Conditional access apparatus and method

A conditional access and equipment technology, applied in the field of equipment that replays recorded data and equipment that records distributed data, and can solve problems such as unusability

Inactive Publication Date: 2005-08-24
爱迪德艾恩德霍芬公司
1 Cites 0 Cited by

AI-Extracted Technical Summary

Problems solved by technology

However, this means that the original ECM used ...
View more

Method used

[0050] In another embodiment, the demultiplexer 21 stores the original message with encrypted data in the mass storage unit 20. The decryption information recording unit 22 replaces part of the message with pointer information. This way, maintaining the original timing during replay is straightforward.
[0059] There are various possible methods for determining whether the decryption information in the decryption information item has to be provided. For example, the decryption information access unit 25 may monitor the address of encrypted data being accessed, and if the ...
View more

Abstract

A broadcast data stream that contains a stream of encrypted data and a stream of messages. Data in successive segments of the stream of encrypted data is decryptable with successive decryption information from the messages. The stream of encrypted data is stored upon reception. The items with decryption information for the encrypted data are stored independently retrievable from the stream. Additionally synchronization information is generated and stored to link respective points in the stored stream of encrypted data to respective ones of the items with decryption information. During replay of a stored part of the stream of encrypted data, the items with decryption information for the points in said stored part are retrieved. The retrieved items with decryption information are combined with the stream during replay at times selected under control of the synchronization information. The stream is fed to a decoder and the decryption information is combined with the stream by feeding the decryption information to a secure device, which in response to the decryption information feeds control words to the decoder.

Application Domain

Television system detailsPulse modulation television signal transmission +2

Technology Topic

Broadcast dataMessage flow +2

Image

  • Conditional access apparatus and method
  • Conditional access apparatus and method
  • Conditional access apparatus and method

Examples

  • Experimental program(1)

