Secure conditional access port interface

-

An apparatus and method thereof for providing a secure path for a digital signal in an intelligent transceiver such as a bi-directional set-top box. A digital signal (e.g., a broadcast signal or a signal received via a cable modem) is received by the intelligent transceiver at a front-end device (comprising, for example, a tuner). The digital signal is descrambled (if it is scrambled) and encrypted (if it is not encrypted) by a first functional block (e.g., an interface card or point of deployment) coupled to the front-end device. Coupled to the front-end device via the first functional block is a second functional block for processing (e.g., decoding) audio and/or visual content within the digital signal. Integrated into the second functional block is a decryption engine for decrypting encrypted signals. Signals from the front-end device are received via the first functional block by the decryption engine integral to the second functional block. There are no points between the first functional block and the decryption engine and between the decryption engine and the second functional block at which a descrambled and decrypted signal can be intercepted, thus providing a secure interface between the front-end device and the second functional block.

Skip to: Description  ·  Claims  · Patent History  ·  Patent History
Description
CROSS-REFERENCE TO RELATED APPLICATIONS

This is a continuation of U.S. patent application Ser. No. 09/538,568 filed March 29, 2000.

BACKGROUND OF THE INVENTION

Digital broadcast systems include direct broadcast digital satellite systems, interactive World Wide Web (“Web”) access systems, and digital cable systems. Digital broadcasting provides a number of advantages to subscribers, such as variety and flexibility of programming, useful and comprehensive support services (such as detailed electronic programming guides), and superior audio and video quality.

The Conditional Access (CA) function of a digital broadcast system allows selective access, for a fee, to premium services such as pay-per-view movies and events. The producers of the movies, events, etc., require that access to the premium services be controlled in order to protect their commercial interests as well as to enforce copyrights and protect copyright ownership. The digital broadcast system operators (also referred to as Multiple System Operators, MSOs) also have a commercial interest in limiting access to these premium services to authorized users only.

Subscribers receive digital broadcasts (including satellite, cable and Web broadcasts) via set-top boxes or other similar consumer electronic equipment located in the subscriber's home. With a bi-directional set-top box, in addition to receiving broadcasts, a subscriber can transmit messages to the MSO. Using the bi-directional set-top box (generally, a “transceiver” or “intelligent transceiver”), the subscriber selects a premium service, and the subscriber's selection as well as information needed for billing purposes is transmitted to the MSO. In a common implementation, a “smart card” stores the information needed for billing, and on a periodic basis (perhaps once per month) an automatic connection is made between the transceiver and the MSO so that the billing information can be transmitted to the MSO.

Digital broadcast content is vulnerable to unauthorized use and duplication (“pirating”) while it is being broadcast, or after it has been received and is being processed. For example, during broadcast, the signal could be intercepted and displayed (or duplicated and rebroadcast) using a transceiver not provided by the MSO. On the other hand, even when a transceiver provided by the MSO is used, the signal could be diverted within the transceiver so that the smart card is bypassed. In either case, copyrights are circumvented. In addition, the MSO is unaware of the unauthorized use and so does not have the information needed to collect the fees it is owed.

To prevent unauthorized use, MSOs typically broadcast a scrambled signal. The signal is descrambled in the transceiver using a key provided by the MSO in the smart card. Once descrambled, the signal is encrypted in the transceiver. However, even when such security measures are employed in an attempt to prevent pirating, sophisticated methods are available to circumvent them.

Prior Art FIG. 1 is a block diagram showing some of the elements in one embodiment of a prior art transceiver (e.g., a set-top box) (for clarity, not all of the elements of the set-top box are shown). Front-end unit 20 of the set-top box comprises a tuner (not shown), as well as other devices known in the art, for receiving a digital broadcast signal 90. Coupled to front-end unit 20 is point of deployment (POD) 10. POD 10 typically is adapted to receive a smart card (not shown) that, as described above, can be used to provide billing information to the MSO. The smart card also typically contains a key provided by the MSO that is used to descramble digital broadcast signal 90. POD 10 includes a descrambling/encryption unit 40 that uses the key provided by the MSO to descramble broadcast signal 90 (if the signal is scrambled). Descrambling/ encryption unit 40 also encrypts the signal (if the signal is not encrypted). It is appreciated that, in other prior art embodiments, descrambling/encryption unit 40 may consist of separate elements, one for descrambling and one for encrypting.

Front-end unit 20 also includes decryption unit 50 for decrypting an encrypted broadcast signal before the signal is sent to audio/visual (A/V) decoder 30. A/V decoder 30 is used for demultiplexing the signal and for decoding, for example, MPEG (Moving Picture Experts Group) video signals and/or Dolby AC3 audio signals.

