In a system for providing protected multimedia-content, a network head-end handles the protection of the multimedia content and its transmission to a set of terminals. A terminal furnished with a security processor is used by a client of the system to access content.
Accessing protected multimedia-content means loading it into memory and removing protection therefrom, on the fly, as it is received, or from a recording medium on which it has previously been recorded, with a view to playing it, recording it, or making any other use thereof offered by the system.
The content provided includes audiovisual content, for example television programs, audio content only, for example a radio program, or more generally any digital content containing video and/or audio such as a computing application, a game, a slideshow, an image or any data set.
Among these types of content, temporal content will be considered more particularly hereinafter. Temporal multimedia content is a multimedia content, the playing of which is a succession, over time, of sounds, in the case of audio temporal content, or of images, in the case of video temporal content, or of sounds and of images temporally synchronized with one another in the case of audiovisual temporal multimedia content. Temporal multimedia content can also comprise interactive temporal components synchronized with the sounds or the images.
In order to be provided, such content is coded or compressed in such a way that its transmission requires less bandwidth. For this purpose, the video component of the content is coded according to a video format, such as MPEG-2.
Such a coding scheme calls upon general methods of data compression. For still images, it utilizes in particular the spatial redundancy internal to an image, the correlation between the neighboring points and the lesser sensitivity of the eye to details. For moving images, it utilizes the high temporal redundancy between successive images. The utilization of said temporal redundancy makes it possible to code certain images of the content, here termed deduced images, with reference to others, here termed source images, for example by prediction or interpolation, so that their decoding is possible only after that of said source images. Other images, here termed initial images, are coded without reference to such source images, that is to say that they each contain, when they are coded, all of the information required for their decoding and therefore that they can be completely decoded independently of the other images. The initial images are thus the obligatory entry point when accessing the content. The resulting coded content does not therefore comprise the data required for decoding each of the images independently of the others, but consists of “sequences” according to the MPEG-2 terminology. A sequence carries out the compression of at least one “group of images” (or GOP, for Group Of Pictures, in MPEG-2). A group of images is a series of consecutive images wherein each image is, either initial and source for at least one deduced image contained in the same series of consecutive images, or deduced and such that each of the source images required for its decoding belongs to the same series of consecutive images, and not containing any smaller series of consecutive images and possessing these same properties. The group of images is thus the smallest content part that can be accessed without having to decode another part of this content beforehand. A sequence is delimited by a “header” and an “end,” each identified by a first specific code. The header comprises parameters that characterize expected properties of the decoded images, such in particular as horizontal and vertical sizes, ratio, and frequency. The standard recommends that the header be repeated between the groups of images of the sequence, in such a way that its successive occurrences are spaced about a few seconds apart in the coded content.
For example, a group of images more commonly comprises from 10 to 12 images, representing a duration of play of between 0.4 and 0.5 seconds in a system with 25 images per second.
Temporal multimedia content can comprise several video components. In this case, each of these components is coded as described hereinabove.
The audio component of the content is moreover coded according to an audio format such as MPEG-2 Audio.
Such a scheme for compressing an audio temporal content obeys the same principles hereinabove described for that of a video temporal content. The resulting coded content is therefore, in an analogous manner, made up of “frames.” A frame is the analog, in audio, of a group of images in video. The frame is therefore in particular the smallest audio content part that can be accessed without having to decode another part of this audio content. The frame furthermore contains all of the information useful for its decoding.
For example, a frame comprises 384 or 1152 samples each coding a sound, representing, according to the sampling frequency of the signal, a duration of play of 8 to 12, or 24 to 36 milliseconds, i.e. typically a few tens of milliseconds.
Temporal multimedia content can comprise several audio components. In this case, each of these components is coded as described hereinabove.
The coded components of the multimedia content, also referred to as elementary data trains, are thereafter multiplexed, that is to say, in particular, synchronized, and then combined into a single data train, also termed a multimedia stream, or stream.
Such content, in particular when it is the subject of rights such as copyrights or similar rights, is provided protected by a multimedia content protection system that makes it possible to ensure compliance with the content access conditions that ensue from these rights.
