KR20040037133A - Ca system for broadcast dtv using multiple keys for different service providers and service areas - Google Patents

Abstract

The present invention relates to a method for managing access to scrambled broadcast or transmitted events received from various service providers (including broadcast television networks, cable television networks, digital satellite systems). In one preferred embodiment, each service provider employs a different public key in encrypting the access information message, and each smart card includes a private key corresponding to the public key, thereby allowing the user to replace the smart card. Without this, you can access events from various service providers.

Description

CA SYSTEM FOR BROADCAST USING MULTIPLE KEYS FOR DIFFERENT SERVICE PROVIDERS AND SERVICE AREAS}

In the near future, broadcast digital television services may include several local channels, each of which can broadcast multiple concurrent programs, some of which are pay-per-view (PPV) programs. Can be. The user may want a mixed service from several different service providers, which necessitates the use of a conditional access system or similar manner. For example, a user may want to buy a basketball game for all Indiana University teams on local channel 4, a football game for all Notre Dame teams on channel 13, and a Colt game for all Indianapolis teams on channel 8. have. If each of these services is uniquely scrambled differently, then the user is burdened with the need to exchange cards when surfing the channel by purchasing multiple conditional access smart cards.

As mentioned above, conventional systems include cable, satellite and terrestrial broadcast systems. Each of these systems can have a number of descrambling keys associated with it. Some of these systems may even have multiple descrambling keys per different entitlement control message (ECM). The ECM has a descrambling key (sometimes called a 'control word') and a brief description of the program (eg, program number, date, time, cost, etc.). For example, in the case of cable systems, some content is scrambled nationally and others are scrambled locally, each of which has a different ECM and descrambling key. However, all of the aforementioned systems have in common all programs from one, i.e., only one known transmitter (e.g., the head end (cable) of the cable installation, the specific orbital position of the satellite (satellite) or a single television station (terrestrial broadcast)). Is designed to receive. Since all programming in these systems is done in one transmitter, the system knows in advance when and when to use which descrambling key set.

Accordingly, there is a need for conditional access systems that use multiple keys associated with different broadcasters or different geographic regions.

The present invention relates to systems and methods that can be employed to provide conditional access to multiple broadcast services by a single consumer electronic device, such as a set top box or digital television. Each device may receive a broadcast or transmission digital stream from various broadcast sources.

1 is a block diagram showing an example of a structure for connecting a normal digital television with a plurality of terrestrial broadcasters.

2 is an exemplary block diagram of a system for managing access to a device in accordance with the present invention.

In general, the present invention defines a method for providing conditional access to restricted broadcast or transmitted events. The method includes receiving at least one scrambled first transmission event from a first service provider; Receiving at least one scrambled second transmission event from a second service provider; Receiving encrypted access information associated with the transmission event, wherein the access information includes first and second descrambling keys, the first descrambling key corresponding to the first service provider, and the second The descrambling key corresponds to the second service provider; Decoding the access information; Descrambling the transmission event.

The present invention provides a conditional access system that can be used to obtain a service from one of a plurality of sources. When this conditional access system is implemented in a digital television (DTV), digital videocassette recorder (DVCR), set-top box (STB), etc., the user can be scrambled from one or more service providers without changing the conditional access module or smart card. You can listen for events. Alternatively, smart card functions can be embedded in the DTV. Such conditional access system acts as a toll bridge for service access, thereby enabling a mechanism by which DTV manufacturers collect fees based on the use of the DTV. Similarly, the present invention may be implemented in a set top box (STB) or a digital video cassette recorder (DVCR). Hereinafter, the present invention will be described based on the embodiment using a digital television and a smart card coupled thereto for convenience.

As a method for preventing copyright infringement in the conditional access system as described above, 'balkanization' of the descrambling key area has been proposed. This method requires different key usages, with each key covering only one small geographic area. Thus, even if a copyright infringer somehow obtained a descrambling key, the area where the key is useful will be very limited.

The events or programs described herein include any of the following listed items: (1) audio / video data such as movies, weekly "TV" shows, documentaries, and the like; (2) text data such as electronic magazines, newspapers, weather news, and the like; (3) computer software; (4) binary data such as images; (5) HTML data (eg, web pages) and the like. The service provider may include any provider as long as the provider broadcasts the event, for example, an electronic event list provider such as a conventional broadcast television network, a cable network, a digital satellite network, an electronic program guide provider, and in some cases, an Internet service provider. There is this.

