HK1151152B

HK1151152B - Partial encryption and pid mapping

Info

Publication number: HK1151152B
Application number: HK11104391.4A
Authority: HK
Inventors: L. Candelore Brant; Allan Unger Robert; Leo M. Pedlow, Jr
Original assignee: 索尼电子有限公司
Priority date: 2002-01-02
Filing date: 2011-05-03
Publication date: 2012-11-16

Description

Partial encryption and PID mapping

The present application is a divisional application entitled Partial Encryption and PID Mapping (Partial Encryption and PID Mapping) with application number 200910145405.3.

Cross-referencing of related files

The present application relates to U.S. provisional patent application serial No. 60/296,673 by candeore et al, entitled "Method for Allowing Multiple CA Providers to interoperate by Sending Video of certain Content in Clear text in a Content Delivery System and Dual transmission of Audio and Video and Audio for Other Content" (Method for adapting Multiple CA Providers to interoperate in a Content Delivery System by Sending Video in Video Content for the same Content, and Dual card of Audio and Dual card of Video and Audio Content) "; a provisional patent application serial No. 60/304,241 entitled "unconstrained selective Encryption of Program Content for Dual Carriage" (unconfined selective Encryption for Dual Carriage) "filed on 10.7.2001 by Unger et al; provisional patent application serial No. 60/304,131, entitled "Method for Allowing multiple CA Providers to Interoperate in a Content Delivery System by partially disturbing Content according to Time slices" (Method for Allowing multiple CA Providers to Interoperate in a Content Delivery System by partitioning the Content according to Time slices), filed on 10.7.2001 by candeore et al; and U.S. provisional patent application Ser. No. 60/_______ entitled Television encryption System (Television encryption systems), filed No. 26/2001, by Candelore et al, having a document number SNY-R4646P, which is incorporated herein by reference.

This application is filed concurrently with the following documents: u nger et al, patent application Ser. No. SNY-R4646.01, entitled "Critical packet Partial Encryption," serial No. _______; candelore et al, patent application Ser. No. SNY-R4646.02, entitled "time division Partial Encryption," serial No. _______; candelore, patent application Ser. No. SNY-R4646.03, entitled "Elementary Stream Partial Encryption," serial number _______; and Unger et al, patent application Ser. No. SNY-R4646.05, entitled "Decoding and Decrypting partially Encrypted Information," serial No. _______. These concurrently filed patent applications are incorporated herein by reference.

Copyright notice

A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the patent and trademark office patent file or records, but otherwise reserves all copyright rights whatsoever.

Technical Field

The present invention relates generally to the field of cryptographic systems. In particular, the present invention relates to systems, methods and apparatus for providing partial encryption and decryption of digital television signals.

Background

Televisions are used to deliver entertainment and educational information to viewers. The source material (audio, video, etc.) is multiplexed into a combined signal, which is used to modulate a carrier wave. The carriers are commonly referred to as frequency channels. (a typical channel may carry one analog program, one or two High Definition (HD) digital programs, or several (e.g., nine) standard definition digital programs). In terrestrial systems, these channels correspond to government scheduled frequencies and are spread over the air. The program is delivered to a receiver having a tuner that receives the signal from the air and delivers it to a demodulator that provides video to a display and audio to a speaker. In cable (cable) systems, modulated channels are transmitted over a cable. The program guide may also be fed in-band or out-of-band to indicate what programs are available and to indicate relevant tuning information. The number of cable channels is limited, limited by the bandwidth of the device/cable. Wired distribution systems require significant capital investment and are expensive to upgrade.

A large amount of television content is valuable to its producers, so copyright holders have to control access and restrict copying. Examples of typical protected material include feature films, sporting events, and adult programming. Conditional Access (CA) systems are used to control the availability of programs in content delivery systems such as cable television systems. The CA system is a matched suite of devices — one part is integrated into the cable system headend and encrypts the payload, and the other part is decrypted and embedded within the Set Top Box (STB) installed in the user's home. A variety of CA systems are used in the cable television industry, including those provided by NDS (Newport Beach, CA), motorola (Schaumberg, illinois) and scientific atlanta (astoma, georgia). This matching device aspect of the CA system has the effect of: the "legacy" vendor is locked as a supplier of additional STBs. Since the multiple technologies for conditional access are not mutually compatible (usually proprietary), any new potential vendor is forced to authorize legacy CAs. Cable operators may therefore find themselves unable to obtain newer or competitive technologies from other set-top box manufacturers because the owners of the technologies are often reluctant to collaborate or charge a reasonable licensing fee. This inflexibility is particularly troublesome when some cable companies with disparate CA systems are combined. Service providers prefer to have more than one source for STBs for a variety of reasons.

Once a cable (cable tv) operator has selected an encryption scheme, it is difficult to change or upgrade the content encryption scheme without introducing a backward compatible decoding device (e.g., a set-top box). Even if technology is available to STB vendors so that they can provide multiple decryption capabilities, providing multi-mode capabilities in new set-top boxes to handle multiple encryption systems can add significant cost to any new set-top box.

The only known current option to avoid the dominance of traditional vendors (without extensive replacement) is to use "full dual transport". Full duplex transmission means repeated transmission for each encrypted program-one type of CA encryption is used for each transmission. To provide full dual transmission, the head end equipment (head end) is enhanced to provide various forms of CA simultaneously. Legacy STBs should not be affected and should continue to perform their functions despite any changes. However, full dual transmission typically comes at a higher price due to bandwidth effects, thereby reducing the number of feature programs available. Generally speaking, the depletion of the number of higher premium channels limits the number of options available to the viewer, as well as the value that the cable operator can provide.

A conventional cable television system arrangement is shown in fig. 1. In such a system, a cable operator processes audio/video (a/V) content 14 at a cable system headend 22 with CA technology from manufacturer a (system a) with a CA encryption device 18 that is compatible with system a. The encrypted a/V content is multiplexed together with System Information (SI)26 and Program Specific Information (PSI) and passed to the user's STB36 via cable system 32. STB36 includes a decryption CA device from system a (manufacturer a) that decrypts the a/V content. The decrypted a/V content may then be provided to the television 44 for viewing by the user.

In a cable television system such as that of fig. 1, the digital program stream is divided into packets for transmission. The packets (video, audio, auxiliary data, etc.) for each component of a program are labeled with a packet identifier or PID. These packet streams for the various components of all programs carried within the channel are grouped into one composite stream. Additional packets are included to provide decryption keys and other overhead information. In addition, unused bandwidth is filled with null packets. The bandwidth budget is typically adjusted to utilize about 95% of the available channel bandwidth.

Overhead information typically includes guide data that describes what programs are available and how to locate the relevant channels and components. Such guide data is also called system information or SI: the SI may be transmitted to the STB either in-band (part of the data encoded in the channel) or out-of-band (for a particular channel dedicated to this purpose). Electronically delivered SI can be partially replicated in a more traditional form (i.e., a grid published in newspapers and magazines).

In order for a viewer to have a satisfactory television experience, it is generally desirable that the viewer have clear access to both audio and video content. Some analog cable television systems have used various filtering techniques to obscure the video to prevent unauthorized viewers from receiving unpaid programming. In such systems, analog audio is sometimes transmitted in the clear. In the motorola VideoCipher2Plus system used in C-band satellite transmission, strong digital audio encryption and weaker analog video protection (with synchronous inversion) are used. In airline movie systems, audio can only be utilized by renting headphones, thus providing complete audio and video only to paying customers.

Drawings

The features of the invention believed to be novel are set forth with particularity in the appended claims. The invention itself, however, both as to organization and method of operation, together with objects and advantages thereof, may best be understood by reference to the following detailed description of the invention, the following description, taken in conjunction with the accompanying drawings, illustrating certain exemplary embodiments of the invention, in which:

FIG. 1 is a block diagram of a conventional conditional access cable television system;

FIG. 2 is a block diagram of a system in which doubly encrypted audio is transmitted along with clear video consistent with one embodiment of the invention;

FIG. 3 is a block diagram of a system in which portions of a program are doubly encrypted according to a slice mechanism consistent with one embodiment of the invention;

FIG. 4 is a flow diagram of a double encryption process consistent with certain embodiments of the present invention;

FIG. 5 is a flow diagram of a decryption process consistent with certain embodiments of the present invention;

FIG. 6 is a block diagram of a system in which portions of a program are doubly encrypted on a packet basis consistent with an embodiment of the invention;

FIG. 7 is a flow diagram of a double encryption process consistent with certain embodiments of the present invention;

FIG. 8 is a flow diagram of a decryption process consistent with certain embodiments of the present invention;

FIG. 9 is a block diagram of a system in which system information is encrypted and a program is transmitted in the clear consistent with one embodiment of the invention;

FIG. 10 is a block diagram of a general system consistent with various embodiments of the present invention;

fig. 11 is a block diagram of a first embodiment of an implementation form of an encryption system consistent with embodiments of the invention in a cable system head end;

fig. 12 is a block diagram of a second embodiment of an implementation form of an encryption system consistent with embodiments of the invention in a cable system head end;

FIG. 13 is a flow diagram of an overall encryption process for implementing certain embodiments of the present invention in a cable system head end;

FIG. 14 is a block diagram of a first embodiment of a set-top box implementation of a decoding system consistent with embodiments of the invention;

fig. 15 is a block diagram of a second embodiment of an implementation form of a decoding system consistent with an embodiment of the present invention in a cable television system STB;

fig. 16 is a block diagram of a third embodiment of an implementation form of a decoding system in a cable television system STB consistent with embodiments of the present invention;

FIG. 17 illustrates a PID remapping process implemented in one embodiment of a set-top box PID remapper;

fig. 18 is a block diagram of an exemplary decoder chip that may be used in a television set-top box according to the present invention.

Detailed Description

While this invention is susceptible of embodiment in many different forms, there is shown in the drawings and will herein be described in detail specific embodiments, with the understanding that the present disclosure is to be considered as an example of the principles of the invention and not intended to limit the invention to the specific embodiments shown and described. In the description below, like reference numerals are used to describe the same, similar or corresponding parts in the several views. The terms "scrambling" and "encrypting" and variations thereof are synonymous herein. Also, the term "television program" and similar terms may be interpreted in a generally conventional sense, and also refers to any segment of A/V content that may be displayed on a television or similar monitor device.