It is therefore typically provided split into several successive segments of content that are temporally ordered with respect to one another and individually protected by the content protection system.
By “segment” is meant a restricted part of the plaintext multimedia stream, the playing of which has a shorter duration than that of the playing of the multimedia stream in full. A segment therefore comprises a restricted part of each video or audio component of the plaintext multimedia stream, the playing of which has one and the same shorter duration than that of the playing of the multimedia stream in full. These restricted parts of components are synchronized in the stream so as to be played simultaneously. A segment therefore comprises the restricted part of the temporal series of video sequences or of groups of images, or of audio frames carrying out the coding of this restricted component part of the plaintext multimedia stream. This restricted part consists of a plurality of video sequences or of groups of images, or of successive audio frames. Successive is understood here as following one another immediately, that is to say without being separated, in the temporal progress of the content, by other video sequences or groups of images, or audio frames. Typically, a segment comprises more than ten, a hundred, a thousand or ten thousand, successive groups of video images of one and the same coded video component of the stream, or more than ten to a hundred times more successive audio frames of one and the same coded audio component of the stream.
Each segment is typically encrypted in regard to its protection. This encryption is generally carried out by means of a specific encryption key, by a symmetric algorithm. It is applied to the segment considered of the stream resulting from the multiplexing or, before multiplexing, with the restricted parts of the components of the coded content, which make up this segment. The key is termed specific since it is used solely to encrypt this segment among the whole set of segments of the multimedia content.
A segment is therefore not characterized by its structure, but by the key used to encrypt it. A segment is therefore the plurality of immediately successive video sequences and of audio frames encrypted with one and the same key.
Accessing a temporal multimedia content protected in this way signifies here more precisely, successively accessing, on the fly as they are received, successive segments, that is to say: loading the successive segments of the multimedia content into memory, removing the protection therefrom, decoding them, and then transmitting them to a multimedia apparatus able to play them, record them, or make any other use thereof offered by the service for providing protected multimedia-content. Access to the protected temporal multimedia content will be described hereinafter only with a view to the playing thereof. It is identical in the case of any other use offered by the service for providing protected multimedia-content.
By “plaintext” is meant the fact that the multimedia stream or the segment no longer needs to be descrambled to be played, by a multimedia apparatus, in a manner that is directly perceptible and intelligible to a human being.
By “multimedia apparatus” is meant furthermore any device able to play the plaintext multimedia stream, such as a television or a multimedia reader.
Finally, by “on the fly” is meant the fact that the segments of the multimedia content are processed as and when they are received, without waiting for the complete multimedia content, that is to say all of its segments, to be fully received.
In order to remove the protection of an encrypted segment of a protected multimedia-content, with a view to accessing this content, a terminal must decrypt this encrypted segment. To this end, it must obtain the key required for this decryption.
To allow same, the network head-end transmits the encrypted segment of protected multimedia-content, synchronized with an access control message comprising a cryptogram of the key required for the decryption of the encrypted segment. This cryptogram is typically obtained by encrypting, with a symmetric algorithm, the specific key required for the decryption of the encrypted segment.
In such a system, a terminal receives, synchronized with an encrypted segment of multimedia content, the access control message comprising the cryptogram of the decryption key required for the decryption of this segment. The key required for decryption of the cryptogram, termed the operating key, will have previously been provided to terminals that have acquired a right to play the protected multimedia-content.
The content-protection system used is typically a Conditional Access System, or CAS. The terminology in the field of conditional-access systems is thus used hereinafter in this document.
A multimedia content segment thus has a predetermined duration of play, termed the “cryptoperiod” of the system. Loosely speaking, the segment itself is sometimes referred to as a “cryptoperiod.” The specific key for encrypting a multimedia content segment is termed the “control word,” or “CW.” The key required for the decryption of the encrypted segment is equal to the control word with the aid of which the segment was encrypted. In this context, encryption and decryption of multimedia content segment are also referred to as scrambling and descrambling, respectively. The access control message comprising a cryptogram of a control word is finally a control message in respect of the access entitlements, or ECM, for Entitlement Control Message. The ECM can also comprise a confidential section of predetermined length reserved for the transmission of encrypted data.
