It is well-known to protect the delivery of one or more items of content (which may be in the form of, for example, a data stream). The item(s) of content may comprise any kind of content, such as one or more of audio content, image content, video content, multimedia content, text content, etc. For example, for broadcast content delivery infrastructures, conditional access (CA) systems enable the selective delivery of analog and/or digital signals (such as television signals) to broadcast receivers (such as set-top-boxes). For broadband infrastructures (such as delivery of content via the Internet), digital rights management (DRM) systems similarly enable the selective accessing and decoding of content for broadband receivers (such as personal computers, mobile telephones, etc.). It is known, in both CA and DRM systems, to use hardware tamper resistance (e.g. use of a smart card or a so-called “Trusted Execution Environment” or TEE) and/or software tamper resistance techniques (e.g. the use of so-called white-box protection techniques or software obfuscation techniques) to harden client device implementations against attacks.
Traditionally, CA systems have relied on hardware protected key management functionality, e.g. in the form of a smart card. In order to reduce the cost of implementations, in some CA systems the functionality of the smart card is implemented/provided by a secured software implementation that executes in the receiver device instead of using a smart card. Examples of such secure software implementations and the associated head-end functionality are set out, for example, in EP2227014, EP2227015 and EP2360918, the entire disclosures of which are incorporated herein by reference.
Some CA systems that are implemented without using a smart card rely on a proprietary hardware decryption module in a system-on-a-chip (SoC) device that forms part of the receiver (e.g. in the set top box). This proprietary hardware decryption module relies on a secret key that is loaded in this module during the manufacturing process of the SoC device (see, for example, EP2506176, the entire disclosure of which is incorporated herein by reference). This secret key is unique to the SoC device. The uniqueness of this secret key is used by the CA client (the CA software application executing on the receiver device) and links the CA client to the device, which helps to protect the CA client against reverse engineering attacks.
There is an increasing range of consumer electronic devices that use an open operating system (OS). An example of such an open OS is Android. Due to the open nature of such OSs, attackers have full knowledge of and control over the OS. This makes such an OS a very attractive platform for attackers. To reduce the impact of OS based attacks, hardware protection mechanisms have been deployed to harden or protect software applications against OS based attacks. Some SoC devices (such as some used in current consumer electronics devices) now support a TEE that in combination with firmware enable selected software applications achieve better protection against OS based attacks. Deploying a TEE-based hardware protection system for software applications requires the support of both chip manufacturers and CE manufacturers. This means that it is very difficult to achieve a broad range of devices to achieve protection of applications.
Some content owners mandate the use of a hardware-based DRM system for releasing their content to relatively open CE devices, such as Android based equipment. This means that many CE devices nowadays support at least one DRM system. Examples include SoC devices for television sets which currently support a DRM system for rendering streaming content.