The present invention relates to a conditional access system.
A conditional access system allows a service provider to supply services only to those users who have acquired entitlements to these services. Such is the case, for example, for pay television systems.
As is known to those skilled in the art, the service supplied by a service provider consists of an item scrambled by control words. The scrambled item can only be descrambled, and hence read by the user, at the level of the entitlements allocated to this user. The scrambled item will hereafter be denoted IE(ECG), where ECG represents the unscrambled item (the abbreviation ECG standing for "Electronically Coded Good").
In order to descramble the item, the service provider supplies each user with the control words which served for scrambling the item. To keep the control words secret, they are supplied after having been enciphered with an algorithm with key K. The various enciphered control words are forwarded to the various users in messages commonly denoted ECM (the abbreviation ECM standing for "Entitlement Control Messages").
In order to grant access to his service only to authorized users alone, the service provider supplies a smartcard and a decoder to each of the users.
The smartcard makes it possible, on the one hand, to validate and record the entitlements which the user has to the service delivered and, on the other hand, to decipher, with the aid of the key K, the enciphered control words. For this purpose, the smartcard therefore contains the key K of the algorithm which allowed encipherment of the control words.
The decoder, for its part, makes it possible to descramble the scrambled item on the basis of the item consisting of the deciphered control words emanating from the smartcard.
The entitlements of each user are forwarded in messages commonly denoted EMM (the abbreviation EMM standing for "Entitlement Management Messages").
According to the known art, the EMM dedicated to a user contains three main items:
a first item giving the address of the user's card; PA1 a second item giving the description of the user's entitlements; PA1 a third item making it possible to validate the EMM and to verify that the user's entitlements contained in the EMM are indeed the entitlements reserved for the user. PA1 a circuit 12 for validating the user's entitlements; PA1 a circuit 13 for storing the user's validated entitlements; PA1 a circuit 14 for controlling the access; PA1 a circuit 15 for validating the ECMs; PA1 a circuit 27 for deciphering the enciphered control words.
When a user's decoder recognizes the address of the card associated with him from among the various addresses dispensed by the service provider, the EMM corresponding to the recognized address is analysed. The analysis of the EMM is performed with the aid of an analysis algorithm which depends on the key K for enciphering the control words.
The key K of the algorithm for enciphering the control words is contained in each user card. It follows that piracy in relation to a single card may lead to the ascertaining of the key K. Illicit user entitlements may then be created and recorded on all the other cards supplied by the service provider and containing the same key K. It is also possible to copy over onto these other cards the user entitlements contained in the pirated card. The service supplied by the provider is then no longer protected.
In order to alleviate these drawbacks, it is known for the service provider to modify, at regular time intervals, the key of the algorithm for enciphering the control words. The service provider must then supply each user with a new card containing a new key K.
This represents a drawback, especially in terms of costs, since the number of user cards is often very high. This number may in fact frequently reach several hundred thousand, or even several million.
FIG. 1a represents a first EMM format according to the prior art.
The EMM represented in FIG. 1a is composed of a body C1a containing the three main items mentioned earlier, and of a header 4, the content of which (H1) gives, among other things, the type and size of the items contained in the body C1a.
The body C1a consists of a first item 1 containing the address (AD) of the user's card, of a second item 2 containing a description of the user's entitlements, and of a third item 3 containing a cue HASH.sub.K. The cue HASH.sub.K depends on the key K and makes it possible to perform the analysis of the EMM mentioned earlier.
FIG. 1b represents a second EMM format according to the prior art.
The EMM consists of a header 4 and of a body C1b.
The body C1b consists of the items 5 and 6 containing respectively the address AD of the user card and the description of the user's entitlements enciphered with the algorithm with key K and relating to the address AD (E(user's entitlements).sub.K,AD). According to this EMM format, the validation and verification of the entitlements contained in the EMM are performed by the operation of deciphering the enciphered entitlements.
FIG. 2 represents the format of an ECM according to the prior art.
The ECM consists of a body C2 and of a header 7, the content (H2) of which gives, among other things, the type and size of the items contained in the body C2.
The body C2 comprises, among other things, a first item 8 containing the set of access conditions associated with the service supplied by the service provider, a second item 9 containing a control word Cwi enciphered with the algorithm with key K (E(Cwi).sub.K) and a third item 10 containing a cue HASH.sub.K depending on the key K and making it possible to validate and verify the content of the access conditions. The control word Cwi represents the current control word, that is to say the control word making it possible to descramble that part of the program which is currently being read.
As is known to those skilled in the art, generally the ECM which contains Cwi also contains a second control word. This second control word is the control word of the next descrambling period, that is to say the current control word of the ECM which has to follow the ECM which contains Cwi as current control word. This second control word has not been represented in FIG. 2 so as not to fruitlessly encumber the drawing.
As is known to those skilled in the art, the ECMs are forwarded by the service provider together with the scrambled item IE(ECG).
The ECM format described in FIG. 2 is merely one example of an ECM format. In particular, the order of the various blocks (7, 8, 9, 10) making up the ECM described in FIG. 2 can be modified.
FIG. 3 represents the schematic of a user card according to the prior art.
The user card 11 contains five main circuits:
Regardless of the format of the EMM (cf. FIGS. 1a and 1b), the validation circuit 12 makes it possible to perform on the EMMs the operations mentioned earlier of user address recognition and analysis of the user's entitlements. For this purpose, the validation circuit 12 contains the key K of the encipherment algorithm. If the EMM is validated, the user's entitlements contained in the EMM are stored in the circuit 13 for storing the validated entitlements.
The circuit 15 for validating the ECMs makes it possible to perform on the access conditions 8 contained in the ECMs, operations identical to those performed by the validation circuit 12 on the user's entitlements. The validation circuit 15 contains the key K.
The deciphering circuit 27 makes it possible to decipher the control words. For this purpose, the deciphering circuit 27 also contains the key K of the algorithm for enciphering the control words.
The access control circuit 14 compares the validated access conditions with the validated entitlements of the user. If the validated access conditions correspond to the validated entitlements of the user, a signal S, emanating from the access control circuit 14 and applied to the deciphering circuit 27, authorizes the deciphering of the enciphered control words E(Cwi).sub.K originating from the validation circuit 15. In the contrary case, the signal S does not authorize deciphering.
On completion of the various steps of the deciphering procedure, the deciphered control words Cwi are generated by the deciphering circuit 27 in such a way as to allow the descrambling of the scrambled item IE (ECG).
As mentioned earlier, piracy in relation to a single user card, thereby allowing access to the key K, leads to destruction of the protection of the set of services supplied by the provider.