Cable television carriers, satellite operators, or content providers have distributed media or content material to paid subscribers using set-top-boxes. The ultimate goal of security features on a set-top-box chip (“STBC”) of a set-top-box, is to prevent an unauthorized entity from receiving or distributing material originating from a content provider. Modern STBCs have employed many security features which are intended to prevent such an occurrence, most of which are based on an on-chip one time programmable memory (OTP memory). The OTP memory may be used to store keys for decrypting one or more encrypted sequences received by the set-top-box. The use of these OTP memories allows the storage of keys that are unique to a set-top-box. These keys are used for decrypting or decoding encrypted data sequences received from a cable TV operator. Because each set-top-box is associated with unique keys that are burned into an OTP memory, access to a single OTP memory of a set-top-box chip will not compromise other set-top-boxes within a network.
However, an unauthorized entity may overcome the security provided by using such one time programming memories. If an unauthorized entity obtains a large number of new un-programmed OTP memory chips, he only needs to obtain a single authorized OTP key to be able to program all OTP memory chips. Once obtained, the unauthorized entity may program all OTP memories using the authorized key, allowing him to sell the set-top boxes and earn a sizeable profit. The unauthorized entity may continue to sell such unauthorized set-top-boxes, thereby undercutting the sales revenue of the authorized content provider. Since the set-top-boxes are all programmed with the authorized key, they will all respond in the same fashion as the set-top-box containing the original authorized key.
In another instance, an original database of OTP keys may be compromised. Should an unauthorized entity hack or decipher the OTP keys in one or more STBCs, he may be able to recover original content from a content provider by deducing additional information about the encryption mechanism used by the STBC. This may be accomplished by legitimately subscribing service for one set-top-box while leaving the other unauthorized boxes unsubscribed. Since the OTP keys of all set-top-boxes are known, the unauthorized entity may implement circuitry within the unauthorized set-top-boxes to allow the decryption of one or more encrypted keys by way of knowledge obtained from operation of the authorized set-top-box. Of course, the encryption methodology may be implemented by reversing the steps used in the decryption process. As a result, the unauthorized set-top-boxes may be able to illegitimately obtain content provided by the cable television carrier, satellite operator, or content provider.
A content provider may implement a methodology in which a verification sequence must be sent from the content provider before a set-top-box is initialized allowing the content to be correctly displayed to an end-user. The content provider may update a database at its head-end, for example, related to the set-top-boxes that have been initialized and enabled for use. As a result, the use of one or more additional STBCs programmed with an identical OPT key may not be productive for a hacker since the content provider will only enable the first set-top-box using a particular OTP key. However, if an unauthorized entity legitimately subscribes to a set-top-box, he may monitor a verification sequence transmitted to his set-top-box when the set-top-box is first enabled. After obtaining the verification sequence, the unauthorized entity may use the sequence to enable his own illegitimate set-top-boxes (using the same OTP key) by using the same sequence at another time. The unauthorized entity may also use the sequence to deduce additional information about the original unencrypted sequence by decrypting the sequence using the known OTP key. As a consequence, it may be possible to authorize illegitimate set-top-boxes by issuing verification sequences to these illegitimate set-top-boxes without being activated by the head-end. The unauthorized entity acts as a head-end in this instance.
In another instance, an unauthorized entity does not monitor a verification sequence transmitted by a content provider. Instead he fabricates cloned set-top-boxes prior to the first set-top-box being enabled. The unauthorized entity schedules an initialization of all unauthorized set-top-boxes by powering up and receiving the initial verification sequence transmitted by the content provider. Hence, all unauthorized set-top-boxes may be enabled simultaneously.
Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of skill in the art, through comparison of such systems with some aspects of the present invention as set forth in the remainder of the present application with reference to the drawings.