Security device and head end in conditional access system and method for controlling illegal use in the system

US 20060271950A1
Filed: 04/11/2006
Published: 11/30/2006
Est. Priority Date: 05/27/2005
Status: Active Grant

First Claim

Patent Images

1. A security device for a conditional access system (CAS), the device comprising:

a key database for storing a user key UK assigned to a subscriber; and

a decryptor for sequentially decrypting an update key E_UK(BK) encrypted with the user key UK, a channel management key E_BK(CMK) encrypted with the update key BK, and a control word E_CMK(CW) encrypted with the channel management key CMK, and outputting a control word CW;

wherein at least one of the update key BK, the channel management key CMK and the control word CB are received from a head end of a conditional access system, and the user key UK is received from the key database.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security device and a head end of a conditional access system (CAS), and a method for controlling illegal use of the conditional access system, capable of minimizing the number of entitlement management messages (EMMs) to be distributed from a head end to a user are provided. Update keys encrypted with user keys and channel management keys encrypted with the update keys are utilized.

33 Citations

View as Search Results

14 Claims

1. A security device for a conditional access system (CAS), the device comprising:
- a key database for storing a user key UK assigned to a subscriber; and
  
  a decryptor for sequentially decrypting an update key E_UK(BK) encrypted with the user key UK, a channel management key E_BK(CMK) encrypted with the update key BK, and a control word E_CMK(CW) encrypted with the channel management key CMK, and outputting a control word CW;
  
  wherein at least one of the update key BK, the channel management key CMK and the control word CB are received from a head end of a conditional access system, and the user key UK is received from the key database.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The device as claimed in claim 1, further comprising:
    - an entitlement information database for storing updatable entitlement information on the subscriber; and
      
      a comparator for comparing an access condition received from the head end to the stored entitlement information;
      
      wherein the comparator receives the control word CW from the decryptor and outputs the control word CW to a descrambler connected to the comparator, and the comparator controls the output of the control word CW to the descrambler according to a comparison result between the access condition and the entitlement information.
  - 3. The device as claimed in claim 2, wherein the access condition comprises an indication of a condition for legally using service provided to the subscriber, and the entitlement information comprises an indication of information on entitlement of a subscriber requesting the service, and the comparator outputs the control word CW to the descrambler only if the entitlement information matches the access condition.
  - 4. The device as claimed in claim 1, wherein, if a first set comprises at least one subscriber and at least one illegal user of a conditional access system, and a second set comprises the at least one subscriber, the second set being a subset of the first set, then, when the second set is decomposed into at least one subset and each of the subsets is assigned a subset user key, the user key UK stored in the key database is one of the assigned subset user keys SUKs, assigned to the decomposed subsets to which a subscriber having the security device belongs.
  - 5. The device as claimed in claim 1, wherein the encrypted channel management key E_BK(CMK) comprises a channel packing key E_BK(CPK) encrypted with the update key BK and a channel encryption key E_CPK(CEK) encrypted with the channel packing key CPK, the encrypted control word CW being encrypted with the channel encryption key CEK.
  - 6. The device as claimed in claim 1, wherein the user key UK stored in the key database comprises a master private key MPK and a broadcast user key BEK, the decryptor further receives a broadcast user key E_MPK(BEK) encrypted with the master private key MPK, and the encrypted update key E_UK(BK) received by the decryptor is an update key E_BEK(BK) encrypted with the broadcast user key BEK.
  - 7. The device as claimed in claim 1, wherein the stored user key UK in the key database comprises a master private key MPK, a private key PK, and a broadcast user key BEK, the decryptor further receives a private key PK encrypted with the master private key MPK and a broadcast user key E_PK(BEK) encrypted with the private key PK, and the encrypted update key E_UK(BK) received by the decryptor is an update key E_BEK(BK) encrypted with the broadcast user key BEK.

