A digital domestic network is a set of audio-visual apparatuses linked by digital communication interfaces. These apparatuses include, for example, digital television decoders, optical disk readers/recorders, video recorders equipped with hard disks, computers or other platforms that allow access to a broadcasted audio/video content requiring payment. The domestic network belongs to a subscriber with a subscription to preset digital television programs, for example, and each apparatus of the network can only access the contents of these programs. This access is managed by a security module inserted into each apparatus of the network. This module, for example, in the form of a chip card, contains data pertaining to the subscriber that consists of access rights to programs. It also allows the identification of each apparatus connected to the domestic network and the decryption of the data.
According to one particular configuration, the domestic network includes an audio/video data recorder connected on one hand to a broadcasting server and on the other hand to a plurality of decoders or “set-top-box”. An encrypted audio/video content is transmitted by the server to either be decrypted by one or more decoders for direct visualization, or to be stored in a mass memory of the recorder that in general consists of a hard disk. Each decoder can extract all or part of this content stored for visualization at a moment chosen by the user.
One solution resides in recording the data stream that enters in an unprocessed form and then each decoder of the network reads and decrypts this data by way of control words CW extracted from the control messages ECM. The decryption of the data also depends on rights contained in the security module associated to each decoder and which are obtained by way of management messages EMM.
The main drawback of this solution is that after a certain time, stored data can no longer be decrypted by decoders of the network since the rights contained in the security modules are no longer valid. In fact, when a stream is visualized live without intermediate storage, the control words CW match with the rights that are regularly updated thanks to management messages EMM. Instead, the rights of the messages EMM recently updated in the security module during live visualization will no longer allow the visualization of a content whose messages ECM include old control words.
Another solution is described in the document US2004/032950 in which a secure communication is carried out between two encryption domains using a security module. According to an embodiment, a receiver equipped with a security module receives a broadcasted content encrypted with a first key, it decrypts said content and then re-encrypts it with a second local key originating from a stream generated by the security module. The content thus re-encrypted is transmitted towards a storage unit where it is restored by means of decryption with the local key obtained from a sale server via a secure channel. In order to prevent the re-encrypted content from being copied, each storage unit has its own local key.