Conditional access systems as described above may be based on public key technology. At least one public key (number) is available to all service providers. This may be the public key for all smart cards in the conditional service system, or may use multiple public keys. Each smart card stores at least one secret private key capable of decrypting a message encrypted with at least one public key.

In operation, the conditional access service provider transmits a CA entitlement message (eg, ECM) encrypted with the public key, including information such as the name of the service provider, the name, time and cost of the program, and information about the key used for program scrambling. Send to the stream. The smart card decrypts the message using a private key and stores appropriate information for each purchase event.

The smart card has a certain amount of purchase credit granted by the bank. As long as the credit limit is not exceeded, the viewer can purchase the program. At any suitable time planned in advance, the smart card will call the CA center. The CA center uses another set of keys to receive billing information from the smart card and provide additional credit in cooperation with the bank. The bank sends the information and credit to the appropriate service provider (s).

In FIG. 1, system 30 shows a general structure for managing access to digital television (DTV) 40a, 40b. For convenience, the following description will be limited to the single DTV 40a. Similar component reference numbers define identical functional components. Smart card (SC) 42a (or any other equivalent conditional access module) is inserted or coupled to a smart card reader (not shown) of DTV 40a, and bus 45 is connected to DTV 40a and SC 42a. By interconnecting the two, data transmission between each other is possible. Such smart cards include an ISO 7816 card having a card body in which a plurality of terminals are arranged on a surface according to the National Renewable Security Standard (NRSS) Part A, and a PCMCIA card according to NRSS Part B. Such smart cards also include ISO 7816 cards, PCMCIA cards, NRSS Part A and Part B cards, open cable point of deployment modules, digital video broadcast (DVB) common interface (CI) modules, and other reasons known to those skilled in the art. There is a design.

DTV 40a may receive services from a plurality of service providers SP, such as television stations 50, 52, cable television operators (not shown), satellite systems (not shown), and the like. The present invention has particular advantages over terrestrial broadcasting. The Certificate Authority (CA) 75 issues a digital certificate and a pair of public and private keys, not directly connected to either the service provider or the DTV 40a, which will be described later. It is within the scope of the present invention that the service provider may act as the certification authority 75 in collaboration with the manufacturer of the DTV 40a. The fee settlement 70 is used to manage the user's account and is provided with updated information when the user is ready to purchase additional services and when the user consumes or uses the services.

Conditional access (CA) systems designed for such DTV broadcasting technology are transmission based systems. This means that CA information for a particular broadcaster is sent only on its own RF channel. Each broadcaster is only responsible for its own information, so there is no need to set operating rules in advance in order to coordinate and / or synchronize information among several broadcasters. In addition, the CA system is based on "E-cash" card charging. The user precharges a certain amount of money (from a debit or credit account) and then uses the card to purchase an event package, pay a monthly subscription, or purchase a particular program in a PPV fashion. Event packages include all of your favorite professional sports broadcasts and last Sunday's movies on one or more virtual channels.

The broadcast channel is only used to convey the service and this service access information. All other transactions are performed through the return channel (ie modem and telephone connection). There is no need to broadcast an addressable message. The broadcast service is protected by a common scrambling algorithm. The keys used for this process and event purchase information are encrypted by the universal public key and delivered to the user via the MPEG-2 stream. For event packages, a package certificate is sent from the CA server 60a to the user via a return channel. As described in more detail below, a certificate is generally signed to ensure the integrity of the certificate. That is, to ensure that a true certificate that has not been modified is received from the sender. The service is accessed via an updateable security module (eg smart card).

Symmetric key cryptography uses the same algorithm and key for both encryption and decryption. Public key cryptography is based on using two related keys, one public key and one private key. Since the private key is a secret key, it is computationally impossible to derive the private key from the public key used publicly. Anyone can encrypt a message with a public key, but only an individual or device with a predetermined associated private key can decrypt the message. Similarly, a message can be encrypted with a private key, and anyone can decrypt the message if it can access the public key. Encrypting a message using a private key can be viewed as "signing" because anyone with a public key can verify that the message was sent from the party with the private key. to be. This can be thought of as analogous to verifying a signature on a document.

