(19) United States (12) Patent Application Publication (10) Pub

US 20080095364Al (19) United States (12) Patent Application Publication (10) Pub. No.: US 2008/0095364 A1 Candelore et al. (43) Pub. Date: Apr. 24, 2008

(54) PARTIAL ENCRYPTION (60) Provisional application No. 60/296,673, ?led on Jun. 6, 2001. Provisional application No. 60/304,241, ?led (76) Inventors: Brant L. Candelore, Escondido, CA on Jul. 10, 2001. Provisional application No. 60/304, (US); Robert Allan Unger, El Cajon, 131, ?led on Jul. 10, 2001. Provisional application CA (US); Leo M. PedloW JR., No. 60/343,710, ?led on Oct. 26, 2001. Ramona, CA (US) Publication Classi?cation Correspondence Address: MILLER PATENT SERVICES (51) Int. Cl. 2500 DOCKERY LANE H04N 7/167 (2006.01) RALEIGH, NC 27606 (US) (52) US. Cl...... 380/212 (21) Appl. No.: 12/001,561 (57) ABSTRACT (22) Filed: Dec. 12, 2007 Related US. Application Data A multiple partial encryption device consistent With certain embodiments has an input for receiving a unencrypted video (60) Continuation of application No. 11/903,809, ?led on signal. An encryption arrangement produces a partially Sep. 25, 2007, Which is a continuation of application multiple encrypted video signal from the unencrypted video No. 11/282,139, ?led on Nov. 18, 2005, noW Pat. No. signal. An output provides the partially multiple encrypted 7,319,753, Which is a division of application No. video signal. This abstract is not to be considered limiting, 10/037,499, ?led on Jan. 2, 2002, noW Pat. No. since other embodiments may deviate from the features 7,151,831. described in this abstract.

CABLE SYSTEM 122 [36 HEAD END TELEVISION I 128 / SET-TOP BOX MANUFACTURER - A SYSTEM TELEVISION IN FORMATION CONDITIONAL SET ACCESS CLEAR VIDEO SYSTEM - A

CLEAR AUDIO CABLE SYSTEM 40) PROGRAM 136 SPECIFIC / INFORMATION TELEVISION ' \129 SET-TOP BOX CONDITIONAL MANUFACTURER - B ACCESS TELEVISION SYSTEM - A CONDITIONAL SET ACCESS CONDITIONAL SYSTEM - B ACCESS I SYSTEM - B\ 140 j 124 Patent Application Publication Apr. 24, 2008 Sheet 1 0f 16 US 2008/0095364 A1

.QIv mm moi“:5E

Skk- Patent Application Publication Apr. 24, 2008 Sheet 2 0f 16 US 2008/0095364 A1

\wv 31

mm mm?

/ ow

.QEN

mm?

~5689>1 SE96<- 2596/m- v2.)9E m9] izoEazoo $52Al1 4

$\ Al (I \ ml /ovw

/ 8

wow oNN

SEEOONEO_n__Own_w J2.0. Patent Application Publication Apr. 24, 2008 Sheet 4 0f 16 US 2008/0095364 A1

NEXT PACKET YES I l 262 PACKET PACKET I ENCRYPTION ENCRYPTION \_ A B FIG. 4 C EA

INSERTINTO [264 254\ OUTPUT EB REMAP PID _ STREAM Secondary PID \ STREAM|—->OUTPUT CCCCCCEAEBCCCCC'

\ I / \ I I Primary PID Primary PID

NEXT PACKET PRIMARY Pl D SECONDARY PACKET? Pl D PACKET?

292 REMAP PID ENCRYPTED? @ .. DECRYPT f 296 288 , 278 NO J, DROP / SEND PACKET TO PAC KET DECODER L FIG. 5 Patent Application Publication Apr. 24, 2008 Sheet 5 0f 16 US 2008/0095364 A1

/own XOmmOPFww d

, ovl/

O 0") mm

ZO_ww< .OZOOmw/ womlj+ mSE55,/- 5210011O?zOmmw 0mmwrm wwm / Al Patent Application Publication Apr. 24, 2008 Sheet 6 0f 16 US 2008/0095364 A1

NEXT PACKET PACKET?SELECT YES l 358 i 350 f PACKET PACKET ENCRYPTION ENCRYPTION A B FIG. 7 EA 362 J 354 366 \ INSERT INTO f OUTPUT 4 EB REMAP PID STREAM Secondary PID -\ STREAML-—->OUTPUT CCCCCCEAEBCCCCCC

Primary PID Primary PID

370 374 NEXT PACKET NO EA PACKET? EB PACKET?

