US20110103582A1 - System for securing access to data streams - Google Patents

System for securing access to data streams Download PDF

Info

Publication number
US20110103582A1
US20110103582A1 US12/930,304 US93030411A US2011103582A1 US 20110103582 A1 US20110103582 A1 US 20110103582A1 US 93030411 A US93030411 A US 93030411A US 2011103582 A1 US2011103582 A1 US 2011103582A1
Authority
US
United States
Prior art keywords
scrambled
compressed
content
digital content
output
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/930,304
Inventor
Josh Kamins
Stephanie Wald
Yaacov Belenky
Carmi Bogot
Gabi Ickowicz
Uri Stroh
Abraham Wachtfogel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Synamedia Ltd
Original Assignee
NDS Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NDS Ltd filed Critical NDS Ltd
Priority to US12/930,304 priority Critical patent/US20110103582A1/en
Publication of US20110103582A1 publication Critical patent/US20110103582A1/en
Assigned to NDS LIMITED reassignment NDS LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BEAUMARIS NETWORKS LLC, CISCO SYSTEMS INTERNATIONAL S.A.R.L., CISCO TECHNOLOGY, INC., CISCO VIDEO TECHNOLOGIES FRANCE
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/414Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
    • H04N21/4147PVR [Personal Video Recorder]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
    • H04N21/4408Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates

Definitions

  • the present invention relates to delivery of digital content, and more particularly to systems for controlling the delivery of digital content based on rules.
  • the IEEE 1394 high-speed serial bus provides enhanced PC connectivity for consumer electronics audio/video (A/V) appliances, storage peripherals, other PCs, and portable devices, making it possible to transfer content quickly and efficiently around such devices.
  • An industry developed standard, DTCP (5C) copy protection scheme (Digital Transmission Content Protection Specification, Vol. 1, available at www.dtcp.com/info_dtcp_v1.pdf), provides content protection against the unauthorized copying and transmission of digital images and sound.
  • DTCP was developed to encrypt digital content as it moves over an IEEE 1394 interface from pay television systems like cable and satellite.
  • the DTCP scheme supports capabilities such as moving copies from personal video recorders to removable digital tape or disc recordings, and transferring copies among servers located in different places in a home.
  • DTCP technology includes three basic copy control states, designated Copy Freely, Copy One Generation, and Copy None, any of which can be applied to particular items of content.
  • the DTCP system thus enables generations of control information, where the copy control state of data in a particular location directly affects the next generation copy control state, dependant on the particular copy control in use for the first generation.
  • DVD In general, pay television systems, as well as MPEG (ISO/IEC JTC1/SC29/WG11)/DVD have been designed to protect content, while controlling the transport stream and delivering clear uncompressed content for display.
  • DVD specifications are available on the Internet at ecma:ch. Specific specifications include ECMA-267 (97) 120 mm DVD-Read-Only Disk; ECMA-268 (97) 80 mm DVD-Read-Only Disk; and ECMA-272 (99) 120 DVD Rewriteable Disk (DVD-RAM) also published as ISO-IEC 16824).
  • Digital data is particularly valuable in its clear compressed format, as clear compressed digital data can easily be transmitted because of its size. Additionally, every copy of clear compressed digital data is identical. End to end content protection has shown the importance of maintaining the data encrypted until it is being used; see, for example, the discussion in NDS marketing white paper XTV Persistent End-to-End Content Protection (30 Jul. 2002 publication number XT-M164).
  • the present invention in preferred embodiments thereof, seeks to provide an improved mechanism whereby additional security features are added to a video processor.
  • the additional security features include headend control which explicitly determines whether the content can be output clear compressed or not.
  • the headend control is enforced in preferred embodiments of the present invention by providing content which is protected by additional encryption and by utilizing an additional decryption element that is only accessible when preparing clear uncompressed content.
  • headend is used throughout the present specification and claims to include any hardware and software used to prepare digital data for distribution; such preparation typically includes encrypting, compressing and multiplexing the digital data.
  • Metadata typically includes one or more of the following: program specific information; service information; electronic program guide information; or any other metadata which might be included in a broadcast stream.
  • clear is used throughout the present specification to refer to a state of data which is neither scrambled nor encrypted.
  • the term “clear compressed data” refers to compressed data which is neither scrambled nor encrypted.
  • ender is used, in all of its grammatical forms, throughout the present specification and claims to refer to any appropriate mechanism or method of making content palpable to one or more of the senses. In particular and without limiting the generality of the foregoing, “render” refers not only to display of video content but also to playback of audio content.
  • a method for protecting digital content including receiving compressed encrypted digital content, determining an output format based, at least in part, on all of the following a user-requested output format, received control information, and a rule determining whether a clear compressed output format is allowed, and producing output from the compressed digital content based on a result of the determining, wherein, if the rule does not allow clear compressed output format, the compressed encrypted digital content is provided in a form which prevents production of clear compressed output in the producing step.
  • the form which prevents production of clear compressed output includes compressed encrypted digital content, additionally encrypted in accordance with a second encryption method, and the producing includes decrypting in accordance with the second encryption method, and decompressing, and the producing includes an atomic operation.
  • the method includes providing an output-producing hardware device, wherein at least the producing is performed in the hardware device.
  • the hardware device is characterized by a device profile, and the determining is also based, at least in part, on the device profile.
  • the determining is also performed in the hardware device.
  • the hardware device is included in a single integrated circuit.
  • the integrated circuit is included in a smart card.
  • the method includes rendering the output sensible to at least one human sense.
  • the rendering includes at least one of the following: audio rendering; visual rendering; and audio/visual rendering.
  • the compression includes null compression.
  • apparatus for protecting digital content including a digital content receiver receiving compressed encrypted digital content, an output format determination unit determining an output format based, at least in part, on all of the following: a user-requested output format; received control information; and a rule determining whether a clear compressed output format is allowed, and a content output unit producing output from the compressed digital content based on a result produced by the output format determination unit, wherein, if the rule does not allow clear compressed output format, the compressed encrypted digital content is provided to the digital content receiver in a form which prevents production of clear compressed output by the content output unit.
  • the form which prevents production of clear compressed output includes compressed encrypted digital content, additionally encrypted in accordance with a second encryption method, and the content output unit includes a decrypting unit decrypting in accordance with the second encryption method, and decompressing apparatus, and the content output unit produces output in an atomic operation.
  • the apparatus includes an output-producing hardware device, wherein at least the content output unit is included in the hardware device.
  • the hardware device is characterized by a device profile, and the output format determination unit determines the output format based, at least in part, on the device profile.
  • the output format determination unit is also included in the hardware device.
  • the hardware device is included in a single integrated circuit.
  • the integrated circuit is included in a smart card.
  • the apparatus includes a rendering device which renders the output sensible to at least one human sense.
  • the rendering device includes at least one of the following: an audio rendering device; a visual rendering device; and an audio/visual rendering device.
  • the compression includes null compression.
  • a digital content receiver including: a local scrambling descrambler; a broadcast descrambler receiving an output produced by the local scrambling descrambler; a local scrambler, a combined extra encryption algorithm decryptor and decoder/decompressor (XDDC), and a switch operative to provide an output of the broadcast descrambler to exactly one of the local scrambler and the XDDC, wherein the DCR is operative to receive control information and compressed encrypted digital content, and at least the setting of the switch is determined, at least in part, by the control information, and the DCR is operative to produce an output based on all of the following: the compressed digital content; a user-requested output format; the received control information; and a rule determining whether a clear compressed output format is allowed, and if the rule does not allow clear compressed output format, the compressed encrypted digital content is provided to the DCR in a form which prevents production
  • DCR digital content receiver
  • the local scrambling descrambler is operative to perform exactly one of the following operations based, at least in part, on the received control information: receive an input and produce an output substantially identical to the received input; and receive an input, and perform descrambling on the received input, thereby producing an output.
  • the local scrambler is operative to perform exactly one of the following operations based, at least in part, on the received control information receive an input and produce an output substantially identical to the received input, and receive an input and perform local scrambling on the received input, thereby producing an output.
  • the DCR includes an output-producing hardware device, wherein at least the content output unit is included in the hardware device.
  • the hardware device is included in a single integrated circuit.
  • the integrated circuit is included in a smart card.
  • the DCR includes a rendering device which renders the output sensible to at least one human sense.
  • the rendering device includes at least one of the following an audio rendering device, a visual rendering device, and an audio/visual rendering device.
  • the XDDC is operative, based, at least in part, on the received control information, to receive an input, and descramble and decode the received input in an atomic operation, thereby producing an output.
  • a content-protected personal video recorder including a DCR, and a PVR unit including PVR storage media, the PVR unit receiving the output produced by the DCR.
  • PVR personal video recorder
  • the PVR unit is operative to store the received output on the PVR storage media.
  • the output produced by the DCR includes locally scrambled output.
  • the PVR unit is operative to retrieve the stored output from the PVR storage media.
  • the DCR performs at least one of the following on the locally scrambled output retrieved by the PVR decryption, and decompression.
  • the PVR unit is operative to store received XEA encrypted output on the PVR storage media.
  • the output produced by the DCR includes XEA encrypted output.
  • the PVR unit is operative to retrieve the stored XEA encrypted output from the PVR storage media.
  • the output retrieved by the PVR includes XEA encrypted output.
  • the DCR performs, as an atomic operation, decryption and decompression on the XEA encrypted output retrieved by the PVR.
  • a content-protected television system including a DCR, and a television unit, the television unit receiving the output produced by the DCR.
  • the television unit includes an analog television unit.
  • the television unit includes a digital television unit.
  • FIG. 1 is a generalized block diagram illustration of a clear compressed content control system constructed and operative in accordance with a preferred embodiment of the present invention
  • FIG. 2A is a generalized block diagram illustration of a system for producing scrambled compressed digital content, useful for understanding the operation of the system of FIG. 1 ;
  • FIG. 2B is a generalized block diagram illustration of an alternative system for producing scrambled compressed digital content, useful for understanding the operation of the system of FIG. 1 ;
  • FIG. 3 is a generalized block diagram illustration of a preferred implementation of the system of FIG. 1 , illustrating an implementation in which output is stored in a PVR;
  • FIG. 4 is a generalized block diagram illustration of an alternative preferred implementation of the system of FIG. 1 , illustrating an implementation in which output comprises compressed content;
  • FIG. 5 is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1 , illustrating an implementation in which output is displayed on an analog television;
  • FIG. 6A is a generalized block diagram illustration of yet another alternative preferred implementation of the system of FIG. 1 , illustrating an implementation in which output is not useable;
  • FIG. 6B is a generalized block diagram illustration of a preferred embodiment of control information, useful for understanding FIG. 6A ;
  • FIG. 7 is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1 , illustrating an implementation in which output is displayed on a digital television;
  • FIG. 8 is a generalized block diagram illustration of yet another alternative preferred implementation of the system of FIG. 1 , illustrating another implementation in which output is stored in a PVR;
  • FIG. 9 is a generalized block diagram illustration of still another alternative preferred implementation of the system of FIG. 1 , illustrating another implementation in which output is displayed on a digital television;
  • FIG. 10 is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1 , illustrating another implementation in which output is displayed on an analog television;
  • FIG. 11 is a generalized block diagram illustration of a mode of operation of the system of FIG. 1 , illustrating a mode in which compressed encrypted content is output;
  • FIG. 12 is a generalized block diagram illustration of an alternative mode of operation of the system of FIG. 1 , illustrating a mode in which clear uncompressed content is output;
  • FIG. 13 is a generalized block diagram illustration of an alternative mode of operation of the system of FIG. 1 , illustrating a mode in which clear compressed content is output;
  • FIG. 14 is a generalized block diagram illustration of an yet another alternative mode of operation of the system of FIG. 1 , illustrating a mode in which no output is to be produced;
  • FIG. 15 is a generalized block diagram illustration of an still another alternative mode of operation of the system of FIG. 1 , illustrating a mode in which clear compressed content is attempted to be output but no output is allowed;
  • FIG. 16 is a simplified flowchart illustration of a preferred method of operation of the system of FIG. 1 .
  • FIG. 1 is a generalized block diagram illustration of a clear compressed content control system constructed and operative in accordance with a preferred embodiment of the present invention.
  • the system of FIG. 1 comprises a digital content receiver (DCR) 5 .
  • the DCR 5 is preferably operative to receive scrambled compressed digital content and to produce therefrom one or more types of output in accordance with content control rules, as will be described in more detail below.
  • the DCR 5 may comprise a single integrated circuit.
  • the circuit described in this specification need not be embedded in fixed hardware; rather, all or part of the circuit described may be embedded in a removable security element, such as a smart card.
  • FIG. 2A is a generalized block diagram illustration of a system for producing scrambled compressed digital content, useful for understanding operation of the system of FIG. 1 .
  • the system of FIG. 2A is provided by way of example only and is not meant to be limiting.
  • clear content 10 typically comprising clear digital content
  • a compression device 20 compresses the clear content 10 , using any appropriate compression method, such as MPEG-2 or MPEG-4, as is well known in the art, to produce compressed clear digital content 30 .
  • the compressed clear digital content 30 is input to a broadcast scrambler 40 , which, using encryption methods known in the art, produces therefrom scrambled compressed digital content 50 .
  • encryption methods include DVB (refer to standard ETSI EN 301 192), DES, and 3DES (both DES and 3DES are described in Applied Cryptography , referred to above, at pp. 265-301).
  • FIG. 2B is a generalized block diagram illustration of an alternative system for producing scrambled compressed digital content, useful for understanding operation of the system of FIG. 1 .
  • the system of FIG. 2B is provided by way of example only and is not meant to be limiting.
  • the system of FIG. 2B is preferably similar to the system of FIG. 2A , and additionally comprises apparatus for implementing an “extra” encryption algorithm (XEA).
  • XEA extract encryption algorithm
  • Nonlimiting examples of encryption schemes usable for XEA which schemes are well known in the art, preferably include Diffie-Hellman (described in Applied Cryptography , referred to above, at pp. 513-516) and El-Gamal (refer to Applied Cryptography pgs. 532-533).
  • clear content 10 typically comprising clear digital content
  • a compression device 20 compresses the clear content 10 , using any appropriate compression method, as is well known in the art, to produce compressed clear digital content 30 .
  • the compressed clear digital content 30 is received by an XEA scrambler 240 , which produces therefrom XEA scrambled compressed digital content 230 .
  • the XEA scrambled compressed digital content 230 is input to the broadcast scrambler 40 .
  • the broadcast scrambler 40 produces therefrom broadcast scrambled XEA scrambled compressed digital content 250 using encryption methods similar to those described above with reference to FIG. 2A .
  • the DCR 5 preferably comprises the following components, each of which is typically implemented in either hardware, software, or a combination thereof:
  • a descrambler shown in FIG. 1 by way of example only as a local scrambling descrambler 100 . It is appreciated that the type of descrambler 100 provided in the system of FIG. 1 is chosen to correspond to a type of scrambling used to scramble content intended for the DCR 5 .
  • Examples of local scrambling would include, but not be limited to, such well known algorithms as AES (FIPS-197, described in csrc.nist.gov/publications/fips/fips197/fips-197.pdf), skipjack (FIPS-185, described in csrc.nist.gov/encryption/skipjack/skipjack.pdf), blowfish (described in Applied Cryptography , referred to above, at pp. 336-339), RC5 (described in Applied Cryptography , referred to above, at pp. 344-346), IDEA (described in Applied Cryptography , referred to above, at pp.
  • AES FIPS-197, described in csrc.nist.gov/publications/fips/fips197/fips-197.pdf
  • skipjack FIPS-185, described in csrc.nist.gov/encryption/skipjack/skipjack.pdf
  • blowfish described in Applied Cryptography ,
  • a broadcast descrambler 110 which is preferably operatively associated with the local scrambling descrambler 100 .
  • the broadcast descrambler 110 is preferably operative to receive the output produced by the local scrambling descrambler 100 and to perform broadcast descrambling thereon.
  • a local scrambler 120 which is preferably operatively associated with the broadcast descrambler 110 via a switch 140 .
  • the switch 140 is set to send output from the broadcast descrambler 110 to the local scrambler 120
  • the local scrambler 120 is preferably operative to receive said output and to perform local scrambling thereon. It is appreciated that, depending on the information in the control information 160 , the local scrambler 120 may alternatively take no scrambling action; in such a case the local scrambler 120 preferably produces output substantially identical to the input received by the local scrambler 120 .
  • a combined XEA decryptor and decode/decompressor (XDDC) 130 which is also preferably operatively associated with the broadcast descrambler 110 via the switch 140 .
  • the switch 140 is set to send output from the broadcast descrambler 110 to the XDDC 130
  • the XDDC 130 is preferably operative to receive said output and to perform both XEA decryption and decoding/decompression thereon.
  • decryption and decoding/decompression in the XDDC 130 comprise an atomic operation.
  • the XDDC 130 is designed in such a way that the XDDC 130 must perform decoding and decompressing together.
  • the XDDC 130 will not perform decoding alone, nor will the XDDC perform decompressing alone.
  • Anti-tamper techniques which are well known in the art, are preferably used to ensure the integrity of the XDDC 130 .
  • XEA refers to any appropriate encryption scheme.
  • Nonlimiting examples of encryption schemes usable for XEA might preferably include Diffie-Hellman and El-Gamal.
  • the key (also referred to herein as a “control word”) for XEA is preferably provided by a conditional access system broadcasting an entitlement control message, as is known in the art.
  • a device such as a set-top box or PVR, in which the DCR 5 may preferably be comprised, receives the entitlement control message. Using techniques known in the art, the device (not shown in FIG. 1 ) derives the control word from the entitlement control message and provides the control word to the DCR 5 .
  • a plurality of switches shown in FIG. 1 as the first switch 140 and the second switch 150 described above. As will be described in more detail below, the plurality of switches preferably also includes other switches (not shown in FIG. 1 ). Each of the plurality of switches is preferably set in accordance with control information 160 received by the DCR 5 .
  • the control information 160 is preferably determined, at least in part, by an owner or controller (not shown) of digital content (not shown in FIG. 1 ) sent to the DCR 5 .