Digitally signed messages are messages that are signed and sent in clear text (ie, not encrypted). The attached signature is generated by encrypting the message itself or the outline of the message, which is obtained by hashing the message. Before hashing the message, the message is sent to a one-way hashing algorithm such as MD5 developed by Ron Rivest or SHA-1 developed by the National Institute of Standards and Technology (NIST) and the US National Security Agency (NSA). Thus, the recipient of the signed message can verify the integrity (ie, origin) of the message. (In comparison, a public key certificate or digital certificate is a message that contains a public key that is signed and sent in the signature.) Signature verification involves checking the signature by decryption.

As mentioned above, the five essential components of a CA system are a broadcaster, a CA vendor, a billing station (eg, a bank), an end user, and a certification authority. Figure 1 shows the overall system architecture and shows the five components and their communication links and data flow. End users communicate with CA vendors to download certificates through point-to-point links such as telephone lines. The telephone line is used for automatic transactions and for voice connection if necessary. For automated transactions, one of the possible protocols is the point-to-point protocol (PPP). Security is implemented at the application layer by a private protocol.

Communication between a CA vendor and a broadcaster may be established through a local area network (LAN) or a wide area network (WAN). As mentioned above, security is implemented at the application level by a private specification protocol running over existing Internetworking protocols. Broadcast facility equipment required for broadcast stream protection may be commercial products available from a number of CA vendors.

The broadcaster is responsible for (1) service and (2) delivery of qualification messages. The entitlement message includes an access information message (AIM) (or alternatively entitlement control message (ECM) and entitlement management message (EMM)) that allows the user to purchase a service, as described in more detail below. Therefore, communication between broadcasters and users follows a point-to-multipoint model of broadcast technology. Broadcast AIM does not include a unique address for each user or subscriber, which is typical for satellite or cable systems.

If the DTV 40a does not have a back channel connection required for communication with the CA server, in order to charge the card, the user may access a DTV unit that supports the back channel, or a specific location ( Bank, ATM, vendor's regional office). The CA operator acts like a cardholder or user's bank, and the fare settlement acts like a merchant's bank. The card company may act as an intermediary merchant between the CA operator and the broadcaster's bank to provide transaction settlement services. The fixed amount of "money" charged in the smart card or conditional access module may be used to pay for services provided by the broadcaster.

Whatever currency transfer mechanism is employed, the user will be asked to transfer a certain amount of money from the credit or debit account to the CA card. After correctly identifying the user's identity and resources, the transaction is authenticated and the nominal currency is charged to the CA card.

After the card is charged with money, the user can purchase the service provided by the broadcaster as desired. Each time a purchase is made, the amount of money available in the card is reduced by the price of the service. Services provided by a broadcaster may be classified into two categories, that is, a PPV event and a package. An event is a TV program with a time zone assigned in the program guide, and a package is just an event set. Examples of packages include the following: (1) all NBA games within a given season; (2) last Sunday's movies on one or more virtual channels; and (3) a specific virtual channel subscription, such as HBO.

All events have one or more of the audio video streams scrambled by a common symmetric key algorithm. Entitlement messages (eg, ECM, AIM) including purchase information and descrambling keys may be encrypted by a common public key algorithm or a symmetric key algorithm.

Purchasing an event allows the record to be sent to a CA vendor after it has been stored on a smart card. Once the stored purchase information is sent to the CA database, the CA vendor can pay the broadcaster for the services provided. Each smart card also has a nonvolatile memory for holding the information described later.

The 32-bit field of the smart card memory indicates the card's serial number. The 128-bit BCD field indicates the user (credit or debit) card number. The 10 byte field represents the telephone number of the CA server. The 10 byte field represents the telephone number of another CA server. The 40-bit BCD field stores the amount of money available to the user. The predetermined field represents the signature on the final electronic money certificate. The 8-bit field is for notifying the user that the available electronic money is less than a predetermined threshold, or for storing a threshold that initiates an automatic call back to the CA server for currency addition. The 40-bit BCD field represents the amount of money that is charged to the card without user intervention when the electronic money is less than the threshold. This monetary amount is predetermined by the user and sent to the CA server while the card is active. If this value is zero, automatic electronic money charging is not allowed. The two 768 bit fields are for storing the private key for decrypting the AIM and for storing the public key for verifying the signature on the certificate. The 21 byte field is for storing a TDES key for descrambling a broadcast service. The two 96 byte fields are for storing keys for replacing the current private key and for storing keys for replacing the current verification key. The 8 byte field is for storing a symmetric key for secure communication with the CA server. It is within the scope of the present invention that the scrambling algorithm may be a cipher other than DES.

