REDUCED HIERARCHY KEY MANAGEMENT SYSTEM AND METHOD

US 20090052661A1
Filed: 10/21/2008
Published: 02/26/2009
Est. Priority Date: 08/09/2004
Status: Active Grant

First Claim

Patent Images

1. A controller comprising:

a decryption engine for receiving an encrypted media stream from a headend, wherein the encrypted media stream is encrypted with an encryption key and can be decrypted with a decryption key corresponding to the encryption key, wherein the decryption key can be determined from a selected content key;

wherein the decryption engine receives with the encrypted media stream an identifier indicative of the selected content key from the headend without receiving with the encrypted media stream either the decryption key or the selected content key;

a first memory containing a plurality of indexes received from the headend prior to the encrypted media stream being received by the decryption engine, wherein each index respectively corresponds to an identifier with one of the indexes corresponding to the identifier indicative of the selected content key;

a second memory containing a plurality of content keys received from the headend prior to the encrypted media stream being received by the decryption engine, wherein the plurality of content keys correspond to the indexes with one of the content keys corresponding to the index which corresponds to the identifier indicative of the selected content key;

wherein the decryption engine selects from the first memory the index corresponding to the identifier indicative of the selected content key in response receiving the encrypted media stream;

wherein the decryption engine determines from the second memory the selected content key from the selected index;

wherein the decryption engine determines the decryption key from the selected content key and decrypts the encrypted media stream with the decryption key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.

71 Citations

View as Search Results

20 Claims

1. A controller comprising:
- a decryption engine for receiving an encrypted media stream from a headend, wherein the encrypted media stream is encrypted with an encryption key and can be decrypted with a decryption key corresponding to the encryption key, wherein the decryption key can be determined from a selected content key;
  
  wherein the decryption engine receives with the encrypted media stream an identifier indicative of the selected content key from the headend without receiving with the encrypted media stream either the decryption key or the selected content key;
  
  a first memory containing a plurality of indexes received from the headend prior to the encrypted media stream being received by the decryption engine, wherein each index respectively corresponds to an identifier with one of the indexes corresponding to the identifier indicative of the selected content key;
  
  a second memory containing a plurality of content keys received from the headend prior to the encrypted media stream being received by the decryption engine, wherein the plurality of content keys correspond to the indexes with one of the content keys corresponding to the index which corresponds to the identifier indicative of the selected content key;
  
  wherein the decryption engine selects from the first memory the index corresponding to the identifier indicative of the selected content key in response receiving the encrypted media stream;
  
  wherein the decryption engine determines from the second memory the selected content key from the selected index;
  
  wherein the decryption engine determines the decryption key from the selected content key and decrypts the encrypted media stream with the decryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The controller of claim 1 wherein:
    - the first memory includes a content key index table which contains the plurality of indexes.
  - 3. The controller of claim 1 wherein:
    - the second memory includes a content key list which contains the plurality of content keys.
  - 4. The controller of claim 1 wherein:
    - the decryption engine, the first memory, and the second memory are part of a set-top-box.
  - 5. The controller of claim 1 wherein:
    - the identifier is a program identifier.
  - 6. The controller of claim 1 wherein:
    - the identifier is a video-on-demand identifier.
  - 7. The controller of claim 1 wherein:
    - the first memory receives the plurality of indexes from the headend in an entitlement management message downloaded from the headend to the first memory prior to the encrypted media stream being received by the decryption engine.
  - 8. The controller of claim 1 wherein:
    - the second memory receives the plurality of content keys from the headend in an entitlement management message downloaded from the headend to the second memory prior to the encrypted media stream being received by the decryption engine.
  - 9. The controller of claim 1 wherein:
    - the decryption engine determines the decryption key from the selected content key includes the decryption engine determining the decryption key from the selected content key and a working key modifier.
  - 10. The controller of claim 9 wherein:
    - the decryption engine determines the decryption key from the selected content key and the working key modifier using at least one of an exclusive OR (EXOR) and a hashing operator.
  - 11. The controller of claim 1 wherein:
    - the plurality of indexes comprise a plurality of initialization vector (“
      
      IV”
      
      ) values and the plurality of content keys comprise initialization vectors.

