FIG. 1 shows one possible configuration of a DVB system 100. This example system complies with the Digital Video Broadcast (DVB) specification (but the inventions disclosed hereinafter are not necessarily limited to such systems). Accordingly, all components and interfaces are described in detail in the DVB specification. The detail that is presented here is for background informational use. The reader is referred to the DVB specification for specific details beyond those needed for the intended overview presented here.
In FIG. 1, cable system 100 is shown. Content Encryption Block 104, conditional access management system 108 and television Set-Top Box STB 112 are also shown. Within content encryption block 104 (content encryption block 104 and CA management system 108 are generally located at the cable system headend or content distribution broadcast center) are Simulcrypt™ Synchronizer (SCS) Processor 116 and content encryption block 120. Within the content encryption block 120 are code word generator 124 and encrypt engine 128. Output multiplexer (mux) 132 is the final block within content encryption block 104. Details of the communications interfaces within cable system head end will follow. The interfaces described may be hardware interfaces with direct connections as shown or software interfaces for communication over, for example, a bus structure without limitation.
Within conditional access management system 108 are the content scheduler 136, the event information scheduler (EIS) 140, the subscriber database 144, the ECM generator 148 and the EMM generator 152.
With the major components identified so far, an example DVB encryption cycle can be discussed. Clear content 156 is received by encrypt engine 128 on content interface 160. Likewise, the current code word (or encryption key(s)) is received by encrypt engine 128 from code word generator 124 on codeword interface 164. The same codeword is transferred from code word generator 124 to SCS processor 116 on code word interface 168.
Communications between the content encryption block 104 and conditional access management system 108 occurs over the encryption device to conditional access system communications link 172. Conditional access system communications link 172 is composed of several other interfaces, namely access criteria interface 176, code word and access criteria interface 180 and signed ECM interface 184.
During the typical DVB encryption cycle, EIS 140 receives information from content scheduler 136 on content schedule interface 188 and transmits this information to SCS processor 116 on access criteria interface 176. SCS processor 116 then transmits the code word received from code word generator 124 on code word interface 168 and the access criteria received from EIS 140 on access criteria interface 176 to ECM generator 148 across code word and access criteria interface 180.
Likewise, EMM generator 152 interfaces with subscriber database 144 across subscriber database interface 192 to retrieve information necessary to create EMM messages. ECM generator 148 and EMM generator 152 communicate across ECM/EMM interface 196 to communicate information that is necessary for ECM generator 148 to create signed ECM messages. EMM packets are transferred to STB 112 across EMM packet interface 1100 and signed ECM messages are transferred from ECM generator 148 to SCS processor 116 across signed ECM interface 184 to complete the current actions of the conditional access management system 108.
SCS processor 116 then asserts a period switch command to the encrypt engine 128 across period switch interface 1104. Encrypt engine 128 then outputs an encrypted stream of data on interface 1108 to output MUX 132 while SCS processor 116 transmits the signed ECM message (intended to be placed into the outgoing transport stream) across signal ECM insertion interface 1112 to output MUX 132. The final encrypted transport stream with ECMs inserted is then output from content encryption block 104 on transport stream interface 1116. Keep in mind that transport stream interface can be any of a cable network, satellite connectivity, or any other suitable communication medium.
At STB 112, the transport stream is received and ECM processor 1120 strips out the ECM packets from 1116. The raw transport packets are passed along transport packet interface 1124 to the Cryptoperiod switch 1128, which switches periodically between even decrypt engine 1132 and odd decrypt engine 1136. EMM packets are received on EMM packet interface 1100 (again any suitable communication medium, for example an out of band delivery mechanism per the DVB specification, connects EMM generator 152 and ECM processor 1120) by ECM processor 1120. A recovered code word is output to both the even decrypt engine 1132 and the odd decrypt engine 1136 across recovered code word interface 1140. Finally, clear transport data is transmitted to the digital decoder 1144 across clear transport interface 1148.
Many details of timing and forwarding of codewords and other interactions between the components of the system have been omitted to simplify the previous discussion. The reader is again referred to the DVB specification for specific details of the components, interfaces, and relevant timings. It is believed sufficient for the purposes of this disclosure to generally understand the architecture, as presented herein, with reference to the DVB specification for specific details.
The Passage™ initiative, promoted by Sony, provides a mechanism for MSOs to deploy non-legacy headend equipment, subscriber devices and services on their existing legacy networks. In the USA, these networks are supplied by either Motorola (former General Instrument) or Scientific Atlanta. These two companies at present constitute better than a 99% share of the US cable system market as turnkey system providers. The systems, by design, employ proprietary technology and interfaces precluding the introduction of non-incumbent equipment into the network. An MSO, once choosing one of these suppliers during conversion from an analog cable system to a digital cable system, faces a virtual monopoly when seeking suppliers for additional equipment as their subscriber base or service offering grows.
Before the Passage™ initiative, the only exit from this situation was to forfeit the considerable capital investment already made with the incumbent provider, due to the intentional incompatibility of equipment between the incumbent and other sources. One primary barrier to interoperability is in the area of conditional access systems, the heart of addressable subscriber management and revenue collection resources in a modern digital cable network.
The Passage™ technologies were developed to allow the independent coexistence of two or more conditional access systems on a single, common plant. Unlike other attempts to address the issue, the two systems operate with a common transport stream without any direct or indirect interaction between the conditional access systems. The basic processes used in these technologies are discussed in detail in the above-referenced pending patent applications.
