US20060182279A1

Movatterモバイル変換

Info

Publication number: US20060182279A1
Application number: US11/398,406
Authority: US
Inventors: Jun Maruo; Atsushi Kagami
Original assignee: Sony Electronics Inc
Current assignee: Sony Electronics Inc
Priority date: 2000-03-29
Filing date: 2006-04-04
Publication date: 2006-08-17
Also published as: AU2001250908A1; WO2001074071A1; US7146007B1

Abstract

An apparatus and method thereof for providing a secure path for a digital signal in an intelligent transceiver such as a bi-directional set-top box. A digital signal (e.g., a broadcast signal or a signal received via a cable modem) is received by the intelligent transceiver at a front-end device (comprising, for example, a tuner). The digital signal is descrambled (if it is scrambled) and encrypted (if it is not encrypted) by a first functional block (e.g., an interface card or point of deployment) coupled to the front-end device. Coupled to the front-end device via the first functional block is a second functional block for processing (e.g., decoding) audio and/or visual content within the digital signal. Integrated into the second functional block is a decryption engine for decrypting encrypted signals. Signals from the front-end device are received via the first functional block by the decryption engine integral to the second functional block. There are no points between the first functional block and the decryption engine and between the decryption engine and the second functional block at which a descrambled and decrypted signal can be intercepted, thus providing a secure interface between the front-end device and the second functional block.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS

This is a continuation of U.S. patent application Ser. No. 09/538,568 filed March 29, 2000.

BACKGROUND OF THE INVENTION

Digital broadcast systems include direct broadcast digital satellite systems, interactive World Wide Web (“Web”) access systems, and digital cable systems. Digital broadcasting provides a number of advantages to subscribers, such as variety and flexibility of programming, useful and comprehensive support services (such as detailed electronic programming guides), and superior audio and video quality.

The Conditional Access (CA) function of a digital broadcast system allows selective access, for a fee, to premium services such as pay-per-view movies and events. The producers of the movies, events, etc., require that access to the premium services be controlled in order to protect their commercial interests as well as to enforce copyrights and protect copyright ownership. The digital broadcast system operators (also referred to as Multiple System Operators, MSOs) also have a commercial interest in limiting access to these premium services to authorized users only.

Subscribers receive digital broadcasts (including satellite, cable and Web broadcasts) via set-top boxes or other similar consumer electronic equipment located in the subscriber's home. With a bi-directional set-top box, in addition to receiving broadcasts, a subscriber can transmit messages to the MSO. Using the bi-directional set-top box (generally, a “transceiver” or “intelligent transceiver”), the subscriber selects a premium service, and the subscriber's selection as well as information needed for billing purposes is transmitted to the MSO. In a common implementation, a “smart card” stores the information needed for billing, and on a periodic basis (perhaps once per month) an automatic connection is made between the transceiver and the MSO so that the billing information can be transmitted to the MSO.

Digital broadcast content is vulnerable to unauthorized use and duplication (“pirating”) while it is being broadcast, or after it has been received and is being processed. For example, during broadcast, the signal could be intercepted and displayed (or duplicated and rebroadcast) using a transceiver not provided by the MSO. On the other hand, even when a transceiver provided by the MSO is used, the signal could be diverted within the transceiver so that the smart card is bypassed. In either case, copyrights are circumvented. In addition, the MSO is unaware of the unauthorized use and so does not have the information needed to collect the fees it is owed.

To prevent unauthorized use, MSOs typically broadcast a scrambled signal. The signal is descrambled in the transceiver using a key provided by the MSO in the smart card. Once descrambled, the signal is encrypted in the transceiver. However, even when such security measures are employed in an attempt to prevent pirating, sophisticated methods are available to circumvent them.

