The invention relates to a conditional access apparatus and a method of providing conditional access.
MPEG transport streams provide for conditional access. These streams contain encrypted data and messages that enable the decryption of the encrypted data. The messages include so-called ECM's (Entitlement Control Messages) that contain control words for decrypting the encrypted data. The control words are continuously updated, making it necessary to include a stream of ECM's with the encrypted data. The control words in the ECM's themselves are encrypted using an authorization key. The messages also include so-called EMM's (Entitlement Management Messages) that contain the authorization keys. The EMM's are encrypted with user specific keys. This means that different EMM's have to be broadcast for different users. As a result an EMM for a specific user can only be broadcast infrequently.
Conditional access allows a service provider to broadcast media information in such a way that only authorized users (paying subscribers) are able to decrypt the encrypted data. To do so the service provider provides each user with a receiving device. The receiving device contains a secure device that is capable of decrypting the EMM's for the user, so as to allow the receiving device to decrypt the ECM's broadcast by the service provider and thereby in turn to decode the encrypted data. The service provider strongly protects the secure device (typically a smart card) against tampering, such as illegal access to obtain copies of the key that is needed to decrypt the EMM's.
Different service providers typically each operate their own system, each with its own provider specific decoders, secure devices and broadcast channels. Mixing the systems involves the risk of compromising access security. For example, if different service providers would supply authorization keys under different conditions the subscribers could manipulate authorization key selection. Since EMM's can only be broadcast infrequently any error in the supply of authorization keys can only be corrected after a relatively long time. However the security of using separate systems is inefficient for example in terms of bandwidth usage. Double bandwidth is needed when different service providers broadcast the same information to their respective subscribers, for example when the service providers service in different area's that are capable of receiving the same signal.
To improve the efficiency without any long term risk of less security it has been known to broadcast a single stream of encrypted data accompanied with a plurality of streams of messages, each from a different service provider, each stream containing ECM's and EMM's for decrypting the encrypted data. Thus, the subscribers of all of the service providers are enabled to decrypt the same encrypted data. At the same time security need not be compromised because each service provider provides the control words with his own ECM's. Any lapse in security is corrected by the next change of control word, which occurs typically every 10 seconds.
It is increasingly becoming cost effective for subscribers to provide conditional access devices with storage devices such as hard disks for storing conditionally accessible information. The storage device can be used for time-shifted viewing and for multiple viewing. Such use adds additional value to the conditional access device and therefore it would be desirable that the service provider could exercise control over replay. Replay also leads to difficulties, for example when the authorization key is changed between the time when the encrypted data and the ECM's are stored and the time when they are replayed. This means that the authorization key has to be changed back to an old authorization key.
Amongst others, it is an object of the invention to allow service providers to exercise a more flexible control over conditional access.
The invention provides for an apparatus as set forth in claim 1. According to the invention a signal with a plurality of streams of messages with decryption information for the same encrypted data is used. The apparatus provides access to the encrypted data using different streams of messages in different modes of operation. For example, one stream of messages may be used to decrypt the data during live rendering of the data and another stream of messages may be used to decrypt the same data during rendering of a replayed signal. Yet another stream of messages may be used during transcoding, when the apparatus decrypts the same data in order to reduce its compression rate.
The service provider broadcasts the signal with the encrypted data and a plurality of streams of messages with decryption information, so that each stream of messages can be used independently of the other to decrypt the data. Each decryption device is authorized to decrypt the data with one of a set of possible authorizations, which includes one or more authorizations to use messages from any one of a combination of streams that is particular to the device. Preferably the set also includes authorizations to use a single stream, for live replay for example. Authorization is realized by supplying the relevant authorization keys, for example in EMM's, but also possibly via additional channels such as via the internet. Thus, one device may be authorized for example to use only the stream of messages used in the live rendering mode, allowing the device only to perform live rendering only. Another device may be authorized to use the stream for live rendering and the stream for replay, allowing the device to perform both modes of rendering.
The service provider may use different time points to change the authorization of the use of different ones of the streams of messages. The authorization of messages for the replay mode for example may be for signals broadcast during a certain period, while the authorization of messages for the live rendering mode are regularly replaced.
These and other advantageous aspects of the apparatus and method according to the invention will be described in more detail using the following figures.