  • the control information 160 is also preferably determined, at least in part, based on input of a user of the DCR 5 , requesting to make use of the digital content in a particular way.
  • the control information 160 is also preferably determined, at least in part, based on receiver policy. The control information 160 and the manner in which the plurality of switches are preferably set are described in more detail below.
  • each of the local scrambling descrambler 100 ; the broadcast descrambler 110 ; the local scrambler 120 ; and the XDDC 130 in the system of FIG. 1 may be either preferably operational or non-operational.
  • the local scrambling descrambler 100 may or may not perform local scrambling descrambling.
  • the local scrambler 120 may or may not perform local scrambling.
  • the DCR 5 also preferably comprises other components (not shown), which typically comprise conventional components well known in the art of content receivers.
  • components typically comprise conventional components well known in the art of content receivers.
  • Non-limiting examples of such components include tuners, demultiplexers, and digital-to-analog converters.
  • Various modes of operation of the system of FIG. 1 are determined based on the control information 160 received by the DCR 5 .
  • the first switch 140 is set to 0 and the second switch 150 is set to 1, preventing any output from being produced by the DCR 5 ; this is intended to guarantee that output based on any particular item of digital content is controlled only on the basis of control information 160 associated with that item of digital content.
  • digital data is particularly valuable in its clear compressed format because a recipient without authorization can easily use clear compressed digital data. Furthermore, digital data in its clear compressed format is easily transmitted. Therefore, it is an object of the present invention, in certain preferred embodiments thereof, to prevent the output of clear compressed content when the control information 160 does not permit such output.
  • FIG. 3 is a generalized block diagram illustration of a preferred implementation of the system of FIG. 1 .
  • broadcast scrambled, XEA scrambled compressed content 250 is received as input by a device 310 , comprising the DCR 5 .
  • the device 310 would be a set-top box (STB) or personal video recorder (PVR).
  • STB set-top box
  • PVR personal video recorder
  • the broadcast scrambled, XEA scrambled compressed content 250 bypasses the DCR 5 in order to be output as broadcast scrambled, XEA scrambled compressed content 250 to storage media (not shown in FIG.
  • PVR 320 may comprise the same unit or may share components with the DCR 5 , and is shown as a separate unit in FIG. 3 for illustrative purposes only.
  • FIG. 4 is a generalized block diagram illustration of an alternative preferred implementation of the system of FIG. 1 .
  • broadcast scrambled content 50 is input into a device 310 , comprising the DCR 5 .
  • the device 310 would be a STB or PVR.
  • the broadcast scrambled content 50 is input to the broadcast descrambler 110 , producing compressed clear digital content 30 .
  • the compressed clear digital content 30 is output from the system.
  • FIG. 4 is useful when the broadcast scrambled content 50 comprises interactive television data and does not comprise valuable video content.
  • FIG. 5 is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1 .
  • broadcast scrambled, XEA scrambled compressed content 250 is input into the device 310 , comprising the DCR 5 .
  • Non-limiting examples of the device 310 would be a STB or PVR.
  • the broadcast scrambled content, XEA scrambled compressed content 250 is input to the broadcast descrambler 110 , producing XEA scrambled compressed content 230 .
  • the XEA scrambled compressed content 230 is then input into the XDDC 130 , which, in an atomic operation, produces clear content 10 .
  • the clear content 10 thus produced is input into an analog television 510 for viewing.
  • FIG. 6A is generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1 .
  • the device 310 preferably comprising the DCR 5 .
  • Non-limiting examples of the device 310 would be a STB or PVR.
  • FIG. 6B is a generalized illustration of several elements which are preferably comprised in control information 160 , useful for understanding FIG. 6A .
  • Control information 160 preferably comprises: an owner or controller usage rule 610 ; a digital receiver policy 620 ; and user input 630 .
  • At least one element of the owner or controller usage rule 610 , and/or the digital receiver policy 620 prohibit decryption.
  • the user attempts to use user input 630 of the control information 160 in order to override the decryption prohibition resulting from the combination of owner or controller usage rule 610 and the digital receiver policy 620 .
  • the broadcast scrambled content 250 is input to the broadcast descrambler 110 , producing XEA scrambled compressed content 230 .
  • the XEA scrambled compressed content 230 output is not decrypted.
  • FIG. 7 is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1 .
  • broadcast scrambled, XEA scrambled compressed content 250 is input into the device 310 comprising the DCR 5 .
  • Non-limiting examples of the device 310 would be a STB or PVR.
  • the broadcast scrambled, XEA scrambled compressed content 250 is input to the broadcast descrambler 110 , producing XEA scrambled compressed content 230 .
  • the XEA scrambled compressed content 230 is input into the local scrambler 120 which outputs local scrambled, XEA scrambled compressed content 710 .
  • the local scrambled, XEA scrambled compressed content 710 is output by the device 310 and input into a digital television 720 .
  • the local scrambled, XEA scrambled compressed content 710 is input into the local scrambling descrambler 730 , producing XEA scrambled compressed content 230 .
  • the XEA scrambled compressed content 230 is input into the XDDC 130 , which in an atomic operation produces clear content 10 , suitable for viewing.
  • first generation control information 160 is reflected in second generation control information 860 .
  • first generation control information 160 being reflected in second generation control information 860 would be, as discussed above, the DTCP specification basic copy states.
  • a specific non-limiting example of the operation of first and second generation control information would be where first generation control information 160 allows copy once; in such a case, the second generation control information 860 for the copy would allow no further copying.
  • Another specific non-limiting example would be where the first generation control information 160 allows copy freely; the second generation control information 860 would also allow copy freely.
  • FIG. 8 is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1 .
  • the device 310 comprising a DCR 5 .
  • a non-limiting example of the device 310 would be a STB or PVR.
  • the broadcast scrambled, XEA scrambled compressed content 250 is input to the broadcast descrambler 110 .
  • the broadcast descrambler 110 takes no action. It is appreciated that the broadcast scrambler 110 preferably comprises an internal switch (not shown), which, based on the control information 160 , is set to take no action.
  • the broadcast scrambled, XEA scrambled compressed content 250 is input to the local scrambler 120 .
  • the local scrambler 120 outputs locally scrambled broadcast scrambled XEA scrambled compressed content 810 .
  • the locally scrambled broadcast scrambled XEA scrambled compressed content 810 is then output to a PVR 820 .
  • the PVR 820 may comprise the same unit or may share components with the device 310 , and is shown as a separate unit in FIG. 8 for illustrative purposes only. Should the PVR 820 comprise the same unit as the device 310 , it is appreciated that the locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 would preferably comprise locally scrambled, broadcast scrambled, XEA scrambled compressed content 850 .
  • the locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 is then input into a local scrambling descrambler 830 , producing broadcast scrambled, XEA scrambled compressed content 250 .
  • the broadcast scrambled, XEA scrambled compressed content 250 is input into a broadcast descrambler 110 .
  • the broadcast descrambler 110 takes no action, and the broadcast scrambled, XEA scrambled compressed content 250 is input to the local scrambler 120 .
  • the second generation control information 860 preferably differs from the control information 160 , as explained above in reference to FIG. 7 .
  • the local scrambler 120 outputs locally scrambled, broadcast scrambled, XEA scrambled compressed content 850 .
  • the locally scrambled, broadcast scrambled, XEA scrambled compressed content 850 is then stored on a PVR storage disk 840 .
  • the locally scrambled, broadcast scrambled, XEA scrambled compressed content 850 preferably differs from the locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 in that a different control word is preferably used in local scrambling.
  • control information 160 With reference to the second generation control information 860 , it is appreciated that in all cases where there is control information 160 and a second generation of control information 860 , the original control information 160 is preferably reflected in the second generation of control information 860 , as described above more fully with reference to FIG. 7 .
  • FIG. 9 is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1 .
  • the device 310 comprising a DCR 5 .
  • a non-limiting example of the device 310 would be a STB or PVR.
  • the broadcast scrambled, XEA scrambled compressed content 250 is input to the broadcast descrambler 110 .
  • the broadcast descrambler 110 takes no action, and the broadcast scrambled, XEA scrambled compressed content 250 is input to the local scrambler 120 .
  • the local scrambler 120 outputs locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 .
  • the locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 is then output to a PVR 820 .
  • the PVR 820 may be comprised in the device 310 , or may reside externally thereto, as illustrated in FIG. 9 .
  • the broadcast scrambled, XEA scrambled compressed content 250 is input into the broadcast descrambler 110 , producing XEA scrambled, compressed encrypted content 230 .
  • the XEA scrambled, compressed encrypted content 230 is then input directly into the local scrambler 120 , producing locally scrambled, XEA scrambled compressed content 710 , as described below.
  • the locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 is then input into a local scrambling descrambler 830 , producing broadcast scrambled, XEA scrambled compressed content 250 .
  • the broadcast scrambled, XEA scrambled compressed content 250 is input into a broadcast descrambler 110 .
  • control information 160 With reference to the second generation control information 860 , it is appreciated that in all cases where there is control information 160 and a second generation of control information 860 , the original control information 160 is preferably reflected in the second generation of control information 860 , as described above more fully with reference to FIG. 7 .
  • the broadcast descrambler 110 outputs XEA scrambled compressed content 230 , which is input into a local scrambler 120 .
  • the local scrambler 120 produces locally scrambled, XEA scrambled compressed content 710 which is input into a digital television 720 .
  • XEA scrambled compressed content 710 is input into a local scrambling descrambler 730 , producing XEA compressed content 230 .
  • the XEA compressed content 230 is input into the XDDC 130 , which performs an atomic operation producing clear content 10 suitable for viewing.
  • FIG. 10 is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1 .
  • broadcast scrambled, XEA scrambled compressed content 250 is input into a device 310 , comprising the DCR 5 .
  • Non-limiting examples of the device 310 would be a STB or PVR.
  • the broadcast scrambled, XEA scrambled compressed content 250 is input to the broadcast descrambler 110 .
  • the broadcast descrambler 110 takes no action, and the broadcast scrambled, XEA scrambled compressed content 250 is input to the local scrambler 120 .
  • the local scrambler 120 outputs locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 .
  • the locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 is then output to a PVR 820 .
  • the PVR 820 may comprise the same unit or may share components with the device 310 , and is shown as a separate unit in FIG. 10 for illustrative purposes only.
  • the locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 is then input into an local scrambling descrambler 830 , producing broadcast scrambled, XEA scrambled compressed content 250 .
  • the broadcast scrambled, XEA scrambled compressed content 250 is input into a broadcast descrambler 110 .
  • control information 160 With reference to the second generation control information 860 , it is appreciated that in all cases where there is control information 160 and a second generation of control information 860 , the original control information 160 is preferably reflected in the second generation of control information 860 , as described above more fully with reference to FIG. 7 .
  • the broadcast descrambler 110 outputs XEA scrambled compressed content 230 which is input into the XDDC 130 .
  • the XDDC 130 performs an atomic operation outputting clear content 10 , suitable for viewing on an analog television 510 .
  • excluded modes refers to modes of operation of the system of FIG. 1 , which are permitted by the owner or controller of the item of digital content received by the DCR 5 .
  • FIG. 11 is a generalized block diagram illustration of the system of FIG. 1 , illustrating a mode in which compressed encrypted content is output.
  • locally scrambled, broadcast scrambled, compressed content 70 is input to the DCR 5 .
  • the broadcast scrambled, compressed content 70 is descrambled by the local scrambler descrambler 100 producing broadcast scrambled, compressed content 50 .
  • the broadcast scrambled, compressed content 50 is descrambled by the broadcast descrambler 110 , producing compressed clear digital content 30 .
  • the first switch 140 is set in accordance with the control information 160 received by the DCR 5 to output compressed clear digital content 30 to the local scrambler 120 .
  • the local scrambler 120 scrambles the compressed clear digital content 30 , producing compressed locally scrambled output 310 .
  • the second switch 150 is set in accordance with control information 160 received by the DCR 5 to allow output of the compressed locally scrambled output 310 .
  • FIG. 12 is a generalized block diagram illustration of the system of FIG. 1 , illustrating a mode in which clear uncompressed content is to be output.
  • locally scrambled, broadcast scrambled, XEA scrambled compressed content 270 is input to the DCR 5 .
  • the locally scrambled, broadcast scrambled, XEA scrambled compressed content 270 is descrambled by the local scrambling descrambler 100 producing broadcast scrambled, XEA scrambled compressed content 250 .
  • the broadcast scrambled, XEA scrambled compressed content 250 is descrambled by the broadcast descrambler 110 , producing XEA scrambled compressed content 230 .
  • the first switch 140 is set in accordance with control information 160 received by the DCR 5 to output the XEA scrambled compressed content 230 to the XDDC 130 .
  • the XEA scrambled compressed content 230 is XEA decrypted and decompressed by the XDDC 130 , which performs an atomic operation producing uncompressed clear content 10 .
  • the second switch 150 is not relevant to the operation of producing uncompressed clear content 10 ; therefore, the setting of the second switch 150 is preferably not changed from the default position thereof.
  • Inputs not depicted include: locally scrambled XEA scrambled compressed content and broadcast scrambled XEA scrambled compressed content.
  • the mode of operation shown in FIG. 12 produces uncompressed clear content 10 .
  • FIG. 13 is a generalized block diagram illustration of the system of FIG. 1 , illustrating a mode in which clear compressed content is to be output.
  • locally scrambled, broadcast scrambled, compressed content 70 is input to the DCR 5 .
  • the locally scrambled, broadcast scrambled, compressed content 70 is descrambled by the local scrambling descrambler 100 producing broadcast scrambled, compressed content 50 .
  • the broadcast scrambled, compressed content 50 is descrambled by the broadcast descrambler 110 , producing compressed clear digital content 30 .
  • the first switch 140 is set in accordance with control information 160 received by the DCR 5 to output compressed clear digital content 30 to the local scrambler 120 .
  • the local scrambler 120 does not scramble the compressed clear digital content 30 ; the local scrambler 120 preferably passes the received input as its output with no change.
  • the local scrambler 120 preferably comprises an internal switch (not shown), which in the present implementation is set to take no action.
  • the second switch 150 is set in accordance with control information 160 received by the DCR 5 to allow output of the compressed clear digital content 30 .
  • FIG. 14 is a generalized block diagram illustration of the system of FIG. 1 , illustrating a mode in which no output is to be produced.
  • locally scrambled, broadcast scrambled, compressed content 70 is input to the DCR 5 .
  • the locally scrambled, broadcast scrambled, compressed content 70 is descrambled by the local scrambling descrambler 100 producing broadcast scrambled, compressed content 50 .
  • the broadcast scrambled, compressed content 50 is not descrambled by the broadcast descrambler 110 , and is thus useless.
  • the local scrambler 120 scrambles the broadcast scrambled, compressed content 50 producing locally scrambled, broadcast scrambled, compressed content 310 .
  • Inputs not depicted include: locally scrambled compressed content and broadcast scrambled compressed content.
  • locally scrambled compressed content and broadcast scrambled compressed content in the absence of valid control information 160 , similarly to the case where locally scrambled, broadcast scrambled, compressed content 70 is input, the mode of operation shown in FIG. 14 produces no useful output.
  • V. Clear Compressed Content is Attempted to be Output, not in Accordance with the Control Information 160 .
  • FIG. 15 is a generalized block diagram illustration of the system of FIG. 1 , illustrating a mode in which clear compressed content is attempted to be output, not in accordance with the control information 160 . It is appreciated that substitute control information 1560 is input to the DCR 5 by a person attempting to produce output not in accordance with control information 160 .
  • locally scrambled, broadcast scrambled, XEA scrambled, compressed content 270 is input to the DCR 5 .
  • the locally scrambled, broadcast scrambled, XEA scrambled, compressed content 270 is descrambled by the local scrambling descrambler 100 , which outputs broadcast scrambled, XEA scrambled, compressed content 250 .
  • the broadcast scrambled, XEA scrambled, compressed content 250 is descrambled by the broadcast descrambler 110 , producing XEA scrambled, compressed content 230 .
  • the first switch 140 is set in accordance with substitute control information 1560 received by the DCR 5 to output XEA scrambled, compressed content 230 to the local scrambler 120 .
  • the XEA scrambled, compressed content 230 bypasses the local scrambler 120 .
  • the local scrambler 120 thereby preferably outputs XEA scrambled, compressed content 230 .
  • the second switch 150 in the presence of substitute control information 1560 is set to 0, so that the DCR 5 outputs XEA scrambled, compressed content 230 .
  • the XEA scrambled, compressed encrypted content 230 is unusable because it bypassed the XDDC 130 , and the XEA encryption was never removed.
  • Inputs not depicted include: locally scrambled compressed content and broadcast scrambled compressed content.
  • locally scrambled compressed content and broadcast scrambled compressed content in accordance with the control information 160 , similarly to the case where locally scrambled, broadcast scrambled, compressed content 70 is input, the mode of operation shown in FIG. 15 produces useless compressed encrypted output 230 .
  • FIG. 16 is a simplified flowchart illustration of a preferred method of operation of the system of FIG. 1 .
  • the method of FIG. 16 preferably comprises the following steps:
  • Compressed digital content is received (step 810 ). If the rule referred to below in step 820 does not allow a clear compressed output format, the compressed encrypted digital content is provided in a form which prevents production of clear compressed output as explained below in step 830 . For example, and without limiting the generality of the foregoing, if the rule does not allow clear compressed output, the compressed encrypted digital content is provided as XEA encrypted content, as described above in reference to FIG. 15 .
  • An output format for the compressed digital content is determined, the output format being based, at least in part, on all of the following: a user-requested output format; received control information; and a rule determining whether a clear compressed output format is allowed (step 820 ).
  • Output is produced from the compressed digital content based on a result of step 820 (step 830 ). If the control information that does not permit clear compressed output has been replaced by unauthorized control information that permits clear compressed output, then the result of attempting to produce clear compressed will not be usable, as described above with reference to FIG. 15 .

