The present invention involves access control systems including an integrated circuit (IC) card, or xe2x80x9csmartxe2x80x9d card, for limiting access to information in signal processing applications.
Systems such as pay-TV systems include access control sub-systems that limit access to certain programs or channels. Only users who are entitled (e.g., paid a fee) are permitted to view the programs. One approach to limiting access is to modify the signal by, for example, scrambling or encrypting the signal. Scrambling typically involves modifying the form of the signal using methods such as removing synchronization pulses. Encryption involves modifying a data component included in the signal according to a particular cryptographic algorithm. Only individuals who are entitled to access are given the xe2x80x9ckeyxe2x80x9d needed to descramble or decrypt the signal. The terms scrambling and descrambling as used below are intended to encompass access control techniques in general, including cryptography and scrambling.
Access control systems may include an integrated circuit (IC) card, or xe2x80x9csmartxe2x80x9d card, feature. A smart card is a plastic card the size of a credit card that has a signal processing IC embedded in the plastic. A smart card is inserted into a card reader that couples signals to and from the IC in the card. International Standards Organization (ISO) standard 7816 establishes specifications for an IC card interface. In particular, ISO standard 7816-2 specifies that the electrical interface to the card will be via eight contacts positioned on the card surface as shown in FIG. 2A. Six of the eight signals at the contact points are defined as VCC (supply voltage), RST (reset signal), CLK (clock signal), GND (ground), VPP (programming voltage for programming memory in the card IC), and I/O (serial data input/output). Two contacts are reserved for future use. The assignment of the signals to the smart card contacts is shown in FIG. 2B.
The IC in a smart card processes data such as security control information as part of an access control protocol. The IC includes a control microcomputer, such as the 6805 processor from Motorola Semiconductor, Austin, Tex., which includes ROM, EEPROM, and RAM memory. The processor performs various security control functions including entitlement management and generating the key for descrambling the scrambled data component of the signal.
Entitlement management involves modifying information stored in the card that specifies the card owner""s entitlements (i.e. programs and services that a user is entitled to access). The processor adds and deletes entitlements in response to entitlement information in entitlement management messages (EMM) that are included in the input signal. EMM data typically indicates entitlement to a particular service, e.g. all programming on a particular channel, or to a particular program offered by a service, e.g., one movie on a particular channel. Because EMM relates to relatively long term entitlement, EMM typically occurs infrequently in a signal.
Once entitled to a service or program, descrambling of the service or program can occur only after generating a descrambling key. Key generation occurs in response to entitlement control messages (ECM) that are also included in the input signal. ECM provides initialization data for key generation routines that are executed by the processor. Each time a service provider changes the scrambling key, ECM data is included in the signal so that a system entitled to access can generate the corresponding new descrambling key. To aid in preventing unauthorized access to scrambled signals, the key is changed frequently, e.g., every two seconds. Thus, ECM data occurs frequently in the signal.
EMM and ECM data is transferred to the smart card for processing via the serial I/O terminal of the ISO standard 7816 interface. The serial I/O terminal is also used to transfer the generated key from the card to a descrambler unit in the video signal processing channel. The descrambler descrambles the data component of the input signal, e.g. video and audio data, using the key to produce a descrambled, or xe2x80x9cplaintextxe2x80x9d, output signal. Descrambling involves reversing the effects of the scrambling process, e.g., re-inserting sync pulses or decrypting data using the inverse of the encryption algorithm. The descrambled signal is processed further by the signal processing channel to produce video and audio signals suitable for coupling to output devices such as a kinescope and a loudspeaker, respectively.
Including a descrambling function in the video signal processing channel involves adding descrambling hardware to the system. The hardware may be included in a consumer electronics (CE) device, such as a television receiver, or may be in a stand-alone decoder unit, such as a cable box. Including descrambling hardware in a CE device or separate decoder unit dedicates the device to a particular access control system. For example, the hardware may be appropriate for descrambling only a particular type of scrambling algorithm. If the service provider decides to change to a different access control system, e.g. due to security problems, replacing the descrambling hardware involves the expensive and difficult task of modifying CE devices and/or replacing decoder units.
In addition, transferring a descrambling key generated by a smart card to a descrambler external to the smart card provides an opportunity for a xe2x80x9chackerxe2x80x9d to attack the security system. Because the security control IC is embedded in the smart card, a hacker cannot access the IC directly as part of an attempt to xe2x80x9chackxe2x80x9d, i.e. defeat, the security algorithm. Attempting to de-laminate the smart card to access the IC will destroy the IC. However, transferring the key to a descrambler via the card interface increases the likelihood that a hacker may monitor the key transfer protocol, intercept the key and compromise the access control system.
The invention resides, in part, in recognition of the described problem and, in part, in providing a solution to the problem. In accordance with an aspect of the invention, signal processing apparatus comprises a signal processing channel for processing an input signal having a control information component and having a scrambled data component, and an integrated circuit (IC) card including an IC for providing both key generation and descrambling functions.
In accordance with another aspect of the invention, both the IC in the IC card and the signal processing channel include descrambling functions. Either one or both of the descrambling functions may be used to descramble the scrambled data signal component.
In accordance with another aspect of the invention, the IC card exhibits mechanical characteristics in accordance with ISO standard 7816-1 and includes terminals mounted on a surface of the card in accordance with ISO standard 7816-2 for providing both a serial data interface in accordance with ISO standard 7816-3 and a high-speed data interface.
In accordance with another aspect of the invention, plural integrated circuit cards are series connected to form a signal processing channel in signal processing apparatus. The output signal from one integrated circuit card is routed to at least one other integrated circuit card. The last card in the series connection provides an output signal of the signal processing channel.
In accordance with another aspect of the invention, a television receiver comprises signal processing apparatus including an integrated circuit card reader for coupling a series-connected plurality of integrated circuit cards to a signal processing channel in the television receiver.