to provide a set of decoder / combined television or decoder / combined recording device, etc. Similarly, while the invention will be discussed in relation to the recording of audiovisual broadcasting information, it may also conveniently be applied, for example, to broadcast-only audio information subsequently recorded on a minidisk or DAT recording device, or even on a broadcast software application recorded on a computer's hard drive.
Secure Communication between the Decoder and the Recording Apparatus As it was established in the introduction, it is known, from the prior art, systems proposed to cryptically re-encode the control word associated with a transmission mixed with a recording key and for storing the control word cryptically encoded again on the recording medium with the mixed transmission. Unlike the exploitation key associated with the cryptic encoding and decoding of the original transmission, the recording key may be a changeless key associated with this particular recording in order to allow the recording to be reproduced at any time in the future . As will be seen from the summary of Figure 7, in order to allow the independence of the system recording elements of the decoder elements, it is necessary that the recording key be associated with the recording device 100, for example , storing the key in a security module associated with the recording device, such as the portable security module SIM card 102. Otherwise, if the key is permanently stored in the decoder 12 or the smart card 30, it will not be It is possible for the recording device to play a recording in the absence of the decoder. In order to do this it will be necessary to pass certain information between the decoder 12 and the recording device 100 along the link 101. This information can be, for example, cryptically decoded control word information that can be encoded again cryptically through the use of a recording key in the digital recording device. Alternatively, the control word information may be cryptically encoded by a recording key generated by the decoder, this recording key is then sent to the recording device for storage. In all cases it is necessary to ensure a secure link between the decoder and the recording device. Unfortunately, the independence of activities between a broadcasting system administrator responsible for the decoder and a manufacturer of the recording equipment responsible for the recording device, can lead to a number of problems with respect to the provision of cryptic encoding keys for this purpose. . For example, a broadcasting operator can not place sufficient confidence in the security integrity at the manufacturing site of a recording device to entrust or entrust the manufacturer, for example, a secret symmetric algorithm key, required by the security module of recording 102 to cryptically decode encrypted communications in cryptic form using the equivalent key maintained by the decoder security module 30. In addition, the separation of activities may make it impractical to contemplate a situation wherein the recording security module 102 is sent to a Broadcasting System Administrator for personalization with the appropriate keys. For this reason, it is necessary to contemplate a solution that allows greater independence of operation for the decoder and recording device. Figure 8 shows schematically a method for establishing a secure communication link between decoder and recording security modules 30, 102 that overcomes these problems. For clarity, all cryptic encoding / decoding operations using a public / private key algorithm are indicated by the symbol fa in a hexagon, while all operations using a symmetric algorithm are indicated by the symbol fg in an oval . As shown in Figure 5, the recording card 102 is prepared by the manufacturer of the recording device using a CtKeyRec system certificate shown at 120 which is communicated to the manufacturer of the recording device by the broadcasting system administrator. As shown in 121, this certificate corresponds to a manufacturer's public key KpubMan encoded cryptically, by a private key of the KpriSystem broadcaster system. The KpriSystem private key is unique and maintained exclusively by the system administrator and it is not possible to derive this key value from the CtKeyRec certificate even if the KpubMan value is known. As will be clearer from the description that follows, the CtKeyRec system certificate which includes the manufacturer key KpubMan serves as a guarantee by the operator (Je broadcasting of the security integrity of the key system of the manufacturer and, notably The validity of the KpubMan key The certificate is generated once only In this certification operation, the manufacturer communicates the KpubMan key to the broadcasting system administrator, which cryptically encodes the KpubMan key using the private key KpriSystem and returns the certificate. CtKeyRec system Then the manufacturer configures all the recording security modules to include the CtKeyRec certificate during the customization step of the recording security modules The same KpubMan key corresponds to a public key of a private / public key pair associated with the identity of, and unique to, the manufacturer of the recording device or sources of the recording device. This corresponding private key KpriMan is maintained exclusively by the manufacturer of the recording device and is not yet known to the broadcasting system administrator. The same KpriMan key is used to generate a CtKeySIM device certificate shown at 122. This certificate, which is unique to the security module of the recording device, corresponds to a KpubSIM recording device security module key encoded cryptically by the key of private manufacturer KpriMan. The KpubSIM key also corresponds to a public key of a private / public key pair associated with the identity of, and unique to, the recording device. This key and the corresponding private key KpriSIM without generated by the recording manufacturer. As shown, the private key Kpp'SIM is stored in the security module of the device (of recording at 124, preferably at the time of recording of the same integrated circuit.) In the event that a cryptically encoded communication is established between the decoder and the recording device, for example, associated with the recording of a transmission received by the decoder, the system certificate CtKeyRec is transmitted from the security module of the recording device 102 to the security module decoder 30 as shown at 126. The decoder security module 30 includes the broadcast system public key KpubSystem shown at 125 and stored on the card 30 during customization by the broadcasting system