Preventing the use of modified receiver firmware in receivers of a conditional access system

US 9,077,854 B2
Filed: 02/02/2011
Issued: 07/07/2015
Est. Priority Date: 02/03/2010
Status: Active Grant

First Claim

Patent Images

1. A receiver comprising:

a firmware memory;

an input configured to receive a challenge and a control word encrypted using a first response that corresponds to the challenge, the challenge being indicative of one or more locations in the firmware memory;

a data reading module configured to read data from the one or more locations in the firmware memory, the data forming a second response to the challenge;

a decrypter configured to decrypt the encrypted control word using the second response to the challenge as a key, to obtain a first control word for descrambling first scrambled content; and

a descrambler configured to descramble the first scrambled content using the first control word to obtain first descrambled content.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention enables the shared secret, which is used for encrypting the communication of CWs from a smartcard to a receiver, to cover at least a part of a binary image of firmware that is executing in the receiver. Preferably the shared secret covers the entire binary image of the firmware. Hereto, data from one or more predefined firmware memory locations are read, the set of data forming the shared secret.

6 Citations

View as Search Results

22 Claims

1. A receiver comprising:
- a firmware memory;
  
  an input configured to receive a challenge and a control word encrypted using a first response that corresponds to the challenge, the challenge being indicative of one or more locations in the firmware memory;
  
  a data reading module configured to read data from the one or more locations in the firmware memory, the data forming a second response to the challenge;
  
  a decrypter configured to decrypt the encrypted control word using the second response to the challenge as a key, to obtain a first control word for descrambling first scrambled content; and
  
  a descrambler configured to descramble the first scrambled content using the first control word to obtain first descrambled content.
- View Dependent Claims (2, 16, 17, 19, 20)
- - 2. The receiver according to claim 1, wherein the input is further configured to receive a further challenge and the receiver is configured to calculate a response to the further challenge using the second response and the further challenge.
  - 16. The receiver according to claim 1, comprising:
    - a transmitter for transmitting, to a smartcard, a pair of the challenge and the first response to the challenge.
  - 17. The receiver according to claim 1, comprising:
    - a transmitter for transmitting, to a smartcard, the challenge and a plurality of responses to the challenge, the plurality of responses associating with a plurality of receiver, respectively.
  - 19. The receiver of claim 2, wherein the decrypter is configured to decrypt a second encrypted control word using the response to the further challenge to obtain a second control word.
  - 20. The receiver of claim 19, wherein the descrambler is configured to descramble second scrambled content using the second control word to obtain second descrambled content.

3. A smartcard comprising:
- a key memory configured to store a first key and a second key;
  
  a first decrypter configured to decrypt one or more encrypted challenge-response pairs using the second key from the key memory to obtain one or more decrypted challenge-response pairs, each of the one or more challenge-response pairs including a challenge and a response to the challenge;
  
  a memory configured to store the one or more challenge-response pairs;
  
  a second decrypter configured to decrypt an encrypted control word using the first key from the key memory to obtain a control word for descrambling content;
  
  an encrypter configured to encrypt the control word by selecting and using a first response of one of the challenge-response pairs stored in the memory to obtain a re-encrypted control word,wherein the smartcard is configured to transmit the re-encrypted control word and the challenge of the one of the challenge-response pairs to a receiver,and wherein the challenge of the one of the challenge-response pairs is indicative of one or more locations in a firmware memory of the receiver, data in the one or more locations in the firmware memory of the receiver forming a key for use by the receiver to decrypt the re-encrypted control word.
- View Dependent Claims (6)
- - 6. The smartcard according to claim 3, further configured to receive identification data from the receiver, wherein the response is linked to a particular identification data, and wherein the memory is configured to store only the challenge-response pairs for which the particular identification data matches the received identification data.