In operation the apparatus processes conditional access signals such as MPEG streams. Data decoder 12 and secure device 17 together operate as a conditional access decoder that is capable of decrypting data from the signal, provided that an appropriate authorization key is present en entitled to be used in secure device 17. The apparatus operates in a selectable one of a number of operating modes. Mode selection unit 16 selects the operating mode and instructs the remainder of the apparatus to operate in the selected mode. Two operating modes will be illustrated: a live rendering mode and a replay mode.
In the live rendering mode a signal received at input 11 is passed to data decoder 12 by multiplexer 10. Data decoder 12 decrypts data from the signal and passes the decrypted data to rendering device 14. Rendering device 14 contains for example a display screen to display video data if the encrypted data represents a video signal. In the live rendering mode, mode selection unit 16 commands multiplexer 10 to pass the signal from input 11 to data decoder 12 and secure device 17. Mode selection unit 16 commands secure device 17 to extract decryption information from messages for live rendering from the signal and secure device 17 passes control words obtained from the messages to data decoder 12 to decode the encrypted data from the signal.
In the replay mode a signal stored in storage device 19 is retrieved and passed to data decoder 12 by multiplexer 10. Data decoder 12 decrypts data from the signal and passes the decrypted data to rendering device 14. In the replay mode, mode selection unit 16 commands multiplexer 10 to pass the signal from storage device 19 to data decoder 12 and secure device 17. Mode selection unit 16 commands storage device 19 to replay the data, mode selection unit 16 commands multiplexer 10 to pass data from storage device 19 and mode selection unit 16 commands secure device 17 to extract decryption information from messages for replay from the signal. Secure device 17 passes control words obtained from the messages to data decoder 12 to decode the encrypted data from the signal.
The control words in the messages 22, 24 are encrypted. Secure device 17 decrypts the control words from part of the messages 22, 24 and supplies the currently needed decrypted control words to data decoder 12 to control decoding of the encrypted data from the signal. The control word supplied by secure device 17 changes at the start of each new time interval 26a,b in which a new control word is needed.
Secure device 17 may use any way to select the appropriate messages from the signal. In one embodiment each message with decryption information contains an identifier to indicate the stream to which the message belongs. In this case, secure device needs only to decrypt control words from the messages the carry the identifier of the stream that is selected for the mode indicated by mode selection unit 16.
Mode control unit preferably has a user interface (not shown) for selecting the operating mode. In addition the user interface may be used to command storage of a signal received at input 11 in storage device 19. In this case the signal may be pre-processed, for example by removing the messages 20 for the stream of messages that are intended for use during live rendering. Thus, tamper resistance is improved, by ensuring that the messages with decryption information for decrypting live streams are absent altogether from stored streams.
Although the invention has been illustrated in terms of a live rendering mode and a replay mode, additional modes may be used without deviating from the invention. Some of these modes may use the same stream of messages as another one of the modes, or they may use a different stream of messages (not shown in
Furthermore, although the invention has been illustrated using a multiplexer and a secure device which are controlled in common by the same control device, so that ECM selection and source selection are performed in common, it will be understood that such common control is not essential. The secure device may use detection of the presence or absence of a specific stream of messages with decryption information to select an appropriate stream of messages. That is, it need not be directly controlled by the same control device as the multiplexer. For example, when messages with decryption information for decryption “live” streams are not stored with the stream, secure device may automatically select messages with decryption information for stored streams, if entitled to do so, when it receives information that is apparently stored information because it lacks a stream of messages with decryption information for “live” reception”.
In operation the distribution system makes use of the fact that the apparatuses 32a-c use different streams of messages to obtain the control words for operation in different modes. Distribution unit 30 provides each apparatus 32a-c with its own specific combination of authorization keys to decrypt different streams of messages 20, 22 and thereby to operate in different modes. Thus different subscribers, using different ones of the apparatuses 30a-c may be enabled to operate different modes dependent on the payment of subscriber fees. The authorization key for replay from storage might be provided specifically on demand when the subscriber wants to view stored data.
Number | Date | Country | Kind |
---|---|---|---|
02076548.3 | Apr 2002 | EP | regional |
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/IB03/01404 | 4/3/2003 | WO |