Method for converting a conditional access content and receiver for the implementation for said method

Abstract

A method is disclosed for converting a conditional access content. This method includes receiving, by a cryptographic module of a first receiver, the content encrypted according to the first encryption mode; choosing a first entry data of the combination of the first encryption mode choosing a second entry data of the combination of the second encryption mode inverting the first and second input data in order to process the content received by the cryptographic module of the first receiver, this processing including a decryption operation according to the first encryption mode, by using the entry data corresponding to the second encryption mode, and to process the content obtained during the previous processing step, this processing including an encryption operation according to the second encryption mode, by using the entry data corresponding to the first encryption mode.

Claims

1. A method for converting a conditional access content having been encrypted in order to be able to be decrypted by a first receiver, by using a first encryption mode involving a commutative combination using at least two input data, in content encrypted in order to be able to be decrypted by a second receiver using a second encryption mode involving a commutative combination using at least two input data, said first encryption mode being different from the second encryption mode, said method including the following steps: receiving, by a cryptographic module of said first receiver, said content encrypted according to the first encryption mode; choosing a first entry data of said combination of the first encryption mode, this first entry data being required for decrypting the content starting from the encrypted content and by using the first encryption mode; choosing a second entry data of said combination of the second encryption mode, this second entry data being required for encrypting the content starting from the clear content and by using the second encryption mode; inverting said first and second input data in order to: process the content received by the cryptographic module of the first receiver, this processing comprising a decryption operation according to the first encryption mode, by using said entry data corresponding to the second encryption mode, and to process the content obtained during the previous processing step, this processing comprising an encryption operation according to the second encryption mode, by using said entry data corresponding to the first encryption mode.

2. The method of claim 1, wherein said first and second encryption modes are selected among: a Cipher Block Chaining encryption (CBC); a Propagating Cipher Block Chaining encryption (PCBC); an encryption based on a counter (CTR; CounTeR); a Cipher Feedback encryption (CFB); an Output Feedback encryption (OFB); a Counter Cipher Feedback Encryption Mode (CCFB); an encryption according to the mode XEX (Xor-Encrypt-Xor); and an encryption according to the XTS mode (XEX-based tweaked codebook mode with cipher text stealing).

3. The method of claim 1, wherein said commutative operations are chosen among an exclusive Or (XOR), an addition, a symmetrical encryption or a multiplication.

4. The method of claim 1, wherein the first encryption mode is an encryption mode based on a counter (CTR), wherein the second encryption mode is a Cipher Block Chaining encryption mode (CBC), wherein the commutative operations for the two encryption modes are an exclusive OR, wherein said first entry data is a block (B1*.sub.(CTR)) encrypted according to a first encryption mode, received by the first receiver, wherein the second entry data is the result of the decryption according to the Cipher Block Chaining encryption mode (CBC) of the previous block, wherein the result of the decryption according to the Cipher Block Chaining encryption mode (CBC) of the previous block is used as entry data during a decryption operation according to the Counter Based encryption mode (CTR) and wherein the encrypted block (B.sub.1*(CTR)) forming said first entry data is used as entry data for the encryption according to the second encryption mode.

5. The method of claim 4, wherein, if the result of the decryption according to the Cipher Block Chaining encryption mode (CBC) of the previous block is not available, this result is replaced with an initialization vector (IV).

6. The method of claim 1, wherein the first encryption mode is a Cipher Feedback encryption mode (CFB) and wherein the second encryption mode is an Output Feedback encryption mode (OFB).

7. The method of claim 6, wherein said first entry data is a block (B.sub.1*(CFB)) encrypted according to a first encryption mode, received by the first receiver, wherein the second entry data is the result of the encryption according to the Output Feedback encryption (OFB), of a value resulting from the encryption of an initial value associated with said exit Output Feedback encryption mode (OFB) by an encryption key associated with this encryption mode.

8. The method of claim 7, wherein, if said value resulting from the encryption of an initial value associated with said Output Feedback encryption mode (OFB) by an encryption key associated with this encryption mode is not available, this value is replaced by the result of an encryption of an initialization vector by said encryption key associated with the Output Feedback encryption mode (OFB).

