REDUCED HIERARCHY KEY MANAGEMENT SYSTEM AND METHOD
First Claim
1. A controller comprising:
- a decryption engine for receiving an encrypted media stream from a headend, wherein the encrypted media stream is encrypted with an encryption key and can be decrypted with a decryption key corresponding to the encryption key, wherein the decryption key can be determined from a selected content key;
wherein the decryption engine receives with the encrypted media stream an identifier indicative of the selected content key from the headend without receiving with the encrypted media stream either the decryption key or the selected content key;
a first memory containing a plurality of indexes received from the headend prior to the encrypted media stream being received by the decryption engine, wherein each index respectively corresponds to an identifier with one of the indexes corresponding to the identifier indicative of the selected content key;
a second memory containing a plurality of content keys received from the headend prior to the encrypted media stream being received by the decryption engine, wherein the plurality of content keys correspond to the indexes with one of the content keys corresponding to the index which corresponds to the identifier indicative of the selected content key;
wherein the decryption engine selects from the first memory the index corresponding to the identifier indicative of the selected content key in response receiving the encrypted media stream;
wherein the decryption engine determines from the second memory the selected content key from the selected index;
wherein the decryption engine determines the decryption key from the selected content key and decrypts the encrypted media stream with the decryption key.
2 Assignments
0 Petitions
Accused Products
Abstract
A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.
71 Citations
20 Claims
-
1. A controller comprising:
-
a decryption engine for receiving an encrypted media stream from a headend, wherein the encrypted media stream is encrypted with an encryption key and can be decrypted with a decryption key corresponding to the encryption key, wherein the decryption key can be determined from a selected content key; wherein the decryption engine receives with the encrypted media stream an identifier indicative of the selected content key from the headend without receiving with the encrypted media stream either the decryption key or the selected content key; a first memory containing a plurality of indexes received from the headend prior to the encrypted media stream being received by the decryption engine, wherein each index respectively corresponds to an identifier with one of the indexes corresponding to the identifier indicative of the selected content key; a second memory containing a plurality of content keys received from the headend prior to the encrypted media stream being received by the decryption engine, wherein the plurality of content keys correspond to the indexes with one of the content keys corresponding to the index which corresponds to the identifier indicative of the selected content key; wherein the decryption engine selects from the first memory the index corresponding to the identifier indicative of the selected content key in response receiving the encrypted media stream; wherein the decryption engine determines from the second memory the selected content key from the selected index; wherein the decryption engine determines the decryption key from the selected content key and decrypts the encrypted media stream with the decryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
receiving at a controller an encrypted media stream from a headend remote from the controller, wherein the encrypted media stream is encrypted with an encryption key and can be decrypted with a decryption key corresponding to the encryption key, wherein the decryption key can be determined from a selected content key; receiving at the controller with the encrypted media stream an identifier indicative of the selected content key from the headend without receiving with the encrypted media stream either the decryption key or the selected content key; receiving at the controller a plurality of indexes from the headend prior to receiving the encrypted media stream, wherein each index respectively corresponds to an identifier with one of the indexes corresponding to the identifier indicative of the selected content key; receiving at the controller a plurality of content keys from the headend prior to receiving the encrypted media stream, wherein the plurality of content keys correspond to the indexes with one of the content keys corresponding to the index which corresponds to the identifier indicative of the selected content key; selecting by the controller the index corresponding to the identifier indicative of the selected content key in response receiving the encrypted media stream; determining by the controller the selected content key using the selected index; determining by the controller the decryption key from the selected content key; and decrypting by the controller the encrypted media stream with the decryption key. - View Dependent Claims (13, 14)
-
-
15. A system comprising:
-
a headend; and a controller remotely located from the headend; wherein the headend encrypts a media stream with an encryption key to generate an encrypted media stream, wherein the encrypted media stream is encrypted with an encryption key and can be decrypted with a decryption key corresponding to the encryption key, wherein the decryption key can be determined from a selected content key; wherein the headend transmits the encrypted media stream with an identifier indicative of the selected content key to the controller without transmitting with the encrypted media stream either the decryption key or the selected content key; wherein prior to transmitting the encrypted media stream with the identifier to the controller, the headend transmits a plurality of indexes to the controller, wherein each index respectively corresponds to an identifier with one of the indexes corresponding to the identifier indicative of the selected content key; wherein prior to transmitting the encrypted media stream with the identifier to the controller, the headend transmits a plurality of content keys to the controller, wherein the plurality of content keys correspond to the indexes with one of the content keys corresponding to the index which corresponds to the identifier indicative of the selected content key; wherein the controller selects the index corresponding to the identifier indicative of the selected content key in response receiving the encrypted media stream, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the encrypted media stream with the decryption key. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification