AU2002316523A1 - Apparatus and method for installing a decryption key - Google Patents
Apparatus and method for installing a decryption keyInfo
- Publication number
- AU2002316523A1 AU2002316523A1 AU2002316523A AU2002316523A AU2002316523A1 AU 2002316523 A1 AU2002316523 A1 AU 2002316523A1 AU 2002316523 A AU2002316523 A AU 2002316523A AU 2002316523 A AU2002316523 A AU 2002316523A AU 2002316523 A1 AU2002316523 A1 AU 2002316523A1
- Authority
- AU
- Australia
- Prior art keywords
- program
- encrypted
- key
- signals
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Description
APPARATUS AND METHOD FOR INSTALLING A DECRYPTION KEY
BACKGROUND OF THE INVENTION
I. Field of the Invention
[0001] The present invention relates to a method and apparatus for installing a decryption key. The invention may be usefully employed in the newly emerging field of digital cinema.
II. Description of the Related Art
[0002]- In the traditional film industry, theatre operators receive reels of celluloid film from a studio or through a distributor for eventual presentation in a theatre auditorium. The reels of film include the feature program (a full-length motion picture) and a plurality of previews and other promotional material, often referred to as trailers. This approach is well established and is based in technology going back around one hundred years.
[0003] Recently an evolution has started in the film industry, with the industry moving from celluloid film to digitized image and audio programs. Many advanced technologies are involved and together those technologies are becoming known as digital cinema. It is planned that digital cinema will provide a system for delivering full length motion pictures, trailers, advertisements and other audio/visual programs comprising images and sound at "cinema-quality" to theatres throughout the world using digital technology. Digital cinema will enable the motion picture cinema industry to convert gracefully from the century-old medium of 35mm film into the digital/wireless communication era of today. This advanced technology will benefit all segments of the movie industry.
[0004] The intention is that digital cinema will deliver motion pictures that have been digitized, compressed and encrypted to theatres using either physical media distribution (such as DVD-ROMs) or electronic transmission methods, such as via satellite multicast methods. Authorized theatres will automatically receive the
digitized programs and store them in hard disk storage while still encrypted and compressed. At each showing, the digitized information will be retrieved via a local area network from the hard disk storage, be decrypted, decompressed and then displayed using cinema-quality electronic projectors featuring high quality digital sound.
[0005] Digital cinema will encompass many advanced technologies, including digital compression, electronic security methods, network architectures and management, transmission technologies and cost-effective hardware, software and integrated circuit design. The technologies necessary for a cost-effective, reliable and secure system are being analyzed and developed. These technologies include new forms of image compression, because most standard compression technologies, such as MPEG- 2, are optimized for television quality. Thus, artifacts and other distortions associated with that technology show up readily when the image is projected on a large screen. Whatever the image compression method adopted, it will affect the eventual quality of the projected image. Special compression systems have therefore been designed specifically for digital cinema applications to provide "cinema-quality" images at bit rates averaging less than 40 Mbps. Using this technology a 2-hour movie will require only about 40 GB of storage, making it suitable for transportation on such media as so-called digital versatile disks (DVDs) or transmission or broadcast via a wireless link.
[0006] While this has obvious advantages in terms of the distribution of movies, it brings with it its own problems in that in itself such transportation and transmission is not secure. Encryption and conditional access methods are therefore also being developed with the aim of preventing piracy of movies. Encryption provides good protection against unauthorized access, but only so long as the key to the encryption remains secret. If the key is accessible then encryption is of no use at all, because a thief will easily be able to decrypt the movie data and thus steal the movie.
SUMMARY OF THE INVENTION
[0007] The invention aims to provide increased security for the encryption key itself, so as to reduce the likelihood of the key and hence the movie from being stolen.
[0008] According to one aspect of the invention, there is provided a decryption system comprising: a decryption unit for decrypting encrypted program signals using a working decryption key; a receiver for receiving signals including encrypted data defining the working decryption key; a processor; and an interface providing a first path for transferring the encrypted data from the receiver to the processor and providing a second path, separate and independent of the first path, for transferring data from the processor to the decryption unit; and wherein the processor is configured to decrypt the encrypted data using a program key so as to extract the working decryption key from the encrypted data, and to output the working decryption key for transfer via the second path of the interface to the decryption unit.
[0009] According to another aspect of the invention there is provided an apparatus for decrypting encrypted program signals, the apparatus comprising: receiving means for receiving encrypted key signals containing data defining a working decryption key; means for transferring the encrypted key signals via a first interface; first means, connected to the first interface, for decrypting the encrypted key signals, using a program key in a decryption algorithm, to determine the working decryption key; means for transferring the working decryption key via a second interface, different and operationally separate from the first interface; and second means, connected to the second interface, for decrypting the encrypted program signals using the working decryption key, and wherein the decryption algorithm is supplied together with the program decryption key via the receiving means and is downloaded therefrom to the first means for decrypting.
[0010] According to a further aspect of the invention there is provided an apparatus in which, initially, a decryption algorithm received by a control processor is passed via a first interface path to a decryption processor where it is installed together with a program decryption key extracted there from, and, subsequently, encrypted working decryption keys received by the control processor are passed on to the decryption processor over the first interface path at which decryption processor they are
decrypted using the program decryption key to obtain working decryption keys that are then transferred via a second interface path to decryptors for use in decrypting encrypted program signals input to the decryptors.
[0011] According to another aspect of the invention there is provided a method for installing a decryption key, in which, initially, a decryption algorithm received by a control processor is passed via a first interface path to a decryption processor where it is installed together with a program decryption key extracted therefrom, and, subsequently, encrypted worldng decryption keys received by the control processor are passed on to the decryption processor over the first interface path at which decryption processor they are decrypted using the program decryption key to obtain working decryption keys that are then transferred via a second interface path to decryptors for use in decrypting encrypted program signals input to the decryptors.
[0012] The invention also provides a method for installing a decryption key, the method comprising: receiving signals including encrypted data defining a working decryption key; transferring the encrypted data over a first path to a processor; decrypting the encrypted data at the processor using a program key so as to extract the working decryption key from the encrypted data; outputting the working decryption key for transfer over a second path, separate and independent of the first path, to a decryption unit; and decrypting encrypted program signals in a decryption unit using the worldng decryption key.
