1. Field of the Invention
The present invention relates to cable and satellite networks having a Downloadable Conditional Access System (“DCAS”) architecture.
2. Background Art
Cable and satellite television providers provide content such as video and audio over a network to subscribers. The subscribers have client devices such as set-top-boxes at their user premises which are connected to the network to receive the content. The providers typically employ some sort of conditional access when delivering content to the subscribers. The conditional access protects the content by requiring criteria to be met prior to the subscribers having access to the content.
A general conditional access approach includes the following. The provider encrypts the content with an encryption key such that the encrypted content can be decrypted using a decryption key corresponding to the encryption key. The provider then transmits the encrypted content over the network to the client devices. A client device is able to decrypt the encrypted content if the client device can determine the decryption key corresponding to the encryption key.
The provider encrypts the decryption key using a session key and transmits the encrypted decryption key over the network to the client devices. In particular, the provider transmits to the client devices an Entitlement Control Message (“ECM”) which contains the encrypted decryption key. A client device can decrypt the encrypted decryption key to recover the decryption key if the client device can determine the session key.
Each client device has its own unique key and the provider is aware of the client devices and their unique keys. For each client device, the provider encrypts the session key using the unique key of the client device. The provider then transmits over the network a respective Entitlement Management Message (“EMM”) to each client device. Each EMM includes an encrypted session key as encrypted with the unique key of the associated client device. As such, each client device receives an EMM specific to that client device. For instance, a first client device receives an EMM including the encrypted session key as encrypted with the unique key of the first client device. Likewise, a second client device receives a different EMM including the encrypted session key as encrypted with the unique key of the second client device.
As such, each client device can decrypt its specific EMM (i.e., decrypt the encrypted session key which has been uniquely encrypted for the client device) by using its unique key in order to recover the session key. In turn, the client device can decrypt the ECM (i.e., decrypt the encrypted decryption key) by using the session key to recover the decryption key in order to decrypt the encrypted content.
As described, each client device has its own unique key which is known by the provider. That is, each client device is “personalized”.
A hardware process for personalizing a client device includes providing the unique key onto the client device at the time of its manufacture. Another hardware process for personalizing a client device includes providing the unique key onto a memory card (e.g., a CableCard) which is inserted into the client device. In either process, the provider learns the unique key of the client device during a registration process upon the client device connecting with the network of the provider.
The advent of a Downloadable Conditional Access System (“DCAS”) architecture in a network renders the hardware personalization processes obsolete. A DCAS enables a provider to download conditional access software to the client devices over the network. As such, the provider is able to personalize the client devices. For instance, the provider can assign a unique key to a client device during a registration process upon the client device connecting with the network.
A network having a DCAS includes personalization servers for assigning unique keys to the client devices. Each personalization server is given an encrypted unit key list (“UKL”) which contains the unique keys. Conventionally, the same encrypted UKL along with the UKL decryption key is given to the personalization servers. After decrypting the encrypted UKL, the personalization servers assign unique keys from the UKL to the respective client devices.
A problem is that a unique key is to be assigned to only one client device in order for the network to operate properly. That is, two client devices are not to be associated with the same unique key. As there are many personalization servers in the network to serve exponentially many more client devices, there can be instances where two personalization servers assign the same unique key to two client devices. Another problem is that an unauthorized user may gain access to the entire UKL by breaching a personalization server. Havoc on the network can be created in proportion to the amount of the UKL accessed.