administrator.Using the ce key KpubSystem system, the decoder security module decodes cryptically at 127, the CtKeyRec certificate in order to obt ener the public key of the manufacturer KpubMan. In the case of a security branch associated with the recording device source, the security module 30 can be programmed to reject certain public key values of the manufacturer, obtained after the cryptic decoding step 127. Otherwise, the key KpubMan is stored in 128 and will be used in the following steps cryptic decoding. As shown at 129, the security module of the recording device 102 then communicates to the device certificate CtKeySIM, unique to that recording device security module, with the decoder security module 30. Using the public key of the manufacturer KpubMan, the decoder security module 30 cryptically decodes at 130 the public key of the security module (Je device). Recording, KpubSIM The public key is stored in 131 in the module (H decoder security 30) and then used in cryptic encoding and key communication of session key This session key value, which in this example corresponds a random number value that can be used through a symmetric cryptographic encoding / decoding algorithm, is generated at 132, encoded cryptically at 133 by the public key of the recording device security module KpubSIM and then communicated to the security module recording device at 134. As will be understood, in view of the nature of the For public / private key orients, this cryptic encoded message can only be cryptically decoded using the unique private key KpriSIM stored at 124 in the recording device security module. The cryptic decoding of the message at 135 leads to the extraction of the session key at 136. Next, each security module 30, 102 will possess a copy of the symmetric session key at 137, 138 to be used in cryptic encoding and decoding of bidirectional messages. As mentioned above, the session key is used in combination with a symmetric algorithm and equal security is provided for messages in any direction. Other modalities that do not require bidirectional communication and that use an asymmetric algorithm are contemplated. As shown in Figure 8, the session key is used in this mode to communicate control word information of the decoder to the recording device. In particular, an ECM message 139 associated with the mixed transmission is received and decoded cryptically by the decoding security module to obtain the clear value of the control word 140 together with any information contained therein. This control word is then encoded again cryptically at 141, using the session key stored at 137, and the resultant cryptic encoded message communicated at 142 to the recording device security module 102. Using the session key stored at 138, the recording device security module cryptically decodes the message at 143 to obtain the clear value of the control word at 144. The control word is then encoded again cryptically at 145 using a recording key generated internally by the control module. security of recording device and stored at 146. The new EC M comprising this control word encoded again in cryptic form and any other information, is then recorded on the recording medium 147 together with the originally mixed transmission. After reproduction of the recording, the recording device security module 102 will use the recording key value stored at 146 to cryptically decode the ECM in order to obtain the control word value that will be used to cryptically decode the transmission mixed before the presentation. In order to provide a backup, the recording key can be communicated to the decoder using the session key. The recording is then stored in the decoder security module as a backup in case of damage or loss of the security module of the device (ie recording) Private / public key pairs KpriSIM, KpubSIM, KpriMan, KpubMan, KpríSystem and KpubSystem they can be generated according to any suitable asymmetric cryptic encoding algorithm such as RSA or Diffie-Hellman., the session key and the recording key may correspond to key values that can be used with any suitable symmetric cryptic encoding / decoding algorithm, such as DES.
It will be understood that other alternative embodiments of the above embodiment are possible. For example, in the case where the same system administrator is responsible for the handling of personalization of both the decoder security modules and the recording device, the initial authentication step using the CtKeyRec system certificate may be omitted, so that the value of KpubMan is directly inserted into the decoder module at 128. Furthermore, in the case where the responsibility for ensuring the integrity of the security of transmitted and recorded broadcasts rests with the manufacturer of the recording device, some or all the roles of the decoder security module and recording device security module can be completely inverted, so that the manufacturer of the recording device certifies a public key provided by the broadcasting system operator, the recording device is responsible for initiating communication, generating a key of session, etc. It will also be appreciated that, below the generation level of a session key, any number of possibilities for the communication of information to be used in the recording can be contemplated. For example, although the data communicated from the decoder to the recording device comprises the control word in the described example, the decoding and again cryptic encoding of the same audiovisual data can be contemplated before the communication by the recording card. Alternatively, or in addition, the recording key can be generated in the decoder security module and communicated to the recording security module. Finally, although the foregoing description has focused on the validation and communication of information in relation to individual sources of recording devices or decoders, the invention can likewise be expanded to cover multiple sources of decoder and / or recording. For example, a recording security module may include a plurality of CtKeyRec system certificates associated with a plurality of broadcast system administrators. Similarly, a decoder security module can be adapted to handle a plurality of management keys (ie, the manufacturer of the KpubMan recording obtained after the first verification step is performed.) Although the use of a change session key increases the level of security, other embodiments are contemplated, where a constant session key is used or where public / private keys KpubSIM / KpriSIM are used to cryptically directly encode information communicated from one device to the other device. session may comprise a private / public key pair.

