WO2002078341A2 - Interface protection system for protecting communications between integrated circuits - Google Patents

Interface protection system for protecting communications between integrated circuits Download PDF

Info

Publication number
WO2002078341A2
WO2002078341A2 PCT/US2002/008884 US0208884W WO02078341A2 WO 2002078341 A2 WO2002078341 A2 WO 2002078341A2 US 0208884 W US0208884 W US 0208884W WO 02078341 A2 WO02078341 A2 WO 02078341A2
Authority
WO
WIPO (PCT)
Prior art keywords
pseudo
interface
random number
utilizing
key
Prior art date
Application number
PCT/US2002/008884
Other languages
French (fr)
Inventor
Thomas Edward Horlander
Karl Francis Horlander
Original Assignee
Thomson Licensing S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing S.A. filed Critical Thomson Licensing S.A.
Publication of WO2002078341A2 publication Critical patent/WO2002078341A2/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/165Centralised control of user terminal ; Registering at central
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/436Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
    • H04N21/4367Establishing a secure communication between the client and a peripheral device or smart card
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/163Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Definitions

  • This present invention relates to a method for protecting an interface between two integrated circuits (ICs) on a printed circuit board (PCB).
  • ICs integrated circuits
  • PCB printed circuit board
  • Conditional access (CA) systems are well known. Conditional access systems allow access to services (e.g., television, internet, etc.) based on payment and/or other requirements, such as authorization, identification and registration.
  • services e.g., television, internet, etc.
  • a user subscriber enters into a service agreement with a service provider to obtain access rights.
  • a typical CA system includes a source of content and entitlement messages, a receiving device, such as a set top box (STB), and a display device for the content, such as a digital television (DTN).
  • STB set top box
  • DTN digital television
  • the content and entitlement messages are typically encrypted before they are transmitted to the receiving device.
  • the STB includes a printed circuit board (PCB) with at least one integrated circuit (IC) disposed thereon for carrying out the various functions of the STB (e.g., decryption of content, etc.).
  • the STB also typically includes a smart card which is coupled to the IC through an interface.
  • the IC receives an input data stream which includes encrypted data and entitlement messages.
  • the IC separates the encrypted data from the entitlement messages and sends the entitlement messages to the smart card.
  • the entitlement messages are deciphered to extract a decryption key or keys for decrypting the encrypted data stream.
  • the decryption key(s) are typically in the Data Encryption Standard (DES) format, but may exist in any suitable format (e.g., Advanced Encryption Standard (AES), etc.).
  • the decryption key(s) are then returned to the IC to decrypt the encrypted input data stream.
  • the decryption key(s) are typically sent from the smart card to the IC 'in the clear' (i.e., not encrypted), and thus may be easily accessed by hackers.
  • the STB includes a PCB with at least two ICs disposed thereon for carrying out the various functions ofthe STB (e.g., decryption of content, etc.).
  • a first IC typically contains a Central Processing Unit (CPU) for, among other functions, assisting in the decryption of content (the 'transport' IC).
  • a second IC typically contains security data (the 'security' IC) such as keys for decryption.
  • the security IC provides an additional measure of protection, as opposed to the first conventional embodiment.
  • the 'security' IC and the 'transport' IC are typically coupled to each other by a first interface.
  • the STB also typically includes a smart card which is coupled to the transport IC through a second interface.
  • the transport IC receives an input data stream which includes encrypted data and entitlement messages.
  • the transport IC then separates the encrypted data from the entitlement messages and sends the entitlement messages to the smart card.
  • the entitlement messages are deciphered to extract a decryption key or keys for decrypting the encrypted data stream.
  • the decryption key(s) are typically in the DES format, but may exist in any suitable format (e.g., Advanced Encryption Standard (AES), etc.).
  • the decryption key(s) are then returned to the transport IC to decrypt the encrypted data.
  • the key(s) are re-encrypted before they are returned to the transport IC (i.e., they are not sent 'in the clear').
  • the re-encrypted keys are then routed to the security IC across the second interface.
  • the security IC decrypts the key(s) and returns them to the transport IC 'in the clear' across the second interface.
  • the key(s) are used in the transport IC to decrypt the encrypted input data stream.
  • Entitlement control messages carry descrambling keys (sometimes referred to as 'control words') and a brief description ofthe program (e.g., program number, date, time, cost, etc.).
  • Entitlement management messages specify the service-related authorization levels (e.g., indicating the type of service, the duration ofthe service, etc.).
  • the EMMs can be distributed on the same channel as the service, or may be sent on a separate channel, such as a telephone line.
  • the ECMs are typically multiplexed and sent with the associated program.
  • the received portions thereof are decrypted and displayed on the DTV or other equivalent display device.
  • the decryption key(s) are sent 'in the clear' over the interface between the IC and the smart card.
  • present interface protection methods require a key (or secret) to be stored at one or both ends ofthe interface (e.g., in a nonvolatile memory within the IC or the smart card or both). If these key(s) are the same across all STBs (as is commonly the case), security is compromised in the event that a hacker gains access to one of these keys. In particular, the hacker can use the key to discover the decryption keys used to decrypt the data stream for all STBs.
  • the hacker can use the key to discover the decryption keys used to decrypt the data stream for all STBs.
  • Making a key or keys unique to each STB presently involves the addition of a non-volatile memory unit to the IC for storing the key(s). While this approach addresses the security problem, it also increases the cost and complicates the production and handling ofthe IC.
  • interface protection system and method which provides security without requiring a key (or secret) to be stored at either end ofthe interface.
  • the present invention is a method for protecting a communications interface between a first device and a second device, including, generating at least one pseudo-random number in a first device, and encrypting a content stream sent from a second device to the first device utilizing the at least one pseudo-random number.
  • the present invention also comprises an interface protection system including a first device including a pseudo-random number generator, a second device, and an interface coupling the first and second devices together to permit transfer of information therebetween.
  • the present invention comprises a conditional access system including a content transmitting device and a content receiving device, wherein the content receiving device includes a ring oscillator and a random number generator for protecting transmissions across an interface ofthe content receiving device.
  • the present invention comprises a receiver including a first integrated circuit including a ring oscillator and a pseudo-random number generator, a second integrated circuit, and an interface coupling the first and second integrated circuits, wherein the ring oscillator and the pseudo-random number generator collectively generate at least one pseudorandom number for encrypting communications between the first and second integrated circuits across the interface.
  • the present invention comprises a method for protecting a communications interface between a first device and a second device, including generating at least one key pair in a first device, and encrypting a content stream sent from a second device to the first device utilizing a first key ofthe at least one key pair.
  • Figure 1 is a block diagram showing an interface protection system according to an exemplary embodiment ofthe present invention.
  • the present invention provides a mechanism to cryptographically protect an interface, such as an interface between integrated circuits (ICs) in set top box (STB) deployed/used in a conditional access (CA) system.
  • An interface between the ICs in the STB may be protected by a key or keys which are generated by one ofthe ICs.
  • the key is preferably unique to each set of ICs, and may be changed at regular intervals (e.g., every 3 seconds) to ensure the interface remains secure.
  • the interface may be further protected through the use of secure key exchange method.
  • a secret (e.g., pseudo-random number) generated locally at a receiver is utilized to protect an interface between ICs ofthe receiver.
  • the pseudo-random number is preferably generated in one ofthe ICs ofthe receiver, and used to generate a cryptographic (preferably a public key of a public/private key pair) key which is then later transmitted to the other ofthe ICs.
  • the transmission ofthe cryptographic key between ICs is preferably accomplished by a secure key transmission algorithm such as the Diffie-Hellman algorithm.
  • the Diffie-Hellman algorithm is well known to those of ordinary skill in the cryptographic art. It permits a piece of information (in this case a cryptographic key generated from the pseudo-random number) to move from one device to another over an interface without ever placing the information itself onto the interface.
  • FIG. 1 shows a block diagram of an interface protection system 100 according to an exemplary embodiment ofthe present invention.
  • the system 100 comprises a printed circuit board (PCB) 110, which includes a first integrated circuit (IC) 120 ('transport' IC), and a second IC 130 ('security' IC).
  • the PCB is preferably an integral part of a STB, but those of ordinary skill in the art will note that the PCB may be part of any system.
  • An interface 125 between the first and second ICs 120, 130 provides a conduit for the sharing of information between the ICs.
  • the interface 125 may comprise a series of electrical traces on the PCB, or any other equivalent interface.
  • the first IC 120 includes a security central processing unit (CPU) 135 coupled to the interface 125.
  • CPU central processing unit
  • the first IC 120 also includes a Read-Only Memory (ROM) 140, a ring oscillator 145, a pseudo-random number generator 150, an interface protection key register 155, a counter 160, a security chip interface circuit 165, a Content Protection Control Word (CPCW) keys register 170, and a Control Word (CW) keys register 175.
  • ROM Read-Only Memory
  • ring oscillator 145 a pseudo-random number generator 150
  • an interface protection key register 155 a counter 160
  • a security chip interface circuit 165 a Content Protection Control Word (CPCW) keys register 170
  • CW Control Word
  • a Voltage Controlled Oscillator (VCXO) 210 which may on the PCB 110 or external to the PCB, provides a clock signal to the counter 160.
  • the CPCW keys stored in the CPCW keys register 170 are preferably used to protect content stored on a hard disk drive (HDD) 220 external to the PCB 110.
  • the first IC 120 also includes a demultiplexer 180, a broadband decrypt circuit 185, a hard disk drive (HDD) decrypt circuit 186, an HDD encrypt circuit 187, and a clock recovery circuit 190.
  • the demultiplexer 180 includes a first input for receiving cable, satellite, terrestrial line, DSL, or other broadband data ('broadband data'), and a second input for receiving data from a hard disk drive (HDD) 220. No matter what the source ofthe input data (e.g., cable/satellite/terrestrial line/DSL or HDD), the entitlement data (e.g., EMMs, ECMs, etc.) is separated from the A/V data and routed to separate portions ofthe first IC 120.
  • the source ofthe input data e.g., cable/satellite/terrestrial line/DSL or HDD
  • the entitlement data e.g., EMMs, ECMs, etc.
  • Time stamp signals are also issued from the demultiplexer 180 corresponding to each new set of input data which is received. These time stamp signals are applied to the clock recovery circuit 190 and used to lock the local system clock ofthe PCB 110 to the system clock ofthe transmitter (e.g., cable sub-station, satellite, etc.).
  • the transmitter e.g., cable sub-station, satellite, etc.
  • the clock recovery circuit 190 it will be noted by those skilled in the art that a digital encoder at the transmitter has a specific system reference clock. Further, the transmitted broadband data packets contain a time stamp reference related to the state ofthe encoder system reference clock at the time of transmission.
  • a local counter on the PCB 110 clocked by the NCXO 210 (system clock), is sampled at the moment a packet carrying a reference time stamp is received at the PCB 110. The sample ofthe local counter and the received reference time stamp are then compared in the clock recovery circuit 190 to determine whether the system clock (NCXO 210) is running faster or slower than the encoder system clock.
  • the difference signal is then used to either increase or decrease the local system clock rate and, and thus lock the local system clock to the encoder system clock. Locking the local and encoder system clocks insures that data is consumed at the proper rate to prevent buffer overflow or underflow failure conditions at the receiver (e.g., PCB 110).
  • the receiver e.g., PCB 110