384 I /— DROP \_DECRYPT 380 PACKET ;

REMAP PID 388-/ l FIG. 8 EDECODER 4— 378 Patent Application Publication Apr. 24, 2008 Sheet 7 0f 16 US 2008/0095364 A1

vvv

mm wmw

\ov

0 q.

Jomw

/ , M4040Own=> 5“)8v 4

Patent Application Publication Apr. 24, 2008 Sheet 11 0f 16 US 2008/0095364 A1

1 FIG. 13 RECEIVE F FEED 806 l

DESCRAMBLE \ 810

SELECT PACKETS FOR 814 "' DUAL ENCRYPTION i DUPLICATE SELECTED ICOO O PACKETS AND REMAP SELECTED PACKETS TO TWO \ NEW PIDS 818 i DUAL ENCRYPT REMAPPED /- PACKETS ACCORDING TO 822 P|D l REMAP CLEAR PACKETS TO '\ SAME PID AS LEGACY 826 ENCRYPTED PACKETS l Patent Application Publication Apr. 24, 2008 Sheet 12 0f 16 US 2008/0095364 A1

85521120202N6|\ \50z_<_>_# > Q6.

,fNS2m\ Ill:69$0085 _>_Om2302.52 0E5.88%B3E@9509 105330050z_mmaoowamwxwi?simoAl A 8.5226aim“; 8985832%9amwtammwknm 0GE1 8m C8\ >803655cm ExomaumEEEow Ewza595._ Patent Application Publication Apr. 24, 2008 Sheet 13 0f 16 US 2008/0095364 A1