Prior ArtFIG. 1 is a block diagram showing some of the elements in one embodiment of a prior art transceiver (e.g., a set-top box) (for clarity, not all of the elements of the set-top box are shown). Front-end unit20 of the set-top box comprises a tuner (not shown), as well as other devices known in the art, for receiving a digital broadcast signal90. Coupled to front-end unit20 is point of deployment (POD)10.POD10 typically is adapted to receive a smart card (not shown) that, as described above, can be used to provide billing information to the MSO. The smart card also typically contains a key provided by the MSO that is used to descramble digital broadcast signal90.POD10 includes a descrambling/encryption unit40 that uses the key provided by the MSO to descramble broadcast signal90 (if the signal is scrambled). Descrambling/encryption unit40 also encrypts the signal (if the signal is not encrypted). It is appreciated that, in other prior art embodiments, descrambling/encryption unit40 may consist of separate elements, one for descrambling and one for encrypting.

Front-end unit20 also includesdecryption unit50 for decrypting an encrypted broadcast signal before the signal is sent to audio/visual (A/V)decoder30. A/V decoder30 is used for demultiplexing the signal and for decoding, for example, MPEG (Moving Picture Experts Group) video signals and/or Dolby AC3 audio signals.

Thus, in this prior art embodiment, digital broadcast signal90 is received by the set-top box at front-end unit20 and forwarded toPOD10. Broadcast signal90 is descrambled by descrambling/encryption unit40. Once descrambled, broadcast signal90 is encrypted to prevent unauthorized duplication. Further downstream in the set-top box, broadcast signal90 is decrypted usingdecryption unit50 so that it can be decoded (e.g., MPEG or AC3 decoding) inAN decoder30, and subsequently processed so that it can be viewed and/or listened to by an authorized subscriber.

A problem with this prior art embodiment is that, betweendecryption unit50 andAN decoder30, broadcast signal90 is transmitted in the clear at point12 (that is, it is not scrambled nor is it encrypted at this point). Thus, atpoint12, broadcast signal90 can be intercepted and duplicated. As a digital signal, it is possible to make near perfect copies which can be readily distributed to unauthorized parties (e.g., rebroadcast via the Internet, copied onto a compact disk, etc.). While the MSO may receive payment for a one-time use, subsequent use by unauthorized users is made without proper compensation to the MSO or the copyright owners.

Prior ArtFIG. 2 illustrates some of the elements in another embodiment of a prior art set-top box (for clarity, not all of the elements are shown). Front-end unit120, descrambling/encryption unit140,POD110,decryption unit150, and A/V decoder130 each function in a manner as described above in conjunction withFIG. 1. In this embodiment,decryption unit150 is moved out of front-end unit120 and closer toAN decoder130. Even so, there still remains apoint14 at whichbroadcast signal190 is transmitted in the clear and can be intercepted by an unauthorized user.

Thus, the prior art is problematic because the descrambled and decrypted signal that is output from the decryption unit may be intercepted and pirated by an unauthorized user between the front-end device and the functional block (e.g., the A/V decoder).

SUMMARY OF THE INVENTION

Accordingly, what is needed is an apparatus and/or method that can prevent pirating of a descrambled and decrypted digital signal between a front-end device and a subsequent functional block (e.g., an audio/video decoding block). What is also needed is an apparatus and/or method that can address the above need and that can be implemented in a transceiver (e.g., a set-top box) used in a digital broadcast system.

The present invention includes an apparatus and method thereof that satisfy the above needs. These and other advantages of the present invention not specifically mentioned above will become clear within discussions of the present invention presented herein.

The present invention pertains to an apparatus and method thereof for providing a secure path for a digital signal in, for example, an intelligent transceiver such as a bi-directional set-top box. In the present embodiment, the present invention comprises an integrated circuit device with a functional block and a decryption engine integrated therein. The integrated circuit device (specifically, the decryption engine) receives an encrypted digital signal. The decryption engine is configured to decrypt the encrypted digital signal and to supply the decrypted digital signal to the functional block. There is not a point between the decryption engine and the functional block at which the digital signal is in the clear (e.g., descrambled and decrypted) and is externally accessible, thereby providing a physically secure interface between the integrated circuit device and the functional block.

