Methods and apparatus for uniquely encrypting data at a plurality of data transmission sites for transmission to a reception site

US 5,341,425 A
Filed: 12/02/1992
Issued: 08/23/1994
Est. Priority Date: 12/02/1992
Status: Expired due to Term

First Claim

Patent Images

1. A method for uniquely encrypting a set of data at each of a plurality N of transmission sites for transmission to and subsequent decryption at at least one reception site comprising the steps of:

(a) providing each transmission site with a broadcast key unique to that transmission site and a system key that is the same for all transmission sites, said system key comprising a plurality S of bits and each of said broadcast keys comprising a unique plurality B of bits, wherein B is less than S;

(b) convolving in a predetermined manner at each transmission site the system key and the broadcast key unique to that transmission site to generate a unique data encryption key for that transmission site, said unique encryption key comprising a third number E of bits, E being at least greater than B;

(c) encrypting a set of data at each transmission site with the unique data encryption key generated at that site; and

(d) transmitting the sets of data uniquely encrypted at each transmission site to the reception site;

wherein there is stored, in a memory at the reception site, the system key and each of said broadcast keys for regenerating at the reception site, for the purpose of decrypting any one of said encrypted sets of data, the unique data encryption keys used to encrypt said sets of data at each respective transmission site, the memory capacity necessary to store the system key and the broadcast keys at the reception site being no greater than ((N×

B)+S) bits.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a data transmission system comprising a plurality N of transmission sites and at least one reception site, a set of data at each transmission site is uniquely encrypted by (a) providing each transmission site with a broadcast key unique to that transmission site and a system key that is the same for all transmission sites, the system key comprising a plurality S of bits and each of the broadcast keys comprising a unique plurality B of bits, wherein B is less than S; (b) convolving in a predetermined manner at each transmission site the system key and the broadcast key unique to that transmission site to generate a unique data encryption key for that transmission site; (c) encrypting the set of data at each transmission site with the unique data encryption key generated at that site. The sets of data uniquely encrypted at each transmission site are then transmitted to the reception site. There is stored, in a memory at the reception site, the system key and the of said broadcast keys to enable a selected one of the encrypted sets of data to be decrypted at the reception site. The memory capacity necessary to store the system key and the broadcast keys at the reception site is no greater than ((N×B)+S) bits. Alternatively, a plurality N of data sets at a single transmission site are encrypted in this manner.

272 Citations

45 Claims

1. A method for uniquely encrypting a set of data at each of a plurality N of transmission sites for transmission to and subsequent decryption at at least one reception site comprising the steps of:
- (a) providing each transmission site with a broadcast key unique to that transmission site and a system key that is the same for all transmission sites, said system key comprising a plurality S of bits and each of said broadcast keys comprising a unique plurality B of bits, wherein B is less than S;
  
  (b) convolving in a predetermined manner at each transmission site the system key and the broadcast key unique to that transmission site to generate a unique data encryption key for that transmission site, said unique encryption key comprising a third number E of bits, E being at least greater than B;
  
  (c) encrypting a set of data at each transmission site with the unique data encryption key generated at that site; and
  
  (d) transmitting the sets of data uniquely encrypted at each transmission site to the reception site;
  
  wherein there is stored, in a memory at the reception site, the system key and each of said broadcast keys for regenerating at the reception site, for the purpose of decrypting any one of said encrypted sets of data, the unique data encryption keys used to encrypt said sets of data at each respective transmission site, the memory capacity necessary to store the system key and the broadcast keys at the reception site being no greater than ((N×
  
  B)+S) bits.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method recited in claim 1 wherein the following steps are performed at the reception site:
    - (e) receiving the encrypted set of data transmitted from a selected one of the transmission sites;
      
      (f) retrieving from the memory at the reception site the system key and the broadcast key unique to the selected transmission site;
      
      (g) convolving the retrieved system key and retrieved broadcast key in said predetermined manner to reproduce the unique data encryption key employed in step (c) to encrypt the received set of data, and(h) decrypting the received set of data with the reproduced encryption key.
  - 3. The method recited in claim 1 wherein the reception site is authorized to receive data from only a selected group of transmission sites and wherein the system key and only the broadcast keys of the selected group are stored in the memory at the reception site.
  - 4. The method recited in claim 1 wherein E is greater than or equal to S.
  - 5. The method recited in claim 1 comprising the further step of periodically changing the system key provided to each transmission site and stored in the memory at the reception site.
  - 6. The method recited in claim 1 comprising the further step of periodically changing the unique broadcast key provided to each transmission site and stored in the memory at the reception site.
  - 7. The method recited in claim 1 wherein said transmission sites comprise programmer sites in a subscription television system that each transmit program data and encrypt the program data with locally generated program keys, and wherein the set of data encrypted in step (c) comprises said program keys.
  - 8. The method recited in claim 7 wherein the reception site is one of a cable head-end installation and a subscription television system subscriber location.

