Apparatus and method for securing communication systems

US 5,590,200 A
Filed: 09/21/1994
Issued: 12/31/1996
Est. Priority Date: 12/09/1993
Status: Expired due to Term

First Claim

Patent Images

1. A subscriber unit in a hacking prevention system for use with a network including a transmitter which transmits information to a multiplicity of subscriber units, wherein each of the multiplicity of subscriber units is independently enabled by a descrambling secret number, and when enabled is responsive to data received from the transmitter for descrambling scrambled information, the subscriber unit comprising:

a packet receiver unit for receiving a data stream including a series of authorization packets, and a series of offset values, wherein each offset value in said series of offset values is paired with a corresponding authorization packet in said series of authorization packets;

a random number generator for providing a random number integer in the range between one and the total number of packets in said series of authorization packets;

a packet provider for providing to a removable smart card a selected packet, wherein said selected packet is a packet having a serial number in the series of authorization packets which is equal to said random number integer; and

a descrambler including;

a key receiver for receiving from said removable smart card a key which uniquely corresponds to said selected packet, and for receiving from said packet provider an offset value which is paired with said selected packet; and

a secret number generator utilizing the key with the offset value which is paired with said selected packet to produce said descrambling secret number,whereby said key and said selected packet intercepted at a first subscriber unit cannot be effective to enable a second subscriber unit.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A hacking prevention system and method wherein the descrambler receives a data stream including a series of authorization packets and a series of corresponding offset values. A random number is generated in the descrambler. Using this random number, a key is calculated, which corresponds to the authorization packet corresponding to the generated random number. This generated key and the offset value, which corresponds to the generated random number, are used to calculate the descrambling key.

147 Citations

29 Claims

1. A subscriber unit in a hacking prevention system for use with a network including a transmitter which transmits information to a multiplicity of subscriber units, wherein each of the multiplicity of subscriber units is independently enabled by a descrambling secret number, and when enabled is responsive to data received from the transmitter for descrambling scrambled information, the subscriber unit comprising:
- a packet receiver unit for receiving a data stream including a series of authorization packets, and a series of offset values, wherein each offset value in said series of offset values is paired with a corresponding authorization packet in said series of authorization packets;
  
  a random number generator for providing a random number integer in the range between one and the total number of packets in said series of authorization packets;
  
  a packet provider for providing to a removable smart card a selected packet, wherein said selected packet is a packet having a serial number in the series of authorization packets which is equal to said random number integer; and
  
  a descrambler including;
  
  a key receiver for receiving from said removable smart card a key which uniquely corresponds to said selected packet, and for receiving from said packet provider an offset value which is paired with said selected packet; and
  
  a secret number generator utilizing the key with the offset value which is paired with said selected packet to produce said descrambling secret number,whereby said key and said selected packet intercepted at a first subscriber unit cannot be effective to enable a second subscriber unit.
- View Dependent Claims (2, 3, 4)
- - 2. A subscriber unit according to claim 1 and wherein the packet receiver unit, the random number generator, the packet provider, and the descrambler are embodied in a single VLSI chip.
  - 3. A system according to claim 2 wherein each of said multiplicity of subscriber units comprises said single VLSI chip.
  - 4. A subscriber unit according to claim 1 and wherein said network is a CATV network and said subscriber units are CATV receivers and decoders.

5. A hacking prevention method for use with a network including a transmitter which transmits information to a multiplicity of subscriber units, wherein each of the multiplicity of subscriber units is independently enabled by a descrambling secret number, and when enabled is responsive to data received from the transmitter for descrambling scrambled information, the method comprising the steps of:
- receiving a data stream including a series of authorization packets, and a series of offset values, wherein each offset value in said series of offset values is paired with a corresponding authorization packet in said series of authorization packets;
  
  generating a random number integer in the range between one and the total number of packets in said series of authorization packets;
  
  providing a selected packet, wherein said selected packet is a packet having a serial number in the series of authorization packets which is equal to said random number integer;
  
  producing a key which uniquely corresponds to said selected packet; and
  
  generating a descrambling secret number which is the same for all of said multiplicity of subscriber units by utilizing the key with the offset value which is paired with said selected packet,whereby said key and said selected packet intercepted at a first subscriber unit cannot be effective to enable a second subscriber unit.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. A hacking prevention method according to claim 5 and wherein the step of generating a random number integer and the step of generating a descrambling secret number are executed in a single VLSI chip.
  - 7. A hacking prevention method according to claim 5 and wherein the step of producing a key, the step of generating a random number integer and the step of generating a descrambling secret number are all executed in each one of said multiplicity of subscriber units.
  - 8. A hacking prevention method according to claim 5 and wherein said method is employed in a CATV network and wherein said step of generating a random number integer and said step of generating a descrambling secret number are executed in CATV receivers and decoders.
  - 9. A hacking prevention method according to claim 5 and wherein said step of generating a random number integer, said step of generating a descrambling secret number, and said step of producing a key are executed in a single VLSI chip.
  - 10. A hacking prevention method according to claim 5 and wherein said step of generating a random number integer and said step of generating a descrambling secret number are executed in a first VLSI chip, and said step of producing the key is generated in a second VLSI chip.
  - 11. A hacking prevention method according to claim 5 and wherein said step of generating a random number integer and said step of generating a descrambling secret number are executed in each one of said multiplicity of subscriber units, and said step of producing a key is executed in each one of a multiplicity of smart cards, each associated with one of said multiplicity of subscriber units.