  • an equal delay system such as terrestrial or satellite transmission.
  • other buffering or network de-jittering mechanisms should be employed to either recover the reference clock or manage the consumption of data and minimize the likelihood of buffer management errors.
  • the second IC 130 contains the security information necessary to decrypt encrypted keys (e.g., CWs, CPCWs) transmitted to the security CPU 135 from a smart card 200.
  • the smart card 200 is external to the PCB 110, and may be coupled thereto through an interface.
  • Control Words will typically be utilized to decrypt the data.
  • CPCWs Copy Protection Control Words
  • the process proceeds as follows.
  • data is received by the first IC 120, such data is demultiplexed at demultiplexer 180 to separate the Audio/Visual (A/V) data from the entitlement data (e.g., EMMs, ECMs, etc.).
  • the entitlement data is then transmitted to the smart card 200 where it is deciphered to generate keys for decrypting the A/V data.
  • decryption keys referenced in Figure 1 as 'smart card encrypted keys'
  • CWs Control Words
  • the security CPU 135 passes the encrypted decryption keys (CWs) on to the second IC 130 through security chip interface circuit 165 and IC interface 125.
  • the second IC 130 first decrypts the CWs to generate CWs 'in the clear' within the second IC 130.
  • the second IC 130 will then use the Diffie-Hellman secure key exchange algorithm over interface 125 to communicate the decrypted keys to the first IC 120.
  • the security CPU 135 in the first IC 120 will execute code stored in ROM 140 to effect the Diffie- Hellman key exchange algorithm.
  • the CWs transmitted to the first IC 120 are preferably stored in the CW keys register 175 for later use in the decryption of A/V content.
  • the ROM 140 contains the algorithms executed by the security CPU 135 to decrypt the CWs. If Diffie-Hellman key exchange is used to protect the interface 125, then it will be the security CPU 135 that implements the Diffie-Hellman key exchange algorithm. If RSA or PGP are used to protect the data traveling from the second IC 130 to the first IC 120 then the RSA or PGP decryption algorithm will run on the security CPU 135. In order to substantially prevent a hacker from taking control ofthe security CPU 135, the security CPU is only able to execute code from the ROM 140.
  • the process proceeds as follows.
  • data is received by the first IC 120, such data is demultiplexed at demultiplexer 180 to separate the Audio/Visual (A/V) data from the entitlement data (e.g., EMMs, ECMs, etc.).
  • the entitlement data is then transmitted to the smart card 200 where it is deciphered to generate keys for decrypting the A/V data.
  • decryption keys referenced in Figure 1 as 'smart card encrypted keys'
  • CPCWs Copy Protection Control Words
  • the security CPU 135 then passes the encrypted decryption keys
  • CPCWs on to the second IC 130 through security chip interface circuit 165 and IC interface 125.
  • the second IC 130 first decrypts the CPCWs to generate CPCWs 'in the clear' within the second IC 130.
  • the second IC 130 will then use the Diffie-Hellman secure key exchange algorithm over interface 125 to communicate the decrypted keys to the first IC 120.
  • the security CPU 135 in the first IC 120 will execute code stored in ROM 140 to effect the Diffie- Hellman key exchange algorithm.
  • the CPCWs transmitted to the first IC 120 are preferably stored in the CPCW keys register 170 for later use in the decryption of A/V content.
  • the ROM 140 contains the algorithms executed by the security CPU 135 to decrypt the CPCWs. If Diffie-Hellman key exchange is used to protect the interface 125, then it will be the security CPU 135 that implements the Diffie-Hellman key exchange algorithm. If RSA or PGP are used to protect the data traveling from the second IC 130 to the first IC 120 then the RSA or PGP decryption algorithm will run on the security CPU 135. In order to substantially prevent a hacker from taking control ofthe security CPU 135, the security CPU is only able to execute code from the ROM 140.
  • the ring oscillator 145 and the pseudo-random number generator 150 are two important elements ofthe above-described interface protection system 100.
  • the ring oscillator 145 produces a clock signal with a frequency that is a function ofthe process used when the first IC 120 was manufactured, and the voltage and temperature applied to the first IC when implemented in the interface protection system 100.
  • ambient noise on the PCB 110 provides for an initialization of one ofthe inverters ofthe ring oscillator 145.
  • the succeeding inverter provides and opposing signal (e.g., zero Volts) and so on until a continuous clock signal is generated.
  • the three values which determine the parameters ofthe clock signal ofthe ring oscillator 145 e.g., process type, voltage and temperature
  • the ring oscillator 145 provides a level of uniqueness for each IC 120 and PCB 110. Since the pseudo-random number generator 150 generates pseudorandom numbers based on the clock signal ofthe ring oscillator 145, providing a unique clock signal produces a unique generation of pseudo-random numbers.
  • the pseudo-random number generator 150 is not reset to a known value (e.g., 0) during power up or reset.
  • a known value e.g., 0
  • the repeat cycle count (i.e., the time between repeated numbers) ofthe pseudo-random sequence can be made as long as required to ensure a good key value for the protection ofthe interface.
  • the pseudo-random number generator 150 may be sampled at fixed intervals as measured by the system clock (produced by VCXO 210) of the first IC 120. As the pseudo- random numbers are sampled by the system clock they are placed into the interface protection key register 155. It will be noted that the pseudo-random number produced by the pseudorandom number generator 150 comprises a temporary secret stored in the first IC 120, and is typically not communicated outside the first IC. The generated pseudo-random numbers may be utilized directly or indirectly by the security CPU 135 to generate a public/private key pair for an asymmetric encryption algorithm (e.g., Pretty Good Privacy (PGP), Rivest Shamir Adelman (RSA), etc.).
  • PGP Pretty Good Privacy
  • RSA Rivest Shamir Adelman
  • the public key generated by the security CPU 135 will be sent from the first IC 120 to the second IC 130 over the interface 125.
  • the second IC 130 may then use the public key to encrypt CWs and CPCWs sent back from the second IC to the first IC 120.
  • the private key will be used in the first IC 120 to decrypt the encrypted CWs and CPCWs transmitted from the second IC 130. Since the private key will not be known outside the first IC 120, the interface 125 remains as secure as the encryption algorithm.
  • a pseudo-random number generator 145 to create return path unique keys
  • other equivalent state machines may also be used.
  • a counter could be clocked by the output ofthe ring oscillator and used to generate key values.

