WO2016012940A1 - Streaming a linear broadcast to a tablet-like device - Google Patents

Streaming a linear broadcast to a tablet-like device Download PDF

Info

Publication number
WO2016012940A1
WO2016012940A1 PCT/IB2015/055515 IB2015055515W WO2016012940A1 WO 2016012940 A1 WO2016012940 A1 WO 2016012940A1 IB 2015055515 W IB2015055515 W IB 2015055515W WO 2016012940 A1 WO2016012940 A1 WO 2016012940A1
Authority
WO
WIPO (PCT)
Prior art keywords
arrangement
signal
streaming
renderer
receiver
Prior art date
Application number
PCT/IB2015/055515
Other languages
French (fr)
Inventor
Alan John Sullivan
Original Assignee
Altech Multimedia (Pty) Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Altech Multimedia (Pty) Limited filed Critical Altech Multimedia (Pty) Limited
Publication of WO2016012940A1 publication Critical patent/WO2016012940A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
    • H04N21/4408Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network

Definitions

  • This invention relates to a system for and a method of locally streaming an input signal received from a remote source to a Tenderer device, such as a tablet, a television set or the like.
  • a Tenderer device such as a tablet, a television set or the like.
  • the invention also relates to a kit comprising streaming devices for use in the system and in the method.
  • a system for locally streaming an input signal which is received from a remote source comprising:
  • a local streaming arrangement comprising at least one semiconductor chip comprising a first memory arrangement comprising a first secure zone comprising at least a first sub- zone; a first receiver for receiving the signal from the remote source; a first processor for executing a transmitting part of a streaming application which is stored in the memory arrangement; a first transmitter forming a first part of a local communications link; and a first cryptographic token which is stored in the first sub-zone of the first secure zone; and
  • a local renderer arrangement comprising a second memory arrangement comprising at least one second secure zone; a second processor for executing a receiving part of the streaming application; a second receiver forming a second part of said local communications link; and a second cryptographic token which is stored in the at least one second secure zone;
  • the streaming arrangement being configured to receive the input signal via the first receiver, cryptographically to protect the received signal utilizing the first encryption token and to transmit via the local communications link the protected signal to the renderer arrangement;
  • the renderer arrangement being configured to receive the protected signal and to process the protected signal utilizing the second cryptographic token, to yield the received signal suitable for rendering on a first renderer device.
  • At least one of the first and second secure zones may comprise or form part of an integrated system on chip (SOC) comprising at least one of tamper-detecting and tamper-evident containment, conductive shield layers in the chip that prevent reading of internal signals, controlled execution to prevent timing delays from revealing any secret information, automatic zeroization of secrets in the event of tampering, chain of trust boot-loader which authenticates an operating system before loading it, chain of trust operating system which authenticates application software before loading it and hardware-based capability registers, implementing a one-way privilege separation model.
  • SOC system on chip
  • the first renderer device may be any suitable renderer device including but not limited to a mobile phone, a tablet, a personal computer and a smart television apparatus.
  • the first renderer device may comprise an Android operating system.
  • At least the second receiver and the second memory arrangement may be housed in a first dongle which is attachable to the first renderer device.
  • attachable is not limited to a physical connection but includes within its scope near field communications (NFC).
  • NFC near field communications
  • the first dongle may removeably be connectable to the renderer device, for example via a USB port.
  • the second memory arrangement, the second processor and the second receiver may be integrated in the first renderer device or housed in a housing of the first renderer device.
  • the local communications link may comprise at least one of a cable extending between the first transmitter and the second receiver and a wireless link extending between the first transmitter and the second receiver.
  • the wireless link may be any suitable link including, but not limited to BlueTooth and WiFi.
  • the streaming may be performed according to any one of a Transport Layer Security (TLS) and Secure Sockets Layer (SSL) cryptographic protocol to provide a first level of security. The aforementioned protection utilizing the first cryptographic token then provides a second level of security.
  • TLS Transport Layer Security
  • SSL Secure Sockets Layer
  • the streaming arrangement may be is housed in a first portable housing.
  • the streaming arrangement may comprise a rechargeable battery.
  • the first receiver may comprise one of a DVB-T, DVBT2, DVB-S and a DVB-S2 receiver.
  • the input signal may be one of a broadcast signal and a multicast signal.
  • the input signal may be one of open and secured with a conditional access system.
  • the input signal may be secured with a key of a conditional access (CA) system and a third cryptographic key which is associated with the key of the CA system may be stored in a second secure sub-zone of the first memory arrangement.
  • CA conditional access
  • the at least one semiconductor chip comprising the first memory arrangement, the first receiver and the first processor for executing the transmitting part of the a streaming application may be housed in a set top box, the set top box may be attachable to a second render device and the first transmitter may be housed in a second dongle which is attachable to the set top box, to be in data communication with the first processor.
  • the set top box may comprise a local mass data storage device for storing media data which is carried by the input signal.
  • a method of locally streaming an input signal received from a remote source utilizing a system comprising a streaming arrangement and a renderer arrangement, the streaming arrangement comprising a first memory arrangement comprising a first secure zone comprising at least a first sub-zone; a first receiver for receiving the signal from the remote source; a first processor for executing a transmitting part of a streaming application stored in the first memory arrangement; a first transmitter forming a first part of a local communications link; and a first cryptographic token which is stored in the first sub-zone of the first secure zone; the renderer arrangement comprising a second memory arrangement comprising at least one second secure zone; a second processor for executing a receiving part of the streaming application which is stored in the second memory arrangement; and a second receiver forming a second part of said communications link, and a second cryptographic token stored in the at least one second secure zone, the method comprising the steps of:
  • the renderer arrangement may be integrated in the first renderer device and the method may comprise pre-storing or updated the second encryption token in the at least one second secure zone of the second memory arrangement by: at a backend, protecting the second encryption token with a protection token or secret which is pre-stored in the renderer device, forwarding the protected second encryption token to the renderer device via the streaming arrangement and on the renderer device, causing the protected second encryption token to be unprotected utilizing the pre- stored token or secret and causing the unprotected or clear second token to be stored in the at least one second secure zone of the second memory arrangement.
  • the first encryption token which is stored in the first sub-zone of the first memory arrangement may be updated in a similar manner from the backend.
  • a streaming device comprising a housing which houses at least one semiconductor chip comprising a memory arrangement comprising a secure zone comprising at least a first sub-zone, a first receiver for receiving an input signal from a remote source, a first processor for protecting the received signal with a first cryptographic token which is stored in said first sub-zone, a transmitter providing a first part of a communications link between the streaming device and a renderer device and the first processor being operative to stream the protected signal via the transmitter to the renderer device.
  • the streaming device may comprise a rechargeable battery and may further comprise a suitable connection on its housing, so that the battery may be connected to mains power to be recharged.
  • a device which is attachable to a renderer device, the device comprising a memory arrangement comprising at least one secure zone; a processor for executing a receiving part of a streaming application; a receiver forming a receiving part of a communications link; and a cryptographic token which is stored in the at least one secure zone; the device being configured to receive via the communications link a signal which is protected by a first cryptographic token and to process the protected signal utilizing said stored cryptographic token, to yield the input signal for rendition on the renderer device.
  • the invention also extends to a kit comprising a streaming device as above defined and at least one device as defined above.
  • the invention still further extends to a computer readable medium storing a computer program configured to perform the method defined above.
  • the medium may form part of the streaming device.
  • figure 1 is a high level diagrammatic representation of a first example embodiment of a system for streaming a linear broadcast to a renderer device, such as a tablet;
  • figure 2 is a diagrammatic representation of a second embodiment of the system
  • FIG. 3 is a more detailed block diagram of the system
  • figure 4 is a high level diagrammatic representation of a further example embodiment of the system.
  • FIG. 5 is a more detailed block diagram of the further example embodiment.
  • FIG 6 is a more detailed diagram illustrating processing of a received conditional access (CA) protected input signal.
  • CA conditional access
  • One example embodiment of a system for locally streaming to a renderer device 14 an open, alternatively secure input signal (such as signal 50) received from a remote source is generally designated by the reference numeral 10 in figures 1 to 3.
  • This example embodiment of the system comprises a portable, at least temporarily self-powered and stand-alone streaming device 12 and said renderer device 14, typically a hand-held device, which is separate from the steaming device.
  • the streaming device is a stand-alone device with a local rechargeable battery
  • the renderer device is a tablet comprising a screen 16.
  • the streaming device 12 is in the form of a docking station which may be connectable to mains power and said tablet 14 is removably receivable in the docking station, so that a battery of the tablet 14 may be recharged.
  • the streaming device may be removably fittable in a vehicle, to serve portable renderer devices which are distributed in the vehicle.
  • the streaming device 12 comprises a first housing 20 which houses at least one semiconductor chip or system on chip (SOC) 22 comprising a first processor controlled controller 24 and a first memory arrangement 26 comprising a trusted secure zone 28 comprising at least a first sub-zone 28.1 and a second sub-zone 28.2.
  • the first processor is configured to execute a transmitter part of a streaming application which is stored in the first memory arrangement.
  • a first receiver 30 for receiving a linear broadcast signal 50 is connected to the controller.
  • a wireless transceiver 32 Also connected to the controller 24 is a wireless transceiver 32 providing a first part of a secure bi-directional wireless link 34 between the streaming device 12 and the renderer device 14.
  • the streaming device also comprises the rechargeable battery 35 which is chargeable via a USB port 36, for example.
  • the renderer device 14 comprises a second housing 40 which is different from the first housing 20 and which second housing comprises the screen 16, a second memory arrangement 42 and a second processor 44 for executing a receiving part of the streaming application which is stored in the second memory arrangement.
  • the renderer device may comprise an Android operating system and the streaming application will then be an Android application.
  • At least a first cryptographic token 38.1 associated with the secure wireless link 34 is stored in the first trusted sub-zone 28.1 .
  • Another cryptographic token 38.2 associated with a secure broadcast signal 50 may be stored in the second trusted sub-zone 28.2 of the trusted secure zone 28 of the first memory arrangement 28 of the streaming device 12.
  • a second receiver 46 providing a second part of the wireless link 34 forms part of the renderer device 14.
  • the security for the link is provided by a first dongle 48 which may be attached to the renderer device, by plugging it in or otherwise interfacing with the renderer device such as via NFC.
  • the ⁇ 2 dongle comprises an interface 54 cooperating with interface 52 on the tablet 14.
