U.S. patent application number 16/670957 was filed with the patent office on 2020-02-27 for method and apparatus for supporting multiple broadcasters independently using a single conditional access system.
This patent application is currently assigned to VERIMATRIX. The applicant listed for this patent is VERIMATRIX. Invention is credited to Jacob T. Carson, Ronald P. Cocchi, Dennis R. Flaharty, Gregory J. Gagnon, Michael A. Gorman, Matthew A. Skubiszewski.
Application Number | 20200068175 16/670957 |
Document ID | / |
Family ID | 60159195 |
Filed Date | 2020-02-27 |
View All Diagrams
United States Patent
Application |
20200068175 |
Kind Code |
A1 |
Cocchi; Ronald P. ; et
al. |
February 27, 2020 |
METHOD AND APPARATUS FOR SUPPORTING MULTIPLE BROADCASTERS
INDEPENDENTLY USING A SINGLE CONDITIONAL ACCESS SYSTEM
Abstract
A method and apparatus for brokering the enablement of the
communication of encrypted media programs from a plurality of
independent broadcasters to a plurality of receivers is disclosed.
The system makes use of a pairing key for each provided service,
which is differently encrypted by a pairing server and by the
broadcaster providing the service. The encrypted versions of the
pairing key are decrypted in a first receiver module using
information known to the pairing service but not the broadcaster
and in a second receiver module using information known to the
broadcaster. The pairing key is used to cryptographically bind the
first and second receiver modules.
Inventors: |
Cocchi; Ronald P.; (Seal
Beach, CA) ; Gagnon; Gregory J.; (Redondo Beach,
CA) ; Flaharty; Dennis R.; (Shingle Springs, CA)
; Gorman; Michael A.; (Cypress, CA) ; Carson;
Jacob T.; (Long Beach, CA) ; Skubiszewski; Matthew
A.; (Hermosa Beach, CA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
VERIMATRIX |
Meyreuil |
|
FR |
|
|
Assignee: |
VERIMATRIX
Meyreuil
FR
|
Family ID: |
60159195 |
Appl. No.: |
16/670957 |
Filed: |
October 31, 2019 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
15652082 |
Jul 17, 2017 |
10477151 |
|
|
16670957 |
|
|
|
|
14692500 |
Apr 21, 2015 |
9712786 |
|
|
15652082 |
|
|
|
|
13541492 |
Jul 3, 2012 |
9014375 |
|
|
14692500 |
|
|
|
|
11795272 |
Jul 13, 2007 |
8243925 |
|
|
PCT/US2005/037197 |
Oct 18, 2005 |
|
|
|
13541492 |
|
|
|
|
60619663 |
Oct 18, 2004 |
|
|
|
62446196 |
Jan 13, 2017 |
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04N 21/4181 20130101;
G06F 2221/2105 20130101; H04N 7/165 20130101; H04N 21/472 20130101;
H04N 21/42684 20130101; G06F 21/74 20130101; H04N 7/163 20130101;
H04N 7/17318 20130101; H04N 21/4367 20130101; H04N 7/1675 20130101;
H04N 21/2543 20130101; G06F 21/10 20130101; G06F 2221/0797
20130101; G06F 2221/2107 20130101; G06F 2221/0706 20130101; G06F
2221/2153 20130101; H04N 21/25866 20130101; H04N 21/26606 20130101;
G06F 2221/2141 20130101 |
International
Class: |
H04N 7/167 20060101
H04N007/167; H04N 21/258 20060101 H04N021/258; H04N 7/16 20060101
H04N007/16; H04N 7/173 20060101 H04N007/173; H04N 21/2543 20060101
H04N021/2543; H04N 21/266 20060101 H04N021/266; H04N 21/418
20060101 H04N021/418; H04N 21/426 20060101 H04N021/426; H04N
21/4367 20060101 H04N021/4367; H04N 21/472 20060101
H04N021/472 |
Claims
1. A method of brokering an enabling of communication of at least
one encrypted service of a group of encrypted services from a
plurality of data providers to a plurality of devices, the at least
one encrypted service decryptable by a first device module securely
communicating with a second device module according to a pairing
key associated with a device of the plurality of devices,
comprising: transmitting a first service enabling request for a
first service from a data provider of the plurality of data
providers to a broker independent from the data provider, the first
service enabling request comprising an identification of the
device; receiving a first encrypted version of the pairing key
E.sub.S.sub.1[K.sub.p] in the data provider from the broker, the
first encrypted version of the pairing key E.sub.S.sub.1[K.sub.p]
decryptable by first information S.sub.1 securely stored in the
first device module of the device; generating a second encrypted
version of the pairing key E.sub.S.sub.2[K.sub.p] in the data
provider, the second encrypted version of the pairing key
E.sub.S.sub.2[K.sub.p] decryptable by second information S.sub.2
securely stored in the second device module; and transmitting the
first encrypted version of the pairing key E.sub.S.sub.1[K.sub.p]
and the second encrypted version of the pairing key
E.sub.S.sub.2[K.sub.p] to the device; wherein each service in the
group is enabled by a different pairing key K.sub.p.
2. The method of claim 1, wherein the first service is selected
from a group consisting of: a general broadcast service from the
data provider, including access to a number of media channels as a
baseline fee service; particular data from the data provider; and a
particular set of data from the data provider.
3. The method of claim 2, wherein the service is encrypted
according to a control word CW, and the method further comprising
decrypting the first encrypted version of the pairing key
E.sub.S.sub.1[K.sub.p] in the first device module; decrypting the
second encrypted version of the pairing key E.sub.S.sub.2[K.sub.p]
in the second device module; decrypting an encrypted version of the
control word E[CW] in the second device module; re-encrypting the
decrypted control word CW according to the decrypted second
encrypted version of the pairing key; providing the re-encrypted
control word E.sub.K.sub.p[CW] from the second device module to the
first device module; and decrypting the re-encrypted control word
E.sub.K.sub.p[CW] using the decrypted first encrypted version of
the pairing key K.sub.p.