Abstract

A method for protecting a communications interface between a first device and a second device, including, generating at least one pseudo-random number in a first device, and encrypting a content stream sent from a second device to the first device utilizing the at least one pseudo-random number.

Description

INTERFACE PROTECTION SYSTEM FOR PROTECTING COMMUNICATIONS
BETWEEN INTEGRATED CIRCUITS
RELATED APPLICATIONS The present application claims priority under 35 U.S.C. § 120 of U.S. Provisional
Application 60/277,486, filed March 21, 2001.
FIELD OF THE INVENTION
This present invention relates to a method for protecting an interface between two integrated circuits (ICs) on a printed circuit board (PCB).
BACKGROUND OF THE INVENTION
Conditional access (CA) systems are well known. Conditional access systems allow access to services (e.g., television, internet, etc.) based on payment and/or other requirements, such as authorization, identification and registration. In a CA system, a user (subscriber) enters into a service agreement with a service provider to obtain access rights.
Conventional CA systems include cable, satellite, and terrestrial broadcast systems. A typical CA system includes a source of content and entitlement messages, a receiving device, such as a set top box (STB), and a display device for the content, such as a digital television (DTN). As is well known, the content and entitlement messages are typically encrypted before they are transmitted to the receiving device.
In a first conventional CA system, the STB includes a printed circuit board (PCB) with at least one integrated circuit (IC) disposed thereon for carrying out the various functions of the STB (e.g., decryption of content, etc.). The STB also typically includes a smart card which is coupled to the IC through an interface. The IC receives an input data stream which includes encrypted data and entitlement messages. The IC separates the encrypted data from the entitlement messages and sends the entitlement messages to the smart card. In the smart card, the entitlement messages are deciphered to extract a decryption key or keys for decrypting the encrypted data stream. The decryption key(s) are typically in the Data Encryption Standard (DES) format, but may exist in any suitable format (e.g., Advanced Encryption Standard (AES), etc.). The decryption key(s) are then returned to the IC to decrypt the encrypted input data stream. The decryption key(s) are typically sent from the smart card to the IC 'in the clear' (i.e., not encrypted), and thus may be easily accessed by hackers.
In a second conventional CA system, the STB includes a PCB with at least two ICs disposed thereon for carrying out the various functions ofthe STB (e.g., decryption of content, etc.). A first IC typically contains a Central Processing Unit (CPU) for, among other functions, assisting in the decryption of content (the 'transport' IC). A second IC typically contains security data (the 'security' IC) such as keys for decryption. As will be noted from the foregoing discussion, the security IC provides an additional measure of protection, as opposed to the first conventional embodiment. The 'security' IC and the 'transport' IC are typically coupled to each other by a first interface. This interface may comprise a series of electrical traces on the PCB, or may be some other equivalent interface. As in the first conventional embodiment, the STB also typically includes a smart card which is coupled to the transport IC through a second interface. The transport IC receives an input data stream which includes encrypted data and entitlement messages. The transport IC then separates the encrypted data from the entitlement messages and sends the entitlement messages to the smart card. In the smart card, the entitlement messages are deciphered to extract a decryption key or keys for decrypting the encrypted data stream. As with the first conventional embodiment, the decryption key(s) are typically in the DES format, but may exist in any suitable format (e.g., Advanced Encryption Standard (AES), etc.). The decryption key(s) are then returned to the transport IC to decrypt the encrypted data. However, in the second conventional embodiment the key(s) are re-encrypted before they are returned to the transport IC (i.e., they are not sent 'in the clear'). The re-encrypted keys are then routed to the security IC across the second interface. The security IC decrypts the key(s) and returns them to the transport IC 'in the clear' across the second interface. Finally, the key(s) are used in the transport IC to decrypt the encrypted input data stream.
As mentioned above, the information or content (e.g., television program, movie, etc.) and the entitlement messages transmitted to the STB are protected (e.g., encrypted) before they are delivered to the subscriber. Presently, there are two (2) types of entitlement messages associated with each program or service. Entitlement control messages (ECMs) carry descrambling keys (sometimes referred to as 'control words') and a brief description ofthe program (e.g., program number, date, time, cost, etc.). Entitlement management messages (EMMs) specify the service-related authorization levels (e.g., indicating the type of service, the duration ofthe service, etc.). The EMMs can be distributed on the same channel as the service, or may be sent on a separate channel, such as a telephone line. As mentioned above, the ECMs are typically multiplexed and sent with the associated program.
As described above with reference to the first and second conventional embodiments, as a program (input data stream) is received at the STB, the received portions thereof are decrypted and displayed on the DTV or other equivalent display device.