[0013] The invention further provides a method for decrypting encrypted program signals, the method comprising: receiving encrypted key signals containing data defining a working decryption key; transferring the encrypted key signals via a first interface; decrypting the encrypted key signals, using a program key in a decryption algorithm, to determine the working decryption key; transferring the working decryption key via a second interface, different and operationally separate from the first interface; and decrypting the encrypted program signals using the working decryption key, and wherein the decryption algorithm is supplied together with the program decryption key via the receiving means and is downloaded therefrom to the first means for decrypting.
BRIEF DESCRIPTION OF THE DRAWINGS
[0014] The above and further features of the invention are set forth with particularity in the appended claims and together with advantages thereof will become clearer from consideration of the following detailed description of an exemplary embodiment of the invention given with reference to the accompanying drawings, in which:
[0015] Figure 1 illustrates a block diagram of a digital cinema system;
[0016] Figure 2 is a block diagram of a compressor/encryptor circuit used in the system of Figure 1 ;
[0017] Figure 3 illustrates an auditorium module used in the system of Figure T,
[0018] Figure 4 is a block diagram showing part of the auditorium module of Figure 3 in greater detail; and
[0019] Figure 5 is a block diagram representing a theater manager and its associated interfaces used in the system of Figure 1.
DETAILED DESCRIPTION OF AN EMBODIMENT OF THE INVENTION
[0020] The following description is intended to provide both an overview of a digital cinema system in which the invention may be embodied and a detailed disclosure of the presently preferred embodiment itself. Systems similar to the system shown herein are described extensively in other applications assigned to the assignee of this application, including USSN 09/564,174 entitled "Apparatus And Method For Encoding And Storage Of Digital Image And Audio Signals" and USSN 09/563,880, entitled "Apparatus And Method For Decoding Digital Image And Audio Signals" both filed May 3, 2000, the teachings of which are incorporated herein by reference.
[0021] A digital cinema system 100 embodying the invention is illustrated in Figure 1 of the accompanying drawings. The digital cinema system 100 comprises two main systems: at least one central facility or hub 102 and at least one presentation or theater subsystem 104. The hub 102 and the theater subsystem 104 are of a similar design to that of pending US Patent Application Serial No. 09/075,152 filed on May 8, 1998,: assigned to the same assignee as the present invention, the teachings of which are incorporated herein by reference.
[0022] Image and audio information are compressed and stored on a storage medium, and distributed from the hub 102 to the theater subsystem 104. Generally, one theater subsystem 104 is utilized for each theater or presentation location in a network of presentation locations that is to receive image or audio information, and includes some centralized equipment as well as certain equipment employed for each presentation auditorium.
[0023] In the central hub 102, a source generator 108 receives film material and generates a digital version of the film. The digital information is compressed and encrypted by a compressor/encryptor (CE) 112, and stored on a storage medium by a hub storage device 116. A network manager 120 monitors and sends control information to the source generator 108, the CE 112, and the hub storage device 116. A conditional access manager 124 provides specific electronic keying information such that only specific theaters are authorized to show specific programs.
[0024] In the theater subsystem 104, a theater manager 128 controls an auditorium module 132. Based on control information received from the auditorium module 132, a theater storage device 136 transfers compressed information stored on the storage
medium to a playback module 140. The playback module 140 receives the compressed information from the theater storage device 136, and prepares the compressed information to a predetermined sequence, size and data rate. The playback module 140 outputs the compressed information to a decoder 144. The decoder 144 inputs compressed information from the playback module 140 and performs decryption, decompression and formatting, and outputs the information to a projector 148 and a sound module 152. The projector 148 plays the information on a projector and the sound module 152 plays sound information on a sound system, both under control of the auditorium module 132.
[0025] In operation, the source generator 108 provides digitized electronic image and/or programs to the system. Typically, the source generator 108 receives film material and generates a magnetic tape containing digitized information or data. The film is digitally scanned at a very high resolution to create the digitized version of the motion picture or other program. Typically, a known "telecine" process generates the image information while well-known digital audio conversion processing generates the audio portion of the program. The images being processed need not be provided from a film, but can be single picture or still frame type images, or a series of frames or pictures, including those shown as motion pictures of varying length. These images can be presented as a series or set to create what are referred to as image programs. In addition, other material can be provided such as visual cue tracks for sight-impaired audiences, subtitling for foreign language and/or hearing impaired audiences, or multimedia time cue tracks. Similarly, single or sets of sounds or recordings are used to form desired audio programs.
[0026] Alternatively, a high definition digital camera or other known digital image generation device or method may provide the digitized image information. The use of a digital camera, which directly produces the digitized image information, is especially useful for live event capture for substantially immediate or contemporaneous distribution. Computer workstations or similar equipment can also be used to directly generate graphical images that are to be distributed.
[0027] The digital image information or program is presented to the compressor/encryptor 112, which compresses the digital signal using a preselected
known format or process, reducing the amount of digital information necessary to reproduce the original image with very high quality. Preferably, an ABSDCT technique is used to compress the image source. A suitable ABSDCT compression technique is disclosed in U.S. Pat. Nos. 5,021,891, 5,107,345, and 5,452,104, the teachings of which are incorporated herein by reference. The audio information may also be digitally compressed using standard techniques and may be time synchronized with the compressed image information. The compressed image and audio information is then encrypted and/or scrambled using one or more secure electronic methods.
[0028] The network manager 120 monitors the status of compressor/encryptor 112, and directs the compressed information from the compressor/encryptor 112 to the hub storage device 116. The hub storage device 116 is comprised of one or more storage media (shown in Figure 8). The storage medium/media may be any type of high capacity data storage device including, but not limited to, one or more digital versatile disks (DVDs) or removable hard drives (RHDs). Upon storage of the compressed information onto the storage medium, the storage medium is physically transported to the theater subsystem 104, and more specifically, to the theater storage device 136.
[0029] Alternatively, the compressed image and audio information may each be stored in a non-contiguous or separate manner independent of each other. That is, a means is provided for compressing and storing audio programs associated with image information or programs but segregated in time. There is no requirement to process the audio images at the same time. A predefined identifier or identification mechanism or scheme is used to associate corresponding audio and image programs with each other, as appropriate. This allows linking of one or more preselected audio programs with at least one preselected image program, as desired, at a time of presentation, or during a presentation event. That is, while not initially time synchronized with the compressed image information, the compressed audio is linked and synchronized at presentation of the program.