12. A method comprising:
- receiving at a controller an encrypted media stream from a headend remote from the controller, wherein the encrypted media stream is encrypted with an encryption key and can be decrypted with a decryption key corresponding to the encryption key, wherein the decryption key can be determined from a selected content key;
  
  receiving at the controller with the encrypted media stream an identifier indicative of the selected content key from the headend without receiving with the encrypted media stream either the decryption key or the selected content key;
  
  receiving at the controller a plurality of indexes from the headend prior to receiving the encrypted media stream, wherein each index respectively corresponds to an identifier with one of the indexes corresponding to the identifier indicative of the selected content key;
  
  receiving at the controller a plurality of content keys from the headend prior to receiving the encrypted media stream, wherein the plurality of content keys correspond to the indexes with one of the content keys corresponding to the index which corresponds to the identifier indicative of the selected content key;
  
  selecting by the controller the index corresponding to the identifier indicative of the selected content key in response receiving the encrypted media stream;
  
  determining by the controller the selected content key using the selected index;
  
  determining by the controller the decryption key from the selected content key; and
  
  decrypting by the controller the encrypted media stream with the decryption key.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12 wherein:
    - receiving at the controller the plurality of indexes from the headend prior to receiving the encrypted media stream includes receiving at the controller the plurality of indexes from the headend in an entitlement management message downloaded from the headend to the controller prior to receiving the encrypted media stream.
  - 14. The method of claim 12 wherein:
    - receiving at the controller the plurality of content keys from the headend prior to receiving the encrypted media stream includes receiving at the controller the plurality of content keys from the headend in an entitlement management message downloaded from the headend to the controller prior to receiving the encrypted media stream.

15. A system comprising:
- a headend; and
  
  a controller remotely located from the headend;
  
  wherein the headend encrypts a media stream with an encryption key to generate an encrypted media stream, wherein the encrypted media stream is encrypted with an encryption key and can be decrypted with a decryption key corresponding to the encryption key, wherein the decryption key can be determined from a selected content key;
  
  wherein the headend transmits the encrypted media stream with an identifier indicative of the selected content key to the controller without transmitting with the encrypted media stream either the decryption key or the selected content key;
  
  wherein prior to transmitting the encrypted media stream with the identifier to the controller, the headend transmits a plurality of indexes to the controller, wherein each index respectively corresponds to an identifier with one of the indexes corresponding to the identifier indicative of the selected content key;
  
  wherein prior to transmitting the encrypted media stream with the identifier to the controller, the headend transmits a plurality of content keys to the controller, wherein the plurality of content keys correspond to the indexes with one of the content keys corresponding to the index which corresponds to the identifier indicative of the selected content key;
  
  wherein the controller selects the index corresponding to the identifier indicative of the selected content key in response receiving the encrypted media stream, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the encrypted media stream with the decryption key.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15 further comprising:
    - a network;
      
      wherein the headend transmits the encrypted media stream with an identifier, the plurality of indexes to the controller, and the plurality of content keys over the network to the controller.
  - 17. The system of claim 15 wherein:
    - the controller is a set-top-box.
  - 18. The system of claim 15 wherein:
    - the controller is located at a subscriber location remote from the headend.
  - 19. The system of claim 15 wherein:
    - the headend transmits the plurality of indexes to the controller in an entitlement management message downloaded from the headend to the controller prior to the headend transmitting the encrypted media stream with the identifier to the controller.
  - 20. The system of claim 15 wherein:
    - the headend transmits the plurality of content keys to the controller in an entitlement management message downloaded from the headend to the controller prior to the headend transmitting the encrypted media stream with the identifier to the controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Original Assignee
Comcast Cable Holdings LLC (Comcast Corporation)
Inventors
Fahrny, James William, Compton, Charles L.

Granted Patent

US 7,970,132 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/42
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/0836   using tree structure or hie...

H04L 9/0897   involving additional device...

H04N 21/2347   involving video stream encr...

H04N 21/26613   for generating or managing ...

H04N 21/4405   involving video stream decr...

H04N 21/4623   Processing of entitlement m...

H04N 21/835   Generation of protective da...

H04N 7/162   Authorising the user termin...

H04N 7/1675   Providing digital key or au...

H04N 7/17309   Transmission or handling of...

REDUCED HIERARCHY KEY MANAGEMENT SYSTEM AND METHOD

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

REDUCED HIERARCHY KEY MANAGEMENT SYSTEM AND METHOD

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links