9. In a data transmission system comprising a plurality N of transmission sites and at least one reception site wherein there is a system key common to all transmission sites and a broadcast key unique to each site, and wherein said system key comprises a first number S of bits and each of said broadcast keys comprises a second number B of bits wherein B is less than S, a method for uniquely encrypting a set of data at a transmission site comprising the steps of:
- (a) providing at the transmission site the system key and the broadcast key unique to that site;
  
  (b) convolving the system key and the broadcast key unique to that site to generate a unique data encryption key for that transmission site, said unique data encryption key comprising a third number E of bits wherein E is at least greater than B;
  
  (c) encrypting a set of data at the transmission site with the unique data encryption key generated at that transmission site; and
  
  (d) transmitting the set of data uniquely encrypted at the transmission site to the reception site;
  
  wherein there is stored, in a memory at the reception site, the system key and each of said broadcast keys for regenerating at the reception site, for the purpose of decrypting any one of said encrypted sets of data, the unique data encryption keys used to encrypt said sets of data at each respective transmission site, the memory capacity necessary to store the system key and the broadcast keys at the reception site being no greater than ((N×
  
  B)+S) bits.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method recited in claim 9 wherein the reception site is authorized to receive data from only a selected group of transmission sites and wherein the system key and only the broadcast keys of the selected group are stored in the memory at the reception site.
  - 11. The method recited in claim 9 wherein E is greater than or equal to S.
  - 12. The method recited in claim 9 wherein the system key provided at the transmission site and stored in the memory at the reception site is periodically changed.
  - 13. The method recited in claim 9 wherein the unique broadcast key provided at the transmission site and stored in the memory at the reception site is periodically changed.
  - 14. The method recited in claim 9 wherein said transmission site comprises a programmer site in a subscription television system that transmits program data encrypted with locally generated program keys, and wherein the set of data encrypted in step (c) comprises the locally generated program keys.
  - 15. The method recited in claim 9 wherein the reception site is one of a cable head-end installation and a subscription television system subscriber location.

16. In a data transmission system comprising a plurality N of transmission sites and at least one reception site wherein each transmission site is provided with a broadcast key unique to that transmission site and a system key that is the same for all transmission sites, said system key comprising a first number S of bits and each of said broadcast keys comprising a second number B of bits where B is less than S, and wherein at each transmission site the system key and the broadcast key unique to that site are convolved in a predetermined manner to generate a unique data encryption key, the unique data encryption key generated at each site being used at that site to encrypt a set of data for transmission to the reception site, and further wherein there is stored, in a memory at the reception site, the system key and each of said broadcast keys, a method for decrypting at the reception site an encrypted set of data transmitted from a selected one of said transmission sites comprising the steps of:
- (a) receiving the encrypted set of data transmitted from the selected one of the transmission sites;
  
  (b) retrieving from the memory at the reception site the system key and the broadcast key unique to the selected transmission site;
  
  (c) convolving the retrieved system key and retrieved broadcast key in said predetermined manner to reproduce the unique data encryption key generated at the selected transmission site; and
  
  (d) decrypting the encrypted data with the reproduced encryption key;
  
  wherein the memory capacity necessary to store the system key and the broadcast keys at the reception site is no greater than ((N×
  
  B)+S) bits.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method recited in claim 16 wherein the reception site is authorized to receive data from only a selected group of transmission sites and wherein the system key and only the broadcast keys of the selected group are stored in the memory at the reception site.
  - 18. The method recited in claim 16 wherein the unique data encryption key generated at each transmission site comprises a third number E of bits, and wherein E is greater than or equal to S.
  - 19. The method recited in claim 16 wherein the system key provided at the transmission site and stored in the memory at the reception site is periodically changed.
  - 20. The method recited in claim 16 wherein the unique broadcast key provided to each transmission site and stored in the memory at the reception site is periodically changed.

