1. Field of the Invention
This invention is in the field of encrypting content data for content data distribution networks, especially broadcast network video data.
2. Related Art
It is common for networks that distribute content such as music, video or data to multiplex data packets in a data stream transmission that comprises multiple programs. It is also common to encrypt or scramble broadcast programming. It is desirable to control access to programs separately because subscribers receiving transmission typically subscribe to some but not all of the transmitted programs, and for other reasons such as local blackouts of athletic events.
In the prior art various encryption systems have been used for security and to control access. These systems generally encrypt transmitted content data with a secret algorithm using a secret key. In prior art data distribution networks, multiple keys were used. Many encryption systems convolve random number sequences with the key algorithm and generate a “seed” that is necessary to decrypt the content. A receiving unit having the key uses it and the received seed to reverse the algorithm and decode the content. Varying levels of complexity for key algorithms are known, and provide varying levels of security. For broadcast or distributed content, encryption keys may be transmitted to receivers. For security enhancement, the keys may be rapidly changed.
In the prior art it has been possible to encrypt all programs according to a single encryption system. However, encrypting all the programs identically does not allow program-by-program access control.
According to the known prior art, the process of encrypting separate programs of content separately, so that subscribers are only allowed to descramble those programs to which they subscribe, involved separately encrypting and separately decrypting each individual program. Multiple keys were required.
Keys are often generated by relatively complex and expensive devices such as pseudo random sequence generators. The sequence generator may be generically understood to be a shift register executing an exclusive OR function according to an encryption algorithm. The receiving device must also have pseudo random sequence generator to execute the converse exclusive OR instruction to decode the content.
Separate encryption for each program according to the known prior art therefore required a separate decoding apparatus for receiving and executing the multiple keys for each of the separate programs. The multiple key mechanisms for separately decoding multiple programs at receiver units involved the cumbersome and expensive necessity of separate decoders separately executing separate keys for each of the programs. Alternatively, large decoders with large look up tables for all data packet identification (PID) headers and multiple state machines could be used. In any case, the receiving device must have more expensive hardware to execute the additional processing required. Finally, greater bandwidth is used at all levels of the system.
There is a need in the industry for an adequately secure encryption system that can decode multiple programs separately using fewer decoders executing fewer keys than the total number of programs encrypted, and that can do so with less expensive processing. One approach to doing so is to control the data comprising the various programs to categorize programs into authorized and unauthorized groups of data.
Most digital data distribution systems commonly work according to common familiar concepts. Multiple content data streams, video, audio or data, are divided into packets, multiplexed, transmitted, demultiplexed and routed for use to various receivers. The MPEG2 protocols are illustrative of the class, and characteristic of the embodiments discussed herein. Other protocols such as MPEG1 or DSS are alike in function although they vary in detail.
The Moving Picture Experts Group (MPEG) is the expert group of the International Organization for Standardization (ISO) that has defined the MPEG-2 standard protocol; a format that can be used to describe a coded video bitstream. It does not specify the encoding method. Instead, it defines only the resulting bit stream.
Video compression is an important part of the MPEG standards. Additionally, MPEG-2 includes a family of standards involving different aspects of digital video and audio transmission and representation. The general MPEG-2 standard is currently divided into eight parts, including systems, video, audio, compliance, software simulation, digital storage media, real-time interface for system decoders, and DSM reference script format.
The video portion of the MPEG-2 standard (ISO/IEC 13818-2) sets forth the manner in which pictures and frames are defined, how video data is compressed, various syntax elements, the video decoding process, and other information related to the format of a coded video bitstream. The audio portion of the MPEG-2 standard (ISO/IEC 13818-3) similarly describes the audio compression and coding techniques utilized in MPEG-2. The video and audio portions of the MPEG-2 standard therefore define the format with which audio or video information is represented. Any authorization control manipulation and any decryption must ultimately output data in this format for MPEG-2 applications
At some point, the video, audio, and other digital information must be multiplexed together to provide encoded bitstreams for delivery to the target destination. The Systems portion of the MPEG-2 standard (ISO/IEC 13818-1) defines how these bitstreams are synchronized and multiplexed together. Typically, video and audio data are encoded at respective video and audio encoders, and the resulting encoded video and audio data is input to an MPEG-2 Systems encoder/multiplexer. This Systems multiplexer can also receive other inputs, such as control and management information such as authorization identifiers, private data bitstreams, and time stamp information. The resulting coded, multiplexed signal is referred to as the MPEG-2 transport stream. Generally, a data transport stream is the format in which digital information is delivered via a network to a receiver for display.
The video and audio encoders provide encoded information to the Systems multiplexer in the form of an “elementary stream”. These elementary streams are “packetized” into packetized elementary streams which are comprised of many packets. Each packet includes a packet payload corresponding to the content data to be sent within the packet, and a packet header that includes information relating to the type, size, and other characteristics of the packet payload.
Elementary stream packets from the video and audio encoders are mapped into transport stream packets at the Systems encoder/multiplexor. Each transport stream packet includes a payload portion which corresponds to a portion of the elementary packet stream, and further includes a transport stream packet header. The transport stream packet header provides information used to transport and deliver the information stream, as compared to the elementary stream packet headers that provides information directly related to the elementary stream. Each transport packet header includes a packet identifier (PID) to identify the digital program or elementary stream to which it corresponds. Within the transport packet header is a packet identifier (PID), which is a 13-bit field used to identify transport packets which carry elementary stream data from the same elementary stream, and to define the type of payload in the transport packet payload.
Before the transport stream is decoded, the transport packets must undergo analysis, synchronization, demultiplexing, as well as other packet manipulating functions. These functions can be managed by devices such as a MPEG transport demultiplexor, in a known fashion.
Each transport stream may contain different elementary streams, each of which carries different video, audio and possibly data information all corresponding to a common program. Accordingly, after synchronization and demultiplexing, elementary stream packets must be organized from the various streams and transport packets carrying them to output coherent content. Tables are used to do this.
Packet Identification (PID) tables are updated when the system is first powered up and when the viewer changes the channel being viewed. Upon every power up sequence, the PID table is expressly updated by the host. Similarly, the host updates the PID table when a viewer performs a change channel operation.
PID tables are organized into Program Map Tables, which in turn are subsets of Program Association Tables. Packets must be properly organized according to these tables before being output for play as coherent programs. To play upon output, identification headers must be in the tables, although the content data payload associated with them is arbitrary.
While there always remains a need for increased efficiency in the management of data processing and encryption for the individual receivers used by individual satellite TV subscribers, there is a particular need for processing, authorization and encryption management efficiencies in receivers dedicated to serving groups of subscribers. This particular need would be most apparent when the receiver is for an operator of a cable TV or radio service, radio station using the content for rebroadcast, television station using the content for rebroadcast, internet provider cable services, voice over internet services, rebroadcast over LANs, or virtually any service wherein a receiver outputs a data transport stream to be accessed by a plurality of users downstream.