4. The method of claim 1, further comprising the steps of:
transmitting a second service enabling request for a second service
from the data providers to the broker, the second service enabling
request comprising an identification of the device; receiving a
first encrypted version of a second pairing key
E.sub.S.sub.1[K.sub.p.sub.2] from the broker, the first encrypted
version of the second pairing key E.sub.S.sub.1[K.sub.p.sub.2]
decryptable by the first information S.sub.1 securely stored in the
first device module of the device; generating a second encrypted
version of the second pairing key E.sub.S.sub.2[K.sub.p.sub.2], the
second encrypted version of the pairing key
E.sub.S.sub.2[K.sub.p.sub.2] decryptable by the second information
S.sub.2 securely stored in the second device module; and
transmitting the first encrypted version of the second pairing key
E.sub.S.sub.1[K.sub.p.sub.2] and the second encrypted version of
the second pairing key E.sub.S.sub.1[K.sub.p.sub.2] to the device;
wherein the second service is different than the first service.
5. The method of claim 4, wherein the data is encrypted according
to a control word CW and the method further comprises the steps of:
decrypting the first encrypted version of the second pairing key
E.sub.S.sub.1[K.sub.p.sub.2] in the first device module; decrypting
the second encrypted version of the second pairing key
E.sub.S.sub.1[K.sub.p.sub.2] in the second device module;
decrypting an encrypted version of the control word E[CW] in the
second device module; re-encrypting the decrypted control word CW
according to the decrypted second encrypted version of the second
pairing key K.sub.p.sub.2; providing the re-encrypted control word
E K p 2 [ CW ] ##EQU00001## from the second device module to the
first device module; and decrypting the re-encrypted control word
E.sub.K.sub.P2[CW] using the decrypted first encrypted version of
the second pairing key K.sub.p.sub.2.
6. The method of claim 2, further comprising the steps of:
transmitting a second service enabling request for a second service
from a second data provider of the plurality of data providers to
the broker, the request comprising the identification of the
device; receiving a first encrypted version of a second pairing key
E.sub.S.sub.1[K.sub.p.sub.2] from the broker, the first encrypted
version of the second pairing key E.sub.S.sub.1[K.sub.p.sub.2]
decryptable by the first information S.sub.1 securely stored in the
first device module of the device; generating a second encrypted
version of the second pairing key E.sub.S.sub.2[K.sub.p.sub.2], the
second encrypted version of the pairing key
E.sub.S.sub.2[K.sub.p.sub.2] decryptable by the second information
S.sub.2 securely stored in the second device module; and
transmitting the first encrypted version of the second pairing key
E.sub.S.sub.1[K.sub.p.sub.2] and the second encrypted version of
the second pairing key E.sub.S.sub.1[K.sub.p.sub.2] to the device;
wherein the second service is selected from the group consisting
of: a general broadcast service from the second data provider,
including access to a number of media channels as a baseline fee
service; particular data from the second data provider, including
an order ahead pay per view service and an impulse pay per view
service; and a particular set of data from the second data
provider.
7. The method of claim 6, wherein the service is encrypted
according to a control word CW, and the method further comprises
the steps of: decrypting the first encrypted version of the second
pairing key E.sub.S.sub.1[K.sub.p.sub.2] in the first device
module; decrypting the second encrypted version of the second
pairing key E.sub.S.sub.2[K.sub.p.sub.2] in the second device
module; decrypting the encrypted version of the control word E[CW]
in the second device module; re-encrypting the decrypted control
word CW according to the decrypted second encrypted version of the
second pairing key K.sub.p.sub.2; providing the re-encrypted
control word E K p 2 [ CW ] ##EQU00002## from the second device
module to the first device module; and decrypting the re-encrypted
control word E K p 2 [ CW ] ##EQU00003## using the decrypted first
encrypted version of the second pairing key K.sub.p.sub.2.
8. The method of claim 1, wherein the first service enabling
request is transmitted in response to a service request, the
service request transmitted from the device to the data
provider.
9. The method of claim 1, wherein the first information S.sub.1 and
the second information S.sub.2 is known to the broker and the data
providers.
10. The method of claim 1, wherein the first information S.sub.1 is
known to the broker and unknown to the data provider, and wherein
the second information S.sub.2 is known to the data provider and
unknown to the broker.
11. The method of claim 1, wherein: the first information S.sub.1
is a first secret unique to the device and stored in a first module
of the device; the second information S.sub.2 is a second secret is
securely stored in a second module of the device.
12. The method of claim 11, wherein the second module is a smart
card removably coupleable to the first module.
13. The method of claim 11, wherein the second module is
irremovably integrated with the device.
14. The method of claim 1, wherein the pairing key is generated by
the data provider and transmitted to the broker.
15. The method of claim 1, wherein the pairing key is generated by
the broker and transmitted to the data provider in response to the
service enabling request.
16. A system for brokering the enabling of communication of at
least one encrypted service of a group of encrypted services from a
plurality of data providers to a plurality of devices, the at least
one encrypted service decryptable by a first device module securely
communicating with a second device module according to a pairing
key K.sub.p associated with a device of the plurality of devices,
the system comprising: a broker, for providing a first encrypted
version of the pairing key E.sub.S.sub.1[K.sub.p] in response to a
service enabling request for a service from a data provider of the
plurality of data providers, the service request having an
identification of the device; and wherein the first encrypted
version of the pairing key E.sub.S.sub.1[K.sub.p] is decryptable by
first information S.sub.1 stored in the first device module and
wherein the first device module receives the first encrypted
version E.sub.S.sub.1[K.sub.p] of the pairing key K.sub.p and a
second encrypted version of the pairing key E.sub.S.sub.2[K.sub.p]
from the data provider, the second encrypted version of the pairing
key E.sub.S.sub.2[K.sub.p] being generated by the data provider and
decryptable by second information S.sub.2 stored in the second
device module; wherein each service in the group is enabled by a
different pairing key K.sub.p.