The card must store information about the PPV events and packages that the user has purchased. If the card memory is full, it does not allow the user to purchase additional events.

The exchange of data between the card and the host (eg, CA provider) may be based on a well-defined common interface, namely EIA-679 Part A or Part B of the NRSS. Since the telephone line is a widely available physical link, the protocol chosen between the CA server and host is RFC 1548 of the Point-to-Point Protocol (PPP), which is employed as standard 51 where security is provided in point-to-point protocol (PPP) datagrams. The technical innovations described herein do not exclude the use of other protocols different from PPP on the return channel.

PPP is a protocol according to ISO's HDLC standard adopted by ITU-T for X.25 systems. A method for transmitting datagrams over a point-to-point link from multiple protocols has been developed by the IETF. This frame format is a 16-bit protocol field (as defined in RFC 1700 "Assignment Number"), followed by an information field of variable length, followed by adjusting the frame length (if required by the receiving protocol). Comes with a padding field containing optional bytes that are added to.

For data exchange between the card and the CA server, a new protocol with a protocol field value of 0x00FF is specified. For this new protocol, the value of the padding field is always zero. This new protocol provides reliable transmission using acknowledgment (ACK) and negative acknowledgment (NACK) messages, which are inserted into the first byte of the information field and use an 8-bit UIMSBF format.

The ACK may be followed by information transmitted as a reply (piggyback acknowledgment). When the receiving end detects an error message, it responds with a NACK and requests the transmitting side to retransmit.

The smart card initiates a call back to the CA server under any of the following conditions using the protocol described above.

1. The card is first inserted into the DTV.

2. The user requests a high level package purchase using the displayed menu.

3. The smart card memory is full.

4. The local time is within the interval [1 am-6am] and there is a new record to be sent.

5. The card receives a notification about a new private or verification key.

6. The smart card's currency is less than a certain threshold and automatic electronic money charging is possible.

7. The user requests a currency using the displayed menu.

8. The user has requested to cancel the package purchase.

The card sends an initial warning message according to these conditions to inform the CA server about the user and the purpose of the call.

When a user inserts a card into the DTV for the first time, information specific to the card is sent to the CA server for registration. This information is encrypted with Kcallback.

Card-> CA Server: Warning Message (alert_type = 0x01)

Card <-CA Server: ACK Message

Card-> CA Server: Card Information Message

Card <-CA Server: ACK Message

You can use the displayed menu to make advanced purchases. In response to the user's request, the CA server sends a package certificate to be stored on the card. for example,

Card-> CA Server: Warning Message (alert_type = 0x02)

Card <-CA server: ACK message | Signed Package Certificate Message

Card-> CA server: ACK message

The package certificate format includes the following fields. An 8 bit field indicates a package certificate message. Two values are possible, one is an updatable package request and the other is a non-updatable package request. The 32-bit field indicates the registration authority that assigns a value to the provider_index field. The 16 bit field identifies the content provider. This unique number is registered with the registrar identified by format_identifier. The 16 bit field identifies the transport stream carrying the event. The 16 bit field represents the package identifier. The 8 bit field is for the title field. The variable length field is for package titles using ASCII according to the Latin-1 extension. The 40-bit field indicates the package price in the format of a BCD. The 24-bit field indicates the validity period of the package.

The PPV event purchase record is temporarily stored on the card until after the event broadcast. These records are sent to the CA server in either of the following cases without user intervention.

(Iii) The card memory cannot save any more records.

(Ii) the local time is within the interval [1 am-6am] and there is a new record to be transmitted.

All records are encrypted with Kcallback.

(Ⅰ) The smart card memory is full

Card-> CA Server: Warning Message (alert_type = 0x03)

Card <-CA Server: ACK Message

Card-> CA Server: Variable Number of Encrypted PPV Event Purchase Records

Card <-CA Server: ACK Message

(Ii) the local time is within the interval [1 am-6am] and there is a new record to be transmitted

Card-> CA Server: Warning Message (alert_type = 0x04)

Card <-CA Server: ACK Message

Card-> CA Server: Variable Number of Encrypted PPV Event Purchase Records

Card <-CA Server: ACK Message

If the private key or verification key needs to be replaced, the card is notified through the broadcast channel. Each user then needs to initiate a callback to receive the new key.