SUMMARY

Modern digital cable television networks typically use CA systems that can fully encrypt digital audio and video so that programs cannot be accessed by others except those who have properly ordered. This encryption is designed to prevent hackers and non-subscribers from receiving unpaid programming. However, since cable operators wish to provide their subscribers with set-top boxes from different manufacturers, they are frustrated by the need to transmit multiple copies of a single program encrypted with multiple encryption techniques compatible with the CA systems of the respective STB manufacturers.

The need to transmit multiple copies of a program (referred to as "full duplex transmission") can exhaust valuable bandwidth that can be used to provide additional program content to the viewer. Certain embodiments of the present invention may address this issue, in that the bandwidth requirements to provide the same content to multiple transmissions may be minimized. The result may be referred to as "virtual dual transfer" because the benefits of full dual transfer are provided without the full bandwidth cost. Several embodiments of the invention presented herein may be used to achieve effective partial scrambling. These embodiments vary with the standard used to select the portion to be encrypted. The selected portion in turn affects the additional bandwidth requirements and the effectiveness of the encryption. One encryption process or a combination of encryption processes should be used in a manner consistent with embodiments of the present invention.

Some implementations of partial double encryption described herein use an additional (secondary) PID for each copied portion. These secondary PIDs are used to mark packets carrying duplicate content with additional encryption methods. The PSI is enhanced to transmit information about the existence of these new PIDs as follows: the inserted PID is ignored by legacy STBs but can be easily extracted by new STBs.

Some implementations of partial double encryption include copying only certain packets marked with a given PID. The method for selecting which packets to encrypt is detailed below. The original (i.e., legacy) PID continues to mark packets encrypted with legacy encryption as well as other packets transmitted in the clear. The new PID is used to mark packets encrypted with the second encryption method. Packets with secondary PIDs mask encrypted packets marked with primary PIDs. The packets making up the encrypted pair may appear in both orders, but in a preferred implementation, the order may be maintained in the clear part of the PID stream. As will be seen from the following description, by using the primary and secondary PIDs, a decoder located within a set-top box can easily determine which packets can be decrypted using the decryption method associated with the set-top box. The process for operating the PID will be described in more detail later.

The encryption techniques described herein can be broadly divided (according to a classification approach) into three basic variations: encrypt only the main part (i.e. audio), encrypt only the SI, encrypt only selected packets. Generally speaking, each of the encryption techniques used in the embodiments disclosed herein attempts to encrypt a portion of the A/V signal or related information while leaving another portion of the A/V signal in the clear in order to conserve bandwidth. Bandwidth can be saved since the same plaintext part can be sent to all different set-top boxes. The portion of information to be encrypted is selected in a number of ways. Thus, embodiments of the present invention may eliminate the traditional "brute force" technique of encrypting the entire content in one particular scrambling scheme, which means redundant use of bandwidth in the event that other scrambling schemes are desired. Furthermore, each partial double encryption scheme described herein may be used as a single partial encryption scheme without departing from embodiments of the present invention.

Various embodiments of the present invention use various processes, alone or in combination, to send the main portion of the content in the clear while encrypting only the small amount of information needed to properly render the content. The amount of information transmitted that is uniquely encrypted according to a particular scrambling scheme therefore accounts for only a small portion of the content, as opposed to completely replicating each desired program stream. For the exemplary systems in this document, encryption system a is always considered a legacy system. Each of the several encryption techniques described above is detailed below.

Various embodiments of the present invention allow independent operation of each participating CA system. Each CA system is independent of other CA systems. No key sharing in the head-end is required because each system encrypts its own packets. Each CA system may use a different key epoch (epoch). For example, packets encrypted with motorola-specific encryption may use a fast-changing encryption key with an embedded security ASIC, while packets encrypted with NDS' smart card-based systems use a slower-changing key. The above embodiment works equally well for Scientific Atlanta and motorola conventional encryption.

Encrypted elementary stream

Referring now to fig. 2, one embodiment of a system that can provide multiple transmissions with reduced need for additional bandwidth is illustrated as system 100. In this embodiment, the system takes advantage of the fact that: it is generally undesirable to view television programs without audio. Despite exceptions (e.g., adult programs, certain sporting events, etc.), the average viewer may not accept the regular viewing of television programs without hearing the sound. Thus, at the head end 122, the video signal 104 is provided in clear (unencrypted) form, while the clear audio 106 is provided to multiple CA systems for broadcast over the cable network. In the exemplary system 100, the plaintext audio 106 is provided to an encryption system 118, and the system 118 encrypts the audio data with encryption system a (encryption system a is considered a conventional system throughout the file). At the same time, the plaintext audio 106 is provided to the encryption system 124, and the system 124 encrypts the audio data with encryption system B. The clear video is multiplexed with encrypted audio from 118 (audio a), encrypted audio from 124 (audio B), system information 128, and program specific information 129.

After distribution via the cable system 32, the video, system information, program specific information, audio a, and audio B are all transmitted to the set-top boxes 36 and 136. At the legacy STB36, the video is displayed and the encrypted audio is decrypted at CA system a40 for playing on the television set 44. Likewise, at the new STB 136, the video is displayed and the encrypted audio is decrypted at CA system B140 for playing on the television 144.

Audio has lower bandwidth requirements than a full a/V program (even just the video portion). The current maximum bit rate for 384 Kb/sec stereo audio is about 10% of the 3.8 Mb/sec television program. Thus, for dual transmission of encrypted audio (video transmitted in clear) in a system with 10 channels transmitted using 256QAM (quadrature amplitude modulation), only about one channel of bandwidth is lost. Therefore, about nine channels can be transmitted. This is a significant improvement over the requirement for double encryption of all channels, which reduces the available channels from ten to five. Where deemed necessary, both audio and video may still be doubly encrypted if desired, for example, for sporting events, pay-per-view, adult programming, and the like.

Legacy and new set-top boxes can function in the conventional manner, i.e., receive video in the clear and decrypt audio in the same manner as it is used to completely decrypt encrypted a/V content. If the user does not subscribe to the encrypted program according to the scheme, the user can only see the video at most, but cannot hear the audio. Other embodiments of the invention (to be described later) are also possible for enhanced security on video. (for example, the SI may be scrambled to make it more difficult for an unauthorized set-top box to tune to the video portion of the program). An unauthorized set-top box that has not been modified by a hacker may blank the video because of the reception of encrypted audio.

An authorized set-top box receives an Entitlement Control Message (ECM) that is used to retrieve access criteria and a descrambling key. The set-top box attempts to apply the key to the video and audio. Since the video is not scrambled, the video passes through the descrambler of the set-top box unaffected. The set-top box is in the clear regardless of whether the video is in the clear. An unmodified and unsubscribed set-top box appears unauthorized for disturbed audio and clear text video. The video and the actually disturbed audio are blanked. An on-screen display may appear on the TV to indicate to the viewer that the program needs to be ordered. This ideally completely prohibits the casual audience from hearing or seeing the content.

In one embodiment of the invention, the encrypted audio is transmitted as digitized packets over the A/V channel. Two (or more) audio streams encrypted according to the two (or more) encryption systems used by the set-top box of the system are transmitted. In order for the two (or more) STBs to properly decrypt and decode their respective audio streams, SI (system information) data is sent from the cable system's headend 122 identifying the particular channel where the audio can be found using the sent Service Identifier (Service Identifier) to locate the audio. This is accomplished by assigning a first Packet Identifier (PID) to the audio of system a and a second Packet Identifier (PID) to the audio of system B. By way of example, and not by way of limitation, subsequent Program Specific Information (PSI) may be sent to identify the location of the audio for both systems, one using NDS conditional access and the other using motorola conditional access. Those skilled in the art will understand how to adapt such information to other embodiments of partial encryption described later herein.

The SI may be delivered to legacy and non-legacy set-top boxes independently. SI information may be transmitted so that legacy and non-legacy set top boxes may operate substantially without conflict. In the SI sent to the legacy set-top box, the VCT (virtual channel table) would indicate that the desired program (e.g., HBO labeled program number 1) is on service ID "1" and the VCT access control bit is set. The Network Information Table (NIT) sent to the first STB would indicate that the service ID "1" is at frequency 1234. In the SI sent to the non-legacy set-top box, the VCT indicates that the desired program (e.g., HBO labeled program number 1001) is on service ID "1001" and the VCT access control bit is set. The network information table sent to the non-legacy STB would indicate that service ID "1001" is at frequency 1234. The following exemplary program association table PSI data is sent to legacy and non-legacy set top boxes (in MPEG data structure format):

PATPATPAT 0x 0000-transport stream ID-PAT version-program number 1-PMT 0x 0010-program number 2-PMT 0x 0020-program number 3-PMT 0x 0030-program number 4-PMT 0x 0040-program number 5-PMT 0x 0050-program number 6-PMT 0x 0060-program number 7-PMT 0x 0070-program number 8-PMT 0x 0080-program number 9-PMT 0x 0090-program number 1001-PMT 0x 1010-program number 1002-PMT 0x 1020-program number 1003-PMT 0x 1030-program number 1004-PMT 0x 1040-program number 1005

PMT 0x 1050-program number 1006-PMT 0x 1060-program number 1007-PMT 0x 1070-program number 1008-MT 0x 1080-program number 1009-PMT 0x1090

Legacy and non-legacy set-top boxes selectively receive the following exemplary program map table PSI data (in MPEG data structure format):

sending on PID 0x0010Sent PMTPMT 0x0010-PMT program number 1-PMT segment version 10-PCR PID 0x 0011-elementary stream-type (video 0x02 or 0x80) -elementary PID (0x0011) -descriptor-CA descriptor for CA provider #1 (ECM) -elementary stream-type (Audio 0x81) -elementary PID (0x0012) -descriptor-CA descriptor for CA provider #1 (ECM)

PMTPMT 0x1010-PMT program number 1010-PMT segment version 10-PCR PID 0x 0011-elementary stream-stream type (video 0x02 or 0x80) -elementary PID (0x0011) -descriptor-CA descriptor for CA provider #2 (ECM) -elementary stream-stream type (audio 0x81) -elementary PID (0x0013) -descriptor-CA descriptor for CA provider #2 (ECM)

Considering the example where it is desired to transmit programs in a system using motorola or Scientific Atlanta and NDS CA, the communications described above are consistent with the PSI transmitted by motorola and Scientific Atlanta in their CA systems with only minor changes. The Program Association Table (PAT) is changed to index an additional Program Map Table (PMT) for each program. Each program in this embodiment has two program numbers in the PAT. In the above table, program number 1 and program number 1001 are the same program except for indexing different audio PIDs and CA descriptors. To create multiple PMTs and multiplex the new PAT and PMT information with the data stream, changes to the system can be made so that the front-end equipment of the cable system can be modified appropriately. Further, those skilled in the art will recognize how to adapt these messages to other partial encryption schemes described herein. The advantage of this approach is that no special hardware or software is required for the headend or legacy and non-legacy set-top boxes to deliver the audio that is transmitted and non-legacy encrypted using this scheme.

