A decoder for descrambling encoded satellite transmissions comprises an internal security element and a replaceable security module. The program signal is scrambled with a key and then the key itself is twice-encrypted and multiplexed with the scrambled program signal. The key is first encrypted with a first secret serial number (SSN1) which is assigned to a given replaceable security module. The key is then encrypted with a second secret serial number (SSN0) which is assigned to a given decoder. The decoder performs a first key decryption using the second secret serial number (SSN0) stored within the decoder. The partially decrypted key is then further decrypted by the replaceable security module using the first secret serial number (SSN1) stored within the replaceable security module. The decoder then descrambles the program using the twice-decrypted key. The replaceable security module can be replaced, allowing the security system to be upgraded or changed following a system breach.

PTO Wrapper PDF
Dossier Espace Google
Patent
   RE39166
Priority
Feb 01 1990
Filed
May 04 1993
Issued
Jul 11 2006
Expiry
Jul 11 2023
Inventors
Gammie, Ke…
Assg.orig
Scientific…
Assg.curr
Cisco Tech…
Entity
Large
Referenced by
15
References
55
Maint.:
EXPIRED
BACKGROUND OF THE IN…
35. A method of decoding a signal comprising the steps of:
receiving a scrambled signal and a twice-encrypted key in a decoder,
performing a first decryption of said twice-encrypted key using a second confidential serial number to produce a partially decrypted key,
performing a second decryption on said partially decrypted key in a replaceable security module removably attached to said decoder using a first confidential serial number to produce a decrypted key,
descrambling said scrambled signal using said decrypted key to produce a descrambled signal, and
outputting said descrambled signal.
36. A method of decoding a signal comprising the steps of:
receiving a scrambled signal and a twice-encrypted key in a decoder,
performing a first decryption of said twice-encrypted key in a replaceable security module removably attached to said securing using a
second confidential serial number to produce a partially decrypted key,
performing a second decryption on said partially decrypted key using a first confidential serial number to produce a decrypted key,
descrambling said scrambled signal using said decrypted key to produce a descrambled signal, and
outputting said descrambled signal.
58. A replaceable security module for storing a secret serial number and performing a decryption of a partially decrypted key and outputting a descrambling control signal, said replaceable security module comprising; comprising:
connector means for connecting said replaceable security module to a decoder and through which a said partially decrypted key is received from said encoder decoder and said descrambling control signal is transmitted to said decoder,
memory means for storing at least a said secret serial number, and
decryption means, coupled to said connector means and said memory means for performing a decryption on said partially decrypted key and outputting a descrambling control signal.
56. A replaceable security module for storing confidential serial number and performing a partial decryption of a twice-encrypted key and outputting a partially decrypted key, said replaceable security module comprising; comprising:
connector means for connecting said replaceable security module to a decoder and through which a said twice-encrypted key is received from said encoder decoder and a partially decrypted key is transmitted to said decoder,
memory means for storing at least a said confidential serial number, and
decryption means, coupled to said connector means and said memory means for performing a partial decryption on said twice-encrypted key and outputting a said partially-decrypted key.
41. A decoder for receiving and descrambling a signal scrambled using a twice-encrypted key, said decoder comprising:
connector means for connecting said decoder to a replaceable security module, through which connector means said twice-encrypted key is transmitted to said replaceable security module and a partially-decrypted key is received from said replaceable security module,
key decryptor means, coupled to said connector means for performing a decryption on said partially-decrypted key using a second confidential serial number, and outputting a decrypted key, and
signal descrambling means coupled to said key decryptor for descrambling said signal with said decrypted key and outputting a descrambled signal.
49. A decoder for receiving and descrambling a signal scrambled using a twice-encrypted key, said decoder comprising:
key decryptor means, for performing a first key decryption on said twice-encrypted key using a first confidential serial number and outputting a partially decrypted key,
connector means, coupled to said key decryptor means for connecting said decoder to a replaceable security module, through which connector means said partially decrypted key is transmitted to said replaceable security module and a descrambling control signal is received from said replaceable security module,
signal descrambling means, coupled to said connector means and receiving said descrambling control signal for descrambling said signal and outputting a descrambled signal.
16. A decoder for receiving and descrambling a signal which has been scrambled using a key which has been subsequently twice-encrypted, said decoder comprising:
first key decryptor means for performing a first key decryption on said twice twice-encrypted key using said a second confidential serial number and outputting a partially decrypted key,
a replaceable security module, removably attached to said decoder and containing a second key decryptor means coupled to said first key decryptor means for performing a second key decryption on said partially decrypted key using a first confidential serial number and outputting a decrypted key, and
signal descrambling means coupled to said second key decryptor means for descrambling said scrambled signal using said twice-decrypted decrypted key and outputting a descrambled signal.
19. A decoder for receiving and descrambling a signal which has been scrambled using a key which has been subsequently twice-encrypted, said decoder comprising:
a replaceable security module, removably attached to said decoder and containing a first key decryptor means for performing a first key decryption on said twice twice-encrypted key using said a second confidential serial number and outputting a partially decrypted key,
second key decryptor means coupled to said first key decryptor means for performing a second key decryption on said partially decrypted key using a first confidential serial number and outputting a decrypted key, and
signal descrambling means coupled to said second key decryptor means for descrambling said scrambled signal using said twice-decrypted decrypted key and outputting a descrambled signal.
30. A method of transmitting a secure signal comprising the steps of:
scrambling said signal using a key to produce a scrambled signal,
encrypting said key using a first confidential serial number to produce a once-encrypted key,
further encrypting said once once-encrypted key using a second confidential serial number to produce a twice-encrypted key,
transmitting said scrambled signal and said twice-encrypted key,
receiving said scrambled signal and said twice-encrypted key in a decoder,
performing a first decryption of said twice-encrypted key in a replaceable security module removably attached to said decoder using said second confidential serial number to produce a partially decrypted key,
performing a second decryption on said partially decrypted key using a said first confidential serial number to produce a decrypted key,
descrambling said scrambled signal using said decrypted key to produce a descrambled signal, and
outputting said descrambled signal.
28. A method of transmitting a secure signal comprising the steps of:
scrambling said signal using a key to produce a scrambled signal,
encrypting said key using a first confidential serial number to produce a once-encrypted key. key,
further encrypting said once once-encrypted key using a second confidential serial number to produce a twice-encrypted key,
transmitting said scrambled signal and said twice-encrypted key,
receiving said scrambled signal and said twice-encrypted key in a decoder,
performing a first decryption of said twice-encrypted key using said second confidential serial number to produce a partially decrypted key,
performing a second decryption on said partially decrypted key in a replaceable security module removably attached to said decoder using a said first confidential serial number to produce a decrypted key,
descrambling said scrambled signal using said decrypted key to produce a descrambled signal, and
outputting said descrambled signal.
1. A security system for transmission of a signal comprising:
encoder means for encoding said signal, said encoder means comprising:
signal scrambling means for scrambling signal and outputting a scrambled signal and a key for descrambling said scrambled signal;
first key encryptor means coupled to said signal scrambling means, for performing a first encryption on said key using a first confidential serial number and outputting a once-encrypted key, and
second key encryptor means coupled to said first key encryptor means, for performing a further encryption on said once once-encrypted key using a second confidential serial number and outputting a twice-encrypted key,
transmission means coupled to said signal scrambling means and said second key encrypted means for transmitting said scrambled signal and said twice-encrypted key,
decoder means coupled to said transmission means for receiving and descrambling said scrambled signal, said decoder means comprising:
first key decryptor means coupled to said transmission means, for performing a first key decryption on said twice twice-encrypted key using said second confidential serial number and outputting a partially decrypted key,