Card-> CA Server: Warning Message (alert_type = 0x05)

Card <-CA server: ACK message | Key substitution message

Card-> CA server: ACK message

Add money if:

1. The currency of the smart card is less than a certain threshold, or

2. The user requests a currency using the displayed menu, or

3. The card is in a remote location (when there is no local telephone connection).

In all cases, the entity providing the currency verifies the credit or debit card information, generates an electronic money certificate (ECC), and sends the ECC to the card. The ECC message format is for the 8-bit field to indicate the message type and for the 40-bit field to hold the BCD value of the monetary value to be added to the smart card.

1) Automatic electronic money charging is possible.

Card-> CA Server: Warning Message (alert_type = 0x06)

Card <-CA Server: ACK Message

Card-> CA Server: Signature for Electronic Money

Card <-CA server: ACK | Signed electronic money certificate message

Card-> CA server: ACK message

2) Electronic money certificate includes pre-defined and fixed amount of electronic money. Automatic electronic money charging is not possible. The user proceeds as follows.

Card-> CA Server: Warning Message (alert_type = 0x07)

Card <-CA Server: ACK Message

Card-> CA Server: Signature for Electronic Money | Electronic money message

Card <-CA server: ACK message | Signed electronic money certificate message

Card-> CA server: ACK message

The user can cancel the purchase using the menu displayed on the screen. The action the card takes depends on the type of purchase.

(Iii) Purchase a package: Initiate a call to a CA server.

Card-> CA Server: Warning Message (alert_type = 0x08)

Card <-CA Server: ACK Message

Card-> CA Server: Canceled Package Purchase Record

Card <-CA server: ACK message | Signed electronic money certificate message

Card-> CA server: ACK message

(Ii) Purchase PPV Event: If the deadline for canceling the event is not reached, all selected records are deleted.

AIMs are carried as private data in an adaptation field of a transport stream packet carrying video data. These AIM may also be carried in transport streams with different PIDs using tools and functions capable of ECM transmission in MPEG-2. This adaptation_field_control bit may be a '10' bit (adaptation field only, no payload) or a '11' bit (adaptation field followed by payload). The maximum cycle time of an AIM message with the same AIM-id will be 500 ms.

The bit stream syntax of the access information message includes the following fields. Unique 8-bit identifier for this access information message. The AIM_id field is the second byte of the private data portion of the adaptation field. The first byte is allocated for public key identification used for AIM protection (when multiple public keys are used for a given DMA). Immediately following the AIM_length field is an 8-bit field that defines the number of bytes in the AIM. The 32 bit field is for identifying the registrar assigning a value to the Provider_Index field. The 16 bit field is for identifying the content provider. This unique number is registered with the registrar identified by format_identifier. The 24-bit field is for identifying a particular TV program or event. When assigned by a content provider identified by provider_index, all of these programs registered in the content provider database are uniquely identified. The 16 bit field is for identifying the transport stream carrying the event. The 16-bit field is for uniquely identifying the specific service that sends the event. The 14-bit field is for uniquely identifying a particular event within a given service of this transport stream. Event_id is the program guide index of the event, while program_event_id is a value that identifies the event of the content provider. Broadcasters that also serve as content providers may want the numbers to be the same, but this may not be valid in other respects. The 32-bit field indicates the event start time. The 20 bit field represents the length of the event measured in seconds. The 10 byte field is for storing the first 10 characters of the English title for the event that describes this message. If the actual title has less than 10 characters, this title segment must be filled with ESC characters before including it in this field. The 5-byte BCD field indicates the price of the event. The 16-bit field indicates the package to which this event belongs. The most significant bit corresponds to the first package, while the least significant bit corresponds to the sixteenth package. If the event belongs to the k th package, then the k th bit of this field will be set to one. One or more bits can be set to 1 to indicate that the event belongs to multiple packages. The 64-bit field is for the DES key required for descrambling the video and audio signals of the event under consideration (168-bit field for the TDES key). The 40-bit field indicates that the user needs to call a CA server to obtain a new private or verification key. If the flag is set to 1, the key must be replaced up to the specified deadline. The 8-bit field is for identifying the total length (in bytes) of the following AIM descriptor list.