In one embodiment, a digital signal is received by an intelligent transceiver at a front-end device (comprising, for example, a tuner). The digital signal is descrambled (if it is scrambled) and encrypted (if it is not encrypted) by a first functional block (e.g., an interface card or point of deployment) coupled to the front-end device. Coupled to the front-end device via the first functional block is a second functional block used for processing (e.g., decoding) audio and/or visual (A/V) content within the digital signal. Integrated into the second functional block is a decryption engine used for decrypting encrypted signals. Digital signals from the front-end device are received via the interface card (or point of deployment) by the decryption engine integral to the A/V decode block. There are no points between the interface card (point of deployment) and the decryption engine nor between the decryption engine and the A/V decode block at which a descrambled and decrypted signal can be intercepted, thus providing a secure interface between the front-end device and the A/V decode block.

In one embodiment, the digital signal is an audio/visual media signal delivered to the intelligent transceiver using, for example, a terrestrial line (e.g., a cable system), the World Wide Web (e.g., a connection to the Internet), or a wireless transmission (e.g., a satellite broadcast).

In one embodiment, the encrypted signal is encrypted using an encryption routine compliant with the Data Encryption Standard Electronic Code Book (DES ECB).

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the present invention are illustrated by way of example and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:

FIG. 1 shows a block diagram showing one embodiment of a prior art set-top box according to the conventional art.

FIG. 2 shows a block diagram showing another embodiment of a prior art set-top box according to the conventional art.

FIG. 3A shows a block diagram of one embodiment of an intelligent transceiver upon which embodiments of the present invention may be practiced.

FIG. 3B shows a block diagram of another embodiment of an intelligent transceiver upon which embodiments of the present invention may be practiced.

FIG. 3C shows a perspective illustration of one embodiment of an intelligent transceiver upon which embodiments of the present invention may be practiced.

FIG. 3D shows a perspective illustration of another embodiment of an intelligent transceiver upon which embodiments of the present invention may be practiced.

FIG. 4 shows a block diagram of one embodiment of an intelligent transceiver in accordance with the present invention.

FIG. 5 shows a flowchart of the steps in a process for providing a secure path for a data signal in accordance with one embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

In the following detailed description of the present invention, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will be recognized by one skilled in the art that the present invention may be practiced without these specific details or with equivalents thereof. In other instances, well known methods, procedures, components, and circuits have not been described in detail as not to unnecessarily obscure aspects of the present invention.

Some portions of the detailed descriptions which follow are presented in terms of procedures, logic blocks, processing, and other symbolic representations of operations on data bits within an intelligent electronic media device. These descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. A procedure, logic block, process, etc., is herein, and generally, conceived to be a self-consistent sequence of steps or instructions leading to a desired result. The steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these physical manipulations take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated in a consumer electronic media device. For reasons of convenience, and with reference to common usage, these signals are referred to as bits, values, elements, symbols, characters, terms, numbers, or the like with reference to the present invention.

It should be borne in mind, however, that all of these terms are to be interpreted as referencing physical manipulations and quantities and are merely convenient labels and are to be interpreted further in view of terms commonly used in the art. Unless specifically stated otherwise as apparent from the following discussions, it is understood that throughout discussions of the present invention, discussions utilizing terms such as “receiving” or “encrypting” or “decrypting” or “descrambling” or “decoding” or the like, refer to the action and processes (e.g.,process500 ofFIG. 5) of an electronic device such as a microcontroller or similar electronic computing device (e.g., dedicated or embedded computer system) that manipulates and transforms data. The data are represented as physical (electronic) quantities within the electronic device's registers and memories and is transformed into other data similarly represented as physical quantities within the electronic device memories or registers or other such information storage, transmission, or display screens.

The present invention is described in the context of an intelligent transceiver (e.g., a set-top box) that can be used as part of a digital broadcast system. However, it is appreciated that the present invention may be utilized in other types of devices including consumer electronic devices where it may be necessary to decrypt and encrypt a digital signal.

