1. Field of the Invention
The present invention relates to a security device and a head end of a conditional access system (CAS), and a method for controlling illegal use in a conditional access system. More particularly, the present invention relates to a security device and a head end of a conditional access system (CAS), and a method for controlling illegal use of a content protected by a conditional access system, capable of controlling a security device illegally copied at the head end and minimizing the number of entitlement management messages to be distributed to a user.
2. Description of the Related Art
A conditional access system (hereinafter, referred to as “CAS”) has been well known and widely used in connection with a paid broadcasting system available currently. A conventional conditional access system is described in U.S. Pat. Nos. 4,631,901 and 4,712,238, the disclosures of which are hereby incorporated by reference in their entireties. Such a conditional access system broadcasts a program to a subscriber, the program being scrambled with a control word and received by a subscriber holding a security device, such as a smart card, and a set top box. Other data, which are transmitted together with the scrambled program, includes an entitlement management message (EMM) and an entitlement control message (ECM), which are needed when the security device descrambles the broadcasted program. Typical forms of the ECM and EMM messages are defined in the International standard ISO IEC 13818-1, the disclosure of which is hereby incorporated by reference in its entirety.
FIG. 1 illustrates an operation principle of a conventional CAS. Referring to FIG. 1, a conventional CAS encodes a to-be-broadcasted content containing for example video, audio, and data using an encoder (not shown) in a suitable coding system (for example, MPEG-II in digital broadcasting), and encrypts or scrambles the encoded broadcasting stream using a scrambler S 103 under the control of a control word CW generated by a control word generator CW_G. The control word CW is encrypted E(CW) with an access condition for legally using provided service at a head end 100 by an encryptor E 101b under the control of a media key MK. Another encryptor E 101a encrypts the media key MK using a unique user key UK only assigned to a subscriber. A decryptor D 109a at the subscriber side decrypts the received encrypted media key E (MK) with the user key UK, and another decryptor D 109b decrypts the received encrypted control word E (CW) with the decrypted media key MK. The descrambler DS 111 descrambles the scrambled code stream with the decrypted control word.
In such a conventional CAS, as the number of subscribers 150 increases, the number of unique user keys UKs distributed (assigned) to the subscribers increases. As a result, the media key MK, which is encrypted using a user key UK as an encryption key, is a kind of the EMM message, and the number of the media keys increases in proportion to the number of users. For example, if there are million subscribers, the CAS should broadcast media keys MK encrypted with respective user keys UK of the million subscribers to update the media key MK. Further, if one of the million subscribers withdraws subscription, the CAS should broadcast an updated control word that is encrypted with user keys of remaining 999,999 subscribers. Thus, in the conventional CAS, as the number of the subscribers increases, the number of EMM messages distributed by the head end 100 increases, laying a heavy burden on the head end 100. The user (particularly, conditional access module) should filter one of a number of EMM messages that is encrypted with his or her user key, thereby laying a burden on the user.
In order to mitigate the burden on the head end 100 and the user and exclude illegal users, a scheme for distributing minimal user keys is described in U.S. Patent Laid-open Publication 2004/0120529, entitled “Key distribution in a conditional access system,” Jun. 24, 2004, the disclosure of which is hereby incorporated by reference in its entirety.
A key distribution method described in the above-stated U.S. Publication No. 2004/0120529 (hereinafter, referred to as “IBM” technique) will be described.
It is first assumed that a set consisting of subscribers and illegal users of a conditional access system is a universal set U, and a set having subscribers (legal users) as elements, that is, a subset of the universal set U is S. The legal users may be selected from the universal set U. As a technique for the selection, there is a method called a traitor tracing scheme. The traitor tracing scheme is described, for example, in U.S. Laid-open Publication No. 2004/0111611, entitled “Method for tracing traitors and preventing piracy of digital content in a broadcast encryption system,” the disclosure of which is hereby incorporated by reference in its entirety
Now, a set S that is a collection of selected legal users is decomposed into at least one subset. These subsets are assigned a subset user key (SUK). Respective subset user keys (SUKs) assigned to subsets to which users belong are distributed to the users.
A case where an illegally copied smart card is found, with users holding a subset user key (SUK), will be described with reference to FIG. 2.
FIG. 2 illustrates a method for distributing a user key in a CAS. Referring to FIG. 2, users V3 and V2 indicated by dotted lines are illegal users. Subsets consisting of only legal users excluding the illegal users include for example D(U1, v1), D(U2, v2), and D(U3, v3). D(U1, v1) indicates a subset including all users connected to a node U1 and excluding users connected to a node V1. Meanwhile, each of users U7 to U10 belonging to D(U1, v1) has the same subset user key. Similarly, D(U2, v2) is a subset including all users connected to a node U2 and excluding users connected to v2. Similarly, a user U6 belonging to D (U2, v2) has a subset user key. Further, D(U3, v3) is a subset indicating a user U5. A user U5 belonging to D (U3, v3) has a subset user key.
As such, the use of the subset user key (SUK) allows illegally copying persons and service subscription withdrawing persons to be excluded using a minimal number of EMM messages when a security device is illegally copied or service subscription is withdrawn.
However, even though the above-described IBM technique is used, the number of the EMM messages increases by a multiple of the number of service channels if the number of the service channels increases.
Accordingly, there is a need for a CAS system capable of minimizing a burden due to the to-be-transmitted EMM messages, while excluding illegally copying person or withdrawing persons if a security device is illegally copied or service subscription is withdrawn.