In the first conventional embodiment described above, the decryption key(s) are sent 'in the clear' over the interface between the IC and the smart card. Various methods presently exist for protecting content passing back and forth across the smart card/IC interface. However, present interface protection methods require a key (or secret) to be stored at one or both ends ofthe interface (e.g., in a nonvolatile memory within the IC or the smart card or both). If these key(s) are the same across all STBs (as is commonly the case), security is compromised in the event that a hacker gains access to one of these keys. In particular, the hacker can use the key to discover the decryption keys used to decrypt the data stream for all STBs.
In the second conventional embodiment described above, information and content must be transmitted back and forth over the second interface between the transport IC and the security IC before the program is displayed on the DTN. Various methods presently exist for protecting content passing back and forth across an interface between ICs in a STB. However, present interface protection methods require a key (or secret) to be stored at one or both ends ofthe interface (e.g., in a nonvolatile memory within the transport IC or the security IC or both). As noted above, if these key(s) are the same across all STBs (as is commonly the case), security is compromised in the event that a hacker gains access to one of these keys. In particular, the hacker can use the key to discover the decryption keys used to decrypt the data stream for all STBs. Making a key or keys unique to each STB presently involves the addition of a non-volatile memory unit to the IC for storing the key(s). While this approach addresses the security problem, it also increases the cost and complicates the production and handling ofthe IC. Thus, there is presently a need for interface protection system and method which provides security without requiring a key (or secret) to be stored at either end ofthe interface.
SUMMARY OF THE INVENTION
The present invention is a method for protecting a communications interface between a first device and a second device, including, generating at least one pseudo-random number in a first device, and encrypting a content stream sent from a second device to the first device utilizing the at least one pseudo-random number.
The present invention also comprises an interface protection system including a first device including a pseudo-random number generator, a second device, and an interface coupling the first and second devices together to permit transfer of information therebetween.
Further, the present invention comprises a conditional access system including a content transmitting device and a content receiving device, wherein the content receiving device includes a ring oscillator and a random number generator for protecting transmissions across an interface ofthe content receiving device.
Additionally, the present invention comprises a receiver including a first integrated circuit including a ring oscillator and a pseudo-random number generator, a second integrated circuit, and an interface coupling the first and second integrated circuits, wherein the ring oscillator and the pseudo-random number generator collectively generate at least one pseudorandom number for encrypting communications between the first and second integrated circuits across the interface.
Finally, the present invention comprises a method for protecting a communications interface between a first device and a second device, including generating at least one key pair in a first device, and encrypting a content stream sent from a second device to the first device utilizing a first key ofthe at least one key pair. BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram showing an interface protection system according to an exemplary embodiment ofthe present invention.
DETAILED DESCRIPTION
The present invention provides a mechanism to cryptographically protect an interface, such as an interface between integrated circuits (ICs) in set top box (STB) deployed/used in a conditional access (CA) system. An interface between the ICs in the STB may be protected by a key or keys which are generated by one ofthe ICs. The key is preferably unique to each set of ICs, and may be changed at regular intervals (e.g., every 3 seconds) to ensure the interface remains secure. The interface may be further protected through the use of secure key exchange method.
In the present invention a secret (e.g., pseudo-random number) generated locally at a receiver is utilized to protect an interface between ICs ofthe receiver. The pseudo-random number is preferably generated in one ofthe ICs ofthe receiver, and used to generate a cryptographic (preferably a public key of a public/private key pair) key which is then later transmitted to the other ofthe ICs. The transmission ofthe cryptographic key between ICs is preferably accomplished by a secure key transmission algorithm such as the Diffie-Hellman algorithm. The Diffie-Hellman algorithm is well known to those of ordinary skill in the cryptographic art. It permits a piece of information (in this case a cryptographic key generated from the pseudo-random number) to move from one device to another over an interface without ever placing the information itself onto the interface.