Thus, in this prior art embodiment, digital broadcast signal 90 is received by the set-top box at front-end unit 20 and forwarded to POD 10. Broadcast signal 90 is descrambled by descrambling/encryption unit 40. Once descrambled, broadcast signal 90 is encrypted to prevent unauthorized duplication. Further downstream in the set-top box, broadcast signal 90 is decrypted using decryption unit 50 so that it can be decoded (e.g., MPEG or AC3 decoding) in AN decoder 30, and subsequently processed so that it can be viewed and/or listened to by an authorized subscriber.

A problem with this prior art embodiment is that, between decryption unit 50 and AN decoder 30, broadcast signal 90 is transmitted in the clear at point 12 (that is, it is not scrambled nor is it encrypted at this point). Thus, at point 12, broadcast signal 90 can be intercepted and duplicated. As a digital signal, it is possible to make near perfect copies which can be readily distributed to unauthorized parties (e.g., rebroadcast via the Internet, copied onto a compact disk, etc.). While the MSO may receive payment for a one-time use, subsequent use by unauthorized users is made without proper compensation to the MSO or the copyright owners.

Prior Art FIG. 2 illustrates some of the elements in another embodiment of a prior art set-top box (for clarity, not all of the elements are shown). Front-end unit 120, descrambling/encryption unit 140, POD 110, decryption unit 150, and A/V decoder 130 each function in a manner as described above in conjunction with FIG. 1. In this embodiment, decryption unit 150 is moved out of front-end unit 120 and closer to AN decoder 130. Even so, there still remains a point 14 at which broadcast signal 190 is transmitted in the clear and can be intercepted by an unauthorized user.

Thus, the prior art is problematic because the descrambled and decrypted signal that is output from the decryption unit may be intercepted and pirated by an unauthorized user between the front-end device and the functional block (e.g., the A/V decoder).

SUMMARY OF THE INVENTION

Accordingly, what is needed is an apparatus and/or method that can prevent pirating of a descrambled and decrypted digital signal between a front-end device and a subsequent functional block (e.g., an audio/video decoding block). What is also needed is an apparatus and/or method that can address the above need and that can be implemented in a transceiver (e.g., a set-top box) used in a digital broadcast system.

The present invention includes an apparatus and method thereof that satisfy the above needs. These and other advantages of the present invention not specifically mentioned above will become clear within discussions of the present invention presented herein.

The present invention pertains to an apparatus and method thereof for providing a secure path for a digital signal in, for example, an intelligent transceiver such as a bi-directional set-top box. In the present embodiment, the present invention comprises an integrated circuit device with a functional block and a decryption engine integrated therein. The integrated circuit device (specifically, the decryption engine) receives an encrypted digital signal. The decryption engine is configured to decrypt the encrypted digital signal and to supply the decrypted digital signal to the functional block. There is not a point between the decryption engine and the functional block at which the digital signal is in the clear (e.g., descrambled and decrypted) and is externally accessible, thereby providing a physically secure interface between the integrated circuit device and the functional block.

In one embodiment, a digital signal is received by an intelligent transceiver at a front-end device (comprising, for example, a tuner). The digital signal is descrambled (if it is scrambled) and encrypted (if it is not encrypted) by a first functional block (e.g., an interface card or point of deployment) coupled to the front-end device. Coupled to the front-end device via the first functional block is a second functional block used for processing (e.g., decoding) audio and/or visual (A/V) content within the digital signal. Integrated into the second functional block is a decryption engine used for decrypting encrypted signals. Digital signals from the front-end device are received via the interface card (or point of deployment) by the decryption engine integral to the A/V decode block. There are no points between the interface card (point of deployment) and the decryption engine nor between the decryption engine and the A/V decode block at which a descrambled and decrypted signal can be intercepted, thus providing a secure interface between the front-end device and the A/V decode block.

In one embodiment, the digital signal is an audio/visual media signal delivered to the intelligent transceiver using, for example, a terrestrial line (e.g., a cable system), the World Wide Web (e.g., a connection to the Internet), or a wireless transmission (e.g., a satellite broadcast).

In one embodiment, the encrypted signal is encrypted using an encryption routine compliant with the Data Encryption Standard Electronic Code Book (DES ECB).

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the present invention are illustrated by way of example and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:

FIG. 1 shows a block diagram showing one embodiment of a prior art set-top box according to the conventional art.