21. A method for uniquely encrypting each of a plurality N of data sets at a transmission site for transmission to at least one reception site, said method comprising the steps of:
- (a) providing a broadcast key for each data set that is unique to that data set and a system key that is the same for each data set, said system key comprising a first number S of bits and each of said broadcast keys comprising a second number B of bits, wherein B is less than S;
  
  (b) convolving in a predetermined manner, for each data set, the system key and the broadcast key unique to that data set to generate a unique data encryption key for that data set, the unique data encryption key comprising a third number E of bits, E being at least greater than B;
  
  (c) encrypting each data set with the unique data encryption key generated for that set; and
  
  (d) transmitting each uniquely encrypted data set to the reception site;
  
  wherein there is stored, in a memory at the reception site, the system key and each of said broadcast keys regenerating at the reception site, for the purpose of decrypting any one of said encrypted sets of data, the unique data encryption keys used to encrypt each of said sets of data at the transmission site, the memory capacity necessary to store the system key and the broadcast keys at the reception site being no greater than ((N×
  
  B)+S) bits.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The method recited in claim 21 wherein the reception site is authorized to receive only a selected group of data sets and wherein the system key and only the broadcast keys for the selected group are stored in the memory at the reception site.
  - 23. The method recited in claim 21 wherein E is greater than or equal to S.
  - 24. The method recited in claim 21 comprising the further step of periodically changing the system key.
  - 25. The method recited in claim 21 comprising the further step of periodically changing the unique broadcast keys provided for each data set and stored at the reception site.

26. In a data transmission system wherein each of a plurality N of data sets is uniquely encrypted at a transmission site by (a) providing a broadcast key for each data set that is unique to that data set and a system key that is the same for each data set, said system key comprising a first number S of bits and each of said broadcast keys comprising a second number B of bits where B is less than S, (b) convolving in a predetermined manner, for each data set, the system key and the broadcast key unique to that data set to generate a unique data encryption key for that data set, and (c) encrypting each data set with the unique data encryption key generated for that set, and wherein each of the uniquely encrypted data sets is transmitted to at least one reception site, and further wherein there is stored, in a memory at the reception site, the system key and each of said broadcast keys, a method for decrypting a selected one of said uniquely encrypted data sets at the reception site comprising the steps of:
- (a) receiving the selected encrypted data set at the reception site;
  
  (b) retrieving from the memory at the reception site the system key and the broadcast key unique to the selected data set;
  
  (c) convolving the retrieved system key and retrieved broadcast key in said predetermined manner to reproduce the unique data encryption key generated at the transmission site; and
  
  (d) decrypting the encrypted data set with the reproduced encryption key;
  
  wherein the memory capacity necessary to store the system key and the broadcast keys at the reception site is no greater than ((N×
  
  B)+S) bits.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The method recited in claim 26 wherein the reception site is authorized to receive only a selected group of data sets and wherein the system key and only the broadcast keys for the selected group of data sets are stored in the memory at the reception site.
  - 28. The method recited in claim 26 wherein the unique data encryption key generated for each data set comprises a third number E of bits, and wherein E is greater than or equal to S.
  - 29. The method recited in claim 26 comprising the further step of periodically changing the system key.
  - 30. The method recited in claim 26 comprising the further step of periodically changing the unique broadcast keys provided for each data set and stored at the reception site.

31. In a pay television system wherein a plurality N of programmer sites each transmit program data to at least one reception site, and wherein each programmer encrypts the program data transmitted from that site with locally generated program keys, the program keys being transmitted by each programmer to the reception site along with the encrypted program data, and wherein there is a broadcast key unique to each programmer site and a system key that is the same for all programmer sites, said system key comprising a first number S of bits and each of said broadcast keys comprising a second number B of bits where B is less than S, a method for uniquely encrypting the program keys at a programmer site for transmission to the reception site comprising the steps of:
- (a) providing at the programmer site the system key and the broadcast key unique to that programmer site;
  
  (b) convolving, in a predetermined manner, the system key and the broadcast key for that programmer site to generate a unique encryption key for that programmer site, the unique encryption key comprising a third number E of bits, E being at least greater than B;
  
  (c) encrypting the program keys with the unique encryption key generated at that programmer site; and
  
  (d) transmitting the encrypted program keys to the reception site, there being stored, in a memory at the reception site, the system key and each of said broadcast keys for regenerating at the reception site, for the purpose of decrypting the encrypted program keys transmitted from any one of said programmer sites, the unique data encryption keys used to encrypt the program keys at each of said programmer sites;
  
  wherein the memory capacity necessary to store the system key and the broadcast keys at the reception site being no greater than ((N×
  
  B)+S) bits.
- View Dependent Claims (32, 33, 34, 35)
- - 32. The method recited in claim 31 wherein the reception site is authorized to receive program data and respective program keys from only a selected group of programmer sites and wherein the system key and only the broadcast keys of the selected group are stored in the memory at the reception site.
  - 33. The method recited in claim 31 wherein E is greater than or equal to S.
  - 34. The method recited in claim 31 comprising the further step of periodically changing the system key provided at the programmer site and stored in the memory at the reception site.
  - 35. The method recited in claim 31 comprising the further step of periodically changing the unique broadcast key provided at the programmer site and stored in the memory at the reception site.

