Various encryption techniques are known for protected provisioning of data from a sender to a receiver, wherein the data is encrypted in the sender using an encryption key, the encrypted data is transmitted to the receiver and the encrypted data is decrypted in the receiver using a decryption key. The encrypted data may be stored before decryption. The decryption key can be provided from the sender to the receiver as well, in which case the decryption key is secret data that needs to be securely provided. If the sender is in control of which receiver is able to obtain the secret data then the secret data is conditionally provided.
E.g. in a conditional access system for pay-tv, premium content is typically scrambled in a head-end system using a control word (CW) as encryption key. The scrambled content is broadcast to conditional access receivers. To allow a receiver to descramble the scrambled content, a smartcard is to be inserted into the receiver. On the smartcard a unique key such as a chipset unique key (CSUK) is securely pre-stored. Through the receiver the smartcard receives from the head-end system an entitlement management message (EMM) comprising a chipset session key (CSSK) encrypted under the CSUK. Using the CSUK the smartcard decrypts CSSK. Through the receiver the smartcard further receives from the head-end system an entitlement control message (ECM) comprising the CW encrypted under the CSSK. Typically the CW has a shorter life time than the CSSK. Therefore the CSSK can be used to decrypt multiple CWs received in multiple ECMs over time. Using the decrypted CSSK the smartcard decrypts the CW, which can subsequently be used by the receiver to descramble the scrambled content. It is known that additional key layers may be used for decrypting the CW.
Manufacturing costs increase as the receiver is made more secure, because attackers develop new techniques over time to violate computing environments, and more sophisticated countermeasures need to be incorporated.
Especially in the pay-tv field, smartcards have been the platform of choice for providing a trusted environment to the receivers. However, though secure, smartcards are expensive both in terms of logistics—as they need to be distributed and tracked—and in terms of component costs. Moreover, as for any other hardware solution, it is difficult and costly to revoke and swap smartcards once deployed in case some flaw has been discovered. That implies that design and development of smartcard application needs to be very careful, and testing very thorough. Moreover, a smartcard does not provide sufficient CPU power to carry out bulk decryption of broadcast content. Therefore the role of the smartcard is mostly limited to relaying the obtained CW to more powerful hardware such as a descrambler in the receiver, either dedicated or general purpose. Such receiver—in turn—disadvantageously has to ensure a minimum degree of confidentiality when communicating to the smartcard, which entails some unique secret, such as a key, shared between the smartcard and the receiver.
A data stream typically comprises one or more content streams, such as e.g. an audio and/or video stream or digital TV stream. A watermark may be inserted into the content stream before encryption by the sender such that it can be detected in the analogue domain after decoding in a receiver. Alternatively the watermark may be inserted at the source of the content or by equipment at the end-user.
Watermarking belongs to the technology field of steganography that deals with hiding of an information signal in watermarked content, such that is substantially impossible to detect by human observers. The content is e.g. a data file or a data stream. The watermark information is substantially irremovable and is immune to manipulation of analog signals, such as audio and/or video signals, that are decoded from the content. Typically, watermarking is used to trace files or streams that are distributed via unauthorized distribution networks.
The information contained in the watermark generally serves to record the path from a studio to a broadcaster. Typically, no further downstream information can be included as the watermark is applied at the broadcast head-end or in the analogue copy obtained from the video content rights holder at the studio.
In a distributive environment the watermark is typically inserted in a data stream by a secure head-end system. Typically a watermark message is inserted into only a part of the content stream.
A fingerprint is a specific type of watermark that is inserted further down the broadcast chain. A fingerprint typically contains information that identifies a receiver of the data stream. Fingerprint information is used in a wide range of forensic applications.
There is a need for an improved solution for securely and conditionally obtaining a control word in a client device that furthermore enables the client device to reveal its identity.