FIG. 2 shows a block diagram showing another embodiment of a prior art set-top box according to the conventional art.

FIG. 3A shows a block diagram of one embodiment of an intelligent transceiver upon which embodiments of the present invention may be practiced.

FIG. 3B shows a block diagram of another embodiment of an intelligent transceiver upon which embodiments of the present invention may be practiced.

FIG. 3C shows a perspective illustration of one embodiment of an intelligent transceiver upon which embodiments of the present invention may be practiced.

FIG. 3D shows a perspective illustration of another embodiment of an intelligent transceiver upon which embodiments of the present invention may be practiced.

FIG. 4 shows a block diagram of one embodiment of an intelligent transceiver in accordance with the present invention.

FIG. 5 shows a flowchart of the steps in a process for providing a secure path for a data signal in accordance with one embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

In the following detailed description of the present invention, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will be recognized by one skilled in the art that the present invention may be practiced without these specific details or with equivalents thereof. In other instances, well known methods, procedures, components, and circuits have not been described in detail as not to unnecessarily obscure aspects of the present invention.

Some portions of the detailed descriptions which follow are presented in terms of procedures, logic blocks, processing, and other symbolic representations of operations on data bits within an intelligent electronic media device. These descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. A procedure, logic block, process, etc., is herein, and generally, conceived to be a self-consistent sequence of steps or instructions leading to a desired result. The steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these physical manipulations take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated in a consumer electronic media device. For reasons of convenience, and with reference to common usage, these signals are referred to as bits, values, elements, symbols, characters, terms, numbers, or the like with reference to the present invention.

It should be borne in mind, however, that all of these terms are to be interpreted as referencing physical manipulations and quantities and are merely convenient labels and are to be interpreted further in view of terms commonly used in the art. Unless specifically stated otherwise as apparent from the following discussions, it is understood that throughout discussions of the present invention, discussions utilizing terms such as “receiving” or “encrypting” or “decrypting” or “descrambling” or “decoding” or the like, refer to the action and processes (e.g., process 500 of FIG. 5) of an electronic device such as a microcontroller or similar electronic computing device (e.g., dedicated or embedded computer system) that manipulates and transforms data. The data are represented as physical (electronic) quantities within the electronic device's registers and memories and is transformed into other data similarly represented as physical quantities within the electronic device memories or registers or other such information storage, transmission, or display screens.

The present invention is described in the context of an intelligent transceiver (e.g., a set-top box) that can be used as part of a digital broadcast system. However, it is appreciated that the present invention may be utilized in other types of devices including consumer electronic devices where it may be necessary to decrypt and encrypt a digital signal.

FIG. 3A is a block diagram of one embodiment of an intelligent transceiver 300 (e.g., a set-top box) upon which embodiments of the present invention may be practiced. Intelligent transceiver 300 receives digital broadcast signal 370 from a digital broadcaster (not shown). Digital broadcast signal 370 is a media signal comprising audio and video content. Digital broadcast signal 370 can be delivered to intelligent transceiver 300 using any of the various mechanisms currently in use or envisioned, such as a terrestrial line (e.g., a cable system), the World Wide Web (e.g., a connection to the Internet), or a wireless transmission (e.g., a satellite broadcast). In accordance with the present invention, a number of different digital broadcast signal formats in use or envisioned can be used, such as the Advanced Television Systems Committee (ATSC) digital television format.

In the present embodiment, intelligent transceiver 300 includes front-end block 310 coupled to bus 305, conditional access block 330 coupled to front-end block 310 and bus 305, audio/video (A/V) decode block 340 coupled to conditional access block 330 and bus 305, graphics block 350 coupled to A/V decode block 340 and bus 305, and central processing unit 360 coupled to bus 305. Conditional access block 330, also referred to as a point of deployment (POD) or an interface card, is adapted to receive smart card 325.

Bus 305 is an internal address/data bus for communicating digital information between the functional blocks of intelligent transceiver 300. In the present embodiment, front-end block 310 contains one or more tuners for receiving digital broadcast signal 370. For example, in one embodiment, front-end block 310 can contain a tuner for receiving a wireless transmission (e.g., a satellite broadcast) and another tuner for receiving a cable transmission. Front-end block 310 can also include a device (e.g., a modem) that allows a telephone or digital subscriber line (DSL) connection to be made to the World Wide Web so that a broadcast signal can be received via the Internet.

In the present embodiment, central processing unit 360 contains a processor (not shown) for processing information and instructions. Central processing unit 360 also may contain random access memory, read only memory, one or more caches, a flash memory and the like (not shown) for storing information and instructions.