17. The system of claim 16, wherein the service is selected from a
group consisting of: a general broadcast service from the data
provider, including access to a number of media channels as a
baseline fee service; particular data from the data provider; and a
particular set of data from the data provider.
18. The system of claim 17, wherein the first information S.sub.1
and the second information S.sub.2 is known to the broker and the
data provider.
19. The system of claim 17, wherein the first information S.sub.1
is known to the broker and unknown to the data provider, and
wherein the second information S.sub.2 is known to the data
provider and unknown to the broker.
20. The system of claim 17, wherein: the first information S.sub.1
is a first secret unique to the device and is securely stored in
first module of the device; and wherein the second information
S.sub.2 is a second secret securely stored in second module of the
device.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application is a continuation of U.S. patent
application Ser. No. 15/652,082, entitled "METHOD AND APPARATUS FOR
SUPPORTING MULTIPLE BROADCASTERS INDEPENDENTLY USING A SINGLE
CONDITIONAL ACCESS SYSTEM," by Ronald P. Cocchi et al., filed Jul.
17, 2017, which application:
[0002] is a continuation-in-part of U.S. patent application Ser.
No. 14/692,500, entitled "METHOD AND APPARATUS FOR SUPPORTING
MULTIPLE BROADCASTERS INDEPENDENTLY USING A SINGLE CONDITIONAL
ACCESS SYSTEM," by Ronald P. Cocchi, Gregory J. Gagnon, and Dennis
R. Flaharty, filed Apr. 21, 2015, now issued as U.S. Pat. No.
9,712,786, which application is a continuation of U.S. patent
application Ser. No. 13/541,492, entitled "METHOD AND APPARATUS FOR
SUPPORTING MULTIPLE BROADCASTERS INDEPENDENTLY USING A SINGLE
CONDITIONAL ACCESS SYSTEM," by Ronald P. Cocchi, Gregory J. Gagnon,
and Dennis R. Flaharty, filed Jul. 3, 2012, now issued as U.S. Pat.
No. 9,014,375, which application is a continuation of U.S. patent
application Ser. No. 11/795,272, entitled "METHOD AND APPARATUS FOR
SUPPORTING MULTIPLE BROADCASTERS INDEPENDENTLY USING A SINGLE
CONDITIONAL ACCESS SYSTEM," by Ronald P. Cocchi, Gregory J. Gagnon,
and Dennis R. Flaharty, filed Jul. 13, 2007, now issued as U.S.
Pat. No. 8,243,925, which is a national phase application of
International Patent Application No.: PCT/US2005/037197, entitled
"METHOD AND APPARATUS FOR SUPPORTING MULTIPLE BROADCASTERS
INDEPENDENTLY USING A SINGLE CONDITIONAL ACCESS SYSTEM," by Ronald
P. Cocchi, Gregory J. Gagnon, and Dennis R. Flaharty, filed Oct.
18, 2005, which claims benefit of U.S. Provisional Patent
Application No. 60/619,663, entitled "METHOD OF SUPPORTING MULTIPLE
BROADCASTERS INDEPENDENTLY USING A SINGLE CONDITIONAL ACCESS
SYSTEM," by Ronald P. Cocchi, Gregory J. Gagnon, and Dennis R.
Flaharty, filed Oct. 18, 2004, all of which applications are hereby
incorporated by reference herein.
[0003] also claims benefit of U.S. Provisional Patent Application,
No. 62/446,196, entitled "SIGNALING METHOD FOR CAS SWITCHING AND
KEY DERIVATION," by Ronald P. Cocchi et al., filed Jan. 13, 2017,
which is also incorporated by reference herein.
[0004] This application is also related to U.S. patent application
Ser. No. 15/207,332, entitled "METHOD AND APPARATUS FOR A BLACKBOX
PROGRAMMING SYSTEM PERMITTING DOWNLOADABLE APPLICATIONS AND
MULTIPLE SECURITY PROFILES PROVIDING HARDWARE SEPARATION OF
SERVICES IN HARDWARE CONSTRAINED DEVICES," by Ronald P. Cocchi et
al, filed Jul. 11, 2016, which application claims benefit of U.S.
Provisional Patent Application No. 62/191,200, entitled "METHOD AND
APPARATUS FOR A BLACKBOX PROGRAMMING SYSTEM PERMITTING DOWNLOADABLE
APPLICATIONS AND MULTIPLE SECURITY PROFILES PROVIDING HARDWARE
SEPARATION OF SERVICES IN HARDWARE CONSTRAINED DEVICES," by Ronald
P. Cocchi et al, filed Jul. 10, 2015, all of which applications are
hereby incorporated by reference.
BACKGROUND OF THE INVENTION
1. Field of the Invention
[0005] The present invention relates to systems and methods for
providing conditional access to media programs, and in particular
to a system and method for providing for such conditional access
between multiple independent broadcasters and a plurality of
customers using a single conditional access system.
2. Description of the Related Art
[0006] For many years, media programs such as television and radio
programs have been broadcast to viewers/listeners free of charge.
More recently, this free-of-charge dissemination model has been
augmented with a fee-for-service and/or fee-for-view model in which
paying subscribers are provided access to a greater variety and
number of media programs, including video programs, audio programs
and the like, by cable, satellite and terrestrial broadcasts.
[0007] However, while subscriber-based services are readily
available in some areas, they are not available on a world-wide
basis. Further, in current media program subscription business
models, subscribers are typically offered services from a small
number of providers (e.g. DIRECTV or ECHOSTAR, or the approved
local cable provider) each of which typically provide a large
number of media channels from a variety of sources (e.g. ESPN, HBO,
COURT TV, HISTORY CHANNEL). To assure that only subscribers receive
the media programs, each service provider typically encrypts the
program material and provides equipment necessary for the customer
to decrypt them so that they can be viewed.
