Control Word Protection

1. A method for securely obtaining a control word in a chip set of a receiver, said control word for descrambling scrambled content received by the receiver, the method comprising, at the chip set: receiving a secured version of a chip set load key, the chip set load key being secured to protect the confidentiality of the chip set load key and being secured using a signature key to protect the authenticity of the chip set load key; obtaining the chip set load key from the secured version of the chip set load key, wherein said obtaining comprises using a signature verification key corresponding to the signature key to verify the authenticity of the chip set load key; receiving a secured version of a virtual control word from a conditional access/digital rights management client communicably connected to the chip set; using the chip set load key to obtain the virtual control word from the secured version of the virtual control word; and using a first cryptographic function to produce a given output from an input; wherein the input comprises: the virtual control word and either a plurality of signature verification keys or one or more values derived from a plurality of signature verification keys, wherein each signature verification key is associated with a conditional access/digital rights management system, wherein the given output comprises at least one control word; wherein said signature verification key corresponding to the signature key used to verify the authenticity of the chip set load key is one of said plurality of signature verification keys; wherein the first cryptographic function has the property that it is infeasible to determine (i) a key pair, the key pair including a signature key and a signature verification key, and (ii) an input for the first cryptographic function comprising the determined signature verification key or one or more values derived, at least in part, from the determined signature verification key, such that the first cryptographic function produces the given output from the determined input.

2. The method according to claim 1 , comprising receiving and storing the signature verification keys of the plurality of signature verification keys, wherein said first cryptographic function is arranged to use said stored signature verification keys as a part of the input to the first cryptographic function.

3. The method according to claim 1 , comprising: receiving the plurality of signature verification keys; generating a derived value from the received plurality of signature verification keys; and storing the generated derived value; wherein said first cryptographic function is arranged to use said stored derived value as a part of the input to the first cryptographic function.

4. The method according to claim 1 , wherein the secured version of the virtual control word is a virtual control word encrypted using the chip set load key; and wherein obtaining the virtual control word from the secured version of the virtual control word comprises using the chip set load key to decrypt the secured version of the virtual control word.

5. The method according to claim 1 , wherein the secured version of the chip set load key comprises the chip set load key encrypted using a public key associated with the chip set and a signature based on the chip set load key using the signature key, wherein obtaining the chip set load key from the secured version of the chip set load key comprises: decrypting the encrypted chip set load key using a secret key associated with the chip set, the secret key corresponding to the public key associated with the chip set, and wherein said verifying the authenticity of the chip set load key comprises verifying the signature using the signature verification key corresponding to the signature key.

6. The method according to claim 5 , comprising the chip set storing the chip set load key obtained from the secured version of the chip set load key so that the stored chip set load key can be used to decrypt secured versions of virtual control words received by the chip set.

7. The method according to claim 6 , comprising: receiving the plurality of signature verification keys along with the secured version of the virtual control word; and determining whether the signature based on the stored chip set load key was verified using one of the received signature verification keys and, if it is determined that the signature based on the stored chip set load key was not verified using one of the received signature verification keys, not using the stored chip set load key to decrypt the secured version of the virtual control word received by the chip set.

8. The method according to claim 5 , in which the receiver is one receiver in a plurality of receivers, each receiver in the plurality of receivers having a corresponding chip set that has an associated secret key, wherein the secret keys associated with the chip sets of the receivers in the plurality of receivers are different from each other.

9. A method for providing a control word to a chip set of a receiver, the control word to enable the receiver to descramble scrambled content transmitted to the receiver, the method comprising: generating a virtual control word at a head-end system; transmitting the virtual control word from the head-end system to a conditional access/digital rights management client via the receiver, wherein the conditional access/digital rights management client is communicably connected to the chip set; transmitting to the chip set a secured version of a chip set load key, the chip set load key being secured to protect the confidentiality of the chip set load key, the chip set load key being secured using a signature key associated with a conditional access/digital rights management system to protect the authenticity of the chip set load key, the chip set load key to enable the receiver to access the virtual control word; using a first cryptographic function to produce a given output from an input; wherein the input comprises: the virtual control word and either a plurality of signature verification keys or one or more values derived from a plurality of signature verification keys, wherein each signature verification key is associated with a conditional access/digital rights management system, wherein the given output comprises at least one control word; wherein the signature key used to secure the chip set load key thereby protecting the authenticity of the chip set load key corresponds to one of the plurality of signature verification keys; wherein the first cryptographic function has the property that it is infeasible to determine (i) a key pair, the key pair including a signature key and a signature verification key, and (ii) an input for the first cryptographic function comprising the determined signature verification key or one or more values derived, at least in part, from the determined signature verification key, such that the first cryptographic function produces the given output from the determined input; scrambling content using the control word to produce scrambled content; and transmitting the scrambled content to the chip set.

10. The method according to claim 9 , wherein the secured version of the chip set load key comprises the chip set load key encrypted using a public key associated with the chip set and a signature based on the chip set load key using the signature key.

11. The method according to claim 9 , comprising transmitting the control word from the head-end system to a second conditional access/digital rights management client via a second receiver, wherein the second conditional access/digital rights management client is communicably connected to a second chip set of the second receiver.

