CONTENT PROTECTION KEY ENCRYPTOR FOR SECURITY PROVIDERS

US 20110091037A1
Filed: 10/16/2009
Published: 04/21/2011
Est. Priority Date: 10/16/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving at an encryption device from a control device an encryption request comprising a message and an identifier for a device, wherein the control device and the device are associated with a security provider that provides secure content to the device using the message encrypted with a device key that is securely embedded in the device and also stored on the encryption device, and wherein the encryption device is associated with a key provider and the device key is not divulged to the security provider;

retrieving at the encryption device the device key based on the identifier;

encrypting the message with the device key using a predetermined algorithm; and

sending the encrypted message to the control device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided to receive at an encryption device from a control device an encryption request comprising a message and an identifier for a device. The control device and the device are associated with a security provider that provides secure content to the device using the message encrypted with a device key that is securely embedded in the device and also stored on the encryption device. The encryption device is associated with a key provider and the device key is not divulged to the security provider. At the encryption device, the device key is retrieved based on the identifier. The message is encrypted with the device key using a predetermined algorithm, and the encrypted message is then sent to the control device.

Citations

20 Claims

1. A method comprising:
- receiving at an encryption device from a control device an encryption request comprising a message and an identifier for a device, wherein the control device and the device are associated with a security provider that provides secure content to the device using the message encrypted with a device key that is securely embedded in the device and also stored on the encryption device, and wherein the encryption device is associated with a key provider and the device key is not divulged to the security provider;
  
  retrieving at the encryption device the device key based on the identifier;
  
  encrypting the message with the device key using a predetermined algorithm; and
  
  sending the encrypted message to the control device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the predetermined algorithm is supplied by the security provider.
  - 3. The method of claim 1, wherein encrypting comprises encrypting the message with the device key using a secure hardware module within the encryption device provided by the security provider, and wherein the predetermined algorithm is embedded in the secure hardware module.
  - 4. The method of claim 1, wherein the predetermined algorithm comprises a plurality of encryption algorithms agreed upon by the security provider and the key provider, and further comprising selecting one of the plurality of encryption algorithms to encrypt the message.
  - 5. The method of claim 1, wherein the device key is programmed into a secure one-time programmable memory of the device during manufacture.
  - 6. The method of claim 1, wherein the message comprises a content protection key (CPK) and further comprising applying a predetermined transformation to the CPK prior to encrypting the CPK.
  - 7. The method of claim 1, wherein the message comprises a content protection key (CPK) and further comprising:
    - encrypting a control word with the CPK; and
      
      encrypting a service intended for the device with the control word.
  - 8. The method of claim 1, wherein the message comprises a content protection key (CPK) used to encrypt services in a cable system and further comprising:
    - encrypting a control word with the CPK at a headend facility; and
      
      encrypting a service intended for the device with the control word, wherein the device is a digital transport adapter in a customer premise.

9. An apparatus comprising:
- a storage device configured to securely store device identifiers and corresponding device keys;
  
  an interface configured to communicate with a control device associated with a security provider that provides secure content to a device using a message encrypted with a device key that is securely embedded in the device and stored on the storage device;
  
  a processor configured to;
  
  receive an encryption request from the control device comprising the message and an identifier for the device, wherein the apparatus is associated with a key provider and the device key is not divulged to the security provider;
  
  retrieve the device key from the storage device corresponding to the identifier;
  
  encrypt the message with the device key using a predetermined algorithm; and
  
  send the encrypted message to the control device;
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus of claim 9, wherein the processor is configured to encrypt the message using the predetermined algorithm that is supplied by the security provider.
  - 11. The apparatus of claim 9, wherein the processor is configured to encrypt the message using a secure hardware module provided by the security provider, and wherein the predetermined algorithm is embedded in the secure hardware module.
  - 12. The apparatus of claim 9, wherein the processor is configured to encrypt the message using a plurality of predetermined encryption algorithms agreed upon by the security provider and the key provider, and wherein the processor is further configured to select one of the plurality of encryption algorithms to encrypt the message.
  - 13. A system comprising the apparatus of claim 9, and further comprising the device, wherein the device key is programmed into a secure one-time programmable memory of the device during manufacture.
  - 14. A system comprising the apparatus of claim 9, and further comprising the control device, wherein the control device is configured to apply a predetermined transformation to the message comprising a content protection key (CPK) prior to encrypting the message.
  - 15. A system comprising the apparatus of claim 9, and further comprising the control device, wherein the control device is configured to:
    - encrypt a control word with the message; and
      
      direct that a service intended for the device be encrypted with the control word.
  - 16. A system comprising the apparatus of claim 9, and further comprising the control device residing in a cable system headend facility and the device comprising a digital transport adapter (DTA) residing in a customer premise, wherein the control device is configured to:
    - encrypt a control word with the message; and
      
      direct that a service intended for the DTA be encrypted with the control word.

17. A processor readable tangible medium encoded with instructions that, when executed by a processor, cause the processor to:
- receive at an encryption device from a control device an encryption request comprising a message and an identifier for a device, wherein the control device and the device are associated with a security provider that provides secure content to the device using the message encrypted with a device key that is securely embedded in the device and also stored on the encryption device, and wherein the encryption device is associated with a key provider, and the device key is not divulged to the security provider;
  
  retrieve at the encryption device the device key based on the identifier;
  
  encrypt the message with the device key using a predetermined algorithm; and
  
  send the encrypted message to the control device.
- View Dependent Claims (18, 19, 20)
- - 18. The processor readable tangible medium of claim 17, wherein the predetermined algorithm is supplied by the security provider.
  - 19. The processor readable tangible medium of claim 17, wherein the instructions that encrypt comprise instructions that cause the processor to encrypt using a secure hardware module within the encryption device provided by the security provider, and wherein the predetermined algorithm is embedded in the secure hardware module.
  - 20. The processor readable tangible medium of claim 17, wherein the predetermined algorithm comprises a plurality of encryption algorithms agreed upon by the security provider and the key provider, and further encoded with instructions that, when executed by a processor, cause the processor to select one of the plurality of encryption algorithms to encrypt the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tech 5 SAS
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Pinder, Howard G.

Granted Patent

US 8,837,726 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/255
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/0822   using key encryption key

H04L 9/083   involving central third par...

H04L 9/0897   involving additional device...

CONTENT PROTECTION KEY ENCRYPTOR FOR SECURITY PROVIDERS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CONTENT PROTECTION KEY ENCRYPTOR FOR SECURITY PROVIDERS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links