Cryptographic system for direct broadcast satellite system

US 4,887,296 A
Filed: 10/16/1987
Issued: 12/12/1989
Est. Priority Date: 10/26/1984
Status: Expired due to Term

First Claim

Patent Images

1. A cryptographic system for secure distribution of information from a transmission node to first and second receiver nodes, each of said receiver nodes having a unique address number, the system including real time control means comprising:

means for generating a common key applicable to both of said receiver nodes;

means for encrypting the information to be distributed using said common key;

means for storing a list of address numbers associated with each of said receiver nodes;

means for storing a master key, said master key being associated with both of said receiver nodes;

means for selecting each receiver node in sequence;

means for generating a different individual key for each of said selected receiver nodes, said individual key generating means comprising means for encrypting the address number for each of said receiver nodes using said master key;

means for forming an individualized encrypted common key for each of said receiver nodes by encrypting the common key using the generated individual key for that receiver node;

said individual key generating means being actuated in real time to generate an individual key for a given receiver node each time said given receiver node is selected, so as to eliminate the necessity for storing and securing a list of individual keys associated with each of said receiver nodes; and

means for distributing said encrypted information to said receiver nodes and individualized encrypted common key for each receiver node to that receiver node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A three key cryptographic system is used in the transmission of digitized signals to a plurality of receivers, each having a unique address number and a factory stored signature key which is a function of the address number. At the transmission end, a common key is generated and used to encrypt the signals to be transmitted. The signature key is generated for each receiver unit by encrypting the address number of the unit using a secret master key. The common key is then encrypted for use by each receiver using the generated signature key for that receiver. A data stream is inserted into the horizontal blanking intervals of the composite video signal. The data stream includes the encrypted signals receivable by all receivers and addressed portions, each receivable by a different receiver, containing the encrypted common key for that receiver. The receiver decrypts the common key with the stored signature key and uses it to decrypt the signals. Only a single master key must be stored and protected.

284 Citations

31 Claims

1. A cryptographic system for secure distribution of information from a transmission node to first and second receiver nodes, each of said receiver nodes having a unique address number, the system including real time control means comprising:
- means for generating a common key applicable to both of said receiver nodes;
  
  means for encrypting the information to be distributed using said common key;
  
  means for storing a list of address numbers associated with each of said receiver nodes;
  
  means for storing a master key, said master key being associated with both of said receiver nodes;
  
  means for selecting each receiver node in sequence;
  
  means for generating a different individual key for each of said selected receiver nodes, said individual key generating means comprising means for encrypting the address number for each of said receiver nodes using said master key;
  
  means for forming an individualized encrypted common key for each of said receiver nodes by encrypting the common key using the generated individual key for that receiver node;
  
  said individual key generating means being actuated in real time to generate an individual key for a given receiver node each time said given receiver node is selected, so as to eliminate the necessity for storing and securing a list of individual keys associated with each of said receiver nodes; and
  
  means for distributing said encrypted information to said receiver nodes and individualized encrypted common key for each receiver node to that receiver node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein address number encrypting means comprises the Data Encryption Standard algorithm.
  - 3. The system of claim 1, wherein said means for forming an individual encrypted common key for each receiver comprises a block cipher algorithm.
  - 4. The system of claim 1, wherein said means for forming an individual encrypted common key for each receiver node comprises means for accessing said stored list of address number, means for selecting the address number from said stored list which is associates with the receiver for which the common key is being encrypted.
  - 5. The system of claim 1, wherein said distributing means comprises means for generating a data stream, said data stream comprising said encrypted information and addressed portions, each of said addressed portions comprising the address number and individualized encrypted common key for an addressed receiver node.
  - 6. The system of claim 5, wherein said information to be communicated comprises a digitized signal and is distributed by a composite television signal including video signal portions and horizontal blanking intervals and wherein said data stream is inserted into said horizontal blanking intervals.
  - 7. The system of claim 1, wherein each receiver node has a unique individual key stored therein and further comprising means for receiving said encrypted information, means for receiving the individualized encrypted common key for that node, means for decrypting the received individualized encrypted common key using the stored individual key and means for decrypting said received encrypted information using said decrypted common key.
  - 8. The system of claim 7, wherein said encrypted common key decrypting means comprises a block cipher algorithm.
  - 9. The system of claim 1, further comprising means for periodically changing said common key.
  - 10. The system of claim 1, wherein said information encrypting means comprises a stream cipher algorithm.
  - 11. The system of claim 7, wherein information decrypting means comprises a stream cipher algorithm.

