TECHNICAL FIELD

[0001] The present disclosure relates to a method for securing transmission of content from a device such as a surveillance device or a security camera to a remote server. The disclosure further relates to a chipset, a device comprising the chipset, a computer program product, a computer-readable storage medium, and a monitoring system for securing transmission of content from the device to the remote server.

BACKGROUND ART

[0002] Today security cameras are becoming more and more complex connected devices. They are often based on high-end dedicated chipsets which run latest operative systems like Android. More and more functionality are pushed on the device side, like connectivity, image analysis and processing, alarm detection, video source selection, etc.

[0003] Cameras are usually connected via the Internet to a centralized monitoring system (VMS) which receives video streams and where security decisions are taken.

[0004] The cameras can be subject to cyber-attacks depending on the robustness of the used software and hardware. Therefore there is a need for assuring a good level of device security.

[0005] Camera chipsets may include a Trusted Execution Environment (TEE) for secured processing of data, such as to authenticate an applet or protect cryptographic keys. However, even in case the chipset is featuring a TEE, the security of the TEE can be compromised, for example by back doors, cyber-attacks, poor design, or weaknesses in the operating system. When security of the TEE is compromised, the VMS can no more rely on the camera because alarms may be suppressed, old video streams may be replayed, etc.

SUMMARY

[0006] According to an aspect of the present disclosure, a method is proposed for securing a transmission of content from a device to a remote server. The method can comprise receiving an encryption key in the device from the remote server, wherein the encryption key is generated in the remote server. The method can further comprise encrypting the content in the device using the encryption key to obtain encrypted content. The method can further comprise transmitting the encrypted content from the device to the remote server.

[0007] In an embodiment the encryption key can change periodically.

[0008] In an embodiment the encryption key can be a control word and the control word can be received in an entitlement control message generated in the remote server.

[0009] In an embodiment the device can comprise a chipset comprising a trusted execution environment. The encrypted content can be transmitted via the trusted execution environment.

[0010] In an embodiment the device can comprise a chipset comprising a trusted execution environment. The encryption key can be received via the trusted execution environment.

[0011] In an embodiment the chipset can further comprises a secure perimeter part. The method can further comprise receiving raw content originating from one or more sensors in the secure perimeter part. The method can further comprise encoding the raw content within the secure perimeter part to obtain encoded content. The method can further comprise encrypting the encoded content within the secure perimeter part to obtain the encrypted content. The method can further comprise transmitting the encrypted content from the secure perimeter part to the remote server via the trusted execution environment.

[0012] In an embodiment the method can further comprise receiving metadata in the device from the remote server, wherein the metadata is bound to the encryption key.

[0013] In an embodiment the device can be a surveillance device and/or a security camera. The content can comprise image data and/or video data captured by the device.

[0014] According to an aspect of the disclosure, a method is proposed for securing a transmission of content from a device to a remote server. The method can comprise generating an encryption key in the remote server. The method can further comprise transmitting the encryption key from the remote server to the device. The method can further comprise receiving encrypting content from the device in the remote server, wherein the encrypted content is encrypted using the encryption key.

[0015] In an embodiment the method can further comprise generating metadata in the remote server. The method can further comprise binding the metadata to the encryption key. The method can further comprise transmitting the metadata bound to the encryption key to the device. [0016] According to an aspect of the disclosure a chipset is proposed that is configured to perform one or more of the above described steps.

[0017] According to an aspect of the disclosure a device is proposed comprising a chipset as described above.

[0018] In an embodiment the device can be a surveillance device and/or a security camera, wherein the device is configured to capture content comprising video data.

[0019] According to an aspect of the disclosure a computer program product is proposed that can be implemented on a computer-readable non-transitory storage medium. The computer program product can comprise computer executable instructions which, when executed by a processor, cause the processor to carry out one or more of the above described steps.

[0020] According to an aspect of the disclosure a computer-readable non-transitory storage medium is proposed comprising computer executable instructions which, when executed by a processor, cause the processor to carry out one or more of the above described steps.

[0021] According to an aspect of the disclosure a system is proposed for securing a transmission of content from a device to a remote server using the above described method.