Smart card 325 stores information needed by a cable system operator or digital broadcast system operator (e.g., a Multiple System Operator, MSO) in order to bill a subscriber for services used by the subscriber (for example, the viewing of a pay-per-view movie or event). Typically, smart card 325 also includes a key that is used to descramble digital broadcast signal 370 (if the signal is scrambled). In the present embodiment, smart card 325 is inserted into conditional access block 330; however, it is appreciated that in other embodiments smart card 325 may be coupled in a -different manner to intelligent transceiver 300 (for example, it may be inserted into either front-end block 310 or A/V decode block 340). Using the key from smart card 325, conditional access block 330 descrambles digital broadcast signal 370.

Because digital broadcast signal 370 has been descrambled, the signal must be encrypted in order to prevent its unauthorized use and duplication. In the present embodiment, conditional access block 330 contains an encryption engine (not shown) that encrypts digital broadcast signal 370. In one embodiment, the encryption engine uses a well-known DES ECB (Data Encryption Standard Electronic Code Book) encryption routine and a key length of 56 bits. However, it is appreciated that other well-known and commercially available encryption routines and different key lengths may be used in accordance with the present invention. It is further appreciated the encryption engine may be incorporated elsewhere in intelligent transceiver 300, such as in front-end block 310.

In accordance with the present invention, A/V decode block 340 is an integrated circuit device comprising a functional block and a decryption engine 345 integrated therein. Decryption engine 345 is integral with A/V decode block 340 (that is, as a single integrated circuit, or “chip”) and coupled to front-end block 310 via conditional access block 330. In the present embodiment, the link between conditional access block 330 and A/V decode block 340 (specifically, decryption engine 345) is separate from bus 305; that is, there is a direct connection between conditional access block 330 and decryption engine 345 that bypasses bus 305.

Decryption engine 345 decrypts an encrypted signal (e.g., digital broadcast signal 370) received by A/V decode block 340. The output of decryption engine 345 is a decrypted digital signal that is “in the clear.” The signal in the clear is transmitted within A/V decode block 340 for decoding. The signal in the clear is never transmitted outside the physical block comprising A/V decode block 340 and decryption engine 345.

Thus, there is not a point for intercepting a signal that is in the clear (e.g., a decrypted and descrambled signal) between conditional access block 330 and decryption engine 345, nor is there a point between decryption engine 345 and AN decode block 340 where an in-the-clear signal can be externally accessed and intercepted. Therefore, the present invention provides a secure interface between conditional access block 330 and decryption engine 345 and also between decryption engine 345 and AN decode block 340, and thus between front-end block 310 and AN decode block 340. As such, the present invention can prevent pirating of a descrambled and decrypted digital signal.

In the present embodiment, AN decode block 340 receives encrypted digital broadcast signal 370 from conditional access block 330, decrypts the signal using decryption engine 345, and decodes the video content and the audio content of digital broadcast signal 370. In the present embodiment, an MPEG (Moving Pictures Experts Group) video decoder and an AC3 (Digital Dolby) audio decoder are used; however, it is appreciated that other video or audio decoders can be used in accordance with the present invention. In addition, in one embodiment, AN decode block 340 is capable of handling video and audio analog signals.

The inputs to graphics block 350 are the decoded video and audio digital signals from AN decode block 340. In one embodiment, graphics block 350 also receives external audio and video analog inputs. Graphics block 350 processes the audio and video information and provides the output to, for example, a television set or a computer system (not shown) where it can be viewed and listened to.

FIG. 3B is a block diagram of another embodiment of intelligent transceiver 300 upon which embodiments of the present invention may be practiced. In this embodiment, point of deployment (POD) 320 is separate from conditional access block 330, and smart card 325 is plugged into POD 320 instead of conditional access block 330. Smart card 325 contains a key for descrambling digital broadcast signal 370, and this key is used by POD 320 to descramble digital broadcast signal 370. POD 320 also encrypts digital broadcast signal 370 using an encryption engine (not shown). Although POD 320 is separate from conditional access block 330 in this embodiment, conditional access block 330 can still exist in intelligent transceiver 300.

FIG. 3C is an illustration of the embodiment of intelligent transceiver 300 of FIG. 3B, upon which embodiments of the present invention may be practiced. In this embodiment, smart card 325 is inserted into POD 320, which is inserted into slot 390. Digital broadcast signal 370 is received by intelligent transceiver 300 and forwarded to POD 320, where it is descrambled and encrypted using a key provided by smart card 325. Subsequently, the digital signal is decrypted and the audio and visual content are decoded and processed by intelligent transceiver 300 as described above, and the result (output 380) is sent to, for example, a television (not shown) or similar device.

