This invention relates generally to enabling secure communications between an a head end or server and a receiving client, for example in systems that distribute television content, software or other content electronically.
In a digital broadcast system, digital content may be transmitted from a head end or server to a plurality of receivers or clients. Ideally, the system is secure enough to prevent hackers from intercepting the content and viewing it without paying for the content. Similarly, other electronic communications may be sent in the same fashion including application programs as another example.
In each case, conditional access services may be provided using a device key to enable secure communications between the head end and the client. One approach to providing such a system is to use a smart card reader at the client. However, the smart card system can be hacked since it is possible to obtain the information from the smart card and then to use it to receive the services for free. The hacker merely monitors the smart card interface. The hacker may thereafter use computing resources to decipher the data using a distributed attacking scheme and distribute a control word such as a session key in real time over the Internet.
Similar approaches involve installing a unique device key into a flash memory or an electrically erasable programmable read only memory (EEPROM) as an alternative to a smart card. An encryption scheme may be used to pass the device key into a transport demultiplexer or other conditional access service receiver before receiving conditional access services. However, the standalone, non-volatile memory device may easily be removed and replaced by a hacker.
As another approach, a unique device key may be integrated into a non-volatile memory device that is part of the transport demultiplexer module. However, the drawback of such an approach is a lack of renewability of the device key and the relatively higher manufacturing cost.
Still another approach is to have a manufacturer key burned into the transport demultiplexer at the client. The head end then generates and sends the device key covered by the manufacturing key to each client. Although this approach provides an effective way to renew the device key, it enables those clients with the same manufacturer key to steal the device key when the head end sends the key down to the client who subscribes to the broadcasting service.
Thus, there is a need for better ways to secure transmissions between a head end and a client that enables the device key to be renewed while reducing the likelihood of a device key being intercepted.