Cryptographic system for direct broadcast satellite system
First Claim
1. A cryptographic system for secure distribution of information from a transmission node to first and second receiver nodes, each of said receiver nodes having a unique address number, the system including real time control means comprising:
- means for generating a common key applicable to both of said receiver nodes;
means for encrypting the information to be distributed using said common key;
means for storing a list of address numbers associated with each of said receiver nodes;
means for storing a master key, said master key being associated with both of said receiver nodes;
means for selecting each receiver node in sequence;
means for generating a different individual key for each of said selected receiver nodes, said individual key generating means comprising means for encrypting the address number for each of said receiver nodes using said master key;
means for forming an individualized encrypted common key for each of said receiver nodes by encrypting the common key using the generated individual key for that receiver node;
said individual key generating means being actuated in real time to generate an individual key for a given receiver node each time said given receiver node is selected, so as to eliminate the necessity for storing and securing a list of individual keys associated with each of said receiver nodes; and
means for distributing said encrypted information to said receiver nodes and individualized encrypted common key for each receiver node to that receiver node.
1 Assignment
0 Petitions
Accused Products
Abstract
A three key cryptographic system is used in the transmission of digitized signals to a plurality of receivers, each having a unique address number and a factory stored signature key which is a function of the address number. At the transmission end, a common key is generated and used to encrypt the signals to be transmitted. The signature key is generated for each receiver unit by encrypting the address number of the unit using a secret master key. The common key is then encrypted for use by each receiver using the generated signature key for that receiver. A data stream is inserted into the horizontal blanking intervals of the composite video signal. The data stream includes the encrypted signals receivable by all receivers and addressed portions, each receivable by a different receiver, containing the encrypted common key for that receiver. The receiver decrypts the common key with the stored signature key and uses it to decrypt the signals. Only a single master key must be stored and protected.
284 Citations
31 Claims
-
1. A cryptographic system for secure distribution of information from a transmission node to first and second receiver nodes, each of said receiver nodes having a unique address number, the system including real time control means comprising:
-
means for generating a common key applicable to both of said receiver nodes; means for encrypting the information to be distributed using said common key; means for storing a list of address numbers associated with each of said receiver nodes; means for storing a master key, said master key being associated with both of said receiver nodes; means for selecting each receiver node in sequence; means for generating a different individual key for each of said selected receiver nodes, said individual key generating means comprising means for encrypting the address number for each of said receiver nodes using said master key; means for forming an individualized encrypted common key for each of said receiver nodes by encrypting the common key using the generated individual key for that receiver node; said individual key generating means being actuated in real time to generate an individual key for a given receiver node each time said given receiver node is selected, so as to eliminate the necessity for storing and securing a list of individual keys associated with each of said receiver nodes; and means for distributing said encrypted information to said receiver nodes and individualized encrypted common key for each receiver node to that receiver node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
- 12. A three key cryptographic system for secure distribution of information from a transmission node to a plurality of receiver nodes wherein a first key is known only to the transmission node and is associated with more than one receiver node and each receiver node has a unique address number and a pre-stored second key, the transmission node comprising means for selecting each receiver node in sequence, means for generating the second key for each selected receiver node by encrypting the address number for the selected node with the first key, means for generating a third key, means for encrypting the information to be distributed with said third key, means for encrypting said third key for use by said selected receiver node with said generated second key, said means for generating the second key being actuated in real time to generate a second key for a selected receiver node each time said receiver node is selected, so as to eliminate the necessity for storing and securing the generated second key for each of said receiver nodes, means for distributing said encrypted information to all of said receiver nodes and said encrypted third key to said selected receiver node.
-
22. A three key cryptographic method for secure information distribution from a transmission node to a plurality of receiver nodes wherein a first key, associated with more than one of the receiver nodes, is known only to the transmission node and each receiver node has a unique address number and a pre-stored unique second key which is a function of its address number, the method comprising the steps of selecting each receiver node in turn, generating the second key for (a) each selected receiver node by encrypting the address number for the selected node with the first key, generating a third key, encrypting the information to be distributed with the third key, encrypting the third key with the generated second key, the second key for a selected receiver node being generated in real time each time the receiver node is selected, so as to eliminate the necessity of storing and securing the generated second key for each of the receiver nodes, distributing the encrypted information to all receiver nodes, distributing the encrypted third key to the selected receiver node;
- receiving the distributed encrypted information and the encrypted third key at the selected receiver node, and decrypting the received encrypted information using the received encrypted third key and the stored second key for the selected receiver node.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
-
29. Apparatus for encrypting digitized signals in a direct boradcast satellite communications system including a transmission node and a plurality of receiver nodes, each receiver node having an address number and a pre-stored signature key which is a function of its address number, the apparatus comprising:
- means for generating a common key;
means for encrypting the digitized signals with said common key;
means for selecting each receiver node in turn, means for generating the signature key for each selected receiver node, said signature key generating means comprising;
means for storing a master key associated with more than one of the receiver nodes and means for encrypting the address number of said selected receiver node associated with the master key using the master key, means for encrypting said common key for use by the selected receiver node using the generated signature key for that receiver node, said means for generating the signature key for a selected receiver node being actuated in real time to generate the signature key for said selected receiver node each time said receiver node is selected, so as to eliminate the necessity of storing and securing a signature key for each receiver node, means for distributing the encrypted digitized signals and the encrypted common key for said selected receiver node to said selected receiver node by means of a data stream comprising a first portion containing the encrypted digitized signals and receivable by all receiver nodes and a second portion comprising a plurality of sub-portions, each of said sub-portions comprising the encrypted common key for a different receiver node and receivable only by the receiver node having the address number upon which the encrypted common key therein is based.
- means for generating a common key;
-
30. A cryptographic method for secure distribution of information from a transmission node to first and second receiver nodes, each receiver node having a unique address number, the method comprising the steps of:
-
generating a common key; encrypting the information to be distributed using said common key; selecting each receiver node in sequence; generating a different individual key for each receiver node in real time using a master key associated with both of the receiver nodes and encrypting the address number for each receiver node with the master key; forming an individualized encrypted common key for each receiver node by encrypting the common key using the generated individual key for that receiver node;
the individualized key for each receiver node being generated each time that node is selected, so as to eliminate the necessity for storing and securing an individual key for each receiver node; anddistributing the information to all receiver nodes and the individualized encrypted common key for each receiver node to that receiver node.
-
-
31. A method for encrypting digitized signals in a direct broadcast satellite communications system including a transmission node and a plurality of receiver nodes, each receiver node having an address number and a pre-stored signature key which is a function of its address number, the method comprising the steps of:
- storing a master key associated with more than one of the receiver nodes;
generating a common key;
encrypting the digitized signals with the common key;
selecting each receiver node in turn;
generating the signature key for a selected receiver node by encrypting the address number of the selected receiver node with the master key;
encrypting said common key for use by the selected receiver node using the generated signature key for that receiver node;
the signature key for each receiver node being generated in real time each time said receiver node is selected, so as to eliminate the necessity fo storing and securing the generated signature key for each of said receiver nodes, distributing the encrypted digitized signals and the encrypted common key for the selected receiver node to the selected receiver node by generating a data stream comprising a first portion containing the encrypted digitized signals, receivabe by all receiver noes and a second portion comprising a plurality of sub-portions, each of said sub-portions comprising the encrypted common key for a different receiver node and receivable only by the receiver node having the address number upon which the encrypted common key therein is based.
- storing a master key associated with more than one of the receiver nodes;
Specification