In one embodiment of the present invention, an entitlement control message (ECM) may be used instead of AIM. The format of the ECM is privately defined according to the MPEG-2 and ATSC standards. The specific formats available are 8 bit table identification field, 3 bit indicator, 12 bit section length field, 8 bit protocol version field, 5 bit version number field, 2 section number field, public key field, transport stream identification field, primary and It may include a secondary channel number field, two event identification fields, a stream PID and descriptor length field, a cipher check field, a stuffing byte field, and a 32 bit CRC field.

The security of the system is based on widely accepted standard public and symmetric key algorithms. The algorithm chosen is RSA for public key cryptography and TDES and / or DES for symmetric key scrambling.

In a first preferred embodiment of the present invention, there is one universal RSA public / private key pair (Kpub / Kpri) for performing encryption on the entire system. The public key Kpub is shared by all broadcasters, and the corresponding private key Kpri is located on a tamper-resistant NRSS-A based smart card that is distributed to consumers by a CA provider. This public key is used to protect the AIM generated at the head end.

In a second preferred embodiment of the present invention, a plurality of public / private key pairs (Kpub1 / Kpri1, Kpub2 / Kpri2, Kpub3 / Kpri3, etc.) are used to perform encryption, and each key pair is used by a particular broadcaster or Corresponds to geographic region.

For example, suppose an individual lives in Princeton, New Jersey. Such an individual may receive broadcasts from various broadcast sources (ie, receive broadcasts from Philadelphia local broadcasters, Trenton local broadcasters, and New York City local broadcasters (only a few names are listed)). Conditional with multiple key pairs (e.g., Kpub1 / Kpri1 correspond to Philadelphia broadcasters, Kpub2 / Kpri2 correspond to Trenton broadcasters, and Kpub3 / Kpri3 correspond to New York City broadcasters), each corresponding to a different broadcaster By using the access system, an individual living in Princeton can receive and descramble a transmission signal transmitted by each broadcaster. In particular, each broadcaster may encrypt its ECM or AIM (which carries a descrambling key) using its own public key Kpub1-3. Next, each transmission signal from the broadcaster can be descrambled by restoring the descrambling key using the corresponding private key Kpri1-3. The private key Kpri1-3 may be located in the set-top box of the individual user or in the smart card (s) of the digital television.

In this second preferred embodiment, each broadcaster may encrypt the descrambling key using a separate public key (eg, the Philadelphia broadcaster uses the first public key Kpub1 and the Trenton broadcaster Using a second public key (Kpub2). If the Princeton local user has a set-top box or digital television with private keys Kpri1 and Kpri2 corresponding to the respective public keys Kpub1 and Kpub2, the transmission signals from all local broadcasters can be descrambled.

Within an ECM or AIM, one byte of data (called 'ECM key ID') is used to indicate which ECM key is used for a particular ECM encryption. Conditional access devices (eg, set-top boxes) include smart cards that store ECM and ECM key IDs. For example, if a smart card can hold five ECMs and can encrypt those ECMs by TDES, an exemplary memory map of a smart card is shown in Table 1 below. In the example given below in Table 1, the exemplary smart card includes three activation keys with identification values '55', 'AA' and '01'.

Memory location contents value 100 ECM_Key_ID1 0x55 101 ECM_Key_ID2 0xAA 102 ECM_Key_ID3 0x01 103 ECM_Key_ID4 0x00 104 ECM_Key_ID5 0x00 105-129 ECM_Key1 'Key1' (eg 0x123456) 130-153 ECM_Key2 'Key2' (eg 0x234567) 154-177 ECM_Key3 'Key 3' (eg 0x345678) 178-201 ECM_Key4 0x000000 202-225 ECM_Key 5 0x000000

When an ECM is received by a conditional access module (eg, set-top box), the software of that module obtains ECM key ID information from the ECM and finds an entry in the smart card's ECM key ID field. For example, when an ECM with a value of 0x01 in the ECM key ID field is received, ECM key ID 3 is designated, and the software then decodes the ECM using 'key 3'. Based on the entitlement returned to the ECM, the smart card determines as to whether the user is authorized for the particular program. If the user is authorized, the conditional access module (eg, set-top box) loads the audio video stream and descrambles the stream using the decoded descrambling key.

