Cable Television Secure Communication System for One Way Restricted Access

US 20100262988A1
Filed: 02/24/2009
Published: 10/14/2010
Est. Priority Date: 02/24/2009
Status: Active Grant

First Claim

Patent Images

1-31. -31. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus permit a one-way downloadable security for electronic signals such as cable television, free-to-air, direct broadcast satellite, electronic device enablement, and other services. The system can allow a broadcast transmission capability (1) to provide an encrypted signal to an individual reception capability (2) in a manner that maintains the full security of a traditional decryption key process while completely eliminating any need for a trusted authority. By including a nascent decryption key generator that may create a secure, key-based environment from an unsecure individualized information transmission (12), a sequence of key(s) from a root key(s) to a derived key(s) to a temporary key(s) and ultimately to a fully random key(s) can be generated in activating a device or a decryption capability for a subscriber.

Citations

225 Claims

1-31. -31. (canceled)

32. A method of providing restricted access to an electronic signal comprising the steps of:
- establishing a transmission capability for an encrypted signal;
  
  establishing an individual reception capability responsive to a completely unknown decryption key;
  
  providing unsecure individualized information from said individual reception capability;
  
  nascently generating said completely unknown decryption key at least partially from said unsecure individualized information;
  
  activating decryption processing of said encrypted signal as a result of said step of nascently generating said completely unknown decryption key; and
  
  physically unlocking access to said encrypted signal at said individual reception capability.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 65, 68, 69, 71, 83, 84, 85, 86, 87, 91, 93, 97, 98, 99, 100, 101, 102, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 131, 132, 133, 134)
- - 33. A method of providing restricted access to an electronic signal as described in claim 32 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises the step of adding cryptographic entropy for said decryption key.
  - 34. A method of providing restricted access to an electronic signal as described in claim 33 wherein said step of adding cryptographic entropy for said decryption key comprises the step of utilizing provider information.
  - 35. A method of providing restricted access to an electronic signal as described in claim 34 wherein said step of utilizing provider information to add cryptographic entropy comprises the step of utilizing a secure system wide cryptographic key.
  - 36. A method of providing restricted access to an electronic signal as described in claim 35 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises the step of establishing a cryptographic key using said unsecure individualized information and said secure system wide key as inputs to a cryptographic encryption function.
  - 37. A method of providing restricted access to an electronic signal as described in claim 36 wherein said step of establishing a cryptographic key comprises the step of establishing at least one derived cryptographic key.
  - 38. A method of providing restricted access to an electronic signal as described in claim 36 wherein said step of establishing an individual reception capability comprises the step of establishing an individual reception capability having a security process capability and wherein said step of providing unsecure individualized information from said individual reception capability comprises the step of providing individualized security process capability identification information.
  - 39. A method of providing restricted access to an electronic signal as described in claim 38 wherein said step of establishing an individual reception capability comprises the step of establishing an individual reception capability having a signal process capability and wherein said step of providing unsecure individualized information from said individual reception capability further comprises the step of providing individualized signal process capability identification information.
  - 40. A method of providing restricted access to an electronic signal as described in claim 39 and further comprising the step of transmitting said encrypted signal from a signal origination point transmitter, and wherein said step of utilizing provider information further comprises the step of utilizing signal origination point identification information.
  - 41. A method of providing restricted access to an electronic signal as described in claim 40 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises the step of establishing a cryptographic key using said derived cryptographic key and said signal origination point identification information as inputs to an encryption hash function.
  - 42. A method of providing restricted access to an electronic signal as described in claim 40 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises the step of establishing a cryptographic key using said derived cryptographic key and said signal origination point identification information as inputs to a cryptographic encryption function.
  - 43. A method of providing restricted access to an electronic signal as described in claim 41 wherein said step of establishing a cryptographic key comprises the step of establishing at least one ephemeral cryptographic key.
  - 44. A method of providing restricted access to an electronic signal as described in claim 43 wherein said step of transmitting said encrypted signal from a signal origination point transmitter comprises the step of securely communicating using said at least one ephemeral cryptographic key.
  - 45. A method of providing restricted access to an electronic signal as described in claim 44 and further comprising the step of generating at least one random decryption key.
  - 46. A method of providing restricted access to an electronic signal as described in claim 45 wherein said step of securely communicating using said at least one ephemeral cryptographic key comprises the step of securely sending said at least one random decryption key encrypted by said at least one ephemeral cryptographic key.
  - 47. A method of providing restricted access to an electronic signal as described in claim 46 wherein said step of securely sending said at least one random decryption key encrypted by said at least one ephemeral cryptographic key comprises the step of immediately sending said at least one random decryption key encrypted by said at least one ephemeral cryptographic key.
  - 48. A method of providing restricted access to an electronic signal as described in claim 47 wherein said step of activating decryption processing comprises the step of activating decryption processing based upon said at least one random decryption key.
  - 49. A method of providing restricted access to an electronic signal as described in claim 45 wherein said step of generating at least one random decryption key comprises the steps of:
    - generating a security process capability random cryptographic key; and
      