This technique may make the premium programming inaudible, which has not yet been paid for, thereby preventing the user from using the programming, but a hacker may attempt to tune to the video. To prevent this, the mechanisms used in other encryption techniques according to the present invention (as described later) may be used concurrently, if desired. Since closed captioning is typically transmitted as part of the video data, the user still has readable audio information as well as clear text video. Thus, while suitable for some applications, the present techniques by themselves do not provide adequate protection for all situations. In another embodiment, video packets containing closed caption information as part of the payload may be additionally scrambled.

In an alternative embodiment, only the video may be doubly encrypted using a separate PID assigned to each set of encrypted video. While this would provide more secure encryption for general programs (since video may be more important than audio), the bandwidth savings compared to full duplex is only about 10% because only audio is shared among all set-top boxes. However, this approach may be used for certain content (e.g., adult and sports programs) and helps reduce bandwidth overhead for that content, while audio encryption methods may be used for other types of content. In use for DirectV^TMIn the Digital Satellite Service (DSS) transmission standard of service, audio packets may be identified for encryption using what is known as an equivalent Service Channel Identifier (SCID).

Time slicing

Another embodiment in accordance with the invention is referred to herein as timeslicing and is illustrated in fig. 3 as system 200. In this embodiment, a portion of each program is encrypted on a time-dependent basis in a manner that interferes with viewing the program unless the user has paid for the program. This embodiment of the invention may be implemented as: partially encrypted video and plaintext audio, plaintext video and partially encrypted audio, or partially encrypted video and audio. The duration of the encrypted time slice, which is a percentage of the total time, may be selected to satisfy any suitable desired balance between bandwidth usage and anti-hacking security. Generally, in any of the embodiments described herein, less than 100% of the content is encrypted to generate the desired partial encryption. The following example details partially encrypted video and audio.

By way of example, and not by way of limitation, consider a system having nine programs each of which is to be doubly partially encrypted in accordance with an exemplary embodiment of the present invention. The nine channels are fed as a multiplexed stream of packets to the cable headend and digitally encoded with Packet Identifiers (PIDs) to identify packets associated with a particular one of the nine programs. In this example, assume that the nine programs have a video PID numbered 101 along with 109 and an audio PID numbered 201 along with 209. The partial encryption according to this embodiment is time multiplexed among programs so that only packets from a single program are encrypted at any given time. This approach does not require knowledge of what the content is.

Referring to table 1 below, an exemplary embodiment of a time slice double encryption scheme consistent with one embodiment of the present invention is illustrated. With program 1 having a primary video PID101 and a primary audio PID 201, during a first time period, packets having PID101 and PID 201 are encrypted with encryption system a while other packets representing other programs are sent in the clear. In this embodiment, secondary PIDs are also assigned to video and audio. For program 1, the secondary PIDs are PID 111 for video and PID 211 for audio, respectively. During the first time period, the packet with the secondary PID is encrypted with encryption system B and sent in the clear for the next eight time periods. Thereafter, for time period 10, packets having any of the four PIDs described above are again encrypted and then sent in clear for the next eight time periods. In a similar manner, in a second time period, program 2 having primary video PID 102 and primary audio PID 202 is encrypted with encryption system a, packets with their associated secondary PIDs are encrypted with encryption system B and sent in clear text in the next eight time periods, and so on. This pattern can be clearly seen in table 1 by examining the first nine rows. Both audio and video packets may be encrypted or only audio or video may be encrypted according to such techniques without departing from this invention. Also, the audio and video may have their own separate encryption sequences. In Table 1, P1 indicates time period number 1, P2 indicates time period number 2, and so on. EA represents: the information is encrypted with CA system a, and EB denotes: the information is encrypted with the CA encryption system B.

Program and method for providing a program

Video PID

Audio PID

P1

P2

P3

P4

P5

P6

P7

P8

P9

P10

P11

P12

...

1

PID101

PID201

EA

Plaintext

EA

Plaintext

...

2

PID102

PID202

Plaintext

EA

Plaintext

EA

Plaintext

...

3

PID103

PID203

Plaintext

EA

Plaintext

EA

...

4

PID104

PID204

Plaintext

EA

Plaintext

...

5

PID105

PID205

Plaintext

EA

Plaintext

...

6

PID106

PID206

Plaintext

EA

Plaintext

...

7

PID107

PID207

Plaintext

EA

Plaintext

...

8

PID108

PID208

Plaintext

EA

Plaintext

...

9

PID109

PID209

Plaintext

EA

Plaintext

...

1

PID111

PID211

EB

...

2

PID112

PID212

EB

...

3

PID113

PID213

EB

...

4

PID114

PID214

EB

...

5

PID115

PID215

EB

...

6

PID116

PID216

EB

...

7

PID117

PID217

EB

...

8

PID118

PID218

EB

...

9

PID119

PID219

EB

...

TABLE 1

In order to maintain compatibility with an established conventional encryption system (encryption system a), an encryption cycle for each of the programs 1 to 9 is encrypted with the encryption system a. A legacy STB device will accept this partially encrypted a/V data stream, transparently pass unencrypted packets and decrypt encrypted packets. However, it is desirable to obtain double encryption with both encryption system a and encryption system B. To do this, a primary PID (e.g., for program 1, video PID101 and audio PID 201) and a secondary PID (e.g., for program 1, video PID 111 and audio PID 211) are assigned to the designated program to carry elementary streams for a given premium channel.

Referring to fig. 3, the system 200 generally illustrates the functionality of a cable system head end device 222, wherein clear text video 208 for N channels at the head end device 222 is provided to an intelligent switch 216 (operating under control of a programmed processor) that routes packets to be transmitted in clear text to be assigned a primary PID at 220. The packets to be encrypted are routed to conditional access system a encryptor 218 and conditional access system B encryptor 224. Once encrypted, these encrypted packets from 218 and 224 are assigned primary or secondary PIDs, respectively, at 220. The system information from 228 and PSI from 229 is multiplexed or combined with the clear packets, system a encrypted packets, system B encrypted packets and broadcast over the cable system 32.

For purposes of discussion, if the time slice period is 100 milliseconds, then there is one more crypto period, on average, totaling 111 milliseconds per second for all nine programs, as shown in table 1. If the time slice period is 50 milliseconds, there are two multiple crypto periods that total 111 milliseconds. An unscheduled set-top box attempting to tune the video will have very poor picture quality and audio will be confusing if it can maintain any kind of picture lock.

The PSI for the partially scrambled stream is processed in a slightly different manner than the dual audio encryption example described above. The same SI and PAT PSI information can be sent to legacy and non-legacy set-top boxes per se. The difference lies in the PMT PSI information. The legacy set-top box parses the PMT PSI and obtains the main video and audio PIDs as before. The non-legacy set-top box gets the primary PID as the legacy set-top box, but must look at the CA descriptor in the PMT PSI to check if the stream is partially disturbed. The secondary PID is particularly scrambled for a particular CA provider, and therefore it makes sense to transmit that PID signal with a CA descriptor specific to a particular CA provider. The present invention allows more than two CA providers to coexist by allowing more than one secondary PID. The secondary PID should be unique to a particular CA vendor. The set-top box knows the CA ID for the CA it has and can check all CA descriptors to find the one associated with it.

While it is possible to send the secondary PID data as private data in the same CA descriptor for ECMs, the preferred embodiment uses a separate CA descriptor. The secondary PID is placed within the CA PID field. This allows the front-end processing device to "see" the PID without having to parse the private data field of the CA descriptor. To be able to distinguish between ECM and secondary PID CA descriptors, a pseudo private data value may be sent.

PMTPMT 0x0010-PMT program number 1-PMT segment version 10-PCR PID 0x 0011-elementary stream-stream type (video 0x02 or 0x80) -basic PID (0x0011) -descriptor-CA descriptor (ECM) for CA provider # 1-CA descriptor (ECM) for CA provider # 2-CA descriptor (secondary PID) for CA provider # 2-elementary stream-stream type (audio 0x81) -basic PID (0x0012) -descriptor-CA descriptor (ECM) for CA provider # 1-CA descriptor (ECM) for CA provider # 2-CA descriptor (secondary PID) for CA provider #2

CA descriptor (ECM) for CA vendor #2

Descriptor-tag: conditional access (0x09) -length: 4 bytes-data-CA system ID: 0x0942 (second CA supplier) -CA PID (0x0015)

CA descriptor (Secondary PID) for CA vendor #2

Descriptor-tag: conditional access (0x09) -length: 5 bytes-data-CA system ID: 0x1234 (second CA vendor) -CA PID (0x0016) -private data

A conventional STB36 operating under CA system a receives the data, ignores the secondary PIDs, decrypts the packets encrypted under CA system a and provides the program to the television 44. The new or non-legacy STB236 receives the SI 228. It receives PSI229 and uses the PMT to identify the primary and secondary PIDs called out in the second CA descriptor associated with the program being viewed. Packets encrypted under CA system a are discarded and packets encrypted under CA system B with the secondary PID are decrypted by CA system B240 and inserted into the clear data stream for decoding and display on the television 224.

Fig. 4 illustrates a process for encoding at a cable system headend that may be used to implement an embodiment of the present invention, where CA system a is a legacy system and CA system B is a new system to be introduced. Upon receipt of the plaintext packets for a given program at 250, if the packets (or frames) are not encrypted (i.e., are not the current time slice for encryption for that program), the plaintext packets (C) are transmitted for insertion into the output stream at 254. If the current packet is encrypted because it is part of an encryption time slice, the packet is passed to packet encryption process a258 and packet encryption process B262 for encryption. The encrypted packet (EA) from encryption process a at 258 is passed to 254 for insertion into the output stream. The encrypted packets (EB) from encryption process B at 262 are assigned a secondary PID at 264 for insertion into the output stream at 254. The above process is repeated for all packets in the program.