Figure 1 shows a block diagram of an interface protection system 100 according to an exemplary embodiment ofthe present invention. The system 100 comprises a printed circuit board (PCB) 110, which includes a first integrated circuit (IC) 120 ('transport' IC), and a second IC 130 ('security' IC). As described herein the PCB is preferably an integral part of a STB, but those of ordinary skill in the art will note that the PCB may be part of any system. An interface 125 between the first and second ICs 120, 130 provides a conduit for the sharing of information between the ICs. The interface 125 may comprise a series of electrical traces on the PCB, or any other equivalent interface. The first IC 120 includes a security central processing unit (CPU) 135 coupled to the interface 125. The first IC 120 also includes a Read-Only Memory (ROM) 140, a ring oscillator 145, a pseudo-random number generator 150, an interface protection key register 155, a counter 160, a security chip interface circuit 165, a Content Protection Control Word (CPCW) keys register 170, and a Control Word (CW) keys register 175. A Voltage Controlled Oscillator (VCXO) 210, which may on the PCB 110 or external to the PCB, provides a clock signal to the counter 160. The CPCW keys stored in the CPCW keys register 170 are preferably used to protect content stored on a hard disk drive (HDD) 220 external to the PCB 110. The CW keys stored in the CW keys register 170 are preferably used to decrypt broadband data which comes into the PCB 110 from a cable, satellite, terrestrial line, Digital Subscriber Line (DSL), or other broadband data input source.
The first IC 120 also includes a demultiplexer 180, a broadband decrypt circuit 185, a hard disk drive (HDD) decrypt circuit 186, an HDD encrypt circuit 187, and a clock recovery circuit 190. The demultiplexer 180 includes a first input for receiving cable, satellite, terrestrial line, DSL, or other broadband data ('broadband data'), and a second input for receiving data from a hard disk drive (HDD) 220. No matter what the source ofthe input data (e.g., cable/satellite/terrestrial line/DSL or HDD), the entitlement data (e.g., EMMs, ECMs, etc.) is separated from the A/V data and routed to separate portions ofthe first IC 120. Time stamp signals are also issued from the demultiplexer 180 corresponding to each new set of input data which is received. These time stamp signals are applied to the clock recovery circuit 190 and used to lock the local system clock ofthe PCB 110 to the system clock ofthe transmitter (e.g., cable sub-station, satellite, etc.).
Referring to the clock recovery circuit 190, it will be noted by those skilled in the art that a digital encoder at the transmitter has a specific system reference clock. Further, the transmitted broadband data packets contain a time stamp reference related to the state ofthe encoder system reference clock at the time of transmission. A local counter on the PCB 110, clocked by the NCXO 210 (system clock), is sampled at the moment a packet carrying a reference time stamp is received at the PCB 110. The sample ofthe local counter and the received reference time stamp are then compared in the clock recovery circuit 190 to determine whether the system clock (NCXO 210) is running faster or slower than the encoder system clock. The difference signal is then used to either increase or decrease the local system clock rate and, and thus lock the local system clock to the encoder system clock. Locking the local and encoder system clocks insures that data is consumed at the proper rate to prevent buffer overflow or underflow failure conditions at the receiver (e.g., PCB 110). Of course, those of ordinary skill in the art will understand that the above description assumes an equal delay system, such as terrestrial or satellite transmission. In the case of a non-equal delayed system, such as Ethernet, other buffering or network de-jittering mechanisms should be employed to either recover the reference clock or manage the consumption of data and minimize the likelihood of buffer management errors.
The second IC 130 contains the security information necessary to decrypt encrypted keys (e.g., CWs, CPCWs) transmitted to the security CPU 135 from a smart card 200. The smart card 200 is external to the PCB 110, and may be coupled thereto through an interface.
Separate processes will be performed to decrypt incoming data depending upon the source ofthe data. If the data is transmitted from a cable/satellite/terrestrial line/DSL source, Control Words (CWs) will typically be utilized to decrypt the data. However, if the data is transmitted from the HDD 220, Copy Protection Control Words (CPCWs) will typically be used to decrypt the data.
In the situation where data is received at the first IC 120 from a cable/satellite/terrestrial line/DSL source, the process proceeds as follows. As data is received by the first IC 120, such data is demultiplexed at demultiplexer 180 to separate the Audio/Visual (A/V) data from the entitlement data (e.g., EMMs, ECMs, etc.). The entitlement data is then transmitted to the smart card 200 where it is deciphered to generate keys for decrypting the A/V data. These decryption keys (referenced in Figure 1 as 'smart card encrypted keys'), which are commonly referred to as Control Words (CWs), are then re- encrypted and sent to the security CPU 135. The security CPU 135 then passes the encrypted decryption keys (CWs) on to the second IC 130 through security chip interface circuit 165 and IC interface 125.
The second IC 130 first decrypts the CWs to generate CWs 'in the clear' within the second IC 130. The second IC 130 will then use the Diffie-Hellman secure key exchange algorithm over interface 125 to communicate the decrypted keys to the first IC 120. The security CPU 135 in the first IC 120 will execute code stored in ROM 140 to effect the Diffie- Hellman key exchange algorithm. The CWs transmitted to the first IC 120 are preferably stored in the CW keys register 175 for later use in the decryption of A/V content.
