The invention relates to content protection systems which allow for distributing and accessing protected content. Most specifically, the invention relates to a device for accessing protected content and to a method for operating such a device.
Content protection systems are essential with respect to the distribution of digital content via digital broadcast or through other channels. In such content protection systems, content is encrypted or scrambled (commonly referred to as encryption herein) before it is sent to the users of system, and the users decrypt or descramble (commonly referred to as decryption herein) the encrypted content in order to render the content. The cryptographic information which is necessary for decrypting the content is provided to authorized users in a secure manner so that only such users are able to access and render the protected content.
In addition, usage rights may be defined for the protected content, which define permitted uses of the protected content. The usage rights may be specified in usage rights information which can be provided to the users of the content in addition to the content itself and the cryptographic information for decrypting the content. By means of such usage rights information, it can e.g. be specified whether or not the users are permitted to store the content for a future playback or whether they are allowed to forward the protected content from their main devices for receiving the content to further devices.
In order to provide a high security against unauthorized accesses to the protected content, user devices for accessing protected content may dispose of secure hardware modules for decrypting the content. These hardware modules may be separated from the remaining hardware of the user devices and may particularly provide a special hardware security architecture for protecting the information used therein and the processes carried out therein.
In user devices disposing of such a secure hardware module, a secure processing of the content in accordance with the usage rights information can be ensured when the usage rights information are likewise processed in the secure hardware module. However, it is typically only possible to provide few basic usage rights information when this information is processed in a secure hardware module, because it is usually not possible to implement in the secure hardware block complex functionality for evaluating usage rights information without affecting the security of the hardware module against tampering. Such basic URI information do typically not meet the requirements of content providers that do often want to specify more complex usage rights in order to be able to flexibly control the use of their content.