METHOD AND APPARATUS FOR SECURITY IN A DATA PROCESSING SYSTEM

US 20070116282A1
Filed: 01/24/2007
Published: 05/24/2007
Est. Priority Date: 08/20/2001
Status: Abandoned Application

First Claim

Patent Images

1. A remote station supporting broadcast services, comprising:

receive circuitry for receiving an encrypted packet of broadcast data;

a User Identification Module (UIM) coupled to the receive circuitry, comprising;

a secure memory storage unit, adapted for storing a broadcast access key; and

a processor adapted to decrypt the encrypted packet of broadcast data using the broadcast access key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and apparatus for secure transmissions. Each user is provided a registration key. A long-time updated broadcast key is encrypted using the registration key and provided periodically to a user. A short-time updated key is encrypted using the broadcast key and provided periodically to a user. Broadcasts are then encrypted using the short-time key, wherein the user decrypts the broadcast message using the short-time key. One embodiment provides link layer content encryption. Another embodiment provides end-to-end encryption.

134 Citations

View as Search Results

42 Claims

1. A remote station supporting broadcast services, comprising:
- receive circuitry for receiving an encrypted packet of broadcast data;
  
  a User Identification Module (UIM) coupled to the receive circuitry, comprising;
  
  a secure memory storage unit, adapted for storing a broadcast access key; and
  
  a processor adapted to decrypt the encrypted packet of broadcast data using the broadcast access key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The remote station as in claim 1, wherein the secure memory storage unit is further adapted to store a short term key associated with the encrypted packet of broadcast data, and wherein each short term key is associated with a first number.
  - 3. The remote station as in claim 2, wherein the processor is adapted to generate the short term key from the broadcast access key and the first number.
  - 4. The remote station as in claim 3, wherein the processor is further adapted to extract the packet of broadcast data using the short term key.
  - 5. The remote station as in claim 1, wherein the receiver is further adapted to receive the broadcast access key as an encrypted broadcast access key.
  - 6. The remote station as in claim 5, wherein the secure memory storage unit is further adapted for storing a root key, the root key being associated with the secure memory storage unit, and wherein the processor is further adapted to decrypt the encrypted broadcast access key using the root key.
  - 7. The remote station as in claim 6, wherein the encrypted broadcast access key is unique to the remote station.
  - 8. The remote station as in claim 7, wherein the root key is used for authentication.
  - 9. The remote station as in claim 6, wherein the processor is further adapted to determine a temporary key and decrypt the encrypted broadcast access key using the temporary key.
  - 10. The remote station as in claim 2, wherein the short term key is updated periodically having a first period.
  - 11. The remote station as in claim 10, wherein the broadcast access key is updated periodically having a second period greater than the first period.
  - 12. The remote station as in claim 11, wherein the receiver is adapted to receive a broadcast access key expiration indicator identifying the second period.
  - 13. The remote station as in claim 2, wherein the first number is a random number.
  - 14. The remote station as in claim 13, wherein the first number is generated as a function of time.
  - 15. The remote station as in claim 13, wherein the receiver is adapted to receive the first number with at least one encrypted packet of data.
  - 16. The remote station as in claim 1, wherein the remote station supports spread-spectrum communications.

17. A method for a remote station to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
- receiving a broadcast access key for the broadcast service;
  
  receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number;
  
  receiving the first number corresponding to the short-term key associated with the encrypted packet of data;
  
  generating the short-term key using the broadcast access key and the first number; and
  
  extracting a packet of data from the encrypted packet of data using the short-term key.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. A method as in claim 17, further comprising:
    - storing the broadcast access key in a secure memory storage unit.
  - 19. A method as in claim 17, further comprising:
    - encrypting the broadcast access key to form an encrypted broadcast access key; and
      
      storing the encrypted broadcast access key in a secure memory storage unit.
  - 20. The method as in claim 19, further comprising:
    - extracting the encrypted broadcast access key (EBAK) from the secure memory storage unit.
  - 21. The method as in claim 20, wherein encrypting the broadcast access key comprises:
    - storing a root key in the secure memory storage unit, wherein the root key is associated with the secure memory storage unit; and
      
      wherein extracting the encrypted broadcast access key further comprises;
      
      decrypting the EBAK based on the root key stored in the secure memory storage unit.
  - 22. The method as in claim 21, wherein the root key is also stored in a fifth server.