To access the content with a view to playing it, the terminal processes the ECM received synchronized with a scrambled multimedia content segment. It transmits it firstly to a security processor with which it has been furnished. This security processor is dedicated to the implementation of security functions such as the secure storage of the keys, and the utilization of the access control messages, and in particular of the ECM. This security processor is typically a hardware component, such as a dedicated microprocessor or a chip card, also simply termed “card,” hereinafter, respectively integrated or associated via a card reader, with the terminal, or a software module of the terminal.
If, subsequent to the legitimate acquisition, by the client of the system, of the right to play the content, the security processor has duly received the operating key from the network head-end, the security processor decrypts the cryptogram of the control word using the operating key, and then returns the control word to the terminal. The descrambler of the terminal can therefore descramble the scrambled multimedia content segment to obtain it as plaintext. This allows access to the multimedia content segment, its transmission to the multimedia apparatus, and it playing by this apparatus.
In the converse case, either the security processor returns the diagnosis thereof to the terminal, which inhibits the utilization of the ECM, and does not decrypt in particular the cryptogram of the control word that it comprises, or else the security processor returns an erroneous value of the control word to the terminal, and the descrambling of the scrambled multimedia content segment is also erroneous. This prohibits access to the multimedia content segment, and the playing thereof as plaintext by the multimedia apparatus.
The legitimate acquisition, by the client of the system, of the right to play the content generally consists of subscription or session purchase that make it possible to remunerate the service for providing the protected multimedia-content as well as the beneficiaries of this content.
Services, termed pirate services, are known. These are aimed at offering access to protected multimedia-content at lower tariffs, in particular with disregard for the rights of the beneficiaries. For example, card-sharing pirate services, are known.
A card-sharing service is rendered by a card-sharing system typically comprising a card-sharing server linked by a bidirectional communication network, termed a card-sharing network, to at least one “sharing terminal” that has been furnished with a card. This sharing terminal has legitimately acquired the right to play a protected multimedia-content and received in response the operating key required to decrypt the cryptogram of the control word, in order to access this content.
The card-sharing system offers a requesting terminal, which has not legitimately acquired the right to play this content, nor received in response the operating key required to decrypt the cryptogram of a control word in order to access this content, the ability to access this content illegitimately.
To benefit from this illegitimate access, the requesting terminal must connect to the system for providing protected multimedia-content and to the card-sharing server. From the former, it receives a segment of the content, synchronized with an ECM comprising a cryptogram of a control word required in order to access this segment. To the latter, it transmits the ECM received. The card-sharing server then searches for an available sharing terminal, and transmits the ECM to it. The search for an available sharing terminal rests upon the implementation of a sharing protocol, which makes it possible to manage access and the priorities of access to the sharing terminals and shared cards in the card-sharing network as a function of the state of the network and of its loading. A sharing terminal is here termed “available” if it is itself available and if it is furnished with a likewise available card. The available sharing terminal then transmits the ECM to its available card, also termed a “shared card,” which then decrypts the cryptogram of the control word. Next, the shared card returns the decrypted control word to the available sharing terminal, which returns it to the card-sharing server, which in turn returns it to the requesting terminal. The requesting terminal is thus able to descramble the segment so as to obtain it as plaintext, and therefore to access it. It can then transmit it to a multimedia apparatus that plays it.
Diverse actions may be undertaken to combat pirate services of this type. For example, actions of deterrent communication consisting in indicating to their stakeholders the illegality of their activities and the risks that they incur by implementing them, as well as in requesting that they put an end thereto. Also possible are the implementation of technical countermeasures aimed at disrupting the operation of the service or judicial actions aimed at obtaining the conviction of stakeholders by courts. In all cases, in order to prepare such actions, it is important to be able to identify the shared cards that are associated with the sharing terminals or their owners.