Virtual smart card device, method and system
First Claim
Patent Images
1. A system for secure transmission of protected content, the system comprising:
- a security server;
a recipient module; and
a secure communication channel for supporting communication between said security server and said recipient module, wherein, in a first mode of operation, the recipient module receives a first key in a multiple key hierarchy via said secure channel, and in a second mode of operation, the recipient module receives the protected content and an encrypted key, said encrypted key being a second key in said multiple key hierarchy, said recipient module being operative to utilize the first key to decrypt the encrypted key to form a decrypted key, said recipient module only being capable of accessing the protected content with said decrypted key.
8 Assignments
0 Petitions
Accused Products
Abstract
A system and a method for secure transmission of protected content to a subscriber, without requiring a smart card or other renewable security element to be in physical proximity of the recipient module of the subscriber, such as a set-top box for example. Therefore, the renewable security element may optionally be protected and controlled by the transmitter of the protected content, such as by the broadcaster for example.
112 Citations
62 Claims
-
1. A system for secure transmission of protected content, the system comprising:
-
a security server;
a recipient module; and
a secure communication channel for supporting communication between said security server and said recipient module, wherein, in a first mode of operation, the recipient module receives a first key in a multiple key hierarchy via said secure channel, and in a second mode of operation, the recipient module receives the protected content and an encrypted key, said encrypted key being a second key in said multiple key hierarchy, said recipient module being operative to utilize the first key to decrypt the encrypted key to form a decrypted key, said recipient module only being capable of accessing the protected content with said decrypted key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for secure transmission of protected content, comprising:
-
(a) a remote renewable security element for encrypting a plurality of keys in a multiple key hierarchy; and
(b) a recipient module for receiving the protected content and said plurality of encrypted keys, said recipient module comprising a secret for decrypting at least one encrypted key to form a first decrypted key, said first decrypted key being required to decrypt at least one additional key in said multiple key hierarchy, wherein said recipient module is only capable of accessing the protected content with said at least one additional decrypted key in said multiple key hierarchy. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A server for supporting secure transmission of protected content to a recipient module, the protected content being broadcast by a head-end, the head-end providing an access criteria reference and a control word for accessing the protected content, the server comprising:
-
(a) a remote renewable security element;
(b) an entitlement message generator; and
(c) a control word message generator;
wherein said entitlement message generator receives the access criteria reference from the head-end and queries said remote renewable security element to determine whether the recipient module is entitled to receive the protected content, such that if the recipient module is entitled to receive the protected content, said entitlement message generator generates a VEMM comprising an encrypted access key and the access criteria reference; and
wherein if the recipient module is entitled to receive the protected content, said control word message generator receives the control word from the head-end and generates a VECM comprising an encrypted control word, such that the recipient module cannot access the protected content without said VEMM and said VECM.
-
-
52. A server for supporting secure transmission of protected content to a recipient module, the server comprising:
-
(a) a remote renewable security element for determining whether the recipient module has at least one entitlement to the protected content;
(b) a VEMM generator for generating a first message containing a first key, said VEMM generator only generating said first message if the recipient module has said at least one entitlement; and
(c) a VECM generator for generating a second message containing a second key, said second key being encrypted with said first key, wherein the protected content is only accessible according to said second key. - View Dependent Claims (53, 54, 55)
-
-
56. A method for transmitting protected content by a broadcaster for being accessed by a subscriber, comprising:
-
providing a recipient module for the subscriber, said recipient module comprising a unique secret;
determining at least one access permission for said recipient module;
generating an access key to form an access message according to said access permission;
encrypting said access key to form an encrypted key, such that said secret is required to decrypt said encrypted key;
encrypting a control word with said access key to form an encrypted control word;
transmitting said encrypted key and said control word to said recipient module, wherein said recipient module requires at least said control word to access the protected content. - View Dependent Claims (57, 58, 59, 60, 61, 62)
-
Specification