      generating a signal process capability random cryptographic key.
  - 50. A method of providing restricted access to an electronic signal as described in claim 49 wherein said step of physically unlocking access to said encrypted signal at said individual reception capability comprises the step of allowing continued access to said encrypted signal at said individual reception capability based upon both said security process capability random cryptographic key and said signal process capability random cryptographic key.
  - 51. A method of providing restricted access to an electronic signal as described in claim 32 and further comprising the step of selecting a secure system wide cryptographic key from among a plurality of secure system wide cryptographic keys.
  - 65. A method of providing restricted access to an electronic signal as described in claim 32 wherein said step of establishing a broadcast transmission capability for an encrypted signal comprises the step of establishing at least one cable informational service signal origination point facility for an encrypted cable informational service signal, and wherein said step of establishing an individual reception capability responsive to a completely unknown decryption key comprises the step of establishing a conditional access television device receiver configured to receive said encrypted cable informational service signal.
  - 68. A method of providing restricted access to an electronic signal as described in claim 32 wherein said step of establishing a broadcast transmission capability for an encrypted signal comprises the step of establishing an electronic device enabling facility, and wherein said step of establishing an individual reception capability responsive to a completely unknown decryption key comprises the step of establishing a conditionally operable electronic device configured to receive a service enablement signal, and wherein said step of physically unlocking access to said encrypted signal at said individual reception capability comprises the step of physically unlocking at least some capability for said electronic device as a result of said decryption key.
  - 69. A method of providing restricted access to an electronic signal as described in claim 32 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises the step of generating a cryptographic key by mathematically functioning at least two items of information.
  - 71. A method of providing restricted access to an electronic signal as described in claim 65 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises the step of multi-step mathematically manipulating items to support creation of a cryptographic key.
  - 83. A method of providing restricted access to an electronic signal as described in claim 49 and further comprising the step of assessing continued operability based upon either of said random cryptographic keys.
  - 84. A method of providing restricted access to an electronic signal as described in claim 83 wherein said step of assessing continued operability based upon either of said random cryptographic keys comprises the step of checking for a change in signal origination point identification information.
  - 85. A method of providing restricted access to an electronic signal as described in claim 84 and further comprising the step of re-generating a completely unknown decryption key at least partially from said unsecure individualized information in the event of a change in said signal origination point identification information.
  - 86. A method of providing restricted access to an electronic signal as described in claim 85 wherein said step of re-generating a completely unknown decryption key is accomplished in response to a step of re-issuing said unsecure individualized information from said individual reception capability.
  - 87. A method of providing restricted access to an electronic signal as described in claim 69 and further comprising the step of discerning the existence of a location change for said individual reception capability.
  - 91. A method of providing restricted access to an electronic signal as described in claim 32 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises the step of integrating said unsecure individualized information and provider commonality information into a cryptographic operation.
  - 93. A method of providing restricted access to an electronic signal as described in claim 91 wherein said step of integrating said unsecure individualized information and provider commonality information into a cryptographic operation comprises the step of integrating said unsecure individualized information and secure provider commonality information into a cryptographic operation.
  - 97. A method of providing restricted access to an electronic signal as described in claim 32 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises the step of utilizing multiple unsecure individualized information codes.
  - 98. A method of providing restricted access to an electronic signal as described in claim 97 wherein said step of multiple unsecure individualized information codes comprises the steps of:
    - utilizing a first item of unsecure individualized information in a cryptographic operation; and
      