Abstract

A method and an apparatus for protecting digital content, in which an output format for received compressed encrypted digital content is determined based, at least in part, on a rule determining whether clear compressed output format is allowed. When the clear compressed output format is not allowed, the content is received in a form in which it has been encrypted by at least two different encryption methods, and processing of the content comprises a combination of decrypting in accordance with one of the encryption methods and decompression in an atomic operation.

Description

    FIELD OF THE INVENTION
  • The present invention relates to delivery of digital content, and more particularly to systems for controlling the delivery of digital content based on rules.
    • BACKGROUND OF THE INVENTION
  • The IEEE 1394 high-speed serial bus provides enhanced PC connectivity for consumer electronics audio/video (A/V) appliances, storage peripherals, other PCs, and portable devices, making it possible to transfer content quickly and efficiently around such devices. An industry developed standard, DTCP (5C) copy protection scheme (Digital Transmission Content Protection Specification, Vol. 1, available at www.dtcp.com/info_dtcp_v1.pdf), provides content protection against the unauthorized copying and transmission of digital images and sound. DTCP was developed to encrypt digital content as it moves over an IEEE 1394 interface from pay television systems like cable and satellite. The DTCP scheme supports capabilities such as moving copies from personal video recorders to removable digital tape or disc recordings, and transferring copies among servers located in different places in a home. DTCP technology includes three basic copy control states, designated Copy Freely, Copy One Generation, and Copy Never, any of which can be applied to particular items of content. The DTCP system thus enables generations of control information, where the copy control state of data in a particular location directly affects the next generation copy control state, dependant on the particular copy control in use for the first generation.
  • In general, pay television systems, as well as MPEG (ISO/IEC JTC1/SC29/WG11)/DVD have been designed to protect content, while controlling the transport stream and delivering clear uncompressed content for display. (DVD specifications are available on the Internet at ecma:ch. Specific specifications include ECMA-267 (97) 120 mm DVD-Read-Only Disk; ECMA-268 (97) 80 mm DVD-Read-Only Disk; and ECMA-272 (99) 120 DVD Rewriteable Disk (DVD-RAM) also published as ISO-IEC 16824).
  • Digital data is particularly valuable in its clear compressed format, as clear compressed digital data can easily be transmitted because of its size. Additionally, every copy of clear compressed digital data is identical. End to end content protection has shown the importance of maintaining the data encrypted until it is being used; see, for example, the discussion in NDS marketing white paper XTV Persistent End-to-End Content Protection (30 Jul. 2002 publication number XT-M164).
  • When encrypted video has been decrypted, it still cannot be used until it has been decompressed and decoded. However, other data types are used in the format derived by decryption, with no further processing. For example, related but not limited to television programming, interactive data and metadata (for example program titles) typically require no further processing after decryption. As a result, by “pretending” that video data is not video, it may be possible to fool a system into delivering video in clear compressed format. The video data can then be disseminated rapidly, bypassing all content protection and conditional access schemes.
  • Throughout the present specification, various encryption algorithms are referred to. Information on the encryption algorithms referred to can be found in Bruce Schneier, Applied Cryptography, second edition, 1996, John Wiley and Sons; and in Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, A Handbook of Applied Cryptography, 1997, CRC Press.
  • The disclosures of all references mentioned above and throughout the present specification are hereby incorporated herein by reference.
    • SUMMARY OF THE INVENTION
  • Given the shortcomings of the prior art as described above, it is desirable to provide a mechanism that controls whether scrambled compressed content can be used: in clear compressed format; or only after decoding.
  • The present invention, in preferred embodiments thereof, seeks to provide an improved mechanism whereby additional security features are added to a video processor. Preferably, the additional security features include headend control which explicitly determines whether the content can be output clear compressed or not. The headend control is enforced in preferred embodiments of the present invention by providing content which is protected by additional encryption and by utilizing an additional decryption element that is only accessible when preparing clear uncompressed content.
  • The term “headend” is used throughout the present specification and claims to include any hardware and software used to prepare digital data for distribution; such preparation typically includes encrypting, compressing and multiplexing the digital data.
  • The term “data” is used throughout the present specification and claims to include one or more of the following: video; audio; teletext; interactive applications; and metadata. Metadata typically includes one or more of the following: program specific information; service information; electronic program guide information; or any other metadata which might be included in a broadcast stream.
  • The term “clear” is used throughout the present specification to refer to a state of data which is neither scrambled nor encrypted. For example, and without limiting the generality of the foregoing, the term “clear compressed data” refers to compressed data which is neither scrambled nor encrypted.
  • The term “render” is used, in all of its grammatical forms, throughout the present specification and claims to refer to any appropriate mechanism or method of making content palpable to one or more of the senses. In particular and without limiting the generality of the foregoing, “render” refers not only to display of video content but also to playback of audio content.
  • The term “null compression” is used throughout the present specification and claims to mean not compressed.
  • There is thus provided in accordance with a preferred embodiment of the present invention a method for protecting digital content including receiving compressed encrypted digital content, determining an output format based, at least in part, on all of the following a user-requested output format, received control information, and a rule determining whether a clear compressed output format is allowed, and producing output from the compressed digital content based on a result of the determining, wherein, if the rule does not allow clear compressed output format, the compressed encrypted digital content is provided in a form which prevents production of clear compressed output in the producing step.
  • Further in accordance with a preferred embodiment of the present invention the form which prevents production of clear compressed output includes compressed encrypted digital content, additionally encrypted in accordance with a second encryption method, and the producing includes decrypting in accordance with the second encryption method, and decompressing, and the producing includes an atomic operation.
  • Still further in accordance with a preferred embodiment of the present invention the method includes providing an output-producing hardware device, wherein at least the producing is performed in the hardware device.
  • Additionally in accordance with a preferred embodiment of the present invention the hardware device is characterized by a device profile, and the determining is also based, at least in part, on the device profile.
  • Moreover in accordance with a preferred embodiment of the present invention the determining is also performed in the hardware device.
  • Further in accordance with a preferred embodiment of the present invention the hardware device is included in a single integrated circuit.
  • Still further in accordance with a preferred embodiment of the present invention the integrated circuit is included in a smart card.
  • Additionally in accordance with a preferred embodiment of the present invention the method includes rendering the output sensible to at least one human sense.
  • Moreover in accordance with a preferred embodiment of the present invention the rendering includes at least one of the following: audio rendering; visual rendering; and audio/visual rendering.
  • Further in accordance with a preferred embodiment of the present invention the compression includes null compression.
  • Still further in accordance with a preferred embodiment of the present invention local scrambling is applied to the content.
  • Additionally in accordance with a preferred embodiment of the present invention no output is produced.
  • There is also provided in accordance with another preferred embodiment of the present invention apparatus for protecting digital content including a digital content receiver receiving compressed encrypted digital content, an output format determination unit determining an output format based, at least in part, on all of the following: a user-requested output format; received control information; and a rule determining whether a clear compressed output format is allowed, and a content output unit producing output from the compressed digital content based on a result produced by the output format determination unit, wherein, if the rule does not allow clear compressed output format, the compressed encrypted digital content is provided to the digital content receiver in a form which prevents production of clear compressed output by the content output unit.
  • Further in accordance with a preferred embodiment of the present invention the form which prevents production of clear compressed output includes compressed encrypted digital content, additionally encrypted in accordance with a second encryption method, and the content output unit includes a decrypting unit decrypting in accordance with the second encryption method, and decompressing apparatus, and the content output unit produces output in an atomic operation.
  • Still further in accordance with a preferred embodiment of the present invention the apparatus includes an output-producing hardware device, wherein at least the content output unit is included in the hardware device.
  • Additionally in accordance with a preferred embodiment of the present invention the hardware device is characterized by a device profile, and the output format determination unit determines the output format based, at least in part, on the device profile.
  • Moreover in accordance with a preferred embodiment of the present invention the output format determination unit is also included in the hardware device.
  • Further in accordance with a preferred embodiment of the present invention the hardware device is included in a single integrated circuit.
  • Still further in accordance with a preferred embodiment of the present invention the integrated circuit is included in a smart card.
  • Additionally in accordance with a preferred embodiment of the present invention the apparatus includes a rendering device which renders the output sensible to at least one human sense.
  • Moreover in accordance with a preferred embodiment of the present invention the rendering device includes at least one of the following: an audio rendering device; a visual rendering device; and an audio/visual rendering device.
  • Further in accordance with a preferred embodiment of the present invention the compression includes null compression.
  • Still further in accordance with a preferred embodiment of the present invention local compression is applied to the content.
  • Additionally in accordance with a preferred embodiment of the present invention no output is produced.
  • There is also provided in accordance with yet another preferred embodiment of the present invention a digital content receiver (DCR) including: a local scrambling descrambler; a broadcast descrambler receiving an output produced by the local scrambling descrambler; a local scrambler, a combined extra encryption algorithm decryptor and decoder/decompressor (XDDC), and a switch operative to provide an output of the broadcast descrambler to exactly one of the local scrambler and the XDDC, wherein the DCR is operative to receive control information and compressed encrypted digital content, and at least the setting of the switch is determined, at least in part, by the control information, and the DCR is operative to produce an output based on all of the following: the compressed digital content; a user-requested output format; the received control information; and a rule determining whether a clear compressed output format is allowed, and if the rule does not allow clear compressed output format, the compressed encrypted digital content is provided to the DCR in a form which prevents production of clear compressed output as the output of the DCR.
  • Further in accordance with a preferred embodiment of the present invention the local scrambling descrambler is operative to perform exactly one of the following operations based, at least in part, on the received control information: receive an input and produce an output substantially identical to the received input; and receive an input, and perform descrambling on the received input, thereby producing an output.
  • Still further in accordance with a preferred embodiment of the present invention the local scrambler is operative to perform exactly one of the following operations based, at least in part, on the received control information receive an input and produce an output substantially identical to the received input, and receive an input and perform local scrambling on the received input, thereby producing an output.
  • Additionally in accordance with a preferred embodiment of the present invention the DCR includes an output-producing hardware device, wherein at least the content output unit is included in the hardware device.
  • Moreover in accordance with a preferred embodiment of the present invention the hardware device is included in a single integrated circuit.
  • Further in accordance with a preferred embodiment of the present invention the integrated circuit is included in a smart card.
  • Still further in accordance with a preferred embodiment of the present invention the DCR includes a rendering device which renders the output sensible to at least one human sense.
  • Additionally in accordance with a preferred embodiment of the present invention the rendering device includes at least one of the following an audio rendering device, a visual rendering device, and an audio/visual rendering device.
  • Moreover in accordance with a preferred embodiment of the present invention the XDDC is operative, based, at least in part, on the received control information, to receive an input, and descramble and decode the received input in an atomic operation, thereby producing an output.
  • There is also provided in accordance with yet another preferred embodiment of the present invention a content-protected personal video recorder (PVR) including a DCR, and a PVR unit including PVR storage media, the PVR unit receiving the output produced by the DCR.
  • Further in accordance with a preferred embodiment of the present invention the PVR unit is operative to store the received output on the PVR storage media.
  • Still further in accordance with a preferred embodiment of the present invention the output produced by the DCR includes locally scrambled output.
  • Additionally in accordance with a preferred embodiment of the present invention the PVR unit is operative to retrieve the stored output from the PVR storage media.
  • Moreover in accordance with a preferred embodiment of the present invention the output retrieved by the PVR includes locally scrambled output.
  • Further in accordance with a preferred embodiment of the present invention the DCR performs at least one of the following on the locally scrambled output retrieved by the PVR decryption, and decompression.
  • Still further in accordance with a preferred embodiment of the present invention the PVR unit is operative to store received XEA encrypted output on the PVR storage media.
  • Additionally in accordance with a preferred embodiment of the present invention the output produced by the DCR includes XEA encrypted output.
  • Moreover in accordance with a preferred embodiment of the present invention the PVR unit is operative to retrieve the stored XEA encrypted output from the PVR storage media.
  • Further in accordance with a preferred embodiment of the present invention the output retrieved by the PVR includes XEA encrypted output.
  • Still further in accordance with a preferred embodiment of the present invention the DCR performs, as an atomic operation, decryption and decompression on the XEA encrypted output retrieved by the PVR.
  • There is also provided in accordance with yet another preferred embodiment of the present invention a content-protected television system including a DCR, and a television unit, the television unit receiving the output produced by the DCR.
  • Further in accordance with a preferred embodiment of the present invention the television unit includes an analog television unit.
  • Still further in accordance with a preferred embodiment of the present invention the television unit includes a digital television unit.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present invention will be understood and appreciated more fully from the following detailed description, taken in conjunction with the drawings in which:
  • FIG. 1 is a generalized block diagram illustration of a clear compressed content control system constructed and operative in accordance with a preferred embodiment of the present invention;
  • FIG. 2A is a generalized block diagram illustration of a system for producing scrambled compressed digital content, useful for understanding the operation of the system of FIG. 1;
  • FIG. 2B is a generalized block diagram illustration of an alternative system for producing scrambled compressed digital content, useful for understanding the operation of the system of FIG. 1;
  • FIG. 3 is a generalized block diagram illustration of a preferred implementation of the system of FIG. 1, illustrating an implementation in which output is stored in a PVR;
  • FIG. 4 is a generalized block diagram illustration of an alternative preferred implementation of the system of FIG. 1, illustrating an implementation in which output comprises compressed content;
  • FIG. 5 is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1, illustrating an implementation in which output is displayed on an analog television;
  • FIG. 6A is a generalized block diagram illustration of yet another alternative preferred implementation of the system of FIG. 1, illustrating an implementation in which output is not useable;
  • FIG. 6B is a generalized block diagram illustration of a preferred embodiment of control information, useful for understanding FIG. 6A;
  • FIG. 7 is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1, illustrating an implementation in which output is displayed on a digital television;
  • FIG. 8 is a generalized block diagram illustration of yet another alternative preferred implementation of the system of FIG. 1, illustrating another implementation in which output is stored in a PVR;
