Key Derivation for Secure Communications

US 20120084806A1
Filed: 09/30/2010
Published: 04/05/2012
Est. Priority Date: 09/30/2010
Status: Active Grant

First Claim

Patent Images

1. A security device, comprising:

a first memory storage storing a device security key; and

a first processor configured to;

encrypt the device security key using a first seed value to derive a first derived key, and store the first derived key in a second memory storage area of the device; and

in response to a compromise of the first derived key, re-encrypt the device security key using a second seed value to derive a second derived key, and store the second derived key in the second memory storage of the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system is disclosed in which a device-specific key value is provided to a security processing device, and then used to derive additional derived keys for use in secured communications. In response to identifying a compromise of the derived keys, the system can be instructed to derive new or replacement derived keys for use in the secured communications. In some embodiments, the security system can be used in a video reception device, to decrypt encrypted video content.

31 Citations

View as Search Results

20 Claims

1. A security device, comprising:
- a first memory storage storing a device security key; and
  
  a first processor configured to;
  
  encrypt the device security key using a first seed value to derive a first derived key, and store the first derived key in a second memory storage area of the device; and
  
  in response to a compromise of the first derived key, re-encrypt the device security key using a second seed value to derive a second derived key, and store the second derived key in the second memory storage of the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The device of claim 1, further comprising an external interface configured to communicate with an external security processor, wherein the first processor is further configured to perform the following:
    - establish a secure communication session with the external security processor; and
      
      use the secure communication session to transmit the first derived key to the external security processor.
  - 3. The device of claim 2, wherein the external security processor is configured to decrypt and process encrypted video using the first derived key.
  - 4. The device of claim 2, wherein the processor is further configured to terminate the secure session in response to the compromise, and to use the second derived key with a replacement external security processor.
  - 5. The device of claim 2, wherein the external security processor comprises a smart card.
  - 6. The device of claim 1, wherein the device is a video content reception device.
  - 7. The device of claim 1, wherein the first memory storage area is a one-time programmable memory.
  - 8. The device of claim 1, wherein the first memory storage area and second memory storage area are physically separate memories.
  - 9. The device of claim 1, wherein the first and second memory storage areas include different types of security protection.
  - 10. The device of claim 9, wherein the first and second memory storage areas are encrypted with different encryption keys.
  - 11. The device of claim 1, wherein the processor is configured to receive the second seed value from an external source.
  - 12. The device of claim 1, wherein the device security key is unique to the device.
  - 13. The device of claim 1, wherein the device security key is common to a plurality of other devices, and wherein the processor is further configured to derive the second derived key in response to a global compromise of the first derived key.

14. A security method, comprising:
- encrypting, by a computing processor, a device key stored in a device'"'"'s first memory to derive a first derived key for the device;
  
  using the first derived key for multiple communication sessions involving the device; and
  
  in response to a key compromise, performing a second encryption of the device key to derive a second derived key for the device, the second derived key being different from the first derived key.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, further comprising:
    - instructing a plurality of computing processors on a plurality of different devices to encrypt a common global device key to derive a common global derived key for the plurality of different devices;
      
      determining that a compromise of the common global derived key has occurred;
      
      identifying a subset of the plurality of different devices as being affected by the compromise; and
      
      instructing the computing processors in the subset of devices to encrypt the common global device key a second time, to derive a second global derived key for the subset of devices.
  - 16. The method of claim 15, comprising:
    - further splintering the subset into two or more smaller subsets in response to a second key compromise, and instructing one of the smaller subsets to derive a third derived key for the smaller subset.
  - 17. The method of claim 14, wherein the computing processor is part of a portable security device removably attached to a content access device.
  - 18. The method of claim 14, further comprising transmitting a report of a pairing between the device and another device to a service provider, and dissolving the pairing in response to a compromise of the first derived key.
  - 19. The method of claim 14, further comprising limiting use of the derived key to the device.
  - 20. The method of claim 14, further comprising limiting use of the derived key to an authorized pair of devices comprising the device and a second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Original Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Inventors
Fahrny, James W., Kuykendall, Pete, Davoust, Nancy

Granted Patent

US 10,193,873 B2
Time in Patent Office

Days
Field of Search
US Class Current

725/31
CPC Class Codes

G11B 20/0021   involving encryption or dec...

G11B 20/00478   wherein contents are decryp...

H04L 2463/061   applying further key deriva...

H04L 2463/101   applying security measures ...

H04L 63/06   for supporting key manageme...

H04L 63/068   using time-dependent keys, ...

H04L 9/30   Public key, i.e. encryption...

Key Derivation for Secure Communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Key Derivation for Secure Communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links