The above-referenced commonly owned patent applications, and others, describe inventions relating to various aspects of methods generally referred to herein as partial encryption or selective encryption, consistent with certain aspects of Passage™. More particularly, systems are described therein wherein selected portions of a particular selection of digital content are encrypted using two (or more) encryption techniques while other portions of the content are left unencrypted. By properly selecting the portions to be encrypted, the content can effectively be encrypted for use under multiple decryption systems without the necessity of encryption of the entire selection of content. In some embodiments, only a few percent of data overhead is consumed to effectively encrypt the content using multiple encryption systems. This results in a cable or satellite system being able to utilize Set-top boxes (STB) or other implementations of conditional access (CA) receivers from multiple manufacturers in a single system—thus freeing the cable or satellite company to competitively shop for providers of Set-top boxes.
In each of these disclosures, the clear content is identified using a primary Packet Identifier (PID). A secondary PID (or shadow PID) is also assigned to the program content. Selected portions of the content are encrypted under two (or more) encryption systems and the encrypted content transmitted using both the primary and secondary PIDs (one PID or set of PIDs for each encryption system). The so-called legacy STBs operate in a normal manner decrypting encrypted packets arriving under the primary PID and ignoring secondary PIDs. The newer (non-legacy) STBs operate by associating both the primary and secondary PIDs with a single program. Packets with a primary PID are decoded normally and packets with a secondary PID are first decrypted then decoded. The packets associated with both PIDs are then assembled together to make up a single program stream. The PID values associated with the packets are generally remapped to a single PID value for decoding (shadow PIDs remapped to the primary PID value or vice versa.)
In certain encrypted digital broadcast transmission systems, regardless of the delivery medium (cable, DBS, DSL, etc.), content at some point prior to transmission to the terminal devices passes through an encryption device designed to obscure the digital content from unauthorized access. These devices use published encryption algorithms such as DES, DES-ECB, DVB-CSA, AES and other methods such as proprietary encryption systems, and typically are dynamically managed by a conditional access system that manages all the encryption devices in a facility. The conditional access system determines which services on each transport should be encrypted and supplies the access criteria, which are the credentials that each particular subscriber terminal device must possess in order to access and display the material. The actual key used by the encryption device to encrypt the data stream passing through the device, depending upon component and system vendor, may either be supplied by the encryption device or the conditional access system itself.
The conditional access system also is responsible for forming special messages sent to the subscriber terminal devices, called entitlement control messages (ECMs) that contain the content encryption key and the access criteria for the content. The data payload in the ECM is itself encrypted, but using a different algorithm than the content itself. The ECM encryption algorithm is a proprietary technology of the conditional access system provider and a closely guarded secret. The ECMs can be inserted in the transport stream at the encryption device or sent through other means and are used by the conditional access agent inside each subscriber terminal device to recover the content encryption key, if authorized for viewing, and supply it the transport decryption element in the terminal device to recover the clear-text content.
In a DVB based system, the conditional access system supplies the access criteria to an element, which may be integrated within the encryption device itself, called a Simulcrypt synchronizer (SCS). The SCS manages the timing and delivery of data between the key generator, ECM inserter and stream encryption engine, which can be elements within the encryption device and the conditional access management system, external to the encryption device.
The conditional access management system provisions the encryption device, indicating the MPEG services within the processed transport stream(s) to encrypt. This indication can either be at the service or at the component level and according to the MPEG transport protocol, a service may contain any combination of encrypted and clear elementary stream components. When the encryption device determines that the system key period (cryptoperiod) is near expiration, the key generator creates a new random key to be used to encrypt or “sign” the service components that are being encrypted. This new key is delivered to the SCS. In parallel, the conditional access management system delivers the access criteria associated with a particular MPEG service to the SCS as well. The access criteria changes relatively infrequently, as often as once per one to two hours for pay-per-view content, to as seldom as monthly or yearly (or longer) in the case of advertising-based subscription television services where the only reason for encryption is to stop non-cable customers from stealing service. An example of the latter might be the Discovery Channel or TLC services, as opposed to true subscription (HBO or Showtime) or pay-per-view services, which carry no supporting advertising and revenues are derived from subscriptions for the content itself.
The SCS retains the access criteria supplied by the conditional access management system for each encrypted service until either the service is provisioned for non-encrypted delivery (clear service) or the data is superseded with newer access criteria. Whenever the key generator delivers a new key to the SCS, it bundles the key and current access criteria for the encrypted service and sends this prototype message to the entitlement control message generator (ECMG), part of the conditional management system, for encryption or “signing” with the proprietary algorithm as described earlier. The signed ECM is sent by the ECMG back to the SCS in the encryption device. The SCS takes the delivered ECM and places the new ECM in the outgoing, encrypted transport stream. After a predetermined period to allow time for subscriber terminal devices to recover and decode the new ECM message, the SCS then issues the new key to the stream encryption engine as a replacement for the old key in the encryption of the indicated service. This entire process is repeated every cryptoperiod (seconds) and is performed in parallel within the encryption device for each indicated service in the transport multiplex processed by the device since no two services use the same key. The conditional access management system independently delivers access criteria for every encrypted service in the channel plan as well as performing ECM signing for each encrypted service every cryptoperiod.