This invention relates generally to video communication systems and more particularly concerns an interactive video information retrieval system enabling a viewer to access continually updated information resources such as program guides, sports activities, weather, financial reports and the like.
It is generally accepted that before the year 2000 there will be 150 plus cable channels to choose from. Such concepts as movies-on-demand, two-way interactive TV, interactive program guides, and enhanced "people meters" are already being tested or soon will be.
To facilitate the use of this technology, there is a need for an interactive video system that will help subscribers to navigate through their video resources. No such system is presently available.
Furthermore, while there is a need for subscriber flexibility in use of such a system, security to prevent unauthorized use of the system is also essential.
There are presently known smart card implementations which rely upon the use of an external and secure computer system to achieve data security. When the interface computer is not secure, such as when a product can be reverse engineered and the firmware modified and examined, then the security of these present methods is weak at best.
The four basic methods presently known for achieving security in known smart card systems are, therefore, inadequate to the present application. In one method, access applicating keys lock out various portions of a smart card until a valid key is presented to the card. The access keys may be presented in the clear or encrypted. In a clear key presentation, after the key is used once, then it is always known. In an encrypted key presentation, the smart card generates a random number. The decoder uses this random number, the key and the algorithm used in the decoder to generate the encrypted key data. Whether clear or encrypted, if all this information resides in the decoder firmware, then it can easily be reverse engineered.
Another security method employs random numbers. If a smart card generates a random number and sends this out, then it must receive the encrypted version of the random number using an internal key. But the only way an outside computer can generate the correct encrypted version is to have the same key and algorithm. As a result, the key and the algorithm must reside in the insecure decoder firmware.
A third security method uses authentication. Two way authentication provides good security where each side encrypts information with a known key and then the other unit must decrypt and then encrypt with another known key. This allows both sides to know that the other side has valid keys and the correct algorithm. But, for the decoder to do authentication with the smart card, all the information again resides in the insecure firmware.
One final security method exercises control of the smart card. It assumes that all the commands going to the smart card are generated and controlled by a secure computer. But in the case of the decoder of the present invention, all smart card commands can be intercepted or changed to the benefit of someone trying to defeat the system. Even something as simple as erasing a hidden key, which on some cards first requires that the key be unlocked, may open the information up to examination and changes.
It is, therefore, a primary object of this invention to provide an interactive, video display, data system affording flexibility to the subscriber in accessing a wide variety of data content and formats. In conformance with this primary object, it is further among the objects of this invention to provide an interactive, video display, data system that employs downloadable operating software at the customer's site, that enables the customer to operate the system by one of a variety of standard remote controls, that is capable of constant data base updating and that can be made available at little or no cost to the customer.
Another primary object of this invention is to provide an interactive, video display, data system that affords security to the cable company or other distributor against unauthorized access to the data base. In conformance with this primary object, it is further among the objects of this invention to provide an interactive, video display, data system which employs a smart card encryption-decryption system that has a decryption card at the customer's site which contains keys completely locked in the card, that uses a random feed key which precludes determination of a fixed key that will always work, and that is upgradable to extend and expand services available to the customer.