      utilizing a second item of unsecure individualized information in a cryptographic operation.
  - 99. A method of providing restricted access to an electronic signal as described in claim 98 wherein said step of utilizing a first item of unsecure individualized information in a cryptographic operation comprises the step of providing first process capability individualized identification information.
  - 100. A method of providing restricted access to an electronic signal as described in claim 99 wherein said step of utilizing a second item of unsecure individualized information in a cryptographic operation comprises the step of providing second process capability individualized identification information.
  - 101. A method of providing restricted access to an electronic signal as described in claim 100 wherein said step of providing first process capability individualized identification information comprises the step of providing individualized security process capability identification information.
  - 102. A method of providing restricted access to an electronic signal as described in claim 101 wherein said step of providing second process capability individualized identification information comprises the step of providing individualized signal process capability identification information.
  - 111. A method of providing restricted access to an electronic signal as described in claim 32 wherein said step of nascently generating said completely unknown decryption key from said unsecure individualized information comprises the step of cryptographically operating on said unsecure individualized information as at least part of discerning said completely unknown decryption key.
  - 112. A method of providing restricted access to an electronic signal as described in claim 111 wherein said step of cryptographically operating on said unsecure individualized information as at least part of discerning said completely unknown decryption key comprises the step of cryptographically operating on provider information as at least part of discerning said completely unknown decryption key.
  - 113. A method of providing restricted access to an electronic signal as described in claim 112 wherein said steps of cryptographically operating on said unsecure individualized information as at least part of discerning said completely unknown decryption key and cryptographically operating on said provider information as at least part of discerning said completely unknown decryption key comprises the step of operating an encryption function utilizing said unsecure individualized information and said provider information.
  - 114. A method of providing restricted access to an electronic signal as described in claim 113 wherein said step of utilizing provider information further comprises the step of utilizing signal origination point identification information, and wherein said step of operating an encryption function utilizing said unsecure individualized information and said provider information comprises the step of establishing at least one derived cryptographic key, and wherein said step of nascently generating said completely unknown decryption key from said unsecure individualized information comprises the step of secondarily cryptographically operating on said at least one derived cryptographic key and said signal origination point identification information as at least part of discerning said completely unknown decryption key.
  - 115. A method of providing restricted access to an electronic signal as described in claim 114 wherein said step of secondarily cryptographically operating on said at least one derived cryptographic key and said signal origination point identification information comprises the step of cryptographically hashing said at least one derived cryptographic key and said signal origination point identification information.
  - 116. A method of providing restricted access to an electronic signal as described in claim 115 wherein said step of cryptographically hashing said at least one derived cryptographic key and said signal origination point identification information comprises the step of establishing at least one ephemeral cryptographic key.
  - 117. A method of providing restricted access to an electronic signal as described in claim 114 wherein said step of secondarily cryptographically operating on said at least one derived cryptographic key and said signal origination point identification information comprises the step of cryptographically encrypting said at least one derived cryptographic key together with said signal origination point identification information.
  - 118. A method of providing restricted access to an electronic signal as described in claim 117 wherein said step of cryptographically encrypting said at least one derived cryptographic key together with said signal origination point identification information comprises the step of comprises the step of establishing at least one ephemeral cryptographic key.
  - 119. A method of providing restricted access to an electronic signal as described in claim 116 and further comprising the step of generating at least one random decryption key.
  - 120. A method of providing restricted access to an electronic signal as described in claim 119 and further comprising the step of securely communicating said at least one random decryption key using said at least one ephemeral cryptographic key.
  - 121. A method of providing restricted access to an electronic signal as described in claim 111 and further comprising the step of selecting an item of provider information from among a plurality of secure items of provider information.
  - 122. A method of providing restricted access to an electronic signal as described in claim 121 wherein said step of selecting an item of provider information from among a plurality of secure items of provider information comprises the step of indicating a segment of secure cryptographic code to be utilized.
  - 123. A method of providing restricted access to an electronic signal as described in claim 111 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises the step of utilizing multiple unsecure individualized information codes.
  - 124. A method of providing restricted access to an electronic signal as described in claim 123 wherein said step of multiple unsecure individualized information codes comprises the steps of:
    - utilizing a first item of unsecure individualized information in a cryptographic operation; and
      