[0030] Further, maintaining the audio program separate from the image program allows for synchronizing multiple languages from audio programs to the image program, without having to recreate the image program for each language. Moreover, maintaining a separate audio program allows for support of multiple speaker
configurations without requiring interleaving of multiple audio tracks with the image program.
[0031] In addition to the image program and the audio program, a separate promotional program, or promo program, may be added to the system. Typically, promotional material changes at a greater frequency than the feature program. Use of a separate promo program allows promotional material to be updated without requiring new feature image programs. The promo program comprises information such as advertising (slides, audio, motion or the like) and trailers shown in the theater. Because of the high storage capacity of storage media such as DVDs and RHDs, thousands of slides or pieces of advertising may be stored. The high storage volume allows for customization, as specific slides, advertisements or trailers may be shown at specific theaters at targeted customers.
[0032] Although Figure 1 illustrates the compressed information in the storage device
116 and physically transporting storage medium/media to the theater subsystem 104, it should be understood that the compressed information, or portions thereof, may be transmitted to the theater storage device 136 using any of a number wireless or wired transmission methods. Transmission methods include satellite transmission, well- known multi-drop, Internet access nodes, dedicated telephone lines, or point-to-point fiber optic networks.
[0033] A block diagram of the compressor/encryptor 112 is illustrated in Figure 2 of the accompanying drawings. Similar to the source generator 108, the compressor/encryptor 112 may be part of the central hub 102 or located in a separate facility. For example, the compressor/encryptor 112 may be located with the source generator 108 in a film or television production studio. In addition, the compression process for either image or audio information or data may be implemented as a variable rate process.
[0034] The compressor/encryptor 112 receives a digital provided by the source generator 108. The digital image and audio information may be stored in frame buffers (not shown) before further processing. The digital image signal is passed to an image compressor 184. In a preferred embodiment, the image compressor 184 processes a digital image signal using the ABSDCT technique described in the abovementioned U.S. Pat. Nos. 5,021,891, 5,107,345, and 5,452,104.
[0035] In the ABSDCT technique, the color input signal is generally in a YIQ format, with Y being the luminance, or brightness, component, and I and Q being the chrominance, or color, components. Other formats such as the YUV or RGB formats may also be used. Because of the low spatial sensitivity of the eye to color, the ABSDCT technique sub-samples the color (I and Q) components by a factor of two in each of the horizontal and vertical directions. Accordingly, four luminance components and two chrominance components are used to represent each spatial segment of image input.
[0036] Each of the luminance and chrominance components is passed to a block interleaver. Generally, a 16x16 block is presented to the block interleaver, which orders the image samples within the 16x16 blocks to produce blocks and composite sub-blocks of data for discrete cosine transform (DCT) analysis. The DCT operator is one method of converting a time-sampled signal to a frequency representation of the same signal. By converting to a frequency representation, the DCT techniques have been shown to allow for very high levels of compression, as quantizers can be designed to take advantage of the frequency distribution characteristics of an image. Preferably, one 16x16 DCT is applied to a first ordering, four 8x8 DCTs are applied to a second ordering, 16 4x4 DCTs are applied to a third ordering, and 64 2x2 DCTs are applied to a fourth ordering.
[0037] The DCT operation reduces the spatial redundancy inherent in the image source. After the DCT is performed, most of the image signal energy tends to be concentrated in a few DCT coefficients.
[0038] For the 16x16 block and each sub-block, the transformed coefficients are analyzed to determine the number of bits required to encode the block or sub-block. Then, the block or the combination of sub-blocks, which requires the least number of bits to encode, is chosen to represent the image segment. For example, two 8x8 sub- blocks, six 4x4 sub-blocks, and eight 2x2 sub-blocks may be chosen to represent the image segment.
[0039] The chosen block or combination of sub-blocks is then properly arranged in order. The DCT coefficient values may then undergo further processing such as, but not limited to, frequency weighting, quantization, and coding (such as variable length
coding) using known techniques, in preparation for transmission. The compressed image signal is then provided to at least one image encryptor 188.
[0040] The digital audio signal is generally passed to an audio compressor 192.
Preferably, the audio compressor 192 processes multi-channel audio information using a standard digital audio compression algorithm. The compressed audio signal is provided to at least one audio encryptor 196. Alternatively, the audio information may be transferred and utilized in an uncompressed, but still digital, format.
[0041] The image encryptor 192 and the audio encryptor 196 encrypts the compressed image and audio signals, respectively, using any of a number of known encryption techniques. The image and audio signals may be encrypted using the same or different techniques. In a preferred embodiment, an encryption technique, which comprises real-time digital sequence scrambling of both image and audio programming, is used.
[0042] At the image and audio encryptors 192 and 196, the programming material is processed by a scrambler/encryptor circuit that uses time-varying electronic keying information (typically changed several times per second). The scrambled program information can then be stored or transmitted, such as over the air in a wireless link, without being decipherable to anyone who does not possess the associated electronic keying information used to scramble the program material or digital data.
[0043] Returning now to Figure 2, in addition to scrambling, the image encryptor 192 may add a "watermark" or "fingerprint" which is usually digital in nature, to the image programming. This involves the insertion of a location specific and/or time specific visual identifier into the program sequence. That is, the watermark is constructed to indicate the authorized location and time for presentation, for more efficiently tracking the source of illicit copying when necessary. The watermark may be programmed to appear at frequent, but pseudo-random periods in the playback process and would not be visible to the viewing audience. The watermark is perceptually unnoticeable during presentation of decompressed image or audio information at what is predefined as a normal rate of transfer. However, the watermark is detectable when the image or audio information is presented at a rate substantially different from that normal rate, such as at a slower "non-real-time" or still frame playback rate. If an unauthorized copy of a program is recovered, the
digital watermark information can be read by authorities, and the theater from which the copy was made can be determined. Such a watermark technique may also be applied or used to identify the audio programs.
[0044] The compressed and encrypted image and audio signals are both presented to a multiplexer 200. At the multiplexer 200, the image and audio information is multiplexed together along with time synchronization information to allow the image and audio-streamed information to be played back in a time aligned manner at the theater subsystem 104. The multiplexed signal is then processed by a program packetizer 204, which packetizes the data to form the program stream. By packetizing the data, or forming "data blocks," the program stream may be monitored during decompression at the theater subsystem 104 (see Figure 1) for errors in receiving the blocks during decompression. Requests may be made by the theater manager 128 of the theater subsystem 104 to acquire data blocks exhibiting errors. Accordingly, if errors exist, only small portions of the program need to be replaced, instead of an entire program. Requests of small blocks of data may be handled over a wired or wireless link. This provides for increased reliability and efficiency.
