1. Field of the Invention
The present invention relates to systems and methods for limiting unauthorized access to digital services and in particular to a method and system for incorporating a hardware based asynchronous configuration mechanism in a smart card capable of dynamically reconfiguring a hardware state machine using a secure delivery process.
2. Description of the Related Art
Digital services such as television programs and information regarding those programs (e.g., a program guide) are distributed to users by a variety of broadcasting methods. Such services may be proprietary and available on a subscription basis. To prevent unauthorized access to the services, a plethora of security mechanisms are utilized. Such mechanisms may store information in memory, wherein the information is used to validate a user or provide access. However, persons often attempt to obtain illegal/unauthorized access to the services by altering the memory contents. What is needed is the capability to prevent or increase the difficulty of obtaining illegal access to the information and digital services. These problems may be better understood by a description of current broadcasting methods, security mechanisms, and methods for obtaining unauthorized access to such services.
As described above, television programs and digital services are distributed to viewers by a variety of broadcasting methods. These methods include traditional analog broadcast television (National Television Standards Committee or “NTSC” standard), the soon to be required digital broadcast television (Advanced Television Systems Committee or “ATSC” standard), cable television (both analog and digital), satellite broadcasting (both analog and digital), as well as other methods. These methods allow channels of television content to be multiplexed and transmitted over a common transmission medium.
To view the television programming and have access to the digital services, users commonly have a set top box (also referred to as an integrated receiver/decoder [IRD]). Within the system or set top box, a security component/microcircuit known as a smart card may be utilized to prevent unauthorized access to the television programs and digital services. The smart card microcircuit may contain a microprocessor, volatile memory components, a nonvolatile memory component, and a system input/output module. The security system may be compromised if components are attacked or used in unintended ways.
Nonvolatile memory has been used extensively throughout the electronics industry. For example, in the IRD, the microprocessor utilizes nonvolatile memory to contain state information (e.g., status information) used to provide the desired functionality and enforce security policies intended by the designers. The microprocessor and/or a memory access control unit utilized by the microprocessor restricts access to the memory components.
In the prior art, virtually all successful security compromises to alter system software contained in nonvolatile memory have been through external, non-invasive attacks using the system input/output module. Such compromises may merely require a computer and an inexpensive (e.g., $10) card reader. Thus, most attacks occur by inappropriate manipulation of the microprocessor or memory access control unit.
For example, there have been numerous attempts by individuals or companies (i.e., hackers or attackers) to attack, misuse, or modify the nonvolatile memory through external means of reprogramming or otherwise altering the contents of the memory when the memory component has been available to the central processor or otherwise on the system bus. For example, attacks using unforeseen methods or subverting poorly implemented defenses can be used to gain unauthorized access to the contents of the memory and/or lead to reprogramming the contents of the memory. Reprogramming or unauthorized access to the memory contents can lead to complete compromise of the security features intended in the device.
The simplest and most prevalent form of attack against the memory components uses external noninvasive means using a system's input/output module due to the low cost of the equipment required to implement this form of attack. Most attacks occur by inappropriate manipulation of a microprocessor or memory access control unit. For example, memory contents have been subverted when a memory access control unit (that controls access to a memory component) has been compromised. Once the single memory component has been breached, the attacker may then have the capability to access all memory address locations that reside other memory components.
To avoid security compromises through system software and the nonvolatile memory, some prior art techniques also employ custom hardware within the smart card. The custom hardware provides a hardware state machine that implements a security policy. However, such a hardware state machine is fixed. Accordingly, if the hardware is compromised, the smart card must be physically replaced to accommodate a different hardware state machine. Such a replacement can be extremely expensive if the deployed customer base is large.