Example Embodiment

[0022] figure 1 A conditional access device is shown. The device includes a receiving unit 10 such as a set-top box and a display device 18 such as a television. The receiving unit 10 has an input 11 for receiving input signals from, for example, a cable television system or satellite broadcast receiving unit, a demultiplexer 12, a security device 14 (such as a smart card), and a data decryption unit 16. The first output of the demultiplexer 12 is coupled to the display device 18 via the decryption unit 16. The security device 14 includes an EMM processing unit 140 and an ECM processing unit 142. The second output and the third output of the demultiplexer 12 are coupled to the EMM processing unit 140 and the ECM processing unit 142, respectively. The EMM processing unit 140 has an output coupled to the ECM processing unit 142. The ECM processing unit 142 has an output coupled to the decryption unit 16. (Although the EMM processing unit 140 and the ECM processing unit 142 are shown separately, their functions can actually be implemented by running different program parts on the same microprocessor in the security device 14).
[0023] In operation, the receiving unit 10 receives a data stream from the input 11. The data stream contains encrypted data, entitlement control messages (ECM) and entitlement management messages (EMM), which are multiplexed in the data stream. The ECM contains a control word used to decrypt encrypted data, and the EMM contains right information, including a key used to decrypt the control word in the ECM. The demultiplexer 10 demultiplexes the encrypted data, ECM, and EMM, and outputs the encrypted data (or part of them) to the decryption unit 16, the ECM to the ECM processing unit 142, and the EMM to the EMM processing unit 140 . The ECM processing unit 142 extracts control words from the ECM and provides these control words to the decryption unit 16. The decryption unit uses the control word to decrypt the encrypted data, and then provides the decrypted data to the display device 18, which can display the image encoded by the data and/or reflect the audio data on the display screen.
[0024] The EMM processing unit 140 extracts the right information from the EMM, and uses this information to control the encrypted data ECM processing unit 142 to provide the control word to the decryption unit 16. The EMM processing unit 140 also obtains decryption keys from the EMM, and provides these keys to the ECM processing unit 142 for decrypting the control words in the ECM.
[0025] Record encrypted data stream
[0026] figure 2 A conditional access device with a large-capacity storage unit 20 is shown. The large-capacity storage unit 20 is, for example, a magnetic disk or an optical disk, a tape recorder or even a semiconductor memory. The figure shows the recording side 21, 22 and the playback side 24, 25, 26 (for clarity, the figure shows separate recording and playback sides, but it will be understood that the hardware used to implement the recording and playback sides can actually be equivalent They overlap to a certain degree; also, for clarity, the figure shows separate inputs and outputs of the medium 20, but in fact one or more of the inputs and/or outputs can be combined). The recording side includes a demultiplexer 21 and a decryption information recording unit 22. The demultiplexer 21 has an input 21a coupled to the input of the device, which can be coupled to, for example, a cable TV system or a satellite broadcast receiving unit. The demultiplexer 21 has an output coupled to the mass storage unit 20 and the decryption information recording unit 22. The decryption information recording unit 22 has an output coupled to the mass storage unit 20.
[0027] The playback side includes a control unit 24, a decryption information access unit 25, and a receiving unit 26. The control unit 24 has a control output coupled to the receiving unit 26, and an address selection output coupled to the mass storage unit 20 and the decryption information access unit 25. The decryption information access unit 25 has an input and an output coupled to the mass storage unit 20, and an output coupled to the receiving unit 26.
[0028] figure 2 The conditional access device in is designed to receive figure 1 The data stream of the type processed by the receiving unit 10 is shown, the encrypted information in the data stream is recorded in the mass storage device 20, and this information in the mass storage device is replayed later. During playback, this information is decrypted on the playback side.
[0029] image 3 Shows the time relationship between the information in the data stream. The data stream contains encrypted data and decryption information for decrypting the encrypted data (the decryption information is included in, for example, ECM and EMM). The encrypted data is divided into continuous segments of, for example, 10 seconds. Each segment needs its own control word to decrypt the data in the segment. Usually the control words of different segments are different. The data stream contains information that identifies the different segments. image 3 The signal 30 is displayed, which will flip each time a different segment starts. In DVB, this is indicated by the scrambling control bit in the packet header.
[0030] Decryption information provides control words (e.g. in ECM). Each control word is usually provided many times to distribute it among the segments that need it. This ensures that when the user selects a data stream, each control word can be obtained in a short notification. In addition, it is best to provide a control word before the segment. This allows time to decrypt the control word before it is needed. Therefore, there is a time interval in each providing the corresponding segment control word. These time intervals are not consistent with the segment. The last part of the time interval for providing one control word usually coincides with the beginning of the next time interval for providing the next control word. In each ECM, it generally includes, for example, two control words, one for the current segment and the other for the next segment. When the content of the ECM changes, the most obsolete control word is ignored and the next control word is included.
