Conditional access system
First Claim
1. A method of decrypting an encrypted instance of service, the method being carried out in a receiver that has a public key-private key pair, and the method comprising the steps of:
- receiving in the receiver a management message having an encrypted multi-session key, wherein the encrypted multi-session key was encrypted by the public key of the receiver;
decrypting the encrypted multi-session key with the private key of the receiver;
storing the multi-session key in a memory of the receiver;
receiving in the receiver a control message together with a service message, the service message having an encrypted portion of the instance of service, the control message including a decryptor;
implementing the decryptor of the service message with the multi-session key to produce a session key; and
decrypting the encrypted portion of the instance of service of the service message using the session key.
3 Assignments
0 Petitions
Accused Products
Abstract
A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances”, or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.
274 Citations
46 Claims
-
1. A method of decrypting an encrypted instance of service, the method being carried out in a receiver that has a public key-private key pair, and the method comprising the steps of:
-
receiving in the receiver a management message having an encrypted multi-session key, wherein the encrypted multi-session key was encrypted by the public key of the receiver;
decrypting the encrypted multi-session key with the private key of the receiver;
storing the multi-session key in a memory of the receiver;
receiving in the receiver a control message together with a service message, the service message having an encrypted portion of the instance of service, the control message including a decryptor;
implementing the decryptor of the service message with the multi-session key to produce a session key; and
decrypting the encrypted portion of the instance of service of the service message using the session key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
25. A receiver in a conditional access system for decrypting an instance of a service associated with an entitlement agent, the receiver comprising:
-
a port adapted to receive a plurality of messages including a management message, a control message and a service message, the service message including an encrypted portion of the instance of service, the control message including a decryptor, the management message including an encrypted multi-session key;
a memory adapted to store a plurality of keys including a private key of a public key-private key pair and the multi-session key;
a processor in communication with the port and the memory, the processor adapted to use the private key to decrypt the encrypted multi-session key and store the multi-session key in the memory, the processor further adapted to make a service decryption key for decrypting the encrypted instance of service by implementing the decryptor with the multi-session key; and
a service decryptor in communication with the processor, the service decryptor adapted to use the service decryption key to decrypt the encrypted instance of service.
-
Specification