a replaceable security module, removably attached to said decoder means and containing a second key decryptor means coupled to said first key decryptor means, for performing a second key decryption on said partially decrypted key using a said first confidential serial number and outputting a decrypted key, and
signal descrambling means coupled to said second key decryptor means and said transmission means for descrambling said scrambled signal using said twice-decrypted decrypted key and outputting a descrambled signal.
7. A security system for transmission of a signal comprising:
encoder means for encoding said signal, said encoder means comprising:
signal scrambling means for scrambling said signal and outputting a scrambled signal and a key for descrambling said scrambled signal,
first key encryptor means coupled to said signal scrambling means, for performing a first encryption on said key using a first confidential serial number and outputting a once-encrypted key, and
second key encryptor means coupled to said first key encryptor means, for performing a further encryption on said once once-encrypted key using a second confidential serial number and outputting a twice-encrypted key,
transmission means coupled to said signal scrambling means and said second key encryptor means for transmitting said scrambled signal and said twice-encrypted key,
decoder means coupled to said transmission means for receiving and descrambling said scrambled signal, said decoder means comprising:
a replaceable security module, removably attached to said decoder means and containing a first key decryptor means coupled to said transmission means, for performing a first key decryption on said twice twice-encrypted key using said second confidential serial number and outputting a partially decrypted key,
a second key decryptor means coupled to said first key decryptor means, for performing a second key decryption on said partially decrypted key using a said first confidential serial number and outputting a decrypted key, and
signal descrambling means coupled to said first second key decryptor means and said transmission means for descrambling said scrambled signal using said twice-decrypted decrypted key and outputting a descrambled signal.
2. The security system of claim 1, wherein said encoder means further comprises:
key memory means coupled to said signal scrambling means and said first key encryptor means for storing said key.
3. The security system of claim 1, wherein said encoder means further comprises:
a first confidential serial number database coupled to said first key encryptor means, containing a list of first confidential serial numbers.
4. The security system of claim 3, wherein said encoder means further comprises:
a second confidential serial number database coupled to said second key encryptor means, containing a list of second confidential serial numbers.
5. The security system of claim 1, wherein said decoder means further comprises:
second confidential serial number memory means coupled to said first key decryptor means, for storing a said second confidential serial number.
6. The security system of claim 5, wherein said replaceable security module contains said first confidential serial number memory means.
8. The security system of claim 7, wherein said decoder means further comprises:
first confidential serial number memory means coupled to said second key decryptor means for storing a said first confidential serial number.
9. The security system of claim 1, wherein said decoder means further comprises:
telephone interface means for transmitting and receiving data to and from a pay television provider, said data encrypted with a confidential telephone number.
10. The security system of claim 9, wherein an encrypted key is received via said telephone interface means.
11. The security system of claim 1, wherein said transmission means further comprises:
first transmission means for transmitting said scrambled signal; and
second transmission means for transmitting said twice-encrypted key.
12. The security system of claim 1, wherein said signal is a television signal.
13. The security system of claim 11 12, wherein said television signal is a B-MAC type television signal.
14. The security system of claim 1, wherein said encoder means further comprises:
multiplexor means for multiplexing said twice-encrypted key with said scrambled signal prior to transmission.
15. The security system of claim 14, wherein said decoder further comprises:
demultiplexor means for demultiplexing said twice-encrypted key from said scrambled signal.
17. The decoder of claim 16, further comprising:
key memory means coupled to said signal descrambler descrambling means and said second key decryptor means for storing said decrypted key.
18. The decoder of claim 16, further comprising:
second confidential serial number memory means coupled to said first key decryptor means, for storing a said second confidential serial number.
20. The decoder of claim 16, further comprising:
first confidential serial number memory means coupled to said second key decryptor means, for storing a said first confidential serial number.
21. The decoder of claim 20, wherein said replaceable security module contains said first confidential serial number memory means.
22. The decoder of claim 16, wherein said signal is a television signal.
23. The decoder of claim 16 further comprising:
telephone interface means for transmitting and receiving data to and from a pay television provider, said data encrypted with a confidential telephone number.
24. The decoder of claim 23, wherein said twice-encrypted key is received via said telephone interface means.
25. The decoder of claim 22, wherein said television signal is a B-MAC type television signal.
26. The decoder of claim 16, wherein said scrambled signal and said twice-encrypted key have been multiplexed together prior to reception by the decoder.
27. The decoder of claim 24 26, further comprising: demultiplexor means for demultiplexing said twice-encrypted key from said scrambled signal.
29. The method of claim 28, wherein said second confidential serial number is assigned to said decoder.
31. The method of claim 30, wherein said second confidential security serial number is assigned to said replaceable security module.
32. The method of claim 28, wherein said first confidential security serial number is assigned to said replaceable security module.
33. The method of claim 28, wherein said transmitting step further comprises:
multiplexing said scrambled signal and said twice-encrypted key together prior to transmission.
34. The method of claim 28, wherein said transmitting step further comprises:
transmitting said scrambling scrambled signal and said twice-encrypted key as separate signals.
37. The method of claim 36, wherein said first confidential serial number is assigned to said decoder.
38. The method of claim 36, wherein said second confidential serial number is assigned to said replaceable security module.
39. The method of claim 35, wherein said second confidential serial number is assigned to said decoder.
40. The method of claim 35, wherein said first confidential serial number is assigned to said replaceable security module.
42. The decoder of claim 41, further comprising:
key memory means coupled to said signal descrambling means and said key decryptor means for storing said decrypted key.
43. The decoder of claim 41, wherein said signal is a television signal.
44. The decoder of claim 41 43, wherein said television signal is a B-MAC type television signal.
45. The decoder of claim 41, wherein said scrambled signal and said twice-encrypted key signal have been multiplexed together prior to reception by the decoder.
46. The decoder of claim 45, further comprising:
demultiplexor means for demultiplexing said twice-encrypted key signal from said scrambled signal.
47. The decoder of claim 41, further comprising:
telephone interface means for transmitting and receiving data to and from a pay television provider, said data encrypted with a confidential telephone number.
48. The decoder of claim 47, wherein said twice-encrypted key is received via said telephone interface means.
50. The decoder of claim 49, wherein said signal is a television signal.
51. The decoder of claim 49 50, wherein said television signal is a B-MAC type television signal.
52. The decoder of claim 49, wherein said scrambled signal and said twice-encrypted key signal have been multiplexed together prior to reception by the decoder.
53. The decoder of claim 52, further comprising:
demultiplexor means for demultiplexing said twice-encrypted key signal from said scrambled signal.
54. The decoder of claim 49 further comprising:
telephone interface means for transmitting and receiving data to and from a pay television provider, said data encrypted with a confidential telephone number.
55. The decoder of claim 54, wherein said twice-encrypted key is received via said telephone interface means.
57. The replaceable security module of claim 56, wherein said memory means further comprises:
security means for allowing the contents of said memory means to be read only by said decryption means.
59. The replaceable security module of claim 58, wherein said memory means further comprises:
security means for allowing the contents of said memory means to be read only by said decryption means.
BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates generally to the field of scrambling systems and more specifically, to an external security module for a television signal decoder of a broadcast, satellite, or cable television transmission system. The present invention has particular application for B-type Multiplexed Analog Component (B-MAC) satellite transmission, but may also be used for NTSC (National Television Standards Committee), PAL, SECAM, or proposed high definition television formats. In addition, the scrambling system of the present invention can be used in applications in related fields such as electronic banking networks, telephone switching systems, cellular telephone networks, computer networks, etc. The system has particular application to so-called “conditional-access” multichannel television systems, where the viewer may have access to several “basic” channels, one or more “premium” or extra-cost channels as well as “pay-per-view” programs.

2. Description of the Relevant Art

In a pay television system, a pay television service provider typically protects the signal from unauthorized subscribers and pirates through scrambling.

For the purposes of the following discussion and this invention, the term “subscriber” means one who is paying for the television service. The “subscriber” could thus be an individual consumer with a decoder in his own home, or could be a system operator such as a local cable TV operator, or a small network operator such as a Hotel/Motel operator with a central decoder for all televisions in the Hotel or Motel. In addition, the “subscriber” could be an industrial user, as described in U.S. Pat. No. 4,866,770 assigned to the same assignee as the present application and incorporated herein by reference.

For the purposes of this invention, a network is defined as a program source, (such as a pay television provider), an encoder, (sometimes called a “head end”), a transmission means (satellite, cable, radio wave, etc.) and a series of decoders used by the subscribers as described above. A system is defined as a program source, an encoder, a transmission means, and a single receiving decoder. The system model is used to describe how an individual decoder in a network interacts with the encoder.

The scrambling process is accomplished via a key which may itself be encrypted. Each subscriber wishing to receive the signal is provided with a decoder having an identification number which is unique to the decoder. The decoder may be individually authorized with a key to descramble the scrambled signal, provided appropriate payments are made for service. Authorization is accomplished by distributing descrambling algorithms which work in combination with the key (and other information) to paying subscribers, and by denying that information to non-subscribers and to all would-be pirates.

The key may be transmitted as a data signal embedded in the normal television transmission associated with the identification number of the decoder. In a typical television signal, there are so-called “vertical blanking intervals” (VBI) occurring in each field and “horizontal blanking intervals” (HBI) occurring in each line between the chrominance and luminance signals. Various other signals can be sent “in-band” in the vertical and horizontal blanking intervals including additional audio channels, data, and teletext messages. The key can be embedded in these “blanking intervals” as is well known in the art. Attention is drawn to U.S. Pat. No. 4,829,569 assigned to the same assignee as the present application and incorporated herein by reference, showing how such data can be embedded in a B-MAC signal. Alternatively, the key may be sent “out-of-band” over a separate data channel or even over a telephone line.

