NETWORK ENCRYPTION KEY ROTATION
First Claim
Patent Images
1. A key rotation method comprising:
- providing a key counter for key rotation at a station;
sending a key rotation communication to the station, the key rotation communication comprising a new network encryption key and an adjusted key counter, the key rotation communication being encrypted using a network membership key associated with the station;
wherein a station key counter is operable to be compared to the adjusted key counter to determine the authenticity of the key rotation communication.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for authenticating key rotation communications. Key rotation communications can include a key counter known to both a headend device and a station. Comparison between a local key counter and the key counter included in the key rotation communication can be used to authenticate the key rotation communication.
154 Citations
24 Claims
-
1. A key rotation method comprising:
-
providing a key counter for key rotation at a station; sending a key rotation communication to the station, the key rotation communication comprising a new network encryption key and an adjusted key counter, the key rotation communication being encrypted using a network membership key associated with the station; wherein a station key counter is operable to be compared to the adjusted key counter to determine the authenticity of the key rotation communication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 20)
-
-
11. A method comprising:
-
receiving an initial key counter; receiving a key rotation communication comprising a new network key and a remotely incremented key counter; locally incrementing the initial key counter; comparing the remotely incremented key counter and the locally incremented key counter; determining the authenticity of the key rotation communication based upon the comparison. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
21. A key rotation system comprising:
-
a network key generation module operable to generate a current network key; and a network key distribution module operable to distribute the current network key to a station, wherein the network key distribution module is further operable to include a current key counter with the current network key and to encrypt the current network key and current key counter using a network membership key, the network membership key being associated with the station; wherein the station is operable to authenticate the current network key based upon the current key rotation based upon a previously received key counter. - View Dependent Claims (22, 23)
-
-
24. A key authentication system, comprising:
-
an interface operable to receive a key rotation communication from a headend device; a decryption module operable to decrypt the key rotation communication to derive a new key and a headend key counter; a local key counter incrementing module operable to produce a locally incremented key counter based upon a previous key counter; an authentication module operable to authenticate the key rotation communication based upon a comparison between the headend key counter derived from the key rotation communication and the locally produced incremented key counter.
-
Specification