FIG. 3A is a block diagram of one embodiment of an intelligent transceiver300 (e.g., a set-top box) upon which embodiments of the present invention may be practiced.Intelligent transceiver300 receives digital broadcast signal370 from a digital broadcaster (not shown). Digital broadcast signal370 is a media signal comprising audio and video content. Digital broadcast signal370 can be delivered tointelligent transceiver300 using any of the various mechanisms currently in use or envisioned, such as a terrestrial line (e.g., a cable system), the World Wide Web (e.g., a connection to the Internet), or a wireless transmission (e.g., a satellite broadcast). In accordance with the present invention, a number of different digital broadcast signal formats in use or envisioned can be used, such as the Advanced Television Systems Committee (ATSC) digital television format.

In the present embodiment,intelligent transceiver300 includes front-end block310 coupled tobus305,conditional access block330 coupled to front-end block310 andbus305, audio/video (A/V)decode block340 coupled toconditional access block330 andbus305, graphics block350 coupled to A/V decode block340 andbus305, andcentral processing unit360 coupled tobus305.Conditional access block330, also referred to as a point of deployment (POD) or an interface card, is adapted to receivesmart card325.

Bus

305 is an internal address/data bus for communicating digital information between the functional blocks ofintelligent transceiver300. In the present embodiment, front-end block310 contains one or more tuners for receiving digital broadcast signal370. For example, in one embodiment, front-end block310 can contain a tuner for receiving a wireless transmission (e.g., a satellite broadcast) and another tuner for receiving a cable transmission. Front-end block310 can also include a device (e.g., a modem) that allows a telephone or digital subscriber line (DSL) connection to be made to the World Wide Web so that a broadcast signal can be received via the Internet.

In the present embodiment,central processing unit360 contains a processor (not shown) for processing information and instructions.Central processing unit360 also may contain random access memory, read only memory, one or more caches, a flash memory and the like (not shown) for storing information and instructions.

Smart card

325 stores information needed by a cable system operator or digital broadcast system operator (e.g., a Multiple System Operator, MSO) in order to bill a subscriber for services used by the subscriber (for example, the viewing of a pay-per-view movie or event). Typically,smart card325 also includes a key that is used to descramble digital broadcast signal370 (if the signal is scrambled). In the present embodiment,smart card325 is inserted intoconditional access block330; however, it is appreciated that in other embodimentssmart card325 may be coupled in a -different manner to intelligent transceiver300 (for example, it may be inserted into either front-end block310 or A/V decode block340). Using the key fromsmart card325,conditional access block330 descrambles digital broadcast signal370.

Because digital broadcast signal370 has been descrambled, the signal must be encrypted in order to prevent its unauthorized use and duplication. In the present embodiment,conditional access block330 contains an encryption engine (not shown) that encrypts digital broadcast signal370. In one embodiment, the encryption engine uses a well-known DES ECB (Data Encryption Standard Electronic Code Book) encryption routine and a key length of 56 bits. However, it is appreciated that other well-known and commercially available encryption routines and different key lengths may be used in accordance with the present invention. It is further appreciated the encryption engine may be incorporated elsewhere inintelligent transceiver300, such as in front-end block310.

In accordance with the present invention, A/V decode block340 is an integrated circuit device comprising a functional block and adecryption engine345 integrated therein.Decryption engine345 is integral with A/V decode block340 (that is, as a single integrated circuit, or “chip”) and coupled to front-end block310 viaconditional access block330. In the present embodiment, the link betweenconditional access block330 and A/V decode block340 (specifically, decryption engine345) is separate frombus305; that is, there is a direct connection betweenconditional access block330 anddecryption engine345 that bypassesbus305.

Decryption engine

345 decrypts an encrypted signal (e.g., digital broadcast signal370) received by A/V decode block340. The output ofdecryption engine345 is a decrypted digital signal that is “in the clear.” The signal in the clear is transmitted within A/V decode block340 for decoding. The signal in the clear is never transmitted outside the physical block comprising A/V decode block340 anddecryption engine345.

Thus, there is not a point for intercepting a signal that is in the clear (e.g., a decrypted and descrambled signal) betweenconditional access block330 anddecryption engine345, nor is there a point betweendecryption engine345 and ANdecode block340 where an in-the-clear signal can be externally accessed and intercepted. Therefore, the present invention provides a secure interface betweenconditional access block330 anddecryption engine345 and also betweendecryption engine345 and ANdecode block340, and thus between front-end block310 and ANdecode block340. As such, the present invention can prevent pirating of a descrambled and decrypted digital signal.

