The present invention relates to a conditional access system.
A conditional access system allows a service provider to supply his services solely to users having acquired entitlements to these services. Such is the case, for example, in pay television systems.
As is known to a person skilled in the art, the service supplied by a service provider consists of an item scrambled by control words. The scrambled item can be descrambled, and therefore read by the user, only with regard to the entitlements allocated to this user. The scrambled item will subsequently be denoted IE(ECG), where ECG represents the unscrambled item.
To descramble the item, the service provider supplies each user with the control words which served for scrambling the item. To keep the control words secret, they are supplied after having been encrypted with an algorithm with key K. The various encrypted control words are sent to the various users in messages which, for convenience, will be denoted MEC in the subsequent description.
So as to accord access to its service solely to authorized users, the service provider supplies a smart card and a decoder to each of the users.
The smart card makes it possible, on the one hand, to validate and record the entitlements which the user has to the service delivered and, on the other hand, to decrypt the encrypted control words. For this purpose, the smart card contains the key K of the algorithm which allowed the encryption of the control words.
The decoder, for its part, makes it possible to descramble the scrambled item on the basis of the item consisting of the encrypted control words from the smart card.
The entitlements of each user are sent in messages which, for convenience, will be denoted MD in the subsequent description.
According to the prior art, a message MD dedicated to a user contains three main items:
a first item giving the address of the user's card, PA1 a second item giving the description of the user's entitlements; PA1 a third item making it possible to validate the message MD and verify that the user's entitlements contained in the message MD are indeed the entitlements reserved for the user. PA1 the header gives, among other things, the type and size of the items contained in the body of the message MEC; PA1 the body consists, among other things, of an item containing the set of conditions of access to the service supplied by the provider, of an item containing a control word encrypted with the algorithm with key K and of an item containing a datum depending on the key K and making it possible to validate and verify the content of the message MEC and, more particularly, access conditions contained in the message MEC. PA1 a circuit 8 for validating the user's entitlements; PA1 a circuit 9 for storing the validated entitlements of the user; PA1 a circuit 10 for access control; PA1 a circuit 11 for validating the messages MEC; PA1 a circuit 12 for decrypting the encrypted control words.
As mentioned previously, the encrypted control words are sent to the users by way of the messages MEC.
According to the prior art, a message MEC consists of a header and a body:
When the decoder of a user recognizes the address of the card associated therewith among the various addresses distributed by the service provider, the message MD corresponding to the recognized address is analysed. The analysis of the message MD is performed with the aid of an analysis algorithm controlled by the encryption key of the control words.
Conditional access systems are mainly of two types.
A first system is commonly called an on-line system. In a conditional access system of the "on-line" type, the scrambled item IE (ECG) is an item consisting of a signal distributed simultaneously to the various customers of the service provider from a single source. This distribution can be performed, for example, over the airways or else by cable. As is known to a person skilled in the art, in such a conditional access system, the messages MEC are sent by the service provider with the scrambled item IE (ECG).
A second conditional access system is commonly called an off-line system. In a conditional access system of "off-line" type, the scrambled item IE (ECG) and the messages MEC are contained on off-line information media such as, for example, compact discs, digital video discs, or else digital optical discs.
The invention will be more particularly described in the case of off-line systems. However, as will emerge later, the invention relates to any type of access control system, be this system either of off-line or on-line type.
As mentioned previously, the key of the encryption algorithm for the control words is contained in each user card. It follows that the pirating of a single card may lead to the knowledge of the key K. The service supplied by the provider is then no longer protected.
The service provider must then supply each user with a new card containing a new key K. Now, in the case of off-line systems, the off-line information medium constituted by, for example, the compact disc, the digital video disc or else the digital optical disc, has a fixed content which it is not possible to modify. To ensure the continuity of the service he has to supply, the service provider is then compelled, not only to market new off-line information media compatible with the new encryption key, but also completely to renew the existing pool of off-line information media which he distributed before the change of encryption key of the control words.
This represents a drawback, especially in terms of costs, since the number of off-line information media may frequently reach several hundred thousand, or even several million.
FIG. 1 represents a format of a message MEC according to the prior art.
The message MEC consists of a body C1 and a header 6, the content (H1) of which gives, among other things, the type and size of the items contained in the body C1.
The body C1 comprises, among other things, a first item 1, the content (ID) of which makes it possible to identify the service provider, a second item 2 containing the set of access conditions associated with the service supplied by the provider, a third item 3, the content (I(K)) of which gives the index of the key K of the encryption algorithm for the control words, a fourth item 4 containing a control word Cwi encrypted with the algorithm with key K (E(Cwi)K) and a fifth item 5 containing a datum HASH.sub.K making it possible to validate and verify the content of the message MEC and, more particularly, access conditions contained in the message MEC. The datum HASH.sub.K is controlled by the key K for encryption of the control words.
In FIG. 1, the control word Cwi represents the current control word, that is to say that making it possible to descramble the part of the program being read. As is known to a person skilled in the art, the message MEC which contains Cwi generally also contains a second control word. This second control word is the control word for the next descrambling period, that is to say the current control word of the message MEC which is to follow the message MEC which contains Cwi as current control word. It is so as not to needlessly encumber the drawing that this second control word has not been represented in FIG. 1.
As is known to a person skilled in the art, the format of the message MEC described in FIG. 1 is merely an MEC message format example. In particular, the order defining the succession of the various blocks 1, 2, 3, 4, 5 making up the message MEC can be modified.
FIG. 2 represents the schematic of a user card according to the prior art.
The user card 7 contains five main circuits:
The validation circuit 8 makes it possible to perform on the messages MD the operations of user address recognition and user entitlements analysis. For this purpose, the validation circuit 8 contains the key K of the encryption algorithm. If the message MD is validated, the user's entitlements contained in the message MD are stored in the validated entitlements storage circuit 9.
The circuit 11 for validating the messages MEC makes it possible to perform on the access conditions 2 contained in the messages MEC operations identical to those performed by the validation circuit 8 on the user's entitlements contained in the messages MD. The validation circuit 11 contains the key K.
The decryption circuit 12 makes it possible to decrypt the control words. For this purpose, the decryption circuit 12 also contains the key K of the encryption algorithm for the control words.
The access control circuit 10 compares the validated access conditions with the validated entitlements of the user. If the validated access conditions correspond to the validated entitlements of the user, a signal S, emanating from the access control circuit 10 and applied to the decryption circuit 12, authorizes decryption of the control words. In the contrary case, the signal S does not authorize decryption.
At the completion of the various steps of the decryption procedure, the decrypted control words Cwi are generated by the decryption circuit 12 so as to allow the descrambling of the scrambled item IE (ECG).