In a third preferred embodiment of the present invention, different key pairs can be assigned to different geographical regions. Unlike 'assignment for different broadcasters' described above, it is possible to assign different key pairs to different geographic regions operated by many broadcasters, so that more than one broadcaster can use the same key pair within a region. have. Using the above example, a first key pair (Kpub1 / Kpri1) is assigned to an area within a 100 mile radius of Philadelphia, and a second key pair (Kpub2 / Kpri2) to an area within a 100 mile radius of Trenton. The third key pair (Kpub3 / Kpri3) can be assigned to an area within a 100 mile radius of New York City. As such, two broadcasters near Philadelphia may use the same key pair. Since the Princeton is located in a geographic area covered by all three different key pairs described above, the conditional access user in Princeton has three corresponding programs for descrambling different broadcast signals to his own set-top box or digital television. It has both private key pairs Kpri1-3.

Using the geographic distribution example described above, a user in Princeton will probably have a private key in Trenton, New York City, Philadelphia and any other surrounding geographic area on his own smart card (in his own set-top box or digital television). Will have However, it should be noted that a user in a particular geographic area does not necessarily need a private key in a geographic area that cannot receive a transmitted signal (ie, a user in California must use the private key of a transmitted signal in the Philadelphia area). Will not be needed).

In the examples of 'Assigning for Different Broadcasters' and 'Assigning for Different Geographic Regions', the encryption and decryption of the ECM using multiple public / private key pairs has been discussed. It will be appreciated by those skilled in the art that a symmetric key of. It will also be appreciated by those skilled in the art that it is also possible to use access information from which a descrambling key can be derived by some predefined process (eg, hashing). For example, if raw data is hashed to obtain the descrambling key (s), such raw data can be transmitted from the transmitter to the conditional access receiver in preface with the scrambled content. The raw data is then hashed at the receiver to derive the descrambling key (s).

The electronic money certificate contains the amount of money to be added to the card. The package certificate includes the price of the package provided to the customer. Since both certificates contain sensitive data, a signature mechanism is required to ensure the integrity of these messages. Thus, all certificates are sent over a channel with a feedback path, such as a back channel using a modem.

Even if the package certificate is normally sent from the CA server, the source (e.g., ATM or other specific terminal) for charging the card with electronic money may be different. If each source signs with a unique private key, the DTV needs to maintain multiple public keys. The CA system of the present invention employs an ID-based authentication scheme that verifies a signature using only one public key.

As mentioned above, broadcasters, CA servers, and smart cards need to store some keys in order to participate in the scrambling, encryption, and signature protocols. The storage and use of all such types of keys is outlined in FIG. 2.

Kpub is maintained at the broadcaster site and used to encrypt locally generated DES keys to scramble the A / V stream. The smart card has a corresponding Kpri for recovering the DES key.

Ksig is used to sign packages and electronic money certificates. The signed certificate is verified by the Kver stored on the card. In the ID-based approach described in section 8.2, Ksig is unique for each certificate provider (CA vendor, ATM, etc.), but Kver is common for all certificate providers.

Kcallback is shared between the card and the CA server and is used to encrypt sensitive information exchanged. The information sent from the card to the CA server is the payment card number, fixed electronic money and event purchase record. If necessary, Kpri and Kver can be replaced by a CA server. Kcallback can be unique for each card. Thus, to replace it, only by sending a new card to the user.

Claims (17)