  • FIG. 9 is a generalized block diagram illustration of still another alternative preferred implementation of the system of FIG. 1, illustrating another implementation in which output is displayed on a digital television;
  • FIG. 10 is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1, illustrating another implementation in which output is displayed on an analog television;
  • FIG. 11 is a generalized block diagram illustration of a mode of operation of the system of FIG. 1, illustrating a mode in which compressed encrypted content is output;
  • FIG. 12 is a generalized block diagram illustration of an alternative mode of operation of the system of FIG. 1, illustrating a mode in which clear uncompressed content is output;
  • FIG. 13 is a generalized block diagram illustration of an alternative mode of operation of the system of FIG. 1, illustrating a mode in which clear compressed content is output;
  • FIG. 14 is a generalized block diagram illustration of an yet another alternative mode of operation of the system of FIG. 1, illustrating a mode in which no output is to be produced;
  • FIG. 15 is a generalized block diagram illustration of an still another alternative mode of operation of the system of FIG. 1, illustrating a mode in which clear compressed content is attempted to be output but no output is allowed; and
  • FIG. 16 is a simplified flowchart illustration of a preferred method of operation of the system of FIG. 1.
    •  DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT
  • Reference is now made to FIG. 1, which is a generalized block diagram illustration of a clear compressed content control system constructed and operative in accordance with a preferred embodiment of the present invention.
  • The system of FIG. 1 comprises a digital content receiver (DCR) 5. The DCR 5 is preferably operative to receive scrambled compressed digital content and to produce therefrom one or more types of output in accordance with content control rules, as will be described in more detail below. Persons skilled in the art will appreciate that the DCR 5 may comprise a single integrated circuit. Persons skilled in the art will further appreciate that the circuit described in this specification need not be embedded in fixed hardware; rather, all or part of the circuit described may be embedded in a removable security element, such as a smart card.
  • Reference is now additionally made to FIG. 2A, which is a generalized block diagram illustration of a system for producing scrambled compressed digital content, useful for understanding operation of the system of FIG. 1. The system of FIG. 2A is provided by way of example only and is not meant to be limiting.
  • In the system illustrated in FIG. 2A, clear content 10, typically comprising clear digital content, is input. A compression device 20 compresses the clear content 10, using any appropriate compression method, such as MPEG-2 or MPEG-4, as is well known in the art, to produce compressed clear digital content 30.
  • The compressed clear digital content 30 is input to a broadcast scrambler 40, which, using encryption methods known in the art, produces therefrom scrambled compressed digital content 50. Non-limiting examples of such encryption methods include DVB (refer to standard ETSI EN 301 192), DES, and 3DES (both DES and 3DES are described in Applied Cryptography, referred to above, at pp. 265-301).
  • Reference is now additionally made to FIG. 2B, which is a generalized block diagram illustration of an alternative system for producing scrambled compressed digital content, useful for understanding operation of the system of FIG. 1. The system of FIG. 2B is provided by way of example only and is not meant to be limiting.
  • The system of FIG. 2B is preferably similar to the system of FIG. 2A, and additionally comprises apparatus for implementing an “extra” encryption algorithm (XEA). Nonlimiting examples of encryption schemes usable for XEA, which schemes are well known in the art, preferably include Diffie-Hellman (described in Applied Cryptography, referred to above, at pp. 513-516) and El-Gamal (refer to Applied Cryptography pgs. 532-533).
  • In the system illustrated in FIG. 2B, clear content 10, typically comprising clear digital content, is received: A compression device 20 compresses the clear content 10, using any appropriate compression method, as is well known in the art, to produce compressed clear digital content 30.
  • The compressed clear digital content 30 is received by an XEA scrambler 240, which produces therefrom XEA scrambled compressed digital content 230.
  • The XEA scrambled compressed digital content 230 is input to the broadcast scrambler 40. The broadcast scrambler 40 produces therefrom broadcast scrambled XEA scrambled compressed digital content 250 using encryption methods similar to those described above with reference to FIG. 2A.
  • Referring back to FIG. 1, the DCR 5 preferably comprises the following components, each of which is typically implemented in either hardware, software, or a combination thereof:
  • 1. A descrambler, shown in FIG. 1 by way of example only as a local scrambling descrambler 100. It is appreciated that the type of descrambler 100 provided in the system of FIG. 1 is chosen to correspond to a type of scrambling used to scramble content intended for the DCR 5. Examples of local scrambling would include, but not be limited to, such well known algorithms as AES (FIPS-197, described in csrc.nist.gov/publications/fips/fips197/fips-197.pdf), skipjack (FIPS-185, described in csrc.nist.gov/encryption/skipjack/skipjack.pdf), blowfish (described in Applied Cryptography, referred to above, at pp. 336-339), RC5 (described in Applied Cryptography, referred to above, at pp. 344-346), IDEA (described in Applied Cryptography, referred to above, at pp. 319-325), two fish (described on the Internet at www.counterpane.com/twofish.html), DEAL (described on the Internet at www RC6 (described on the Internet at theory.lcs.mit.edu/˜rivest/rc6.ps), serpent (described on the Internet at www.cl.cam.ac.uk/˜rja14/serpent.html), RC4 (described in Applied Cryptography, referred to above, at pp. 397-398), and SEAL (described in Applied Cryptography, referred to above, at pp. 398-400).
  • 2. A broadcast descrambler 110, which is preferably operatively associated with the local scrambling descrambler 100. The broadcast descrambler 110 is preferably operative to receive the output produced by the local scrambling descrambler 100 and to perform broadcast descrambling thereon.
  • 3. A local scrambler 120, which is preferably operatively associated with the broadcast descrambler 110 via a switch 140. When the switch 140 is set to send output from the broadcast descrambler 110 to the local scrambler 120, the local scrambler 120 is preferably operative to receive said output and to perform local scrambling thereon. It is appreciated that, depending on the information in the control information 160, the local scrambler 120 may alternatively take no scrambling action; in such a case the local scrambler 120 preferably produces output substantially identical to the input received by the local scrambler 120.
  • 4. A combined XEA decryptor and decode/decompressor (XDDC) 130, which is also preferably operatively associated with the broadcast descrambler 110 via the switch 140. When the switch 140 is set to send output from the broadcast descrambler 110 to the XDDC 130, the XDDC 130 is preferably operative to receive said output and to perform both XEA decryption and decoding/decompression thereon.
  • The attribute of operations being able to be performed only together, and not separately, is referred to in the present specification and claims as an “atomic operation”.
  • For example, decryption and decoding/decompression in the XDDC 130 comprise an atomic operation. The XDDC 130 is designed in such a way that the XDDC 130 must perform decoding and decompressing together. The XDDC 130 will not perform decoding alone, nor will the XDDC perform decompressing alone. Anti-tamper techniques, which are well known in the art, are preferably used to ensure the integrity of the XDDC 130.
  • The term “XEA”, as used throughout the present specification and claims refers to any appropriate encryption scheme. Nonlimiting examples of encryption schemes usable for XEA might preferably include Diffie-Hellman and El-Gamal. The key (also referred to herein as a “control word”) for XEA is preferably provided by a conditional access system broadcasting an entitlement control message, as is known in the art. A device (not shown in FIG. 1) such as a set-top box or PVR, in which the DCR 5 may preferably be comprised, receives the entitlement control message. Using techniques known in the art, the device (not shown in FIG. 1) derives the control word from the entitlement control message and provides the control word to the DCR 5.
  • 5. A plurality of switches, shown in FIG. 1 as the first switch 140 and the second switch 150 described above. As will be described in more detail below, the plurality of switches preferably also includes other switches (not shown in FIG. 1). Each of the plurality of switches is preferably set in accordance with control information 160 received by the DCR 5. The control information 160 is preferably determined, at least in part, by an owner or controller (not shown) of digital content (not shown in FIG. 1) sent to the DCR 5. In some preferred embodiments of the present invention, the control information 160 is also preferably determined, at least in part, based on input of a user of the DCR 5, requesting to make use of the digital content in a particular way. In some preferred embodiments of the present invention, the control information 160 is also preferably determined, at least in part, based on receiver policy. The control information 160 and the manner in which the plurality of switches are preferably set are described in more detail below.
  • It is appreciated that, depending on the information contained in the control information 160 and the scrambling state of the content, each of the local scrambling descrambler 100; the broadcast descrambler 110; the local scrambler 120; and the XDDC 130 in the system of FIG. 1 may be either preferably operational or non-operational. For example, and without limiting the generality of the foregoing, the local scrambling descrambler 100 may or may not perform local scrambling descrambling. Another non-limiting example would be that the local scrambler 120 may or may not perform local scrambling. It is appreciated that if any one or more of the local scrambling descrambler 100; the broadcast descrambler 110; the local scrambler 120; and the XDDC 130 are non-operational, data input into the non-operational element would be passed substantially unchanged as the output thereof.
  • Persons skilled in the art will appreciate that the DCR 5 also preferably comprises other components (not shown), which typically comprise conventional components well known in the art of content receivers. Non-limiting examples of such components include tuners, demultiplexers, and digital-to-analog converters.
  • The operation of the system of FIG. 1 is now briefly described.
  • Various modes of operation of the system of FIG. 1 are determined based on the control information 160 received by the DCR 5. Preferably, upon receiving a new item of digital content, the first switch 140 is set to 0 and the second switch 150 is set to 1, preventing any output from being produced by the DCR 5; this is intended to guarantee that output based on any particular item of digital content is controlled only on the basis of control information 160 associated with that item of digital content.
  • Persons skilled in the art will appreciate, as discussed above, that digital data is particularly valuable in its clear compressed format because a recipient without authorization can easily use clear compressed digital data. Furthermore, digital data in its clear compressed format is easily transmitted. Therefore, it is an object of the present invention, in certain preferred embodiments thereof, to prevent the output of clear compressed content when the control information 160 does not permit such output.
  • The following discussion, beginning with the description of FIG. 3 and until the end of the description of FIG. 10, relates to various implementations of systems comprising the DCR 5: Detailed description of the DCR 5 resumes with the description of FIG. 11. In FIGS. 3-10 and in the descriptions of FIGS. 3-10, in many cases, for ease of depiction and description, details of the DCR 5 are omitted.
  • Reference is now made to FIG. 3, which is a generalized block diagram illustration of a preferred implementation of the system of FIG. 1. In the system of FIG. 3, broadcast scrambled, XEA scrambled compressed content 250 is received as input by a device 310, comprising the DCR 5. Non-limiting examples of such the device 310 would be a set-top box (STB) or personal video recorder (PVR). In the implementation of FIG. 3, and based on the control information 160, the broadcast scrambled, XEA scrambled compressed content 250 bypasses the DCR 5 in order to be output as broadcast scrambled, XEA scrambled compressed content 250 to storage media (not shown in FIG. 3) comprised in a PVR 320. Persons skilled in the art will appreciate that the PVR 320 may comprise the same unit or may share components with the DCR 5, and is shown as a separate unit in FIG. 3 for illustrative purposes only.
  • Reference is now made to FIG. 4, which is a generalized block diagram illustration of an alternative preferred implementation of the system of FIG. 1. In the system of FIG. 4, in accordance with received control information 160, broadcast scrambled content 50 is input into a device 310, comprising the DCR 5. Non-limiting examples of the device 310 would be a STB or PVR. In the implementation of FIG. 4, and based on the control information 160, the broadcast scrambled content 50 is input to the broadcast descrambler 110, producing compressed clear digital content 30. The compressed clear digital content 30 is output from the system. Persons skilled in the art will appreciate that the implementation of FIG. 4 is useful when the broadcast scrambled content 50 comprises interactive television data and does not comprise valuable video content.
  • Reference is now made to FIG. 5, which is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1. In the system of FIG. 5, in accordance with received control information 160, broadcast scrambled, XEA scrambled compressed content 250 is input into the device 310, comprising the DCR 5. Non-limiting examples of the device 310 would be a STB or PVR. In the implementation of FIG. 5, and based on the control information 160, the broadcast scrambled content, XEA scrambled compressed content 250 is input to the broadcast descrambler 110, producing XEA scrambled compressed content 230.
  • The XEA scrambled compressed content 230 is then input into the XDDC 130, which, in an atomic operation, produces clear content 10. The clear content 10 thus produced is input into an analog television 510 for viewing.
  • Reference is now made to FIG. 6A, which is generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1. In the system of FIG. 6A, in accordance with received control information 160, broadcast scrambled, XEA scrambled compressed content 250 is input into the device 310 preferably comprising the DCR 5. Non-limiting examples of the device 310 would be a STB or PVR. Reference is now additionally made to FIG. 6B which is a generalized illustration of several elements which are preferably comprised in control information 160, useful for understanding FIG. 6A. Control information 160 preferably comprises: an owner or controller usage rule 610; a digital receiver policy 620; and user input 630.
  • In the implementation of FIG. 6A, at least one element of the owner or controller usage rule 610, and/or the digital receiver policy 620 prohibit decryption. In the implementation of FIG. 6A, the user attempts to use user input 630 of the control information 160 in order to override the decryption prohibition resulting from the combination of owner or controller usage rule 610 and the digital receiver policy 620.
  • In the implementation of FIG. 6A, and based on the control information 160, the broadcast scrambled content 250 is input to the broadcast descrambler 110, producing XEA scrambled compressed content 230. In the absence of any further control information, the XEA scrambled compressed content 230 output is not decrypted.
  • Lacking decryption, and in the absence of another means of performing XEA decryption, the XEA scrambled compressed content 230 output is rendered effectively useless.
  • Reference is now made to FIG. 7, which is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1. In the system of FIG. 7, in accordance with received control information 160, broadcast scrambled, XEA scrambled compressed content 250 is input into the device 310 comprising the DCR 5. Non-limiting examples of the device 310 would be a STB or PVR. In the implementation of FIG. 7, and based on the control information 160, the broadcast scrambled, XEA scrambled compressed content 250 is input to the broadcast descrambler 110, producing XEA scrambled compressed content 230.
  • The XEA scrambled compressed content 230 is input into the local scrambler 120 which outputs local scrambled, XEA scrambled compressed content 710. The local scrambled, XEA scrambled compressed content 710 is output by the device 310 and input into a digital television 720.
  • Within the digital television 720, in accordance with second generation control information 860, the local scrambled, XEA scrambled compressed content 710 is input into the local scrambling descrambler 730, producing XEA scrambled compressed content 230. The XEA scrambled compressed content 230 is input into the XDDC 130, which in an atomic operation produces clear content 10, suitable for viewing.
  • With reference to the second generation control information 860, it is appreciated that in all cases where there is control information 160 and second generation control information 860, the original control information 160 is preferably reflected in the second generation control information 860. Non-limiting examples of first generation control information 160 being reflected in second generation control information 860 would be, as discussed above, the DTCP specification basic copy states. A specific non-limiting example of the operation of first and second generation control information would be where first generation control information 160 allows copy once; in such a case, the second generation control information 860 for the copy would allow no further copying. Another specific non-limiting example would be where the first generation control information 160 allows copy freely; the second generation control information 860 would also allow copy freely.
  • Reference is now made to FIG. 8, which is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1. In the system of FIG. 8, in accordance with received control information 160, broadcast scrambled, XEA scrambled compressed content 250 is input into the device 310 comprising a DCR 5. A non-limiting example of the device 310 would be a STB or PVR. In the implementation of FIG. 8, and based on the control information 160, the broadcast scrambled, XEA scrambled compressed content 250 is input to the broadcast descrambler 110.