Maintaining security in a conditional-access television network depends on the following requirements:

(i) The signal scrambling techniques must be sufficiently complex to insure that direct encryptographic attack is not practical.

(ii) keys distributed to an authorized decoder cannot be read out and transferred to other decoders.

The first condition can be satisfied by practical scrambling algorithms now available such as the DES (Data Encryption Standard) or related algorithmns.

The second condition requires the physical security of certain devices within the television signal decoder and is much more difficult to satisfy. Such a device must prevent observation of both the key decryption process and the partially decrypted key signals.

FIG. 1 shows a prior art conditional-access system for satellite transmission. In encoder 101, the source program information 102 which comprises video signals, audio signals, and data is scrambled in program scrambler 103 using a key from key memory 104. The scrambling techniques used may be any such techniques which are well known in the art. The key can be a signal or code number used in the scrambling process which is also required to “unlock” or descramble the program in program descrambler 108 in decoder 106. In practice, one key can be used (single layer encryption) or more than one key (not shown). The key is usually changed with time (i.e. - monthly) to discourage piracy. The scrambled programs and the key are transmitted through satellite link 105, and received by conditional-access decoder 106. Decoder 106 recovers the key from the received signal, stores it in key memory 107 and applies it to program descrambler 108 which descrambles the scrambled program received over satellite link 105, and outputs unscrambled program 109. The system is not totally secure, as the key is transmitted in the clear through the channel and is available for recovery by pirates.

To overcome this difficulty and referring to prior art FIG. 2, a method of protecting the key during distribution is introduced into the system of FIG. 1. Prior to transmission, the key used to scramble source program 202 in program scrambler 203 is recovered from key memory 204 and itself encrypted in key encryptor 210 using a secret serial number (SSN) from secret serial number database 211 which contains a list of the secret serial numbers of all legitimate subscribers. These secret serial numbers may relate to the unique identification numbers mentioned above for each decoder of a network of such decoders. The source program has now been scrambled using the key, and the key itself has been encrypted using a secret serial number. Thus, the key is not subject to compromise or recovery during transmission in comparison with the system of FIG. 1. In order to encrypted scrambled program and one of the twice-encrypted keys and performs a first key decryption in replaceable security module 714. The replaceable security module 714 contains a second secret serial number (SSN1), which could be assigned to a particular security module or series of modules, in SSN1 memory 717. The replaceable security module 714 performs a first key decryption in first key decryptor 718 and outputs a partially decrypted key. The partially decrypted key, still unreadable to a pirate, is sent to second key decryptor 713 located in decoder 706 itself. There, the key is fully decrypted using the first secret serial number stored in SSN0 memory 712. The fully decrypted key is now stored in key memory 707 and used to descramble the scrambled program received from satellite link 705 in program descrambler 708 and output descrambled program 709.

Both replaceable security module 714 and an internal security element 719 of decoder 706 may be constructed according to the principles of FIG. 4. For example, the second secret serial number SSN1 may be loaded into SSN1 memory 717 of Module 714 and fusible links used for loading the memory destroyed during manufacture. Similarly, SSN0 memory 712 of internal security element 719 may be loaded during manufacture over a fusible link and the link destroyed. Also over a fusible link, algorithms may be loaded into key decryptors 718, 713 during manufacture and the fusible links subsequently destroyed.

The effect of twice-encrypting the key is to ensure that replaceable security module 714 must correspond to a particular decoder 706 and will not operate with any other decoder. Loss of replaceable security module 714 during distribution no longer presents a potential security breach. To compromise the system, it is now necessary to break the physical security of both replaceable security module 714 and internal security element 719. In order to fully compromise the system, the internal security element 719 must be attacked, restoring the risk to the subscriber that his decoder will be damaged.

At the same time, the replaceable security module provides the pay television provider with the option of replacing system security by mailing out new replaceable security modules to all authorized subscribers. Returned replaceable security modules 714 could be re-used for a different subscriber decoder by reprogramming the SSN0 and SSN1 databases 711 and 716 to correspond to the combination of the first secret serial number of decoder 706 with the second secret serial number of security module 714. Alternatively, the returned replaceable security modules 714 could be destroyed, and a new replaceable security module 714 sent out, incorporating changes and improvements in the security technology to thwart potential pirates. In the event of a security breach, it is only necessary to replace the replaceable security module and not the complete decoder in order to restore system security.

Alternatively, the decoder 706 may function optionally without the use of the replaceable security module 717. In such a system, encoder 701 may be programmed to perform single level key encryption by encrypting the key from key memory 704 once in second key encryptor 715, bypassing first key encryptor 710. Decoder 706 would sense the absence of removable security module 717 and perform only a single key decryption in second key decryptor 713.

If a system breach occurs, the pay television provider then mails out replaceable security modules to subscribers, uses the double encryption technique, and thus recovers system security. The optional usage of the replaceable security module has other attractive benefits as well. Subscribers who do not pay for any premium channels may not be sent a replaceable security module, as the “basic” channels may only use a once-encrypted key or may even be sent in the clear. If the subscriber wishes to upgrade to a premium channel of channels, the pay television provider may then mail that subscriber the appropriate replaceable security module.

In addition, the replaceable security module may be used to add other additional features. Many cable television systems offer optional services such as IPPV (Impulse-Pay-Per-View) which require two-way communication between the decoder 706 and the head end. In the past, if a subscriber wished to upgrade to IPPV service, a subscriber's decoder would have to be altered by inserting a IPPV module internally or by adding an IPPV “side car” externally. Alternatively, the entire decoder would have to be replaced. All three options would necessitate a service call, causing inconvenience to the subscriber, and expense to the pay television provider. Similarly, when a pay television provider wishes to upgrade its entire encoder/decoder system, it must provide a new decoder to each subscriber which will work in the interim with both the old and new encoding techniques, as it is nearly impossible to replace all subscriber decoders simultaneously. Then a decoder manufacturer is faced with the added expense of providing his state-of-the-art decoder with extra circuitry in order to function with the pay television provider's old encoder for the few months during the change over period.