[0031] image 3 The second signal 32 shown in Figure 7 illustrates this time interval. Each control word is provided during the entire period of the second signal 32. At each transition of the second signal 32, a new control word is provided, and the most outdated control word is stopped. The stream preferably contains information from which the transition of the second signal 32 can be determined. In DVB, this is indicated by Table-ID.
[0032] It should be noted that the transition in the first signal 30 preferably does not have to coincide with the transition in the second signal 32. That is, the time when the encrypted data starts to enter the new control word is generally not consistent with the time when the new control word starts to be provided. This relaxes the timing requirements for the data stream.
[0033] figure 2 The device in extracts encrypted data and decryption information from the stream received at input 21A, at least when the user of the device provides a control signal to do so. The demultiplexer 21 writes the encrypted data into the mass storage unit 20. The decryption information recording unit 22 writes items of decryption information into the mass storage unit 20. The items of the encrypted information are decrypted so that they can be accessed separately from the encrypted data, that is, they do not have to be accessed as part of the data stream at a predetermined position in the data stream, where the predetermined position is the same as that in the input 21A. Corresponding to the position in the original data stream received.
[0034] The decryption information recording unit 22 writes the items of the decryption information into the mass storage unit 20 in encrypted form. For this purpose, the original encrypted decryption information (for example, a copy of ECM) can be used, or alternatively, the decryption information recording unit 22 can decrypt the decryption information first, and use a certain secret before writing it to the mass storage unit 20 The key re-encrypts it. The advantage of the latter is that the original authorization key in the EMM is no longer needed to decrypt the control word. The original authorization key is not available at the time of replay, or if the authorization key will have to be used at that time, at least considerable overhead may be required. The key used for re-encryption may be a key in the device local. The device can be allowed to use this key for a limited period of time during which replays are allowed, or only for a limited period of time.
[0035] In addition to the decryption information, the decryption information recording unit 22 also writes synchronization information into the mass storage unit, which connects a necklace of synchronization information to a point in the stream of encrypted data.
[0036] Figure 4 An embodiment is shown in which the device includes a decryption unit 40 for decrypting a stream of encrypted data while storing the stream. In this embodiment, the device includes a separate frame detection unit 42 which is used to locate the frame of the separated description of the video signal in the signal decrypted from the encrypted data stream. in image 3 In, a fourth signal 36 is shown, which is used to illustrate an encrypted data stream with a portion 37 containing such separated frames. It is well known that, for example, in MPEG signals, an image sequence can be compressed by providing information that separately describes some frames (I frame) and describes other frames (B frames and P frames) according to changes relative to other frames.
[0037] in Figure 4 In the embodiment, the decryption information recording unit 22 writes each item containing the decryption information of the control word of the corresponding ECM into the mass storage unit 20. These control words are written in encrypted form, such as figure 2 Said. The separated frame detection unit 42 writes the access information to the mass storage device 20.
[0038] Figure 5 Shows the data structure of the access information. The figure shows a stored encrypted data stream 52, which contains an encrypted data portion illustrating an I frame (e.g., 56). The figure indicates different segments 50a-c in stream 52. Each segment 50a-c needs its own control word to decrypt the encrypted data in the segment. The figure also shows a block 54 of stored decrypted information items. In addition, a block 58 for accessing information is also shown. The access information addresses each part of the encrypted data stream 52, which contains separated frames and corresponding decryption information items that can be used to decrypt each part.
[0039] For example, for each detected separated frame, a pair of addresses (X, Y) is stored in the entry of the block of the access information 58. The addresses X and Y constitute pointers 53 and 55 for addressing the storage unit of the mass storage unit 20 storing encrypted data. The encrypted data includes separate frames and decryption information items related to the encrypted data. The address (X, Y) may be the absolute address of the mass storage unit, or may be a relative address or counter value used to indicate the position within the relevant storage information block 52, 54 or the like.
[0040] During replay in a certain trick mode, the separated frames will be used to replay the stream, and other frames will be ignored. However, it will be understood that the present invention is not limited to such replay using separate frames. Instead, it can be replaced by several parts of the data stream that can be used for trick play. In this case, the separate frame detection unit 42 may be replaced by a unit for detecting any other type of related information in the data stream, and the device provides a pointer to the portion 56 of the encrypted data stream 52 containing such op information.
[0041] Link decryption information to a point in the data stream
