System and method for a variable key ladder

US 20060184796A1
Filed: 02/16/2005
Published: 08/17/2006
Est. Priority Date: 02/16/2005
Status: Active Grant

First Claim

Patent Images

1. A method of generating encryption and decryption keys for a multiple tier, variable key ladder (VKL) hierarchy, the method comprising:

determining a device key based on network connection and configuration data contained in conditional access system firmware;

decrypting and extracting a session or category key from an input media stream or an entitlement management message (EMM) using the device key; and

configuring a key ladder in response to at least one Entitlement Control Message (ECM), wherein the key ladder comprises the device key and at least one of (i) a program key, (ii) the session or category key, and (iii) at least one control word.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of generating encryption and decryption keys for a multiple tier, variable key ladder (VKL) hierarchy includes determining a device key based on network connection and configuration data contained in conditional access system firmware, decrypting and extracting a session or category key from an input media stream or an Entitlement Management Message using the device key, and configuring a key ladder in response to at least one Entitlement Control Message (ECM), wherein the key ladder comprises the device key and at least one of (i) a program key, (ii) the session or category key, and (iii) at least one control word.

109 Citations

View as Search Results

21 Claims

1. A method of generating encryption and decryption keys for a multiple tier, variable key ladder (VKL) hierarchy, the method comprising:
- determining a device key based on network connection and configuration data contained in conditional access system firmware;
  
  decrypting and extracting a session or category key from an input media stream or an entitlement management message (EMM) using the device key; and
  
  configuring a key ladder in response to at least one Entitlement Control Message (ECM), wherein the key ladder comprises the device key and at least one of (i) a program key, (ii) the session or category key, and (iii) at least one control word.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the key ladder configuration comprises at least one of (i) number of keys, (ii) key symmetry, and (iii) bit-count of keys.
  - 3. The method of claim 1 wherein the device key is determined at startup of a device where the method of claim 1 is implemented.
  - 4. The method of claim 1 wherein the entitlement management message (EMM) contains the session key, and the session key is symmetric.
  - 5. The method of claim 1 wherein the session key is contained in the entitlement management message (EMM) in the input media stream, and the device key is one of symmetric and asymmetric.
  - 6. The method of claim 1 wherein the encryption and decryption is implemented using at least one of RSA Encryption, triple Data Encryption Standard (DES) and Advanced Encryption Standard (AES) algorithms.
  - 7. The method of claim 1 wherein the variable key ladder comprises a combination of symmetric and asymmetric keys.
  - 8. The method of claim 7 wherein asymmetric keys are implemented only in a first tier of the key ladder to minimize decryption times of the input media stream and to minimize key generation times.

9. A system for generating encryption and decryption keys for a multiple tier, variable key ladder (VKL) hierarchy, the system comprising:
- a headend configured to generate encrypted digital input media streams;
  
  a network coupled to the headend and configured to receive the encrypted digital input media streams; and
  
  at least one receiver coupled to the network and configured to receive the encrypted digital input media streams and present a decrypted version of the encrypted digital media streams, wherein at least one of the headend and the at least one receiver comprises a security processor configured to;
  
  determine a device key based on network connection and configuration data contained in conditional access system hardware or firmware;
  
  decrypt and extract a session or category key from an Entitlement Management Message (EMM) using the device key;
  
  decrypt and extract at least one of (i) a program key and (ii) at least one control word from an Entitlement Control Message (ECM) in the input media stream; and
  
  <
  
  configure a key ladder in response to the at least one control word, wherein the key ladder comprises the device key and at least one of (i) the program key, (ii) the session or category key, and (iii) the at least one control word.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The system of claim 9 wherein the key ladder configuration comprises at least one of (i) number of keys, (ii) key symmetry, and (iii) bit-count of keys.
  - 11. The system of claim 9 wherein the device key is determined at startup of the security processor.
  - 12. The system of claim 9 wherein the device is configured to be symmetric or asymmetric at a provisioning time or when the CAS firmware is loaded onto the security device.
  - 13. The system of claim 9 wherein the session key is symmetric.
  - 14. The system of claim 9 wherein the program key is contained in the ECM in the input media stream, and the session key is symmetric.
  - 15. The system of claim 9 wherein the encryption and decryption is implemented using at least one of triple Data Encryption Standard (DES) and Advanced Encryption Standard (AES) algorithms.
  - 16. The system of claim 9 wherein the variable key ladder comprises a combination of symmetric and asymmetric keys.
  - 17. The system of claim 16 wherein asymmetric keys are implemented only in a first tier of the key ladder to minimize decryption times of the input media stream and to minimize key generation times.

18. A processor for digital media security processing, the processor comprising:
- a selector for determining a device key based on network connection and configuration data contained in conditional access system firmware;
  
  a decryption operator for decrypting and extracting a program key from an input media stream using the device key; and
  
  at least one multiplexer for configuring a key ladder in response to at least one control word, wherein the key ladder comprises the device key and at least one of (i) a program key, (ii) the session key, and (iii) the at least one control word.
- View Dependent Claims (19, 20, 21)
- - 19. The processor of claim 18 further comprising at least one hash operator configured to hash at least a respective one of the session key and the at least one control word.
  - 20. The processor of claim 18 further comprising at least one exclusive OR (EXOR) operator configured to EXOR the session key and the at least one control word.
  - 21. The processor of claim 18 wherein the key ladder comprises combinations of symmetric and asymmetric keys and asymmetric keys are implemented only in a first tier of the key ladder to minimize decryption times of the input media stream and to minimize key generation times.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Original Assignee
Comcast Cable Holdings LLC (Comcast Corporation)
Inventors
Fahrny, James William

Granted Patent

US 7,933,410 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04N 21/26606   for generating or managing ...

H04N 21/4623   Processing of entitlement m...

Y04S 40/20   Information technology spec...

System and method for a variable key ladder

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for a variable key ladder

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links