In both the above instances, the replaceable security module 714 may be used to upgrade the decoder 706 without the expense and inconvenience of a service call. The replaceable security module 714 may be mailed to the subscriber and the subscriber can then insert the replaceable security module 714 and instantly upgrade the decoder and add additional features (such as IPPV), alter the encoding technique, or providing an external level of security.

The replaceable security module 714 may take one of several forms. In the preferred embodiment, the module may comprise a “smart card”, a plastic “credit card” with a built-in micro-processor, such as described by the International Standards Organization in standard ISO 7816/1 and ISO7816/2. Attention is drawn on U.S. Pat. No. 4,841,133 issued Jun. 20, 1989 and incorporated herein by reference, describing such a “smart card.” The “smart card” may be equipped with a series of electrical contacts which connect to contacts in the decoder 706. The contacts may provide power to the card, along with clock signals and data transmission.

FIG. 8 shows another embodiment of the present invention wherein the key is twice encrypted and addressed to individual decoders, similar to the device in FIG. 7. The encoder 801 has a key memory 804 containing the key used to scramble program 802 in program scrambler 803. The key is first encrypted in first key encryptor 810 with the first secret serial number (SSN0) stored in SSN0 database 811. The key is further encrypted in second key encryptor 815 with a second secret serial number (SSN1) from SSN1 database 816, producing a series of twice-encrypted keys as in FIG. 7. However, in this embodiment, the twice encrypted keys are then multiplexed into the scrambled program in multiplexor 832 and transmitted via satellite link 805.

The decoder 806 receives the encrypted program and demultiplexes the twice encrypted keys from the scrambled program signal in demultiplexor 833. The decoder 806 then chooses the proper twice encrypted key based on the key message associated with the proper key for that decoder, and performs a first key decryption in replaceable security module 814. The partially decrypted key is then sent to second key decryptor 813 located in the decoder 806 itself. There, the key is fully decrypted using the unique first secret serial number stored in SSN0 memory 812. The fully decrypted key is now stored in key memory 807 and used to decrypt the program in the program descrambler 808 and output the decrypted program 809. The second key decryptor 813, key memory 807, and SSN0 memory 812 together comprise fixed internal security element 819.

FIG. 9 shows an alternate embodiment of the present invention with a telephone controller. Decoder 906 is similar to the decoder 706 of FIG. 7, except that decoder 906 of FIG. 9 also includes a telephone controller 940 for receiving or sending an encrypted key or other data. Telephone controller 940 adds an additional level of security to the system, as the key does not have to be transmitted with the program signal over a separate channel as in FIG. 7 or multiplexed into the signal as in FIG. 8. In addition, the telephone controller 940 can provide two-way communication with the program source for such features as pay-per-view (PPV) or impulse pay-per-view (IPPV) programming.

Pay-per-view programming is defined here as any programming where the subscriber can request authorization to watch a particular program. In many pay television systems, pay-per-view programming is used for sporting events (boxing, wrestling, etc.) which are not transmitted on a regular basis. A subscriber wishing to view the event must receive authorization in the form of a special descrambler mechanism, or in the form of a special code transmitted or input to the subscriber's decoder. Some pay-per-view television systems allow the subscriber to request a pay-per-view program (i.e. - movies) to watch. The pay television provider then transmits the requested program and authorizes that subscriber's decoder to receive the signal.

Impulse pay-per-view (IPPV) programming is defined here as any programming where the subscriber has a pre-authorized number of “credits” saved in his individual decoder. If a subscriber wishes to view a particular program, the subscriber merely actuates the decoder, the appropriate number of credits are subtracted from the subscriber's remaining credits, and the subscriber is immediately able to view the program.

In a pay-per-view embodiment of the present invention, the decoder may send a signal to the head end via the telephone controller 940 with a request for authorization to decode a pay-per-view program. Alternately, the decoder 906 may store authorization information (i.e. -credits) for pay-per-view programming, and forward actual pay-per-view data via the telephone controller 940 at a later time.

The telephone controller 940 could be a computer modem type device, or could work using touch-tone signals to communicate with the head end. Preferably, the telephone controller is a modem type device, communicating with the head end using a TSK protocol. Attention is drawn to copending application Ser. No. 187,978 filed Apr. 29, 1989 describing TSK operation and incorporated herein by reference. The pay television provider can thus send appropriate authorization information (TEL) to the subscriber, encrypted with the subscriber's secret telephone number (STN). The secret telephone number is not a telephone number in the ordinary sense, but rather another type of secret serial number, which could be assigned to a given telephone controller 940 or series of telephone controllers. Once received by the decoder 906, the authorization information may be used to enable descrambling of a particular pay-per-view program or programs.

In another embodiment, which could be used in conjunction with the pay-per-view embodiment described above, the telephone controller can be used to receive the key encrypted with the secret telephone number. The scrambled program signal 941 is input to the decoder 906 which provides the input signal 941 to a clock/data recovery unit 942 and the video/audio descrambler 908. The clock/data recovery unit 942 provides sync and data for the program signal fed to the fixed security element 919. Fixed security element 919 contains a key decryptor, key memory and SSN0 memory. The telephone controller 940 receives the key, encrypted with the secret telephone number of the decoder (STN) stored in the replaceable security module 914. The telephone controller 940 typically commences communication and can be programmed to call the head end at a predetermined time or at a predetermined time interval, or upon receiving a signal from the head end preferably when phone usage is at a minimum (i.e. - early morning hours). The telephone controller can call the head end via a toll free 1-800 number, a so-called “watts” line, or via a local call to a commercial data link such as TYMNET of TELENET. Once the call is connected and communications established, the decoder 906 uploads to the head end a record of pay-per-view usage encrypted with the secret telephone STN1. The head end may then download data similarly encrypted to the decoder 906 including new keys, secret serial numbers, or decryption algorithms. The encrypted key may be sent to the fixed security element 919, which has removably attached thereto the replaceable security module 914. The key is then decrypted in the replaceable security module using the secret telephone number, and decoder control information is sent to the program descrambler 908 to produce the descrambled program 909.