4. A smartcard comprising:
- a key memory configured to store a key;
  
  a decrypter configured to decrypt an encrypted control word, an encrypted challenge and two or more encrypted responses using the key from the key memory to obtain a control word, a challenge and two or more responses to the challenge, respectively, wherein each response forms a challenge-response pair with the challenge for a particular receiver;
  
  an encrypter configured to encrypt the control word by selecting and using a first response of one of the challenge-response pairs to obtain a re-encrypted control word, wherein the smartcard is configured to transmit the re-encrypted control word and the challenge of the one of the challenge-response pairs to a receiver, andwherein the challenge of the one of the challenge-response pairs is indicative of one or more locations in a firmware memory of the receiver, data in the one or more locations in the firmware memory of the receiver forming a key for use by the receiver to decrypt the re-encrypted control word.
- View Dependent Claims (5, 18)
- - 5. The smartcard according to claim 4, further comprising a memory configured to store one or more of the challenge-response pairs.
  - 18. The smartcard according to claim 4, wherein the smartcard receives the encrypted challenge and the two or more encrypted responses for two or more receivers, and selects the response for encryption of the control word.

7. A head-end system comprising:
- a memory configured to store a copy of a firmware memory of a first receiver, wherein the first receiver comprises;
  
  the firmware memory;
  
  an input configured to receive a challenge and a control word encrypted using a first response that corresponds to the challenge, the challenge being indicative of one or more locations in the firmware memory;
  
  a data reading module configured to read data from the one or more locations in the firmware memory, the data forming a second response to the challenge;
  
  a decrypter configured to decrypt the encrypted control word using the second response to the challenge as a key, to obtain a first control word for descrambling first scrambled content; and
  
  a descrambler configured to descramble the first scrambled content using the first control word to obtain first descrambled content;
  
  wherein the first receiver is configured to communicate with a smartcard that comprises;
  
  a key memory configured to store a first key and a second key;
  
  a first decrypter configured to decrypt one or more encrypted challenge-response pairs using the second key from the key memory to obtain one or more decrypted challenge-response pairs, each of the one or more challenge-response pairs including a challenge and a response to the challenge;
  
  a memory configured to store the one or more challenge-response pairs;
  
  a second decrypter configured to decrypt an encrypted control word using the first key from the key memory to obtain a control word for descrambling content; and
  
  an encrypter configured to encrypt the control word by selecting and using a first response of one of the challenge-response pairs stored in the memory to obtain a re-encrypted control word, wherein the smartcard is configured to transmit the re-encrypted control word and the challenge of the one of the challenge-response pairs to the first receiver;
  
  wherein the head-end system is configured to;
  
  select one or more locations in the firmware memory of the receiver;
  
  generate a challenge-response pair comprising the challenge indicative of the one or more locations in the firmware memory and the first response; and
  
  encrypt the challenge-response pair and transmit the encrypted challenge-response pair to the smartcard.
- View Dependent Claims (8, 9)
- - 8. The head-end system according to claim 7, wherein the encrypted challenge-response pair is transmitted in an entitlement management message and wherein the head-end system is configured to transmit an encrypted control word to the smartcard in an entitlement control message.
  - 9. The head-end system according to claim 7, wherein the encrypted challenge-response pair is transmitted in an entitlement control message and wherein the entitlement control message further comprises an encrypted control word.

10. A conditional access system comprising a first receiver that is communicatively directly connected to a smartcard, wherein the first receiver comprises:
- a firmware memory;
  
  an input configured to receive a challenge and a control word encrypted using a first response that corresponds to the challenge, the challenge being indicative of one or more locations in the firmware memory;
  
  a data reading module configured to read data from the one or more locations in the firmware memory, the data forming a second response to the challenge;
  
  a decrypter configured to decrypt the encrypted control word using the second response to the challenge as a key, to obtain a first control word for descrambling first scrambled content; and
  
  a descrambler configured to descramble the first scrambled content using the first control word to obtain first descrambled content;
  
  wherein the smartcard comprises;
  
  a key memory configured to store a first key and a second key;
  
  a first decrypter configured to decrypt one or more encrypted challenge-response pairs using the second key from the key memory to obtain one or more decrypted challenge-response pairs, each of the one or more challenge-response pairs including a challenge and a response to the challenge;
  
  a memory configured to store the one or more challenge-response pairs;
  
  a second decrypter configured to decrypt an encrypted control word using the first key from the key memory to obtain a control word for descrambling content; and
  
  an encrypter configured to encrypt the control word by selecting and using a first response of one of the challenge-response pairs stored in the memory to obtain a re-encrypted control word, wherein the smartcard is configured to transmit the re-encrypted control word and the challenge of the one of the challenge-response pairs to the first receiver;
  