Fig. 5 illustrates the process used in STB236, STB236 having a newly introduced CA system B to decrypt and decode the received data stream containing C, EA and EB packets with the primary and secondary PIDs. When a packet is received at 272, it is checked whether it has the primary PID of interest. If not, a check is made at 274 as to whether the packet has a secondary PID of interest. If the packet has neither the primary nor the secondary PID, the packet is ignored or discarded at 278. Any intervening (intervening) packets between the EA and EB packets that are not primary or secondary PIDs are discarded. Whether a decoder can receive consecutive EAs or EBs before receiving a replacement matching EA or EB packet is an implementation form problem and is primarily a buffering problem. Furthermore, it is easy to detect secondary packets that come before the primary packet, rather than after the primary packet. It is also possible to design a circuit in which any of the situations can occur, namely: the secondary packet can be before the primary packet or after the primary packet. If the packet has a primary PID of interest, the packet is examined 284 to determine if it is encrypted. If not, the packet (C) is passed directly to the decoder for decoding at 288. If the packet is encrypted at 284, it is considered an EA packet and is discarded or ignored at 278. In some implementations, the encryption of the primary packet is not checked at 284. Instead, its position relative to the secondary packet is checked only at 284, identifying it for replacement.

If the packet is determined to have a secondary PID at 274, the PID is remapped to the primary PID (or equivalently the primary PID to the secondary PID value) at 292. The packet is then decrypted at 296 and sent to a decoder for decoding at 288. Of course, those skilled in the art will recognize that many variations are possible without departing from the invention, for example, the order of 292 and 296 or the order of 272 and 274 may be reversed. 284 may be replaced by checking the position of the primary packet relative to the secondary packet, as previously described. Other variations will occur to those skilled in the art.

The conventional STB36 operating under encryption system a completely ignores the secondary PID packets. The packets with the primary PID are decrypted if necessary and passed to the decoder without decryption if they are in the clear. Thus, a so-called "legacy" STB operating under encryption system a will properly decrypt and decode the partially encrypted data stream associated with the primary PID and ignore the secondary PID without modification. The STB operating under encryption system B is programmed to ignore all encrypted packets associated with the primary PID and use the transmitted encrypted packets with the secondary PID associated with a particular channel.

Thus, each dual partially encrypted program has two sets of PIDs associated with it. With the system shown with appropriate time slice intervals, if encryption is performed as described on a cycle-by-cycle basis, the image will be substantially unviewable on the STB with either decryption.

To implement such a system in the head-end 322 of fig. 6, the SI and PSI may be modified to include a second set of CA descriptor information. Legacy set-top boxes may not tolerate unknown CA descriptors. Thus, in the set-top box, the content PID and/or SI/PSI and ECM PID may alternatively be "hard-coded" offset from the legacy CA PID. Or parallel PSI may be sent. For example, for a non-legacy set-top box, the secondary PAT may be sent on PID1000 instead of PID 0. It may index auxiliary PMTs not found in conventional PAT. The auxiliary PMT may contain an unconventional CA descriptor. Since the auxiliary PMT is unknown to the conventional set top box, there is no interoperability problem.

In a system corresponding to system a with a conventional set-top box manufactured by motorola or Scientific Atlanta, the STB does not need to be modified. For system B compliant (compatible) STBs, with the dual transmission of partially encrypted programs described herein, the video and audio decoders are adapted to listen to two PIDs (primary and secondary) instead of just one PID. There may be one or more shadow PIDs, depending on the number of non-legacy CA systems used, but a particular set-top box only listens to one of the secondary PIDs that is appropriate for the CA method used by that particular STB. Furthermore, encrypted packets from PIDs carrying video or audio, mostly in clear text, are ideally ignored. Since ignoring "bad packets" (packets that cannot be easily decoded as is) may already be a function performed by many decoders, no modification is needed. For systems with decoders that do not ignore bad packets, a filtering function may be used. It should be appreciated that the time slice encryption technique may be applied to video or audio only. Also, the video may be encrypted in time slices, while the audio is double encrypted as in the previous embodiment. Time slicing techniques may be applied to multiple programs simultaneously. The number of programs encrypted over a period of time is primarily a matter of bandwidth allocation, and although the above example discusses scrambling a single program at a time, the invention is not so limited. Other combinations of the encryption techniques described in this document are also contemplated by those skilled in the art.

Mth and N-th packet encryption

Another embodiment in accordance with the invention is referred to herein as encryption of the mth and nth packets. This is a variation of the embodiment illustrated in fig. 3 as system 200. In this embodiment, the packets representing each PID of a program are encrypted in a manner that can interfere with viewing the program unless the user has paid for the program. In this embodiment, M represents the number of packets between the start of an encryption event, and N represents the number of packets that are successively encrypted once encryption has started. N is less than M. If M is 9 and N is 1, there is one encryption event for every nine packets. If M is 16 and N is 2, there is one encryption event lasting two packets for every sixteen packets. As in the previous embodiment, each packet to be doubly partially encrypted is copied and processed by CA system a218 and CA system B224. This embodiment differs in operation from previous time slicing techniques in that the switch 216 selects packets for encryption operation under control of the programmed processor.

By way of example, and not by way of limitation, consider a system having nine programming channels that are to be doubly encrypted in accordance with the present exemplary embodiment. The nine channels are digitally encoded with Packet Identifiers (PIDs) to identify packets associated with a particular one of the nine programs. In this example, it is assumed that the nine programs have a video PID labeled 101-. According to the present embodiment, encryption is performed randomly program by program, and therefore, packets from other programs can be encrypted at the same time. This is illustrated in table 2 below, where M is 6 and N is 2 and only the video is encrypted, but this should not be considered limiting. This approach does not require knowledge of what the content is. In table 2, PK1 indicates group number 1, PK2 indicates group number 2, and so on.

Program and method for providing a program

Video

PK1

PK2

PK3

PK4

PK5

PK6

PK7

PK8

PK9

PK10

PK11

PK12

...

1

PID101

EA

Plaintext

EA

Plaintext

...

2

PID102

Plaintext

EA

Plaintext

EA

Plaintext

...

3

PID103

Plaintext

EA

Plaintext

EA

Plaintext

...

4

PID104

Plaintext

EA

Plaintext

EA

Plaintext

...

5

PID105

Plaintext

EA

Plaintext

EA

Plaintext

...

6

PID106

EA

Plaintext

EA

Plaintext

EA

...

7

PID107

EA

Plaintext

EA

Plaintext

...

8

PID108

Plaintext

EA

Plaintext

EA

Plaintext

...

9

PID109

EA

Plaintext

EA

Plaintext

EA

...

1

PID111

EB

...

2

PID112

EB

...

3

PID113

EB

...

4

PID114

EB

...

5

PID115

EB

...

6

PID116

EB

...

7

PID117

EB

...

8

PID118

EB

...

9

PID19

EB

...

TABLE 2

In the example of table 2, each program is encrypted completely independently of each other with an encryption scheme of M-6 and N-2. Again, the example only encrypts video, but audio may also be encrypted in the above or another arrangement. If applied only to video, the audio may be double scrambled or time sliced encrypted as in the previous embodiment. Alternatively, if applied to audio only, the video may be time sliced as in the previous embodiment.

Those skilled in the art will recognize that numerous variations of the above-described techniques may be devised in accordance with the partial scrambling concepts disclosed herein. For example, a pattern of five plaintext, followed by two ciphers, followed by two plaintexts, followed by one cipher (ccccceecceccccceecce.) conforms to a variation of the current partial cipher concept, and the random, pseudorandom, and semi-random values of M and N may be used to select packets for ciphering. The random, pseudo-random, or semi-random (collectively referred to herein as "random") selection of packets can make it difficult for hackers to algorithmically reconstruct the packets during post-processing attempts to recover the recorded scrambled content. Those skilled in the art will recognize how to adapt the above information to other embodiments of partial encryption described later herein. Certain embodiments may be used in combination to more effectively secure content.

Data structure encryption

Another partial encryption method of embodiments of the present invention encrypts based on a data structure. By way of example, and not by way of limitation, one common data structure used for encryption is MPEG video frames. Table 3 below illustrates this (again for video only), where encryption is performed every ninth video frame. In this embodiment, the ten frame encryption periods of each program are different from one channel to another, but this should not be considered limiting. This idea can be seen as a variation of time slices or M and N-th partial encryption arrangements (or other modes) based on video or audio frames (or other data structures), with M-10 and N-1 in the exemplary embodiment. Of course, other values of M and N may be used in similar embodiments. In table 3, F1 indicates frame number 1, F2 indicates frame number 2, and so on.

Program and method for providing a program

Video

F1

F2

F3

F4

F5

F6

F7

F8

F9

F10

F11

F12

...

1

PID101

EA

Plaintext

EA

Plaintext

...

2

PID102

Plaintext

EA

Plaintext

...

3

PID103

Plaintext

EA

Plaintext

...

4

PID104

Plaintext

EA

Plaintext

...

5

PID105

Plaintext

EA

Plaintext

...

6

PID106

EA

Plaintext

EA

Plaintext

...

7

PID107

Plaintext

EA

Plaintext

EA

...

8

PID108

Plaintext

EA

Plaintext

EA

...

9

PID109

EA

Plaintext

EA

Plaintext

...

1

PID111

EB

...

2

PID112

EB

...

3

PID113

EB

...

4

PID114

EB

...

5

PID115

EB

...

6

PID116

EB

...

7

PID117

EB

...

8

PID118

EB

...

9

PID119

EB

...

TABLE 3

Thus, again, each encrypted program has two sets of PIDs associated with it. If encryption is performed on a cycle-by-cycle basis as previously described, the image is substantially not viewable to the system shown. For the nine program system shown with 30 frames per second, approximately three frames per second are encrypted. For viewers who are not authorized to watch a program, their STB can at best occasionally capture still frames because the STB is constantly attempting to synchronize and recover. Viewers who have subscribed to the program can easily view the program. The bandwidth cost for such an encryption arrangement depends on the frequency at which the encryption is performed. In the above example, additional 1/9 data was transmitted for each program. In this example, about one program of bandwidth is used. In the case of a larger number of programs, fewer packets are encrypted for each program, and the security of the encryption system is slightly reduced. As in the randomized M and N methods, a random frame may be selected. In the case of video, the selection of random frames will help to ensure that all types of intra-coded frames (I-frames), predicted frames (P-frames), bi-directional coded (B-frames), and DC-frames are affected.