As discussed above, a new secret serial number or decryption algorithm, encrypted with the secret telephone number, may be sent from the head end to a decoder through telephone controller 940. The encrypted secret serial number of decryption algorithm is then decrypted and stored in the replaceable security module. The downloading of decryption algorithms and secret serial numbers via the telephone controller 940 is sometimes called an “E2 patch”, and allows the pay television provider to maintain or recover system security by loading new information into a decoder's EEPROM. An E2 patch does not necessarily entail changing the entire decryption algorithm in the decoder 906. The secret serial number or merely a portion of the decryption algorithm, such as a particular byte or data table need only be changed in order to sufficiently alter the decryption algorithm. The E2 patch allows the pay television provider or upgrade the encryption system to fix “bugs” and recover system security.

After receiving a signal through the telephone controller 940, the head end will send an acknowledment signal to the decoder, indicating that information has been received. Similarly, after data has been downloaded from the head end to the decoder through the telephone controller, the decoder will return an acknowledgement signal to the head end that data has been received.

In addition to pay-per-view requests or records, telephone controller 940 can also be used to upload other signals from the decoder. For example, tamper protection information such as described in connection with FIG. 4 can be sent indicating whether or not the decoder has been tampered with. Further, program viewing information can be uploaded to the pay television provider for television rating purposes (i.e., - Nielson ratings)

In general, any data that can be delivered via the B-MAC input 941 of FIG. 9 (or NTSC, PAL, SECAM, etc.) can also be downloaded through the telephone controller 940. Such information includes, but is not limited to, blackout codes, tiering information, personal messages number of available credits, group identification numbers, and other system data. Generally, the telephone controller 940 is used for infrequent communications, such as periodic security level changes and IPPV requests, due to the limited bandwidth of telephone lines and the increased cost of sending information via telephone versus the B-MAC input.

The telephone information (TEL) encrypted with the secret telephone number (STN) remains encrypted throughout the decoder 906 and may only be decrypted in the replaceable security module 914. The decrypted telephone information does not pass out of the replaceable security module 914, in order to prevent observation by a pirate. In order for the decoder 906 to descramble a scrambled program, both the telephone information and the addressed data packet received through the B-MAC input 941 must be present. By relying on both information sources, piracy is virtually impossible, as the potential pirate must break into the pay television provider's telephone system as well as decrypt the twice-encrypted key.

FIG. 10 shows a more detailed diagram of the device of FIG. 9, showing how the various signals are sent between the fixed security element 1019 and the replaceable security module 1014. In this embodiment, both the fixed and replaceable security modules 1019 and 1014 are built around secure microprocessors 1050 and 1051 similar to that shown in FIG. 4. In FIG. 10, the subscript “0” is used to denote signals and keys stored or decrypted in the fixed security element 1019, while the subscript “1” denotes signals and keys stored or decrypted in the replaceable security module 1014.

Fixed security element 1019 comprises a secure microprocessor 1050 which receives signals 1053, 1054, and 1055 as inputs. Signal 1053 is the program (SYS) which has been scrambled with a key-of-the-month (KOM) and is represented by the symbol EKOM1(SYS). Signal 1054 is the key-of-the-month (KOM) which has been twice-encrypted with the two secret serial numbers (SSN0 and SSN1) of the fixed and replaceable security modules 1019 and 1014, respectively and is represented by the symbol ESSN0(ESSN1(KOM1)).

Signal 1055 is an additional signal, ESTN1(TEL), which is the telephone data encrypted with a secret telephone number (STN) described in FIG. 9 above. The telephone data can be used to provide an additional level of security, as well as to allow the subscriber to request “pay-per-view” programs via the phone line as described in FIG. 9 above.

Secure microprocessor 1050 performs a first decryption of twice-encrypted key 1054 using the first secret serial number SSN0 stored within secure microprocessor 1050. Secure microprocessor 1050 passes partially decrypted key-of-the-month ESSN1(KOM) 1061 to replaceable security module 1014 along with scrambled program EKOM1(SYS) 1062 and encrypted telephone data ESTN1(TEL) 1060.

Replaceable security module 1014 comprises secure microprocessor 1051 which has secure memory 1052 where the second secret serial number SSN1 is stored along with the secret telephone number STN1, the encryption algorithm E, and other authorization information. Secure microprocessor 1051 performs a further decryption on partially decrypted key-of-the-month ESSN1(KOM) 1061 received from fixed security element 1019, using the second secret serial number SSN1 and encryption algorithm E stored within secure memory 1052. The decrypted key-of-the-month (KOM1) is stored in the secure memory 1052 of secure microprocessor 1051. As discussed in FIG. 4, secure memory 1052 cannot be directly addressed or read out, and as such the second secret serial number SSN1 and the encryption algorithm E cannot be observed by a potential pirate.

Secure microprocessor 1051 also decrypts the telephone data (TEL) using the secret telephone number STN1 stored within the secure memory 1052 of the secure microprocessor 1051. If the key-of-the-month (KOM1) can be decrypted, and authorization is present (for pay-per-view), or unnecessary (for other channels), then scrambled program EKOM1(SYS) 1062 can be descrambled in replaceable security module 1014, producing decoder control information DCI1 1058. Decoder control information DCI1 1058 typically contains the line translation scrambling information for the video signal, and decryption information for the multiplexed audio data along with other information such as whether teletext is enabled and which audio channel is to be selected. The program control information DCI1 1058 and the encrypted telephone data ESTN1(TEL) are sent to the fixed security element 1019. If authorization is present (for IPPV) or unnecessary (for other channels), the secure microprocessor 1050 outputs the program control data 1058 to the rest of the decoder (not shown) for program descrambling. On-screen display support information (OSD) 1057 is decoded from the encrypted program signal EKOM1(SYS) EKOM1(SYS) and provides information how on-screen display is controlled by fixed security element 1019 to display personal messages, control a barker channel, indicate the number of remaining credits, indicate authorized channels as well as other ways of controlling displayed information.