36. In a pay television system wherein a plurality N of programmer sites each transmit program data to at least one reception site, and wherein each programmer encrypts the program data transmitted from that site with locally generated program keys, and wherein there is a broadcast key unique to each programmer site and a system key that is the same for all programmer sites, said system key comprising a first number S of bits and each of said broadcast keys comprising a second number B of bits where B is less than S, and wherein the program keys locally generated at each programmer site are encrypted by (a) providing at the programmer site the system key and the broadcast key unique to that programmer site, (b) convolving, in a predetermined manner, the system key and the broadcast key for that programmer site to generate a unique encryption key for that programmer site, and (c) encrypting the program keys at that programmer site with the unique encryption key generated at that programmer site, and wherein each programmer transmits its respective encrypted program keys and encrypted program data to the reception site, and further wherein there is stored, in a memory at the reception site, the system key and each of said broadcast keys, a method for decrypting, at the reception site, the program keys and program data transmitted from a selected one of the programmer sites comprising the steps of:
- (a) receiving the encrypted program data and the encrypted program keys transmitted from the selected programmer site;
  
  (b) retrieving from the memory at the reception site the system key and the broadcast key unique to the selected programmer site;
  
  (c) convolving the retrieved system key and retrieved broadcast key in said predetermined manner to reproduce the unique encryption key generated at the selected programmer site;
  
  (d) decrypting the encrypted program keys with the reproduced encryption key; and
  
  (e) decrypting the encrypted program data with the decrypted program keys;
  
  wherein the memory capacity necessary to store the system key and the broadcast keys at the reception site is no greater than ((N×
  
  B)+S) bits.

37. A data transmission system comprising a plurality N of transmission sites that each transmit a set of data to at least one reception site, there being a system key common to all transmission sites and a broadcast key unique to each site, said system key comprising a first number S of bits and each of said broadcast keys comprising a second number B of bits wherein B is less than S, each of said transmission sites having an encrypting apparatus comprising:
- means for convolving, in a predetermined manner, the system key and the broadcast key unique to that transmission site to generate a unique data encryption key for that site;
  
  an encryptor for encrypting a set of data with the unique data encryption key; and
  
  means for transmitting the encrypted set of data to the reception site, said reception site having a decrypting apparatus comprising;
  
  a memory for storing the system key and each of said broadcast keys, the storage capacity of the memory necessary to store the system key and each of the broadcast keys being no greater than ((N×
  
  B)+s) bits;
  
  means for receiving an encrypted set of data transmitted from a selected one of said transmission sites;
  
  means coupled to the memory for retrieving from the memory the system key and the broadcast key unique to the selected transmission site and for convolving the retrieved system key and the retrieved broadcast key in said predetermined manner to reproduce the unique data encryption key generated at the selected transmission site; and
  
  a decryptor that decrypts the received set of data with the reproduced encryption key.
- View Dependent Claims (38, 39, 40)
- - 38. The system recited in claim 37 wherein said unique data encryption key comprises a third number E of bits, and wherein E is greater than or equal to S.
  - 39. The system recited in claim 37 further comprising means for periodically changing the system key provided to each transmission site and stored in the memory at the reception site.
  - 40. The system recited in claim 37 further comprising means for periodically changing the unique broadcast key provided to each transmission site and stored in the memory at the reception site.

41. Encrypting apparatus for use in a data transmission system comprising a plurality N of transmission sites and at least one reception site wherein there is a system key common to all transmission sites and a broadcast key unique to each transmission site, said system key comprising a first number S of bits and each of said broadcast keys comprising a second number B of bits wherein B is less than S, said encrypting apparatus for use at one of said transmission sites and comprising:
- means for convolving, in a predetermined manner, the system key and the broadcast key unique to that transmission site to generate a unique data encryption key for that site;
  
  an encryptor for encrypting a set of data with the unique data encryption key; and
  
  means for transmitting the encrypted set of data to the reception site;
  
  wherein there is stored, in a memory at the reception site, the system key and each of said broadcast keys for regenerating at the reception site, for the purpose of decrypting the encrypted set of data transmitted from any one of said transmission sites, the unique data encryption keys used to encrypt said sets of data at each respective transmission site, the memory capacity necessary to store the system key and the broadcast keys at the reception site being no greater than ((N×
  
  B)+S) bits.