      utilizing a second item of unsecure individualized information in a cryptographic operation.
  - 125. A method of providing restricted access to an electronic signal as described in claim 124 wherein said step of providing first process capability individualized identification information comprises the step of providing individualized security process capability identification information, and wherein said step of providing second process capability individualized identification information comprises the step of providing individualized signal process capability identification information.
  - 131. A method of providing restricted access to an electronic signal as described in claim 32 and further comprising the step of generating a broadcast facility selected new cipher key for use between said individual reception capability and said broadcast facility.
  - 132. A method of providing restricted access to an electronic signal as described in claim 131 wherein said step of generating a broadcast facility selected new cipher key for use between said individual reception capability and said broadcast facility comprises the step of establishing a potential compromise event triggered key regeneration capability within said broadcast facility.
  - 133. A method of providing restricted access to an electronic signal as described in claim 32 and further comprising the step of securely delivering a conditional access component to said individual reception capability.
  - 134. A method of providing restricted access to an electronic signal as described in claim 133 wherein said step of securely delivering a conditional access component to said individual reception capability comprises the step of activating secure bootloader functionality at said individual reception capability.

52-64. -64. (canceled)

66-67. -67. (canceled)

70. (canceled)

72-82. -82. (canceled)

88-90. -90. (canceled)

92. (canceled)

94-96. -96. (canceled)

103-110. -110. (canceled)

126-130. -130. (canceled)

135. A system for restricted access to an electronic signal comprising:
- a transmission facility configured to generate an encrypted signal;
  
  at least one individual reception capability responsive to a completely unknown decryption key;
  
  an unsecure individualized information transmission to which said transmission facility is responsive;
  
  a nascent decryption key generator responsive to said unsecure individualized information transmission;
  
  a transmitter responsive to said nascent decryption key generator;
  
  an individual subscriber receiver responsive to said transmitter; and
  
  a subscriber decryption processor responsive to said completely unknown decryption key and configured to physically unlock access to said encrypted signal at said individual reception capability.
- View Dependent Claims (136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 156, 174, 176, 185, 186, 187, 188, 189, 190, 191, 192, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 222, 223, 224)
- - 136. A system for restricted access to an electronic signal as described in claim 135 wherein said nascent decryption key generator is manipulatively responsive to said unsecure individualized information transmission.
  - 137. A system for restricted access to an electronic signal as described in claim 136 and further comprising an unsecure individualized information generator for said individual reception capability.
  - 138. A system for restricted access to an electronic signal as described in claim 135 wherein said nascent decryption key generator comprises a cryptographic decryption key entropy addition generator.
  - 139. A system for restricted access to an electronic signal as described in claim 138 and further comprising a provider information input to which said nascent decryption key generator is responsive.
  - 140. A system for restricted access to an electronic signal as described in claim 139 wherein said provider information input comprises a secure system wide cryptographic key input.
  - 141. A system for restricted access to an electronic signal as described in claim 140 and further comprising:
    - a unsecure individualized information input; and
      