[0008] Since they provide a large number of programs and typically
at a relatively high cost, the vast majority of customers subscribe
to only one of the foregoing services (e.g. DIRECTV, ECHOSTAR, or
the local cable provider), but not multiple providers. It is
expected that future business models will evolve to the point where
customers will subscribe to more than one media provider, each of
which provides a smaller number of media channels. The foregoing is
especially true in areas where subscriber-based services are in
their infancy, including for example, large parts of Asia, Africa,
and South America.
[0009] One of the roadblocks to the evolution of such services is
the means by which the service provider assures that only paying
customers receive their media programs. Existing conditional access
systems are not compatible with each other, and it is thought to be
prohibitively expensive for each provider of a limited number of
media programs to produce and provide its own conditional access
system to potential subscribers. Another problem is that customers
would typically prefer to receive all media programs through a
single device (and hence, a single conditional access system),
rather than multiple such systems. Accordingly, there is a need in
the art for a method and apparatus that allows multiple program
providers (e.g. broadcasters) to transmit media programs to paying
subscribers via a single conditional access system. The present
invention satisfies that need.
SUMMARY OF THE INVENTION
[0010] To address the requirements described above, the present
invention discloses a method, apparatus, article of manufacture for
brokering the enabling of communication of encrypted media programs
from a plurality of independent broadcasters to a plurality of
receivers, each encrypted media program decryptable by a first
receiver module securely communicating with a second receiver
module according to a pairing key associated with one of the
plurality of receivers. In one disclosed embodiment, the method
comprises the steps of transmitting a service enabling request from
one of the plurality of broadcasters to a broker independent from
the one of the plurality of broadcasters, the request comprising an
identification of the one of the plurality of receivers; receiving
a first encrypted version of the pairing key E.sub.S.sub.1[K.sub.p]
from the broker, the first encrypted version of the pairing key
E.sub.S.sub.1[K.sub.p] decryptable by first information S.sub.1
securely stored in the first receiver module of the one of the
plurality of receivers; generating a second encrypted version of
the pairing key K.sub.p, the second encrypted version of the
pairing key E.sub.S.sub.1[K.sub.p] decryptable by second
information S.sub.2 securely stored in the second receiver module;
and transmitting the first encrypted version of the pairing key
E.sub.S.sub.1[K.sub.p] and the second encrypted version of the
pairing key E.sub.S.sub.1[K.sub.p] to the one of the plurality of
receivers. In another disclosed embodiment, the apparatus is
described by system for brokering the enabling of communication of
encrypted media programs from a plurality of independent
broadcasters to a plurality of receivers, each encrypted media
program decryptable by a first receiver module securely
communicating with a second receiver module according to a pairing
key K.sub.p associated with one of the plurality of receivers. The
system comprises a broker, for providing a first encrypted version
of the pairing key E.sub.S.sub.1[K.sub.p] in response to a service
enabling request from one of the plurality of broadcasters, the
service request having an identification of one of the plurality of
receivers, wherein the first encrypted version of the pairing key
E.sub.S.sub.1[K.sub.p] is decryptable by first information S.sub.1
stored in the first receiver module. In each of these embodiments,
at least one of the first information S.sub.1 and the second
information S.sub.2 may be derived from a hardware root of trust
stored in at least one of the first receiver module and the second
receiver module
BRIEF DESCRIPTION OF THE DRAWINGS
[0011] Referring now to the drawings in which like reference
numbers represent corresponding parts throughout:
[0012] FIG. 1 is a diagram illustrating a media program
distribution system;
[0013] FIG. 2 is a diagram of a typical subscriber station;
[0014] FIG. 3 is a diagram illustrating a multiple broadcaster
media program distribution system;
[0015] FIGS. 4A-4D are diagrams illustrating one embodiment of how
the pairing system cooperatively operates with multiple service
providers and equipment at the subscriber stations to implement a
conditional access system;
[0016] FIG. 5A is a diagram illustrating one embodiment of the
service provider;
[0017] FIG. 5B is a diagram illustrating an embodiment of a table
stored in the pairing system;
[0018] FIG. 5C is a diagram illustrating an embodiment of a table
stored by the service provider;
[0019] FIG. 6 is a diagram illustrating one embodiment of the
STB;
[0020] FIG. 7 is a diagram illustrating an exemplary embodiment of
the transport module and the CAM; and
[0021] FIG. 8 is a diagram of a computer that can be used to
implement selected modules.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
[0022] In the following description, reference is made to the
accompanying drawings which form a part hereof, and which is shown,
by way of illustration, several embodiments of the present
invention. It is understood that other embodiments may be utilized
and structural changes may be made without departing from the scope
of the present invention.
[0023] FIG. 1 is a diagram illustrating a media program
distribution system 100. The system 100 includes a plurality of
service providers (hereinafter alternatively referred to as
broadcasters) 102, including a first service provider 102A that
broadcasts media programs from a satellite broadcast facility 152A
via one or more uplink antennas and one or more satellites 156, a
second service provider 102B, that broadcasts media programs from
terrestrial broadcast facility 152B and one or more terrestrial
antennas 164, and a third service provider 102C that broadcasts
media programs via a cable link 160.
[0024] The system 100 also comprises a plurality of subscriber
stations 104A, 104B (alternatively referred to hereinafter as
subscriber station 104), each providing service to one or more
subscribers 112A, 112B (alternatively referred to hereinafter as
subscribers 112). Each subscriber station 104A, 104B may include a
satellite reception antenna 106A, 106B (alternatively referred to
hereinafter as satellite reception antenna 104) and/or a
terrestrial broadcast antenna 108A, 108B (alternatively referred to
hereinafter as terrestrial broadcast antenna 108) communicatively
coupled to a receiver 110A, 110B (alternatively referred to
hereinafter as receiver 110), which is also known as a set top box
(STB) or an integrated receiver/decoder (IRD).
As described above, in prior art systems, each receiver 110A, 110B
(or at least, each conditional access system used with each
receiver) is capable of receiving subscriber-based media programs
from only one of the media program providers 102. Hence, if a
subscriber 112 wanted to receive media programs from more than one
media program provider 102 on a subscription basis, the subscriber
may need not only to have a multiple receivers 110 at the
subscriber station 104A, but also, will require multiple
conditional access systems.