In the present embodiment, ANdecode block340 receives encrypted digital broadcast signal370 fromconditional access block330, decrypts the signal usingdecryption engine345, and decodes the video content and the audio content of digital broadcast signal370. In the present embodiment, an MPEG (Moving Pictures Experts Group) video decoder and an AC3 (Digital Dolby) audio decoder are used; however, it is appreciated that other video or audio decoders can be used in accordance with the present invention. In addition, in one embodiment, ANdecode block340 is capable of handling video and audio analog signals.

The inputs to graphics block350 are the decoded video and audio digital signals from ANdecode block340. In one embodiment, graphics block350 also receives external audio and video analog inputs. Graphics block350 processes the audio and video information and provides the output to, for example, a television set or a computer system (not shown) where it can be viewed and listened to.

FIG. 3B is a block diagram of another embodiment ofintelligent transceiver300 upon which embodiments of the present invention may be practiced. In this embodiment, point of deployment (POD)320 is separate fromconditional access block330, andsmart card325 is plugged intoPOD320 instead ofconditional access block330.Smart card325 contains a key for descrambling digital broadcast signal370, and this key is used byPOD320 to descramble digital broadcast signal370.POD320 also encrypts digital broadcast signal370 using an encryption engine (not shown). AlthoughPOD320 is separate fromconditional access block330 in this embodiment,conditional access block330 can still exist inintelligent transceiver300.

FIG. 3C is an illustration of the embodiment ofintelligent transceiver300 ofFIG. 3B, upon which embodiments of the present invention may be practiced. In this embodiment,smart card325 is inserted intoPOD320, which is inserted intoslot390. Digital broadcast signal370 is received byintelligent transceiver300 and forwarded toPOD320, where it is descrambled and encrypted using a key provided bysmart card325. Subsequently, the digital signal is decrypted and the audio and visual content are decoded and processed byintelligent transceiver300 as described above, and the result (output380) is sent to, for example, a television (not shown) or similar device.

FIG. 3D is an illustration of the embodiment ofintelligent transceiver300 ofFIG. 3A, upon which embodiments of the present invention may be practiced. In this embodiment,smart card325 is inserted into an interface card (e.g.,conditional access block330 ofFIG. 3A) which is built intointelligent transceiver300. Digital broadcast signal370 is received byintelligent transceiver300 and forwarded toconditional access block330, where it is descrambled and encrypted using a key provided bysmart card325. Subsequently, the digital signal is decrypted and the audio and visual content are decoded and processed byintelligent transceiver300 as described above, and the result (output380) is sent to, for example, a television (not shown) or similar device.

FIG. 4 is a block diagram of an intelligent transceiver400 (e.g., a bi-directional set-top box) showing additional details of the embodiments illustrated byFIGS. 3A and 3B. Table 1 is a list of the various elements and acronyms contained inFIG. 4.

TABLE 1


Elements and Acronyms of Intelligent
Transceiver Embodied inFIG. 4

	AVDAC	Audio Video Digital-to-Analog Converter
	BTSC	Broadcast Television Systems Committee
	D-Cache	Data Cache
	DAVIC	Digital Audio Visual Council
	DOCSIS	Data Over Cable Service Interface Specification
	DSM	Diplexer, Splitter Module
	DSP	Digital Signal Processor
	DVD	Digital Video Disk
	FAT	Forward Application Tuner
	FPU	Floating Point Unit
	I/F	Interface
	IDCT	Inverse Discrete Cosine Transform
	Inst. Cache	Instruction Cache
	Int. Cont.	Interrupt Controller
	MAC	Media Access Control
	MC	Motion Compensation
	MCNS	Multiple Cable Network System
	MIDI	Musical Instrument Digital Interface
	MP@ML	Main Profile at Main Level
	OOB	Out of Band
	PCI	Peripheral Component Interconnect
	PCM	Pulse Coded Modulation
	PLL	Phase Locked Loop
	QPSK	Quadrature Phase Shift Keying
	QPSKQAM	QPSK Quadrature Amplitude Modulation
	RTC	Real Time Clock
	SLIC	Serial Line Internet Connection
	UART	Universal Asynchronous Receiver-Transmitter
	VBI	Vertical Blanking Interval
	VIF/SIF	Video Intermediate Frequency/
		Sound Intermediate Frequency