[0022] Hereinafter, embodiments of the disclosure will be described in further detail. It should be appreciated, however, that these embodiments may not be construed as limiting the scope of protection for the present disclosure.

BRIEF DESCRIPTION OF DRAWINGS

[0023] Embodiments will now be described, by way of example only, with reference to the accompanying schematic drawings in which corresponding reference symbols indicate corresponding parts, and in which:

[0024] FIG. 1 shows a prior art example of a chipset including a key ladder mechanism for loading control words;

[0025] FIG. 2 shows a prior art conditional access system;

[0026] FIG. 3 shows a device according to an exemplary embodiment;

[0027] FIG. 4 shows a system according to an exemplary embodiment;

[0028] FIG. 5 shows a device according to another exemplary embodiment;

[0029] FIG. 6 shows a flow chart of an exemplary method. [0030] The figures are meant for illustrative purposes only, and do not serve as restriction of the scope or the protection as laid down by the claims.

DESCRIPTION OF EMBODIMENTS

[0031] In the field of conditional access systems for digital video broadcast (DVB), it is known that transmissions of pay television services can be secured by using encryption and provisioning of decryption keys to the end-user’s equipment. Such systems provide secure transmission of a broadcast stream comprising one or more services, such as a pay television service, to a digital receiver contained for example in a set-top box or a mobile terminal. To protect the broadcast services from unauthorized viewing, the data packets in the broadcast stream are typically scrambled - encrypted - with an encryption key commonly referred to as a control word (CW). Further security may be provided by periodically changing the CWs so they are only valid for a certain period. Typically, CWs are transmitted in encrypted form to the receiver using so-called entitlement control messages (ECMs).

[0032] In the receiver, an ECM is filtered out of a transport stream and sent to a secure computing environment, e.g. a smartcard inserted in the receiver or software running in a secured environment of the receiver. In the following example the secure computing environment is a smartcard, and the broadcast service comprises TV channels. The smartcard decrypts the ECM using a higher-level key, which is common to all smartcards that are authorized to receive the TV channels associated with that key. The CW obtained from the ECM is returned from the smartcard to the receiver, which immediately loads the CW into the descrambler for descrambling data.

[0033] The smartcard is typically pre -provisioned with a unique serial number and a unique key. The chipset of the receiver is typically pre -provisioned with a chip set serial number (CSSN). Moreover, a chip set unique key (CSUK) may be stored in a secured portion of the receiver, and the CSSN and CSUK are typically linked. CSSN and CSUK typically cannot be changed after being provisioned in the receiver. The CSUK is typically not stored in the smartcard.

[0034] FIG. 1 shows a prior art example of a chipset of a receiver 1, e.g. a set-top box, to load keys to descramble content. Decryptors 10a, 10b and 10c use encrypted input data and an input key to obtain decrypted output data. Elements 11 and 12 are read-only memory locations. Elements 13 and 14 are read-and-write memory locations for temporary storing decrypted output data. Content decoder 15 decodes descrambled content. Data flows between elements are indicated by arrows.

[0035] In the example of FIG. 1, a content stream s is scrambled with a CW, denoted Ecw(s). The scrambled content stream Ecw(s) is received in the secure chipset of the receiver 1. The chipset supports secure loading of the associated CW using input ECSSK(CW), which is the CW encrypted with the CSSK. The CSSK may be securely received encrypted with the CSUK, which is denoted by input ECSUK(CSSK). The CSUK and a CSSN can be pre-installed in memory location 12 and memory location 11, respectively, and preferably cannot be altered. The CSSN is typically available to software executing in the receiver 1 for identification purposes. The CSUK is typically secured, such that is can only be used in the secure chipset to decrypt the CSSK from ECSUK(CSSK).

[0036] The content decoder 15 can be external to the chipset and is typically a part of the receiver 1. Output of the content decoder 15 is the descrambled content stream s, which may be displayed on an output device, such as a TV.