The ROM 140 contains the algorithms executed by the security CPU 135 to decrypt the CWs. If Diffie-Hellman key exchange is used to protect the interface 125, then it will be the security CPU 135 that implements the Diffie-Hellman key exchange algorithm. If RSA or PGP are used to protect the data traveling from the second IC 130 to the first IC 120 then the RSA or PGP decryption algorithm will run on the security CPU 135. In order to substantially prevent a hacker from taking control ofthe security CPU 135, the security CPU is only able to execute code from the ROM 140.
In the situation where data is received at the first IC 120 from the HDD 220, the process proceeds as follows. As data is received by the first IC 120, such data is demultiplexed at demultiplexer 180 to separate the Audio/Visual (A/V) data from the entitlement data (e.g., EMMs, ECMs, etc.). The entitlement data is then transmitted to the smart card 200 where it is deciphered to generate keys for decrypting the A/V data. These decryption keys (referenced in Figure 1 as 'smart card encrypted keys'), which are commonly referred to as Copy Protection Control Words (CPCWs), are then re-encrypted and sent to the security CPU 135. The security CPU 135 then passes the encrypted decryption keys
(CPCWs) on to the second IC 130 through security chip interface circuit 165 and IC interface 125.
The second IC 130 first decrypts the CPCWs to generate CPCWs 'in the clear' within the second IC 130. The second IC 130 will then use the Diffie-Hellman secure key exchange algorithm over interface 125 to communicate the decrypted keys to the first IC 120. The security CPU 135 in the first IC 120 will execute code stored in ROM 140 to effect the Diffie- Hellman key exchange algorithm. The CPCWs transmitted to the first IC 120 are preferably stored in the CPCW keys register 170 for later use in the decryption of A/V content.
The ROM 140 contains the algorithms executed by the security CPU 135 to decrypt the CPCWs. If Diffie-Hellman key exchange is used to protect the interface 125, then it will be the security CPU 135 that implements the Diffie-Hellman key exchange algorithm. If RSA or PGP are used to protect the data traveling from the second IC 130 to the first IC 120 then the RSA or PGP decryption algorithm will run on the security CPU 135. In order to substantially prevent a hacker from taking control ofthe security CPU 135, the security CPU is only able to execute code from the ROM 140.
The ring oscillator 145 and the pseudo-random number generator 150 are two important elements ofthe above-described interface protection system 100. The ring oscillator 145 produces a clock signal with a frequency that is a function ofthe process used when the first IC 120 was manufactured, and the voltage and temperature applied to the first IC when implemented in the interface protection system 100. As is well known in the art, ambient noise on the PCB 110 provides for an initialization of one ofthe inverters ofthe ring oscillator 145. Once one ofthe inverters ofthe ring oscillator has been initialized to a particular level (e.g., 1 Volt) by ambient noise, the succeeding inverter provides and opposing signal (e.g., zero Volts) and so on until a continuous clock signal is generated. The three values which determine the parameters ofthe clock signal ofthe ring oscillator 145 (e.g., process type, voltage and temperature) will be similar as between each IC 120, but are unlikely to be identical. Thus, the ring oscillator 145 provides a level of uniqueness for each IC 120 and PCB 110. Since the pseudo-random number generator 150 generates pseudorandom numbers based on the clock signal ofthe ring oscillator 145, providing a unique clock signal produces a unique generation of pseudo-random numbers.
Preferably, the pseudo-random number generator 150 is not reset to a known value (e.g., 0) during power up or reset. Thus, the count sequence will not always begin at the same point after a power up or reset, and will be more difficult to determine for a hacker. The repeat cycle count (i.e., the time between repeated numbers) ofthe pseudo-random sequence can be made as long as required to ensure a good key value for the protection ofthe interface.
The pseudo-random number generator 150 may be sampled at fixed intervals as measured by the system clock (produced by VCXO 210) of the first IC 120. As the pseudo- random numbers are sampled by the system clock they are placed into the interface protection key register 155. It will be noted that the pseudo-random number produced by the pseudorandom number generator 150 comprises a temporary secret stored in the first IC 120, and is typically not communicated outside the first IC. The generated pseudo-random numbers may be utilized directly or indirectly by the security CPU 135 to generate a public/private key pair for an asymmetric encryption algorithm (e.g., Pretty Good Privacy (PGP), Rivest Shamir Adelman (RSA), etc.). The public key generated by the security CPU 135 will be sent from the first IC 120 to the second IC 130 over the interface 125. The second IC 130 may then use the public key to encrypt CWs and CPCWs sent back from the second IC to the first IC 120. The private key will be used in the first IC 120 to decrypt the encrypted CWs and CPCWs transmitted from the second IC 130. Since the private key will not be known outside the first IC 120, the interface 125 remains as secure as the encryption algorithm.
Although the above discussion centers on a pseudo-random number generator 145 to create return path unique keys, other equivalent state machines may also be used. For example, a counter could be clocked by the output ofthe ring oscillator and used to generate key values.
Although the invention has been described in terms of exemplary embodiments, it is not limited thereto. Rather, the appended claims should be construed broadly, to include other variants and embodiments ofthe invention which may be made by those skilled in the art without departing from the scope and range of equivalents ofthe invention.

