Cable television network is one of the most important network resources in social development in the future. Cable television technologies are facing the opportunities and challenges of digitalization, networking and informatization. Digitalization means that the signal of an information transmission tool is changed from an analog one to a digital one, networking means that public sharing of information resources is achieved, and informatization means that value-added extended services are provided to turn unidirectional broadcast into bidirectional interaction. Among these cable television technologies, the Conditional Access (CA) technology is a technical foundation to reach this goal and also the only way for development of the cable television technologies. Under a traditional CA technical framework, stream media are transmitted after encrypted, users cannot watch the stream media normally before a receiving end decrypts the received stream media properly, thus, the users are managed in this way, and signal stealing without authorization is prevented. With the CA technology, only authorized users are allowed to enjoy a certain service, which is not available to unauthorized users, consequently, normal profits of cable television value-added services can be ensured. A Conditional Access System (CAS) is exactly the system for implementing this function.
The core of the CAS lies in encryption and secure transmission of a Control Word (CW). The CW is generated randomly at the front end of the CAS that carries out transmission based on a Digital Video Broadcasting (DVB) standard, and the stream media of various services in a digital television system are scrambled according to the CW. The CW serving as a descrambling key, though randomly varying all the time, is still not secure enough, the entire CAS will become completely useless if the CW is cracked and read. To guarantee the security of the CW in the transmission process, the CW is encrypted using a Service Key (SK) to form an Entitlement Control Message (ECM). However, this SK can be acquired from any location, which means that subscribers of particular services and non-subscribers have the same right for program services, therefore, an Authentication Key (AK) must be used to protect the SK in an encryption way, the AK is stored in a smart card and is directly relevant to the program authority of a user. In order to provide different types of services at different levels, a plurality of AKs are assigned to each user by the CAS to meet abundant service requirements. The address message, entitlement message and other messages of a user are acquired from a user management system by the CAS, and combined with the CW-encrypted SK to form an Entitlement Management Message (EMM). The ECM and the EMM are inserted into stream media, which are processed by multiplexing and the like, and then transmitted to a set-top box. The set-top box, after receiving the scrambled stream media, acquires the encrypted ECM and EMM data information by demultiplexing, the ECM and EMM data are decrypted through the AK in the smart card to acquire the CW, and the stream media are restored by means of CW descrambling to finish the whole decryption procedure.
The architecture of the set-top box (i.e. the CA terminal in the prior art) in the prior art is as shown in FIG. 1. A set-top box 100 comprises a tuner 101 and a System on Chip (SoC) 107. To implement CA functions, the set-top box 100 is provided with an external smart card slot in which a smart card 108 is inserted. The SoC 107, which serves as a digital television terminal main chip, internally comprises a demultiplexer 102, a descrambler 103, a decoder 104, a CPU (Central Processing Unit) 105 and an AV (Audio/Video) output port 106, wherein the tuner 101 receives scrambled stream media and transmits the scrambled stream media to the SoC 107, the SoC 107 descrambles the stream media using the demultiplexer 102 and the descrambler 103, then transmits the descrambled stream media to the decoder 104 to obtain audio/video information, and outputs the audio/video information to a digital television through the AV output port 106; and while decoding, temporary data is stored in an external memory 109. It is required in descrambling of the stream media that, the CPU 105 acquires the EMM and the ECM from the demultiplexer 102 and transmits the EMM and the ECM to the off-chip smart card 108, the smart card 108 acquires the CW from the EMM and the ECM according to a decryption algorithm and then transmits the CW back to the CPU 105, and the CPU 105 writes the CW into the descrambler 103.
The components inside the SoC 107 (the demultiplexer 102, the descrambler 103 and the CPU 105) are connected with the external smart card 108 in an opening way, so such a connection way is liable to become a vulnerability for hacker attack, which mainly includes sharing of the control word (CW) and copying attack on the smart card, etc. In order to prevent copying attack on the CW, the CW in the CAS is updated on a regular basis (updated once every few seconds at most). However, in the case that the set-top box has bidirectional data interfaces (Ethernet, USB, etc.) and bidirectional applications (e.g. Internet access), a hacker is able to acquire the CW and transmit the CW to Internet or other public communication or broadcasting networks through the bidirectional interfaces quite easily, and the CW is then transmitted to piratical set-top boxes to realize the so-called CW network sharing and thus crack the CAS. For a storage application, the CW is stored together with audio/video streams and does not change any more, so there is no longer a protective meaning for the contents stored. In addition, the encryption/decryption algorithm of the smart card is also a target of hacker attack and piracy. The traditional CAS performs demultiplexing and CA descrambling in the SoC 107 and occupies the CPU 105 and a large space of the external memory 109, therefore, use of a simple and low-cost SoC is infeasible, which accordingly increases the cost of the set-top box. On the other hand, for a high-end SoC having bidirectional interfaces and the function of Internet access, the risk of CW sharing or CA cracking by a high-speed CPU arises, so the traditional CA architecture is also unsuitable for the increasingly-powerful SoC chips, hindering the development of SoC and digital television services.
To prevent hacker attack and improve the security of the CAS, it is widely adopted in the CA technology-providing companies (CA companies) that a powerful and complex barrier for system transplantation and authentication is set up, and these CA companies scrutinize the software codes and hardware design of the SoC 107 of the set-top box company to prevent vulnerabilities and backdoors from outside. But this will raise the transplantation cost of a set-top box greatly. Since more external content interaction services are added in new bidirectional, storage and USB external applications, there's a risk of copying or cracking programs from these corresponding external applications, thus degrading the security of the CAS dramatically.