  • the dongle further comprises a second processor 56 and a second memory arrangement 58 comprising a trusted secure zone 58.1 where a second cryptographic token 60 associated with the secure link and the first token 38.1 is stored, to provide the secure link 34.
  • the streaming device 12 is configured locally to stream a received linear broadcast signal 50 received from a head-end (not shown) in real time to the renderer device 14 utilizing the at least one first token 38.1 in the first sub-zone 28.1 and the second token 60 on the dongle to provide said secure wireless link 34.
  • the tokens 38.1 and 60 may be stored in the secure zones upon manufacture, and if necessary may be updated on line from a central management system, as more fully described in South African patent application 2014/06806 entitled "Set-top box having media player and home management operating domains with respective service keys", the contents of which are incorporated herein by this reference.
  • the renderer device in the example embodiments is a tablet, it may also be any other suitable device, including but not limited to a mobile phone, a personal computer and a smart television apparatus.
  • the wireless link 34 may be any suitable link including, but not limited to BlueTooth and WiFi.
  • the streaming may be performed according to any one of a Transport Layer Security (TLS) and Secure Sockets Layer (SSL) cryptographic protocol to provide communication security.
  • TLS Transport Layer Security
  • SSL Secure Sockets Layer
  • the link may be provided by physical cables between the streaming device and one or more renderer devices.
  • the first receiver 30 may be any one of a DVB-T, DVB-T2, DVB-S and DVB-S2 or similar receivers.
  • the input signal may be broadcast signal 50 such as a satellite broadcast or a digital terrestrial broadcast signal.
  • the input signal may be a multicast signal 102 according to Internet Protocol.
  • the signal may be open, alternatively secured, for example according to any suitable conditional access (CA) system.
  • CA conditional access
  • the above other cryptographic token 38.2 which is stored in the second trusted sub-zone 28.2 of the secure region of the first memory arrangement 28 may be associated with the CA system.
  • FIGS 4 to 6 there is shown another example embodiment of the system for locally streaming an input signal received from a remote source, but designated 100.
  • the input signal may be a linear broadcast signal as stated above and/or a multicast signal 102 received via the internet.
  • the system comprises a streaming arrangement 104 and a renderer arrangement 106. More particularly referring to figure 5, the streaming arrangement 104 comprises at least one semiconductor chip comprising a memory arrangement 128 comprising a secure zone comprising at least a first secure sub-zone 128.1 and a second secure sub-zone 128.2.
  • the arrangement may comprise a first receiver 130 for receiving a broadcast signal from a remote head-end and a first processor controlled controller 124 for executing a transmitting part of the streaming application which is stored in the memory arrangement 128.
  • a first wireless transceiver 132 forms a first part of a local wireless link 134.
  • a receiver part of the first transceiver 132 may also act as a receiver for the multicast signal 102.
  • At least one first cryptographic token 138.1 is stored in the first sub-zone 128.1 of the secure zone of memory arrangement 128.
  • the renderer arrangement 106 comprises a second memory arrangement 158 comprising at least one secure zone 158.1 , a second processor 156 for executing a receiving part of the streaming application, a second wireless transceiver 146 forming a second part of said wireless link 134 and at least one second cryptographic token 160 which is stored in the at least one secure zone 158.1 .
  • the streaming arrangement 104 is configured to receive an input signal 150 or 102, cryptographically to protect the received signal utilizing the at least one first encryption token 128.1 and to transmit via the wireless link 134 the protected signal in real time to the renderer arrangement 106.
  • the renderer arrangement 106 is configured to receive the protected signal and to process the protected signal utilizing the at least one second cryptographic token 160, to yield the received signal suitable for display on a screen 162 of television 164.
  • the controller 124, first memory arrangement 128 and broadcast receiver 130 may form part of a set-top box (STB) 170.
  • the set top box may be connectable to another television set 172 in known manner.
  • the secure part of the memory arrangement may be provided by a SOC and/or a smart card 174 hosted by the STB.
  • the transceiver 132 may be located in a second dongle 176 which may be brought into data communication with the STB.
  • the receiver part of the transceiver 132 may serve as the receiver for the input multicast signal 02.
  • the second processor 156, second transceiver 146 and the second memory arrangement 158 may be housed in the first dongle 178 which first dongle may be brought into data communication with the television 162.
  • the second dongle 178 may for example be plugged into the television 162.
  • the input signal 150 or 102 may be protected in known manner at the remote source by a suitable CA system.
  • Said other token 138.2 which is stored in the second trusted sub-zone 128.2 of the set-top box 170, is used by the controller 124 of the set-top box to process in know manner the CA protected input signal 150 or 102 at 180 to yield plain text media data.
  • the controller may feed the plain text media data in known manner to the television 172 for rendering by the television.
  • the controller may cause the media data to be stored locally on a mass data storage device, such as a hard disc 188 and drive hosted by the STB 170.
  • Hard disc 188 may also comprise other memory arrangements such as but not limited to a solid state drive SSD. Before the data is so stored, it may cryptographically be protected at 190 by encryption utilizing any suitable technology, such as AES or DES, for example. Further alternatively or in addition, at 192, the data may cryptographically be protected utilizing said first encryption token 138.1 which is stored in the first trusted sub-zone 128.1 of the set-top box 170.
  • the protected data is then streamed via transceiver 132 of the second dongle 176 to the Tenderer arrangement 106 as described above.
  • the protected data is processed or decrypted utilizing the second cryptographic token 160, which is stored in the trusted sub-zone 158.1 of the second dongle 178.
  • the processed signal is then fed to the television 164 where it is rendered on screen 162. l be appreciated that media data which is pre-stored on hard drive 188bove described may, after decryption at 194, similarly be protected at and securely streamed at any other suitable time to device 164.