[0045] Alternatively, the image and audio portions of a program are treated as separate and distinct programs. Thus, instead of using the multiplexer 200 to multiplex the image and audio signals, the image signals are separately packetized. In this way the image program may be transported exclusive of the audio program, and vice versa. As such, the image and audio programs are assembled into combined programs only at playback time. This allows for different audio programs to be combined with image programs for various reasons, such as varying languages, providing post-release updates or program changes, to fit within local community standards, and so forth. This ability to flexibly assign audio different multi-track programs to image programs is very useful for minimizing costs in altering programs already in distribution, and in addressing the larger multi-cultural markets now available to the film industry.
[0046] The. compressors 184 and 192, the encryptors 188 and 196, the multiplexer
200, and the program packetizer 204 may be implemented by a compression/encryption module (CEM) controller 208, a software-controlled processor programmed to perform the functions described herein. That is, they can be
configured as generalized function hardware including a variety of programmable electronic devices or computers that operate under software or firmware program control. They may alternatively be implemented using some other technology, such as through an ASIC or through one or more circuit card assemblies, i.e. constructed as specialized hardware.
[0047] The image and audio program stream is sent to the hub storage device 116.
The CEM controller 208 is primarily responsible for controlling and monitoring the entire compressor/encryptor 112. The CEM controller 208 may be implemented by programming a general-purpose hardware device or computer to perform the required functions, or by using specialized hardware. Network control is provided to CEM controller 208 from the network manager 120 (Figure 2) over a hub internal network, as described herein. The CEM controller 208 communicates with the compressors 184 and 192, the encryptors 188 and 196, the multiplexer 200, and the packetizer 204 using a known digital interface and controls the operation of these elements. The CEM controller 208 may also control and monitor the storage module 116, and the data transfer between these devices.
[0048] The storage device 116 is preferably constructed as one or more RHDs, DVDs disks or other high capacity storage medium/media, which in general is of similar design as the theater storage device 116 in theater subsystem 104. However, those skilled in the art will recognize that in some applications other media may be used including but not limited to DVDs (Digital Versatile Disks) or so-called JBODs ("Just a Bunch Of Drives"). The storage device 116 receives the compressed and encrypted image, audio, and control data from the program packetizer 204 during the compression phase. Operation of the storage device 116 is managed by the CEM controller 208.
[0049] Figure 3 of the accompanying drawings illustrates operation of the auditorium module 132 using one or more RHDs (removable hard drives) 308. For speed, capacity, and convenience reasons, it may be desirable to use more than one RHD 308a to 308n. When reading data sequentially, some RHDs have a "prefetching" feature that anticipates a following read command based upon a recent history of commands. This prefetching feature is useful in that the time required to read sequential information off the disk is reduced. However, the time needed to read non-
sequential information off the disk may be increased if the RHD receives a command that is unexpected. In such a case, the prefetching feature of the RHD may cause the random access memory of the RHD to be full, thus requiring more time to access the information requested. Accordingly, having more than one RHD is beneficial in that a sequential stream of data, such as an image program, may be read faster. Further, accessing a second set of information on a separate RHD disk, such as audio programs, trailers, control information, or advertising, is advantageous in that accessing such information on a single RHD is more time consuming.
[0050] Thus, compressed information is read from one or more RHDs 308 into a buffer 284. The FIFO-RAM buffer 284 in the playback module 140 receives the portions of compressed information from the storage device 136 at a predetermined rate. The FIFO-RAM buffer 284 is of a sufficient capacity such that the decoder 144, and subsequently the projector 148, is not overloaded or under-loaded with information. Preferably, the FIFO-RAM buffer 284 has a capacity of about 100 to 200 MB. Use of the FIFO-RAM buffer 284 is a practical necessity because there may be a several second delay when switching from one drive to another.
[0051] The portions of compressed information is output from the FIFO-RAM buffer into a network interface 288, which provides the compressed information to the decoder 144. Preferably, the network interface 288 is a fiber channel arbitrated loop (FC-AL) interface. Alternatively, although not specifically illustrated, a switch network controlled by the theater manager 128 receives the output data from the playback module 140 and directs the data to a given decoder 144. Use of the switch network allows programs on any given playback module 140 to be transferred to any given decoder 144.
[0052] When a program is to be viewed, the program information is retrieved from the storage device 136 and transferred to the auditorium module 132 via the theater manager 128. The decoder 144 decrypts the data received from the storage device 136 using secret key information provided only to authorized theaters, and decompresses the stored information using the decompression algorithm which is inverse to the compression algorithm used at source generator 108. The decoder 144 includes a converter (not shown in Figure 3) which converts the decompressed image information to an image display format used by the projection system (which may be
either an analog or digital format) and the image is displayed through an electronic projector 148. The audio information is also decompressed and provided to the auditorium's sound system 152 for playback with the image program.
[0053] The decoder 144 processes a compressed/encrypted program to be visually projected onto a screen or surface and audibly presented using the sound system 152. As shown in Figure 3, the decoder 144 comprises a controlling CPU (central processing unit) 312, which controls the decoder. Alternatively, the decoder may be controlled via the theater manager 128. The decoder further comprises at least one depacketizer 316, a buffer 314, an image decryptor/decompressor 320, and an audio decryptor/decompressor 324. The buffer may temporarily store information for the depacketizer 316. All of the above-identified units of the decoder 144 may be implemented on one or more circuit card assemblies. The circuit card assemblies may be installed in a self-contained enclosure that mounts on or adjacent to the projector 148. Additionally, a cryptographic smart card 328 may be used which interfaces with controlling CPU 312 and/or image decryptor/decompressor 320 for transfer and storage of unit-specific cryptographic keying information.
[0054] The depacketizer 316 identifies and separates the individual control, image, and audio packets that arrive from the playback module 140, the CPU 312 and/or the theater manager 128. Control packets may be sent to the theater manager 128 while the image and audio packets are sent to the image and audio decryption/decompression systems 320 and 324, respectively. Read and write operations tend to occur in bursts. Therefore, the buffer 314 is used to stream data smoothly from the depacketizer 316 to the projection equipment.