@258 ‘Imczzooxo 52¢28628%?N6 \\

> mwooowa09%. EmzE $582203 . E5@9509 3mf$50809 3m2m .\

o8 GE2‘mwtpmwmEnm

4 M396 Patent Application Publication Apr. 24, 2008 Sheet 14 0f 16 US 2008/0095364 A1

@252855521N6\\

$562203 . 3.5;@9509

US 2008/0095364 A1 Apr. 24, 2008

PARTIAL ENCRYPTION that pulls the signal from the air and delivers it to a demodulator, Which in turn provides video to a display and CROSS REFERENCE TO RELATED audio to speakers. In a cable system the modulated channels DOCUMENTS are carried over a cable. There may also be an in-band or [0001] This application is continuation of US. application out-of-band feed of a program guide indicating What pro Ser. No. 11/903,809 ?led Sep. 25, 2007 Which is a continu grams are available and the associated tuning information. ation of application Ser. No. 10/282,139 ?led Nov. 18, 2005 The number of cable channels is ?nite and limited by Which is a division of US. application Ser. No. 10/037,499 equipment/cable bandWidth. Cable distribution systems ?led Jan. 2, 2002 (US. Pat. No. 7,151,831), and further require a signi?cant capital investment and are expensive to claims priority bene?t of US. provisional patent application upgrade. Ser. No. 60/296,673 ?led Jun. 6, 2001 to Candelore, et al. [0005] Much of television content is valuable to its pro entitled “Method for Allowing Multiple CA Providers to ducers, therefore copyright holders Want to control access Interoperate in a Content Delivery System by Sending Video and restrict copies. Examples of typically protected material in the Clear for Some Content, and Dual Carriage of Audio include feature ?lms, sporting events, and adult program and Dual Carriage of Video and Audio for Other Content”, ming. Conditional access (CA) systems are used to control and provisional patent application Ser. No. 60/304,241 ?led availability of programming in content delivery systems Jul. 10, 2001 to Unger et al., entitled “Independent Selective such as cable systems. CA systems come as matched setsi Encryptions of Program Content for Dual Carriage”, and one part is integrated into the cable system headend and provisional patent application Ser. No. 60/304,131 ?led Jul. encrypts premium content, the other part provides decryp 10, 2001 to Candelore et al., entitled “Method for AlloWing tion and is built into the set-top boxes (STB) installed in Multiple CA Providers to Interoperate in a Content Delivery user’s homes. Several CA systems are used in the cable System by Partial Scrambling Content on a Time Slice industry including those provided by NDS (N eWport Beach, Basis” and to US. provisional patent application Ser. No. Calif.), Motorola (Schaumberg, Ill.) and Scienti?c Atlanta 60/343,710, ?led on Oct. 26, 2001 to Candelore et al., (Atlanta, Ga.). This matched set aspect of CA systems has entitled “Television Encryption Systems”, docket number the effect that the “legacy” vendor is locked in as the SNY-R4646.01 entitled “Critical Packet Partial Encryption” supplier of additional STBs. Since the various technologies to Unger et al. This application is also related to Ser. No. for conditional access are not mutually compatible (and are 10/038,217; docket number SNY-R4646.02 entitled “Time often proprietary), any neW potential supplier is forced to Division Partial Encryption” to Candelore et al., Ser. No. license the legacy CA. Thus, the cable operator ?nds itself 10/038,032; docket number SNY-R4646.03 entitled unable to acquire neWer technology or competing technol “Elementary Stream Partial Encryption” to Candelore et al., ogy from other set-top box manufacturers since the tech Ser. No. 10/037,914; and docket number SNY-R4646.05 nology oWners are often unWilling to cooperate, or charge entitled “Decoding and Decrypting of Partially Encrypted reasonable license fees. This in?exibility can be especially Information” to Unger et al., Ser. No. 10/037,498. These troublesome When cable companies With disparate CA sys patent applications are hereby incorporated by reference tems are merged. Service providers Would like more than herein. one source for STBs for any number of reasons. COPYRIGHT NOTICE [0006] Once a cable operator picks an encryption scheme, it is dif?cult to change or upgrade the content encryption [0002] A portion of the disclosure of this patent document scheme Without introducing a backWard compatible decod contains material Which is subject to copyright protection. ing device (eg set-top box). Providing multiple mode The copyright oWner has no objection to the facsimile capability in neW set-top boxes to handle multiple encryp reproduction of the patent document or the patent disclosure, tion systems can add substantial cost to any neW set-top box, as it appears in the Patent and Trademark Of?ce patent ?le providing that the technology can be made available to the or records, but otherWise reserves all copyright rights What STB vendor to provide the multiple decryption capability. soever. [0007] The only knoWn current option to avoiding domi FIELD OF THE INVENTION nation by the legacy vendor (short of Wholesale replace [0003] This invention relates generally to the ?eld of ment) is using “full dual carriage”. Full dual carriage means encryption systems. More particularly, this invention relates that transmission is duplicated for each encrypted pro to systems, methods and apparatus for providing partial gram4once for each type of CA encryption to be used. To encryption and decryption of digital of television signals. provide full dual carriage, the headend is enhanced to provide each form of CA simultaneously. Legacy STBs BACKGROUND OF THE INVENTION should not be impacted and should continue to perform their function despite any change. HoWever, full dual carriage [0004] Television is used to deliver entertainment and often comes at an unpalatable price because of the band education to vieWers. The source material (audio, video, Width impact, thus reducing the number of unique programs etc.) is multiplexed into a combined signal Which is then available. Generally, the number of premium channels suf used to modulate a carrier. This carrier is commonly knoWn fers so that the number of options available to the vieWer are as a channel. (A typical channel can carry one analog limited and the value that can be provided by the cable program, one or tWo high de?nition (HD) digital program(s), operator is restricted. or several (e.g. nine) standard de?nition digital programs.) In a terrestrial system, these channels correspond to gov [0008] A conventional cable system arrangement is ernment assigned frequencies and are distributed over the depicted in FIG. 1. In such a system, the cable operator air. The program is delivered to a receiver that has a tuner processes audio/video (A/V) content 14 With CA technology US 2008/0095364 A1 Apr. 24, 2008

