1. Field of the Invention
The invention relates to a method for pairing a decoder and a portable security module, the decoder and the portable security module being adapted to descramble scrambled audiovisual information.
2. Background Art
Transmission of encrypted data is well-known in the field of pay TV systems, where scrambled audiovisual information is usually broadcast by terrestrial emitters, satellite or through a cable network to a number of subscribers, each subscriber possessing a decoder or receiver/decoder capable of descrambling the scrambled audiovisual information for subsequent viewing.
In a typical system, the scrambled audiovisual information may be descrambled using a control word. In order to try to improve the security of the system, the control word is usually changed every ten seconds or so. Every 10 seconds, each subscriber receives, in an ECM (Entitlement Control Message), the control word necessary to descramble the scrambled audiovisual information so as to permit viewing of the transmission.
The control word itself is encrypted by an exploitation key and transmitted in encrypted form in the ECM. The scrambled audiovisual information and the encrypted control word are received by a decoder, which in the case of a paid-up subscriber, has access to the exploitation key stored on a portable security module, e.g., a smart card, inserted in the decoder. The encrypted control word is decrypted using the exploitation key by the smartcard. The smartcard transmits the control word to the decoder. The scrambled audiovisual information is descrambled using the decrypted control word by the decoder. The decoder is indeed powerful enough to provide a real-time descrambling of the scrambled audiovisual information.
The exploitation key is itself periodically changed, e.g. every month or so. An EMM (Entitlement Management Message) is monthly received by the decoder and is transmitted in the smartcard. The EMM contains the exploitation key in an encoded form. A group key assigned to the smartcard enables to decode the encoded exploitation key.
The group key may be assigned to the smartcard or to a group of smartcards. An EMM destined to a determined group of smartcards comprises an exploitation key encoded with the corresponding group key and a group number assigned to the determined group.
Each decoder receives monthly a plurality of EMM. For each received EMM, the decoder compares the group number of the received EMM to the group number of the group to which the smartcard inserted in the decoder belongs. If they are equal, the decoder transmits the EMM to the smartcard and the exploitation key contained in the EMM is decoded.
With such a system, the smartcard may be used with any decoder. A subscriber may for example lend his smartcard to another person. It may be necessary to introduce restrictions in the system by restricting the possibility to use the smartcard with any decoder. One way of restricting is known as pairing. Pairing means are provided to ensure that a determined smartcard corresponds to a determined decoder and will not operate with any other decoder.
Typically, a first number and a second number are downloaded both into the decoder and the smartcard at a beginning of a subscription. An authenticating test is periodically performed by the decoder and the smartcard. The decoder periodically requests and receives from the smartcard a value of a second number stored into the smartcard. The decoder checks that the received value of the second number is similar to the downloaded second number. A decision is made according to a result of the authenticating test. If the received value of the second number is different from the downloaded second number, the scrambled audiovisual information is not descrambled. Similarly, the smartcard periodically requests and receives from the decoder a value of a first number stored into the decoder. The smartcard checks that the received value of the first number is similar to the downloaded first number.
In the event that a defrauder manages to override the decision that is made according to the result of the test, e.g. the scrambled audiovisual information is descrambled even if the received value of the second number is different from the downloaded second number, the pairing is rendered inactive.
A more robust pairing method may be implemented. A determined pairing key is assigned to a determined decoding system, the decoding system comprising a decoder and a smartcard. The pairing key is downloaded into the decoder and into the smartcard at a beginning of a subscription. The decoder and the smartcard communicate with each other using the pairing key. Every 10 seconds, the smartcard encodes the decrypted control word using a smartcard pairing key stored into the smartcard. The smartcard transmits the encoded control word to the decoder. If a decoder pairing key stored into the decoder is different from the pairing key of the decoding system or if the smartcard pairing key is different from the pairing key, the decoder is not able to decode the encoded control word and the scrambled information data are not descrambled. This pairing system also enables to avoid that a person reads the control word when transmitted from the smartcard to the decoder.
However, it is relatively easy to access the decoder pairing key. Hence the pairing key of the decoding system may become pirated and the smartcard made to operate with another decoder.
A third pairing method is described in European Patent EP 466916 and is illustrated in FIG. 1. An encrypting system 101 comprises a scrambler (not represented) to scramble an audiovisual information (not represented) with a key 104. A first key encryptor 105 encrypts the key 104 using a first secret serial number SSN0i stored in a SSN0 database 106. The key 104 is further encrypted in a second key encryptor 107 using a second secret serial number SSN1i stored in a SSN1 database 108. This produces a series of twice-encrypted keys (1141, . . . , 114i, . . . , 114n) which are then transmitted along with the scrambled audiovisual information. A decoding system 109i among a plurality of receiving decoding systems (1091, . . . , 109i, . . . , 109n) of a broadcasting network receives the scrambled audiovisual information and one of the twice-encrypted key from the series of twice-encrypted keys.
Each receiving decoding system (1091, . . . , 109i, . . . , 109n) comprises a decoder (1121, . . . , 112i, . . . , 112n) and a portable security module (1111, . . . , 111i, . . . , 111n). Each decoder (1121, . . . , 112i, . . . , 112n) contains a SSN0 memory (1131, . . . , 113i, . . . , 113n) comprising a first secret serial number (SSN01, . . . , SSN0i, . . . , SSN0n). The first secret serial number (SSN01, . . . , SSN0i, . . . , SSN0n) is unique for each decoder or for a group of decoders. Each portable security module (1111, . . . , 111i, . . . , 111n) contains a SSN1 memory (1101, . . . , 110i, . . . , 110n) comprising a second secret serial number (SSN11, . . . , SSN1i, . . . , SSN1n). The second secret serial number (SSN11, . . . , SSN1i, . . . , SSN1n) is unique for each portable security module or for a group of portable security modules.
The decoding system 109i performs a first key decryption in a portable security module 111i. The portable security module 111i performs a first key decryption using the second secret serial number SSN1i and outputs a partially decrypted key. The partially decrypted key is transmitted to a decoder 112i. The key is fully decrypted using the first secret serial number SSN0i stored in SSN0 memory 113i. The fully decrypted key is used to descramble the scrambled audiovisual information.
The third pairing method provides a robust pairing since the second secret serial key SSN1i is stored into the portable security module 110i and is thus rendered difficult to read.