A method of managing access to restricted transport events, (a) receiving at least one scrambled first transmission event from a first service provider; (b) receiving at least one scrambled second transmission event from a second service provider; (c) receiving encrypted access information associated with the transmission event, the access information comprising a first and a second descrambling key, the first descrambling key corresponding to the first service provider, The second descrambling key corresponds to the second service provider; (d) decoding the access information; (e) descrambling the transmission event Access management method for a limited transmission event comprising a. 2. The method of claim 1, wherein said decrypting and descrambling step is performed on a smart card, wherein said encrypted access information is encrypted by respective first and second public keys and corresponding respective products stored on said smart card. Decrypted by the first and second private keys. 2. The method of claim 1, wherein said decrypting and descrambling step is performed on a smart card, wherein said encrypted access information is encrypted by respective first and second symmetric keys and corresponding each stored product is stored on said smart card. Decrypted by the first and second symmetric keys. The method of claim 1, wherein the smart card comprises a card body having a plurality of terminals aligned on a surface in accordance with one of the ISO 7816 and PCMCIA card standards. The method of claim 1, wherein the broadcast area of the first service provider is adjacent to the broadcast area of the second service provider. The method of claim 1, wherein the broadcast area of the first service provider overlaps the broadcast area of the second service provider. A method of managing access to restricted transmission events using a digital video device, (a) receiving access information encrypted by a first public key from a first service provider, the access information comprising a first encrypted event key; (b) receiving access information encrypted by a second public key from a second service provider, the access information comprising a second encrypted event key; (c) transferring the first and second event keys to a smart card connected to the digital video device; (d) receiving a first transmission event scrambled by the first event key from the first service provider; (e) receiving a second transmission event scrambled by the second event key from the second service provider; (f) decrypting one of the first and second encrypted event keys in the smart card Access management method for a limited transmission event using a digital video device comprising a. The method of claim 7, wherein (g) delivering at least one of the first and second transmission events to the smart card; (h) descrambling one of the first and second transmission events with the one of the first and second event keys in the smart card; (i) delivering the descrambled transmission event to the digital video device How to include more. As a conditional access system, At least two program service providers; At least one digital device comprising at least one smart card that receives scrambled transmission signals from the at least two service providers and descrambles the scrambled transmission signals Including; The at least one smart card includes at least two decryption keys for decrypting at least two respective descrambling keys, wherein the descrambling keys are used to descramble transmission signals received from the at least two service providers. Conditional access system. 10. The conditional access system of claim 9, wherein the at least two decryption keys comprise at least two private keys. 10. The conditional access system of claim 9, wherein the at least two decryption keys comprise at least two symmetric keys. The method of claim 9, wherein a first service provider of the at least two service providers scrambles the signal using a first scrambling key that is encrypted by a first public key, and a second service provider of the at least two service providers Scrambling a signal using a second scrambling key encrypted by a second public key, wherein a first private key of at least two private keys recovers the first scrambling key to descramble the signal of the first service provider And a second private key of the at least two private keys is used to recover the second scrambling key to descramble the signal of the second service provider. The method of claim 9, wherein a first service provider of the at least two service providers is located in a first geographic area, and a second service provider of the at least two service providers is adjacent to the first geographic area but is associated with the area. Is located in another second geographic region. 10. The method of claim 9, wherein a first service provider of the at least two service providers is disposed in a first broadcast zone, and a second service provider of the at least two service providers is adjacent to the first broadcast zone but is associated with the area. Is located in another second broadcast zone. A method of managing access to a plurality of restricted transmission events, (a) receiving a plurality of scrambled transmission events from a plurality of different service providers; (b) receiving encrypted access information from a plurality of different service providers associated with the plurality of transmission events, the access information comprising a plurality of descrambling keys, each of the plurality of descrambling keys Corresponding to each of the service providers of; (c) decoding the access information; (d) descrambling the plurality of transmission events Access management method for a plurality of limited transmission events comprising a. A method of providing conditional access, (a) assigning a first scrambling key pair to the first geographic region; (b) assigning a second scrambling key pair to a second geographic region different from the first geographic region; (c) enabling a broadcaster in the first geographic area to encrypt at least one descrambling key using the public key of the first scrambling key pair; (d) enabling a broadcaster in the second geographic area to encrypt at least one descrambling key using the public key of the second scrambling key pair; (e) providing a digital device with a private key of the first scrambling key pair and a private key of the second scrambling key pair; (f) enabling user conditional access to the scrambled transmitted signal from the first and second geographic regions by using a private key provided to the digital device; Conditional access providing method comprising a. A method of managing access to restricted transport events, (a) receiving at least one scrambled first transmission event from a first service provider; (b) receiving at least one scrambled second transmission event from a second service provider; (c) receiving access information associated with the transmission event; (d) deriving a first and a second descrambling key from the access information, wherein the first descrambling key corresponds to the first service provider and the second descrambling key corresponds to the second service provider. Corresponding one; (e) descrambling the transmission event using the first and second descrambling keys Access management method for a limited transmission event comprising a.