Abstract

A system (10) for locally streaming an input signal (50) which is received from a remote source comprises a streaming arrangement (12) comprising a memory comprising a secure zone (28) comprising a sub-zone (28.1); a receiver (30) for receiving the signal; a processor (24) for executing a transmitting part of a streaming application; a transmitter (32) forming a first part of a local communications link (34); and a cryptographic token (38.1) which is stored in the sub-zone (28.1). A renderer arrangement (14) comprises a memory (58) comprising a secure zone (58.1); a processor (56) for executing a receiving part of said application; a receiver (46) forming a second part of the link; and a cryptographic token (60) which is stored in the second secure zone. The streaming arrangement is configured to receive the signal via the receiver (30), to protect the signal utilizing the token (38.1) and to transmit via the link the protected signal to the renderer arrangement. The renderer arrangement is configured to receive the protected signal and to process the protected signal utilizing the token (60), to yield the received signal.

Description

STREAMING A LINEAR BROADCAST TO A TABLET-LIKE DEVICE
INTRODUCTION AND BACKGROUND
This invention relates to a system for and a method of locally streaming an input signal received from a remote source to a Tenderer device, such as a tablet, a television set or the like. The invention also relates to a kit comprising streaming devices for use in the system and in the method.
Currently, there are available tablets at relatively low cost and with a relatively short expected life time and which comprise a built-in DVB-T2 receiver or tuner. However, the strength of the security of the conditional access (CA) system as employed by these tablets to deal with secure broadcasts, may not be satisfactory or trusted and there may be a risk of hacking the system.
In other applications it may be required to stream an input signal received from a remote source securely within a local area network, such at a user's home.
OBJECT OF THE INVENTION
Accordingly, it is an object of the present invention to provide a system, streaming device and method with which the applicant believes the aforementioned disadvantages may at least be alleviated and/or requirements at least partially be met, or which may provide a useful alternative for the known systems, devices and methods. SUMMARY OF THE INVENTION
According to the invention there is provided a system for locally streaming an input signal which is received from a remote source, the system comprising:
- a local streaming arrangement comprising at least one semiconductor chip comprising a first memory arrangement comprising a first secure zone comprising at least a first sub- zone; a first receiver for receiving the signal from the remote source; a first processor for executing a transmitting part of a streaming application which is stored in the memory arrangement; a first transmitter forming a first part of a local communications link; and a first cryptographic token which is stored in the first sub-zone of the first secure zone; and
- a local renderer arrangement comprising a second memory arrangement comprising at least one second secure zone; a second processor for executing a receiving part of the streaming application; a second receiver forming a second part of said local communications link; and a second cryptographic token which is stored in the at least one second secure zone;
- the streaming arrangement being configured to receive the input signal via the first receiver, cryptographically to protect the received signal utilizing the first encryption token and to transmit via the local communications link the protected signal to the renderer arrangement; and
- the renderer arrangement being configured to receive the protected signal and to process the protected signal utilizing the second cryptographic token, to yield the received signal suitable for rendering on a first renderer device.
At least one of the first and second secure zones may comprise or form part of an integrated system on chip (SOC) comprising at least one of tamper-detecting and tamper-evident containment, conductive shield layers in the chip that prevent reading of internal signals, controlled execution to prevent timing delays from revealing any secret information, automatic zeroization of secrets in the event of tampering, chain of trust boot-loader which authenticates an operating system before loading it, chain of trust operating system which authenticates application software before loading it and hardware-based capability registers, implementing a one-way privilege separation model.
The first renderer device may be any suitable renderer device including but not limited to a mobile phone, a tablet, a personal computer and a smart television apparatus. In some embodiments the first renderer device may comprise an Android operating system. At least the second receiver and the second memory arrangement may be housed in a first dongle which is attachable to the first renderer device. In this context "attachable" is not limited to a physical connection but includes within its scope near field communications (NFC). In the case of physical connection the first dongle may removeably be connectable to the renderer device, for example via a USB port.
In other embodiments the second memory arrangement, the second processor and the second receiver may be integrated in the first renderer device or housed in a housing of the first renderer device.
The local communications link may comprise at least one of a cable extending between the first transmitter and the second receiver and a wireless link extending between the first transmitter and the second receiver. The wireless link may be any suitable link including, but not limited to BlueTooth and WiFi. The streaming may be performed according to any one of a Transport Layer Security (TLS) and Secure Sockets Layer (SSL) cryptographic protocol to provide a first level of security. The aforementioned protection utilizing the first cryptographic token then provides a second level of security.
The streaming arrangement may be is housed in a first portable housing. The streaming arrangement may comprise a rechargeable battery. The first receiver may comprise one of a DVB-T, DVBT2, DVB-S and a DVB-S2 receiver.
The input signal may be one of a broadcast signal and a multicast signal.
The input signal may be one of open and secured with a conditional access system. The input signal may be secured with a key of a conditional access (CA) system and a third cryptographic key which is associated with the key of the CA system may be stored in a second secure sub-zone of the first memory arrangement.
The at least one semiconductor chip comprising the first memory arrangement, the first receiver and the first processor for executing the transmitting part of the a streaming application may be housed in a set top box, the set top box may be attachable to a second render device and the first transmitter may be housed in a second dongle which is attachable to the set top box, to be in data communication with the first processor.
The set top box may comprise a local mass data storage device for storing media data which is carried by the input signal.