FIG. 11 shows a further embodiment of the present invention, without replaceable security module. In this embodiment, the subscript “0” has been used to denote that all decryptions take place within secure microprocessor 1150. Decoder 1106 comprises secure microprocessor 1150 with secure memory 1152. Secure memory 1152 contains a secret serial number SSN0 and a secret telephone number STN0 unique to that decoder or a series of decoders loaded during manufacture and secured with an “E2 bit” as discussed in connection with FIG. 4. Scrambled program EKOM0(SYS) 1153 and once-encrypted key-of-the-month ESSN0(KOM0) 1154 are input to decoder 1106 along with encrypted telephone data ESTN0(TEL) 1155.

Secure microprocessor 1150 decrypts encrypted telephone data ESTN0(TEL) 1155 using the secret telephone number STN0 stored in secure memory 1152. The decrypted telephone data (TEL) is also stored in secure memory 1152 to prevent observation by pirates. The telephone data (TEL) may provide authorization information to decode 1106 as to whether decoder 1106 is presently authorized to decrypt some or all of the received scrambled programs. In addition, other information may be transferred between the decoder and the head end as discussed in connection with FIG. 9.

If authorization is present, secure microprocessor 1150 uses the first secret serial number SSN0 stored in secure memory 1152 to decrypt the key KOM0. As in FIG. 10, the secure microprocessor 1150 then outputs program control information DCI0 1156 to the remainder of decoder 1106 in order to descramble the program signal.

While the present invention has been disclosed with respect to a preferred embodiment and modifications thereto, further modifications will be apparent to those of ordinary skill in the art within the scope of the claims that follow. It is not intended that the invention be limited by the disclosure, but instead that its scope be determined entirely by reference to the claims which follow herein below.

INVENTORS:

Gammie, Keith B.