9. A first receiver comprising: storage storing computer-readable instructions: one or more processors configured to execute the computer-readable instructions such that the one or more processors are configured to, convert a conditional access content having been encrypted in order to be able to be decrypted by the first receiver, by using a first encryption mode involving a commutative combination using at least two input data, into content encrypted in order to be able to be decrypted by a second receiver using a second encryption mode involving a commutative combination using at least two input data, such that the converting includes, receiving content encrypted according to the first encryption mode; choosing a first entry data of said combination of the first encryption mode, the first entry data being required for decrypting the content starting from the encrypted content and by using the first encryption mode; choosing a second entry data of said combination of the second encryption mode, the second entry data being required for encrypting the content starting from the clear content and by using the second encryption mode, the second encryption mode being different than the first encryption mode; and inverting said first and second entry data in order to, process the received content by performing a decryption operation according to the first encryption mode, using the second entry data, to generate first processed content, and process the first processed content by performing an encryption operation according to the second encryption mode, using the first entry data.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) This invention and its advantages will be better understood with reference to the enclosed drawings and to the detailed description of a particular embodiment, in which:

(2) FIGS. 1 to 4 are explanatory diagrams illustrating the encryption and the decryption according to two encryption/decryption modes known from prior art;

(3) FIG. 5 shows a conversion process for conditional access content known from prior art;

(4) FIG. 6 shows, in a schematic way, one of the possible embodiments of the method for converting content according to this invention;

(5) FIG. 7 shows the decryption of content according to a known decryption mode of prior art;

(6) FIG. 8 represents the encryption of content according to another encryption mode of prior art;

(7) FIG. 9 shows a method for converting content known from prior art; and

(8) FIG. 10 shows, in a schematic way, another possible embodiment of converting a content according to this invention.

MODES FOR THE REALISATION OF THE INVENTION

(9) FIGS. 1 to 4 and 7 to 8 describe encryption/decryption modes well known from the prior art. These encryption/decryption modes are examples of modes usable in the process of the invention and are represented in order to allow a better comprehension of the invention.

(10) FIG. 1 shows an encryption mode based on a counter, known under the acronym CTR (CounTeR). In this encryption mode, content to be encrypted is separated in blocks B.sub.i having a predefined fixed size. Each block is encrypted in an independent way from other blocks. Each block needs the use of an initial value VI.sub.i generally formed from a nonce N (Number Used Only Once), i.e. a random number used only once, and a counter value C.sub.i that can be incremented for each consecutive block.

(11) This initial value VI is encrypted by means of a symmetrical encryption algorithm Alg.sub.1 and by a key K.sub.1. The initial value thus encrypted is then combined with a block B.sub.1 to be encrypted. The combination is done by means of a commutative operation, written , in such a way that XB.sub.1=B.sub.1X. Such an operation is for example an exclusive OR (XOR), an addition, a symmetrical encryption or a multiplication. The result of this combination gives an encrypted block B.sub.1*.

(12) As previously mentioned, in the CTR encryption mode, each block is encrypted independently from the other blocks, the nonce N, the key K.sub.1, the symmetrical encryption algorithm Alg.sub.1 and the combination being in principle the same for each block.

(13) FIG. 2 shows the decryption of the block B.sub.1* encrypted by means of the CTR encryption mode. For decryption, it is sufficient to use the same steps as for encryption, replacing the unencrypted block B.sub.1 used for the encryption, by the encrypted block B.sub.1*.

(14) FIG. 3 shows an encryption mode known under the acronym CBC (Cipher Block Chaining). According to this encryption mode, the content to be encrypted is separated in blocks B.sub.i having a predefined fixed size. The encryption of the first block is generally done by using an initialization vector IV having the same dimension as the block to be encrypted. According to the CBC algorithm such as illustrated in FIG. 3, the first block to be encrypted B.sub.1 is combined with the initialization vector IV. As in the CTR mode, this combination is a commutative operation, for example an exclusive OR (XOR) or an addition.

(15) The result of this combination is encrypted by means of a symmetrical encryption algorithm Alg.sub.2 and a key K.sub.2, obtaining an encrypted block (B.sub.1). This encrypted block has the same size as the unencrypted block.

(16) The encryption of a second block B.sub.2 is done similarly to the encryption of the first block, by replacing the first block B.sub.1 to be encrypted by the second block B.sub.2 to be encrypted and the initialization vector IV by the first encrypted block B.sub.1. The method proceeds in this way for each of the blocks.

(17) It can be seen that it is necessary to know the result of the encryption of a determined block for being able to encrypt the following block.

(18) The decryption of an encrypted block by means of the CBC mode is disclosed schematically by FIG. 4. The first encrypted block B.sub.1 is first processed by means of the symmetrical encryption algorithm Alg.sub.2 and of the key K.sub.2. The result of this processing is combined with the initialization vector IV. The result of this combination gives the decrypted block B.sub.1.