[0042] Same in not adopting Figure 4 In the illustrated embodiment, various methods can be used to link the decryption information to a point in the encrypted data stream.
[0043] Figure 6 An example of the data structure used in one embodiment is shown. The figure shows an encrypted data stream 52 and a block 64 of decrypted information items. The block 64 contains pointer information to the position 66 in the stream 52. Arrow 68 indicates that the pointer information points to position 66 in stream 52.
[0044] In this embodiment, the decryption information recording unit 22 records the position in the encrypted data stream associated with the decryption information in each item. In another embodiment, this may be a pointer to the stored encrypted data, the stored encrypted data being received immediately at the pointer location in the input stream. The recording of the pointer to the position in the stream can realize the playback of the decrypted information at the same timing relative to the encrypted data as the original received time.
[0045] As will be described below, the decryption information in the item of block 64 may correspond to the decryption information in multiple messages from the stream, and only one decryption information item is stored for the multiple messages. In this case, it may be sufficient to provide the encrypted information in this item only once during the replay, but for security reasons, it may be necessary to replay the decryption at every point (where the original stream contains the message with decryption information) information.
[0046] In one embodiment, the decryption information recording unit 22 stores only one item for a plurality of messages. Therefore, the decryption information recording unit 22 detects the position of the encrypted data in the input stream, and the encrypted data corresponding to the item appears in the position. Information message, and the decryption information recording unit 22 stores information about a plurality of pointers 68 associated with the item, and the pointer 68 points to an encrypted data stream in which a message with encrypted information corresponding to the item appears in the input stream position.
[0047] In another embodiment, time stamp information may be stored instead of one or more pointers 68. The time stamp information specifies the time value at which the decrypted information should be played back. This makes it possible to provide decryption information at a point in time determined by the replay of the stream. In this embodiment, the decryption information recording unit 22 samples the time stamp from a time stamp counter (not shown), where the time stamp counter is updated with the progress of the input stream. For example, in the case of prior art MPEG data in the stream, the stream contains information that can assign time values ​​to different points in the stream. The decryption information recording unit 22 can use these time values.
[0048] Figure 7 Another data structure is shown in which the decryption information recording unit 22 stores the pointer information 76 together with the stored encrypted data stream 52. The pointer information 76 points (as indicated by the arrow 78) to the decrypted information item in the block 74 having the decrypted information item. Each unit of the pointer information 76 is stored in a corresponding position in the encrypted data 52 corresponding to the encrypted information item in the block 74 in any of the aforementioned ways. This makes it possible to retrieve the corresponding item during playback, so that the decrypted information in the original stream can be replayed through substantially the same relative timing relationship as the encrypted data 52 when the encrypted data 52 is played back.
[0049] This can also be achieved in various ways. In one embodiment, the decryption information recording unit 22 inserts a message 76 with pointer information into the encrypted data 52, so that in addition to replacing the message with decryption information by the message with pointer information, the message from The input stream of the input 21a is effectively stored in the mass storage unit 20. A dedicated so-called "PID" (packet ID) can be used for this purpose. In the conventional conditional access stream, it is known to structure the stream into data packets each having a PID. Different PID values ​​correspond to different substreams, such as image streams and audio streams. The table used to specify the relationship between the PID value and the flow is transmitted. During decryption of the stream, the receiving unit selects packets based on the PID value. When pointer information is included in a packet having a PID specific to pointer information, the pointer information can be easily selected from the stream in the replay.
[0050] In another embodiment, the demultiplexer 21 stores the original message with encrypted data in the mass storage unit 20. The decryption information recording unit 22 replaces part of the message with pointer information. In this way, maintaining the original timing during replay is simple and straightforward.
[0051] For this embodiment, it is desirable that the service provider broadcasting the stream leave space in the message with decryption information for inserting pointer information. The service provider can also insert pointer information into the stream. That is, the service provider can broadcast a stream containing encrypted data and a message with decryption information used to decrypt the encrypted data from the segment of the stream, where the message contains pointer information, which is used to identify the sequence number of the message during the transmission of the program (The serial number of the first message is "1", the serial number of the second message is "2", etc.). Or the pointer information can specify the sequence number of the decryption information in the message, and the sequence number is incremented every time a message with new decryption information is included in these messages. When the decrypted information recording unit 22 stores the decrypted information items so that they can be retrieved using the pointer information, the pointer information can be used as figure 2 To retrieve these items in the device shown.