[0025] FIG. 2 is a diagram of a typical subscriber station 104.
Each station 104 includes at least one receiver or STB 110, which
itself includes a transport module 202 that communicates with a
conditional access module (CAM) 206. In one embodiment, the CAM 206
is a smart card that is removably communicatively coupleable to the
transport module 202 and hence, the STB 110. In another embodiment,
the CAM 206 is a device such as a chip or a collection of devices
that are physically integrated with the STB 110 and irremovable. To
assure that only those who subscribe to the service are provided
with media programs, the service providers typically encrypt the
media program M with a control word CW, thus producing and
encrypted program E.sub.CW[M], and transmit the encrypted media
program E.sub.CW[M] and an encrypted version of the control word
E[CW] to the receiver 110. The receiver 110 receives both the
encrypted program E.sub.CW[M] and the encrypted control word E[CW].
The transport module 202 analyzes the incoming data stream and
passes the encrypted control E[CW] to the CAM 206, which decrypts
the control word CW and returns the decrypted control word CW to a
security module 204 or similar device in the transport module 202.
The security module 204 then uses the control word CW to decrypt
the encrypted media program E.sub.CW[M] to produce the media
program M for presentation to the subscriber. This system assures
that only those who are in possession of a valid CAM 206 can
receive and decode media programs. However, it does not prevent the
use of the CAM 206 in any other STB 110. Hence, if the CAM 206 is
compromised or duplicated, unauthorized access to media programs is
possible.
[0026] FIG. 3 is a diagram illustrating a multiple broadcaster
Conditional Access Subscriber Administration System (CASAS) 200.
The MB system 200 is similar to that which is disclosed in FIG. 1,
but includes a pairing broker 304, which can communicate with the
broadcast facilities 152 via a communications medium 302 such as
the Internet.
[0027] FIGS. 4A-4D are diagrams illustrating one embodiment of how
the pairing broker 304 cooperatively operates with multiple service
providers 102 and equipment at the subscriber stations 104 to
implement a conditional access system. FIGS. 4A-4D will be
described in connection with and with reference to FIGS. 5 and 6,
which illustrate one embodiment of the service provider 102
elements and STB 110 elements, respectively.
[0028] FIG. 4A begins with a potential customer 112 who has decided
to subscribe a media program service offered by a service provider
102. To do so, the subscriber contacts the service provider 102 and
transmits information sufficient to identify the STB and the CAM to
the service provider 102, as shown in block 402. In one embodiment,
this information includes an STB 110 unique identifier (ID) (such
as a serial number or other designation) and a CAM 206 unique
identifier (CAM ID). In a preferred embodiment, this is
accomplished by transmitting the information via the Internet 302
or similar network.
[0029] This can be accomplished by use of a web browser implemented
in a computer 512 disposed at the subscriber station 104 and a web
transaction module 502 implemented at the service provider 102. If
desired, the subscriber's web browser can include the appropriate
references to the URL where the request and STB ID and CAM ID
should be transmitted. In one embodiment, in addition to the STB
ID, the potential subscriber also transmits his/her credit card
information (e.g. the account number) as well. This allows for
services to be automatically billed for monthly subscription fees
without further interaction. Credit card payment administration can
be performed by the service provider 102 or by a third party such
as PAYPAL. These functions can be performed by the subscriber
administration module (SAM) 504. The SAM 504 can also comprise or
be integrated with a customer relationship management (CRM) system
or systems. If access is approved (e.g. if the supplied credit card
information has been verified), the subscriber administration
module 504 directs the web transaction module 502 to request a
pairing key K.sub.p from the pairing broker 304.
[0030] This implementation reduces the support requirements for the
service provider 102. In other embodiments, the potential customer
112 can contact the service provider 102 via telephone or other
means and provide the service request, STB ID, and CAM ID. Further,
if desired, the pairing broker 304 can receive the service request
(preferably via an appropriate Internet interface) and forward the
request for service and the appropriate identifying information to
the service provider 102.
[0031] The service provider 102 receives the service request the
identifying information, as shown in block 404. The service
provider 102 then transmits an enabling service request and the STB
ID to the pairing broker 304, as shown in block 408. In block 410,
the pairing broker 304 receives the service enabling request and
the STB ID. A first encrypted version of a pairing key K.sub.p is
then provided. The pairing key K.sub.p was generated either in
block by the service provider 102, as shown in block 406 or,
preferably by the pairing broker 304, as shown in block 406'. The
first encrypted version of the pairing key K.sub.p is provided so
as to be decryptable using first information S.sub.1 securely
stored in a first receiver module such as the transport module 202
shown in FIG. 6 (the first encrypted version of the pairing key
K.sub.p therefore described as E.sub.S.sub.1[K.sub.p]). In one
embodiment, this is accomplished by use of a secret that is known
to the pairing broker 304, but unknown to the service provider 102.
The STB IDs and related first information S.sub.1 can be stored in
a table or a database 514 in the pairing broker 304. If desired,
the related first encrypted versions of the pairing key
E.sub.S.sub.1[K.sub.p] can be stored as well.
[0032] In block 414, the first encrypted version of the pairing key
E.sub.S.sub.1[K.sub.p] is transmitted to the service provider 102.
If the pairing key K.sub.p was generated by the pairing broker 304,
the pairing key K.sub.p is also transmitted to the service provider
102. One of both of the first encrypted version of the pairing key
E.sub.S.sub.1[K.sub.p] and the pairing key K.sub.p can be securely
transmitted to the service provider 102 via a shared secret, a
private key, or a public/private key security paradigm, if
desired.
[0033] The foregoing process can be used to request all services
from a service provider with a single pairing key K.sub.p or
repeated to request other services from the service provider 102,
with each service enabled and controlled via a different pairing
key K.sub.p. For example, the service provider 102 may provide both
general services (e.g. access to a number of channels as a part of
a baseline fee service) and pay-per-view services (e.g. access to a
particular program or set of programs on a pay-per-view basis).