Also included within the scope of the present invention is a a method of locally streaming an input signal received from a remote source utilizing a system comprising a streaming arrangement and a renderer arrangement, the streaming arrangement comprising a first memory arrangement comprising a first secure zone comprising at least a first sub-zone; a first receiver for receiving the signal from the remote source; a first processor for executing a transmitting part of a streaming application stored in the first memory arrangement; a first transmitter forming a first part of a local communications link; and a first cryptographic token which is stored in the first sub-zone of the first secure zone; the renderer arrangement comprising a second memory arrangement comprising at least one second secure zone; a second processor for executing a receiving part of the streaming application which is stored in the second memory arrangement; and a second receiver forming a second part of said communications link, and a second cryptographic token stored in the at least one second secure zone, the method comprising the steps of:
- causing the signal to be received via the first receiver;
- causing the received signal cryptographically to be protected utilizing the first cryptographic token;
- causing the protected signal locally and in real time to be transmitted via the local communications link;
- causing the protected signal to be received at the renderer arrangement;
- causing the protected signal to be processed utilizing the second cryptographic token; and
- causing the processed signal to be fed to a first renderer device. The renderer arrangement may be integrated in the first renderer device and the method may comprise pre-storing or updated the second encryption token in the at least one second secure zone of the second memory arrangement by: at a backend, protecting the second encryption token with a protection token or secret which is pre-stored in the renderer device, forwarding the protected second encryption token to the renderer device via the streaming arrangement and on the renderer device, causing the protected second encryption token to be unprotected utilizing the pre- stored token or secret and causing the unprotected or clear second token to be stored in the at least one second secure zone of the second memory arrangement.
The first encryption token which is stored in the first sub-zone of the first memory arrangement may be updated in a similar manner from the backend.
Further according to the invention there is provided a streaming device comprising a housing which houses at least one semiconductor chip comprising a memory arrangement comprising a secure zone comprising at least a first sub-zone, a first receiver for receiving an input signal from a remote source, a first processor for protecting the received signal with a first cryptographic token which is stored in said first sub-zone, a transmitter providing a first part of a communications link between the streaming device and a renderer device and the first processor being operative to stream the protected signal via the transmitter to the renderer device.
The streaming device may comprise a rechargeable battery and may further comprise a suitable connection on its housing, so that the battery may be connected to mains power to be recharged.
Still further according to the invention there is provided a device which is attachable to a renderer device, the device comprising a memory arrangement comprising at least one secure zone; a processor for executing a receiving part of a streaming application; a receiver forming a receiving part of a communications link; and a cryptographic token which is stored in the at least one secure zone; the device being configured to receive via the communications link a signal which is protected by a first cryptographic token and to process the protected signal utilizing said stored cryptographic token, to yield the input signal for rendition on the renderer device.
The invention also extends to a kit comprising a streaming device as above defined and at least one device as defined above.
The invention still further extends to a computer readable medium storing a computer program configured to perform the method defined above. The medium may form part of the streaming device.
BRIEF DESCRIPTION OF THE ACCOMPANYING DIAGRAMS
The invention will now further be described, by way of example only, with reference to the accompanying diagrams wherein:
figure 1 is a high level diagrammatic representation of a first example embodiment of a system for streaming a linear broadcast to a renderer device, such as a tablet;
figure 2 is a diagrammatic representation of a second embodiment of the system;
figure 3 is a more detailed block diagram of the system;
figure 4 is a high level diagrammatic representation of a further example embodiment of the system;
figure 5 is a more detailed block diagram of the further example embodiment; and
figure 6 is a more detailed diagram illustrating processing of a received conditional access (CA) protected input signal.
DESCRIPTION OF A PREFERRED EMBODIMENT OF THE INVENTION
One example embodiment of a system for locally streaming to a renderer device 14 an open, alternatively secure input signal (such as signal 50) received from a remote source is generally designated by the reference numeral 10 in figures 1 to 3. This example embodiment of the system comprises a portable, at least temporarily self-powered and stand-alone streaming device 12 and said renderer device 14, typically a hand-held device, which is separate from the steaming device. In the example embodiment shown in figure 1 , the streaming device is a stand-alone device with a local rechargeable battery
35 (shown in figure 3) and the renderer device is a tablet comprising a screen 16. In the example embodiment shown in figure 2, the streaming device 12 is in the form of a docking station which may be connectable to mains power and said tablet 14 is removably receivable in the docking station, so that a battery of the tablet 14 may be recharged. In other example embodiments (not shown), the streaming device may be removably fittable in a vehicle, to serve portable renderer devices which are distributed in the vehicle. Referring now also to figure 3, the streaming device 12 comprises a first housing 20 which houses at least one semiconductor chip or system on chip (SOC) 22 comprising a first processor controlled controller 24 and a first memory arrangement 26 comprising a trusted secure zone 28 comprising at least a first sub-zone 28.1 and a second sub-zone 28.2. The first processor is configured to execute a transmitter part of a streaming application which is stored in the first memory arrangement. A first receiver 30 for receiving a linear broadcast signal 50 is connected to the controller. Also connected to the controller 24 is a wireless transceiver 32 providing a first part of a secure bi-directional wireless link 34 between the streaming device 12 and the renderer device 14. The streaming device also comprises the rechargeable battery 35 which is chargeable via a USB port 36, for example.
The renderer device 14 comprises a second housing 40 which is different from the first housing 20 and which second housing comprises the screen 16, a second memory arrangement 42 and a second processor 44 for executing a receiving part of the streaming application which is stored in the second memory arrangement. The renderer device may comprise an Android operating system and the streaming application will then be an Android application.
At least a first cryptographic token 38.1 associated with the secure wireless link 34 is stored in the first trusted sub-zone 28.1 . Another cryptographic token 38.2 associated with a secure broadcast signal 50 may be stored in the second trusted sub-zone 28.2 of the trusted secure zone 28 of the first memory arrangement 28 of the streaming device 12.