23. A method for encryption key management in a communication system supporting broadcast services, comprising:
- generating a short-term key using a broadcast access key; and
  
  encrypting a packet of data using the short-term key;
  
  broadcasting the encrypted packet of data.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. A method as in claim 23, wherein broadcasting the encrypted packet of data comprises:
    - forming the encrypted packet of data using the short-term key at a third server.
  - 25. A method as in claim 23, wherein generating the short-term key comprises:
    - generating the short-term key using the broadcast access key and a first number at a second server.
  - 26. The method of claim 25, wherein generating the short-term key further comprises:
    - determining a value of the first number at the second server.
  - 27. The method of claim 26, wherein determining the value of the first number comprises:
    - generating at least part of the first number at the second server.
  - 28. The method of claim 27, wherein generating at least part of the first number at the second server comprises:
    - generating all of the first number at the second server.
  - 29. The method of claim 27, further comprising:
    - sending the broadcast access key from a first server to a remote station.
  - 30. The method as in claim 23, further comprising:
    - sending the broadcast access key from a first server to a remote station.

31. A remote station adapted to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
- receiver adapted for;
  
  receiving a broadcast access key for the broadcast service;
  
  receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number;
  
  receiving the first number corresponding to the short-term key associated with the encrypted packet of data;
  
  generator adapted for generating the short-term key using the broadcast access key and the first number and means for extracting a packet of data from the encrypted packet of data using the short-term key.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38)
- - 32. The remote station as in claim 31, further comprising:
    - secure memory storage unit for storing the broadcast access key.
  - 33. The remote station as in claim 31, further comprising:
    - means for encrypting the broadcast access key to form an encrypted broadcast access key, wherein the secure memory storage unit is further adapted to store the encrypted broadcast access key.
  - 34. The remote station as in claim 33, further comprising:
    - means for extracting the encrypted broadcast access key (EBAK) from the secure memory storage unit.
  - 35. The remote station as in claim 34, wherein the means for encrypting the broadcast access key comprises:
    - means for storing a root key in the secure memory storage unit, wherein the root key is associated with the secure memory storage unit; and
      
      wherein the means for extracting the encrypted broadcast access key comprises;
      
      means for decrypting the EBAK based on the root key stored in the secure memory storage unit.
  - 36. The remote station as in claim 34, wherein the means for extracting the broadcast access key from the encrypted broadcast access key (EBAK) at the secure memory storage unit comprises:
    - means for receiving the encrypted broadcast access key and a second number and storing the encrypted broadcast access key and the second number in the secure memory storage unit.
  - 37. The remote station as in claim 34, wherein the means for extracting the encrypted broadcast access key (EBAK) from the secure memory storage unit comprises:
    - means for determining a Temporary Key (TK);
      
      means for storing the TK in the secure memory storage unit; and
      
      means for decrypting the EBAK using the TK to form the Broadcast Access Key (BAK).
  - 38. The remote station as in claim 37, wherein the means for determining the TK comprises:
    - means for determining the TK associated with a second number stored in the secure memory storage unit.

39. A wireless apparatus adapted for encryption key management in a communication system supporting broadcast services, comprising:
- means for generating a short-term key using a broadcast access key;
  
  means for encrypting a packet of data using the short-term key; and
  
  means for broadcasting the encrypted packet of data.
- View Dependent Claims (40, 41, 42)
- - 40. The wireless apparatus as in claim 39, further comprising:
    - means for forming an Encrypted Broadcast Access Key (EBAK) from the broadcast access key at a first server; and
      
      means for transmitting the encrypted broadcast access key.
  - 41. The wireless apparatus of claim 39, wherein broadcasting the encrypted packet of data and the associated first number comprises:
    - sending the first number with each encrypted packet of data.
  - 42. The wireless apparatus of claim 39, wherein broadcasting the encrypted packet of data and the first number comprises:
    - sending the first number with at least one encrypted packet of data; and
      
      sending at least one encrypted packet of data without the first number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Rezaiifar, Ramin, Agashe, Parag, Wang, Jun, Hsu, Raymond, Bender, Paul, Quick, Roy, Rose, Gregory, Hawkes, Philip, Mahendran, Arungundram

Application Number

US11/626,822
Publication Number

US 20070116282A1
Time in Patent Office

Days
Field of Search
US Class Current

380/239
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 12/189   in combination with wireles...

H04L 2209/601   Broadcast encryption

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/045   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/065   for group communications cr...

H04L 63/08   for authentication of entit...

H04L 63/104   Grouping of entities

H04L 63/164   at the network layer

H04L 9/0822   using key encryption key

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/30   Public key, i.e. encryption...

H04L 9/321   involving a third party or ...

H04N 21/2347   involving video stream encr...

H04N 21/26606   for generating or managing ...

H04N 21/4405   involving video stream decr...

H04N 21/4623   Processing of entitlement m...

H04N 21/835 : Generation of protective da...

H04N 7/1675 : Providing digital key or au...

H04W 12/02 : Protecting privacy or anony...

H04W 12/033 : of the user plane, e.g. use...

H04W 12/0431 : Key distribution or pre-dis...

H04W 12/069 : using certificates or pre-s...

H04W 4/06 : Selective distribution of b...

View All

METHOD AND APPARATUS FOR SECURITY IN A DATA PROCESSING SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

134 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR SECURITY IN A DATA PROCESSING SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

134 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links