from manufacturerA (system A) using CA encryption equip [0016] FIG. 4 is a How chart of a dual encryption process ment 18 compliant With system A at the cable system consistent With certain embodiments of the present inven headend 22. The encrypted A/V content along With system tion. information (SI) 26 and program speci?c information (PSI) 27 is multiplexed together and transmitted over the cable [0017] FIG. 5 is a How chart of a decryption process consistent With certain embodiments of the present inven system 32 to a user’s STB 36. STB 36 incorporates decrypt tion. ing CA equipment from system A (manufacturer A) 40 that decrypts the A/V content. The decrypted A/V content can [0018] FIG. 6 is a block diagram of a system consistent then be supplied to a television set 44 for vieWing by the With an embodiment of the present invention in Which user. portions of programming are dual encrypted on a packet [0009] In a cable system such as that of FIG. 1, digital basis. program streams are broken into packets for transmission. [0019] FIG. 7 is a How chart of a dual encryption process Packets for each component of a program (video, audio, consistent With certain embodiments of the present inven auxiliary data, etc.) are tagged With a packet identi?er or tion. PID. These packet streams for each component of all pro grams carried Within a channel are aggregated into one [0020] FIG. 8 is a How chart of a decryption process composite stream. Additional packets are also included to consistent With certain embodiments of the present inven provide decryption keys and other overhead information. tion. OtherWise unused bandWidth is ?lled With null packets. [0021] FIG. 9 is a block diagram of a system consistent BandWidth budgets are usually adjusted to utiliZe about 95% With an embodiment of the present invention in Which of the available channel bandWidth. system information is encrypted and programming is sent in [0010] Overhead information usually includes guide data the clear. describing What programs are available and hoW to locate [0022] FIG. 10 is a block diagram of a generic system the associated channels and components. This guide data is consistent With various embodiments of the present inven also knoWn as system information or SI. SI may be delivered tion. to the STB in-band (part of the data encoded Within a channel) or out-of-band (using a special channel dedicated [0023] FIG. 11 is a block diagram ofa ?rst embodiment of to the purpose). Electronically delivered SI may be partially implementation of an encryption system consistent With duplicated in more traditional formsigrids published in embodiments of the present invention in a cable system neWspapers and magaZines. headend. [0011] In order for a vieWer to have a satisfying television [0024] FIG. 12 is a block diagram of a second embodiment experience, it is generally desirable that the vieWer have of implementation of an encryption system consistent With clear access to both audio and video content. Some analog embodiments of the present invention in a cable system cable systems have used various ?ltering techniques to headend. obscure the video to prevent an unauthorized vieWer from [0025] FIG. 13 is a How chart of an overall encryption receiving programming that has not been paid for. In such a process used to implement certain embodiments of the system, the analog audio is sometimes sent in the clear. In the Motorola VideoCipher 2 Plus system used in C-band present invention in a cable system headend. satellite transmissions, strong digital audio encryption is [0026] FIG. 14 is a block diagram ofa ?rst embodiment of used in conjunction With a relatively Weak protection of the a set-top box implementation of a decoding system consis analog video (using sync inversion). In airline in-?ight tent With embodiments of the present invention. movie systems, the availability of audio only through rental of headphones has been used to provide the full audio and [0027] FIG. 15 is a block diagram of a second embodiment of implementation of a decoding system consistent With video only to paying customers. embodiments of the present invention in a cable system BRIEF DESCRIPTION OF THE DRAWINGS STB. [0012] The features of the invention believed to be novel [0028] FIG. 16 is a block diagram of a third embodiment are set forth With particularity in the appended claims. The of implementation of a decoding system consistent With invention itself hoWever, both as to organization and method embodiments of the present invention in a cable system of operation, together With objects and advantages thereof, STB. may be best understood by reference to the folloWing detailed description of the invention, Which describes certain [0029] FIG. 17 illustrates the PID remapping process exemplary embodiments of the invention, taken in conjunc carried out in one embodiment of a set-top box PID re tion With the accompanying draWings in Which: mapper. [0013] FIG. 1 is a block diagram of a conventional con [0030] FIG. 18 is a block diagram of an exemplary ditional access cable system. decoder chip that can be utiliZed in a television set-top box [0014] FIG. 2 is a block diagram of a system consistent consistent With the present invention. With one embodiment of the present invention in Which dual encrypted audio is transmitted along With clear video. DETAILED DESCRIPTION OF THE INVENTION [0015] FIG. 3 is a block diagram of a system consistent With an embodiment of the present invention in Which [0031] While this invention is susceptible of embodiment portions of programming are dual encrypted according to a in many different forms, there is shoWn in the draWings and time slice mechanism. Will herein be described in detail speci?c embodiments, With US 2008/0095364 Al Apr. 24, 2008