FIG. 3D is an illustration of the embodiment of intelligent transceiver 300 of FIG. 3A, upon which embodiments of the present invention may be practiced. In this embodiment, smart card 325 is inserted into an interface card (e.g., conditional access block 330 of FIG. 3A) which is built into intelligent transceiver 300. Digital broadcast signal 370 is received by intelligent transceiver 300 and forwarded to conditional access block 330, where it is descrambled and encrypted using a key provided by smart card 325. Subsequently, the digital signal is decrypted and the audio and visual content are decoded and processed by intelligent transceiver 300 as described above, and the result (output 380) is sent to, for example, a television (not shown) or similar device.

FIG. 4 is a block diagram of an intelligent transceiver 400 (e.g., a bi-directional set-top box) showing additional details of the embodiments illustrated by FIGS. 3A and 3B. Table 1 is a list of the various elements and acronyms contained in FIG. 4.

TABLE 1 Elements and Acronyms of Intelligent Transceiver Embodied in FIG. 4 AVDAC Audio Video Digital-to-Analog Converter BTSC Broadcast Television Systems Committee D-Cache Data Cache DAVIC Digital Audio Visual Council DOCSIS Data Over Cable Service Interface Specification DSM Diplexer, Splitter Module DSP Digital Signal Processor DVD Digital Video Disk FAT Forward Application Tuner FPU Floating Point Unit I/F Interface IDCT Inverse Discrete Cosine Transform Inst. Cache Instruction Cache Int. Cont. Interrupt Controller MAC Media Access Control MC Motion Compensation MCNS Multiple Cable Network System MIDI Musical Instrument Digital Interface MP@ML Main Profile at Main Level OOB Out of Band PCI Peripheral Component Interconnect PCM Pulse Coded Modulation PLL Phase Locked Loop QPSK Quadrature Phase Shift Keying QPSKQAM QPSK Quadrature Amplitude Modulation RTC Real Time Clock SLIC Serial Line Internet Connection UART Universal Asynchronous Receiver-Transmitter VBI Vertical Blanking Interval VIF/SIF Video Intermediate Frequency/ Sound Intermediate Frequency

With reference to FIG. 4, in the present embodiment, front-end block 310 receives a scrambled digital broadcast signal (e.g., digital broadcast signal 370 of FIGS. 3A and 3B) from a digital broadcaster via in-band tuner 401, OOB tuner 402 and/or MCNS FAT tuner 403. Smart card 325 includes a key to descramble the digital broadcast signal. It is appreciated that FIG. 4 shows, in a combined form, both of the embodiments illustrated by FIGS. 3A and 3B. In the case of the embodiment illustrated by FIG. 3A, smart card 325 is inserted into conditional access block 330, and conditional access block 330 descrambles and encrypts the digital broadcast signal. In the case of the embodiment illustrated by FIG. 3B, smart card 325 is plugged into POD 320. In this latter embodiment, the descrambling and encrypting functions are performed in POD 320, and so these functions are bypassed in conditional access block 330.

Continuing with reference to FIG. 4, the encrypted digital signal is delivered to AN decode block 340 via conditional access block 330. In the present embodiment of the present invention, decryption engine 345 is integrated into demultiplexer (“demux”) 410, which is itself integrated into A/V decode block 340. Decryption engine 345 contains an decryption engine for decrypting digital broadcast signal 370. Decryption engine 345 is integral with AN decode block 340 and is coupled to front-end block 310 via conditional access block 330. Decryption engine 345 decrypts an encrypted signal (e.g., digital broadcast signal 370) received by A/V decode block 340 via conditional access block 330. The in-the-clear signal is immediately transmitted within the integrated circuit of A/V decode block 340 for decoding. The in-the-clear signal is never transmitted outside the physical block comprising A/V decode block 340 and decryption engine 345. In the present embodiment, decryption engine 345 provides the interface between A/V decode block 340 and conditional access block 330. It is appreciated that in other embodiments integrated circuit 345 may be integrated into AN decode block 340 in some different manner (that is, in a location other than demux 410) while still providing the interface with conditional access block 330.

As explained above, in accordance with the present invention, there is not a point for intercepting an in-the-clear signal (e.g., a decrypted and descrambled signal) between conditional access block 330 and decryption engine 345, nor between decryption engine 345 and AN decode block 340. Therefore, the present invention provides a secure interface between conditional access block 330 and decryption engine 345 and between decryption engine 345 and A/V decode block 340, and thus between front-end block 310 and A/V decode block 340.