Therefore, if the foregoing process was undertaken to subscribe to
the general services and the potential subscriber 112 desires order
ahead pay per view (OPPV) services or impulse pay per view (IPPV)
services as well, the foregoing process can be repeated for those
services, resulting in the provision of a first encrypted version
of a different pairing key for each service. The system 200 has the
ability to store credit information in the security module 204, CAM
206, or elsewhere, and can therefore limit the amount of IPPV
events the subscriber can purchase prior to requesting additional
credits. Finally, the potential subscriber 112 can repeat this
process for each service provider 102 from which they wish to
receive service.
[0034] Although the pairing broker 304 need not generate or store
the pairing keys K.sub.p, it may be desirable to do so. FIG. 5B is
a diagram showing a table that might be used to store and relate
the STB ID to first information S.sub.1, a service provider 102
identifier (BDCST ID), and pairing keys for general services, IPPV,
and multiple OPPV services.
[0035] In block 420, the service provider 102 receives the first
encrypted version of the pairing key K.sub.p, and generates a
second encrypted version of the pairing key K.sub.p such that it is
decryptable by second information S.sub.2 securely stored in a
second receiver module such as the conditional access module 206
(the second encrypted version of the pairing key K.sub.p therefore
described as E.sub.S.sub.1[K.sub.p]).
[0036] The service provider 102 can store a table or database
relating STB IDs and the pairing keys K.sub.p for each of the
provided services. FIG. 5C is an example of how such information
may be stored. Note that the BRDCST ID column is not necessary in
this case, because the identity of the service provider 102 is
inherently known.
[0037] In block 422, the service provider 102 transmits an
entitlement control message (ECM) or an entitlement management
message (EMM) to the subscriber station. The ECM is transmitted to
the STB 110 in response to a subscriber request for access to
general media programs from the service provider 102, while the EMM
is transmitted in response to a subscriber request for a specific
program (e.g. an impulse or order ahead pay-per-view). The ECM/EMM
includes the first encrypted version of the applicable pairing key
E.sub.S.sub.1[K.sub.p], the second encrypted version of the pairing
key E.sub.S.sub.1[K.sub.p], and the ID of the service provider 102
(BRDCST ID) which is providing the services related to the pairing
key K.sub.p. This transmission can be accomplished via the same
system used to transmit the media program M itself, or a different
communication system such as the Internet or a public switched
telephone network (PSTN) or cellphone network. In block 424, the
transport module 304 receives the first encrypted version of the
pairing key E.sub.S.sub.1[K.sub.p] and the second encrypted version
of the pairing key E.sub.S.sub.2[K.sub.p], and the service provider
ID. The second encrypted version of the pairing key
E.sub.S.sub.2[K.sub.p] is provided to the conditional access module
310, where it is received, decrypted (using the second information
S.sub.2) to obtain the pairing key K.sub.p which is stored (along
with a reference to the service provider ID (BRDCST ID) from which
the pairing key K.sub.p was received), as shown in blocks 428 and
430. Similarly, the first encrypted version of the pairing key
E.sub.S.sub.1[K.sub.p] is decrypted and stored in the transport
module 304 (also along with a reference to the service provider ID
from which the pairing key K.sub.p was received), as shown in block
432. FIG. 6 shows an exemplary embodiment of how the data relating
services, broadcasters, and pairing keys K.sub.p might be stored in
the transport module and the conditional access module.
[0038] Thereafter, the pairing key K.sub.p is used to encrypt
communications between the conditional access module 206 and the
transport module 202. Henceforward, the conditional access module
206 cannot be used a different STB 110, although if desired, more
than one STB 110 can be provided to a customer, each having the
same first information the conditional access module to be used
with different STBs 110 in the same household.
[0039] To begin service, the broadcast module 506 and/or the
broadcast headend 516 encrypts media programs M 510 according to a
control word (CW), encrypts the control word (CW) itself, and
broadcasts a program stream comprising the encrypted program
material E.sub.CW[M] and the encrypted control word E[CW] to the
STBs 100, as shown in blocks 450, 452 and 454. The program stream
may also comprise program guide information from the program guide
module 508.
[0040] The transport module 202 in the STB 110 receives the program
stream, separates out the packets of information by channel
(typically according to a packet ID), and provides the encrypted
control word E[CW] to the conditional access module 206. The
conditional access module 206 receives the encrypted control word
E[CW] decrypts it to recover the control word (CW), encrypts the
control word (CW) with the pairing key K.sub.p, and provides the
encrypted pairing key E.sub.K.sub.p[CW] to the transport module
202, as shown in blocks 460-466. Using an STB application 602 and
media kernel 604, the transport module 202 decrypts the encrypted
control word E.sub.K.sub.p[CW] using the pairing key K.sub.p thus
recovering the control word (CW), as shown in block 472, and uses
the decrypted control word (CW) to decrypt the encrypted media
program E.sub.CW[M] to produce the media program M, as shown in
block 474.
[0041] The foregoing system can be used to modify or change the
provision of services from the service provider 102 as well. This
can be accomplished by the service provider 102 deleting, adding,
or modifying the pairing keys K.sub.p in cooperation with the
pairing broker 304 in essentially the same way as described above.
Such modification can occur at the subscriber's behest (e.g. the
subscriber desires either more, less, or different services than
previously), or that of the service provider 102 (e.g. if the
offered services change or the subscriber's credit card is no
longer valid).
[0042] The modules described above can be implemented as one or
more software modules comprising instructions being performed by
one or more special or general purpose processors, or may be
implemented with hardware modules having dedicated circuitry, or
with both hardware and software modules. In one embodiment, for
example, the pairing broker 304 is implemented by a pairing server,
and the program guide module 508, broadcast module 506, subscriber
administration module 504 and web transaction module 502 are all
implemented as servers, the transport module 202 and security
module 204 are implemented in a secure, tamperproof electronic
circuit, and the conditional access module is implemented on a
smart card.