[0055] The theater manager 128 configures, manages the security of, operates, and monitors the theater subsystem 104. This includes the external interfaces, image and audio decryption/decompression modules 320 and 324, along with projector 148 and the sound system module 152. Control information comes from the playback module 140, the CPU 312, the theater manager system 128, a remote control port, or a local control input, such as a control panel on the outside of the auditorium module 132 housing or chassis. The decoder CPU 312 may also manage the electronic keys assigned to each auditorium module 132. Pre-selected electronic cryptographic keys assigned to auditorium module 132 are used in conjunction with the electronic
cryptographic key information that is embedded in the image and audio data to decrypt the image and audio information before the decompression process. Preferably, the CPU 312 uses a standard microprocessor running embedded in the software of each auditorium module 132, as a basic functional or control element.
[0056] In addition, the CPU 312 is preferably configured to work or communicate certain information with theater manager 128 to maintain a history of presentations occurring in each auditorium. Information regarding this presentation history is then available for transfer to the hub 102 using the return link, or through a transportable medium at preselected times.
[0057] The image decryptor/decompressor 320 takes the image data stream from depacketizer 316, performs decryption, adds a watermark and reassembles the original image for presentation on the screen. The output of this operation generally provides standard analog RGB signals to digital cinema projector 148. Typically, decryption and decompression are performed in real-time, allowing for real-time playback of the programming material.
[0058] The image decryptor/decompressor 320 decrypts and decompresses the image data stream to reverse the operation performed by the image compressor 184 and the image encryptor 188 of the hub 102. Each auditorium module 132 may process and display a different program from other auditorium modules 132 in the same theater subsystem 104 or one or more auditorium modules 132 may process and display the same program simultaneously. Optionally, the same program may be displayed on multiple projectors, the multiple projectors being delayed in time relative to each other.
[0059] Image program data streams undergo dynamic image decompression using an inverse ABSDCT algorithm or other image decompression process symmetric to the image compression used in the central hub compressor/encryptor 112. If image compression is based on the ABSDCT algorithm the decompression process includes variable length decoding, inverse frequency weighting, inverse differential quad-tree transformation, IDCT, and DCT block combiner deinterleaving. The processing elements used for decompression may be implemented in dedicated specialized hardware configured for this function such as an ASIC or one or more circuit card assemblies. Alternatively, the decompression processing elements may be
implemented as standard elements or generalized hardware including a variety of digital signal processors or programmable electronic devices or computers that operate under the control of special function software or firmware programming. Multiple ASICs may be implemented to process the image information in parallel to support high image data rates.
[0060] Encryption generally involves digital sequence scrambling or direct encryption of the compressed signal. The words "encryption" and "scrambling" are used interchangeably and are understood to mean any means of processing digital data streams of various sources using any of a number of cryptographic techniques to scramble, cover, or directly encrypt said digital streams using sequences generated using secret digital values ("keys") in such a way that it is very. difficult to recover the original data sequence without knowledge of the secret key values.
[0061] Each image or audio program may use specific electronic keying information which is provided, encrypted by presentation-location or theater-specific electronic keying information, to theaters or presentation locations authorized to show that specific program. The conditional access manager (CAM) 124 handles this function. The encrypted working key needed by the auditorium to decrypt the stored information is transmitted, or otherwise delivered, to the authorized theaters prior to playback of the program. Note that the stored program information may potentially be transmitted days or weeks before the authorized showing period begins, and that the encrypted image or audio working key may be transmitted or delivered just before the authorized playback period begins. The encrypted working key may also be transferred using a low data rate link, or a transportable storage element such as a magnetic or optical media disk, a smart card, or other devices having erasable memory elements. The encrypted working key may also be provided in such a way as to control the period of time for which a specific theater complex or auditorium is authorized to show the program.
[0062] Each theater subsystem 104 that receives an encrypted working key decrypts this value using its auditorium specific key, and stores this decrypted working key in a memory device or other secured memory. When the program is to be played back, the theater or location specific and program specific keying information is used, preferably with a symmetric algorithm, that was used in the encryptor 112 in
preparing the encrypted signal to now descramble/decrypt program information in real-time.
[0063] The decryption processes use previously provided unit-specific and program- specific electronic cryptographic key information to decrypt the image and audio information. Each theater subsystem 104 is provided with the necessary cryptographic key information for all programs authorized to be shown on each auditorium module 132. Cryptographic keys typically 56 bits or longer are specific to each authorized theater manager 128, to each auditorium and to the specific image and/or audio program. A time varying key sequence may be used within the image and/or audio program. Smart card technology, such as smart card 328, is used to obtain the cryptographic keys and to transfer those keys to the signal decryption units. Physical and electronic security measures are used to prevent tampering with this key information and to detect attempted tampering or compromise. The key is stored in such a way that it can be erased in the event of detected tampering attempts.
[0064] Figure 4 of the accompanying drawings illustrates how the CPU 312 and the smart card 328 interact with each other and with other parts of the auditorium module 132 (shown in Figure 3). As shown in Figure 4, the CPU 312 is connected to receive decryption data signals from the central facility (Figure 1) via the theatre manager 128 (see Figure 3). Although not shown in the drawings, it will be appreciated that the decryption data signals need not be delivered to the theatre subsystem 104 via the theatre manager 128. The signals may be delivered on a separate medium and input to the theatre subsystem 104 via the theatre storage device 136 for example. However, transfer via the theatre manager 128 is preferred because it keeps the decryption data signals separate from the video and audio information delivered to the theatre subsystem 104 by way of the exemplary removable hard drives (RHDs) 308 shown in Figure 3. It also enables the decryption data signals to be delivered at a specified time, rather than merely some time in advance of when they are needed.
[0065] The decryption data signals received from the central facility via the theatre manager 128 contain a small amount of data for use by the CPU 312. Most of the data in the received signals, however, is in encrypted form and, as such, is meaningless to the CPU 312. The encrypted data received by the CPU 312 is passed via a security interface 350 and a key transfer logic 352 to the smart card 328.