[0052] The service provider can even provide decryption information items. In that case, the decryption information recording unit 22 may be omitted. The items needed to decrypt the recorded program can be transmitted to the user by the provider as part of the stream, or via a separate exchange of information, for example via a telephone line or via the Internet. Therefore, the service provider can selectively make the user replay the recorded data, for example, after payment.
[0053]It is better not to store decrypted information items in encrypted data. This allows the decryption information recording unit 22 to perform decryption and encrypt the decryption information for later use without having to cache the encrypted data during decryption and encryption.
[0054] Sub-sampling
[0055] in figure 2 Or in the embodiment of the device shown in 4, the decryption information recording unit 22 stores all the ECMs in the mass storage unit 20. However, this may cause considerable overhead when ECMs with the same control word are frequently included in the data stream. In another embodiment, the decryption information recording unit 22 effectively sub-samples the ECM and only stores control words from some ECMs. In one form of this embodiment, the sub-sampling rate (part of the ECM used) can be any value, as long as at least one ECM is sampled in each half cycle of the second signal.
[0056] In a preferred embodiment, when the decryption information recording unit 22 detects a transition in the content of the ECM, the sub-sampling of the ECM is triggered, that is, the sub-sampling of the ECM is triggered on the edge of the second signal 32. The first ECM after such an edge is preferably used to store decrypted information items. image 3 The third signal 34 in indicates the sampling point 35 at which the ECM is sampled in this way. When there is no ECM containing the control word for the past encrypted data, the advantage of sampling after the transition of the second signal 32 is that the sample can decrypt the later encrypted data. These later encrypted data are for the current valid And the next control word to decrypt and encrypt. Alternatively, an ECM with a predetermined sequence number after the edge (such as the fifth or tenth ECM after the edge) may be used. The exact sequence number does not matter, as long as it is known that at least the message has been repeated the corresponding number of times in the input data stream from input 21a.
[0057] Replay
[0058] During the replay, the control unit 24 determines which parts of the encrypted data stream to retrieve from the mass storage unit 20 and when to start the retrieval. The control unit 24 transmits address information to the mass storage unit 20. For example, the address of the encrypted data, the position indicator of the disk or tape do so. In response, the mass storage unit 20 outputs the required data to the receiving unit 26. At the same time, the decryption information access unit 25 detects which item of the decryption information corresponds to the accessed data, and whether it is necessary to provide that item of decryption information to the receiving unit 26, for example, because the decryption information has not been provided.
[0059] There are various possible methods for determining whether the decryption information in the decryption information item must be provided. For example, the decryption information access unit 25 may monitor the address of the encrypted data to be accessed, and if the address passes the point where the item is stored, the decryption information access unit 25 provides the receiving unit 26 with the decryption information in that item . The decryption information access unit 25 can use, for example, an address value (or location value) for each item to indicate the position of the item in the data stream, or multiple address values ​​for each item to indicate the item in the data Different positions in the stream. Therefore, the timing of the original stream can be constructed very accurately.
[0060] In the case of jointly storing the time stamp and the item, the decryption information access unit 25 may provide the time stamp when the time counter (not shown) on the replay side reaches the value of the time stamp. (The time counter can be used in a conventional way to control the exact timing of replaying encrypted data).
[0061] Alternatively, the decryption information access unit 25 may detect a pointer to the encrypted information item from the retrieved encrypted data, if the item has not been loaded, load it and provide the decryption information of the item to the receiving unit. For example, in the case where messages with pointer information are stored in encrypted data, the decryption information access unit 25 may detect these messages (for example, from these message PIDs) and extract the pointer information. The decryption information access unit 25 uses the extracted pointer information to select the corresponding decryption information item, and provides the information to the receiving unit 26.
[0062] The receiving unit 25 basically figure 1 The receiving unit 10 that processes the encrypted data with decryption information and the message works in the same way. However, it may not need to use the demultiplexer 12, because the decrypted information and encrypted data have been retrieved from the mass storage unit 10 separately.
[0063] Usually, the encrypted data is played back in the time mode received at the input 21A, which is performed in a certain order and at a speed required for normal viewing.
[0064] Trick play
[0065] figure 2 The device in the support trick way replay. The trick mode replay includes, for example, one or more fast forward displays, reverse playback displays, slow motion, etc. Generally, the data in the stream is output to the presentation device in an abnormal time mode during the trick mode replay, that is, part of the stream is not skipped at a normal speed or in a backward time direction or periodically. (In some specific types of devices, the normal mode may not be supported. For example, when the user (yet) does not pay for viewing in the normal mode, the device only allows access in trick mode).