With reference toFIG. 4, in the present embodiment, front-end block310 receives a scrambled digital broadcast signal (e.g., digital broadcast signal370 ofFIGS. 3A and 3B) from a digital broadcaster via in-band tuner401,OOB tuner402 and/orMCNS FAT tuner403.Smart card325 includes a key to descramble the digital broadcast signal. It is appreciated thatFIG. 4 shows, in a combined form, both of the embodiments illustrated byFIGS. 3A and 3B. In the case of the embodiment illustrated byFIG. 3A,smart card325 is inserted intoconditional access block330, andconditional access block330 descrambles and encrypts the digital broadcast signal. In the case of the embodiment illustrated byFIG. 3B,smart card325 is plugged intoPOD320. In this latter embodiment, the descrambling and encrypting functions are performed inPOD320, and so these functions are bypassed inconditional access block330.

Continuing with reference toFIG. 4, the encrypted digital signal is delivered to ANdecode block340 viaconditional access block330. In the present embodiment of the present invention,decryption engine345 is integrated into demultiplexer (“demux”)410, which is itself integrated into A/V decode block340.Decryption engine345 contains an decryption engine for decrypting digital broadcast signal370.Decryption engine345 is integral with ANdecode block340 and is coupled to front-end block310 viaconditional access block330.Decryption engine345 decrypts an encrypted signal (e.g., digital broadcast signal370) received by A/V decode block340 viaconditional access block330. The in-the-clear signal is immediately transmitted within the integrated circuit of A/V decode block340 for decoding. The in-the-clear signal is never transmitted outside the physical block comprising A/V decode block340 anddecryption engine345. In the present embodiment,decryption engine345 provides the interface between A/V decode block340 andconditional access block330. It is appreciated that in other embodiments integratedcircuit345 may be integrated into ANdecode block340 in some different manner (that is, in a location other than demux410) while still providing the interface withconditional access block330.

As explained above, in accordance with the present invention, there is not a point for intercepting an in-the-clear signal (e.g., a decrypted and descrambled signal) betweenconditional access block330 anddecryption engine345, nor betweendecryption engine345 and ANdecode block340. Therefore, the present invention provides a secure interface betweenconditional access block330 anddecryption engine345 and betweendecryption engine345 and A/V decode block340, and thus between front-end block310 and A/V decode block340.

Continuing with reference toFIG. 4, in the present embodiment, A/V decode block340 includes an MPEG decoder (e.g., MP@ML DEC block411) and an audio decoder (e.g., AC-3 block412) to decode the video and audio content of digital broadcast signal370. Graphics block350 processes the audio and video information received from A/V decode block340.Central processing unit360 contains a processor (e.g., CPU core430) and memory (e.g., instruction cache420) for processing information and instructions used byintelligent transceiver400.

FIG. 5 is a flowchart of the steps in aprocess500 for providing a secure interface for a data signal in accordance with one embodiment of the present invention. With reference also toFIG. 4, in the present embodiment,process500 is implemented as program instructions that are stored in memory (e.g., instruction cache420) and executed by a processor (e.g., CPU core430) ofintelligent transceiver400. It is appreciated thatprocess500 may be utilized in other types of devices, including consumer electronic devices, where it may be necessary to decrypt and encrypt a digital signal.

Instep505 ofFIG. 5, with reference also toFIGS. 3A and 3B, a digital broadcast signal (e.g., digital broadcast signal370) is received byintelligent transceiver300. In the present embodiment, digital broadcast signal370 is received by front-end block310. Typically, digital broadcast signal370 is scrambled but not encrypted when it is received byintelligent transceiver300.

