The invention relates to a conditional access system comprising:
a descrambler for converting scrambled information into descrambled information in dependence upon control words; and
a security device for managing a supply of the control words to the descrambler.
Such a system may be used, for example, in television broadcasts to make certain television channels, or programs only, accessible to those viewers who pay for these services, i.e. to realize pay-TV. The invention may also be used in many multimedia applications.
The article "Encipherment and Conditional Access" by L. C. Guillou and J.-L. Giachetti, published in the SMPTE Journal of June 1994, describes various conditional access systems of the type described above for use in television broadcasts. In the known system, a video signal is transmitted in a scrambled form to a receiver. The receiver comprises a descrambler, which descrambles the transmission signal, in order to retrieve the original video. Both scrambling and descrambling are effected under the control of a control word. Together with the scrambling algorithm used the control word, determines the relation between the scrambled and the original video. Thus, the scrambled video can only be transformed back into the original video signal if the proper control word is available. Access to the original video at a receiving end is therefore limited to access to the control word.
To enhance the robustness of a conditional access system, the following measures are taken. First, the control word is changed regularly. Secondly, the control word is transmitted in an encrypted form to the receiving end. Accordingly, the receiving end comprises a decrypter to retrieve the original control word. Thirdly, the decrypter is implemented in such a way that it requires a key, as input data, so as to effect decryption. Together with the key, the decryption algorithm, in according with which the decrypter operates, determines the relation between the original control word and the encrypted control word.
FIGS. 2 to 5 of the SMPTE article show examples of conditional access systems which employ the three aforementioned measures. In FIG. 2 of the SMPTE article, the encrypted control word, referred to as Management Message, is sent monthly to a receiving end by mail. The key, which is used to decrypt the received encrypted control word, is a distribution key. The distribution key varies from one receiving end to another. Thus, in the FIG. 2 system, both the encrypted control word and the key for decrypting the encrypted control word are personalized.
In the systems shown in FIGS. 3, 4 and 5 of the SMPTE article, encrypted control words and keys for decrypting the control words are not personalized. For example, together with the scrambled video, the encrypted control words may be transmitted in the form of an entitlement control message (ECM). This means that various receiving ends receive the same entitlement control messages ECM comprising the same encrypted control word. Accordingly, various receiving ends use the same key for retrieving the original control word. The common key for decrypting the entitlement control messages ECMs is referred to as authorization key AK. The authorization key AK and the decryption algorithm represent the entitlement at the receiving end.
The authorization key AK is sent in an encrypted form as an entitlement management message (EMM) to the various receiving ends. At a receiving end, a distribution key is used for decrypting the entitlement management message EMM. Distribution keys are typically diversified, that is, they vary from one receiving end to another, or from one group of receiving ends to another group of receiving ends. Consequently, the entitlement management message EMM can be personalized. Additionally, the authenticity of the entitlement management message EMM is to be checked at the receiving end, so as to recognize the voice of the "master". The "master" will be further referred to as service provider, for example, the broadcaster of the scrambled video.
In the FIG. 3, 4 and 5 systems of the SMPTE article, control words generally have a large number of bits (typically 60 bits) and a short life span (typically 10 sec). This means that every 10 sec a new encrypted control word, in the form of an entitlement control message ECM, is transmitted to the receiving ends. For security reasons, the authorization key AK is also modified from time to time. The authorization key AK is updated by entitlement management messages EMM which convey encrypted authorization keys AK.
In the systems described in the cited SMPTE article, each receiving end comprises a security device. The security device performs operations which relate to the entitlement of a receiving end, i.e. it executes pay TV operator commands. The operations include decryption of encrypted control words and, if appropriate, decryption of entitlement management messages EMM. The security device may also perform other operations concerning conditions which limit the right of access. Such conditions are, for example, a subscription period, a pre-booked program, a credit for impulse accesses, etc.
The security device may be implemented in various ways. Generally, the security device will comprise a micro-computer. The security device may be fixed to the descrambler, and even integrated with the descrambler, to form one unit. Alternatively, the security device may be a smart card, which is detachable from a receiving unit comprising the descrambler. The latter option is sufficiently secure, when the control word has enough bits and a sufficiently short life. In any implementation, the security device should be tamper-resistant, either physically or electronically, for reasons of security.