[0066] Figure 8 The access to the mass storage unit 20 during fast forward is explained. The time "t" is drawn in the horizontal direction, and the address "A" is drawn in the vertical direction, which represents the playback time during normal mode playback. During play in trick mode, the control unit 24 provides the mass storage unit 20 with an advanced address A that periodically skips an address range.
[0067] The decryption information access unit 25 provides decryption information necessary for decrypting the retrieved encrypted information. For example, the decryption information access unit 25 may retrieve a list of points in the encrypted data stream storing the decryption information items, and this list contains the associated decryption information items or pointers thereto. In this case, the decryption information access unit 25 monitors the address of the encrypted data to be provided by the control unit 24. When the access unit determines that these addresses are approaching the addresses passing through the point where the decryption information is stored, the decryption information access unit 25 provides the receiving unit 26 with the decryption information in the associated decryption information item.
[0068] The access unit 25 preferably retrieves the decrypted information at the selected time point so that there is at least a predetermined time interval after the time point before providing the encrypted data. That is, the same predetermined time interval can be obtained to decrypt the decrypted information item, regardless of the replay speed.
[0069] in Figure 4 In the embodiment, the specific frame has been identified in the encrypted data before being retrieved from the mass storage unit 20, and the control unit 24 can retrieve the encrypted data containing the identified frame. In this case, the control unit 24 first retrieves the address pair (X, Y) of the stored encrypted data part, and then provides the address to the mass storage unit 20 to retrieve the encrypted data based on the address X, and then sends it to the decryption information access unit 25 provides the address Y of the decrypted information to order the receiving unit 26 to provide the corresponding decrypted information.
[0070] Preferably, the device can generate a delay between providing decrypted information and providing corresponding encrypted data. This can be achieved by, for example, providing a buffer (not shown) between the mass storage unit 20 and the receiving unit 26 to buffer the data during the delay, or providing the decryption information access unit 25 early Retrieve the information of the address of the encrypted information. This allows the decryption information access unit 25 to provide decryption information in advance so that the receiving unit 26 has time to decrypt them before the control words are needed.
[0071] In some types of trick play (such as reverse play), the encrypted data can be retrieved at least partially in reverse order. In this manner, the decryption information access unit 25 preferably determines the point in the encrypted data at which the decrypted information item will become valid during advance. When the playback has passed this point in the reverse direction, the decryption information access unit 25 selects the decryption information item, which will be the last item before that point in chronological order during normal playback. Obviously, other methods for selecting the item can be used, such as correlating the item with the interval at which it starts and ends at various points, and detecting whether the playback will access data within this interval in order to select the associated item. Then, the decryption information access unit 25 outputs the selected item to be used during reverse playback. (Of course, although this is useful, but in Figure 4 It is not necessary in the embodiment, where the relevant items can be determined directly from the retrieved data).
[0072] In this way, the device realizes the replay of stored encrypted data and/or the replay of tricks. The mass storage unit 20 does not have to be tamper-proof: replaceable memory, magnetic or tape can be used. Some parts of the receiving unit 26 are preferably made tamper-proof (for example, by using a security device, such as a smart card, to decrypt the control word), and, Figure 4 In the case of the embodiment, the decryption unit 40 is also preferably tamper-proof. It will be understood that for trick play, the decryption information access unit 25 preferably utilizes pointer information for positions in the encrypted data stream, which can be retrieved separately from the encrypted data stream, or at least it is not necessary to retrieve the entire encrypted data stream for searching pointer information. data flow. This reduces the amount of information required for retrieval from the mass storage unit 20. In these embodiments, storing the pointer information in association with the decryption information item meets this requirement.
[0073] Other aspects
[0074] It will be understood that the invention is not limited to the shown embodiments. For example, although the encrypted data and the decrypted information items are preferably stored in the same mass storage unit 20 for easy access, this is of course not necessary. A separate memory can be used for the decrypted information item. Similarly, although it is better to retrieve the decrypted information item during playback, it is also possible to retrieve all related items of the recording stream as a block in advance. This is done by using sub-sampling to select the items stored first. By using items that have been preloaded as blocks, the decryption information access unit 25 can quickly respond to the control unit 24 selecting the address of the encrypted data for replay.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products