12. The method according to claim 9 , wherein at least two of the signature verification keys in the plurality of signature verification keys are associated with the same conditional access/digital rights management system.

13. The method according to claim 9 , wherein at least two of the signature verification keys in the plurality of signature verification keys are associated with different conditional access/digital rights management systems.

14. The method according to claim 9 , in which a derived value is produced by providing the plurality of signature verification keys to a second cryptographic function, wherein the second cryptographic function has the property that it is infeasible to generate a key pair including a signature key and a signature verification key and an input for the second cryptographic function comprising the generated signature verification key such that the second cryptographic function produces that derived value from the generated input.

15. The method according to claim 9 , in which the one or more derived values comprise, for each signature verification key in the plurality of signature verification keys, a corresponding cryptographic hash value of that signature verification key.

16. A chip set, for a receiver, for securely obtaining a control word, said control word for descrambling scrambled content received by the receiver, the chip set arranged to carry out a method comprising: receiving a secured version of a chip set load key, the chip set load key being secured to protect the confidentiality of the chip set load key and being secured using a signature key to protect the authenticity of the chip set load key; obtaining the chip set load key from the secured version of the chip set load key, wherein said obtaining comprises using a signature verification key corresponding to the signature key to verify the authenticity of the chip set load key; receiving a secured version of a virtual control word from a conditional access/digital rights management client communicably connected to the chip set; using the chip set load key to obtain the virtual control word from the secured version of the virtual control word; and using a first cryptographic function to produce a given output from an input; wherein the input comprises: the virtual control word and either a plurality of signature verification keys or one or more values derived from a plurality of signature verification keys, wherein each signature verification key is associated with a conditional access/digital rights management system, wherein the given output comprises at least one control word; wherein said signature verification key corresponding to the signature key used to verify the authenticity of the chip set load key is one of said plurality of signature verification keys; wherein the first cryptographic function has the property that it is infeasible to determine (i) a key pair, the key pair including a signature key and a signature verification key, and (ii) an input for the first cryptographic function comprising the determined signature verification key or one or more values derived, at least in part, from the determined signature verification key, such that the first cryptographic function produces the given output from the determined input.

17. A system for providing a control word to a chip set of a receiver, the control word to enable the receiver to descramble scrambled content transmitted to the receiver, the system comprising: at least one processor; and at least one memory coupled to the at least one processor and storing instructions, which when executed by the at least one processor cause the at least one processor to: generate a virtual control word at a head-end system; transmit the virtual control word from the head-end system to a conditional access/digital rights management client via the receiver, wherein the conditional access/digital rights management client is communicably connected to the chip set; transmit to the chip set a secured version of a chip set load key, the chip set load key being secured to protect the confidentiality of the chip set load key, the chip set load key being secured using a signature key associated with a conditional access/digital rights management system to protect the authenticity of the chip set load key, the chip set load key to enable the receiver to access the virtual control word; use a first cryptographic function to produce a given output from an input; wherein the input comprises: the virtual control word and either a plurality of signature verification keys or one or more values derived from a plurality of signature verification keys, wherein each signature verification key is associated with a conditional access/digital rights management system, wherein the given output comprises at least one control word; wherein the signature key used to secure the chip set load key thereby protecting the authenticity of the chip set load key corresponds to one of the plurality of signature verification keys; wherein the first cryptographic function has the property that it is infeasible to determine (i) a key pair, the key pair including a signature key and a signature verification key, and (ii) an input for the first cryptographic function comprising the determined signature verification key or one or more values derived, at least in part, from the determined signature verification key, such that the first cryptographic function produces the given output from the determined input; scrambling content using the control word to produce scrambled content; and transmitting the scrambled content to the chip set.

18. A receiver comprising the chip set according to claim 16 .

19. A non-transitory computer readable medium having stored thereon instructions that, when executed by a chip set of a receiver, cause the chip set to carry out a method for securely obtaining a control word, said control word for descrambling scrambled content received by the receiver, the method comprising: receiving a secured version of a chip set load key, the chip set load key being secured to protect the confidentiality of the chip set load key and being secured using a signature key to protect the authenticity of the chip set load key; obtaining the chip set load key from the secured version of the chip set load key, wherein said obtaining comprises using a signature verification key corresponding to the signature key to verify the authenticity of the chip set load key; receiving a secured version of a virtual control word from a conditional access/digital rights management client communicably connected to the chip set; using the chip set load key to obtain the virtual control word from the secured version of the virtual control word; and using a first cryptographic function to produce a given output from an input; wherein the input comprises: the virtual control word and either a plurality of signature verification keys or one or more values derived from a plurality of signature verification keys, wherein each signature verification key is associated with a conditional access/digital rights management system, wherein the given output comprises at least one control word; wherein said signature verification key corresponding to the signature key used to verify the authenticity of the chip set load key is one of said plurality of signature verification keys; wherein the first cryptographic function has the property that it is infeasible to determine (i) a key pair, the key pair including a signature key and a signature verification key, and (ii) an input for the first cryptographic function comprising the determined signature verification key or one or more values derived, at least in part, from the determined signature verification key, such that the first cryptographic function produces the given output from the determined input.

20. A system comprising one or more chip sets according to claim 16 .