摘要 |
A conditional access system employs a hybrid hardware/software architecture that is secure, yet allows easy renewability. The system has a security module implemented on a single embedded IC that performs all of the cryptographic functionality and stores all cryptographic keys used in decryption of content. Conditional access policies are established by one or more software components that execute on a processor separate from the security module. Content deemed accessible by the software components is passed to the security module, where it is decrypted using the keys maintained in the module. The decrypted content is then transferred out from the security module to a processor for further processing. With this hybrid architecture, the cryptographic keys and algorithm primitives are securely maintained within the embedded module, and not exposed to other components. Also, since the access policies are implemented in software components that need not be trusted by the security module, they can be easily updated.
|