Various encryption techniques are known for protected provisioning of data from a sender to a receiver, wherein the data is encrypted in the sender using an encryption key, the encrypted data is transmitted to the receiver and the encrypted data is decrypted in the receiver using a decryption key. The decryption key can be provided from the sender to the receiver as well, in which case the decryption key is secret data that needs to be securely provided. If the sender is in control of which receiver is able to obtain the secret data then the secret data is conditionally provided.
E.g. in a conditional access system for pay-tv, premium content is typically scrambled in a head-end system using a control word (CW) as encryption key. The scrambled content is broadcast to conditional access receivers. To allow a receiver to descramble the scrambled content, a smartcard is to be inserted into the receiver. Through the receiver the smartcard receives from the head-end system an encrypted entitlement management message (EMM) comprising a chipset session key (CSSK) encrypted under a key CSUK of the receiver. Through the receiver the smartcard further receives from the head-end system an entitlement control message (ECM) comprising the CW encrypted under the CSSK. Typically the CW has a shorter life time than the CSSK. Therefore the CSSK can be used to decrypt multiple CWs received in multiple ECMs over time. Using the decrypted CSSK the smartcard decrypts the CW, which can subsequently be used by the receiver to descramble the scrambled content. It is known that additional key layers may be used for decrypting the CW.
Manufacturing costs increase as the receiver is made more secure, because attackers develop new techniques over time to violate computing environments, and more sophisticated countermeasures need to be incorporated.
Especially in the pay-tv field, smartcards have been the platform of choice for providing a trusted environment to the receivers. However, though secure, smartcards are expensive both in terms of logistics—as they need to be distributed and tracked—and in terms of component costs. Moreover, as for any other hardware solution, it is difficult and costly to revoke and swap smartcards once deployed in case some flaw has been discovered. That implies that design and development of smartcard application needs to be very careful, and testing very thorough. Moreover, a smartcard does not provide sufficient CPU power to carry out bulk decryption of broadcast content. Therefore the role of the smartcard is mostly limited to relaying the obtained CW to more powerful hardware such as a descrambler in the receiver, either dedicated or general purpose. Such receiver—in turn—disadvantageously has to ensure a minimum degree of confidentiality when communicating to the smartcard, which entails some unique secret such as a key shared between the smartcard and the receiver.
There is a need for an improved solution for securely and conditionally providing secret data from a sender to a receiver.