The development of storage on a hard disk has opened up new applications such as television broadcast storage and the preloading of films or other events proposed for purchase.
In a well known method, to be able to visualize a Pay-TV event, such as a film, a sports event or a game in particular, several streams are broadcast toward a multimedia unit, for example a decoder. In particular, these streams are on one hand the file of the event in the form of an encrypted data stream and on the other hand a control message stream allowing the decryption of the data stream. The content of the data stream is encrypted by at least one “control word” (CW) and more generally by control words that are renewed regularly. This second stream is called ECM stream (Entitlement Control Message) and can be formed in two different ways. According to a first method, the control words are encrypted by a key, called a transmission key TK that generally pertains to the transmission system between a management center and a security module associated with the receiver/decoder. The control word is obtained by decrypting the ECM control messages by means of the transmission key TK.
According to a second method, the ECM stream does not contain directly the encrypted control words, but rather contains data allowing the determination of the control words. This determination of the control words can be carried out by means of different operations, in particular by decrypting, this decryption being able to obtain the control word directly, which corresponds to the first method described above, but the decryption can also result to a piece of data which contains the control word, the latter must also be extracted from the data. In particular, the data can contain the control word as well as a value associated to the content to be broadcast and in particular the access conditions to this content. Another operation allowing the determination of the control word can use, for example, a one-way hashing function of this access conditions information in particular.
The security operations are generally carried out in a security module associated to the multimedia unit or to the decoder. This type of security module can be produced in particular according to four distinct forms. One of these is a microprocessor card, a smart card, or more generally an electronic module (in the form of a key, a badge, etc.). This type of module is generally removable and can be connected to the decoder. The form with electric contacts is the most widely used, but does not exclude a connection without contact for example ISO 14443.
A second known form is that of an integrated circuit shell placed, generally in a definitive and irremovable way in the decoder board. An alternative is made up of a circuit mounted on a base or a connector such as a SIM module connector.
In a third form, the security module is integrated into an integrated circuit shell that also has another function, for example in a descrambling module of the decoder or the microprocessor of the decoder.
In a fourth embodiment, the security module is not produced as hardware, but rather its function is implemented only in the software form. Given that in the four cases, although the security level differs, the function is identical, reference is made to a security module regardless of the way in which its function is carried out or the form that this module can take.
The user unit receiving the data stream and the message stream extracts the messages in order to transmit them to the security module. As the messages arrive at the same time as the data, the security module can transmit the active control word as early as this is necessary. According to the systems used, a control message can comprise more than one control word, for example two, so that the user unit constantly disposes of the current control word and of the following control word.
It is possible that in addition to the use of the event in broadcast mode, this same event is stored on the hard disk of the user unit for subsequent use. This process raises two problems, namely the definition of the access conditions and the renewal of the transmission key TK.
The first problem to arise concerns the management of the access to this content, namely that the conditions for one broadcast mode can be different to the conditions of a different mode. One solution is to multiply the access conditions in the control message as described in the document WO01/80563.
In order to resolve the second problem, it has been proposed to create a key safe on the hard disk to memorize the transmission key TK valid at the time of the transmission of the event (see WO03/079683).
The content distribution operators require a more flexible solution that offers the same advantages.
The document WO03/107665 describes a solution including the creation of an index list formed at the time of the reception of the content and the control messages. The control messages broadcast with the content are stored and subsequently re-used with the index file. In the case that the broadcast messages are not applicable for subsequent use, this document does not teach anything regarding how to solve this problem.
The document EP1215905 describes a solution in which the content is transmitted with a list containing the control word associated to each part of the content. This list contains an identifier allowing a link to be made between the content broadcast and the control words stored in the list. This list is prepared at a managing center and broadcast with the content to allow the synchronization of the control words and the content.
Document EP1187477 discloses a personal video recorder (PVR) which receives a broadcast data stream and encrypts data extracted from the stream before storing on a disk. The key used for the encryption is specific to each PVR and is preferably randomly generated.
Document: WO00/57636A1 discloses a set-top box which provides received content that satisfies the conditional access scheme to a descrambling and encrypting module via a coupling. The set-top box scrambles the content it passes to the module in order to prevent a malicious user from tapping into the signal passed between the set top box and module and inappropriately using the content. The module receives the scrambled content from set-top box and descrambles the content. The module knows the manner in which content from the set top box is scrambled and is thus able to de-scramble such content. In order to maintain the security of the de-scrambled content inside the system, the media content is also encrypted by the module. This encryption is based on a household identifier corresponding to a smart card. By so encrypting the media content, the content is tied to a particular household. In one implementation, all content is encrypted by the module. Alternatively, only content which is received in scrambled format may be encrypted, or some other indicator of which content to encrypt may be used (e.g., header information in the received content, pre-defined date and/or time ranges of content to be encrypted, etc.). By encrypting the media content using a smart card, and correspondingly requiring a smart card for decryption, limitations are placed on the ability to playback the content. This effectively creates a boundary to the user's network, the boundary being defined by wherever the smart card goes. This effective boundary prevents a malicious user from copying useable media content to a server on the Internet.