Reproduction of secure keys by using distributed key generation data

US 4,864,615 A
Filed: 05/27/1988
Issued: 09/05/1989
Est. Priority Date: 05/27/1988
Status: Expired due to Term

First Claim

Patent Images

1. A system, comprisingmeans for encrypting first-key generation data with a first-key prekey in accordance with a first encryption algorithm to produce a first key;

means for processing the first key to produce a keystream;

means for processing an information signal with the keystream to produce a scrambled information signal;

means for encrypting the first-key prekey with a second key in accordance with a second encryption algorithm to produce an encrypted first-key prekey;

means for distributing the scrambled information signal, the first-key generation data and the encrypted first-key prekey; and

a descrambler, includingmeans for providing the second key;

means for decrypting the distributed encrypted first-key prekey with the second key in accordance with the second encryption algorithm to reproduce the first-key prekey;

means for encrypting the distributed first-key generation data with the reproduced first-key prekey in accordance with the first encryption algorithm to reproduce the first key;

means for processing the reproduced first key to reproduce the keystream; and

means for processing the distributed scrambled information signal with the reproduced keystream to descramble the distributed scrambled information signal.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A key security system provides for the reproduction of secure keys by using distributed key generation data and a distributed encrypted prekey. The system encrypts program key generation data with a program key prekey in accordance with a first encryption algorithm to produce the program key; processes the program key to produce a keystream; and processes an information signal with the keystream to produce a scrambled information signal. The program key prekey is encrypted with a category key in accordance with a second encryption algorithm to produce an encrypted program key prekey. The scrambled information signal, the program key generation data and the encrypted program key prekey are distributed to descramblers. The descrambler within the key security system decrypts the distributed encrypted program key prekey with the category key in accordance with the second encryption algorithm to reproduce the program key prekey; encrypts the distributed program key generation data with the reproduced program key prekey in accordance with the first encryption algorithm to produce the program key; processes the reproduced program key to reproduce the keystream; and processes the distributed scrambled information signal with the reproduced keystream to descramble the distributed scrambled information signal. The key generation data incudes authorization data that must be processed by the authorization processor in the descrambler in order to enable the descrambler. The use of authorization data as key generation data protects the authorization data from spoofing attacks. When more data must be protected than a single operation of the encryption algorithm can support, then additional data blocks are protected by chaining the system, wherein the output from one stage forms part of the input to the next. The key generation data for the program key includes a sequence number securely associated with the category key to thereby "timelock" program key reproduction to the use of a current category key and thus prevent an attack based upon the use of an obsolete category key.

Citations

24 Claims

1. A system, comprisingmeans for encrypting first-key generation data with a first-key prekey in accordance with a first encryption algorithm to produce a first key;
- means for processing the first key to produce a keystream;
  
  means for processing an information signal with the keystream to produce a scrambled information signal;
  
  means for encrypting the first-key prekey with a second key in accordance with a second encryption algorithm to produce an encrypted first-key prekey;
  
  means for distributing the scrambled information signal, the first-key generation data and the encrypted first-key prekey; and
  
  a descrambler, includingmeans for providing the second key;
  
  means for decrypting the distributed encrypted first-key prekey with the second key in accordance with the second encryption algorithm to reproduce the first-key prekey;
  
  means for encrypting the distributed first-key generation data with the reproduced first-key prekey in accordance with the first encryption algorithm to reproduce the first key;
  
  means for processing the reproduced first key to reproduce the keystream; and
  
  means for processing the distributed scrambled information signal with the reproduced keystream to descramble the distributed scrambled information signal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A system according to claim 1, wherein the means for producing the first key comprisemeans for encrypting the first-key generation data with the first-key prekey in accordance with the first encryption algorithm to produce encrypted first-key generation data;
    - andmeans for processing the first-key generation data with the encrypted first-key generation data to produce the first key; and
      
      wherein the means for reproducing the first key comprisemeans for encrypting the distributed first-key generation data with the reproduced first-key prekey in accordance with the first encryption algorithm to reproduce the encrypted first-key generation data; and
      
