Provided are an apparatus and a method for processing conditional access system (CAS)-based content. A method of operating a broadcast receiving apparatus includes: receiving a broadcast stream that includes content encrypted based on a CAS; extracting, from the received broadcast stream, CAS information for decrypting the encrypted content; receiving an entitlement control message (ECM) having a preset format based on the CAS information generated in a different format for each broadcasting business operator; and displaying the content decrypted based on the ECM.

The systems and method disclosed herein address introduce identifiers within the individual entitlement management messages (EMMs) addressed to that client that uniquely identify the combination of system and subscriber account to which the client is deployed, and use of them to issue automatic ‘factory reset’ behavior when the client is re-authorized for the new subscriber. In one embodiment, the EMM messages used to trigger the reset behavior are cryptographically signed specifically for the individual client to ensure that such a message cannot be maliciously sent by an untrusted third party. The facility to deliver such a message is already available within the conditional access system (CAS).

Provided are an apparatus and a method for processing conditional access system (CAS)-based content. A method of operating a broadcast receiving apparatus includes: receiving a broadcast stream that includes content encrypted based on a CAS; extracting, from the received broadcast stream, CAS information for decrypting the encrypted content; receiving an entitlement control message (ECM) having a preset format based on the CAS information generated in a different format for each broadcasting business operator; and displaying the content decrypted based on the ECM.

The systems and method disclosed herein address introduce identifiers within the individual entitlement management messages (EMMs) addressed to that client that uniquely identify the combination of system and subscriber account to which the client is deployed, and use of them to issue automatic factory reset behavior when the client is re-authorized for the new subscriber. In one embodiment, the EMM messages used to trigger the reset behavior are cryptographically signed specifically for the individual client to ensure that such a message cannot be maliciously sent by an untrusted third party. The facility to deliver such a message is already available within the conditional access system (CAS).

The present invention provides a conditional access method for an intelligent operating system that comprises a trusted execution environment. A digital TV module acquires all channel messages and a control management message. A media play module distributes a DescramblerId and sends the acquired videoPid, audioPid, casId, ecmPid and emmPid and the descrambler message DescramblerId to a conditional access module. The conditional access module selects a registered conditional access application module according to the casId. The conditional access application module acquires corresponding ecm Data and emm Data from the digital TV module, and sends the ecm Data and emm Data to the conditional access module. The conditional access module sends the messages to a trusted application module. The trusted application module performs parse to acquire EK1, EK2 and ECW. The security chip controls a descrambler corresponding to the DescramblerId to perform descrambling according to the acquired messages.

The present invention provides a conditional access method for an intelligent operating system that comprises a trusted execution environment. A digital TV module acquires all channel messages and a control management message. A media play module distributes a DescramblerId and sends the acquired videoPid, audioPid, casId, ecmPid and emmPid and the descrambler message DescramblerId to a conditional access module. The conditional access module selects a registered conditional access application module according to the casId. The conditional access application module acquires corresponding ecm Data and emm Data from the digital TV module, and sends the ecm Data and emm Data to the conditional access module. The conditional access module sends the messages to a trusted application module. The trusted application module performs parse to acquire EK1, EK2 and ECW. The security chip controls a descrambler corresponding to the DescramblerId to perform descrambling according to the acquired messages.

A method of managing the processing of a digital broadcast transport stream by a multimedia unit identified by a personal identifier. The multimedia unit being connectable to a security module associated to the multimedia unit and/or a server through an IP-connection with a return path. The transport stream comprising scrambled content packets and conditional access messages that are necessary for descrambling the content packets. The method comprises: sending the conditional access messages from the multimedia unit to either the server or the security module; verifying the authentication of the multimedia unit and/or the validity of access rights allocated to the multimedia unit; if the authentication fails, preventing any further processing of the conditional access message; securely obtaining, at the multimedia unit, the control data corresponding to the conditional access messages; and descrambling the audio/video/data content packets using the control data at the multimedia unit.