In pay television, and more generally, in many pay for content systems, content is frequently encrypted. Decryption keys are made available only to paying customers. Content is typically accompanied by an access structure specifying usage rules for the content, and entitlements to content. Access structures which specify usage rules are often referred to as entitlement control messages, or ECMs. Typically, entitlements are delivered as entitlement management messages, or EMMs.
Conditional access systems typically rely on a secure module which processes incoming content according to the ECMs and the EMMs received. Based on the information in the received ECMs and EMMs, the secure module either allows decrypting the content or not. When content is available on a pay for content basis, such as in a pay TV system, the secure module typically comprises secrets, such as entitlements. A user with an appropriate entitlement is entitled to view content. A user without the appropriate entitlement is not allowed to view content. Using entitlements enables a conditional access system to differentiate between a paying subscriber and a person intercepting signals in order to receive content and watch the content for free.
Typically, the secure module is designed to be as tamper-proof as is possible. Frequently, the secure module is implemented in a smart card. Alternatively, the secure module is implemented in a secure processor comprised in a set top box. Without loss of generality, the term “smart card” or “smart cards” is used throughout the present specification to refer to the secure module.
As watching a particular unit of content requires having the appropriate entitlement to the particular unit of content watched, if a subscriber terminates his subscription, the subscriber's entitlement is revoked. Unscrupulous persons, known as “pirates” or “hackers”, who wish to watch content for free, often try to block the arrival of messages that entail cancellation of services. One common line of defense against such hackers is for entitlements to expire. Typically, the entitlement expires after one month. Since the entitlement expires, a hacker who has prevented a message canceling the entitlement from arriving at the smart card will nevertheless lose the entitlement after the entitlement expiration date.
On the other hand, legitimate subscribers periodically receive entitlement renewal messages. Entitlement renewal messages renew the entitlement for another month. Entitlement renewal messages are typically sent to subscribers at a low rate, due to bandwidth considerations.
As a consequence of the low refresh rate of entitlement renewal messages, if the set top box is turned off in such a way as to prevent reception of messages for an extended period of time, an existing entitlement expires, and regular renewal messages will not be received. The subscriber may then have to wait, typically for several hours, for an entitlement renewal message to arrive. Alternatively, the subscriber may have to call a service center and ask for an entitlement renewal message to be sent immediately. Either of these two scenarios is liable to cause the subscriber to feel that he has received poor service from the broadcaster. Furthermore, the broadcaster pays for such calls, and therefore, it is desirable to keep the number of such calls to a minimum.
U.S. Pat. Nos. 5,282,249 and 5,481,609 to Cohen et al describe a system for controlling access to broadcast transmissions including a transmitter having a transmission encoder for scrambling the broadcast, a multiplicity of subscriber receivers, each having an identical receiving decoder, containing no cryptographic keys, for descrambling the broadcast and a plurality of selectable and portable executing apparatus each being operatively associatable with a receiving decoder at a partially different given time and each executing generally identical operations to generate a seed for use by the associated receiving decoder to enable the receiving decoder to descramble the broadcast.
U.S. Pat. No. 6,178,242 of Tsuria describes a system for producing an output scrambled digital data stream from an input scrambled digital data stream. The input scrambled digital data stream includes a plurality of control messages (ECMs), each ECM including coded information for generating a control word (CW) associated with the ECM and being encoded using an ECM key. The input scrambled digital data stream also includes a plurality of segments of scrambled digital data, each segment of scrambled digital data being associated with one of the plurality of ECMs and being scrambled using the CW associated with the ECM. A method for producing the output scrambled digital data stream includes replacing each of the plurality of ECMs with a corresponding transformed ECM (TECM), each corresponding TECM comprising coded information for generating the CW associated with the corresponding ECM and being encoded using a TECM key, thus producing the output scrambled digital data stream, wherein the ECM key is replaced with a new ECM key at an ECM key change time, and the TECM key is not replaced at the ECM key change time
Published US Patent Application 2004/0168063 of Revital et al. describes a system and a method for secure transmission of protected content to a subscriber, without requiring a smart card or other renewable security element to be in physical proximity of the recipient module of the subscriber, such as a set-top box for example. Therefore, the renewable security element may optionally be protected and controlled by the transmitter of the protected content, such as by the broadcaster for example.
US Patent Application 2002/0147686 of Safadi et al. describes a method and apparatus for distributing multimedia content over a network to a plurality of networked and portable devices affording a system operator the ability to control the unauthorized distribution and playback of content transferred by the system operator to a user of that system. The transferred content in the form of encrypted data is distributed over the network from a set-top terminal/personal versatile recorder to at least one playback device, in accordance with rights established by the system operator or the content provider, where the content is decrypted for subsequent playback by the authorized devices.
US Patent Application 2003/0097655 of Novak describes a system and method for providing conditional access to digital content, whereby, in response to a user request to view specific digital content, the user's set top box (STB) accesses a verification entity via a persistent network connection. The STB establishes the user's identity with the verification entity, for instance, by reading identity credentials from a smart card. In response to the verification entity having stored a license for the user to view the digital content, the STB receives a license key from the verification entity. In addition, the STB receives an encrypted access key from an access key source corresponding to a segment of encrypted digital content. The license key is used to decrypt the encrypted access key, which is, in turn, used to decrypt the segment of encrypted digital content. A user may transfer his or her license in whole or in part to another user by sending a transfer request to the verification entity.
The disclosures of all references mentioned above and throughout the present specification, as well as the disclosures of all references mentioned in those references, are hereby incorporated herein by reference.