In one variation of the invention, fewer packets may be encrypted in order to achieve an acceptable level of security. That is, perhaps in a nine-program system, only one frame per second needs to be encrypted to achieve an acceptable level of security. In such a system, the total overhead is one encryption cycle per second per program or about 1/30 of the data transmitted in the total overhead. This level of overhead is a significant improvement over the 50% bandwidth loss associated with full duplex encryption under two encryption systems. In another variation of the invention, only certain video frames may be encrypted in order to obtain an acceptable level of security. For example, for MPEG content, only the intra-coded frames (I-frames) may be scrambled in order to further reduce the bandwidth overhead and still maintain an acceptable level of security. This provides a significant improvement over the bandwidth required for full duplex transmission.

Critical packet encryption

With selective packet-by-packet dual encryption techniques, high efficiency in bandwidth usage is achieved. In this embodiment, packets are selected for encryption based on their importance for correct decoding of audio and/or video of the program content.

This embodiment may reduce bandwidth requirements by scrambling only a small portion of the packets as compared to full duplex transmission of encrypted content. The plaintext packets are shared between two (or more) dual transport PIDs. In a preferred embodiment, as will be disclosed, less than about one percent of the total content bandwidth is used. In systems employing conventional encryption schemes, clear program content packets may be received by both conventional and modern set-top boxes. As described above, the encrypted packets are dual transmitted and processed by the respective set-top boxes with the appropriate CA. Each CA system is not related to each other. No key sharing is required and different key epochs can be used by the CA systems. For example, a system with motorola-specific cryptography may generate a rapidly changing encryption key with an embedded secure ASIC, while a system based on NDS smart cards may generate a slightly slower changing key. This embodiment works equally well for Scientific Atlanta and motorola conventional encryption.

Referring to fig. 6, a block diagram of a system in accordance with one embodiment of the present invention is illustrated as system 300, wherein portions of a program are doubly encrypted on a packet-by-packet basis. In this system, packets of each program are doubly encrypted using, for example, the conventional CA system a and the new CA system B. The encrypted packets are selected according to their importance for correct decoding of the video and/or audio stream.

In the system shown in fig. 6, the cable system head end device 322 selects a/V content 304 packet for encryption at the packet selector 316. The packets selected for encryption are selected so that non-receipt (by a non-pay decoder) of these packets would severely impact real-time decoding of the program and would impact post-processing of the recorded content. That is, only critical packets are encrypted. For video and audio, this can be achieved by: a "start of frame" transport stream packet containing a PES (packetized elementary stream) header and other headers as part of the payload is encrypted because without this information the STB decoder cannot decompress MPEG compressed data. MPEG2 streams identify "start of frame" packets with a "start of packet unit indicator" in the transport header. In general, packets carrying a payload containing a set of picture headers or video sequence headers (headers) can be used to implement the scrambling technique of the present invention.

MPEG (moving picture experts group) compliant compressed video can repackage elementary streams of data into a transport stream in the form of a somewhat arbitrary payload of 188 bytes of data. Thus, transport stream packets containing PES headers may be selected for encryption at selector 136 and double encrypted by CA system a encryptor 318 and CA system B encryptor 324. The packet to be double partially encrypted may be copied and, as in the previous embodiment, the PID of the copied packet encrypted by the encryptor 324 may be remapped to a secondary PID at 330. The remaining packets are transmitted in clear. Clear packets, system a encrypted packets, system B encrypted packets, system information 328, and PSI from 329 are multiplexed together for broadcast over cable system 32.

As with previous systems, the legacy STB36 receives plaintext data as well as data encrypted under CA encryption system a and passes the unencrypted data to the decoder in a transparent manner in combination with data decrypted with CA decryption a 40. In the new STB336, programs are assigned to primary and secondary PIDs. A plaintext packet with a primary PID is received and passed to a decoder. The encrypted packet with the primary PID is discarded. The encrypted packets with the secondary PIDs are decrypted and then recombined with the data stream (e.g., by remapping the packets to the primary PIDs) for decoding.

Taking the example of using video, each sample is called a frame, and the sample rate is typically 30 frames per second. If the samples are coded to fit into 3.8Mbps, each frame will occupy 127 kbits of bandwidth. For MPEG transmission, this data is divided into 188 byte packets, the first or first few packets of each frame containing a header indicating the body of the frame data to be processed. Double encrypting only the first header packet (1504 extra bits) requires only 1.2% (1504/127K) of extra bandwidth. For high definition (19Mbps) streams, this percentage is even less.

As described earlier, according to the present embodiment, a transport stream packet containing a PES header is a preferred encryption target. These packets contain sequence headers, sequence extension headers, picture headers, quantization and other decoding tables (all within the same packet). If these packets cannot be decoded (i.e., a hacker attempts to view an unauthorized program without paying a subscription fee), then a small portion of the program cannot be viewed. In summary, any attempt to tune to the program is likely to encounter a blank screen (black screen) and also no audio because known decoder integrated circuits use PES headers to synchronize elementary streams such as video and audio in real time. By encrypting the PES header, the decoding engine in an unauthorized set-top box cannot even start. By dynamically changing the information in the packets containing the PES header, post-processing attacks on the stored content, for example, are prevented. Those skilled in the art will note that for the implementation of this embodiment of the invention, other critical or important packets or content units that can be strictly prevented from unauthorized viewing may also be identified for encryption without departing from the invention. For example, MPEG intra-coding or I-frame image packets may be encrypted to prevent viewing of the video portion of the program. Embodiments of the present invention may be used in conjunction with any other embodiments, for example, in conjunction with random, mth, and N or data structure encryption that scrambles packets containing PES headers, as well as other packets. Critical packet encryption can be applied to video encryption while using a different approach to audio. For example, the audio may be double encrypted. Other variations within the scope of the invention will occur to those skilled in the art.

Fig. 7 is a flow diagram illustrating an exemplary encoding process such as may be used at the head end of fig. 6. When a transport stream packet is received at 350, the packet is examined to determine if it meets the selection criteria for encryption. In this preferred embodiment, the selection criterion is the presence of a PES header as part of the packet payload. If the criteria are not met, the packet is transmitted as a plaintext unencrypted packet (C) for insertion into the output data stream at 354. If the packet meets the criteria, it is encrypted at 358 with CA encryption System A to generate an encrypted packet EA. The packet is also copied and encrypted with CA encryption system B at 362 to generate an encrypted packet. This encrypted packet is mapped to a secondary PID at 366 to generate an encrypted packet EB. The encrypted packets EA and EB are inserted into the output data stream at 354 along with the clear packet C. Preferably, the EA and EB packets are inserted in the data stream at a location where a single original packet was previously obtained for encryption, so that the ordering of the data remains substantially the same.

When the output data stream from 354 is received at a CA encryption system B compatible STB such as 336 of fig. 6, the program may be decrypted and decoded using a process such as that of fig. 8 (similar to that of fig. 5). When a packet having a primary or secondary PID is received at 370, a determination is made at 370 as to whether the packet is in clear (C) or encrypted using system a (ea), or at 374 as to whether the packet is encrypted using system b (eb). If the packet is in the clear, it is passed directly to the decoder 378. In some embodiments, the replacement of a primary packet in a stream may be signaled by the relative position of the primary packet before or after a secondary packet. It is not particularly necessary to check the scramble status of the primary packet. If the packet is an EA packet, it is discarded at 380. If the packet is an EB packet, it is decrypted at 384. At this point, the secondary PID packets and/or primary PID packets are remapped to the same PID at 388. The decrypted packets and clear packets are decoded at 378.

The above dual partial encryption arrangement can greatly reduce bandwidth requirements relative to the requirement for full dual transmission. Encrypting the PES header information may effectively protect video and audio content while allowing two or more CA systems to independently "co-exist" in the same cable television system. The set-top box of conventional system a is unaffected and the set-top box of system B requires only minor hardware, firmware or software enhancements to listen to the two PIDs for video and audio, respectively. Each type of STB (both legacy and non-legacy) can maintain its inherent CA method. Modification of the head-end is limited to selecting content for encryption, introducing a second encryptor and providing means to mix their combination into a composite output stream.

In one embodiment, the head end device is configured to randomly scramble as much content as bandwidth allows, not just the critical PES header. These additional scrambled packets may be located in the PES payload or in other packets within the entire video/audio frame, making the content more secure.

SI ciphering

Referring now to fig. 9, one embodiment of a system that minimizes the need for any additional bandwidth is shown as system 400. In this embodiment, the system takes advantage of the fact that: for a set-top box, System Information (SI)428 is needed to tune the program. In a cable television system, SI is transmitted out-of-band on frequencies set in addition to the normal viewing channel. It can also be sent in band (in-band). If it is sent in band, the SI 428 is duplicated and the SI 428 is sent with each stream. For purposes of discussion, it is assumed that the SI sent from the previous manufacturer to the "legacy" set-top box is independent of the SI sent from the new manufacturer to the set-top box, such as STB 436. Thus, each version of the SI may be scrambled independently using conditional access system a 418 and conditional access system B424 as previously described. The plaintext video 404 and plaintext audio 406 are transmitted in plaintext, but SI information 428 is needed to understand how to find them.

The SI transmits information related to a channel name and program guide information such as a program name and a start time and frequency tuning information of each channel. Digital channels are multiplexed together and transmitted at a particular frequency. In an embodiment of the invention, the SI information is encrypted and made available only to authorized set-top boxes. Tuning is not possible if location SI information is not received for knowing all a/V frequencies in the device.

To deter hackers from programming set-top boxes to track or scan frequencies, the frequency of the channel may deviate from the standard frequency. Also, the frequency may be dynamically changed on a daily, weekly, or other periodic basis, or randomly. A typical wired headend may have about 30 frequencies in use. The respective frequencies are generally selected to specifically avoid interference with each other and with frequencies used by the terrestrial broadcast signal and the clock of the receiving device. Each channel has at least one independent alternate channel that, if used, does not cause interference or cause a change in the frequency of an adjacent channel. Therefore, the actual possible frequencyMapping to 2³⁰Or 1.07X 10⁹. However, a hacker may quickly try both of the two frequencies when trying to tune each of the approximately 30 channels. If the frequency of having content is successfully determined, the hacker's set-top box can parse the PSI429 to know the individual PIDs that make up the program. It may be difficult for a hacker to know that "program 1" is "CNN", "program 5" is "TNN", etc. This information is sent along with the SI, which, as previously mentioned, is scrambled and cannot be used by unauthorized set-top boxes. However, a hacker in a setting may deduce this by selecting various channels and checking the transmitted content. Therefore, to prevent the identification of channels, the layout of the programs in a single stream can be changed frequently, for example, in the above example, program 2 and program 5 are exchanged, so that "program 1" is "TNN" and "program 5" is "CNN". Also, programs can be moved to a completely different stream with a completely new set of programs. A typical digital cable data converter can deliver 250 program contents including music. Each program can be tuned uniquely. A possible combination of reordering is 250! (factorial). Without content mapping provided by the transmitted SI or provided by hackers, the user is faced with randomly selecting individual programs in the stream to check if it is the one of interest.