      means for processing the distributed first-key generation data with the reproduced encrypted first-key generation data to reproduce the first key.
  - 3. A system according to claim 2, wherein the respective means for producing and reproducing the first key each comprisesmeans for truncating the encrypted first-key generation data;
    - andmeans for exclusive-ORing the truncated encrypted first-key generation data with the first-key generation data to produce the first key.
  - 4. A system according to claim 1,wherein the first-key generation data includes a sequence number associated with the second key;
    - andwherein the means in the descrambler for providing the second key include means for processing the distributed sequence number to provide the second key.
  - 5. A system according to claim 4,wherein the first-key generation data further includes a key index used for accessing data processed to provide the second key in the descrambler;
    - andwherein the means in the descrambler for providing the second key further include means for processing the distributed key index to provide the second key.
  - 6. A system according to claim 1,wherein the first-key generation data includes a key index used for accessing data processed to provide the second key in the descrambler;
    - andwherein the means in the descrambler for providing the second key include means for processing the distributed key index to provide the second key.
  - 7. A system according to claim 1,wherein the first-key generation data includes a quantity of data that must be processed by an authorization processor in the descrambler in order to enable the descrambler, and wherein said quantity of data exceeds the encryption capacity of a single operation of said first encryption algorithm;
    - wherein the means for producing the first key comprisemeans for encrypting a first block of the first-key generation data with the first-key prekey in accordance with the first encryption algorithm to produce an intermediate key; and
      
      means for encrypting a second block of the first-key generation data with the intermediate key in accordance with a third encryption algorithm to produce the first key;
      
      wherein the means in the descrambler for reproducing the first key comprisemeans for encrypting said first block of the distributed first-key generation data with the reproduced first-key prekey in accordance with the first encryption algorithm to reproduce the intermediate key; and
      
      means for encrypting said second block of the distributed first-key generation data with the reproduced intermediate key in accordance with a third encryption algorithm to reproduce the first key;
      
      wherein the descrambler further includes an authorization processor for processing the distributed first-key generation data in order to enable the descrambler.
  - 8. A system according to claim 1,wherein the first-key generation data includes a quantity of data that must be processed by an authorization processor in the descrambler in order to enable the descrambler, and wherein said quantity of data exceeds the encryption capacity of a single operation of said first encryption algorithm;
    - wherein the means for producing the first key comprisemeans for encrypting a first block of the first-key generation data with the first-key prekey in accordance with the first encryption algorithm to produce a first intermediate key;
      
      means for encrypting the first intermediate key with a second block of the first-key generation data in accordance with a third encryption algorithm to produce a second intermediate key;
      
      means for encrypting the second intermediate key with a third block of the first-key generation data in accordance with a fourth encryption algorithm to produce the first key;
      
      wherein the means in the descrambler for reproducing the first key comprisemeans for encrypting the first block of the distributed first-key generation data with the reproduced first-key prekey in accordance with the first encryption algorithm to reproduce the first intermediate key;
      
      means for encrypting the reproduced first intermediate key with the second block of the distributed first-key generation data in accordance with the third encryption algorithm to reproduce the second intermediate key;
      
      means for encrypting the reproduced second intermediate key with the third block of the distributed first-key generation data in accordance with the fourth encryption algorithm to reproduce the first key.wherein the descrambler further includes an authorization processor for processing the distributed first-key generation data in order to enable the descrambler.
  - 9. A system according to claim 1,wherein the first-key generation data includes a quantity of data that must be processed by an authorization processor in the descrambler in order to enable the descrambler, and wherein said quantity of data exceeds the encryption capacity of a single operation of said first encryption algorithm;
    - wherein the means for producing the first key comprisemeans for encrypting a first block of the first-key generation data with the first-key prekey in accordance with the first encryption algorithm to produce a first intermediate key;
      
      means for processing a second block of the first-key generation data with the first intermediate key to produce a preencrypted second block of data;
      
      means for encrypting the preencrypted second block of data with a third block of the first-key generation data in accordance with a third encryption algorithm to produce an encrypted second block of data;
      
      means for processing the encrypted second block of data with the second block of data to produce a second intermediate key;
      
      means for processing a fourth block of the first-key generation data with the second intermediate key to produce a preencrypted fourth block of data;
      
      means for encrypting the preencrypted fourth block of data with a fifth block of the first-key generation data in accordance with a fourth encryption algorithm to produce an encrypted fourth block of data; and
      
      means for processing the encrypted fourth block of data with the fourth block of data to produce the first key;
      
      wherein the means in the descrambler for reproducing the first key comprisemeans for encrypting the first block of the distributed first-key generation data with the reproduced first-key prekey in accordance with the first encryption algorithm to reproduce the first intermediate key;
      
      means for processing the second block of the distributed first-key generation data with the reproduced first intermediate key to reproduce the preencrypted second block of data;
      
      means for encrypting the reproduced preencrypted second block of data with the third block of the distributed first-key generation data in accordance with the third encryption algorithm to reproduce the encrypted second block of data;
      
      means for processing the reproduced encrypted second block of data with the second block of data to reproduce a second intermediate key;
      
