Most pay-TV systems can be divided into Pay-Per-Channel (PPC) services and Pay-Per-View (PPV) services. Different Conditional Access Systems (CASs) are required for these two
services to protect programmes. A good pay-TV CAS should be transmission efficient, secure, scalable, and flexible.
Many CASs have been proposed by researchers to meet these requirements. We found out that these systems do not perform well in both transmission and flexibility. In this paper, we propose a PPC CAS and a PPV CAS. We improve the transmission efficiency by introducing a new feature
called "auto-deactivation". Auto-deactivation lets the broadcaster not to send any packet to revoke a subscriber when his subscription period due. This is achieved by employing a novel time-bound key management scheme. Also, our schemes allow many flexible business models and subscription scenarios where other schemes do not. We provide performance analysis and security proofs to show our schemes are practical and secure.

在大部份的付費電視系統可以分類成頻道付費(Pay-Per-Channel)
服務和計次付費(Pay-Per-View)服務。不同的條件式存取系統(CAS)
需要此兩種服務確保所有必須付費才能收看的節目都受到保護。而
一個好的付費電視條件式存取系統理應擁有良好的傳輸效率、安全
性、訂閱彈性以及可讓大量使用者使用而不輕易造成系統癱瘓。
學者提出很多條件式存取系統以符合上面所提及的需求。我們發現
那些條件式存取系統並沒有同時擁有良好的傳輸效率和訂閱彈性。
在這個碩士論文中，我們提出兩個條件式存取系統，一個用於PPC，
另一個用於PPV。我們改進傳輸效率的方式是藉由自動失效
(Auto-deactivation)的特色。自動失效的特性讓廣播者不需傳送
任何封包即可廢止已經到達訂閱週期的使用者，我們使用一種時限
性(Time-bound)金鑰管理來達成此目的。另外，我們所提出的PPV
可以允許彈性的訂閱(隨時訂閱或取消訂閱)以及可實作在現行大
部份的商業模式上。在最後章節中，我們提供效能分析和安全性証
明來闡述系統是可被實作且安全的。

[1] Gemalto N.V. http://www.gemalto.com.
[2] IP Datacast over DVB-H: Service Purchase and Protection(SPP), 2005.
[3] Selim G. Akl and Peter D. Taylor. Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer Systems, 1(3):239-248, 1983.
[4] Hung-Yu Chien. Efficient time-bound hierarchical key assignment scheme. IEEE Transactions on Knowledge and Data Engineering, 16(10):1301-1304,Oct. 2004.
[5] B. Chor, A. Fiat, M. Naor, and B. Pinkas. Tracing traitors. IEEE Transactions on Information Theory, 46(3):893-910, 2000.
[6] Wang Di, Chen Xiaochun, and Zhou Zucheng. A key transport scheme for pay-TV system based on polynomial reconstruction. In Proc. International Symposium on Intelligent Multimedia, Video and Speech Processing, pages 422-425, 20-22 Oct. 2004.
[7] Y. Dodis and N. Fazio. Public key broadcast encryption for stateless receivers.
Proceedings of the Digital Rights Management Workshop, 2696:61-80, 2002.
[8] A. Fiat and M. Naor. Broadcast encryption. Advances in Cryptology-CRYPTO 733, Springer-Verlag, pages 480-491, 1994.
[9] J.A. Garay, J. Staddon, and A. Wool. Long-lived broadcast encryption. Advances in Cryptology-CRYPTO, 1880:333-352, 2000.
[10] D. Halevy and A. Shamir. The LSD broadcast encryption scheme. in Proc. Crypto 2002, Lecture Notes in Computer Science, 2442:47-60, 2002.
[11] Yu-Lun Huang, Shiuhpyng Shieh, Fu-Shen Ho, and Jian-Chyuan Wang. Efficient key distribution schemes for secure media delivery in pay-TV systems. IEEE Transactions on Multimedia, 6(5):760-769, Oct. 2004.
[12] Tianpu Jiang, Yongmin Hou, and Shibao Zheng. Secure communication between set-top box and smart card in DTV broadcasting. IEEE Transactions on Consumer Electronics, 50(3):882-886, Aug. 2004.
[13] Tianpu Jiang, Shibao Zheng, and Baofeng Liu. Key distribution based on hierarchical access control for conditional access system in DTV broadcast.IEEE Transactions on Consumer Electronics, 50(1):225-230, Feb 2004.
[14] Anne V.D.M. Kayem, Patrick Martin, and Selim G. Akl. Heuristics for improving cryptographic key assignment in a hierarchy. In Proc. 21st International Conference on Advanced Information Networking and Applications Workshops
AINAW '07, volume 1, pages 531-536. IEEE Computer Society, 21-23 May 2007.