Instep510, in the present embodiment, digital broadcast signal370 is sent from front-end block310 to a first functional block, where the signal is descrambled. In the embodiment ofFIG. 3A, digital broadcast signal370 is sent from front-end block310 toconditional access block330. In the embodiment ofFIG. 3B, digital broadcast signal370 is sent from front-end block310 toPOD320. Depending on the embodiment, a smart card (e.g., smart card325) is coupled toconditional access block330 orPOD320.Smart card325 contains a key that is used to descramble digital broadcast signal370.

Instep515, in the present embodiment, digital broadcast signal370 is encrypted. In the embodiment ofFIG. 3A,conditional access block330 contains an encryption engine that is used to encrypt digital broadcast signal370. In the embodiment ofFIG. 3B,POD320 contains an encryption engine that is used to encrypt digital broadcast signal370. In one embodiment, the encryption engine uses a well-known DES ECB encryption routine and a key length of 56 bits. However, it is appreciated that other encryption routines and different key lengths may be used in accordance with the present invention.

Instep520 ofFIG. 5, in the present embodiment, digital broadcast signal370 (now descrambled and encrypted) is sent from the first functional block (e.g., eitherconditional access block330 ofFIG. 3A orPOD320 ofFIG. 3B) to decryption engine345 (FIGS. 3A and 3B), which is integral with a second functional block (e.g., A/V decode block340 ofFIGS. 3A and 3B). In the embodiment ofFIG. 3B, digital broadcast signal370 is sent fromPOD320 todecryption engine345 viaconditional access block330. In each of the embodiments ofFIGS. 3A and 3B, the link betweenconditional access block330 anddecryption engine345 is separate frombus305; that is, there is a direct connection betweenconditional access block330 anddecryption engine345 that bypassesbus305.

Instep525 ofFIG. 5,decryption engine345 of A/V decode block340 decrypts digital broadcast signal370. The output ofdecryption engine345 is a decrypted digital signal that is in the clear (e.g., a decrypted and descrambled signal). The signal in the clear is transmitted within A/V decode block340 for decoding. The signal in the clear is never transmitted outside the physical block comprising A/V decode block340 anddecryption engine345. Thus, there is not a point for intercepting a signal that is in the clear betweenconditional access block330 anddecryption engine345, nor is there a point betweendecryption engine345 and A/V decode block340 where an in-the-clear signal can be externally accessed and intercepted.

Instep530, digital broadcast signal370 (now decrypted and descrambled) is processed by A/V decode block340. In the present embodiment, an MPEG (Moving Pictures Experts Group) video decoder and an AC3 (Digital Dolby) audio decoder are used; however, it is appreciated that other video or audio decoders can be used in accordance with the present invention. The output of ANdecode block340 is provided to graphics block350, where additional processing of the audio and video information is performed so that it can be displayed and/or listened to on a television set, computer system, or the like.

In summary, the present invention provides an apparatus and method thereof for providing a secure path for a digital signal (e.g., digital broadcast signal370) in, for example, an intelligent transceiver (e.g.,intelligent transceiver300 ofFIGS. 3A and 3B) such as a bi-directional set-top box (e.g.,intelligent transceiver400 ofFIG. 4). Becausedecryption engine345 is integral with ANdecode block340 and coupled to front-end block310 viaconditional access block330, there is not a point for intercepting a signal that is in the clear between either front-end block310 orconditional access block330 anddecryption engine345. In addition, becausedecryption engine345 is physically integrated with A/V decode block340, there is not a point for externally accessing and intercepting a signal that is in the clear betweendecryption engine345 and A/V decode block340. Therefore, the present invention provides a secure interface betweenconditional access block330 anddecryption engine345 and betweendecryption engine345 and A/V decode block340, and thus between front-end block310 and A/V decode block340. As such, the present invention can prevent pirating of a descrambled and decrypted digital signal.

The preferred embodiment of the present invention, secure conditional access port interface, is thus described. While the present invention has been described in particular embodiments, it should be appreciated that the present invention should not be construed as limited by such embodiments, but rather construed according to the below claims.