A second receiver 46 providing a second part of the wireless link 34 forms part of the renderer device 14. The security for the link is provided by a first dongle 48 which may be attached to the renderer device, by plugging it in or otherwise interfacing with the renderer device such as via NFC. The Ί 2 dongle comprises an interface 54 cooperating with interface 52 on the tablet 14. The dongle further comprises a second processor 56 and a second memory arrangement 58 comprising a trusted secure zone 58.1 where a second cryptographic token 60 associated with the secure link and the first token 38.1 is stored, to provide the secure link 34.
The streaming device 12 is configured locally to stream a received linear broadcast signal 50 received from a head-end (not shown) in real time to the renderer device 14 utilizing the at least one first token 38.1 in the first sub-zone 28.1 and the second token 60 on the dongle to provide said secure wireless link 34. The tokens 38.1 and 60 may be stored in the secure zones upon manufacture, and if necessary may be updated on line from a central management system, as more fully described in South African patent application 2014/06806 entitled "Set-top box having media player and home management operating domains with respective service keys", the contents of which are incorporated herein by this reference. Although the renderer device in the example embodiments is a tablet, it may also be any other suitable device, including but not limited to a mobile phone, a personal computer and a smart television apparatus.
The wireless link 34 may be any suitable link including, but not limited to BlueTooth and WiFi. The streaming may be performed according to any one of a Transport Layer Security (TLS) and Secure Sockets Layer (SSL) cryptographic protocol to provide communication security. In other embodiments the link may be provided by physical cables between the streaming device and one or more renderer devices.
The first receiver 30 may be any one of a DVB-T, DVB-T2, DVB-S and DVB-S2 or similar receivers.
Hence, the input signal may be broadcast signal 50 such as a satellite broadcast or a digital terrestrial broadcast signal. Alternatively, the input signal may be a multicast signal 102 according to Internet Protocol. The signal may be open, alternatively secured, for example according to any suitable conditional access (CA) system. The above other cryptographic token 38.2 which is stored in the second trusted sub-zone 28.2 of the secure region of the first memory arrangement 28 may be associated with the CA system.
In figures 4 to 6 there is shown another example embodiment of the system for locally streaming an input signal received from a remote source, but designated 100. Referring firstly to figures 4 and 5, the input signal may be a linear broadcast signal as stated above and/or a multicast signal 102 received via the internet. The system comprises a streaming arrangement 104 and a renderer arrangement 106. More particularly referring to figure 5, the streaming arrangement 104 comprises at least one semiconductor chip comprising a memory arrangement 128 comprising a secure zone comprising at least a first secure sub-zone 128.1 and a second secure sub-zone 128.2. The arrangement may comprise a first receiver 130 for receiving a broadcast signal from a remote head-end and a first processor controlled controller 124 for executing a transmitting part of the streaming application which is stored in the memory arrangement 128. A first wireless transceiver 132 forms a first part of a local wireless link 134. A receiver part of the first transceiver 132 may also act as a receiver for the multicast signal 102. At least one first cryptographic token 138.1 is stored in the first sub-zone 128.1 of the secure zone of memory arrangement 128. The renderer arrangement 106 comprises a second memory arrangement 158 comprising at least one secure zone 158.1 , a second processor 156 for executing a receiving part of the streaming application, a second wireless transceiver 146 forming a second part of said wireless link 134 and at least one second cryptographic token 160 which is stored in the at least one secure zone 158.1 .
The streaming arrangement 104 is configured to receive an input signal 150 or 102, cryptographically to protect the received signal utilizing the at least one first encryption token 128.1 and to transmit via the wireless link 134 the protected signal in real time to the renderer arrangement 106. The renderer arrangement 106 is configured to receive the protected signal and to process the protected signal utilizing the at least one second cryptographic token 160, to yield the received signal suitable for display on a screen 162 of television 164.
The controller 124, first memory arrangement 128 and broadcast receiver 130 may form part of a set-top box (STB) 170. The set top box may be connectable to another television set 172 in known manner. The secure part of the memory arrangement may be provided by a SOC and/or a smart card 174 hosted by the STB. The transceiver 132 may be located in a second dongle 176 which may be brought into data communication with the STB. As stated above, in some example embodiments the receiver part of the transceiver 132 may serve as the receiver for the input multicast signal 02.
The second processor 156, second transceiver 146 and the second memory arrangement 158 may be housed in the first dongle 178 which first dongle may be brought into data communication with the television 162. The second dongle 178 may for example be plugged into the television 162.
Referring to figures 5 and 6 and as stated above, the input signal 150 or 102 may be protected in known manner at the remote source by a suitable CA system. Said other token 138.2 which is stored in the second trusted sub-zone 128.2 of the set-top box 170, is used by the controller 124 of the set-top box to process in know manner the CA protected input signal 150 or 102 at 180 to yield plain text media data. At 184, the controller may feed the plain text media data in known manner to the television 172 for rendering by the television. Alternatively or in addition, at 186, the controller may cause the media data to be stored locally on a mass data storage device, such as a hard disc 188 and drive hosted by the STB 170. Hard disc 188 may also comprise other memory arrangements such as but not limited to a solid state drive SSD. Before the data is so stored, it may cryptographically be protected at 190 by encryption utilizing any suitable technology, such as AES or DES, for example. Further alternatively or in addition, at 192, the data may cryptographically be protected utilizing said first encryption token 138.1 which is stored in the first trusted sub-zone 128.1 of the set-top box 170.
The protected data is then streamed via transceiver 132 of the second dongle 176 to the Tenderer arrangement 106 as described above. At the first dongle 178, the protected data is processed or decrypted utilizing the second cryptographic token 160, which is stored in the trusted sub-zone 158.1 of the second dongle 178. The processed signal is then fed to the television 164 where it is rendered on screen 162. l be appreciated that media data which is pre-stored on hard drive 188bove described may, after decryption at 194, similarly be protected at and securely streamed at any other suitable time to device 164.