[0037] Known conditional access systems, such as shown in FIG. 2, may use the key loading mechanism as shown in FIG. 1 by sending an entitlement management message (EMM) and entitlement control messages (ECMs) from a head-end system 3, via a network 2, to a smartcard embedded or inserted in the set-top box 1. The EMM typically contains the CSSK and/or its encrypted version ECSUK(CSSK). The ECM typically contains the encrypted CW, i.e. ECSSK(CW). The smartcard typically provides ECSUK(CSSK) to the receiver 1 and may use the CSSK as a session key for loading a sequence of CWs. The receiver 1 descrambles or decrypts the scrambled or encrypted content stream Ecw(s) using the CW to obtain the content stream s. The scrambled or encrypted content stream Ecw(s) is received from the head-end system 3.

[0038] The present disclosure is inspired by the DVB implementation for securing broadcast services as shown in FIGs. 1 and 2. In the DVB example: the EMMs, ECMs, including the cryptographic keys and the encrypted content originate from the same head- end system 3; and the content is decrypted in the end-user device. In the present disclosure: cryptographic keys originate from a remote server, similar to DVB, but the encrypted content is transmitted from the device to the remote server, which is different from DVB, i.e. in the other direction. [0039] FIG. 3 shows an exemplary embodiment of a device 100 of the present disclosure, wherein cryptographic keys in the form of CWs are received. The device 100 is for example a surveillance device or a security camera, possibly implemented as an Intemet-of-Things (IoT) device. The device 100 is configured to load cryptographic keys to encrypt content. The content may be video content, audio content or a combination thereof, which may be captured by the device 100 or by sensors connected to the device 100.

[0040] Decryptors 110a and 110b use encrypted input data and an input key to obtain decrypted output data. Encryptor 110c uses input data and an input key to obtain encrypted output data. Elements 111 and 112 may be read-only memory locations. Elements 113 and 114 may be read-and- write memory locations for temporary storing decrypted output data. Content encoder 115 may encode content before encrypting the content. Data flows between elements are indicated by arrows.

[0041] In the example of FIG. 3 content c is to be encrypted using a CW. The resulting encrypted content is denoted Ecw(c). The encrypted content Ecw(c) may be transmitted to a remote server. The device 100 receives the CW from the remote server, preferably in an encrypted form. The device 100 may support secure loading of the CW using input ECSS _K (CW), which is the CW encrypted with the CSSK. The CSSK may be securely received encrypted with the CSUK, which is denoted by input ECSU _K (CSSK). The CSUK and a CSSN may be pre-installed in memory location 112 and memory location 111, respectively, and preferably cannot be altered. The CSSN is typically available to software executing in the receiver 100 for identification purposes. The CSUK is typically secured, such that is can only be used in a secure chipset of the device 100 to decrypt the CSSK from ECSU _K (CSSK).

[0042] The device 100 may include a content encoder 115. Before encrypting the content, the content may be encoded using the content decoder 115.

[0043] The key loading mechanism as shown in FIG. 3 may be used in a system as shown in FIG. 4. FIG. 4 shows an exemplary network configuration including a remote server 300 that is communicatively connected to a device 100 via a network 200. The remote server may be a VMS. The network may be the Internet or any other data network. In the example of FIG. 4, the remote server 300 is configured to send an entitlement management message EMM and one or more entitlement control messages ECMs to the device 100 via the network 200. The EMM typically contains the CSSK and/or its encrypted version E _CSUK (CSSK). It is possible to omit transmission of EMMs and use a CSSK or alternative thereof that is stored in the device 100 or otherwise provided to the device 100. The ECM typically comprises the encrypted CW, i.e. E _CSSK (CW). The device 100 may obtain the CW from the ECM as explained in conjunction with FIG. 3. The device 100 encrypts the content using the CW to obtain the encrypted content Ecw(c). The encrypted content Ecw(c) may then be transmitted from the device 100 to the remote server 300 via the network 200.