  • In accordance with the control information 160, the broadcast descrambler 110 takes no action. It is appreciated that the broadcast scrambler 110 preferably comprises an internal switch (not shown), which, based on the control information 160, is set to take no action. The broadcast scrambled, XEA scrambled compressed content 250 is input to the local scrambler 120. The local scrambler 120 outputs locally scrambled broadcast scrambled XEA scrambled compressed content 810. The locally scrambled broadcast scrambled XEA scrambled compressed content 810 is then output to a PVR 820. Persons skilled in the art will appreciate that the PVR 820 may comprise the same unit or may share components with the device 310, and is shown as a separate unit in FIG. 8 for illustrative purposes only. Should the PVR 820 comprise the same unit as the device 310, it is appreciated that the locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 would preferably comprise locally scrambled, broadcast scrambled, XEA scrambled compressed content 850.
  • The locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 is then input into a local scrambling descrambler 830, producing broadcast scrambled, XEA scrambled compressed content 250. The broadcast scrambled, XEA scrambled compressed content 250 is input into a broadcast descrambler 110.
  • In accordance with the second generation control information 860, the broadcast descrambler 110 takes no action, and the broadcast scrambled, XEA scrambled compressed content 250 is input to the local scrambler 120. Persons skilled in the art will appreciate that the second generation control information 860 preferably differs from the control information 160, as explained above in reference to FIG. 7. The local scrambler 120 outputs locally scrambled, broadcast scrambled, XEA scrambled compressed content 850. The locally scrambled, broadcast scrambled, XEA scrambled compressed content 850 is then stored on a PVR storage disk 840. The locally scrambled, broadcast scrambled, XEA scrambled compressed content 850 preferably differs from the locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 in that a different control word is preferably used in local scrambling.
  • With reference to the second generation control information 860, it is appreciated that in all cases where there is control information 160 and a second generation of control information 860, the original control information 160 is preferably reflected in the second generation of control information 860, as described above more fully with reference to FIG. 7.
  • Reference is now made to FIG. 9, which is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1. In the system of FIG. 9, in accordance with received control information 160, broadcast scrambled, XEA scrambled compressed content 250 is input into the device 310 comprising a DCR 5. A non-limiting example of the device 310 would be a STB or PVR. In the implementation of FIG. 9, and based on the control information 160, the broadcast scrambled, XEA scrambled compressed content 250 is input to the broadcast descrambler 110.
  • In accordance with the control information 160, the broadcast descrambler 110 takes no action, and the broadcast scrambled, XEA scrambled compressed content 250 is input to the local scrambler 120. The local scrambler 120 outputs locally scrambled, broadcast scrambled, XEA scrambled compressed content 810. The locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 is then output to a PVR 820. Persons skilled in the art will appreciate that the PVR 820 may be comprised in the device 310, or may reside externally thereto, as illustrated in FIG. 9. Should the PVR 820 comprise the same unit as the STB or PVR 310, it is appreciated that the broadcast scrambled, XEA scrambled compressed content 250 is input into the broadcast descrambler 110, producing XEA scrambled, compressed encrypted content 230. The XEA scrambled, compressed encrypted content 230 is then input directly into the local scrambler 120, producing locally scrambled, XEA scrambled compressed content 710, as described below.
  • In accordance with second generation control information 860, the locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 is then input into a local scrambling descrambler 830, producing broadcast scrambled, XEA scrambled compressed content 250. The broadcast scrambled, XEA scrambled compressed content 250 is input into a broadcast descrambler 110.
  • With reference to the second generation control information 860, it is appreciated that in all cases where there is control information 160 and a second generation of control information 860, the original control information 160 is preferably reflected in the second generation of control information 860, as described above more fully with reference to FIG. 7.
  • The broadcast descrambler 110 outputs XEA scrambled compressed content 230, which is input into a local scrambler 120. The local scrambler 120 produces locally scrambled, XEA scrambled compressed content 710 which is input into a digital television 720.
  • Within the digital television 720 the locally scrambled, XEA scrambled compressed content 710 is input into a local scrambling descrambler 730, producing XEA compressed content 230. The XEA compressed content 230 is input into the XDDC 130, which performs an atomic operation producing clear content 10 suitable for viewing.
  • Reference is now made to FIG. 10, which is a generalized block diagram illustration of another alternative preferred implementation of the system of FIG. 1. In the system of FIG. 10, in accordance with received control information 160, broadcast scrambled, XEA scrambled compressed content 250 is input into a device 310, comprising the DCR 5. Non-limiting examples of the device 310 would be a STB or PVR. In the implementation of FIG. 10, and based on the control information 160, the broadcast scrambled, XEA scrambled compressed content 250 is input to the broadcast descrambler 110.
  • In accordance with the control information 160, the broadcast descrambler 110 takes no action, and the broadcast scrambled, XEA scrambled compressed content 250 is input to the local scrambler 120. The local scrambler 120 outputs locally scrambled, broadcast scrambled, XEA scrambled compressed content 810. The locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 is then output to a PVR 820. Persons skilled in the art will appreciate that the PVR 820 may comprise the same unit or may share components with the device 310, and is shown as a separate unit in FIG. 10 for illustrative purposes only.
  • In accordance with second generation control information 860, the locally scrambled, broadcast scrambled, XEA scrambled compressed content 810 is then input into an local scrambling descrambler 830, producing broadcast scrambled, XEA scrambled compressed content 250. The broadcast scrambled, XEA scrambled compressed content 250 is input into a broadcast descrambler 110.
  • With reference to the second generation control information 860, it is appreciated that in all cases where there is control information 160 and a second generation of control information 860, the original control information 160 is preferably reflected in the second generation of control information 860, as described above more fully with reference to FIG. 7.
  • The broadcast descrambler 110 outputs XEA scrambled compressed content 230 which is input into the XDDC 130. The XDDC 130 performs an atomic operation outputting clear content 10, suitable for viewing on an analog television 510.
  • Referring back to FIG. 1, one skilled in the art will appreciate that the preferred modes of operation of the system of FIG. 1 comprise the following modes:
  • A. Permitted Modes
  • The term “permitted modes”, as used herein, refers to modes of operation of the system of FIG. 1, which are permitted by the owner or controller of the item of digital content received by the DCR 5.
      • I. Compressed encrypted content is to be output.
      • II. Clear uncompressed content is to be output.
      • III. Clear compressed content is to be output.
  • B. Default Mode, in the Absence of any Control Information
      • IV. No output is to be produced.
  • C. Forbidden Mode
      • V. Clear compressed content is attempted to be output, not in accordance with the control information 160.
  • Preferred modes of operation of the system of FIG. 1, in accordance with each of modes I-V, are now described in greater detail.
  • I. Compressed Encrypted Content is to be Output.
  • Reference is now additionally made to FIG. 11, which is a generalized block diagram illustration of the system of FIG. 1, illustrating a mode in which compressed encrypted content is output.
  • In the mode of operation shown in FIG. 11, locally scrambled, broadcast scrambled, compressed content 70 is input to the DCR 5. The broadcast scrambled, compressed content 70 is descrambled by the local scrambler descrambler 100 producing broadcast scrambled, compressed content 50.
  • The broadcast scrambled, compressed content 50 is descrambled by the broadcast descrambler 110, producing compressed clear digital content 30.
  • The first switch 140 is set in accordance with the control information 160 received by the DCR 5 to output compressed clear digital content 30 to the local scrambler 120. The local scrambler 120 scrambles the compressed clear digital content 30, producing compressed locally scrambled output 310.
  • The second switch 150 is set in accordance with control information 160 received by the DCR 5 to allow output of the compressed locally scrambled output 310.
  • It is appreciated that there exist in the mode of operation shown in FIG. 11 possible alternative inputs to the DCR 5. Inputs not depicted include: locally scrambled compressed content and broadcast scrambled compressed content. In the cases of locally scrambled compressed content and broadcast scrambled compressed content, in accordance with the control information 160, similarly to the case where locally scrambled, broadcast scrambled, compressed content 70 is input, the mode of operation shown in FIG. 11 produces compressed locally scrambled output 310.
  • II. Clear Uncompressed Content is to be Output.
  • Reference is now additionally made to FIG. 12, which is a generalized block diagram illustration of the system of FIG. 1, illustrating a mode in which clear uncompressed content is to be output.
  • In the mode of operation in FIG. 12, locally scrambled, broadcast scrambled, XEA scrambled compressed content 270 is input to the DCR 5. The locally scrambled, broadcast scrambled, XEA scrambled compressed content 270 is descrambled by the local scrambling descrambler 100 producing broadcast scrambled, XEA scrambled compressed content 250.
  • The broadcast scrambled, XEA scrambled compressed content 250 is descrambled by the broadcast descrambler 110, producing XEA scrambled compressed content 230.
  • The first switch 140 is set in accordance with control information 160 received by the DCR 5 to output the XEA scrambled compressed content 230 to the XDDC 130.
  • The XEA scrambled compressed content 230 is XEA decrypted and decompressed by the XDDC 130, which performs an atomic operation producing uncompressed clear content 10.
  • The second switch 150 is not relevant to the operation of producing uncompressed clear content 10; therefore, the setting of the second switch 150 is preferably not changed from the default position thereof.
  • It is appreciated that there exist in the mode of operation shown in FIG. 12 possible alternative inputs to the DCR 5. Inputs not depicted include: locally scrambled XEA scrambled compressed content and broadcast scrambled XEA scrambled compressed content. In the cases of locally scrambled XEA scrambled compressed content and broadcast scrambled XEA scrambled compressed content, in accordance with the control information 160, similarly to the case where locally scrambled, broadcast scrambled, XEA scrambled compressed content 270 is input, the mode of operation shown in FIG. 12 produces uncompressed clear content 10.
  • III. Clear Compressed Content is to be Output.
  • Reference is now additionally made to FIG. 13, which is a generalized block diagram illustration of the system of FIG. 1, illustrating a mode in which clear compressed content is to be output.
  • In the mode of operation in FIG. 13, locally scrambled, broadcast scrambled, compressed content 70 is input to the DCR 5. The locally scrambled, broadcast scrambled, compressed content 70 is descrambled by the local scrambling descrambler 100 producing broadcast scrambled, compressed content 50.
  • The broadcast scrambled, compressed content 50 is descrambled by the broadcast descrambler 110, producing compressed clear digital content 30.
  • The first switch 140 is set in accordance with control information 160 received by the DCR 5 to output compressed clear digital content 30 to the local scrambler 120. In accordance with control information 160 received by the DCR 5 and intended for the local scrambler 120, the local scrambler 120 does not scramble the compressed clear digital content 30; the local scrambler 120 preferably passes the received input as its output with no change. It is appreciated that the local scrambler 120 preferably comprises an internal switch (not shown), which in the present implementation is set to take no action.
  • The second switch 150 is set in accordance with control information 160 received by the DCR 5 to allow output of the compressed clear digital content 30.
  • It is appreciated that there exist in the mode of operation shown in FIG. 13 possible alternative inputs to the DCR 5. Inputs not depicted include: locally scrambled compressed content and broadcast scrambled compressed content. In the cases of locally scrambled compressed content and broadcast scrambled compressed content, in accordance with the control information 160, similarly to the case where locally scrambled, broadcast scrambled, compressed content 70 is input, the mode of operation shown in FIG. 13 produces compressed clear digital content 30.
  • IV. No Output is to be Produced.
  • Reference is now additionally made to FIG. 14, which is a generalized block diagram illustration of the system of FIG. 1, illustrating a mode in which no output is to be produced.
  • In the mode of operation in FIG. 14, locally scrambled, broadcast scrambled, compressed content 70 is input to the DCR 5. The locally scrambled, broadcast scrambled, compressed content 70 is descrambled by the local scrambling descrambler 100 producing broadcast scrambled, compressed content 50.
  • In the absence of valid control information 160 the broadcast scrambled, compressed content 50 is not descrambled by the broadcast descrambler 110, and is thus useless. Alternatively, if the control information 160 mandates local scrambling, the local scrambler 120 scrambles the broadcast scrambled, compressed content 50 producing locally scrambled, broadcast scrambled, compressed content 310.
  • It is appreciated that there exist in the mode of operation shown in FIG. 14 possible alternative inputs to the DCR 5. Inputs not depicted include: locally scrambled compressed content and broadcast scrambled compressed content. In the case of locally scrambled compressed content and broadcast scrambled compressed content, in the absence of valid control information 160, similarly to the case where locally scrambled, broadcast scrambled, compressed content 70 is input, the mode of operation shown in FIG. 14 produces no useful output.
  • V. Clear Compressed Content is Attempted to be Output, not in Accordance with the Control Information 160.
  • Reference is now additionally made to FIG. 15, which is a generalized block diagram illustration of the system of FIG. 1, illustrating a mode in which clear compressed content is attempted to be output, not in accordance with the control information 160. It is appreciated that substitute control information 1560 is input to the DCR 5 by a person attempting to produce output not in accordance with control information 160.
  • In the mode of operation in FIG. 15, locally scrambled, broadcast scrambled, XEA scrambled, compressed content 270 is input to the DCR 5. The locally scrambled, broadcast scrambled, XEA scrambled, compressed content 270 is descrambled by the local scrambling descrambler 100, which outputs broadcast scrambled, XEA scrambled, compressed content 250.
  • The broadcast scrambled, XEA scrambled, compressed content 250 is descrambled by the broadcast descrambler 110, producing XEA scrambled, compressed content 230.
  • The first switch 140 is set in accordance with substitute control information 1560 received by the DCR 5 to output XEA scrambled, compressed content 230 to the local scrambler 120. In accordance with the substitute control information 1560 received by the DCR 5 and directed to the local scrambler 120, the XEA scrambled, compressed content 230 bypasses the local scrambler 120. The local scrambler 120 thereby preferably outputs XEA scrambled, compressed content 230. The second switch 150, in the presence of substitute control information 1560 is set to 0, so that the DCR 5 outputs XEA scrambled, compressed content 230. However, the XEA scrambled, compressed encrypted content 230 is unusable because it bypassed the XDDC 130, and the XEA encryption was never removed.
  • Thus, the attempt to spoof the system of FIG. 15 by providing substitute control information 1560 is rendered futile.
  • It is appreciated that there exist in the mode of operation shown in FIG. 15 possible alternative inputs to the DCR 5. Inputs not depicted include: locally scrambled compressed content and broadcast scrambled compressed content. In the case of locally scrambled compressed content and broadcast scrambled compressed content, in accordance with the control information 160, similarly to the case where locally scrambled, broadcast scrambled, compressed content 70 is input, the mode of operation shown in FIG. 15 produces useless compressed encrypted output 230.
  • Reference is now made to FIG. 16, which is a simplified flowchart illustration of a preferred method of operation of the system of FIG. 1. The method of FIG. 16 preferably comprises the following steps:
  • Compressed digital content is received (step 810). If the rule referred to below in step 820 does not allow a clear compressed output format, the compressed encrypted digital content is provided in a form which prevents production of clear compressed output as explained below in step 830. For example, and without limiting the generality of the foregoing, if the rule does not allow clear compressed output, the compressed encrypted digital content is provided as XEA encrypted content, as described above in reference to FIG. 15.
  • An output format for the compressed digital content is determined, the output format being based, at least in part, on all of the following: a user-requested output format; received control information; and a rule determining whether a clear compressed output format is allowed (step 820).
  • Output is produced from the compressed digital content based on a result of step 820 (step 830). If the control information that does not permit clear compressed output has been replaced by unauthorized control information that permits clear compressed output, then the result of attempting to produce clear compressed will not be usable, as described above with reference to FIG. 15.
  • It is appreciated that various features of the invention which are, for clarity, described in the contexts of separate embodiments may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, described in the context of a single embodiment may also be provided separately or in any suitable subcombination.
  • It will be appreciated by persons skilled in the art that the present invention is not limited by what has been particularly shown and described hereinabove. Rather the scope of the invention is defined only by the claims which follow:

Claims (21)

1-47. (canceled)
48. A method for protecting digital content, the method comprising:
receiving compressed encrypted digital content;
determining an output format based, at least in part, on a rule determining whether a clear compressed output format is allowed; and
processing the compressed encrypted digital content so that any output produced will conform with the determined output format;
wherein, when the rule does not allow the clear compressed output format, (a) the compressed encrypted digital content is received in a form in which the compressed encrypted digital content has been encrypted by at least a first encryption method and a second encryption method, and (b) the processing step comprises a combination of decrypting in accordance with the second encryption method and decompressing, the decrypting and decompressing combination being an atomic operation so that the decrypting and decompressing can be performed only together and cannot be performed separately.
49. The method according to claim 48, wherein the processing step is performed in a hardware device.
50. The method according to claim 49,
wherein the hardware device is characterized by a device profile; and
wherein the determined output format is based, in part, on the device profile.
51. The method according to claim 49, wherein the determining step is performed in the hardware device.
52. The method according to claim 49, wherein a single integrated circuit comprises the hardware device.
53. The method according to claim 52, wherein a smart card comprises the single integrated circuit.
54. The method according to claim 48, further comprising:
rendering an output sensible to at least one human sense.
55. The method according to claim 54, wherein the rendering comprises at least one of the following: audio rendering; visual rendering; and audio/visual rendering.
56. The method according to claim 48, further comprising:
applying local scrambling to the content.
57. The method according to claim 48, wherein the determined output format is based, in part, on a digital content owner/controller usage rule, the digital content owner/controller usage rule comprising a copy control state selected from a group consisting of: (a) Copy Freely; (b) Copy One Generation; and (c) Copy Never.
58. An apparatus for protecting digital content, the apparatus comprising:
a digital content receiver for receiving compressed encrypted digital content;
an output format determination unit for determining an output format based, at least in part, on a rule determining whether a clear compressed output format is allowed; and
a processor for processing the compressed encrypted digital content so that any output produced will conform with the determined output format;
wherein, when the rule does not allow the clear compressed output format, (a) the compressed encrypted digital content is received in a form, in which the compressed encrypted digital content has been encrypted by at least a first encryption method and a second encryption method, and (b) the processing comprises a combination of decrypting in accordance with the second encryption method and decompressing, the decrypting and decompressing combination being an atomic operation so that the decrypting and decompressing can be performed only together and cannot be performed separately.
59. The apparatus according to claim 58, further comprising:
a hardware device;
wherein the hardware device comprises the processor.
60. The apparatus according to claim 59,
wherein the hardware device is characterized by a device profile, and
wherein the determined output format is based, in part, on the device profile.
61. The apparatus according to claim 59, wherein the hardware device further comprises the output format determination unit.
62. The apparatus according to claim 59, wherein a single integrated circuit comprises the hardware device.
63. The apparatus according to claim 62, wherein a smart card comprises the single integrated circuit.
64. The apparatus according to claim 58, further comprising: a rendering device for rendering an output sensible to at least one human sense.
65. The apparatus according to claim 64, wherein the rendering device comprises at least one of the following: an audio rendering device; a visual rendering device; and an audio/visual rendering device.
66. The apparatus according to claim 58, further comprising: a local scrambler for applying local scrambling to the content.
67. The apparatus according to claim 58 wherein the determined output format is based, in part, on a digital content owner/controller usage rule, the digital content owner/controller usage rule comprising a copy control state selected from a group consisting of: (a) Copy Freely; (b) Copy One Generation; and (c) Copy Never.
US12/930,304 2003-04-13 2011-01-03 System for securing access to data streams Abandoned US20110103582A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/930,304 US20110103582A1 (en) 2003-04-13 2011-01-03 System for securing access to data streams

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
IL155416 2003-04-13
IL15541603A IL155416A0 (en) 2003-04-13 2003-04-13 System for securing access to data streams
PCT/IL2003/000969 WO2004091132A1 (en) 2003-04-13 2003-11-16 System for securing access to data streams
US54791107A 2007-05-24 2007-05-24
US12/930,304 US20110103582A1 (en) 2003-04-13 2011-01-03 System for securing access to data streams

Related Parent Applications (2)

Application Number Title Priority Date Filing Date
PCT/IL2003/000969 Continuation WO2004091132A1 (en) 2003-04-13 2003-11-16 System for securing access to data streams
US54791107A Continuation 2003-04-13 2007-05-24

Publications (1)

Publication Number Publication Date
US20110103582A1 true US20110103582A1 (en) 2011-05-05

Family

ID=32697055

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/547,911 Active 2027-09-25 US8755523B2 (en) 2003-04-13 2003-11-16 System for securing access to data streams
US12/930,304 Abandoned US20110103582A1 (en) 2003-04-13 2011-01-03 System for securing access to data streams

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10/547,911 Active 2027-09-25 US8755523B2 (en) 2003-04-13 2003-11-16 System for securing access to data streams

Country Status (5)

Country Link
US (2) US8755523B2 (en)
EP (2) EP1602193A4 (en)
AU (1) AU2003279516A1 (en)
IL (1) IL155416A0 (en)
WO (1) WO2004091132A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140016777A1 (en) * 2012-07-12 2014-01-16 Elwha Llc Pre-Event Repository Associated with Individual Privacy and Public Safety Protection Via Double Encrypted Lock Box
US9042546B2 (en) 2012-10-16 2015-05-26 Elwha Llc Level-two encryption associated with individual privacy and public safety protection via double encrypted lock box
US9521370B2 (en) 2012-07-12 2016-12-13 Elwha, Llc Level-two decryption associated with individual privacy and public safety protection via double encrypted lock box
US9596436B2 (en) 2012-07-12 2017-03-14 Elwha Llc Level-one encryption associated with individual privacy and public safety protection via double encrypted lock box
US9825760B2 (en) 2012-07-12 2017-11-21 Elwha, Llc Level-two decryption associated with individual privacy and public safety protection via double encrypted lock box

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013141795A1 (en) 2012-03-19 2013-09-26 Ab Durgo A valve arrangement
CN106101754A (en) * 2016-06-21 2016-11-09 深圳创维数字技术有限公司 A kind of method and device protecting data transmission stream

Citations (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5742680A (en) * 1995-11-13 1998-04-21 E Star, Inc. Set top box for receiving and decryption and descrambling a plurality of satellite television signals
US5774548A (en) * 1995-09-05 1998-06-30 Hitachi, Ltd. Digital broadcast transmitting and receiving system and transmitting and receiving apparatus thereof
US5818934A (en) * 1996-12-18 1998-10-06 Phillips Electronics North America Corporation Method and apparatus for providing a cryptographically secure interface between the decryption engine and the system decoder of a digital television receiver
US5878135A (en) * 1996-11-27 1999-03-02 Thomson Consumer Electronics, Inc. Decoding system for processing encrypted broadcast, cable or satellite video data
US5933500A (en) * 1996-05-31 1999-08-03 Thomson Consumer Electronics, Inc. Adaptive decoding system for processing encrypted and non-encrypted broadcast, cable or satellite video data
US5964842A (en) * 1997-01-31 1999-10-12 Network Computing Devices, Inc. Method and apparatus for scaling data compression based on system capacity
US6016348A (en) * 1996-11-27 2000-01-18 Thomson Consumer Electronics, Inc. Decoding system and data format for processing and storing encrypted broadcast, cable or satellite video data
US6038321A (en) * 1996-08-08 2000-03-14 Laurel Intelligent Systems Co., Ltd. Data transfer method, communication system and storage medium
US6044157A (en) * 1996-03-08 2000-03-28 Matsushita Electric Industrial Co., Ltd. Microprocessor suitable for reproducing AV data while protecting the AV data from illegal copy and image information processing system using the microprocessor
US6122379A (en) * 1996-05-30 2000-09-19 Deloitte & Touche Inc. Method and apparatus for performing simultaneous data compression and encryption
US6222924B1 (en) * 1996-01-30 2001-04-24 Oy Nokia Ab Scrambling of digital media objects in connection with transmission and storage
US6266480B1 (en) * 1996-09-18 2001-07-24 Sony Corporation Apparatus and method for effectively inhibiting unauthorized copying of picture signals which does not interfere with an authorized display thereof
US6286103B1 (en) * 1998-10-02 2001-09-04 Canal+Societe Anonyme Method and apparatus for encrypted data stream transmission
US20010025340A1 (en) * 1997-06-19 2001-09-27 Marchant Brian E. Security apparatus for data transmission with dynamic random encryption
US20010033739A1 (en) * 1995-09-29 2001-10-25 Sony Corporation Apparatus and method for TV broadcast copy protection
US20020006204A1 (en) * 2001-06-27 2002-01-17 Paul England Protecting decrypted compressed content and decrypted decompressed content at a digital rights management client
US20020019939A1 (en) * 1999-12-20 2002-02-14 Hiroyasu Yamamoto Encryption display card
US6349138B1 (en) * 1996-06-14 2002-02-19 Lucent Technologies Inc. Method and apparatus for digital transmission incorporating scrambling and forward error correction while preventing bit error spreading associated with descrambling
US20020034264A1 (en) * 2000-05-25 2002-03-21 Vigil Armando J. Method for demodulating a digital signal subjected to multipath propagation impairment and an associated receiver
US20020037081A1 (en) * 2000-04-28 2002-03-28 David Rogoff Cryptographic key distribution system and method for digital video systems
US20020044656A1 (en) * 1999-10-13 2002-04-18 Brant L. Candelore Interfacing a conditional access circuit to a digital device using input and output stream switching
US20020044658A1 (en) * 1995-04-03 2002-04-18 Wasilewski Anthony J. Conditional access system
US20020056081A1 (en) * 1999-12-02 2002-05-09 Qualcomm Incorporated Apparatus and method for decoding digital image and audio signals
US6408076B1 (en) * 1997-03-06 2002-06-18 Lsi Logic Corporation Digital video broadcasting
US6411712B1 (en) * 1997-10-27 2002-06-25 Kabushiki Kaisha Toshiba Digital broadcast receiver
US6438693B1 (en) * 1997-09-30 2002-08-20 Sony Corporation Modular broadcast receiver system and memo
US6467093B1 (en) * 1998-02-04 2002-10-15 Sony Corporation Method and apparatus for receiving digital broadcasts
US20020150248A1 (en) * 2001-03-06 2002-10-17 Kovacevic Branko D. System for digital stream reception via memory buffer and method thereof
US20020196939A1 (en) * 2001-06-06 2002-12-26 Unger Robert Allan Decoding and decryption of partially encrypted information
US20020199206A1 (en) * 2001-03-13 2002-12-26 Helmut Schmitz Apparatus and method for transmitting audio and/or video data
US20030005449A1 (en) * 2001-06-29 2003-01-02 Mckenna Lee R. System and method for content delivery to lodging entertainment systems
US20030018917A1 (en) * 2001-07-23 2003-01-23 Brown Matthew W. Method and apparatus for delivering digital media using packetized encryption data
US20030026424A1 (en) * 2000-07-07 2003-02-06 Thales Broadcast & Multimedia, Inc. System, method and computer program product for delivery and utilization of content over a communications medium
US20030035540A1 (en) * 2001-08-17 2003-02-20 Martin Freeman System and method for hybrid conditional access for receivers of encrypted transmissions
US20030035543A1 (en) * 2001-08-15 2003-02-20 Gillon William M. System and method for conditional access key encryption
US20030158813A1 (en) * 2002-02-15 2003-08-21 Paul Vidich Method and apparatus for distributing multimedia programs
US20040076299A1 (en) * 2002-10-18 2004-04-22 Chung-E Wang Cryptography in data compression
US6981141B1 (en) * 1998-05-07 2005-12-27 Maz Technologies, Inc Transparent encryption and decryption with algorithm independent cryptographic engine that allows for containerization of encrypted files
US7069590B1 (en) * 2000-02-17 2006-06-27 Microsoft Corporation System and method for protecting data streams in hardware components
US7099472B2 (en) * 2000-07-20 2006-08-29 The Directv Group, Inc. Method and apparatus for securing digital video recording
US7295750B2 (en) * 2004-12-30 2007-11-13 Finisar Corporation Access key enabled update of an optical transceiver
US7334124B2 (en) * 2002-07-22 2008-02-19 Vormetric, Inc. Logical access block processing protocol for transparent secure file storage
US7336788B1 (en) * 1992-12-09 2008-02-26 Discovery Communicatoins Inc. Electronic book secure communication with home subsystem
US7536549B2 (en) * 2000-08-10 2009-05-19 Toshikazu Ishizaki Methods for generating a partially encrypted and compressed database and decrypting and decompressing the database
US7827293B2 (en) * 2000-03-01 2010-11-02 Printeron Inc. Secure network resource access system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0975165B1 (en) * 1994-07-08 2003-05-02 Sony Corporation Receiving controlled-access broadcast signals
EP0912052A1 (en) 1997-09-25 1999-04-28 CANAL+ Société Anonyme Method and apparatus for recording of encrypted digital data
DE69825611T2 (en) * 1997-10-02 2005-06-30 Canal + Technologies Method and apparatus for use in scrambled or scrambled transmission such as scrambled television broadcasting
JP4763866B2 (en) * 1998-10-15 2011-08-31 インターシア ソフトウェア エルエルシー Method and apparatus for protecting digital data by double re-encryption
AU2001249509A1 (en) * 2000-03-29 2001-10-08 Sony Electronics Inc. Transceiver system and method
US20040205812A1 (en) 2000-06-22 2004-10-14 Candelore Brant L. Method and apparatus for routing program data in a program viewing unit
US7295751B2 (en) * 2000-10-16 2007-11-13 Elbex Video Ltd. Method and apparatus for continuous feed of disks for recording digital video signals and authenticating the digitally recorded disks