the understanding that the present disclosure is to be con the decoder located in the set-top box can readily determine sidered as an example of the principles of the invention and Which packets are to be decrypted using the decryption not intended to limit the invention to the speci?c embodi method associated With that set-top box, as Will be clear ments shoWn and described. In the description beloW, like upon consideration of the folloWing description. The pro reference numerals are used to describe the same, similar or cesses used to manipulate PIDs Will be described later in corresponding parts in the several vieWs of the draWings. greater detail. The terms “scramble” and “encrypt” and variations thereof [0036] The encryption techniques described herein can be are used synonymously herein. Also, the term “television broadly categoriZed (according to one categorization) into program” and similar terms can be interpreted in the normal three basic variationsiencrypting just a major portion (i.e. conversational sense, as Well as a meaning Wherein the term audio), encrypting just the Si, and encrypting just selected means any segment of A/V content that can be displayed on packets. In general, each of the encryption techniques used a television set or similar monitor device. in the embodiments disclosed herein seek to encrypt por OvervieW tions of the an A/V signal or associated information While leaving other portions of the A/V signal in the clear to [0032] Modern digital cable netWorks generally use CA systems that fully encrypt digital audio and video to make conserve bandWidth. BandWidth can be conserved because the same clear portion can be sent to all varieties of set-top programming inaccessible except to those Who have prop erly subscribed. Such encryption is designed to thWart boxes. Various methods are used to select the portions of hackers and non-subscribers from receiving programming information to be encrypted. By so doing, certain of the various embodiments of this invention eliminate the tradi that has not been paid for. HoWever, as cable operators Wish tional “brute-force” technique of encrypting the entire con to provide their subscribers With set-top boxes from any of tent in one speci?c scrambling scheme, Which predicates the several manufacturers, they are frustrated by the need to redundant use of bandWidth if alternate scrambling schemes transmit multiple copies of a single program encrypted With multiple encryption technologies compliant With the CA are desired. In addition, each of the partial dual encryption schemes described herein can be used as a single partial systems of each STB manufacturer. encryption scheme Without departing from embodiments of [0033] This need to carry multiple copies of the program the present invention. ming (called “full dual carriage”) uses up valuable band [0037] The various embodiments of the invention use Width that could be used to provide the vieWer With addi tional programming content. Certain embodiments several processes, alone or in combination, to send substan tial portions of content in the clear While encrypting only a consistent With the present invention address this problem in small amount of information required to correctly reproduce Which the bandWidth requirements to provide an equivalent the content. Therefore the amount of information transmit to multiple carriage are minimized. The result could be ted that is uniquely encrypted in a particular scrambling described as “Virtual Dual Carriage” since the bene?ts of full dual carriage are provided Without the full bandWidth scheme is a small percentage of the content, as opposed to the entire replication of each desired program stream. For cost. Several embodiments consistent With the present purposes of the exemplary systems in this document, invention are presented herein to accomplish effective par encryption system A Will be considered the legacy system tial scrambling. These embodiments vary by the criteria used throughout. Each of the several encryption techniques to select the portion to encrypt. The portion selected in turn described above Will noW be described in detail. affects the additional bandWidth requirements and the effec tiveness of the encryption. It may be desirable to use one [0038] The various embodiments of the invention alloW encryption process or several processes in combination in a each participating CA system to be operated independently. manner consistent With embodiments of the present inven Each is orthogonal to the other. Key sharing in the headend tion. is not required since each system encrypts its oWn packets. Different key epochs may be used by each CA system. For [0034] Certain of the implementations of partial dual example, packets encrypted With Motorola’s proprietary encryption described herein utiliZe an additional (secondary) encryption can use fast changing encryption keys using the PID for each duplicated component. These secondary PIDs embedded security ASIC, While packets encrypted With are used to tag packets that carry duplicated content With an NDS' smart card based system use slightly sloWer changing additional encryption method. The PSI is enhanced to con keys. This embodiment Works equally Well for Scienti?c vey information about the existence of these neW PIDs in Atlanta and Motorola legacy encryption. such a Way that inserted PIDs are ignored by legacy STBs but can be easily extracted by neW STBs. Encrypted Elementary Stream [0035] Some implementations of partial dual encryption [0039] Turning noW to FIG. 2, one embodiment of a involve duplicating only certain packets tagged With a given system that reduces the need for additional bandWidth to PID. Methods for selecting Which packets to encrypt are provide multiple carriage is illustrated as system 100. In this detailed hereinafter. The original (i.e. legacy) PID continues embodiment, the system takes advantage of the fact that to tag the packets encrypted With legacy encryption as Well vieWing television programming Without audio is usually as other packets sent in the clear. The neW PID is used to tag undesirable. While there are exceptions (e.g., adult program packets encrypted by the second encryption method. Packets ming, some sporting events, etc.), the typical vieWer is With the secondary PID shadoW the encrypted packets unlikely to accept routine vieWing of television program tagged With the primary PID. The packets making up the ming Without being able to hear the audio. Thus, at headend encrypted pairs can occur in either order but, in the preferred 122, the video signal 104 is provided in the clear (unen implementation, maintain sequence With the clear portion of crypted) While the clear audio 106 is provided to multiple the PID stream. By use of the primary and secondary PIDs, CA systems for broadcast over the cable netWork. In the