[0066] The security interface 350 serves to isolate connection between the CPU 312 and the smart card 328 from connection between the smart card 328 and other decryption units in the auditorium module, including the image decryptor/decompressor 320 and the audio decryptor/decompressor 324 (see Figure 3). In this way, the encrypted data is passed from the CPU to the smart card and decrypted data is passed from the smart card to the decryption units in the auditorium module. Thus, the CPU 312 never has access to the decrypted data, so a prospective thief will not be able to gain access to the decrypted data by interrogating the CPU.
[0067] The key transfer logic 352 enables different smart card technologies, or entirely different technologies such as preprogrammed flash memory cards, to be used without having to redesign the whole system. For example, a smart card in which data is transferred at, say, 3 MHz in both directions on the same line may easily be replaced by a different smart card in which data is transferred at, say, 40 MHz in both directions on different lines simply by reprogramming the key transfer logic 352. Dedicated hardware could, of course, be built into the security interface 350 : to perform the same function as the key transfer logic, but this would not be so "future proof" as using the key transfer logic 352. It also enables the smart card technology to be readily changed or replaced in the even of a serious breach of security.
[0068] The smart card comprises a main processor (not shown) and co-processor hardware implementation of a DES engine (also not shown) and/or other encryption techniques. Initially, the smart card contains no data. When the card is inserted into the system and/or during initial start up of the system, the CPU 312 is arranged first to check for the presence of the smart card and then to download an applet into the smart card 328. The applet may be stored in memory (not shown) associated with the CPU but is preferably only delivered to the CPU 312 via the theatre manager 128 when required for downloading into the CPU. Delivery of the applet only when required has clear security advantages.
[0069] Once the applet has been correctly downloaded, it begins running on the main processor of the smart card 328. The applet includes a routine that causes an initial message to be sent to the CPU 312. In this way, the CPU receives confirmation that the smart card, which has been installed, is of the correct type (if it is not, then the applet may not run properly) and is working properly.
[0070] During normal operation of the auditorium module 132, decryption keys are used by the image decryptor/decompressor 320 and the audio decryptor/decompressor 324 to decrypt the encrypted image and audio data so that images can be displayed and audio broadcast within the auditorium. These decryption keys will be referred to in this part of the description as "working keys".
[0071] The working keys change from time to time. For example, they may be valid for the few days that the movie is scheduled to be shown in the auditorium, for one showing of a movie, or even for only part of the movie. Each time the working key is to be changed, data defining a new working key is delivered to the auditorium module via the theatre manager 128 (see Figure 1) or otherwise. In order to protect the new working key, the data is delivered in encrypted form and thus a different decryption key is required to decrypt the data defining the new working key. This decryption key will be referred to herein as a "program key".
[0072] The applet in the smart card transfers data representing the program key into the encryption co-processor hardware of the smart card. The data may be generated by the running of the applet or it may be downloaded with the applet before being transferred to the co-processor of the smart card. With the program key installed in the co-processor, the smart card is able to decrypt incoming data and extract working keys therefrom, when required.
[0073] The encrypted signal from the theatre manager 128 includes data identifying the origin of the data, i.e. the central facility 102 (see Figure 1). When the signal has been decrypted by the smart card the identifying data is checked to ensure that the working key has indeed come from the central facility and not from some other source.
[0074] The encrypted signal containing the working key(s) from the theatre manager
128 is accompanied by data identifying where the key(s) are to be used. Different working keys are used in the decryption of the image and in the decryption of the audio, and it is therefore necessary to know the destination for each working key. The location data is processed by the CPU 312. The CPU 312 sends appropriate commands to the security interface 350 to ensure that the decrypted working key from the smart card is sent to the correct destination.
[0075] The encrypted signal from the theatre manager 128 is also accompanied by data identifying when the decryption unit(s) 320,324 should begin using the newly decrypted working key and the period during which the working key is valid. This is useful at two levels. Firstly, it enables data for a working key to be sent ahead of time, thereby enabling the key to be sent at a time convenient to the central facility. Secondly, it facilitates changeover from'one working key to another. The amount of time that the smart card takes to decrypt the working key is variable. The encrypted working key data of necessity, therefore, has to be delivered at least a few frames in advance of the time when the new working key will begin to be used. Each video frame is individually identified and it is therefore possible to specify down to an individual frame when the new working key should start to be used.
[0076] The data accompanying the encrypted signal is used by the CPU 312 and the smart card 328 to supervise transfer of the decrypted working key from the smart card via the key transfer logic and security interface to the specified decryption unit(s) 320,324 at the required time. Once the decrypted working key has been output from the smart card 328, the applet causes the smart card to send a "decryption completed" message to the CPU 312. This information is added to the above-mentioned presentation history maintained by the CPU 312 with the theatre manager 128.
[0077] Referring back to Figure 1, the decoder chassis 144 includes a fiber channel interface 288, the depacketizer 316, the decoder controller or CPU 312, the image decryptor/decompressor 320, the audio decryptor/decompressor 324, and the smart card 328. The decoder chassis 144 is a secure, self-contained chassis that also houses the smart card 328 interface, internal power supply and/or regulation, cooling fans (as necessary), a local control panel, and external interfaces.
[0078] The local control panel (not shown) may use any of various known input devices such as a membrane switch flat panel with embedded LED indicators. The local control panel typically uses or forms part of a hinged access door to allow entry into the chassis interior for service or maintenance. This door has a secure lock to prevent unauthorized entry, theft, or tampering of the system. The smart card 328 is installed inside the decoder chassis 144, secured behind the locked front panel. The smart card slot is accessible only inside the secured front panel. The RGB signal output from the image decryptor/decompressor 320 to the projector 148 is connected
securely within the decoder chassis 144 in such a way that the RGB signals cannot be accessed while the decoder chassis 144 is mounted to the projector housing. Security interlocks may be used to prevent operation of the decoder 144 when it is not correctly installed to the projector 148.
[0079] It will be appreciated from the foregoing description that the use of a smart card or other removable programmable device to decrypt worldng keys as and when they are required and do so that decryption as an operation separate and isolated from the rest of the theatre subsystem enables a good level of security to be achieved. The CPU 312 in the auditorium 132 never "sees" the working keys in decrypted form and so security cannot be breached by interrogation of the CPU. This, together with the above-discussed security in the cabinet, provides a secure environment for reception decoding and displaying of a movie program.