Patent Citations (51)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7336788B1 (en) * 1992-12-09 2008-02-26 Discovery Communicatoins Inc. Electronic book secure communication with home subsystem
US20020044658A1 (en) * 1995-04-03 2002-04-18 Wasilewski Anthony J. Conditional access system
US5774548A (en) * 1995-09-05 1998-06-30 Hitachi, Ltd. Digital broadcast transmitting and receiving system and transmitting and receiving apparatus thereof
US20010033739A1 (en) * 1995-09-29 2001-10-25 Sony Corporation Apparatus and method for TV broadcast copy protection
US5742680A (en) * 1995-11-13 1998-04-21 E Star, Inc. Set top box for receiving and decryption and descrambling a plurality of satellite television signals
US6222924B1 (en) * 1996-01-30 2001-04-24 Oy Nokia Ab Scrambling of digital media objects in connection with transmission and storage
US6044157A (en) * 1996-03-08 2000-03-28 Matsushita Electric Industrial Co., Ltd. Microprocessor suitable for reproducing AV data while protecting the AV data from illegal copy and image information processing system using the microprocessor
US6122379A (en) * 1996-05-30 2000-09-19 Deloitte & Touche Inc. Method and apparatus for performing simultaneous data compression and encryption
US5933500A (en) * 1996-05-31 1999-08-03 Thomson Consumer Electronics, Inc. Adaptive decoding system for processing encrypted and non-encrypted broadcast, cable or satellite video data
US6349138B1 (en) * 1996-06-14 2002-02-19 Lucent Technologies Inc. Method and apparatus for digital transmission incorporating scrambling and forward error correction while preventing bit error spreading associated with descrambling
US6038321A (en) * 1996-08-08 2000-03-14 Laurel Intelligent Systems Co., Ltd. Data transfer method, communication system and storage medium
US6266480B1 (en) * 1996-09-18 2001-07-24 Sony Corporation Apparatus and method for effectively inhibiting unauthorized copying of picture signals which does not interfere with an authorized display thereof
US6016348A (en) * 1996-11-27 2000-01-18 Thomson Consumer Electronics, Inc. Decoding system and data format for processing and storing encrypted broadcast, cable or satellite video data
US5878135A (en) * 1996-11-27 1999-03-02 Thomson Consumer Electronics, Inc. Decoding system for processing encrypted broadcast, cable or satellite video data
US5818934A (en) * 1996-12-18 1998-10-06 Phillips Electronics North America Corporation Method and apparatus for providing a cryptographically secure interface between the decryption engine and the system decoder of a digital television receiver
US5964842A (en) * 1997-01-31 1999-10-12 Network Computing Devices, Inc. Method and apparatus for scaling data compression based on system capacity
US6408076B1 (en) * 1997-03-06 2002-06-18 Lsi Logic Corporation Digital video broadcasting
US20010025340A1 (en) * 1997-06-19 2001-09-27 Marchant Brian E. Security apparatus for data transmission with dynamic random encryption
US6438693B1 (en) * 1997-09-30 2002-08-20 Sony Corporation Modular broadcast receiver system and memo
US20020162105A1 (en) * 1997-09-30 2002-10-31 Sony Corporation Modular broadcast receiver system & method
US6411712B1 (en) * 1997-10-27 2002-06-25 Kabushiki Kaisha Toshiba Digital broadcast receiver
US6467093B1 (en) * 1998-02-04 2002-10-15 Sony Corporation Method and apparatus for receiving digital broadcasts
US20030037343A1 (en) * 1998-02-04 2003-02-20 Sony Corporation Method and apparatus for receiving digital broadcasts
US6981141B1 (en) * 1998-05-07 2005-12-27 Maz Technologies, Inc Transparent encryption and decryption with algorithm independent cryptographic engine that allows for containerization of encrypted files
US6286103B1 (en) * 1998-10-02 2001-09-04 Canal+Societe Anonyme Method and apparatus for encrypted data stream transmission
US20020044656A1 (en) * 1999-10-13 2002-04-18 Brant L. Candelore Interfacing a conditional access circuit to a digital device using input and output stream switching
US20020056081A1 (en) * 1999-12-02 2002-05-09 Qualcomm Incorporated Apparatus and method for decoding digital image and audio signals
US20020019939A1 (en) * 1999-12-20 2002-02-14 Hiroyasu Yamamoto Encryption display card
US7069590B1 (en) * 2000-02-17 2006-06-27 Microsoft Corporation System and method for protecting data streams in hardware components
US7827293B2 (en) * 2000-03-01 2010-11-02 Printeron Inc. Secure network resource access system
US20020037081A1 (en) * 2000-04-28 2002-03-28 David Rogoff Cryptographic key distribution system and method for digital video systems
US20020034264A1 (en) * 2000-05-25 2002-03-21 Vigil Armando J. Method for demodulating a digital signal subjected to multipath propagation impairment and an associated receiver
US20030026424A1 (en) * 2000-07-07 2003-02-06 Thales Broadcast & Multimedia, Inc. System, method and computer program product for delivery and utilization of content over a communications medium
US7099472B2 (en) * 2000-07-20 2006-08-29 The Directv Group, Inc. Method and apparatus for securing digital video recording
US7536549B2 (en) * 2000-08-10 2009-05-19 Toshikazu Ishizaki Methods for generating a partially encrypted and compressed database and decrypting and decompressing the database
US20020150248A1 (en) * 2001-03-06 2002-10-17 Kovacevic Branko D. System for digital stream reception via memory buffer and method thereof
US20020199206A1 (en) * 2001-03-13 2002-12-26 Helmut Schmitz Apparatus and method for transmitting audio and/or video data
US20030046686A1 (en) * 2001-06-06 2003-03-06 Candelore Brant L. Time division partial encryption
US20030021412A1 (en) * 2001-06-06 2003-01-30 Candelore Brant L. Partial encryption and PID mapping
US20020196939A1 (en) * 2001-06-06 2002-12-26 Unger Robert Allan Decoding and decryption of partially encrypted information
US20030026423A1 (en) * 2001-06-06 2003-02-06 Unger Robert Allan Critical packet partial encryption
US20020006204A1 (en) * 2001-06-27 2002-01-17 Paul England Protecting decrypted compressed content and decrypted decompressed content at a digital rights management client
US7239708B2 (en) * 2001-06-27 2007-07-03 Microsoft Corporation Protecting decrypted compressed content and decrypted decompressed content at a digital rights management client
US20030005449A1 (en) * 2001-06-29 2003-01-02 Mckenna Lee R. System and method for content delivery to lodging entertainment systems
US20030018917A1 (en) * 2001-07-23 2003-01-23 Brown Matthew W. Method and apparatus for delivering digital media using packetized encryption data
US20030035543A1 (en) * 2001-08-15 2003-02-20 Gillon William M. System and method for conditional access key encryption
US20030035540A1 (en) * 2001-08-17 2003-02-20 Martin Freeman System and method for hybrid conditional access for receivers of encrypted transmissions
US20030158813A1 (en) * 2002-02-15 2003-08-21 Paul Vidich Method and apparatus for distributing multimedia programs
US7334124B2 (en) * 2002-07-22 2008-02-19 Vormetric, Inc. Logical access block processing protocol for transparent secure file storage
US20040076299A1 (en) * 2002-10-18 2004-04-22 Chung-E Wang Cryptography in data compression
US7295750B2 (en) * 2004-12-30 2007-11-13 Finisar Corporation Access key enabled update of an optical transceiver

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140016777A1 (en) * 2012-07-12 2014-01-16 Elwha Llc Pre-Event Repository Associated with Individual Privacy and Public Safety Protection Via Double Encrypted Lock Box
US9521370B2 (en) 2012-07-12 2016-12-13 Elwha, Llc Level-two decryption associated with individual privacy and public safety protection via double encrypted lock box
US9596436B2 (en) 2012-07-12 2017-03-14 Elwha Llc Level-one encryption associated with individual privacy and public safety protection via double encrypted lock box
US9667917B2 (en) 2012-07-12 2017-05-30 Elwha, Llc Level-one encryption associated with individual privacy and public safety protection via double encrypted lock box
US9781389B2 (en) 2012-07-12 2017-10-03 Elwha Llc Pre-event repository associated with individual privacy and public safety protection via double encrypted lock box
US9825760B2 (en) 2012-07-12 2017-11-21 Elwha, Llc Level-two decryption associated with individual privacy and public safety protection via double encrypted lock box
US10277867B2 (en) * 2012-07-12 2019-04-30 Elwha Llc Pre-event repository associated with individual privacy and public safety protection via double encrypted lock box
US10348494B2 (en) 2012-07-12 2019-07-09 Elwha Llc Level-two decryption associated with individual privacy and public safety protection via double encrypted lock box
US9042546B2 (en) 2012-10-16 2015-05-26 Elwha Llc Level-two encryption associated with individual privacy and public safety protection via double encrypted lock box

Also Published As

Publication number Publication date
US20070297603A1 (en) 2007-12-27
EP1602193A1 (en) 2005-12-07
EP1602193A4 (en) 2009-11-04
AU2003279516A1 (en) 2004-11-01
US8755523B2 (en) 2014-06-17
WO2004091132A1 (en) 2004-10-21
EP2472897A1 (en) 2012-07-04
IL155416A0 (en) 2003-11-23

Similar Documents

Publication Publication Date Title
US20220021930A1 (en) Reduced Hierarchy Key Management System and Method
US8291236B2 (en) Methods and apparatuses for secondary conditional access server
KR101081160B1 (en) Method and apparatus for protecting the transfer of data
KR100735761B1 (en) Method and apparatus for securing control words
US8036382B2 (en) Conditional access system and method for prevention of replay attacks
US7634171B2 (en) PC-based personal video recorder
US7773752B2 (en) Circuits, apparatus, methods and computer program products for providing conditional access and copy protection schemes for digital broadcast data
US20050169473A1 (en) Multiple selective encryption with DRM
US20070294170A1 (en) Systems and methods for conditional access and digital rights management
US20110103582A1 (en) System for securing access to data streams
US8631430B2 (en) Enabling DRM-encrypted broadcast content through gateway into the home

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: NDS LIMITED, UNITED KINGDOM

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BEAUMARIS NETWORKS LLC;CISCO SYSTEMS INTERNATIONAL S.A.R.L.;CISCO TECHNOLOGY, INC.;AND OTHERS;REEL/FRAME:047420/0600

Effective date: 20181028