  wherein the conditional access system further comprises a further receiver that is communicatively connected to the first receiver via a network, wherein the further receiver uses the smartcard to obtain a control word for descrambling scrambled content in the further receiver.
- View Dependent Claims (11)
- - 11. The conditional access system according to claim 10, further comprising a head-end system, wherein the head-end system comprising a memory configured to store a copy of the firmware memory of the first receiver and wherein the head-end system is configured to:
    - select one or more locations in the firmware memory of the first receiver;
      
      generate a challenge-response pair comprising the challenge indicative of the one or more locations in the firmware memory and the first response; and
      
      encrypt the challenge-response pair and transmit the encrypted challenge-response pair to the smartcard.

12. A method in a receiver comprising:
- receiving a challenge and a control word encrypted using a first response that corresponds to the challenge, the challenge indicative of one or more locations in a firmware memory of the receiver;
  
  reading data from the one or more locations in the firmware memory, the data forming a second response to the challenge;
  
  decrypting the encrypted control word using the second response to the challenge as a key, to obtain a first control word for descrambling first scrambled content; and
  
  descrambling the first scrambled content using the first control word to obtain first descrambled content.
- View Dependent Claims (13, 21, 22)
- - 13. The method according to claim 12, further comprising:
    - receiving a further challenge;
      
      calculating a response to the further challenge using the second response and the further challenge.
  - 21. The method according to claim 13, comprising decrypting a second encrypted control word using the response to the further challenge to obtain a second control word.
  - 22. The method according to claim 21, comprising descrambling second scrambled content using the second control word to obtain second descrambled content.

14. A method in a smartcard comprising:
- decrypting one or more encrypted challenge-response pairs using a second key to obtain one or more decrypted challenge-response pairs, each of the one or more decrypted challenge-response pairs including a challenge and a response to the challenge;
  
  storing the one or more challenge-response pairs in a memory;
  
  decrypting an encrypted control word using a first key to obtain a control word for descrambling content;
  
  selecting a response of one of the challenge-response pairs stored in the memory and encrypting the control word using a first response of the one of the challenge-response pairs stored in the memory to obtain a re-encrypted control word; and
  
  transmitting the re-encrypted control word and the challenge of the one of the challenge-response pairs to a receiver,wherein the challenge of the one of the challenge-response pairs is indicative of one or more locations in a firmware memory of the receiver, data in the one or more locations in the firmware memory of the receiver forming a key for use by the receiver to decrypt the re-encrypted control word.

15. A method in a smartcard comprising:
- decrypting an encrypted control word, an encrypted challenge and two or more encrypted responses using a key to obtain a control word, a challenge and two or more responses to the challenge, respectively, wherein each response forms a challenge-response pair with the challenge for a particular receiver;
  
  selecting a response of one of the challenge response pairs stored in the memory and encrypting the control word using a first response of the one of the challenge-response pairs to obtain a re-encrypted control word; and
  
  transmitting the re-encrypted control word and the challenge of the one of the challenge-response pairs to a receiver,wherein the challenge of the one of the challenge response pairs is indicative of one or more locations in a firmware memory of the receiver, data in the one or more locations in the firmware memory of the receiver forming a key for use by the receiver to decrypt the encrypted control word.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Irdeto B.V. (MultiChoice Group Ltd.)
Original Assignee
Irdeto B.V. (MultiChoice Group Ltd.)
Inventors
Dekker, Gerard Johan
Primary Examiner(s)
Nalven, Andrew
Assistant Examiner(s)
FIELDS, COURTNEY D

Application Number

US13/019,677
Publication Number

US 20110191589A1
Time in Patent Office

1,616 Days
Field of Search

713/172, 713/165, 380/241, 380/277, 380/212, 380/239, 726/19
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04N 21/25808   Management of client data t...

H04N 21/26606   for generating or managing ...

H04N 21/4181   for conditional access

H04N 21/4367   Establishing a secure commu...

H04N 21/4623   Processing of entitlement m...

H04N 21/8166   involving executable data, ...

H04N 7/163   by receiver means only

Preventing the use of modified receiver firmware in receivers of a conditional access system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing the use of modified receiver firmware in receivers of a conditional access system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links