[0080] The audio decryptor/decompressor 324 shown in Figure 3 operates in a similar manner on the audio data. The audio decryptor/decompressor 324 takes the audio data stream from the depacketizer 316, performs decryption, and reassembles the original audio for presentation on a theater's speakers or audio sound system 152. The output of this operation provides standard line level audio signals to the sound system 152.
[0081] Similar to the image decryptor/decompressor 320, the audio decryptor/decompressor 324 reverses the operation performed by the' audio compressor 192 and the audio encryptor 196 of the hub 102. Using electronic keys from the cryptographic smart card 328 in conjunction with the electronic keys embedded in the data stream, the decryptor 324 decrypts the audio information. The decrypted audio data is then decompressed.
[0082] Audio decompression is performed with an algorithm symmetric to that used at the central hub 102 for audio compression. Multiple audio channels, if present, are decompressed. The number of audio channels is dependent on the multi-phonic sound system design of the particular auditorium, or presentation system. Additional audio channels may be transmitted from the central hub 102 for enhanced audio programming for purposes such as multi-language audio tracks and audio cues for sight impaired audiences. The system may also provide additional data tracks synchronized to the image programs for purposes such as multimedia special effects tracks, subtitling, and special visual cue tracks for hearing impaired audiences.
[0083] As discussed earlier, audio and data tracks may be time synchronized to the image programs or may be presented asynchronously without direct time synchronization. Image programs may consist of single frames (i.e., still images), a sequence of single frame still images, or motion image sequences of short or long duration.
[0084] If necessary, the audio channels are provided to an audio delay element, which inserts a delay as needed to synchronize the audio with the appropriate image frame. Each channel then goes through a digital to analog conversion to provide what are known as "line level" outputs to sound system 152. That is, the appropriate analog level or format signals are generated from the digital data to drive the appropriate sound system. The line level audio outputs typically use standard XLR or AES/EBU connectors found in most theater sound systems.
[0085] The sound system 152 presents the audio portion of a program on the theater's speakers. Preferably, the sound system 152 receives up to 12 channels of standard format audio signals, either in digital or analog format, from the audio decryptor/decompressor 324.
[0086] Alternatively, the playback module 140 and the decoder 144 may be integrated into a single playback-decoder unit 332. Combining the playback module 140 and the decoder module 148 results in cost and access time savings in that only a single CPU (292 or 312) is needed to serve the functions of both the playback module 140 and the decoder 144. Combination of the playback module 140 and the decoder 144 also does not require the use of a fiber channel interface 288.
[0087] If multiple viewing locations are desired, information on any storage device
136 is configured to transfer compressed information of a single image program to different auditoriums with preselected programmable offsets or delays in time relative to each other. These preselected programmable offsets are made substantially equal to zero or very small when a single image program is to be presented to selected multiple auditoriums substantially simultaneously. At other times, these offsets can be set anywhere from a few minutes to several hours, depending on the storage configuration and capacity, in order to provide very flexible presentation scheduling. This allows a theater complex to better address market demands for presentation events such as first run films.
[0088] The theater manager 128 is illustrated in greater detail in Figure 5 of the accompanying drawings. Turning now to Figure 5, the theater manager 128 provides operational control and monitoring of the entire presentation or theater subsystem 104 or one or more auditorium modules 132 within a theater complex. The theater manager 128 may also use a program control means or mechanism for creating program sets from one or more received individual image and audio programs, which are scheduled for presentation on an auditorium system during an authorized interval.
[0089] The theater manager 128 comprises a theater manager processor 336 and may optionally contain at least one modem 340, or other device that interfaces with a return link, for sending messages back to central hub 102. The theater manager 128 may include a visual display element such as a monitor and a user interface device such as a keyboard, which may reside in a theater complex manager's office, ticket booth, or any other suitable location that is convenient for theater operations.
[0090] The theater manager processor 336 is generally a standard commercial or business grade computer. The theater manager processor 336 communicates with the network manager 120 and conditional access manager 124 (see Figure 1). Preferably, the modem 340 is used to communicate with the central hub 102. The modem 340 is generally a standard phone line modem that resides in or is connected to the processor, and connects to a standard two-wire telephone line to communicate back to the central hub 102. Alternatively, communications between the theater manager processor 336 and the central hub 102 may be sent using other low data rate communications methods such as Internet, private or public data networking, wireless, or satellite communication systems. For these alternatives, the modem 340 is configured to provide the appropriate interface structure.
[0091] The theater manager 128 allows each auditorium module 132 to communicate with each storage device 136. A theater management module interface may include a buffer memory such that information bursts may be transferred at high data rates from the theater storage device 136 using the theater manager interface 126 and processed at slower rates by other elements of the auditorium module 132.
[0092] Information communicated between the theater manager 128 and the network manager 120 and/or the conditional access manager 124 include requests for retransmission of portions of information received by the theater subsystem 104 that
exhibiting uncorrectable bit errors, monitor and control information, operations reports and alarms, and cryptographic keying information. Messages communicated may be cryptographically protected to provide eavesdropping type security and/or verification and authentication.
[0093] The theater manager 128 may be configured to provide fully automatic operation of the presentation system, including control of the playback/display, security, and network management functions. The theater manager 128 may also provide control of peripheral theater functions such as ticket reservations and sales, concession operations, and environmental control. Alternatively, manual intervention may be used to supplement control of some of the theater operations. The theater manager 128 may also interface with certain existing control automation systems in the theater complex for control or adjustment of these functions. The system to be used will depend on the available technology and the needs of the particular theater, as would be known.
[0094] Through either control of theater manager 128 or the network manager 120, the invention generally supports simultaneous playback and display of recorded programming on multiple display projectors. Furthermore, under control of theater manager 128 or the network manager 120, authorization of a program for playback multiple times can often be done even though theater subsystem 104 only needs to receive the programming once. Security management may control the period of time and/or the number of playbacks that are allowed for each program.
[0095] Through automated control of the theater manager 128 by the network management module 112, a means is provided for automatically storing, and presenting programs. In addition, there is the ability to control certain preselected network operations from a location remote from the central facility using a control element. For example, a television or film studio could automate and control the distribution of films or other presentations from a central location, such as a studio office, and make almost immediate changes to presentations to account for rapid changes in market demand, or reaction to presentations, or for other reason understood in the art.