12. A three key cryptographic system for secure distribution of information from a transmission node to a plurality of receiver nodes wherein a first key is known only to the transmission node and is associated with more than one receiver node and each receiver node has a unique address number and a pre-stored second key, the transmission node comprising means for selecting each receiver node in sequence, means for generating the second key for each selected receiver node by encrypting the address number for the selected node with the first key, means for generating a third key, means for encrypting the information to be distributed with said third key, means for encrypting said third key for use by said selected receiver node with said generated second key, said means for generating the second key being actuated in real time to generate a second key for a selected receiver node each time said receiver node is selected, so as to eliminate the necessity for storing and securing the generated second key for each of said receiver nodes, means for distributing said encrypted information to all of said receiver nodes and said encrypted third key to said selected receiver node.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The system of claim 12, wherein each of said receiver nodes comprises means for receiving said encrypted information, means for receiving said encrypted third key for that receiver node, means for decrypting said receiver encrypted third key with the stored second key, and means for decrypting said receiver encrypted information with said received decrypted third key.
  - 14. The system of claim 12, wherein said second key generating means comprises a Data Encryption Standard algorithm.
  - 15. The system of claim 12, wherein said third key encrypting means comprises a block cipher algorithm.
  - 16. The system of claim 13, wherein said third key decryption means comprises a block cipher algorithm.
  - 17. The system of claim 12, wherein said third key generating means comprises means for periodically changing said third key.
  - 18. The system of claim 12, wherein said information encryption means comprises a stream cipher algorithm.
  - 19. The system of claim 13, wherein said information decrypting means comprises a stream cipher algorithm.
  - 20. The system of claim 12, wherein the stored second key is unique for each receiver node.
  - 21. The system of claim 12, wherein the stored second key for each receiver node is a function of the address number of that receiver node.

22. A three key cryptographic method for secure information distribution from a transmission node to a plurality of receiver nodes wherein a first key, associated with more than one of the receiver nodes, is known only to the transmission node and each receiver node has a unique address number and a pre-stored unique second key which is a function of its address number, the method comprising the steps of selecting each receiver node in turn, generating the second key for (a) each selected receiver node by encrypting the address number for the selected node with the first key, generating a third key, encrypting the information to be distributed with the third key, encrypting the third key with the generated second key, the second key for a selected receiver node being generated in real time each time the receiver node is selected, so as to eliminate the necessity of storing and securing the generated second key for each of the receiver nodes, distributing the encrypted information to all receiver nodes, distributing the encrypted third key to the selected receiver node;
- receiving the distributed encrypted information and the encrypted third key at the selected receiver node, and decrypting the received encrypted information using the received encrypted third key and the stored second key for the selected receiver node.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The method of claim 22, wherein the step of decrypting the received encrypted information comprises the steps of decrypting the encrypted third key using the stored second key for the selected receiver node and decrypting the encrypted information using the decrypted third key.
  - 24. The method of claim 22, wherein the step of generating the second key comprises the step of encrypting the address number for the selected receiver node with the first key through the Data Encryption Standard algorithm.
  - 25. The method of claim 22, wherein the step of encrypting the third key comprises encrypting the third key with the second key through a block cipher algorithm.
  - 26. The method of claim 22, wherein the step of encrypting the information comprises the step of encrypting the information with said third key through a stream cipher algorithm.
  - 27. The method of claim 23, wherein the step of decrypting the third key comprises the step of decrypting the third key using the stored second key for the selected receiver node through a block cipher algorithm.
  - 28. The method of claim 23, wherein the step of decrypting the information comprises the step of decrypting the information with the decrypted third key through a stream cipher algorithm.