(19) For the following encrypted block B.sub.2, the method proceeds in the same way as for block B.sub.1, replacing the encrypted block B.sub.1 to be decrypted by the encrypted block B.sub.2 and the initialization vector IV by the encrypted block B.sub.1.

(20) The initialization vector IV is the same as that used for the encryption. The commutative operation , the encryption key K.sub.2 and the symmetrical encryption algorithm Alg.sub.2 are also the same as those used during the encryption.

(21) FIG. 5 shows a conversion mode known from prior art, in which content having been encrypted according to a first encryption mode, here CTR, is received by a first receiver in which the content is converted into content which can be decrypted by using a second encryption mode, here CBC in a second receiver. In this embodiment, a first block, noted B.sub.1*(CTR), encrypted according to the CTR encryption mode, is received by the first receiver. The reception of the blocks is symbolized by an arrow pointing in direction of the block. The block B.sub.1*(CTR) is first decrypted by using the CTR encryption mode. This decryption is done according to the principle explained with reference to FIG. 2. The content is thus present unencrypted in the first receiver, at the end of the decryption. This unencrypted content is indicated with B.sub.1 unencrypted. The unencrypted content is then encrypted by using the CBC encryption mode, in the way described with reference to FIG. 3. In this way, the content obtained at the exit of the first receiver can be transmitted to a second receiver in encrypted form, this second receiver being capable of obtaining the unencrypted content if it has the rights and other elements required for the decryption of the content.

(22) The content obtained by reencryption with the CBC mode is indicated with B.sub.1(CBC) and carries an arrow pointing away from the block, symbolizing the fact that the block can leave the cryptographic module of the first receiver.

(23) In this embodiment, the following block is processed in a similar way to the first block, by replacing the entering block B.sub.1*(CTR) by an entering block B.sub.2*(CTR) and the initialization vector IV by the result of the processing of the previous block, i. e. the block indicated with B.sub.1(CBC) in FIG. 5. For each entering block encrypted according to the CTR mode, there is an exit block, encrypted according to the CBC mode. The content is available unencrypted during the conversion.

(24) In the method of the invention disclosed in FIG. 6, unlike the methods of the prior art such as that described for example with reference to FIG. 5, the content is at no time available unencrypted in the first receiver. As in the embodiment explained with reference to FIG. 5, two sets of operations are chained so that the result of the first set of operations is used as entry of the second set of operations.

(25) In the embodiment disclosed by this FIG. 6, content encrypted according to the CTR process, indicated with B.sub.1*(CTR), is received by the first receiver. The initial value VI.sub.1 having served to encrypt this content, both the key K.sub.1 and the encryption algorithm Alg.sub.1 are known.

(26) The initial value VI.sub.1 is encrypted with the encryption algorithm Alg.sub.1 and the encryption key K.sub.1 in a cryptographic module of the decoder, to give an encrypted counter value. Instead of combining this encrypted counter value with the encrypted content B.sub.1*(CTR), which would lead to obtaining the unencrypted content, this encrypted counter value is combined with an initialization vector IV as it is used in the framework of the encryption according to the CBC mode.

(27) This combination is done by means of the commutative operation having served for the encryption for obtaining the encrypted block B.sub.1*(CTR). The result of this combination gives an encrypted block indicated with B^.sub.1*. This encrypted block B^.sub.1* is combined with the encrypted content B.sub.1*(CTR) received by the first receiver, this combination having the same properties as the combinations mentioned previously.

(28) The result of the combination is then processed by means of the symmetrical encryption algorithm Alg.sub.2 previously mentioned and by the encryption key K.sub.2. The result of this encryption leads to content B.sub.1(CBC) that can be decrypted by a receiver knowing the key K.sub.2, the symmetrical encryption algorithm Alg.sub.2 and by using the CBC encryption mode.

(29) When a following block, indicated with B.sub.2*(CTR), has to be processed so as to be converted into a block which can be decrypted according to the CBC mode, the block B.sub.2*(CTR) is first received by the first receiver. Like for the first block, the initial value VI.sub.2 is processed by means of the algorithm indicated with Alg.sub.1 and the key K.sub.1. The result of this processing is combined with the exit block of the previous conversion, i. e. with the block indicated with B.sub.1(CBC). This combination leads to an encrypted block indicated with B^.sub.2*. This encrypted block is combined with the input block B.sub.2*(CTR), then the result of this combination is encrypted by means of the algorithm indicated with Alg.sub.2 and the key K.sub.2. The result gives an encrypted block which may be decrypted by the CBC mode.