Continuing with reference to FIG. 4, in the present embodiment, A/V decode block 340 includes an MPEG decoder (e.g., MP@ML DEC block 411) and an audio decoder (e.g., AC-3 block 412) to decode the video and audio content of digital broadcast signal 370. Graphics block 350 processes the audio and video information received from A/V decode block 340. Central processing unit 360 contains a processor (e.g., CPU core 430) and memory (e.g., instruction cache 420) for processing information and instructions used by intelligent transceiver 400.

FIG. 5 is a flowchart of the steps in a process 500 for providing a secure interface for a data signal in accordance with one embodiment of the present invention. With reference also to FIG. 4, in the present embodiment, process 500 is implemented as program instructions that are stored in memory (e.g., instruction cache 420) and executed by a processor (e.g., CPU core 430) of intelligent transceiver 400. It is appreciated that process 500 may be utilized in other types of devices, including consumer electronic devices, where it may be necessary to decrypt and encrypt a digital signal.

In step 505 of FIG. 5, with reference also to FIGS. 3A and 3B, a digital broadcast signal (e.g., digital broadcast signal 370) is received by intelligent transceiver 300. In the present embodiment, digital broadcast signal 370 is received by front-end block 310. Typically, digital broadcast signal 370 is scrambled but not encrypted when it is received by intelligent transceiver 300.

In step 510, in the present embodiment, digital broadcast signal 370 is sent from front-end block 310 to a first functional block, where the signal is descrambled. In the embodiment of FIG. 3A, digital broadcast signal 370 is sent from front-end block 310 to conditional access block 330. In the embodiment of FIG. 3B, digital broadcast signal 370 is sent from front-end block 310 to POD 320. Depending on the embodiment, a smart card (e.g., smart card 325) is coupled to conditional access block 330 or POD 320. Smart card 325 contains a key that is used to descramble digital broadcast signal 370.

In step 515, in the present embodiment, digital broadcast signal 370 is encrypted. In the embodiment of FIG. 3A, conditional access block 330 contains an encryption engine that is used to encrypt digital broadcast signal 370. In the embodiment of FIG. 3B, POD 320 contains an encryption engine that is used to encrypt digital broadcast signal 370. In one embodiment, the encryption engine uses a well-known DES ECB encryption routine and a key length of 56 bits. However, it is appreciated that other encryption routines and different key lengths may be used in accordance with the present invention.

In step 520 of FIG. 5, in the present embodiment, digital broadcast signal 370 (now descrambled and encrypted) is sent from the first functional block (e.g., either conditional access block 330 of FIG. 3A or POD 320 of FIG. 3B) to decryption engine 345 (FIGS. 3A and 3B), which is integral with a second functional block (e.g., A/V decode block 340 of FIGS. 3A and 3B). In the embodiment of FIG. 3B, digital broadcast signal 370 is sent from POD 320 to decryption engine 345 via conditional access block 330. In each of the embodiments of FIGS. 3A and 3B, the link between conditional access block 330 and decryption engine 345 is separate from bus 305; that is, there is a direct connection between conditional access block 330 and decryption engine 345 that bypasses bus 305.

In step 525 of FIG. 5, decryption engine 345 of A/V decode block 340 decrypts digital broadcast signal 370. The output of decryption engine 345 is a decrypted digital signal that is in the clear (e.g., a decrypted and descrambled signal). The signal in the clear is transmitted within A/V decode block 340 for decoding. The signal in the clear is never transmitted outside the physical block comprising A/V decode block 340 and decryption engine 345. Thus, there is not a point for intercepting a signal that is in the clear between conditional access block 330 and decryption engine 345, nor is there a point between decryption engine 345 and A/V decode block 340 where an in-the-clear signal can be externally accessed and intercepted.

In step 530, digital broadcast signal 370 (now decrypted and descrambled) is processed by A/V decode block 340. In the present embodiment, an MPEG (Moving Pictures Experts Group) video decoder and an AC3 (Digital Dolby) audio decoder are used; however, it is appreciated that other video or audio decoders can be used in accordance with the present invention. The output of AN decode block 340 is provided to graphics block 350, where additional processing of the audio and video information is performed so that it can be displayed and/or listened to on a television set, computer system, or the like.