      a secure system wide key input, andwherein said nascent decryption key generator comprises a cryptographic encryption processer responsive to said unsecure individualized information input and said secure system wide key input.
  - 142. A system for restricted access to an electronic signal as described in claim 141 wherein said cryptographic encryption processer comprises at least one derived cryptographic key.
  - 143. A system for restricted access to an electronic signal as described in claim 141 wherein said individual reception capability comprises a security processor, and wherein said unsecure individualized information transmission comprises an individualized security process capability identification information transmission.
  - 144. A system for restricted access to an electronic signal as described in claim 143 wherein said individual reception capability further comprises a signal processor, and wherein said unsecure individualized information transmission comprises an individualized signal process capability identification information transmission.
  - 145. A system for restricted access to an electronic signal as described in claim 144 and further comprising a signal origination point information transmitter, and wherein said provider information input further comprises a signal origination point identification information input.
  - 146. A system for restricted access to an electronic signal as described in claim 145 and further comprising:
    - a signal origination point identification information input to which said nascent decryption key generator is responsive;
      
      at least one derived key input to which said nascent decryption key generator is responsive, andwherein said nascent decryption key generator comprises an encryption hash function processor responsive to said signal origination point identification information input and said at least one derived key input.
  - 147. A system for restricted access to an electronic signal as described in claim 145 and further comprising:
    - a signal origination point identification information input to which said nascent decryption key generator is responsive;
      
      at least one derived key input to which said nascent decryption key generator is responsive, andwherein said nascent decryption key generator comprises a cryptographic encryption function processor responsive to said signal origination point identification information input and said at least one derived key input.
  - 148. A system for restricted access to an electronic signal as described in claim 146 wherein said nascent decryption key generator establishes at least one ephemeral cryptographic key.
  - 149. A system for restricted access to an electronic signal as described in claim 148 wherein said signal origination point information transmitter is responsive to said at least one ephemeral cryptographic key.
  - 150. A system for restricted access to an electronic signal as described in claim 149 and further comprising at least one random decryption key generator.
  - 151. A system for restricted access to an electronic signal as described in claim 150 wherein said nascent decryption key generator comprises a secure random decryption key transmitter cryptographically responsive to said at least one ephemeral cryptographic key and said at least one random decryption key generator.
  - 152. A system for restricted access to an electronic signal as described in claim 151 wherein said secure random decryption key transmitter is configured to serve as a transient ephemeral cryptographic key based secure random decryption key transmitter.
  - 153. A system for restricted access to an electronic signal as described in claim 152 wherein said subscriber decryption processor comprises an enduring operation random decryption key based decryption processor.
  - 154. A system for restricted access to an electronic signal as described in claim 150 wherein said at least one random decryption key generator comprises:
    - a security process capability random cryptographic key generator; and
      
      a signal process capability random cryptographic key generator.
  - 156. A system for restricted access to an electronic signal as described in claim 135 and further comprising a secure system wide cryptographic key multiple option selector.
  - 174. A system for restricted access to an electronic signal as described in claim 135 wherein said comprises an at least dual information input mathematically functional cryptographic key generator.
  - 176. A system for restricted access to an electronic signal as described in claim 135 wherein said nascent decryption key generator comprises a multi-step mathematically functional cryptographic key generator.
  - 185. A system for restricted access to an electronic signal as described in claim 138 wherein said nascent decryption key generator comprises an at least two dimensional cipher key derivation processor.
  - 186. A system for restricted access to an electronic signal as described in claim 185 wherein said at least two dimensional cipher key derivation processor comprises:
    - at least some reception facility information input; and
      
      at least some broadcast facility information input.
  - 187. A system for restricted access to an electronic signal as described in claim 186 wherein said at least some reception facility information input is selected from a group consisting of:
    - an individualized security process capability identification information input;
      
      an individualized signal process capability identification information input; and
      
      both an individualized security process capability identification information input and an individualized signal process capability identification information input,and wherein said at least some broadcast facility information input is selected from a group consisting of;
      
      a secure system wide cryptographic key information input;
      
