Reduced Hierarchy Key Management System and Method

US 20110228942A1
Filed: 05/27/2011
Published: 09/22/2011
Est. Priority Date: 08/09/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a computing device, an encrypted media stream;

receiving, at the computing device, an identifier;

receiving, at the computing device, a plurality of indexes, wherein one of the indexes corresponds to the identifier;

storing the plurality of indexes in an index memory;

receiving, at the computing device, a plurality of content keys, wherein one of the content keys corresponds to the index that corresponds to the identifier;

storing the plurality of content keys in a content key memory;

selecting, by the computing device, the index corresponding to the identifier from the index memory;

selecting, by the computing device, a content key using the selected index from the content key memory;

generating, by the computing device, a decryption key based on the selected content key; and

decrypting, by the computing device, at least a portion of the encrypted media stream using the decryption key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.

73 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, at a computing device, an encrypted media stream;
  
  receiving, at the computing device, an identifier;
  
  receiving, at the computing device, a plurality of indexes, wherein one of the indexes corresponds to the identifier;
  
  storing the plurality of indexes in an index memory;
  
  receiving, at the computing device, a plurality of content keys, wherein one of the content keys corresponds to the index that corresponds to the identifier;
  
  storing the plurality of content keys in a content key memory;
  
  selecting, by the computing device, the index corresponding to the identifier from the index memory;
  
  selecting, by the computing device, a content key using the selected index from the content key memory;
  
  generating, by the computing device, a decryption key based on the selected content key; and
  
  decrypting, by the computing device, at least a portion of the encrypted media stream using the decryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein the plurality of indexes is received at the computing device in an entitlement management message prior to receiving the encrypted media stream.
  - 3. The method of claim 1 wherein the plurality of content keys is received at the computing device in an entitlement management message prior to receiving the encrypted media stream.
  - 4. The method of claim 1 wherein storing the plurality of indexes in the index memory results in the plurality of indexes being stored in an index table included in the index memory.
  - 5. The method of claim 1 wherein storing the plurality of content keys in the content key memory results in the plurality of content keys being stored in a content key list included in the content key memory.
  - 6. The method of claim 1 wherein the computing device is a set-top-box.
  - 7. The method of claim 1 wherein the identifier is a program identifier for a video program included in the encrypted media stream.
  - 8. The method of claim 1 wherein the identifier is a video-on-demand identifier.
  - 9. The method of claim 1 wherein the generating includes generating the decryption key as a function of the selected content key and a working key modifier.
  - 10. The method of claim 9 wherein the generating includes generating the decryption key as a function of the selected content key and the working key modifier using at least one of an exclusive OR (EXOR) operation and a hashing operation.
  - 11. The method of claim 1 wherein the plurality of indexes comprises a plurality of initialization vector (“
    - IV”
      
      ) values and the plurality of content keys comprises initialization vectors.

12. A controller comprising:
- digital circuitry configured to receive an encrypted media stream, wherein the encrypted media stream is encrypted with an encryption key and is configured to be decrypted with a decryption key corresponding to the encryption key, wherein the decryption key is configured to be determined from a selected content key;
  
  wherein the digital circuitry is configured to receive with the encrypted media stream an identifier indicative of the selected content key from without receiving with the encrypted media stream either the decryption key or the selected content key;
  
  a first non-transitory memory including a plurality of indexes received prior to the encrypted media stream being received by the digital circuitry, wherein each index respectively corresponds to an identifier, with one of the indexes corresponding to the identifier indicative of the selected content key; and
  
  a second non-transitory memory including a plurality of content keys received prior to the encrypted media stream being received by the digital circuitry, wherein the plurality of content keys correspond to the plurality of indexes, with one of the content keys corresponding to the index which corresponds to the identifier indicative of the selected content key;
  
  wherein the digital circuitry is configured to select from the first non-transitory memory the index corresponding to the identifier indicative of the selected content key in response to receiving the encrypted media stream;
  
  wherein the digital circuitry is configured to determine from the second non-transitory memory the selected content key using the selected index;
  
  wherein the digital circuitry is configured to determine the decryption key from the selected content key and decrypt the encrypted media stream with the decryption key.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The controller of claim 12 wherein:
    - the first non-transitory memory includes a content key index table which includes the plurality of indexes, andthe second non-transitory memory includes a content key list which includes the plurality of content keys.
  - 14. The controller of claim 12 wherein:
    - the digital circuitry, the first non-transitory memory, and the second non- transitory memory are part of a set-top-box.
  - 15. The controller of claim 12 wherein:
    - the first non-transitory memory receives the plurality of indexes in an entitlement management message downloaded to the first non-transitory memory prior to the encrypted media stream being received by the digital circuitry.
  - 16. The controller of claim 12 wherein:
    - determining the decryption key from the selected content key includes determining the decryption key from the selected content key and a working key modifier.
  - 17. The controller of claim 16 wherein:
    - the digital circuitry is configured to determine the decryption key from the selected content key and the working key modifier using an exclusive OR (EXOR) or a hashing operator.

18. A controller comprising:
- a processor,a memory storing executable instructions configured to, when executed by the processor, cause the controller to;
  
  receive an encrypted media stream,receive at the computing device an identifier from the provider,receive a plurality of indexes, wherein one of the indexes corresponds to the identifier,store the plurality of indexes in an index memory,receive a plurality of content keys, wherein one of the content keys corresponds to the index that corresponds to the identifier,store the plurality of content keys in a content key memory,select the index corresponding to the identifier from the index memory,select a content key using the selected index from the content key memory,generating a decryption key using the selected content key, anddecrypt at least a portion of the encrypted media stream using the decryption key.
- View Dependent Claims (19, 20)
- - 19. The controller of claim 18 wherein the memory further stores executable instructions configured to, when executed by the processor, cause the controller to:
    - extract the plurality of indexes from an entitlement management message.
  - 20. The controller of claim 18 wherein the memory further stores executable instructions configured to, when executed by the processor, cause the controller to:
    - extract the plurality of content keys from an entitlement management message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Original Assignee
Comcast Cable Holdings LLC (Comcast Corporation)
Inventors
Fahrny, James William, Compton, Charles L.

Granted Patent

US 11,115,709 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/0836   using tree structure or hie...

H04L 9/0897   involving additional device...

H04N 21/2347   involving video stream encr...

H04N 21/26613   for generating or managing ...

H04N 21/4405   involving video stream decr...

H04N 21/4623   Processing of entitlement m...

H04N 21/835   Generation of protective da...

H04N 7/162   Authorising the user termin...

H04N 7/1675   Providing digital key or au...

H04N 7/17309   Transmission or handling of...

Reduced Hierarchy Key Management System and Method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Reduced Hierarchy Key Management System and Method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links