Derived Key Mechanism in SoCs
[0043] The system and method described above uses unique secrets
S.sub.1 and S.sub.2 into the transport module 202 and CAM 206. In
the embodiments described below, either or both of the unique
secrets S.sub.1 and S.sub.2 can be derived from a hardware root of
trust that is programmed into the device itself. For example, the
transport module 202 or CAM may be at least partially implemented
using System-on-Chip (SoC) architectures that permit hardware root
of trust values to be programmed into the SoC at the SoC
manufacturing site using black-box techniques. Since the values of
S.sub.1 and S.sub.2 are computed from the hardware root of trust
using software and key values that may be provided by the security
provider, this permits later allocation of these SoCs to any one of
a number of potential CE device manufacturers and many independent
CAS/DRM security providers (security provider in this context
broadly refers to any entity that would use the derived key
database for a population of fielded CE devices to protect content
for purchase by another entity who had a particular CE device in
the deployed location (e.g. home). SoC programming can also occur
at the packaging or product manufacturing facility by execution of
an in-field programming sequence on the SoC.
[0044] In traditional broadcast and cable system, content is
offered to subscribers within the content distribution ecosystem
directly from the service provider, i.e. satellite or cable
provider. In some embodiments of such systems, security based on a
hardware root of trust is used for high value content. In both CAS
and DRM content distribution paradigms, a security provider
independent architecture can support multiple concurrent or serial
CAS and DRM implementations using a single black box programming
security platform with limited One Time Programming (OTP) resources
to store secrets representing the hardware root of trust that are
used to derive the S.sub.1 and S.sub.2 values. This "derived key"
security architecture implementation can provide a means for
instantaneous switching between security profiles offered by
different and independent CAS and DRM security providers.
[0045] Hence, security providers may use black box OTP resources as
the basis to derive security keys to enable different security
schemes by altering the key generation inputs based on CAS and DRM
vendor software and possibly vendor unique OTP inputs. The key
generation inputs can be provided in the CAS and DRM application
that could be loaded at CE device manufacturing or downloaded over
the air for a fielded CE device.
[0046] Key derivation can be accomplished in a number of ways, for
example, by taking the black box programmed secret OTP keys,
CAS/DRM vendor (security provider) software input and possible
CAS/DRM vendor unique OTP values and combining in a series of
crypto graphic calculations using AES, DES or Triple DES. Where the
black box programmed secret OTP keys are used as the key and the
software input and CAS/DRM vendor unique OTP values are the data in
the crypto graphic operation.
[0047] By changing the key generation inputs used to compute
S.sub.1 and S.sub.2 values, the SoC can derive unique key outputs
for each CAS and DRM security provider used for a given content
provider or broadcaster. CAS unique inputs such as their assigned
conditional access identifier (CA ID) maybe used to differentiate
derived keys for different conditional access systems CAS1 versus
CAS2.
[0048] These security provider unique key generation outputs enable
support for multiple security providers for fielded CE devices
typically found in STBs 110, televisions (TVs), Smart TVs and
mobile devices such as smartphones. The black box security provider
provides compatible headend applications to each content provider,
so that the media programs are encrypted or otherwise protected
using the CAS and DRM implementation used.
[0049] Another advantage of using a derived key database is that
the black box programmed OTP key secrets programmed into the SoC
OTP do not have to be divulged to the multiple CAS and DRM security
providers, since these security providers would use the derived key
databases for their content protection systems, not the OTP value.
This means that if a derived key database were compromised, it only
affects the specific CAS/DRM security provider that was using that
specific derived key database, i.e. such compromise would not
affect the fielded CE devices or derived key databases of any other
such CAS/DRM security provider.
[0050] The keys and programming infrastructure provided by an
independent black box security provider enables fielded CE devices
to add additional revenue baring applications to the CE device
manufacturer or content provider giving these entities more
flexibility in managing their business and offering new services.
Besides switching out a CAS/DRM vendor for any number of reasons,
enabling the ability to add applications supporting new CAS/DRM
vendors in fielded CE devices can result in generating
significantly higher content sale revenues without requiring
consumers to upgrade their CE devices. Consumer savings are
realized by extending the field life of the CE device by allowing
the consumer to download new software images to enable the purchase
of new content services without having to replace their fielded CE
devices.
Extending Fixed Secrets with Key Derivation
[0051] Key derivation techniques can be used to extend the fixed
secret, S.sub.1, shown in FIGS. 5A and 5B to decrypt either of the
encrypted paring keys E.sub.S.sub.1[K.sub.P],
E.sub.S.sub.2[K.sub.P] to with secrets S.sub.1 and S.sub.2,
respectively produce the pairing key K.sub.p that is used to
decrypt the ECW shown in FIG. 4C. The extension provides the
ability to: (1) Use derived root keys to produce S.sub.1 and
alternately or in addition, using such root keys to produce S.sub.2
and (2) Use this derivation process as a means of renewing key
material for a fielded system.
[0052] For example, in a System-on-Chip architecture such as the
architecture described in the above-referenced patent application
U.S. patent application Ser. No. 15/207,332, now published as U.S.
Patent Publication No. 2017/0012952, hardware root of trust values
can provide the basis for security providers such as the pairing
broker 304 and/or one or more of the broadcasters 102 to derive a
plurality of different security keys. Such keys can be used to add
new security procedures or modify procedures already implemented.
This can be accomplished, for example, by altering the key
generation inputs based on security provider software (CAS or DRM)
and possibly inputs vendor-unique hardware root of trust values.
The key generation inputs can be provided in the CAS and DRM
application software that could be loaded at into consumer
electronics (CE) devices such as the transport module 2002 or CAM
206 when the devices are manufacture, or remotely downloaded over
the air for a fielded CE device. This permits cryptographic
separation of the CE devices at both S.sub.1 and S.sub.2.