8. A head end for a conditional access system (CAS), the head end comprising:
- a key database for storing a user key UK assigned to a subscriber of a conditional access system;
  
  a generator for generating an update key BK, a channel management key CMK, and a control word CW;
  
  an encryptor for encrypting the update key BK with the user key UK, the channel management key CMK with the update key BK, and the control word CW with the channel management key CMK; and
  
  a transmitter for transmitting the encrypted update key E_UK(BK), the encrypted channel management key E_BK(CMK), and the encrypted control word E_CMK(CW) to the subscriber.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The head end as claimed in claim 8, if a first set comprises at least one subscriber and at least one illegal user of a conditional access system, and a second set comprises the at least one subscriber, the second set being a subset of the first set, then, when the second set is decomposed into at least one subset and each of the subsets is assigned a subset user key SUK, the user key UK is the assigned the subset user key SUK.
  - 10. The head end as claimed in claim 8, wherein the channel management key CMK comprises a channel packing key CPK and a channel encryption key CEK, the encryptor, encrypting the channel management key CMK with the update key BK, encrypts the channel packing key CPK with the update key BK and the channel encryption key CEK with the channel packing key CPK, and the encryptor, encrypting the control word CW with the channel management key CMK, encrypts the control word CW with the channel encryption key CEK.
  - 11. The head end as claimed in claim 8, wherein the user key UK comprises a master private key MPK and a broadcast user key BEK, the encryptor further encrypts the broadcast user key BEK with the master private key MPK, and the encryptor, encrypting the update key BK with the user key UK, encrypts the update key BK with the broadcast user key BEK.
  - 12. The head end as claimed in claim 8, wherein the user key UK comprises a master private key MPK, a private key PK and a broadcast user key BEK, the encryptor further encrypts the private key PK with the master private key MPK and the broadcast user key BEK with the private key PK, and the encryptor, encrypting the update key BK with the user key UK, encrypts the update key BK with the broadcast user key BEK.

13. A method for controlling illegal use of a conditional access system (CAS), the method comprising the steps of:
- distributing an update key BK, a channel management key CMK, and a control word CW to a subscriber of a conditional access system;
  
  encrypting an updated update key BKn with a user key UK of the subscriber, an updated channel management key CMKn with the updated update key BKn, and an updated control word CWn with the updated channel management key CMKn;
  
  redistributing the encrypted updated update key BKn, the updated channel management key CMKn, and the updated control word CWn to the subscriber; and
  
  sequentially decrypting the re-distributed encrypted update key E_UK(BKn), channel management key E_BK(CMKn), and control word E_CMK(CWn) with the user key UK of the subscriber; and
  
  updating the distributed update key BK, channel management key CMK, and control word CW with the updated update key BKn, updated channel management key CMKn, and updated control word CWn.
- View Dependent Claims (14)
- - 14. The method as claimed in claim 13, wherein, if a first set comprises at least one subscriber and at least one illegal user of a conditional access system, and a second set comprises the at least one subscriber, the second set being a subset of the first set, then, when the second set is decomposed into at least one subset and each of the subsets is assigned a subset user key, the user key UK is one of the assigned subset user keys SUK, assigned to the decomposed subsets to which the subscriber belongs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd. (Samsung Group)
Original Assignee
Samsung Electronics Co. Ltd. (Samsung Group)
Inventors
Kim, Dae-youb, Jin, Weon-il, Kim, Hwan-joon, Sung, Maeng-hee

Granted Patent

US 7,810,113 B2
Time in Patent Office

Days
Field of Search
US Class Current

725/31
CPC Class Codes

H04N 21/26606   for generating or managing ...

H04N 21/26613   for generating or managing ...

H04N 21/4181   for conditional access

H04N 7/163   by receiver means only

H04N 7/165   Centralised control of user...

H04N 7/1675   Providing digital key or au...

Security device and head end in conditional access system and method for controlling illegal use in the system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Security device and head end in conditional access system and method for controlling illegal use in the system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links