Claims (27)

1. A method for providing secure communication of information between at least a first and a second digital audiovisual device and wherein the second device receives a certificate comprising a transport public key encoded cryptically by a private driving key, the second device decoding cryptically the certificate using a public key of equivalent handling and despulís using the transport public key to cryptically encode the information sent to the first device, the first device using an equivalent private key to cryptically decode the information.
2. A method according to claim 1, wherein the private / public transport key pair is uniquely associated with the first and second devices.
3. A method according to any of the preceding claims, wherein the cryptically encoded information sent by the second device comprises a session key.
4. A method according to claim 3, wherein the session key is a key generated by the second device and which can be used in conjunction with a symmetric cryptic encoding algorithm.
A method according to claim 3 or 4, wherein the session key is used by the first device for encoding control word information subsequently communicated to the second device.
6. A method according to claim 5, wherein the second device cryptically decodes the control word information using the equivalent session key and then decodes the session of a mixed transmission associated with this control word.
A method according to any of the preceding claims, wherein the first and second devices comprise a first and second portable security module.
A method according to any one of the preceding claims, wherein the second device receives a system certificate comprising the public key of handling encoded cryptically by a private key of the system, the second device cryptically decoding the system certificate using a system public key in order to obtain the public key used later to cryptically decode the encrypted public transport key cryptically.
9. A method according to any of the preceding claims, wherein the communication link between the first and second devices is implemented by a busbar connection.
10. A method according to any of the preceding claims, wherein the first and second digital audiovisual devices comprise a first and second decoder.
11. A method according to claim 10, wherein the first and second decoders are adapted to receive digital television transmissions. >
12. A method according to any of claims 1 to 9, wherein the first and second digital audio-visual devices comprise a decoding device and a recording device.
13. A method for providing secure communication of information between a decoding device and a recording device, and wherein the first of the devices communicates, to the second device, a certificate comprising a device public key cryptically encoded by a private key of handling, the second device cryptically decoding the certificate using an equivalent public key and then using the device public key to cryptically encode the information sent to the first device, the first device using an equivalent device private key to cryptically decode the information.
14. A method according to claim 13, wherein the first device communicates, to the second device, a system certificate comprising the public key of cryptically encoded handling with a private system key, the second device cryptically decoding the system certificate using a system public key in order to obtain the public key of management used later to cryptically decode the device certificate.
15. A method according to claim 13 or 14, wherein the private / public device key pair is only associated with the identity of the first device.
16. A method according to any of claims 13 to 15, wherein the private / public key pair is only associated with the source of the first device.
17. A method according to claim 14, wherein the private / public key pair of the system is uniquely associated with the source of the second device.
18. A method according to any of claims 13 to 17, wherein the cryptically encoded information sent by the second device comprises a session key.
19. A method according to claim 18, wherein the session key is a key generated by the second device and which can be used in conjunction with a symmetric cryptic encoding algorithm.
20. A method according to claim 18 or 19, wherein the session key is used by the decoder device to cryptically encode control word information subsequently communicated to the recording device.
21. A method according to claim 20, wherein the recording device can cryptically decode the control word information using the equivalent session key and then re-encode the control word information cryptically using a coding key. cryptic recording, the cryptically encoded control word information is again stored by the recording device in a recording medium together with the mixed transmission data associated with this control word information.
22. A method according to claim 21, wherein the recording device communicates to the decoding device a copy of the cryptic recording encoding key.
23. A method according to claim 22, wherein the recording device communicates a copy of the key and cryptic recording encoding as cryptically encoded by the session key.
24. A method according to any of claims 13 to 23, wherein at least one of the recording device and the decoding device comprises at least one portable security module.
25. A method according to any of claims 13 to 24, wherein the first device corresponds to a recording device and the second device to a decoding device.
26. A method according to any of claims 13 to 25, wherein the decoder device is adapted to receive a digital television transmission.
27. A method for providing secure communication (of information between at least a first and a second digital audiovisual device substantially as described herein.
MXPA/A/2001/000489A 1998-07-15 2001-01-15 Method and apparatus for secure communication of information between a plurality of digital audiovisual devices MXPA01000489A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP98401778.0 1998-07-15
EP98401870.5 1998-07-22

Publications (1)

Publication Number Publication Date
MXPA01000489A true MXPA01000489A (en) 2001-11-21

Family

ID=

Similar Documents

Publication Publication Date Title
US6904522B1 (en) Method and apparatus for secure communication of information between a plurality of digital audiovisual devices
AU754015B2 (en) Method and apparatus for recording of encrypted digital data
AU766812B2 (en) Method and apparatus for encrypted transmission
US8677147B2 (en) Method for accessing services by a user unit
US20050089168A1 (en) Method and system for conditional access
HRP20000165A2 (en) Method and apparatus for encrypted data stream transmission
MXPA01000489A (en) Method and apparatus for secure communication of information between a plurality of digital audiovisual devices
CZ2001179A3 (en) Process and apparatus for safe communication of information among a plurality of digital audiovisual devices
ZA200100325B (en) Method and apparatus for secure communication of information between a plurality of digital audiovisual devices.
MXPA00007899A (en) Method and apparatus for recording of encrypted digital data
CZ20002967A3 (en) Process and apparatus for preparing for recording transmitted digital data
MXPA00003215A (en) Method and apparatus for encrypted data stream transmission
CZ20001170A3 (en) Method of transmitting and receiving encoded data flow