In summary, the present invention provides an apparatus and method thereof for providing a secure path for a digital signal (e.g., digital broadcast signal 370) in, for example, an intelligent transceiver (e.g., intelligent transceiver 300 of FIGS. 3A and 3B) such as a bi-directional set-top box (e.g., intelligent transceiver 400 of FIG. 4). Because decryption engine 345 is integral with AN decode block 340 and coupled to front-end block 310 via conditional access block 330, there is not a point for intercepting a signal that is in the clear between either front-end block 310 or conditional access block 330 and decryption engine 345. In addition, because decryption engine 345 is physically integrated with A/V decode block 340, there is not a point for externally accessing and intercepting a signal that is in the clear between decryption engine 345 and A/V decode block 340. Therefore, the present invention provides a secure interface between conditional access block 330 and decryption engine 345 and between decryption engine 345 and A/V decode block 340, and thus between front-end block 310 and A/V decode block 340. As such, the present invention can prevent pirating of a descrambled and decrypted digital signal.

The preferred embodiment of the present invention, secure conditional access port interface, is thus described. While the present invention has been described in particular embodiments, it should be appreciated that the present invention should not be construed as limited by such embodiments, but rather construed according to the below claims.

Claims

1. A transceiver comprising:

a front-end unit for receiving a digital broadcast including; a tuner; a demodulator; and a descrambling/encryption unit for descrambling the received digital broadcast and encrypting the descrambled digital broadcast;
an audio/video unit, including; a demultiplexor for demultiplexing content;
a decryption engine for decrypting the encrypted digital broadcast; wherein the decrypted digital broadcast is not externally accessible.

2. The transceiver of claim 1, further comprising a point of deployment (POD), coupled to the front-end unit and the audio/video unit.

3. The transceiver of claim 2, wherein the point of deployment stores a first key used by the descrambling/encryption unit to descramble the digital broadcast.

4. The transceiver of claim 3, wherein the point of deployment stores a second key used by the descrambling/encryption unit to encrypt the digital broadcast.

5. The transceiver of claim 1, further comprising a direct connection between the front-end unit and the decryption engine in the audio/video unit for securely transferring the encrypted digital broadcast.

6. The transceiver of claim 1, wherein the audio/video unit further includes:

a first decoder, coupled to the demultiplexor, for decoding audio content contained in the decrypted digital broadcast; and
a second decoder, coupled to the demultiplexor, for decoding video content contained in the decrypted digital broadcast.

7. The transceiver of claim 6, wherein the audio content is substantially compliant with a version of the AC3 format.

8. The transceiver of claim 6, wherein the video content is substantially compliant with a version of the MPEG (moving picture experts group) format.

9. The transceiver of claim 1, wherein the encrypted digital broadcast is encrypted using an encryption routine substantially compliant with DES ECB (data encryption standard electronic code book).

10. The transceiver of claim 1, further comprising:

a processor coupled to the audio/video unit; and
a memory unit coupled to the processor.

11. A transceiver comprising:

a point of deployment (POD) for descrambling a digital signal and encrypting the descrambled digital signal; and
a decryptor/encryptor for descrambling the digital signal from the POD and re-encrypting the digital signal,
an audio/video unit for decrypting the encrypted digital signal from the decryptor/encryptor and decoding the decrypted digital signal, wherein the decrypted digital signal is protected against external access and interception.

12. The transceiver of claim 11, wherein the audio/video unit comprises an integrated circuit that includes a decryption engine and a functional block.

13. The transceiver of claim 11, wherein the point of deployment further collects and transmits billing information related to the digital signal to a service provider.

14. The transceiver of claim 11, further comprising a link for securely transmitting the encrypted digital signal from an encryption engine of the point of deployment to the decryption engine of the audio/video unit.

15. The transceiver of claim 11, further comprising a front-end unit for receiving the digital signal.

16. The transceiver of claim 15, wherein the digital signal is received from one or more systems consisting of a broadcast system, a satellite system, a cable system, a terrestrial line system, and a wireless transmission system.

17. The transceiver of claim 11, further comprising a smart card, coupled to the point of deployment, for storing the billing information and a key used for descrambling the digital signal.

18. A transceiver comprising:

a smart card for storing a key;
a descrambling unit, coupled to the smart card, for descrambling a digital media signal using the key;
an encryption engine, coupled to the descrambling unit, for encrypting the descrambled digital media signal;
an audio/video integrated circuit, coupled to the encryption unit comprising;
a decryption engine for decrypting the encrypted digital media signal; and
a functional block, coupled to the decryption engine, for processing the decrypted digital media signal.

19. The transceiver of claim 18, further comprising a conditional access block comprising the descrambling unit and the encryption unit.