[0044] FIG. 5 shows an exemplary embodiment of a device 100’ of the present disclosure. Device 100’ may be a surveillance device or a security camera device including a chipset part 120 and a memory part 130. The chipset part 120 is for example a camera chipset. The memory part 130 may be implemented as DDR memory or any other suitable memory. The chipset part 120 may include an embedded operating system environment 121, such as a rich OS environment. The embedded operating system environment 121 may be configured to exchange data with other parts of the device 100’, as depicted by the vertical block arrow. The chipset part 120 may further comprise a trusted execution environment TEE 122 that is configured to communicate with the rich OS environment 121, as depicted by the vertical block arrow. A secure perimeter 123 may be configured that is partly embedded in the chipset 120 and partly uses the memory 130. The part of the secure perimeter 120 within the chipset 120 may include an image/raw video subsystem 124 for receiving and processing incoming image and/or raw video data, a video encoder 125 for encoding image and/or raw video data, and a cryptographic processor 126 for encrypting image and/or video data. The image/raw video subsystem 124 and the video encoder 125 may be configurable via the TEE 122, as depicted by the black arrows from the TEE 122 to these parts 124 and 125. The memory part 130 may comprise one or more buffer memories 131, 132.

[0045] Device 100’ may obtain image and/or video data from external camera equipment that is connected to the device 100’ or from camera equipment that is part of the device 100’. The image and/or video data may be received in the image/raw video subsystem 124 and stored as intermediate raw image/video data c2 in a first buffer memory 131. The image/raw video subsystem 124 may preprocess the content c before buffering in the first buffer memory 131. The intermediate raw image/video data c2 may be read from the first buffer memory 131 by the video encoder 125. The video encoder 125 may be similar to video encoder 115. The resulting encoded image/video data c3, which is typically in a compressed image/video data format, may be stored in a second buffer memory 132, from where it may be read by the cryptographic processor 126.

[0046] Cryptographic processor 126 may include a decryptor such as decryptor 110b and an encryptor such as encryptor 110c. Cryptographic processor 126 may include a scrambler. The cryptographic processor 126 may be configured to receive a CW, preferably via the TEE and preferably from an ECM received from a remote server. The CW may be used to encrypt the encoded image/video data c3. The thus obtained encrypted content Ecw(c) may be transmitted to the remote server or any other remote destination, preferably via the TEE.

[0047] Fig. 5 shows a flow chart of an exemplary method of the present disclosure. In step 3001 an encryption key, such as a CW, is generated in a remote server 300. In step 3002 the encryption key is transmitted to a device 100, 100’, where it is received in step 1003. The encryption key may be changed periodically, which is depicted by the loop from step 3002 to 3001. In step 1001 content c is obtained. The content may be encoded in step 1002. In step 1004 the content is encrypted using the obtained encryption key. In step 1005 the encrypted content is transmitted to the remote server, where it is received in step 3003.

[0048] The remote server may decrypt the encrypted content, store the encrypted content or transmit the encrypted content to a further device for processing.

[0049] In an embodiment a VMS chooses video encryption keys and protects the encryption keys with ECMs. The ECMs are sent to camera devices. Thanks to the cryptographic processor in the camera device, which includes a scrambler, the video data stream from the camera device will be encrypted with the current key and sent to the TEE. The TEE will then send the encrypted video data stream to the VMS using connectivity means of the chipset. In this example, even if the TEE is compromised, video data cannot be tampered with, because the video data is already encrypted. Even trying to send old data to the VMS will not work, because the encryption key is frequently changed by the VMS. The VMS can thus easily detect old and out of-sync data.

[0050] In an embodiment the VMS can also send, cryptographically bound to the key, metadata such as time stamp, enforcement of the secure video path, etc., that can be used by the cryptographic processor in the device. If these keys are filtered by an attacker, the VMS will be able to detect the tampering because the encrypted video data will not be encrypted correctly.

[0051] In the above examples the notation image/video or image/raw video is used. Herein, the forward slash is to be interpreted as and/or.

[0052] One or more embodiments of the disclosure may be implemented as a computer program product for use with a computer system. The program(s) of the program product may define functions of the embodiments (including the methods described herein) and can be contained on a variety of computer-readable storage media. The computer-readable storage media may be non-transitory storage media. Illustrative computer-readable storage media include, but are not limited to: (i) non- writable storage media (e.g., read-only memory devices within a computer such as CD-ROM disks readable by a CD-ROM drive, ROM chips or any type of solid-state non-volatile semiconductor memory) on which information may be permanently stored; and (ii) writable storage media (e.g., hard disk drive or any type of solid-state random-access semiconductor memory, flash memory) on which alterable information may be stored.