      means for processing the fourth block of the distributed first-key generation data with the reproduced second intermediate key to reproduce the preencrypted fourth block of data;
      
      means for encrypting the reproduced preencrypted fourth block of data with the fifth block of the distributed first-key generation data in accordance with the fourth encryption algorithm to reproduce the encrypted fourth block of data; and
      
      means for processing the reproduced encrypted fourth block of data with the fourth block of data to reproduce the first key;
      
      wherein the descrambler further includes an authorization processor for processing the distributed first-key generation data in order to enable the descrambler.
  - 10. A system according to claim 1,wherein the means for processing the first key to produce the keystream, comprisemeans for encrypting third-key generation data with the first key in accordance with a third encryption algorithm to produce a third key;
    - andmeans for processing the third key to produce the keystream;
      
      wherein the distributing means further distribute the third key generation data; and
      
      wherein the means in the descrambler for processing the reproduced first key to reproduce the keystream, comprisemeans for encrypting the distributed third key generation data with the reproduced first key in accordance with the third encryption algorithm to reproduce the third key; and
      
      means for processing the reproduced third key to reproduce the keystream.
  - 11. A system according to claim 1, further comprisingmeans for encrypting third key generation data with the first key in accordance with a third encryption algorithm to produce a third key;
    - means for processing the third key to produce the keystream;
      
      wherein the distributing means further distribute the third key generation data; and
      
      a second descrambler, includingmeans for providing the second key;
      
      means for decrypting the distributed encrypted first-key prekey with the second key in accordance with the second encryption algorithm to reproduce the first-key prekey;
      
      means for encrypting the distributed first-key generation data with the reproduced first-key prekey in accordance with the first encryption algorithm to reproduce the first key;
      
      means for encrypting the distributed third key generation data with the reproduced first key in accordance with the third encryption algorithm to reproduce the third key;
      
      means for processing the reproduced third key to reproduce the keystream; and
      
      means for processing the distributed scrambled information signal with the reproduced keystream to descramble the distributed scrambled information signal.
  - 12. A system according to claim 1, further comprisingmeans for encrypting the first key generation data with the second key in accordance with a third encryption algorithm to produce an encrypted first key;
    - wherein the distributing means further distribute the encrypted first key; and
      
      a second descrambler, includingmeans for providing the second key;
      
      means for decrypting the distributed encrypted first key with the second key in accordance with the third encryption algorithm to reproduce the first key;
      
      means for processing the reproduced first key to reproduce the keystream; and
      
      means for processing the distributed scrambled information signal with the reproduced keystream to descramble the distributed scrambled information signal.
  - 13. A system according to claim 1, further comprisingmeans for encrypting first-key prekey generation data with a first-key prekey prekey in accordance with a third encryption algorithm to produce the first-key prekey;
    - means for encrypting the first-key prekey prekey with the second key in accordance with a fourth encryption algorithm to produce an encrypted first-key prekey prekey;
      
      wherein the distributing means further distribute the encrypted first-key prekey prekey, the first-key prekey generation data and a descrambler category identification number;
      
      wherein the descrambler further comprisesmeans for decrypting the distributed encrypted first-key prekey prekey with the second key in accordance with the fourth encryption algorithm to reproduce the first-key prekey prekey;
      
      means for encrypting the distributed first-key prekey generation data with the reproduced first-key prekey prekey in accordance with the third encryption algorithm to reproduce the first-key prekey; and
      
      switching means responsive to the distributed descrambler category identification number for causing the first-key prekey that is used to encrypt the distributed first-key generation data to be reproduced by either (a) decrypting the distributed encrypted first-key prekey with the second key in accordance with the second algorithm or (b) decrypting the distributed encrypted first-key prekey prekey with the second key in accordance with the fourth algorithm to reproduce the first-key prekey prekey and encrypting the distributed first-key prekey generation data with the reproduced first-key prekey prekey in accordance with the third algorithm.

14. A descrambler for descrambling a scrambled information signal produced by a system that encrypts first-key generation data with a first-key prekey in accordance with a first encryption algorithm to produce a first key;
- processes the first key to produce a keystream;
  
  processes the information signal with the keystream to produce a scrambled information signal;
  
  encrypts the first-key prekey with a second key in accordance with a second encryption algorithm to produce an encrypted first-key prekey; and
  
  distributes the scrambled information signal, the first-key generation data and the encrypted first-key prekey, the descrambler comprisingmeans for providing the second key;
  
  means for decrypting the distributed encrypted first-key prekey with the second key in accordance with the second encryption algorithm to reproduce the first-key prekey;
  