Thus, in the front end 422, the video signal 404 and the audio signal 406 are provided in clear (unencrypted) while the SI 428 is provided to a plurality of CA systems for transmission over a cable television network. Thus, in the exemplary system 400, the plaintext SI 428 is provided to the encryption system 418, which encrypts SI data with encryption system a. At the same time, clear SI 428 is provided to encryption system 424, which encrypts SI data with encryption system B. The clear video 404, audio 406, and PSI429 are then multiplexed with the encrypted si (si a) from 418 and the encrypted si (si b) from 424 in place of the out-of-band system information 428.

After distribution over the cable television system 32, the video, audio, PSI, system information A, and system information B are all transmitted to the set-top boxes 36 and 436. At STB36, the encrypted SI is decrypted at CA system a40 to provide tuning information to the set-top box. The set-top box tunes out a particular program to allow it to be displayed on the television set 44. Similarly, at STB436, the encrypted SI is decrypted at CA system B440 to provide tuning information to the set-top box to allow a particular program to be tuned and displayed on television 444.

This approach has the advantage that no additional a/V bandwidth is required in the content delivery system (e.g., cable television system). Only the SI needs to be transmitted doubly. No special hardware is required. Most tuners can easily accommodate any frequency that deviates from the standard frequency. SI decryption may be performed in software or with hardware assistance. For example, a conventional motorola set-top box can descramble SI transmitted in a motorola out-of-band manner with a hardware decryptor built into the decoder IC chip.

A stubborn hacker may use a spectrum analyzer on the coaxial cable to know where the a/V channel is located. Also, a hacker may program a set-top box to automatically scan the frequency bands to know the location of the a/V channels (which is a relatively slow process). Hackers can be deterred if the frequency of the a/V channel changes dynamically, as the hackers are required to constantly analyze or scan the band. Also, the program number and assigned PID may vary. However, dynamically changing frequencies, program numbers, and PIDs can create operational difficulties for service providers (e.g., cable operators).

General introduction

The system 500 of fig. 10 can generally represent various of the techniques described above. This system 500 has a cable system head end device 522 with clear video 504, clear audio 506, SI 528 and PSI 529, any of which can be selectively switched by a smart processor controlled switch 518, the switch 518 also serving to assign PIDs (in embodiments requiring PID assignment or reassignment) to either conditional access system a 520 or conditional access system B524 or to communicate in clear to the cable system 32. As previously described, STB36 may correctly decode programs or SIs encrypted according to conventional CA system a. As previously described, the CA system B encrypted information is understood by STB 536 and decrypted and decoded accordingly.

PID mapping considerations

The above described PID mapping concepts may be applied generally to the dual partial encryption techniques described herein, if desired. In a cable head-end device, the general idea is to process a data stream consisting of packets to duplicate packets selected for encryption. These packets are duplicated and encrypted using two different encryption methods. Duplicate packets are assigned to separate PIDs (one of which matches the legacy CA PID for the plaintext content) and re-inserted into the data stream at the location of the originally selected packet for transmission in a cable (cable television) system. At the output of the cable system headend, a stream of packets is presented having both conventionally encrypted packets and clear packets with the same PID. The secondary PID identifies the packet encrypted with the new encryption system. In addition to PID remapping at the head-end, MPEG packets also use a continuous count to maintain the proper order of the packets. To ensure correct decoding, such continuity counts should be maintained correctly during creation of the packetized data stream at the head-end device. This is accomplished by ensuring that consecutive count values are assigned sequentially to packets with each PID in the usual manner. Thus, packets with a secondary PID will carry a continuous count that is independent of the primary PID. In the following, a simplified form will be described, in which PID025 is the primary PID, PID125 is the secondary PID, E represents the encrypted packets, C represents the clear packets, and the end number represents the continuous count.

025C04

025E05

125E11

025C06

025C07

025C08

025C09

025E10

125E12

In this exemplary segment of packets, packets with PID025 are considered to have their own sequential counter (sequence) (04, 05, 06, 07, 08, 09...). Likewise, packets with secondary PID125 also have their own continuity counter order (11, 12.

At the STB, the PIDs can be processed in a number of ways to correctly associate the encrypted packets with the secondary PIDs with the correct program. In one implementation, the packet headers of the input stream fragments are as follows:

025C04

025E05

125E11

025C06

025C07

025C08

025C09

025E10

125E12

the above-mentioned headers are processed to create the following output stream fragments:

125C04

025E11

125E05

125C06

125C07

125C08

125C09

025E12

125E10

the primary PID (025) in the input stream is replaced by a secondary PID for the plaintext packet (C). For encrypted packets, the primary and secondary PIDs are retained, but the continuity count is exchanged. Thus, the packet stream can be properly decrypted and decoded with the secondary PID without errors caused by loss of continuity. Other methods and sequential counts of processing PIDs, such as mapping the PID (125) on a scrambled legacy packet to a NOP PID (all) or other undecoded PID value, may also be used in embodiments in accordance with the invention.

The primary and secondary PIDs are transmitted to the STB in a Program Map Table (PMT) that is transmitted as part of the Program Specific Information (PSI) data stream. A STB operating under CA encryption system a ("legacy" system) may ignore the presence of the secondary PID, but a new STB operating under CA encryption system B is programmed to recognize that the secondary PID is being used to convey the encrypted portion of the program associated with the primary PID. Alerting the set-top box to the fact that: this encryption scheme is used because of the presence of the CA descriptor in the basic PID for the "loop" of the PMT. There is typically a CA descriptor for the video elementary PID "loop" and another CA descriptor in the audio elementary PID "loop". The CA descriptor identifies the CA _ PID as an ECM PID or as a secondary PID for partial scrambling using private data bytes, thereby enabling a STB operating under system B to look for primary and secondary PIDs associated with a single program. Since the PID field in the transport header is thirteen bits in length, there is 2¹³Or 8192 PIDs are available and any excess PID can be used for the secondary PID as needed.

In addition to assigning a PID to each program component or selected portions thereof, a new PID may be assigned to label ECM data used in the second encryption technique. Each assigned PID number may be labeled as a user-defined stream type to prevent interfering operation with legacy STBs. MPEG defines such reserved blocks for numbers of user-defined stream types.

While conceptually PID mapping at the cable headend is a simple operation, in practice the cable headend is typically already established and so is modified to accomplish this task in a manner that minimally interferes with the established cable system while being cost effective. The details of the actual implementation in the cable system head end equipment are therefore dependent to some extent on the actual legacy hardware present in the head end equipment, examples of which are detailed below.

Front end implementation

It will be appreciated by those skilled in the art that the foregoing descriptions relating to fig. 2, 3, 6, 9 and 10 are somewhat conceptual in nature and are intended to illustrate the general ideas and concepts associated with various embodiments of the invention. In implementing a realistic implementation of the present invention, one skilled in the art will recognize that an important realistic problem faced is providing cost-effective implementations of various partial encryption methods in existing legacy head-end equipment devices of existing cable providers. Taking two main conventional cable (cable tv) systems as an example, the following describes how the above-described techniques can be implemented in a cable head-end device.

First, consider a cable system headend using a motorola brand conditional access system. In such a system, the modification shown in fig. 11 may be made to provide a cost-effective mechanism for a partial double encryption implementation. In a typical motorola system, HITS (air front end equipment) or similar data feeds are provided from satellites. Such feeds may provide aggregated digitized content that is provided to a cable (cable television) provider and received by a receiver/descrambler/scrambler system 604, such as a motorola Integrated Receiver Transponder (IRT) type IRT1000 and IRT2000, and a motorola Modular Processing System (MPS). A clear text stream of digitized television data may be obtained from the satellite descrambler function 606 of the receiver/descrambler/scrambler system 604. This plaintext stream may be processed by a new functional block shown as packet selector/duplicator 610. The new functional block 610 may be implemented as a programmed processor or in hardware, software, or a combination thereof.

Packet selector/replicator 610 selects packets to be doubly encrypted using any of the partial double encryption methods described above. These packets are then copied with the new PID so that they can be later identified for encryption. For example, if packets at the input of 610 associated with a particular program have PID a, packet selector/duplicator 610 identifies the packets to be encrypted and duplicates and remaps these packets to PIDs B and C, respectively, so that they can be later identified in two different systems for encryption. Preferably, the duplicate packets are inserted into the data stream adjacent to each other at the location of the original duplicate packets, now with PIDs B and C, so they will remain in the same order as originally presented (except that there are now two packets where one previously resided in the data stream). Assuming for the moment: the new CA system to be added is NDS encryption. In this case, PID a denotes a plaintext packet, PID B denotes an NDS encrypted packet, and PID C denotes a motorola encrypted packet. The packet with PID B may now be encrypted with NDS encryption at 610 or encrypted later.

The packets with PIDs B and C are then returned to the system 604 where the packets with PID C are encrypted with motorola encryption at the cable (television) scrambler 612 as directed by the control system 614 associated with the motorola device. The output stream from the cable scrambler 612 then proceeds to another new device, the PID remapper and scrambler 620, which receives the output stream from 612 and remaps the remaining PID a-to-PIDC-bearing packets and encrypts the PID B packets using the NDS encryption algorithm under the control of the control system 624. The output stream at 626 has plain unencrypted packets with PID C and selected packets with PIDC (these selected packets have been copied and encrypted with motorola encryption system) and packets with PID B encrypted with NDS encryption system. This stream is then modulated (e.g., quadrature amplitude modulated and RF modulated) at 628 for distribution over the cable system. The preferred embodiment described above maps unencrypted packets onto PID a to match the scrambled packets on PID C, since the audio and video PIDs retrieved in the conventional Program Specific Information (PSI) are then correct. The control computer, jammer, and legacy set-top boxes are only aware of PID C. Alternatively, the scrambled packets on PID C may be mapped back to PID a, but this may mean editing the automatically generated PSI to map the PID number from PID C back to PID a in PID remapper and scrambler 620.