20. The transceiver of claim 18, further comprising a front-end unit comprising:

a tuner, coupled to the descrambling unit, for receiving the digital media signal
the descrambling unit; and
the encryption engine.

21. The transceiver of claim 18, further comprising a link between the encryption engine and the audio/video integrated circuit for securely transmitting the encrypted digital media signal from the encryption engine to the decryption engine.

22. The transceiver of claim 18, wherein the function block comprises:

a first decoder for decoding audio content in the decrypted digital media signal; and
a second decoder for decoding video content contained in the decrypted digital media signal.

23. The transceiver of claim 18, wherein a point for intercepting the digital signal in the clear between the descrambling unit and the function block in not present.

24. The transceiver of claim 18, wherein the smart card further stores billing information.

25. A receiver comprising:

a front-end unit including; a network interface for receiving content; a unit containing a descrambler for removing network-level security and a re-scrambler for applying receiver-level security to the content;
an audio/video unit, including; a second descrambler for removing the applied receiver-level security; and a decoder to decompress the content.

26. The receiver of claim 25, where the network interface is a tuner.

27. The receiver of claim 26, where the network interface also includes a demodulator to demodulate a stream of the content.

28. The receiver of claim 25, where the network interface is a connection to the Internet.

29. The receiver of claim 28, where the connection is Ethernet.

30. The receiver of claim 25, where the descrambler that removes network-level security descrambles a stream of the content from a conditional access module that is coupled to the front-end unit.

31. The receiver of claim 25, where the descrambler that removes network-level security receives a clear stream of the content from a conditional access module that is coupled to the front-end unit.

32. The receiver of claim 31, where the conditional access module is a Point of Deployment (POD) module.

33. The receiver of claim 25, where the descrambler that removes network-level security receives keys from a smart card coupled to the front-end unit.

34. The receiver of claim 25, further comprising a direct connection between the re-scrambler in the front-end unit and the second descrambler in the audio/video unit for securely transferring the receiver-level security protected steam of the content.

35. A receiver comprising:

a conditional access module for descrambling a digital signal and for re-scrambling the descrambled digital signal to produce a copy protected digital signal; and
an audio/video unit for descrambling the copy protected digital signal to produce a digital signal in the clear and decoding digital signal in the clear, wherein the digital signal in the clear is protected against external access and interception.

36. The receiver of claim 35, wherein the conditional access module is a Point of Deployment module.

37. The receiver of claim 35, wherein the audio/video unit comprises an integrated circuit that includes a descrambler engine and a functional block.

38. The receiver of claim 37, further comprising a link for securely transmitting the copy protected digital signal from the conditional access module to the descrambler engine of the audio/video unit.

39. The receiver of claim 35, further comprising a front-end unit for receiving the digital signal.

40. The receiver of claim 39, wherein the digital signal is received from one or more systems consisting of a broadcast system, a satellite system, a cable system, a terrestrial system, and a wireless transmission system.

41. The receiver of claim 39, wherein the front-end unit comprises a connection to the Internet.

42. The receiver of claim 35, further comprising a smart card, coupled to the conditional access module, for storing the billing information and a key used for descrambling the digital signal.

43. A receiver comprising:

a smart card for storing a key;
a first descrambling engine, coupled to the smart card, for descrambling a digital media signal using the key;
a scrambler engine, coupled to the descrambling unit, for re-scrambling the descrambled digital media signal for copy protection within the receiver;
an audio/video integrated circuit, coupled to the scrambler engine comprising; a second descrambler engine for descrambling the copy protected digital media signal; and a functional block, coupled to the second descrambler engine, for processing the descrambled copy protected digital media signal.

44. The receiver of claim 43, further comprising a Point of Deployment comprising:

the first descrambling engine; and
the scrambler engine.

45. The receiver of claim 43, further comprising a front-end unit comprising:

the first descrambling engine;
the scrambler engine; and
a tuner, coupled to the first descrambling engine, for receiving the digital media signal.

46. The receiver of claim 43, further comprising a link between the scrambler engine and the audio/video integrated circuit for securely transmitting the copy protected digital media signal from the scrambler engine to the second descrambler engine.

47. The receiver of claim 43, wherein a point for intercepting the digital signal in the clear between the first descrambling engine and the function block in not present.

Patent History
Publication number: 20060182279
Type: Application
Filed: Apr 4, 2006
Publication Date: Aug 17, 2006
Applicant:
Inventors: Jun Maruo (Tokyo), Atsushi Kagami (Tokyo)
Application Number: 11/398,406
Classifications
Current U.S. Class: 380/210.000
International Classification: H04N 7/167 (20060101);