Claims

A system for locally streaming an input signal which is received from a remote source, the system comprising:
- a local streaming arrangement comprising at least one semiconductor chip comprising a first memory arrangement comprising a first secure zone comprising at least a first sub- zone; a first receiver for receiving the signal from the remote source; a first processor for executing a transmitting part of a streaming application which is stored in the memory arrangement; a first transmitter forming a first part of a local communications link; and a first cryptographic token which is stored in the first sub-zone of the first secure zone; and
- a local renderer arrangement comprising a second memory arrangement comprising at least one second secure zone; a second processor for executing a receiving part of the streaming application; a second receiver forming a second part of said local communications link; and a second cryptographic token which is stored in the at least one second secure zone;
- the streaming arrangement being configured to receive the input signal via the first receiver, cryptographically to protect the received signal utilizing the first encryption token and to transmit via the local communications link the protected signal to the renderer arrangement; and - the renderer arrangement being configured to receive the protected signal and to process the protected signal utilizing the second cryptographic token, to yield the received signal suitable for rendering on a first Tenderer device.
2. A system as claimed in claim 1 wherein the first renderer device comprises one of a tablet, a personal computer, a mobile phone and a television apparatus.
3. A system as claimed in any one of claims 1 and 2 wherein at least the second receiver and the second memory arrangement are housed in a first dongle which is attachable to the first renderer device.
4. A system as claimed in any one of claims 1 and 2 wherein the second memory arrangement, the second processor and the second receiver are housed in a housing of the first renderer device.
5. A system as claimed in any one of claims 1 to 4 wherein the communications link comprises at least one of a cable extending between the first transmitter and the second receiver and a wireless path extending between the first transmitter and the second receiver.
6. A system as claimed in any one of claims 1 to 5 wherein the streaming arrangement is housed in a first portable housing.
7. A system as claimed in any one of claims 1 to 6 wherein the streaming arrangement comprises a rechargeable battery.
8. A system as claimed in any one of claims 1 to 7 wherein the first receiver comprises one of a DVB-T, DVBT2, DVB-S and a DVB-S2 receiver.
9. A system as claimed in any one of claims 1 to 8 wherein the input signal is one of a broadcast signal and a multicast signal.
10. A system as claimed in any one of claims 1 to 9 wherein the input signal is one of open and secured with a conditional access system.
1 1 . A system as claimed in claim 10 wherein when the input signal is secured with a key of a conditional access (CA) system, a third cryptographic key which is associated with the key of the CA system is stored in a second secure sub-zone of the first memory arrangement.
12. A system as claimed in any one of claims 1 to 1 1 wherein the at least one semiconductor chip comprising the first memory arrangement, the first receiver and the first processor for executing the transmitting part of the a streaming application are housed in a set top box which is connectable to a second renderer device and wherein the first transmitter is housed in a second dongle which is attachable to the set top box, to be in data communication with the first processor.
A system as claimed in claim 12 wherein the set top box comprises a local mass data storage device for storing media data which is carried by the input signal,
A method of locally streaming an input signal received from a remote source utilizing a system comprising a streaming arrangement and a renderer arrangement, the streaming arrangement comprising a first memory arrangement comprising a first secure zone comprising at least a first sub-zone; a first receiver for receiving the signal from the remote source; a first processor for executing a transmitting part of a streaming application stored in the first memory arrangement; a first transmitter forming a first part of a local communications link; and a first cryptographic token which is stored in the first sub-zone of the first secure zone; the renderer arrangement comprising a second memory arrangement comprising at least one second secure zone; a second processor for executing a receiving part of the streaming application which is stored in the second memory arrangement; and a second receiver forming a second part of said communications link, and a second cryptographic token stored in the at least one second secure zone, the method comprising the steps of:
- causing the signal to be received via the first receiver;
- causing the received signal cryptographically to be protected utilizing the first cryptographic token;
- causing the protected signal locally and in real time to be transmitted via the local communications link;
- causing the protected signal to be received at the renderer arrangement;
- causing the protected signal to be processed utilizing the second cryptographic token; and
- causing the processed signal to be fed to a first renderer device.
A method as claimed in claim 14 wherein the renderer arrangement is integrated in the first renderer device and wherein the second encryption token is one of pre-stored and updated in the at least one second secure zone of the second memory arrangement by: at a backend, protecting the second encryption token with a protection token which is pre-stored in the renderer device, forwarding the protected token to the renderer device via the streaming arrangement and on the renderer device, causing the protected second encryption token to be unprotected utilizing the pre-stored token and causing the unprotected second token to be stored in the at least one second secure zone of the second memory arrangement.
16. A streaming device comprising a housing which houses at least one semiconductor chip comprising a memory arrangement comprising a secure zone comprising at least a first sub-zone, a first receiver for receiving an input signal from a remote source, a first processor for protecting the received signal with a first cryptographic token which is stored in said first sub-zone, a transmitter providing a first part of a communications link between the streaming device and a renderer device and the first processor being operative to stream the protected signal via the transmitter to the renderer device.
A device which is attachable to a renderer device, the device comprising a memory arrangement comprising at least one secure zone; a processor for executing a receiving part of a streaming application; a receiver forming a receiving part of a communications link; and a cryptographic token which is stored in the at least one secure zone; the device being configured to receive via the communications link a signal which is protected by a first cryptographic token and to process the protected signal utilizing said stored cryptographic token, to yield the input signal for rendition on the renderer device. A kit comprising a streaming device as claimed in claim 15 and at least one device as claimed in claim 18.
PCT/IB2015/055515 2014-07-21 2015-07-21 Streaming a linear broadcast to a tablet-like device WO2016012940A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
ZA2014/05357 2014-07-21
ZA201405357 2014-07-21
ZA2014/07977 2014-10-31
ZA201407977 2014-10-31

