There are methods for enciphering control words in which:                in response to the absence, in any one of the terminals, of one or more control words CWc to descramble one or more cryptoperiods of a multimedia content, this terminal transmits, to a control word server, a request containing the cryptogram or cryptograms of one or more absent control words and, in response        the control-word server transmits the absent control word or words to this terminal.        
The term “multimedia content” designates an audio and/or visual content to be rendered in a form directly perceptible and comprehensible to a human being. Typically, a multimedia content corresponds to a succession of images forming a film, a television show or advertising material. A multimedia content can also be an interactive content such as a game.
There are known ways of broadcasting several multimedia contents at the same time. To this end, each item of multimedia content is broadcast on its own channel. The channel used to transmit a multimedia content is also known as a “station”. A channel typically corresponds to a television station. This enables a user to choose simply the multimedia content that he wishes to view by changing channels.
To secure and subject the viewing of multimedia contents to certain conditions, such as the payment of a subscription for example, the multimedia contents are broadcast in scrambled form and not in plain or unencrypted form. More specifically, each multimedia content is divided into a sequence of cryptoperiods. Throughout the duration of a cryptoperiod, the conditions of access to the scrambled multimedia content remain unchanged. In particular, throughout the duration of a cryptoperiod, the multimedia content is scrambled with the same control word. Generally, the control word varies from one cryptoperiod to another. Furthermore, the control word is generally specific to a multimedia content. Thus if, at a given instant, N multimedia contents are broadcast simultaneously on N channels, then there are N different and independent control words each used to scramble one of these multimedia contents.
Here, the terms “scramble”/“descramble” and “encrypt”/“decrypt” are considered to be synonyms.
The plain or unencrypted multimedia content corresponds to the multimedia content before it is scrambled. This content can be made directly comprehensible to a human being without recourse to descrambling operations and without dictating certain conditions on the viewing of this content.
The control words needed to descramble the multimedia contents are transmitted synchronizedly with the multimedia contents. For example, the control words needed to descramble the tth cryptoperiod are received by each terminal during the (t−1)th cryptoperiod. To this end, for example, the control words are multiplexed with the scrambled multimedia content.
To secure the transmission of the control words, these words are transmitted to the terminals in the form of cryptograms. The term “cryptogram” herein designates a piece of information that is not sufficient by itself to retrieve the control word in plain form. Thus, if the transmission of the control word is intercepted, knowledge of the control word cryptogram alone does not make it possible to retrieve the control word by which the multimedia content can be descrambled. To retrieve the plain control word, i.e. the control word used to directly descramble the multimedia content, it must be combined with a piece of secret information. For example, the cryptogram of the control word is obtained by encrypting the plain control word with a cryptographic key. In this case, the secret information and the cryptographic key are the ones used to decrypt this cryptogram. The cryptogram of the control word can also be a reference to a control word stored in a table containing a multitude of possible control words. In this case, the secret information is the table associating a plain control word with each reference.
The secret information should be kept in a secure place. To this end, it has already been proposed to store the secret information:                either in security processors such as chip cards directly connected to each of the terminals,        or more recently in control-word servers common to several terminals.        
In the latter case, the terminals are devoid of chip cards. These terminals are then called cardless terminals.
The control-word server is connected to each of the terminals by a long-distance information-transmission network such as the Internet. When a control-word server is used, the cryptograms of the control words are first of all transmitted to the different terminals and then forwarded by these terminals to the control-word server. This procedure has several advantages. In particular, the information-transmission network used to broadcast the multimedia contents and the cryptograms of the control words can be different from the one used to connect the terminals to the control-word server. For example, the network for broadcasting multimedia content and cryptograms of the control words is a one-way network with a large bandwidth, for example a satellite network. Conversely, the network connecting the terminals to the control-word server is a two-way network with a bandwidth that may be smaller.
Then, this simplifies the time synchronization between the broadcasting of the multimedia contents and the broadcasting of the cryptograms of the corresponding control words.
The control-word server has the function of decrypting the cryptograms of the control words transmitted by the terminals and then sending the decrypted control word back to each of these terminals. Thus, in a way, the control-word server plays the role of a chip card common to several terminals that are mechanically and electrically independent of one another. Terminals that are electronically independent of one another are terminals that can work autonomously and have no shared electronic part or software.
When a terminal needs a control word to descramble a multimedia content, it sends the control-word server a request containing the cryptogram of the control word. In response, the control-word server decrypts this cryptogram and then sends the decrypted control word to the terminal which can then descramble the desired multimedia content.
The multimedia contents broadcast over the different channels are temporally coordinated with one another. For example, the multimedia content broadcasting times are set so as to comply with the broadcasting times indicated in a pre-established program schedule. Each terminal on a given channel therefore receives substantially the same multimedia content at the same time. These multimedia contents are then said to be “live” or “linearized” because the user does not control their instant of transmission.
Conversely, certain multimedia contents are transmitted on demand. This is for example the case with services such as video on demand services. This is also the case when the multimedia contents are recorded locally from the terminal or remotely from the network and when the activation and running of the display are controlled by the user. A service of this kind is known for example by the acronym NPVR (Network Private Video Recorder). It may also be a service by which it is possible to go back in time or postpone the display as in the service known as NTS (Network Time Shifting). In these latter cases, the multimedia content is called a “delinearized” content because it is the user who decides the moment at which the terminal will play this content.
In general, the number of encrypted control words contained in a request is limited to one or two to increase the security of the cryptographic system. Indeed, if the number of encrypted control words contained in a request increases, then the number of plain control words stored in each terminal to descramble a same multimedia content increases. Now, the greater the number of plain control words stored in the terminals, the greater the risk that the security of the system might be compromised. For example, a large number of control words stored in each terminal facilitates attacks such as those involving the sharing of control words. In this form of attack, the plain control words obtained by a terminal that has paid a subscription to decrypt these control words are sent illicitly to the other terminals that have not paid a corresponding subscription.
Each terminal thus sends the control word server a request at each cryptoperiod or at every two cryptoperiods.
The processing of a request by the control word server takes a certain amount of time and the greater the number of requests to be treated the greater the workload of this server. The greater the workload, the greater the computing power needed for the control word server.
It is therefore desirable to be able to reduce the workload of the control word server to use servers having a more restricted computation power.