  means for encrypting the distributed first-key generation data with the reproduced first-key prekey in accordance with the first encryption algorithm to reproduce the first key;
  
  means for processing the reproduced first key to reproduce the keystream; and
  
  means for processing the distributed scrambled information signal with the reproduced keystream to descramble the distributed scrambled information signal.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. A descrambler according to claim 14 for descrambling an information signal scrambled by a said system in which the first key is produced by encrypting the first-key generation data with the first-key prekey in accordance with the first encryption algorithm to produce encrypted first key-generation data;
    - and processing the first key generation data with the encrypted first-key generation data to produce the first key, wherein the means for reproducing the first key comprisemeans for encrypting the distributed first-key generation data with the reproduced first-key prekey in accordance with the first encryption algorithm to reproduce the encrypted first-key generation data; and
      
      means for processing the distributed first-key generation data with the reproduced encrypted first-key generation data to reproduce the first key.
  - 16. A descrambler according to claim 15 for descrambling an information signal scrambled by a said system in which the first key is further produced by truncating the encrypted first-key generation data and exclusive-ORing the truncated first-key generation data with the first key generation data to produce the first key, wherein the means for reproducing the first key comprisesmeans for truncating the encrypted first-key generation data;
    - andmeans for exclusive-ORing the truncated encrypted first-key generation data with the distributed first-key generations data to reproduce the first key.
  - 17. A descrambler according to claim 14 for descrambling an information signal scrambled by a said system, wherein the first-key generation data includes a quantity of data that must be processed by an authorization processor in the descrambler in order to enable the descrambler, and wherein said quantity of data exceeds the encryption capacity of a single operation of said first encryption algorithm;
    - and in which system the first key is produced by encrypting a first block of the first-key generation data with the first-key prekey in accordance with the first encryption algorithm to produce an intermediate key; and
      
      encrypting a second block of the first-key generation data with the intermediate key in accordance with a third encryption algorithm to produce the first key,wherein the means in the descrambler for reproducing the first key comprisemeans for encrypting said first block of the distributed first-key generation data with the reproduced first-key prekey in accordance with the first encryption algorithm to reproduce the intermediate key; and
      
      means for encrypting said second block of the distributed first-key generation data with the reproduced intermediate key in accordance with a third encryption algorithm to reproduce the first key;
      
      wherein the descrambler further includes an authorization processor for processing the distributed first-key generation data in order to enable the descrambler.
  - 18. A descrambler according to claim 14 for descrambling an information signal scrambled by a said system, wherein the first-key generation data includes a quantity of data that must be processed by an authorization processor in the descrambler in order to enable the descrambler, and wherein said quantity of data exceeds the encryption capacity of a single operation of said first encryption algorithm;
    - and in which system the first key is produced by encrypting a first block of the first-key generation data with the first-key prekey in accordance with the first encryption algorithm to produce a first intermediate key;
      
      encrypting the first intermediate key with a second block of the first-key generation data in accordance with a third encryption algorithm to produce a second intermediate key;
      
      encrypting the second intermediate key with a third block of the first-key generation data in accordance with a fourth encryption algorithm to produce the first key,wherein the means in the descrambler for reproducing the first key comprisemeans for encrypting the first block of the distributed first-key generation data with the reproduced first-key prekey in accordance with the first encryption algorithm to reproduce the first intermediate key;
      
      means for encrypting the reproduced first intermediate key with the second block of the distributed first-key generation data in accordance with the third encryption algorithm to reproduce the second intermediate key;
      
      means for encrypting the reproduced second intermediate key with the third block of the distributed first-key generation data in accordance with the fourth encryption algorithm to reproduce the first key.wherein the descrambler further includes an authorization processor for processing the distributed first-key generation in order to enable the descrambler.
  - 19. A descrambler according to claim 14 for descrambling an information signal scrambled by a said system, wherein the first-key generation data includes a quantity of data that must be processed by an authorization processor in the descrambler in order to enable the descrambler, and wherein said quantity of data exceeds the encryption capacity of a single operation of said first encryption algorithm;
    - and in which system the first key is produced by encrypting a first block of the first-key generation data with the first-key prekey in accordance with the first encryption algorithm to produce a first intermediate key;
      
      processing a second block of the first-key generation data with the first intermediate key to produce a preencrypted second block of data;
      
      encrypting the preencrypted second block of data with a third block of the first-key generation data in accordance with a third encryption algorithm to produce an encrypted second block of data;
      
      processing the encrypted second block of data with the second block of data to produce a second intermediate key;
      
      processing a fourth block of the first-key generation data with the second intermediate key to produce a preencrypted fourth block of data;
      