THIS PATENT IS REFERENCED BY THESE PATENTS:
Patent Priority Assignee Title
10097347, Apr 07 2005 Sony Corporation Content providing system, content reproducing device, content reproducing method, and computer program
7233670, Feb 26 2001 NAGRA VISION S A Signal tracing system and method
7539312, Nov 15 2002 PANASONIC SEMICONDUCTOR SOLUTIONS CO , LTD Program update method and server
7546468, Nov 15 2002 PANASONIC SEMICONDUCTOR SOLUTIONS CO , LTD Program update method and server
7617536, Dec 13 2004 Panasonic Corporation Unauthorized device detection device, unauthorized device detection system, unauthorized device detection method, program, recording medium, and device information update method
7685435, Jul 24 2002 PANASONIC SEMICONDUCTOR SOLUTIONS CO , LTD Program development method, program development supporting system, and program installation method
7832016, Mar 14 2003 Robert Bosch GmbH Microprocessor system and method for detecting the exchange of modules of the system
7849331, Nov 15 2002 PANASONIC SEMICONDUCTOR SOLUTIONS CO , LTD Program update method and server
8190912, Jul 24 2002 PANASONIC SEMICONDUCTOR SOLUTIONS CO , LTD Program development method, program development supporting system, and program installation method
8286889, Mar 26 2005 DISCOVER FINANICAL SERVICES; Discover Financial Services Electronic financial transaction cards and methods
8549655, May 29 2008 NAGRAVISION S S ; NAGRAVISION S A Unit and method for secure processing of access controlled audio/video data
8782417, Dec 17 2009 Nagravision S.A.; NAGRAVISION S A Method and processing unit for secure processing of access controlled audio/video data
8819434, Dec 17 2009 Nagravision S.A. Method and processing unit for secure processing of access controlled audio/video data
9215505, May 07 2013 Nagravision S.A. Method and system for secure processing a stream of encrypted digital audio/video data
9268949, May 18 2007 Verimatrix, Inc. System and method for defining programmable processing steps applied when protecting the data
THIS PATENT REFERENCES THESE PATENTS:
Patent Priority Assignee Title
2656408,
4281216, Apr 02 1979 Motorola Inc. Key management for encryption/decryption systems
4317957, Mar 10 1980 System for authenticating users and devices in on-line transaction networks
4337483, Feb 06 1979 ETABLISSEMENT PUBLIC DE DIFFUSION DIT TELEDIFFUSION DE FRANCE ; L ETAT FRANCAIS, REPRESENTE PAR SECRETAIRE D ETAT POSTES ET TELECOMMUNICATIONS CENTRE NATIONAL D ETUDES DES TELECOMMUNICATION Text video-transmission system provided with means for controlling access to the information
4377483, Jul 13 1979 Nippon Kokan Kabushiki Kaisha Method of removing dissolved heavy metals from aqueous waste liquids
4386233, Sep 29 1980 COMMERCE, THE UNITED STATES OF AMERICA AS REPRESENTED BY THE SECRETARY OF Crytographic key notarization methods and apparatus
4386266, Feb 11 1980 International Business Machines Corporation Method for operating a transaction execution system having improved verification of personal identification
4388643, Apr 06 1981 Northern Telecom Limited Method of controlling scrambling and unscrambling in a pay TV system
4399323, Feb 09 1981 Bell Telephone Laboratories, Incorporated Fast real-time public key cryptography
4484025, Feb 04 1980 Licentia Patent-Verwaltungs-GmbH System for enciphering and deciphering data
4484027, Nov 19 1981 Comsat Corporation Security system for SSTV encryption
4530008, Jan 22 1981 Broadband Technologies, Inc. Secured communications system
4531020, Jul 23 1982 TV COM INTERNATIONAL, INC Multi-layer encryption system for the broadcast of encrypted information
4531021, Jun 19 1980 TV COM INTERNATIONAL, INC Two level encripting of RF signals
4535355, Jun 23 1982 Microdesign Limited Method and apparatus for scrambling and unscrambling data streams using encryption and decryption
4558175, Aug 02 1982 Leonard J., Genest Security system and method for securely communicating therein
4595950, Sep 26 1980 Method and apparatus for marking the information content of an information carrying signal
4608456, May 27 1983 General Instrument Corporation Digital audio scrambling system with error conditioning
4613901, May 27 1983 General Instrument Corporation Signal encryption and distribution system for controlling scrambling and selective remote descrambling of television signals
4634808, Mar 15 1984 General Instrument Corporation Descrambler subscriber key production system utilizing key seeds stored in descrambler
4658292, Apr 30 1982 NEC Corporation Enciphering key distribution system for subscription TV broadcast or catv system
4663664, Oct 31 1983 R. F. Monolithics, Inc. Electronic ticket method and apparatus for television signal scrambling and descrambling
4694491, Mar 11 1985 GENERAL INSTRUMENT CORPORATION GIC-4 Cryptographic system using interchangeable key blocks and selectable key fragments
4696034, Oct 12 1984 Signal Security Technologies High security pay television system
4712238, Jun 08 1984 General Instrument Corporation Selective-subscription descrambling
4736422, Jun 30 1983 Independent Broadcasting Authority Encrypted broadcast television system
4757532, Apr 19 1985 MEDICAL ANALYSIS SYSTEMS, INC Secure transport of information between electronic stations
4785166, Oct 31 1985 Kabushiki Kaisha Toshiba Reader/writer for portable recording medium with power supply abnormality detection
4792973, Jun 08 1984 General Instrument Corporation Selective enablement of descramblers
4799635, Jun 24 1985 Nintendo Co., Ltd. System for determining authenticity of an external memory used in an information processing apparatus
4802214, Apr 23 1982 Eagle Comtronics, Inc. Method and apparatus for identifying and rendering operative particular descramblers in a television signal scrambling system
4802215, Jul 23 1983 Independent Broadcasting Authority Security system for television signal encryption
4803725, Mar 11 1985 GENERAL INSTRUMENT CORPORATION GIC-4 Cryptographic system using interchangeable key blocks and selectable key fragments
4807286, Apr 22 1987 SIGNAL SECURITY TECHNOLOGIES, INC , 1127 ALLIED BANK TOWER, 6161 SAVOY DRIVE, HOUSTON, TEXAS 77036, A WI CORP High security pay television system
4829569, Sep 21 1984 Scientific-Atlanta, Inc Communication of individual messages to subscribers in a subscription television system
4841133, Jun 30 1987 Freescale Semiconductor, Inc Data card circuits
4849927, Jun 12 1987 NCR Corporation Method of controlling the operation of security modules
4864615, May 27 1988 GENERAL INSTRUMENT CORPORATION GIC-4 Reproduction of secure keys by using distributed key generation data
4866770, Jul 08 1986 Scientific Atlanta, Inc. Method and apparatus for communication of video, audio, teletext, and data to groups of decoders in a communication system
4885788, Feb 17 1986 Hitachi, Ltd. IC card
4890321, Jul 08 1986 Cisco Technology, Inc Communications format for a subscription television system permitting transmission of individual text messages to subscribers
4897875, Mar 11 1985 MANITOBA TELEPHONE SYSTEM, THE Key management system for open communication environments
4905280, Oct 12 1984 High security videotext and videogame system
4907271, Apr 19 1985 Neopost Limited Secure transmission of information between electronic stations
4907273, Oct 12 1984 High security pay television system
4908834, Oct 12 1984 High security pay television system
4926444, Apr 29 1988 Cisco Technology, Inc Data transmission method and apparatus by period shift keying (TSK)
4933898, Jan 12 1989 GENERAL INSTRUMENT CORPORATION GIC-4 Secure integrated circuit chip with conductive shield
5237609, Mar 31 1989 Mitsubishi Denki Kabushiki Kaisha Portable secure semiconductor memory device
EP132401,
EP308219,
GB2151886,
RE33189, May 09 1988 Comsat Corporation Security system for SSTV encryption
WO8500491,
WO8606240,
ASSIGNMENT RECORDS    Assignment records on the USPTO
///
Executed onAssignorAssigneeConveyanceFrameReelDoc
May 04 1993Scientific-Atlanta, Inc.(assignment on the face of the patent)
Dec 05 2008Scientific-Atlanta, IncScientific-Atlanta, LLCCHANGE OF NAME SEE DOCUMENT FOR DETAILS 0342990440 pdf
Nov 18 2014Scientific-Atlanta, LLCCisco Technology, IncASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS 0343000001 pdf
MAINTENANCE FEES AND DATES:    Maintenance records on the USPTO
Date Maintenance Fee Events
Aug 30 2005ASPN: Payor Number Assigned.


Date Maintenance Schedule
Jul 11 20094 years fee payment window open
Jan 11 20106 months grace period start (w surcharge)
Jul 11 2010patent expiry (for year 4)
Jul 11 20122 years to revive unintentionally abandoned end. (for year 4)
Jul 11 20138 years fee payment window open
Jan 11 20146 months grace period start (w surcharge)
Jul 11 2014patent expiry (for year 8)
Jul 11 20162 years to revive unintentionally abandoned end. (for year 8)
Jul 11 201712 years fee payment window open
Jan 11 20186 months grace period start (w surcharge)
Jul 11 2018patent expiry (for year 12)
Jul 11 20202 years to revive unintentionally abandoned end. (for year 12)