42. Decrypting apparatus for use in a data transmission system comprising a plurality N of transmission sites and at least one reception site wherein each transmission site is provided with a broadcast key unique to that transmission site and a system key that is the same for all transmission sites, said system key comprising a first number S of bits and each of said broadcast keys comprising a second number B of bits where B is less than S, and wherein at each transmission site the system key and the broadcast key unique to that site are convolved in a predetermined manner to generate a unique data encryption key, the unique data encryption key generated at each site being used at that site to encrypt a set of data for transmission to the reception site, said decrypting apparatus for use at the reception site and comprising:
- a memory for storing the system key and each of said broadcast keys, the storage capacity of the memory necessary to store the system key and the broadcast keys being no greater than ((N×
  
  B)+S) bits;
  
  means for receiving an encrypted set of data from a selected one of said transmission sites;
  
  means for retrieving from the memory the system key and the broadcast key of the selected transmission site from said memory;
  
  means for convolving the retrieved system key and the retrieved broadcast key in said predetermined manner to reproduce the unique data encryption key generated at the selected transmission site for encrypting the received set of data; and
  
  a decryptor for decrypting the received set of data with the reproduced encryption key.

43. Apparatus for uniquely encrypting a plurality N of data sets at a transmission site for transmission to at least one reception site wherein there is provided at the transmission site a broadcast key for each data set that is unique to that data set and a system key that is the same for each data set, said system key comprising a first number S of bits and each of said broadcast keys comprising a second number B of bits, B being less than S, said apparatus comprising:
- means for convolving, in a predetermined manner, the system key and the broadcast key of a selected data set to generate a unique data encryption key for that data set;
  
  an encryptor for encrypting a data set with the unique data encryption key generated for that data set; and
  
  means for transmitting an encrypted data set to the reception site;
  
  wherein there is stored, in a memory at the reception site, the system key and each of said broadcast keys for regenerating at the reception site, for the purpose of decrypting the encrypted set of data transmitted from any one of said transmission sites, the unique data encryption keys used to encrypt said sets of data at each respective transmission site, the memory capacity necessary to store the system key and the broadcast keys at the reception site being no greater than ((N×
  
  B)+S) bits.
- View Dependent Claims (44)
- - 44. Apparatus recited in claim 43 wherein said unique data encryption key comprises a third number E of bits, and wherein E is greater than or equal to S.

45. Decrypting apparatus for use in a data transmission system comprising a transmission site and at least one reception site wherein each of a plurality N of data sets is uniquely encrypted at the transmission site by (a) providing a broadcast key for each data set that is unique to that data set and a system key that is the same for each data set, said system key comprising a first number S of bits and each of said broadcast keys comprising a second number B of bits where B is less than S, (b) convolving in a predetermined manner, for each data set, the system key and the broadcast key unique to that data set to generate a unique data encryption key for that data set, and (c) encrypting each data set with the unique data encryption key generated for that set, and wherein each of the uniquely encrypted data sets is transmitted to the reception site, said decrypting apparatus for use at the reception site and comprising:
- a memory for storing the system key and each of said broadcast keys, the storage capacity of the memory necessary to store the system key and the broadcast keys being no greater than ((N×
  
  B)+S) bits;
  
  means for receiving a selected one of the encrypted data sets transmitted from the transmission site;
  
  means for retrieving from the memory the system key and the broadcast key unique to the selected data set;
  
  means for convolving the retrieved system key and the retrieved broadcast key in said predetermined manner to reproduce the unique data encryption key generated at the transmission site for encrypting the received selected data set; and
  
  a decryptor for decrypting the received data set with the reproduced encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Scientific-Atlanta Incorporated (Cisco Systems, Inc.)
Inventors
Wasilewski, Anthony J., Gammie, Keith
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US07/984,461
Time in Patent Office

629 Days
Field of Search

380/20, 380/21, 380/44, 380/45, 380/46, 380/50
US Class Current

380/212
CPC Class Codes

H04L 2209/601   Broadcast encryption

H04L 9/0833   involving conference or gro...

H04N 7/1675   Providing digital key or au...

Methods and apparatus for uniquely encrypting data at a plurality of data transmission sites for transmission to a reception site

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

272 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for uniquely encrypting data at a plurality of data transmission sites for transmission to a reception site

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

272 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links