      a signal origination point identification information input; and
      
      both a secure system wide cryptographic key information input and a signal origination point identification information input.
  - 188. A system for restricted access to an electronic signal as described in claim 135 and further comprising a potential key compromise assessor.
  - 189. A system for restricted access to an electronic signal as described in claim 188 wherein said potential key compromise assessor comprises a signal origination point identification information change assessor.
  - 190. A system for restricted access to an electronic signal as described in claim 189 and further comprising a nascent decryption key re-generator responsive to an unsecure individualized information transmission and said signal origination point identification information change comparator.
  - 191. A system for restricted access to an electronic signal as described in claim 190 wherein said nascent decryption key re-generator comprises an unsecure individualized information re-issue command.
  - 192. A system for restricted access to an electronic signal as described in claim 174 and further comprising a location change assessor for said individual reception capability.
  - 210. A system for restricted access to an electronic signal as described in claim 135 wherein said nascent decryption key generator comprises an individualized information cryptographic transformation processor.
  - 211. A system for restricted access to an electronic signal as described in claim 210 wherein said individualized information cryptographic transformation processor further comprises a provider information cryptographic transformation processor.
  - 212. A system for restricted access to an electronic signal as described in claim 211 wherein said cryptographic transformation processor comprises an encryption operation function processor.
  - 213. A system for restricted access to an electronic signal as described in claim 212 wherein said nascent decryption key generator comprises a secondary provider information cryptographic transformation processor.
  - 214. A system for restricted access to an electronic signal as described in claim 213 wherein said secondary provider information cryptographic transformation processor comprises an encryption hash function processor.
  - 215. A system for restricted access to an electronic signal as described in claim 214 wherein said nascent decryption key generator comprises at least one ephemeral cryptographic key generator.
  - 216. A system for restricted access to an electronic signal as described in claim 213 wherein said secondary provider information cryptographic transformation processor comprises a cryptographic encryption function processor.
  - 217. A system for restricted access to an electronic signal as described in claim 215 wherein said cryptographic encryption function processor comprises at least one ephemeral cryptographic key generator.
  - 218. A system for restricted access to an electronic signal as described in claim 215 and further comprising a random decryption key generator.
  - 219. A system for restricted access to an electronic signal as described in claim 218 and further comprising a secure decryption key transmitter cryptographically responsive to said at least one ephemeral cryptographic key generator and configured to transmit a random decryption key.
  - 220. A system for restricted access to an electronic signal as described in claim 210 and further comprising a secure system wide cryptographic key multiple option selector.
  - 222. A system for restricted access to an electronic signal as described in claim 210 wherein said unsecure individualized information transmission comprises a multiple unsecure individualized information code transmission.
  - 223. A system for restricted access to an electronic signal as described in claim 222 wherein said multiple unsecure individualized information code transmission comprises:
    - a first item of unsecure individualized information transmission; and
      
      a second item of unsecure individualized information transmission.
  - 224. A system for restricted access to an electronic signal as described in claim 223 wherein said first item of unsecure individualized information transmission comprises a first process capability individualized identification information transmission, and wherein said second item of unsecure individualized information transmission comprises a second process capability individualized identification information transmission.

155. (canceled)

157-173. -173. (canceled)

175. (canceled)

177-184. -184. (canceled)

193-209. -209. (canceled)

221. (canceled)

225-244. -244. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
William D. Bauer
Original Assignee
Beyond Broadband Technology LLC
Inventors
Bauer, William D., Eder, David W., White, Donovan Steve

Granted Patent

US 8,503,675 B2
Time in Patent Office

Days
Field of Search
US Class Current

725/26
CPC Class Codes

H04L 9/0866   involving user or device id...

H04L 9/088   Usage controlling of secret...

H04N 21/26613   for generating or managing ...

H04N 21/4181   for conditional access

H04N 21/4623   Processing of entitlement m...

H04N 7/17309   Transmission or handling of...

Cable Television Secure Communication System for One Way Restricted Access

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

225 Claims

Specification

Solutions

Use Cases

Quick Links

Cable Television Secure Communication System for One Way Restricted Access

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

225 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links