In the above example, PID remapper and scrambler 620 may also be used to demultiplex PSI information, modify it to reflect the addition of NDS encryption (by using CA descriptors in the PMT), and multiplex the modified PSI information back into the data stream. ECMs that support NDS encryption may also be inserted into the data stream at PID remapper and scrambler 620 (or may be inserted by packet selector/duplicator 610).

Thus, to add NDS encryption (or another encryption system) to a cable system headend using a motorola device, packets are duplicated and PIDs are remapped in the data stream from the satellite descrambler. The remapped PIDs are then used to identify the packets to be scrambled with each CA system. Once legacy system encryption is performed, the plaintext PID is remapped so that plaintext and encrypted packets in the legacy system share the same PID. PID remapping as in 620 and packet selection and replication as in 610 may be implemented with a programmed processor or with a custom or semi-custom integrated circuit such as an application specific integrated circuit or a programmable logic device or a field programmable gate array. Other implementations are possible without departing from the invention.

Fig. 12 illustrates a similar device configuration used when implementing the partial double encryption of the present invention, such as in a Scientific Atlanta based cable (cable tv) headend device. In this embodiment, an HTITS feed or similar feed is received at IRD704, IRD704 including a satellite descrambler 706. It may be a motorola IRT or MPS with only satellite descrambler functionality. The output of satellite descrambler 706 also provides a clear data stream that can be processed by a new packet selector/duplicator 710. the new packet selector/duplicator 710 can select packets to be encrypted, duplicate them, and map the PIDs of the duplicated packets to the new PIDs. Likewise, for example, packets that remain in the clear are assigned PID a, packets encrypted with the new system (e.g., NDS) are assigned PID B, and packets encrypted with the Scientific Atlanta encryption system are assigned PID C. Packets with PID B may be encrypted at this point using the NDS encryption system.

The packet stream is then sent to multiplexer 712 (e.g., a Scientific Atlanta multiplexer), where the packets with PID C are encrypted at 714 using the Scientific Atlanta encryption system under the control of control system 718 associated with multiplexer 712. The data stream is then provided to QAM modulator 720 within multiplexer 712. To properly remap the packets, the QAM modulated signal at the output of multiplexer 712 is provided to a new processor system 724 where the QAM modulated signal is demodulated at QAM demodulator 730 and the clear PID a packets are remapped to PID C at PID remapper 734 controlled by control system 738. Encryption with the NDS encryption algorithm may also be implemented here instead of in 710. The data stream with remapped PIDs and dual partial encryption is then QAM and RF modulated at 742 for distribution over the cable television system.

In the above example, PID remapper and scrambler 734 may also be used to demultiplex PSI information, modify it to reflect the addition of NDS encryption (adding CA descriptors to PMT), and multiplex the modified PSI information back into the data stream. ECMs that support NDS encryption may also be inserted into the data stream at PID remapper and scrambler 734 (or may be inserted by packet selector/duplicator 710). PID remapping and/or scrambling as in 734 and QAM demodulation and QAM modulation as in 730 and 724, respectively, and packet selection and replication as in 710 may be implemented with a programmed processor or with a custom or semi-custom integrated circuit such as an application specific integrated circuit or a programmable logic device or a field programmable gate array. Other implementations are possible without departing from the invention.

The above-described embodiments of the present invention enable a conventional scrambling device to scramble only the desired packets in the elementary stream rather than the entire elementary stream. The PID numbers of packets that are not intended to be scrambled (e.g., PID a) can be utilized to scramble certain packets of the elementary stream. The packet to be scrambled is placed on PID C. The scrambling device will scramble the packets on PID C (packets that have been selected to be scrambled). After scrambling, the unscrambled packets have a PID number that is mapped to the same PID number as the scrambled packet-PID a becomes PID C. A legacy set-top box will receive the elementary stream with scrambled and unscrambled packets.

The packets in these embodiments are processed in the form of streams. The entire stream is sent to a conventional scrambling device for scrambling. This will keep all packets in a precise time-synchronized order. Time jitter may be introduced if packets are extracted from the stream and sent to a conventional scrambling device. The present embodiment avoids this problem by keeping all packets within the stream. This embodiment does not require cooperation from a conventional scrambling equipment provider because the equipment is not involved in remapping packets from PID a to PID C. This remapping is preferred because the PIDs retrieved by PSIs generated by conventional scrambling systems need not be changed. Conventional systems are aware of PID C, but not PID a. The entire elementary stream to be scrambled by a conventional scrambling device can be found on a single PID that has been instructed to scramble it by the scrambling system.

In the above example, the use of NDS as the second encryption system should not be considered limiting. Moreover, although two widely used systems-motorola and Scientific Atlanta are illustrated by way of example, similar modifications to the conventional system may be used to allow PID remapping and dual partial encryption. Generally speaking, the above-described technique involves a process generally depicted as 800 in FIG. 13. A feed is received at 806, which is descrambled when received at 810, resulting in a plaintext data stream of packets. The packets are selected at 814 according to a desired partial double encryption technique (e.g., encrypting only audio, encrypting packets containing PES headers, etc.). At 818, the selected packets are copied and each copy remapped to two new PIDs (e.g., PID B and PID C). The copied packets are then encrypted according to PID (that is, PIDC is encrypted according to the legacy encryption and PID B is encrypted according to the new encryption system) at 822. The plaintext packets (e.g., PID a) are then remapped to the same PID as the legacy encrypted PID (PID c) at 826.

The order in which certain elements of the process of fig. 13 are performed may vary depending on the particular legacy system being modified to accommodate the particular dual encryption arrangement being used. For example, the encryption may be performed with the new encryption system at the time of replication or at a later time when the legacy packet is remapped, as shown in fig. 11 and 12. In addition, various demodulation and re-modulation operations may be performed as needed to accommodate the particular legacy system that is already in place (not shown in fig. 13).

Set-top box implementation

There may be several set-top box implementations within the scope of the present invention. The method used in the head-end to select packets for encryption is STB independent.

Fig. 14 illustrates one such implementation. In this embodiment, packets from tuner and demodulator 904 are provided to demultiplexer 910 of decoder circuit 908. The packets are buffered in memory 912 (e.g., using a unified memory architecture) and processed by the main CPU916 of the STB with software stored in ROM memory 920.

Selected PIDs may be stripped from the incoming transmission by the STB's PID filter, decrypted and buffered into a Synchronous Dynamic Random Access Memory (SDRAM), similar to the initial processing required in a Personal Video Recorder (PVR) application to prepare a transmission to a hard disk drive HDD. The main CPU916 may then "manually" filter the data buffered in the SDRAM to eliminate packets containing unwanted PIDs. This procedure has some significant side effects.

The host overhead is estimated to be about 1% of the CPU bandwidth. In the worst case, this is equal to 40 kbytes/sec for a 15Mbit/s video stream. This reduction is possible because each packet has only 4 bytes evaluated at most, and its location is at 188 byte intervals, so the intervening data does not have to be considered. Thus, individual packet headers in the SDRAM can be directly accessed by a simple memory pointer process. In addition, packets are cached within blocks and evaluated together to reduce host task switching. This will eliminate interference to other tasks as each new packet is received. This may result in increased latency for starting decoding of the stream to have time to fill the cache when the channel changes. This is negligible depending on the allocated SDRAM cache size.

The host filtered packets in the SDRAM buffer are then passed to the a/V queue through an existing hardware DMA for processing and simulating PVR implementations. The filtered packets are then provided to a decoder 922 for decoding.

A second technique for implementation in a set-top box is illustrated in fig. 15. Since the RISC processor a/V decoder module 934 in the decoder circuit 930 processes the partial transport PIDs and strips/concatenates for decoding, the firmware in the decoder IC930 may be altered to exclude individual packets within the partial transport stream according to the criteria in each packet header. Alternatively, demultiplexer 910 may be designed to exclude such packets. The conventionally scrambled packet is still encrypted after passing through the CA module. The removal of the conventional scrambled packets is performed using the decoder IC930 and assuming that the packets encrypted with the new encryption algorithm (e.g., NDS) are immediately adjacent to the conventionally encrypted packets (or at least before the next mainstream video packet), then the removal of the conventional packets effectively completes the merging of the single plaintext stream into the header region and video queue.

Fig. 16 illustrates a third technique for implementing partial encryption in a set-top box. In this embodiment, the PID remapping is performed in a Circuit such as an Application Specific Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA), or Programmable Logic Device (PLD)938, or other custom designed Circuit placed between the tuner and demodulator 904 and the decoder IC 908. In a variation of this embodiment, decoder IC908 may be modified to implement PID remapping in demultiplexer 940. In either case, the conventionally encrypted packets are discarded and the non-conventional packets are remapped at circuit 938 or demultiplexer 940.

The third technique described above may be implemented in one embodiment using the PLD shown in fig. 17. This implementation assumes that there are no more than one encrypted packet of a particular PID occurring in succession, and therefore may be modified to accommodate strings of packets such as those encrypted with the M and nth encryption arrangements described above (as will be described later). The input stream passes through a PID identifier 950, which is used to demultiplex the input stream according to PID. The continuity of the primary PID packet is checked at 958. If a continuity error is detected, the error is noted and the counter is reset at 960.

The original input packet stream contains packets labeled with multiple PIDs. The PID identifier 950 separates packets with two PIDs of interest (primary, secondary PIDs) from all other packets. This capability is extensible to handle multiple PID pairs. Other packets are routed directly to the modified output stream. This process can result in a clock delay of three or four bytes.

The PID identifier 950 routes the packet with the secondary PID to the continuity count checker 945, which verifies the sequence integrity of the PID. Any errors are noted 956, but the specific handling of the errors is not relevant to understanding the present invention. The sequential values of the packets are reserved for use in checking the order of subsequent packets. The packets with the master PID are subjected to a corresponding continuity check 958 with an independent master count, again recording any errors at 960.

The secondary flag of the secondary packet is checked 962. This boolean indicator is used to keep track of whether a sub-packet has been processed since the last plaintext packet. More than one sub-packet between plaintext packets is an error in this embodiment and is labeled at 964. The presence of the secondary packet is remembered by setting a secondary flag at 966.

The continuation counter of the secondary packet is changed at 968 to accommodate the sequence of plaintext packets. The data for this replacement comes from the value used to verify the continuity of the main flow at 958. The modified packets are sent out at 968 and combined into a modified stream that constitutes the output stream.

After the packets for the master PID have been continuity checked, at 958, they are distinguished, at 970, by a scramble flag in the header. If it is a disturbed packet, the primary flag is queried at 974. The primary flag boolean indicator is used to remember whether an encrypted primary packet has been processed since the last plaintext packet. More than one primary encrypted packet between plaintext packets is an error in this embodiment, marked at 976 before the packet is discarded at 978. The presence of the encrypted primary packet is remembered by setting the primary flag at 980. If there are no downstream consumers for the encrypted primary packet, it may be discarded at 978. In some cases, the packet may have to proceed (in which case its consecutive count may use the next consecutive value that was discarded).

If the primary PID violation test at 970 detects a clear packet, the status of the primary and secondary flags are tested at 984. The valid condition is both unset at the same time and set at the same time because the encrypted packets should appear in matched pairs. Sequences with only one and no other should be marked as erroneous at 988. However, in this embodiment, the order of appearance is irrelevant. It should be noted that there may be other ways to mark the primary packet for deletion in addition to the scrambling bit (e.g., transport _ priority) bit in the transport header. Also, no bits, such as simple location information of the primary packet before or after the secondary packet, may be used as an indicator for replacement.

The PID value of the plaintext packet with the primary PID is changed to the secondary PID at 922 before being output in the modified output stream. Alternatively, the secondary PID packet can be remapped to the primary PID value. The content can be decoded when the correct PID (primary or secondary PID) is provided to the decoder in order to decode the content. The presence of the plaintext packet also clears the primary and secondary boolean flags.

In all of the proposed embodiments, even when a series of primary packets are marked for replacement, secondary packets can be inserted at positions adjacent to the primary packet to be replaced. However, in some cases, partial disruption of the head-end equipment may be facilitated if multiple encrypted packets can be inserted into the stream without a intervening packet. To accommodate multiple consecutive encrypted packets (such as with the mth and nth partial encryption methods), a count match test function may be used instead of using the primary and secondary flags. Thus, instead of units 962, 964, and 966, the secondary encrypted packet count may be increased. Instead of units 970, 974, 976 and 980, the primary encrypted packet count may be increased. Element 984 may be replaced by comparing the primary and secondary encrypted packet counts to ensure that the same number of encrypted packets are received on both the primary and secondary paths. Instead of clearing the flag at 992, the count may be cleared. With this variation, multiple encrypted packets may be received in succession and the received numbers compared to monitor the integrity of the data stream. Other variations will occur to those skilled in the art.

The functionality described above in connection with fig. 17 may be integrated into an a/V decoder chip that functions similar to commercially available Broadcom family 70xx or 71xx decoders used in commercial set-top boxes. Fig. 18 illustrates a block diagram for such a decoder chip, wherein the functionality already provided in commercial chips is substantially unchanged. In general, commercial decoder chips desire a one-to-one correspondence between PIDs and program components (e.g., audio or video).

The decoder described in fig. 18 can handle primary and secondary PIDs for primary audio, primary video, and secondary video for picture-in-picture (PiP) functions through a connection to the central processor of the STB to allow multiple PIDs to be programmed into the decoder. In this embodiment, the original data stream is received by packet classifier 1002, and classifier 1002 can provide a function similar to that described above in connection with fig. 17 for demultiplexing the packet stream according to PID. The decoder of figure 18 preferably implements the PID classification function of 1002 with hard-wired logic circuits rather than programmed software. For example, the program guide and stream navigation information are output for use by the main processor of the STB. Packets associated with the main audio program are buffered in FIFO1006, decrypted in decryptor 1010, and then buffered at 1014 for retrieval by MPEG audio decoder 1018 when needed. The decoded MPEG audio is then provided as output from a decoder.

In a similar manner, packets associated with the main video program are buffered in FIFO1024, decrypted in decryptor 1028, and then buffered at 1032 for retrieval by MPEG video decoder 1036 as needed. The decoded MPEG video for the main channel is then provided to a synthesizer 1040 and thereafter provided as an output from the decoder. Similarly, packets associated with pip video are buffered in FIFO1044, decrypted in decryptor 1048, and then buffered at 1052 for retrieval by MPEG video decoder 1056 as needed. The decoded MPEG video for the picture-in-picture channel is then provided to a compositor 1040 where it is combined with the main channel video and thereafter provided as a decoded video output from the decoder. Other packets not associated with the main channel or picture-in-picture channel are discarded. Of course, other functions may be included in or deleted from the decoder chip without departing from embodiments of the present invention.

Conclusion

As previously mentioned, to thwart the long-lasting threat of hackers, several of the above partial encryption arrangements may be combined to further enhance security. For example, critical packet encryption may be used in any combination with SI encryption, mth and N, random encryption, time slicing, and other techniques to further enhance security. In one embodiment, as many packets as possible may be encrypted within the available bandwidth. The amount of encryption may depend on whether the content is regular programming or pay content (such as pay-per-view or VOD), whether it is an adult program or regular movie, and the level of security that different cable operators find satisfactory to operate. It will be appreciated by those skilled in the art that there are many other combinations that may be used to further enhance the security of encryption without departing from the invention.

The invention has been described in relation to a digital a/V system encoded using MPEG2 in its many embodiments above. Thus, the multiple packet names and protocols specifically described relate to MPEG2 encoding and decoding. However, those skilled in the art will recognize that the concepts disclosed and claimed herein should not be viewed as limiting. The same or similar techniques may be used in any digital cable television system without limitation to the MPEG2 protocol. Moreover, the techniques of the present invention may be used in any other suitable content delivery scenario, including (but not limited to) terrestrial broadcast-based content delivery systems, internet-based content delivery, such as, for example, in DirectV^TMSatellite-based content delivery systems such as Digital Satellite Services (DSS) used in the system, and packet media (e.g., CDs and DVDs). These various alternatives are considered equivalents in this document and the exemplary MPEG2 cable television embodiment should be considered as an illustrative exemplary embodiment.

In addition, the present invention has been described in terms of using a television set-top box to decode partially encrypted television programs. However, the present decoding mechanism may equally be implemented in a television receiver that does not require a STB or in a music player such as an MP3 player. These embodiments are considered to be equivalent.

Furthermore, although the present invention has been described in terms of providing dual partial encryption mechanisms for television programs using the above-described encryption techniques, these partial encryption techniques may also be used as a single encryption technique or for multiple encryption under more than two encryption systems without limitation. More than two encryption systems may be used for additional duplicate packets to be encrypted. Alternatively, the encryption key for one of the duplicate packets may be shared among multiple encryption systems. Furthermore, although only encryption of television programming is specifically disclosed, the present invention may also be used for single or double encryption of other content, including, but not limited to, content downloaded from the internet or other networks, music content, packetized media content, and other types of information content. Such content may be played on a variety of playback devices without departing from the present invention, including but not limited to Personal Digital Assistants (PDAs), personal computers, personal music players, audio systems, audio/video systems, and the like.

Those skilled in the art will recognize that the present invention has been described in terms of an exemplary embodiment that may be implemented using a programmed processor. However, the invention is not to be so limited, since the invention may be implemented by hardware equivalents such as special purpose hardware and/or dedicated processors which are equivalents to the invention as described and claimed. Similarly, general purpose computers, microprocessor based computers, micro-controllers, optical computers, analog computers, dedicated processors and/or dedicated hard wired logic may be used to construct alternative equivalent embodiments of the present invention.

It will be appreciated by those skilled in the art that the program steps and associated data used to implement the embodiments described above may be implemented using disk memory and other forms of memory such as, for example, Read Only Memory (ROM), Random Access Memory (RAM) devices, optical memory elements, magnetic memory elements, magneto-optical memory elements, flash memory, core memory and/or other equivalent storage techniques without departing from the invention. These alternative forms of memory device are considered equivalent.

The present invention, as described in embodiments herein, may be implemented by a programmed processor executing programming instructions that are broadly described above in flow chart form that can be stored on any suitable electronic storage medium or transmitted over any suitable electronic communication medium. However, those skilled in the art will recognize that the processes described above may be implemented in many variations and in many suitable programming languages without departing from the present invention. For example, the order of certain operations carried out can often be varied, and additional operations can be added or operations can be deleted without departing from the invention. Error trapping can be added and/or enhanced and user interfaces and information presentation can be changed without departing from the invention. These variations are considered to be equivalent.

While the invention has been described in conjunction with specific embodiments thereof, it is evident that many alternatives, modifications, variations and variations will be apparent to those skilled in the art in light of the foregoing description. Accordingly, the present invention is intended to embrace all such alternatives, modifications and variances which fall within the scope of the appended claims.

Claims

1. A packet identifier remapping device, comprising:

a demodulator that demodulates a stream of modulated packets, wherein the stream of modulated packets includes clear packets with a first packet identifier, encrypted packets with a second packet identifier, and encrypted packets with a third packet identifier, wherein prior to encryption, packets corresponding to the encrypted packets with the second packet identifier are the same as packets corresponding to the encrypted packets with the third packet identifier; and

a remapper that changes the packet identifier such that a plaintext packet with a first packet identifier and an encrypted packet with a second packet identifier have the same packet identifier,

wherein the encrypted packet with the third packet identifier is encrypted using a different algorithm than the algorithm used to encrypt the encrypted packet with the second packet identifier.

2. The packet identifier remapping device of claim 1, further including a multiplexer to combine the remapped packet with an encrypted packet having a third packet identifier to produce the output stream of packets.

3. The packet identifier remapping apparatus of claim 1, wherein the modulated packet stream further includes packets containing system information, and the packet identifier remapping apparatus further includes means for modifying the system information to identify encryption information for encrypted packets with a third packet identifier.

4. A packet identifier remapping method comprising the steps of:

demodulating a modulated stream of packets, wherein the modulated stream of packets includes clear packets with a first packet identifier, encrypted packets with a second packet identifier, and encrypted packets with a third packet identifier, wherein prior to encryption, packets corresponding to the encrypted packets with the second packet identifier are the same as packets corresponding to the encrypted packets with the third packet identifier; and

remapping the packet identifiers such that a plaintext packet with a first packet identifier and an encrypted packet with a second packet identifier have the same packet identifier,

5. The packet identifier remapping method of claim 4 further comprising the steps of:

the packets having the remapped packet identifiers are combined with the encrypted packets having the third packet identifier to produce an output stream of packets.

6. The packet identifier remapping method of claim 4 wherein the modulated packet stream further includes packets containing system information, and

the packet identifier remapping method further comprises the steps of:

the system information is modified to identify encryption information for the encrypted packet with the third packet identifier.