Pay-per-view (PPV) is a technology that allows cable and satellite television subscribers to access movies and special one-time-only events by paying a pre-announced fee for the special programming. Most cable system operators now offer two or more PPV channels to their customers.
A typical existing network architecture is shown in FIG. 1. The PPV signal 102 is scrambled until the cable subscriber chooses to view the programming, at which time the subscriber contacts the provider 104 either by phone modem 106 in a set-top box 110 or by interactive hand-held remote control to order the movie or event. Following the order, a computer 120 at billing subscriber management call center activates a video decoder/decryption system at the location of the subscriber that descrambles the ordered PPV program signal for the program's duration. A smart card reader 122 may also facilitate decryption based on smartcard content 124. For example, the smart card may act as a cache memory for particular PPV transactions. In any case, the PPV purchases are totaled by the computer 120 and added to the cable subscriber's monthly bill.
The history of PPV dates back to the mid 1970s, when Coaxial Communication began providing a service called Telecinema that offered movies priced at $2.50 per title. In the mid 1980s satellite distributed national PPV services began to appear. By the mid 1990s, more than one-third of all cable households in the U.S. took advantage of addressable PPV programming.
Movies occupy most PPV network schedules. Movies that performed well at the box office are released first to home video following their initial theatrical run. Only after videocassette versions of the movies have been available for rental or purchase for a period (called a “window”) ranging from 30 to 90 days are they then available for PPV. The PPV event category may be subdivided primarily into sports and concerts. Sports, particularly professional boxing and wrestling, occupies the largest share of the category, followed by professional baseball, football, basketball and hockey and college football. The next step in the PPV evolution will be video-on-demand (VOD), a technology that allows addressable subscribers to order PPV movies at start times determined by the subscribers rather than the providers. An array of movie titles will be digitally stored in a file server located at the cable system head-end and distributed to subscribers as ordered. The movies will be converted from digital back to analog at the subscriber's household for viewing on analog-based television receivers. VOD testing in several U.S. cities began in 1994.
Techniques for protecting such information against unauthorized access are becoming increasingly important as more and more communications systems are employing digital transmission techniques. The subscription television industry, for example, is beginning to move toward all digital transmission systems or hybrid systems that employ both digital and analog transmission. Preventing unauthorized access to digital television signals is a major concern in the subscription television industry.
Digital Rights Management (DRM) is an emerging and vital business concept driven by the need for secure electronic distribution of high-value digital content. In its purest form, DRM provides a technology platform to allow trusted packaging, flexible distribution and managed consumption of digital content over wide-area networks, including those which employ Internet Protocol (IP). It is the goal of DRM to provide content owners, service providers, distributors and retailers with a safe, secure method for meeting the consumer's need for interactive, on-demand access to movies, online games, books, music and critical/proprietary software data and other, emerging types of digital media.
At the present time, cryptography is used to prevent unauthorized access to subscription video programming. A typical system includes a data encryptor and decryptor on either end of a transmission medium. Existing data encryptors generally employ a pseudorandom bit generator and a data combiner. The pseudorandom bit generator receives a unique encryption key as a “seed” value, then generates a pseudorandom binary sequence commonly referred to as a “key stream.” A combiner is used to combine or mix the information stream with the key stream, typically on a bit-by-bit basis. The encrypted data stream may then be transmitted via any suitable transmission medium, such as satellite or cable.
A decryptor recovers the data stream from the encrypted data stream. Using private key cryptographic schemes, the decryptor must be provided with the same encryption key that was used to encrypt the data in the first place, and the pseudorandom bit generator must be identical to pseudorandom bit generator at the “head end.” The reproduced key stream and the encrypted data stream are then provided to respective inputs of the de-combiner that operates in a reciprocal or complimentary manner so that the encryption process is effectively reversed. The decoded information stream is then output from the decombiner.
In systems of the type just described, security depends, on maintaining the secrecy of the encryption key. As such, one way to enhance security in a private key encryption system is to periodically change the encryption key. Security also depends on the “randomness” of the key stream generated by the pseudorandom bit generators. Generally speaking, greater randomness can be achieved with an algorithm that uses large encryption keys (i.e., more bits) rather than shorter keys. In addition, because the reception site is remote from the transmission site, a secure means must be employed for providing the reception site with the correct encryption key. Typically the encryption key itself may be encrypted and then transmitted to the reception site. Once the key is received at the reception site, it must be stored in a secure memory device at the reception site. Alternatively, the key may be pre-stored in the secure memory.
The number of systems proposed, and in-use, to prevent unauthorized access to subscription programming are too numerous to describe in detail herein. Some systems employ local key generation, but existing schemes are not used for enhanced digital rights management in general, which could include policies, rights and/or rules. For example, U.S. Pat. No. 5,341,425 uses local key generation to reduce the amount of memory needed at a reception site to store encryption keys under the belief that secure memory is expensive and limited in capacity. Given that modern subscription television systems often involve several providers, each transmitting data to one or more reception sites, each provider will typically will want to employ its own unique encryption keys to encrypt data at its respective transmission site. When the system contains a large number of transmission sites, providing each transmission site with a unique encryption key may become prohibitive. Since it is desirable to employ large encryption keys to increase cryptographic integrity, a problem arises because each of the unique encryption keys must be stored in a secure memory at a reception site so that a decryptor at the reception site is able to decrypt data received from any one of the transmission sites.
In accordance with the '425 patent, a set of data is uniquely encrypted at each of a plurality N of transmission sites for transmission to and subsequent decryption at least one reception site. Each of the N transmission sites is provided with a broadcast key unique to that transmission site and a system key that is the same for all transmission sites. The system key comprises a plurality S of bits and each of the N broadcast keys comprises a unique plurality B of bits, wherein B is less than S. At each transmission site, the system key and the broadcast key unique to that transmission site are convolved in a predetermined manner to generate a unique data encryption key for that transmission site. The unique encryption key generated at each transmission site comprises a third number E of bits, E being at least greater than B. Preferably, E is greater than or equal to S. At each transmission site, a set of data is then encrypted with the unique data encryption key generated at that site. The sets of data uniquely encrypted at each transmission site are then transmitted to the reception site. There is stored, in a memory at the reception site, the system key and each of the broadcast keys to enable a selected one of the encrypted sets of data to be decrypted at the reception site. The memory capacity necessary to store the system key and the broadcast keys at the reception site is no greater than ((N.times.B)+S) bits.
At the reception site, the encrypted set of data transmitted from a selected one of the transmission sites is received. The system key and the broadcast key unique to the selected transmission site are retrieved from the memory at the reception site. Convolving means are provided at the reception site for convolving the retrieved system key and retrieved broadcast key, in the same predetermined manner as was performed at the selected transmission site, in order to reproduce the unique data encryption key employed at the selected transmission site to encrypt the received set of data. The received encrypted set of data may then be decrypted with the reproduced encryption key. Cryptographic strength may be enhanced by periodically changing the system key and or unique broadcast keys provided to each transmission site and stored in the memory at the reception site. The reception site in a subscription television system may be either a cable head-end installation or a subscriber location, such as a cable subscriber or a direct broadcast satellite subscriber.