(30) The method takes place similarly for the following blocks and it can be seen that to each block entering, encrypted according to the CTR mode, corresponds an exiting block encrypted according to the CBC mode. It can also be seen that at no moment of the method, unencrypted blocks of content are available in the receiver.

(31) In summary, the decryption according to one encryption mode, for example CTR, followed by the encryption according to another encryption mode, for example CBC, uses two combinations which are commutative operations. For each of the combinations, two input data are used for being combined among them and lead to an exit data. In the method of the invention, two values, corresponding to an entry data of each of the combinations, are inverted in relation to the succession of the decryption according to an encryption mode, followed by the encryption according to another encryption mode. This inversion means that the unencrypted content is at no time available in the first receiver, but that it can be obtained by a decryption in the second receiver.

(32) FIGS. 7 to 10 concern another example of the conversion method of the invention, using encryption/decryption modes different from the CBC and CTR modes. FIG. 7 shows the decryption of content having been encrypted by a mode known under the denomination of CFB (Cipher Feedback; retroaction encryption). According to this mode, an initialization vector VI.sub.(CFB) and an encryption key K.sub.3 are used as entry values of an encryption algorithm Alg.sub.3. The initialization vector VI.sub.(CFB) is encrypted by the encryption algorithm Alg.sub.3, with the encryption key K.sub.3.

(33) The result of this encryption is combined with an encrypted block B.sub.1*(CFB), which leads to an unencrypted block of content B.sub.1, this unencrypted block corresponding to the content of the encrypted block B.sub.1*(CFB). The encrypted block B.sub.1*(CFB) is used as entry value, with the encryption key K.sub.3, for the encryption algorithm Alg.sub.3 during the following iteration. The result of the encryption by the algorithm Alg.sub.3, by the key K and by the block B1*(CFB) is combined with an encrypted block B.sub.2* to be decrypted. This combination leads to an unencrypted block B.sub.2, corresponding to the decryption of the encrypted block B.sub.2*. The method proceeds thus further, with at each step or at each iteration, the use of the encrypted block received during the previous iteration as entry value of the algorithm Alg.sub.3, with the encryption key K.sub.3.

(34) FIG. 8 represents an encryption of content by means of a known encryption mode under the denomination OFB (Output Feedback). In this encryption mode, an initialization vector VI.sub.(OFB) is used with an encryption key K.sub.4 as entry of an encryption algorithm Alg.sub.4. The initialization vector VI.sub.(OFB) is encrypted by the algorithm Alg.sub.4 with the encryption key K.sub.4. The result of this encryption is combined with an unencrypted block B.sub.1 of content to be encrypted. The result of this combination gives an encrypted block B.sub.1*.

(35) To encrypt the following block, the method explained above is reiterated with, instead of the initialization vector VI.sub.(OBF), the result of the encryption of this initialization vector by the algorithm Alg.sub.4 with the encryption key K.sub.4.

(36) FIG. 9 shows an example for conversion of content which initially has been encrypted by using an encryption mode CFB and which has to be converted in order to be able to be processed by a receiver using an OFB encryption mode. This conversion example corresponds to an embodiment which might be used in the prior art. In this embodiment, the content is decrypted by using the CFB mode, as it has been described with reference to FIG. 7. The decrypted content is then encrypted by using the encryption mode OFB as described with reference to FIG. 8. The content appears unencrypted after the decryption step.

(37) In this example, an initialization vector VI.sub.(CFB) is encrypted by means of an encryption algorithm Alg.sub.3 and of an encryption key K.sub.3. The result of this encryption is combined, by means of a commutative operation such as defined with reference to the previous examples, with a block of encrypted content B1*.sub.(CFB), received by the receiver in charge of the conversion. This block of encrypted content has been encrypted of course according to a CFB encryption mode. The result of the combination of the encrypted block B1*.sub.(CFB) with the encrypted initialization vector leads to a block B.sub.1 corresponding to the unencrypted content of the encrypted block B.sub.1*.

(38) The method proceeds further with the encryption of the block thus decrypted, so as to encrypt it according to the encryption mode OFB. For this purpose, an initialization vector of the OFB mode, indicated VI.sub.(OFB), is first encrypted by means of an encryption algorithm Alg.sub.4 and a key K.sub.4. The result of this encryption is combined with the unencrypted block B.sub.1, obtained during the previous decryption according to the CFB mode. In this way, one obtains a block of encrypted content, indicated B1*.sub.(OFB), this content being encrypted according to the OFB mode, the unencrypted content having given this encrypted block being identical to the unencrypted content having given the block encrypted according to the encryption mode CFB. The method proceeds further in the same way as previously, by replacing, at each iteration, the initialization vector of the CFB mode by the block of encrypted content received by the receiver during the previous iteration, and by replacing the initialization vector of the OFB mode by the result coming from the encryption by the algorithm Alg.sub.4 and the key K.sub.4, of the result obtained during the previous iteration.

(39) FIG. 10 represents an example of conversion of content initially encrypted by a CFB encryption mode, in a format which can be decrypted by a CFB decryption mode. Unlike the embodiment of FIG. 9, corresponding to an embodiment which could be used in the prior art, in the embodiment of the invention such as Illustrated to the FIG. 10 the content never appears unencrypted during conversion.

(40) In a first step of the method, an initialization vector associated with the encryption mode CFB, VI.sub.(CFB) is encrypted with an encryption key K.sub.3 by means of an encryption algorithm Alg.sub.3. The result of this encryption is combined, not with a block of encrypted content as in the case of FIG. 9, but with the result of the encryption of an initialization vector associated with the encryption according to the OFB encryption mode, indicated with VI.sub.(OFB), by an algorithm Alg.sub.4 and an encryption key K.sub.4. The result of this combination is, for its part, combined with an encrypted block B1*.sub.(CFB), corresponding to the unencrypted content B.sub.1, encrypted according to the encryption mode CFB. The result of this combination gives a block encrypted according to the OFB mode, corresponding to the unencrypted content of the block B.sub.1.

(41) The conversion method proceeds further by iteration, one of the input data of the algorithm Alg.sub.3 corresponding to the CFB encryption mode being the block encrypted according to the CFB mode received during the previous iteration and one of the input data of the algorithm Alg.sub.4 corresponding to the OFB encryption mode being the result of the encryption by the key K.sub.4 and the encryption algorithm Alg.sub.4 obtained during the previous iteration. According to this method, one of the elements associated with an encryption mode, here the initialization vector associated with the OFB encryption mode, is used in a conversion step associated with the other encryption mode, here the CFB mode. Likewise, another element associated with the CFB encryption mode, here the content of the encrypted block B1*.sub.(CFB), is used in a step associated with the other OFB encryption mode. By this inversion of the input data, the block to be converted never appears unencrypted in the conversion device, but it results encrypted in order to be able to be used by the related receivers.

(42) The method of the invention has been described with a first example in which the content is received by the first receiver in an encrypted form according to the CTR encryption mode and is sent back to the second receiver in a form encrypted according to the CBC encryption mode. The invention is also described according to a second example in which the content received by the receiver in charge of the conversion has been encrypted according to the CFB encryption mode, then has to be converted in a mode of encryption according to the OFB mode. This invention is not limited to these embodiments. In particular, it can also be used if the CBC and CTR encryption modes are inverted. Likewise, other modes of encryption and decryption can be used, like for example the following: a Cipher Block Chaining encryption (CBC); a Propagating Cipher Block Chaining encryption (PCBC); an encryption based on a counter (CTR; CounTeR); a Cipher Feedback encryption (CFB); an Output Feedback encryption (OFB); a Counter Cipher Feedback Encryption Mode (CCFB); an encryption according to the mode XEX (Xor-Encrypt-Xor); and an encryption according to the XTS mode (XEX-based tweaked codebook mode with cipher text stealing).
as well as their variants. The order in which these encryption modes are used is arbitrary. To make the method of the invention work, it is necessary that the used encryption modes include a commutative operation such as for example an exclusive OR (XOR), a symmetrical encryption, an addition, or a multiplication. It is necessary that the method uses at least two different encryption modes and that the commutative operations are carried out in the first receiver, with input data which are inverted in comparison with a decryption using the encryption mode having led to obtaining the encrypted block received by the first receiver, followed by a reencryption according to an encryption mode destined for the second receiver. This allows to ensure that the content will not be available unencrypted in the first receiver, but that it will be accessible unencrypted in the second receiver, if the latter has the access rights and the required decryption means.

(43) There is a large number of possible variants which allow to reach the object of the invention. In practice, it is relatively simple to verify if a variant works. It is sufficient to introduce encrypted content in the cryptographic module of the first receiver, to process these encrypted content, to verify if the content appear unencrypted during the process and to verify if the content can be decrypted in the cryptographic module of the second receiver. The risk that the method works for a randomly generated block but that it does not work for all the blocks is extremely low. The test with only one block is thus sufficient to determine in a very reliable way if the method can be used or not.

(44) It is possible to use more than two encryption modes, for example three. In this case, the input data of the combinations can be permuted in various ways. The only important thing is that the content do not appear unencrypted in the first receiver.