29. Apparatus for encrypting digitized signals in a direct boradcast satellite communications system including a transmission node and a plurality of receiver nodes, each receiver node having an address number and a pre-stored signature key which is a function of its address number, the apparatus comprising:
- means for generating a common key;
  
  means for encrypting the digitized signals with said common key;
  
  means for selecting each receiver node in turn, means for generating the signature key for each selected receiver node, said signature key generating means comprising;
  
  means for storing a master key associated with more than one of the receiver nodes and means for encrypting the address number of said selected receiver node associated with the master key using the master key, means for encrypting said common key for use by the selected receiver node using the generated signature key for that receiver node, said means for generating the signature key for a selected receiver node being actuated in real time to generate the signature key for said selected receiver node each time said receiver node is selected, so as to eliminate the necessity of storing and securing a signature key for each receiver node, means for distributing the encrypted digitized signals and the encrypted common key for said selected receiver node to said selected receiver node by means of a data stream comprising a first portion containing the encrypted digitized signals and receivable by all receiver nodes and a second portion comprising a plurality of sub-portions, each of said sub-portions comprising the encrypted common key for a different receiver node and receivable only by the receiver node having the address number upon which the encrypted common key therein is based.

30. A cryptographic method for secure distribution of information from a transmission node to first and second receiver nodes, each receiver node having a unique address number, the method comprising the steps of:
- generating a common key;
  
  encrypting the information to be distributed using said common key;
  
  selecting each receiver node in sequence;
  
  generating a different individual key for each receiver node in real time using a master key associated with both of the receiver nodes and encrypting the address number for each receiver node with the master key;
  
  forming an individualized encrypted common key for each receiver node by encrypting the common key using the generated individual key for that receiver node;
  
  the individualized key for each receiver node being generated each time that node is selected, so as to eliminate the necessity for storing and securing an individual key for each receiver node; and
  
  distributing the information to all receiver nodes and the individualized encrypted common key for each receiver node to that receiver node.

31. A method for encrypting digitized signals in a direct broadcast satellite communications system including a transmission node and a plurality of receiver nodes, each receiver node having an address number and a pre-stored signature key which is a function of its address number, the method comprising the steps of:
- storing a master key associated with more than one of the receiver nodes;
  
  generating a common key;
  
  encrypting the digitized signals with the common key;
  
  selecting each receiver node in turn;
  
  generating the signature key for a selected receiver node by encrypting the address number of the selected receiver node with the master key;
  
  encrypting said common key for use by the selected receiver node using the generated signature key for that receiver node;
  
  the signature key for each receiver node being generated in real time each time said receiver node is selected, so as to eliminate the necessity fo storing and securing the generated signature key for each of said receiver nodes, distributing the encrypted digitized signals and the encrypted common key for the selected receiver node to the selected receiver node by generating a data stream comprising a first portion containing the encrypted digitized signals, receivabe by all receiver noes and a second portion comprising a plurality of sub-portions, each of said sub-portions comprising the encrypted common key for a different receiver node and receivable only by the receiver node having the address number upon which the encrypted common key therein is based.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Original Assignee
Ricoh Company Limited
Inventors
Horne, Donald R.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US07/113,333
Time in Patent Office

788 Days
Field of Search

380/10, 380/20, 380/21, 380/28, 380/23, 380/25, 380/43-47
US Class Current

380/239
CPC Class Codes

H04B 7/18523   Satellite systems for provi...

H04H 2201/70   characterised in that recei...

H04H 60/15   on receiving information

H04H 60/23   using cryptography, e.g. en...

H04L 9/0625   with splitting of the data ...

H04L 9/083   involving central third par...

H04N 21/26606   for generating or managing ...

H04N 21/42684   Client identification by a ...

H04N 21/4405   involving video stream decr...

H04N 7/1675   Providing digital key or au...

Cryptographic system for direct broadcast satellite system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

284 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic system for direct broadcast satellite system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

284 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links