      encrypting the preencrypted fourth block of data with a fifth block of the first-key generation data in accordance with a fourth encryption algorithm to produce an encrypted fourth block of data; and
      
      processing the encrypted fourth block of data with the fourth block of data to produce the first key,wherein the means in the descrambler for reproducing the first key comprisemeans for encrypting the first block of the distributed first-key generation data with the reproduced first-key prekey in accordance with the first encryption algorithm to reproduce the first intermediate key;
      
      means for processing the second block of the distributed first-key generation data with the reproduced first intermediate key to reproduce the preencrypted second block of data;
      
      means for encrypting the reproduced preencrypted second block of data with the third block of the distributed first-key generation data in accordance with the third encryption algorithm to reproduce the encrypted second block of data;
      
      means for processing the reproduced encrypted second block of data with the second block of data to reproduce a second intermediate key;
      
      means for processing the fourth block of the distributed first-key generation data with the reproduced second intermediate key to reproduce the preencrypted fourth block of data;
      
      means for encrypting the reproduced preencrypted fourth block of data with the fifth block of the distributed first-key generation data in accordance with the fourth encryption algorithm to reproduce the encrypted fourth block of data; and
      
      means for processing the reproduced encrypted fourth block of data with the fourth block of data to reproduce the first key;
      
      wherein the descrambler further includes an authorization processor for processing the distributed first-key generation data in order to enable the descrambler.
  - 20. A descrambler according to claim 14 for descrambling an information signal scrambled by a said system in which the first-key generation data includes a sequence number associated with the second key,wherein the means for providing the second key include means for processing the distributed sequence number to provide the second key.
  - 21. A descrambler according to claim 20 for descrambling an information signal scrambled by a said system in which the key generation data further includes a key index used for accessing data processed to provide the second key in the descrambler,wherein the means for providing the second key further include means for processing the distributed key index to provide the second key.
  - 22. A descrambler according to claim 14 for descrambling an information signal scrambled by a said system in which the key generation data includes a key index used for accessing data processed to provide the second key in the descrambler,wherein the means for providing the second key include means for processing the distributed key index to provide the second key.
  - 23. A descrambler according to claim 14 for descrambling an information signal scrambled by a said system in which the first key is processed to produce the keystream by encrypting third key generation data with the first key in accordance with a third encryption algorithm to produce a third key;
    - and the third key is processed to produce the keystream; and
      
      the third key generation data is also distributed,wherein the means for processing the reproduced first key to reproduce the keystream, comprisemeans for encrypting the distributed third key generation data with the reproduced first key in accordance with the third encryption algorithm to reproduce the third key; and
      
      means for processing the reproduced third key to reproduce the keystream.
  - 24. A descrambler according to claim 14 for descrambling an information signal scrambled by a said system in which first-key prekey generation data is encrypted with a first-key prekey prekey in accordance with a third encryption algorithm to produce the first-key prekey;
    - the first-key prekey prekey is encrypted with the second key in accordance with a fourth encryption algorithm to produce an encrypted first-key prekey prekey; and
      
      the encrypted first-key prekey prekey, the first-key prekey generation data and a descrambler category identification number are also distributed, wherein the descrambler further comprisesmeans for decrypting the distributed encrypted first-key prekey prekey with the second key in accordance with the fourth encryption algorithm to reproduce the first-key prekey prekey;
      
      means for encrypting the distributed first-key prekey generation data with the reproduced first-key prekey prekey in accordance with the third encryption algorithm to reproduce the first-key prekey; and
      
      switching means responsive to the distributed descrambler category identification number for causing the first-key prekey that is used to encrypt the distributed first-key generation data to be reproduced by either (a) decrypting the distributed encrypted first-key prekey with the second key in accordance with the second algorithm or (b) decrypting the distributed encrypted first-key prekey prekey with the second key in accordance with the fourth algorithm to reproduce the first-key prekey prekey and encrypting the distributed first-key prekey generation data with the reproduced first-key prekey prekey in accordance with the third algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Moroney, Paul, Harding, Michael V., Bennett, Christopher J.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US07/200,111
Time in Patent Office

466 Days
Field of Search

380/20, 380/21, 380/45, 380/47
US Class Current

380/239
CPC Class Codes

H04L 2209/20   Manipulating the length of ...

H04L 9/0822   using key encryption key

H04L 9/0891   Revocation or update of sec...

H04N 21/26613   for generating or managing ...

H04N 7/1675   Providing digital key or au...

Reproduction of secure keys by using distributed key generation data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Reproduction of secure keys by using distributed key generation data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links