Publications (1)

Publication Number Publication Date
WO2016012940A1 true WO2016012940A1 (en) 2016-01-28

Family

ID=54197009

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2015/055515 WO2016012940A1 (en) 2014-07-21 2015-07-21 Streaming a linear broadcast to a tablet-like device

Country Status (1)

Country Link
WO (1) WO2016012940A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5473692A (en) * 1994-09-07 1995-12-05 Intel Corporation Roving software license for a hardware agent
US20030221100A1 (en) * 2002-05-24 2003-11-27 Russ Samuel H. Apparatus for entitling remote client devices
US20080307224A1 (en) * 2006-07-31 2008-12-11 Oberthur Card Systems Sa Removable Secure Portable Electronic Entity Including Means for Authorizing Deferred Retransmission

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5473692A (en) * 1994-09-07 1995-12-05 Intel Corporation Roving software license for a hardware agent
US20030221100A1 (en) * 2002-05-24 2003-11-27 Russ Samuel H. Apparatus for entitling remote client devices
US20080307224A1 (en) * 2006-07-31 2008-12-11 Oberthur Card Systems Sa Removable Secure Portable Electronic Entity Including Means for Authorizing Deferred Retransmission

Similar Documents

Publication Publication Date Title
CN101454783B (en) Systems and methods for datapath security in a system-on-a-chip device
US9479825B2 (en) Terminal based on conditional access technology
US9392318B2 (en) Receiver device with multiple decryption modes
US9344747B2 (en) Mobile payTV DRM architecture
US20140122902A1 (en) Information processing apparatus
EP2917867B1 (en) An improved implementation of robust and secure content protection in a system-on-a-chip apparatus
US11259065B2 (en) Securely paired delivery of activation codes between removable and integrated security processors
RU2016140477A (en) METHOD FOR AUTHORIZING SOFTWARE SOFTWARE IN VEHICLE AND VEHICLE
KR20140019846A (en) System and method for controlling access to protected content
CN103004219A (en) System and method to prevent manipulation of transmitted video data
WO2016105917A1 (en) Protected media decoding system supporting metadata
US11308242B2 (en) Method for protecting encrypted control word, hardware security module, main chip and terminal
EP3560212B1 (en) Securing transmission of content from a smart card in a host television receiver to a client television receiver
KR102100456B1 (en) Method and apparatus for drm service in an electronic device
EP3317798B1 (en) Decrypting and decoding media assets through a secure data path
KR101280740B1 (en) Method to secure access to audio/video content in a decoding unit
US8306222B2 (en) Removable secure portable electronic entity including means for authorizing deferred retransmission
WO2016012940A1 (en) Streaming a linear broadcast to a tablet-like device
DE102014203050B4 (en) Mobile pay-TV-DRM architecture
KR100837430B1 (en) Broadcasting receive apparatus and security method thereof
KR20120064764A (en) Integrated processor device of remote entitlement processing module
CN201967025U (en) Digital broadcast television receiving system with content protective function
JP4476756B2 (en) Tuner card, host device and receiving device
KR20160038164A (en) PayTV management method using UHD TV feature and Gateway thereof
GB2528038A (en) A standard compatible television distribution system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15770642

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15770642

Country of ref document: EP

Kind code of ref document: A1