Claims

1. A method for protecting a communications interface between a first device and a second device, comprising the steps of: generating at least one pseudo-random number in a first device; and, encrypting a content stream sent from a second device to the first device utilizing the at least one pseudo-random number.
2. The method of claim 1, comprising the further step of: sending the encrypted content stream from the second device to the first device; and, decrypting the content stream in the first device utilizing the at least one pseudo-random number.
3. The method of claim 1, wherein the step of generating a pseudo-random number comprises generating a pseudo-random number utilizing a ring oscillator.
4. The method of claim 1, wherein the step of encrypting a content stream comprises: generating at least one public key based on the at least one pseudo-random number; and encrypting a content stream utilizing said at least one public key.
5. An interface protection system comprising: a first device including a ring oscillator and a pseudo-random number generator for collectively generating at least one pseudo-random number; a second device: and, an interface coupling the first and second devices together to permit transfer of information therebetween.
6. The interface protection system of claim 5, wherein ring oscillator produces a clock signal which is applied to the pseudo-random number generator to generate at least one pseudo-random number.
7. The interface protection system of claim 6, wherein transmissions across the interface are encrypted utilizing the at least one pseudo-random number.
8. The interface protection system of claim 7, wherein transmissions across the interface are encrypted utilizing a public key derived from said at least one pseudo-random number.
9. The interface protection system of claim 6, wherein transmissions from the second device to the first device across the interface are encrypted utilizing the at least one pseudorandom number.
10. The interface protection system of claim 9, wherein transmissions across the interface are encrypted utilizing a public key derived from said at least one pseudo-random number.
11. A conditional access system comprising: a content transmitting device; and, a content receiving device, wherein the content receiving device includes a ring oscillator and a pseudo-random number generator for protecting transmissions across an interface ofthe content receiving device.
12. The conditional access system of claim 11, wherein the content transmitting device comprises a satellite or cable source and the content receiving device comprises a set top box.
13. The conditional access system of claim 11, wherein the content receiving device includes a first device and a second device coupled to each other by the interface.
14. The conditional access system of claim 13, wherein the ring oscillator and the pseudo-random number generator generate pseudo-random numbers which may be used to encrypt communications across the interface.
15. A receiver comprising: a first integrated circuit including a ring oscillator and a pseudo-random number generator; a second integrated circuit; and, an interface coupling the first and second integrated circuits, wherein said ring oscillator and said pseudo-random number generator collectively generate at least one pseudo-random number for encrypting communications between the first and second integrated circuits across the interface.
16. The receiver of claim 15, wherein the receiver comprises a set top box.
17. A method for protecting a communications interface between a first device and a second device, comprising the steps of: generating at least one key pair in a first device; and, encrypting a content stream sent from a second device to the first device utilizing a first key of the at least one key pair.
18. The method of claim 17, comprising the further step of: decrypting the content stream in the first device utilizing a second key ofthe at least one key pair.
19. The method of claim 17, wherein the step of generating at least one key pair comprises generating at least one key pair utilizing a ring oscillator.
20. The method of claim 17, wherein the at least one key pair comprises a public/private key pair.
PCT/US2002/008884 2001-03-21 2002-03-20 Interface protection system for protecting communications between integrated circuits WO2002078341A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US27748601P 2001-03-21 2001-03-21
US60/277,486 2001-03-21

Publications (1)

Publication Number Publication Date
WO2002078341A2 true WO2002078341A2 (en) 2002-10-03

Family

ID=23061085

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/008884 WO2002078341A2 (en) 2001-03-21 2002-03-20 Interface protection system for protecting communications between integrated circuits

Country Status (1)

Country Link
WO (1) WO2002078341A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1288768A2 (en) * 2001-08-29 2003-03-05 Siemens AG Österreich Smart dongle
EP1662697A1 (en) * 2004-11-29 2006-05-31 Broadcom Corporation Method and apparatus for security over multiple interfaces
US20130019324A1 (en) * 2011-03-07 2013-01-17 University Of Connecticut Embedded Ring Oscillator Network for Integrated Circuit Security and Threat Detection

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1288768A2 (en) * 2001-08-29 2003-03-05 Siemens AG Österreich Smart dongle
EP1288768A3 (en) * 2001-08-29 2004-01-02 Siemens AG Österreich Smart dongle
EP1662697A1 (en) * 2004-11-29 2006-05-31 Broadcom Corporation Method and apparatus for security over multiple interfaces
US8281132B2 (en) 2004-11-29 2012-10-02 Broadcom Corporation Method and apparatus for security over multiple interfaces
US8909932B2 (en) 2004-11-29 2014-12-09 Broadcom Corporation Method and apparatus for security over multiple interfaces
US20130019324A1 (en) * 2011-03-07 2013-01-17 University Of Connecticut Embedded Ring Oscillator Network for Integrated Circuit Security and Threat Detection
US8850608B2 (en) * 2011-03-07 2014-09-30 University Of Connecticut Embedded ring oscillator network for integrated circuit security and threat detection

Similar Documents

Publication Publication Date Title
JP4510281B2 (en) System for managing access between a method and service provider for protecting audio / visual streams and a host device to which a smart card is coupled
KR100898437B1 (en) Process of symmetric key management in a communication network, communication device and device for processing data in a communication network
US6550008B1 (en) Protection of information transmitted over communications channels
KR100966970B1 (en) Method of updating a revocation list of noncompliant keys, appliances or modules in a secure system for broadcasting content
RU2184392C2 (en) Intellectual card based on access control system with enhanced protection
CA2470132C (en) Encrypting received content
JP2004289847A (en) Updatable conditional access system
EP2219374A1 (en) Securely providing a control word from a smartcard to a conditional access module
US7336785B1 (en) System and method for copy protecting transmitted information
US20020101989A1 (en) Data protection system
US20040052377A1 (en) Apparatus for encryption key management
WO2000051287A1 (en) Protecting information in a system
WO2011120901A1 (en) Secure descrambling of an audio / video data stream
US7600118B2 (en) Method and apparatus for augmenting authentication in a cryptographic system
US6516414B1 (en) Secure communication over a link
EP2326043A1 (en) Preventing cloning of receivers of encrypted messages
AU2014292293B2 (en) Method for protecting decryption keys in a decoder and decoder for implementing said method
WO2002078341A2 (en) Interface protection system for protecting communications between integrated circuits
US20050278524A1 (en) Local digital network, methods for installing new devices and data broadcast and reception methods in such a network
WO2018066509A1 (en) Communication device, communication method, communication system, and recording medium
Aikawa et al. A lightweight encryption method suitable for copyright protection
KR20110028784A (en) A method for processing digital contents and system thereof
MXPA00005722A (en) Method for protecting the audio/visual data across the nrss inte rface
JPH11308209A (en) Signal cipher device and its method, data transmitter and its method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642