[0053] Such hardware root of trust values can include
one-time-programmable (OTP) values programmed into the transport
module 202 and or CAM 206 using, for example, black box techniques
also described in U.S. Patent Publication No. 2017/0012952. Such
OTP values may be held secret from other entities as necessary. For
example, the pairing broker 304 or third party security provider
may provide a black box to the broadcaster 102 or manufacturer of
the STB, permitting the storage of an OTP value without disclosing
that value to the security provider or broadcaster.
[0054] Another advantage of using a derived key database is that
the black box programmed OTP key secrets programmed into the SoC
OTP may be held secret from (do not have to be released to) the CAS
or DRM security provider, since these security providers would use
the OTP key secrets to derive the keys required for their content
protection system. This permits supporting multiple security
provider vendors. Further, if a database of derived keys database
were compromised, this compromise only affects the specific CAS/DRM
security provider that was using that specific derived key
database, and would not affect the fielded CE devices or derived
key databases of any other such CAS/DRM security provider. This
allows S.sub.1 (and/or S.sub.2) to be updated in the event of an
attack that compromises the database of keys.
[0055] FIG. 7 is a diagram illustrating an exemplary embodiment of
the transport module 202 and the CAM 206, wherein the transport
module 202 includes a hardware root of trust value OTP1 702A and/or
the CAM 206 has another hardware root of trust value OTP2 702B,
thus permitting at least one of the first information S.sub.1 and
second information S.sub.2 to be derived from a hardware root of
trust secret stored in at least one of the transport module 202 and
the CAM 206.
[0056] In the illustrated embodiment, the transport module 202 has
a SoC with a processor that can perform processor instructions
704A. The processor has access to OTP 1 702 and can use deriving
information such as the processor instructions 704A to derive or
generate the first value S.sub.1 via one or more operations 708A.
Similarly, the CAM 206 comprises a SoC with a processor that can
perform processor instructions 704B. The processor has access to
OTP 1 702 and can use the processor instructions 704A to generate
the first value S.sub.1 via one or more operations 708B.
[0057] The transport module 202 may also store one or more further
hardware root of trust values OTP1 706A1 and OTP2 706A2 that can
also be used as deriving information to generate the first value
S.sub.1. In one embodiment, OTP1 706A1 and OTP2 706A2 are security
provider-unique, with each allocated to different security
providers, allowing the transport module 202 to support CAS/DRM
procedures of multiple security providers, allowing each such
security provider to use their own OTP value 706A to generate first
information S.sub.1. However, security providers may be provided
multiple OTP values as well.
[0058] Likewise, the CAM 206 may also store one or more further
hardware root of trust values OTP1 706B1 and OTP2 706B2 that can
also be used to generate the second value S.sub.2. OTP1 706B1 and
OTP2 706B2 may be allocated to the same security provider, or
different security providers, allowing the CAM 206 to support
CAS/DRM procedures of multiple security providers.
Hardware Environment
[0059] FIG. 8 illustrates an exemplary computer system 800 that
could be used to implement the servers or the subscriber computer
512 of the present invention. The computer 802 comprises a
processor 804 and a memory, such as random access memory (RAM) 806.
The computer 802 is operatively coupled to a display 822, which
presents images such as windows to the user on a graphical user
interface 818B. The computer system 802 may be coupled to other
devices, such as a keyboard 814, a mouse device 816, a printer,
etc. Of course, those skilled in the art will recognize that any
combination of the above components, or any number of different
components, peripherals, and other devices, may be used with the
computer 802.
[0060] Generally, the computer 802 operates under control of an
operating system 808 stored in the memory 806, and interfaces with
the user to accept inputs and commands and to present results
through a graphical user interface (GUI) module 818A. Although the
GUI module 818A is depicted as a separate module, the instructions
performing the GUI functions can be resident or distributed in the
operating system 808, the computer program 810, or implemented with
special purpose memory and processors. The computer 802 also
implements a compiler 812 which allows an application program 810
written in a programming language such as COBOL, C++, FORTRAN, or
other language to be translated into processor 804 readable code.
After completion, the application 810 accesses and manipulates data
stored in the memory 806 of the computer 802 using the
relationships and logic that was generated using the compiler 812.
The computer 802 also optionally comprises an external
communication device such as a modem, satellite link, Ethernet
card, or other device for communicating with other computers.
[0061] In one embodiment, instructions implementing the operating
system 108, the computer program 810, and the compiler 812 are
tangibly embodied in a computer-readable medium, e.g., data storage
device 820, which could include one or more fixed or removable data
storage devices, such as a zip drive, floppy disc drive 824, hard
drive, CD-ROM drive, tape drive, etc. Further, the operating system
808 and the computer program 810 are comprised of instructions
which, when read and executed by the computer 802, causes the
computer 802 to perform the steps necessary to implement and/or use
the present invention. Computer program 810 and/or operating
instructions may also be tangibly embodied in memory 806 and/or
data communications devices 830, thereby making a computer program
product or article of manufacture according to the invention. As
such, the terms "article of manufacture," "program storage device"
and "computer program product" as used herein are intended to
encompass a computer program accessible from any computer readable
device or media.
[0062] Those skilled in the art will recognize many modifications
may be made to this configuration without departing from the scope
of the present invention. For example, those skilled in the art
will recognize that any combination of the above components, or any
number of different components, peripherals, and other devices, may
be used with the present invention.
CONCLUSION
[0063] This concludes the description of the preferred embodiments
of the present invention. The foregoing description of the
preferred embodiment of the invention has been presented for the
purposes of illustration and description. It is not intended to be
exhaustive or to limit the invention to the precise form disclosed.
Many modifications and variations are possible in light of the
above teaching. It is intended that the scope of the invention be
limited not by this detailed description, but rather by the claims
appended hereto. The above specification, examples and data provide
a complete description of the manufacture and use of the
composition of the invention. Since many embodiments of the
invention can be made without departing from the spirit and scope
of the invention, the invention resides in the claims hereinafter
appended.
* * * * *