[15] Noam Kogan, Yuval Shavitt, and Avishai Wool. A practical revocation scheme for broadcast encryption using smartcards. ACM Transactions on Information and System Security, 9(3):325-351, 2006.
[16] Jang Won Lee. Key distribution and management for conditional access system on DBS. Proc. Int. Conf. Cryptology and Information Security, pages 82-88, 1996.
[17] X.S. Li, Y.R. Yang, M.G. Gouda, and S.S. Lam. Batch rekeying for secure group communications. Proceedings of the 10th international conference on World Wide Web, pages 525-534, 2001.
[18] Baofeng Liu, Wenjun Zhang, and Tianpu Jiang. A scalable key distribution scheme for conditional access system in digital pay-TV system. IEEE Transactions on Consumer Electronics, 50(2):632-637, May 2004.
[19] Jiqiang Liu and Sheng Zhong. A time-bound key management scheme for hierarchical tree. In Proc. First International Symposium on Data, Privacy, and E-Commerce ISDPE 2007, pages 445-447, 1-3 Nov. 2007.
[20] Stephen J. MacKinnon, Peter D. Taylor, Henk Meijer, and Selim G. Akl. An optimal algorithm for assigning cryptographic keys to control access in a hierarchy. IEEE Transactions on Computers, 34(9):797-802, 1985.
[21] S. Mitsunari, R. Sakai, and M. Kasahara. A new traitor tracing. IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences, 85(2):481-484, 2002.
[22] D. Naor, M. Naor, and J. Lotspiech. Revocation and tracing schemes for stateless receivers. in Proc. Crypto 2001, Lecture Notes in Computer Science, pages 41-62, 2001.
[23] M. Naor and B. Pinkas. Efficient trace and revoke schemes. Financial Cryptography: 4th International Conference, FC 2000, Anguilla, British West Indies,
February 20-24, 2000: Proceedings, 2001.
[24] Y. Nishimoto, A. Baba, and K. Ogawa. Advanced conditional access system for digital broadcasting receivers using metadata. In Proc. Digest of Technical
Papers. International Conference on Consumer Electronics ICCE '06, pages 111-112, 7-11 Jan. 2006.
[25] RL Rives and B Kaliski. Rsa problem. Encyclopedia of Cryptography and Security, 2003.
[26] A. De Santis, A. L. Ferrara, and B. Masucci. Enforcing the security of a time-bound hierarchical key assignment scheme. volume 12, pages 1684-1694. Elsevier, 2006.
[27] J. Staddon, S. Miner, M. Franklin, D. Balfanz, M. Malkin, and D. Dean. Self-healing key distribution with revocation. In Proc. 2002 IEEE Symposium on Security and Privacy, pages 241-257, 2002.
[28] Hung-Min Sun, Chien-Ming Chen, and Cheng-Zong Shieh. Flexible-Pay-Per-Channel: A new model for content access control in pay-TV broadcasting systems. In IEEE Transaction on Multimedia. (to appear), 2008.
[29] VD T^o, R. Safavi-Naini, and F. Zhang. New traitor tracing schemes using bilinear map. Proceedings of the 3rd ACM workshop on Digital rights management, pages 67-76, 2003.
[30] Fu-Kuan Tu, Chi-Sung Laih, and Hsu-Hung Tung. On key distribution management for conditional access system on pay-TV system. IEEE Transactions on Consumer Electronics, 45(1):151-158, Feb. 1999.
[31] Wen-Guey Tzeng. A time-bound cryptographic key assignment scheme for access control in a hierarchy. IEEE Transactions on Knowledge and Data Engineering, 14(1):182-188, Jan.-Feb. 2002.
[32] D. Wallner, E. Harder, and R. Agee. Key management for multicast: Issues and architectures. RFC 2627, 1999.
[33] Shyh-Yih Wang and Chi-Sung Laih. Merging: an efficient solution for a time-bound hierarchical key assignment scheme. IEEE Transactions on Dependableand Secure Computing, 3(1):91-100, Jan.-March 2006.
[34] C.K. Wong, M. Gouda, and SS Lam. Secure group communications using key graphs. IEEE/ACM Transactions on Networking, 8(1):16-30, 2000.
[35] X. Yi. Security of Chien's efficient time-bound hierarchical key assignment scheme. IEEE Transactions on Knowledge and Data Engineering, 17(9):1298-1299, Sept. 2005.
[36] Xun Yi and Yiming Ye. Security of Tzeng's time-bound key assignment scheme for access control in a hierarchy. IEEE Transactions on Knowledge and Data Engineering, 15(4):1054{1055, July-Aug. 2003.
[37] Meng Zheng and Shi-Bao. A common smart-card-based conditional access system for digital set-top boxes. IEEE Transactions on Consumer Electronics, 50(2):601-605, May 2004.