This invention concerns the domain of security for security modules, these modules being intended to contain personal and secret data allowing access to services or benefits.
This invention applies more precisely to the Pay-TV domain, in which a content is transmitted in an encrypted form, the decryption of these content being authorized under determined conditions.
It is well known that in order to watch a Pay-TV event, such as a film, a sports event or a game in particular, several streams are diffused to a multimedia unit, for example to a decoder. These streams are in particular, on one hand the file of the event as an encrypted data stream and on the other hand, a stream of control messages allowing the decryption of the data stream. The content of the data stream is encrypted by “control words” (cw), which are regularly renewed. The second stream is called ECM stream (Entitlement Control Message) and can be formed in two different ways. According to a first way, the control words are encrypted by a key, called transmission key TK that generally pertains to the transmission system between the management center and a security module associated with the receiver/decoder. The control word is obtained by decrypting the entitlement control messages by means of the transmission key TK.
According to a second way, the ECM stream does not directly contain the encrypted control words, but contains data allowing the determination of the control words. Said determination of the control words can be carried out through different operations, in particular by decryption, this decryption being able to lead directly to the control word, which corresponds to the first way described above. But the decryption can also lead to data that contains the control word, said control word still having to be extracted from the data. In particular, the data can contain the control word as well as a value associated to the content to be diffused, and in particular the access conditions to these content. Another operation allowing the determination of the control word can for example use a one-way hash function of this piece of information in particular.
The security operations are generally carried out in a security module associated to the multimedia unit or to the decoder. This type of security module can be produced in particular according to four different forms. One of these consists in a microprocessor card, a smart card, or more generally an electronic module (taking the form of a key, of a badge, . . . ). This type of module is generally removable and connectable to the decoder. The most used form is the one with electric contacts, but does not exclude a connection without contact, for example of the ISO 14443 type.
A second known form consists in an integrated circuit chip, generally placed in the decoder shell in a definitive and irremovable way. An alternative is made up of a circuit wired on a base or connector such as a SIM module connector.
In a third form, the security module is integrated into an integrated circuit chip that also has another function, for example in a descrambling module of the decoder or the microprocessor of the decoder.
In a fourth embodiment, the security module is not realised as a hardware, but rather its function is implemented only as software. Given that in the four cases the function is identical although the security level differs, it will be talked of security module regardless of the way in which its function is realized or the form that can be taken by this module.
At the time of the decryption of a entitlement control message (ECM), it is verified if the right to access to the content in question is present in the security module. This right can be managed by authorization messages (EMM=Entitlement Management Message), which load this right into the security module.
The diffusion of conditional access digital data is schematically divided into three modules. The first module handles the encryption of the digital data by the control words cw and the diffusion of this data.
The second module prepares the control messages ECM containing the control words cw, as well as the access conditions and diffuses them for the users.
The third module prepares and transmits the authorization messages EMM that handle the definition of the reception rights in the security modules connected to the receivers.
While the first two units are generally independent from the addressees, the third module manages the set of users and diffuses data for one user, for a group of users or for all the users.
One of the methods used to bypass security, that is laborious but workable, consists in analysing the content of an authorized security module (reverse engineering) in order to imitate the security part (decryption of the messages) and at the same time bridge the verification part of the rights. It is thus possible to produce a “clone” of a real security module. This clone will thus have the transmission key that will allow it to decrypt the control words cw contained in the control messages ECM. Since the rights are not verified in this clone, it will operate as the original as far as the decryption means are concerned, but without needing to have the rights to carry out this decryption.
In a Pay-TV system, it is possible to change the transmission key. In principle, two methods can be used for this. The first consists in diffusing the new destination transmission key to all the decoders. Said decoders can then be updated so that when the new key is used, they can decrypt the events. This type of updating does not allow the exclusion of a cloned decoder because it can also receive the updating messages since it has corresponding decryption keys.
Since each security module includes at least one single key, the second approach consists in transmitting the new transmission key in an encrypted message using this single key. In this case, the number of messages is at least equal to the number of installed security modules in order to renew individually this transmission key. It is known that if a module is released (that is to say if the host apparatus is not supplied), it will not receive this message and could not offer any further services to the user, to which he or she would have by legitimate right. To compensate for this, when a message is sent to a module, this message is repeated several times to be sure that the addressee has received it.
Given the available bandwidth and to ensure that each subscriber has received the new key, it is necessary to transmit the message well before the use of this new key, for example one month in advance.
Therefore, the possessor of a clone module will inform the technician that has supplied him with this clone and has means to extract the new transmission key from an authentic module. When the key is available, for example on the Internet, all the clones can then be updated before the activation of the new key. In this way, the clones are always operational.
As a result, the sending of transmission keys by global transmission as well as by individual transmission has drawbacks and does not allow the elimination of a cloned module.