[0096] The theater subsystem 104 may be connected with the auditorium module 132 using a theater interface network (not shown). The theater interface network
comprises a local area network (electric or optical) which provides for local routing of programming at the theater subsystem 104. The programs are stored in each storage device 136 and are routed through the theater interface network to one or more of the auditorium system(s) 132 of the theater subsystem 104. The theater interface network 126 may be implemented using any of a number of standard local area network architectures which exhibit adequate data transfer rates, connectivity, and reliability such as arbitrated loop, switched, or hub-oriented networks.
[0097] Each storage device 136, as shown in Figure 1, provides for local storage of the programming material that it is authorized to playback and display. The storage system may be centralized at each theater system. In this case the theater storage device 136 allows the theater subsystem 104 to create presentation events in one or more auditoriums and may be shared across several auditoriums at one time. Depending upon capacity, the theater storage device 136 may store several programs at a time. The theater storage device 136 may be connected using a local area network in such a way that any program may be played back and presented on any authorized presentation system (i.e., projector). Also, the same program may be simultaneously played back on two or more presentation systems.
[0098] Having thus described the invention by reference to a preferred embodiment it is to be well understood that the embodiment in question is exemplary only and that modifications and variations such as will occur to those possessed of appropriate knowledge and skills may be made without departure from the spirit and scope of the invention as set forth in the appended claims and equivalents thereof.
[0099] What we claim as our invention is:
Claims (20)
1. An apparatus for decrypting encrypted program signals, characterized in that the apparatus comprises: receiving means for receiving signals including encrypted data defining a program decryption key; means for transferring the encrypted data via a first interface; first means, connected to the first interface, for decrypting the encrypted data using a program key to determine the working decryption key; means for transferring the program decryption key via a second interface, different and operationally separate from the first interface; and second means, connected to the second interface, for decrypting encrypted program signals using the program decryption key.
2. An apparatus as in claim 1, characterized in that the encrypted program signals include encrypted video signals and encrypted audio signals, the second means comprises video decrypting means for decrypting the encrypted video signals and audio decrypting means for decrypting the encrypted audio signals, the encrypted data defines both a video working key and an audio working key, and the first means is configured to extract both the video and the audio worldng keys from the encrypted data.
3. An apparatus as in claim 2, characterized in that the apparatus further comprises controlling means, wherein the signals received by the receiving means include data identifying a start frame in the video signals at which the video working key shall begin to be used and the controlling means is responsive to the data for controlling the second means.
4. An apparatus as in any one of the preceding claims, characterized in that the first means is removable.
5. An apparatus as in claim 4, characterized in that the first means is configured for operation by a program downloaded from the receiving means after the first means is connected to the apparatus.
6. An apparatus as in any one of the preceding claims, characterized in that the first means comprises a smart card.
7. An apparatus as in claim 6, characterized in that the downloaded program comprises an applet and data representing the program key.
8. An apparatus as in claim 7, characterized in that the data representing the program key is downloaded in encrypted form and, once downloaded, is decrypted by the applet.
9. An apparatus as in claim 1 or any one of claims 2, 4-8 as dependent thereon, characterized in that the apparatus further comprises controlling means, wherein the signals received by the receiving means include data identifying a time at which the program key is authorized to be used and/or identifying an auditorium in which the program decryption key is authorized to be used, and the controlling means is responsive to the data for controlling the second means.
10. An apparatus as in any one of the preceding claims, characterized in that the decrypted program signals cannot be accessed from the first interface.
11. An apparatus as in any one of the preceding claims, characterized in that a decryption algorithm including the program key is supplied together with the program decryption key via the receiving means and is downloaded therefrom to the first means for decrypting.
12. A method for decrypting encrypted program signals, characterized in that the method comprises: receiving signals including data defining a working decryption key; transferring the encrypted data via a first interface; decrypting the encrypted data using a program key to determine the working decryption key; transferring the working decryption key via a second interface, different and operationally separate from the first interface; and decrypting encrypted program signals using the working decryption key.
13. A method as in claim 12, characterized in that the encrypted program signals include encrypted video signals and encrypted audio signals, and the encrypted data defines both a video working key and an audio working key, the method further comprising: extracting both the video and the audio worldng keys from the encrypted data; decrypting the encrypted video signals; and decrypting the encrypted audio signals.
14. A method as in claim 13, characterized in that the signals received include data identifying a start frame in the video signals at which the video working key shall begin to be used, the method further comprising controlling the decrypting of the encrypted program signals in response to the data.
15. A method as in claim 12 or any one of claims 13-14 dependent thereon, characterized in that the decrypting of the encrypted data is done by a removable smart card.
16. A method as in claim 15, characterized in that the method further comprises downloading to the removable smart card a program for decrypting of the encrypted data.
17. A method as in claim 16, characterized in that the downloaded program comprises an applet and data representing the program key.
18. A method as in claim 17, characterized in that the data representing the program key is downloaded in encrypted form and, once downloaded, is decrypted by the applet.
19. A method as in claim 12 or any one of claims 13, 15-18 as dependent thereon, characterized in that the received signals include data identifying an auditorium in which the working decryption key is authorized to be used and/or identifying a time at which the working key is authorized to be used, the method further comprising controlling the decrypting of the encrypted program signals in response to the data.
20. A method as in claim 12 or any one of claims 13-19 as dependent thereon, characterized in that the decrypted program signals cannot be accessed through the first path.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/902,173 | 2001-07-09 |
Publications (1)
Publication Number | Publication Date |
---|---|
AU2002316523A1 true AU2002316523A1 (en) | 2003-01-29 |
Family
ID=
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7203319B2 (en) | Apparatus and method for installing a decryption key | |
US7376243B2 (en) | Apparatus and method for watermarking a digital image | |
KR100791825B1 (en) | Apparatus and method for decoding digital image and audio signals | |
US6985589B2 (en) | Apparatus and method for encoding and storage of digital image and audio signals | |
US8813137B2 (en) | Apparatus and method for decoding digital image and audio signals | |
WO2001041443A1 (en) | Apparatus and method for decoding digital image and audio signals | |
US20030016302A1 (en) | Apparatus and method for conditioning digital image data for display of the image represented thereby | |
AU2002316523A1 (en) | Apparatus and method for installing a decryption key | |
AU2002354615A1 (en) | Apparatus and method for conditioning digital image data for display of the image represented thereby | |
AU2005239736A1 (en) | Apparatus and method for decoding digital image and audio signals |