Provided are an apparatus and a method for processing conditional access system (CAS)-based content. A method of operating a broadcast receiving apparatus includes: receiving a broadcast stream that includes content encrypted based on a CAS; extracting, from the received broadcast stream, CAS information for decrypting the encrypted content; receiving an entitlement control message (ECM) having a preset format based on the CAS information generated in a different format for each broadcasting business operator; and displaying the content decrypted based on the ECM.

Systems and methods for providing playback features to a device are disclosed. A manifest may be generated, which may comprise data associated with a content asset. A state file may be generated, which may comprise data associated with the manifest. Using one or more of the manifest and the state file, a device may modify segments of the content asset or may playback segments of the content asset.

Systems and methods for providing playback features to a device are disclosed. A manifest may be generated, which may comprise data associated with a content asset. A state file may be generated, which may comprise data associated with the manifest. Using one or more of the manifest and the state file, a device may modify segments of the content asset or may playback segments of the content asset.

This disclosure relates to, among other things, systems and methods for the secure management and distribution of electronic content over broadcast communication channels. Certain embodiments disclosed herein may allow for implementation of a multi-tenant conditional access system whereby a client device may configure itself between multiple broadcast service operators. Robust key generation and management techniques are also described that may use a derived key structure to protect control words used to descramble broadcast content, providing additional measures of security and implementation redundancy.

Provided is a method for protecting an encrypted control word. The method includes: receiving a hardware security module entitlement management message and an encrypted control word transmitted from a main chip, where the hardware security module entitlement management message includes a key for decrypting the encrypted control word; decrypting, based on the hardware security module entitlement management message and a hardware security module root key stored in the hardware security module, the encrypted control word to obtain a control word; reencrypting the control word based on a re-encryption key stored in the hardware security module to obtain a reencrypted control word; and transmitting the reencrypted control word to the main chip, so that the main chip decrypts, based on a main chip entitlement management message transmitted from the front end, the reencrypted control word to obtain the control word.

Provided is a method for protecting an encrypted control word. The method includes: receiving a hardware security module entitlement management message and an encrypted control word transmitted from a main chip, where the hardware security module entitlement management message includes a key for decrypting the encrypted control word; decrypting, based on the hardware security module entitlement management message and a hardware security module root key stored in the hardware security module, the encrypted control word to obtain a control word; reencrypting the control word based on a re-encryption key stored in the hardware security module to obtain a reencrypted control word; and transmitting the reencrypted control word to the main chip, so that the main chip decrypts, based on a main chip entitlement management message transmitted from the front end, the reencrypted control word to obtain the control word.

A digital broadcast receiving apparatus capable of executing a function with a higher added value is provided. A broadcast receiving apparatus configured to receive broadcasting data on digital broadcasting is used. The broadcast receiving apparatus includes: a broadcast receiving unit configured to receive broadcasting data containing coded video data regarding a broadcasting program of the digital broadcasting and control information for the broadcasting program; a video decoding unit configured to decode the coded video data received by the broadcast receiving unit to reproduce program video information; a display unit configured to display the program video information reproduced by the video decoding unit; a communication unit configured to transmit viewing permission request data to a predetermined portable information terminal in a case where a broadcasting program that a user of the broadcast receiving apparatus desires to view is a program on which viewing limit is to be imposed, the communication unit being configured to receive response data from the portable information terminal, the response data responding to the viewing permission request data; an authentication information storing unit configured to store terminal identification information and authentication information, the predetermined portable information terminal being allowed to be identified by the terminal identification information; and a control unit. The control unit is configured to: control the video decoding unit or the display unit so as not to limit viewing of the broadcasting program that the user of the broadcast receiving apparatus desires to view in a case where the response data received by the communication unit indicates a display permission response and both of terminal identification information and authentication information contained in the display permission response respectively coincide with the terminal identification information and the authentication information stored in the authentication information storing unit; and control the video decoding unit or the display unit so as to limit the viewing of the broadcasting program that the user of the broadcast receiving apparatus desires to view in a case where any of the terminal identification information and the authentication information contained in the display permission response does not coincide with corresponding one of the terminal identification information and the authentication information stored in the authentication information storing unit even though the response data received by the communication unit indicates the display permission response.

A digital broadcast receiving apparatus capable of executing a function with a higher added value is provided. A broadcast receiving apparatus configured to receive broadcasting data on digital broadcasting is used. The broadcast receiving apparatus includes: a broadcast receiving unit configured to receive broadcasting data containing coded video data regarding a broadcasting program of the digital broadcasting and control information for the broadcasting program; a video decoding unit configured to decode the coded video data received by the broadcast receiving unit to reproduce program video information; a display unit configured to display the program video information reproduced by the video decoding unit; a communication unit configured to transmit viewing permission request data to a predetermined portable information terminal in a case where a broadcasting program that a user of the broadcast receiving apparatus desires to view is a program on which viewing limit is to be imposed, the communication unit being configured to receive response data from the portable information terminal, the response data responding to the viewing permission request data; an authentication information storing unit configured to store terminal identification information and authentication information, the predetermined portable information terminal being allowed to be identified by the terminal identification information; and a control unit. The control unit is configured to: control the video decoding unit or the display unit so as not to limit viewing of the broadcasting program that the user of the broadcast receiving apparatus desires to view in a case where the response data received by the communication unit indicates a display permission response and both of terminal identification information and authentication information contained in the display permission response respectively coincide with the terminal identification information and the authentication information stored in the authentication information storing unit; and control the video decoding unit or the display unit so as to limit the viewing of the broadcasting program that the user of the broadcast receiving apparatus desires to view in a case where any of the terminal identification information and the authentication information contained in the display permission response does not coincide with corresponding one of the terminal identification information and the authentication information stored in the authentication information storing unit even though the response data received by the communication unit indicates the display permission response.

A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.

A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.