12. A subscriber unit in a system for selective transmission of information to a multiplicity of subscribers which subscribers may be individually characterized by at least one of the following parameters:
- information suppliers, geographic locations, and demographics, wherein information is transmitted from an information source to a multiplicity of subscribers which fall into different groups according to at least one of said parameters, each group being entitled to receive at least a portion of the information, the system being employed in a network including a transmitter and a multiplicity of subscriber units, wherein each of the multiplicity of subscriber units is associated with a subscriber and is independently enabled by a descrambling secret number and when enabled being responsive to data received from the transmitter for descrambling scrambled information, the subscriber unit comprising;
  
  a packet receiver unit for receiving a data stream including a series of authorization packets, a first series of offset values, and a second series of offset values, wherein each offset value in said first series of offset values is paired with a corresponding authorization packet in said series of authorization packets, and each offset value in said second series of offset values identifies a group of subscribers characterized by at least one of said parameters;
  
  a random number generator for providing a random number integer in the range between one and the total number of packets in said series of authorization packets;
  
  a packet provider for providing to a removable smart card a selected packet, wherein said selected packet is a packet having a serial number in the series of authorization packets which is equal to said random number integer; and
  
  a descrambler including;
  
  a key receiver for receiving from said removable smart card a key which uniquely corresponds to said, selected packet, and for receiving from said packet provider a first offset value which is paired with said selected packet, and a second offset value which identifies said subscriber unit as belonging to a group of subscribers characterized by at least one of said parameters; and
  
  a secret number generator utilizing the key, the first offset value which is paired with said selected packet, and the second offset value to produce said descrambling secret number,whereby said key and said selected packet intercepted at a first subscriber unit cannot be effective to enable a second subscriber unit, andwhereby said second offset value intercepted at a subscriber unit which forms part of a first group of subscriber units cannot be effective to enable a subscriber unit which forms part of a second group of subscriber units.
- View Dependent Claims (13, 14, 15)
- - 13. A subscriber unit according to claim 12 and wherein the packet receiver unit, the random number generator, the packet provider and the descrambler are embodied in a single VLSI chip.
  - 14. A system according to claim 13 wherein each of said multiplicity of subscriber units comprises said single VLSI chip.
  - 15. A subscriber unit according to claim 12 and wherein said network is a CATV network and said subscriber units are CATV receivers and decoders.

16. A method for selective transmission of information to a multiplicity of subscribers which subscribers may be individually characterized by at least one of the following parameters:
- information suppliers, geographic locations, and demographics, wherein information is transmitted from an information source to a multiplicity of subscribers which fall into different groups according to at least one of said parameters, each group being entitled to receive at least a portion of the information, the method being employed in a network including a transmitter and a multiplicity of subscriber units, wherein each subscriber unit is associated with a subscriber and is independently enabled by a descrambling secret number and when enabled is responsive to data received from the transmitter for descrambling scrambled information, the method comprising the steps of;
  
  receiving a data stream including a series of authorization packets, a first series of offset values, and a second series of offset values, wherein each offset value in said first series of offset values is paired with a corresponding authorization packet in said series of authorization packets, and each offset value in said second series of offset values identifies a group of subscribers characterized by at least one of said parameters;
  
  generating a random number integer in the range between one and the total number of packets in said series of authorization packets;
  
  providing a selected packet, wherein said selected packet is a packet having a serial number in the series of authorization packets which is equal to said random number integer;
  
  producing a key which uniquely corresponds to said selected packet; and
  
  generating, at a subscriber unit, a descrambling secret number which is the same for all of said multiplicity of subscriber units by utilizing the key, a first offset value which is paired with said selected packet, and a second offset value which identifies said subscriber unit as belonging to a group of subscribers characterized by at least one of said parameters,whereby said key and said selected packet intercepted at a first subscriber unit cannot be effective to enable a second subscriber unit, andwhereby said second offset value intercepted at a subscriber unit which forms part of a first group of subscriber units cannot be effective to enable a subscriber unit which forms part of a second group of subscriber units.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. A method according to claim 16 and wherein the step of generating a random number integer and the step of generating a descrambling secret number are executed in a single VLSI chip.
  - 18. A method according to claim 16 and wherein the step of producing a key, the step of generating a random number integer, and the step of generating a descrambling secret number are all executed in each one of said multiplicity of subscriber units.
  - 19. A method according to claim 16 and wherein said method is employed in a CATV network and wherein said step generating a random number integer and said step of generating a descrambling secret number are executed in CATV receivers and decoders.
  - 20. A method according to claim 16 and wherein said step of generating a random number integer, said step of generating a descrambling secret number, and said step of producing a key are executed in a single VLSI chip.
  - 21. A method according to claim 16 and wherein said step of generating a random number integer and said step of generating a descrambling secret number are executed in a first VLSI chip, and said step of producing a key is generated in a second VLSI chip.
  - 22. A method according to claim 16 and wherein said step of generating a random number integer and said step of generating a descrambling secret number are executed in each one of said multiplicity of subscriber units, and said step of producing a key is executed in each one of a multiplicity of smart cards, each associated with one of said multiplicity of subscriber units.

23. A hacking prevention system comprising:
- a communication network;
  
  a transmitter for transmitting, via said communication network, scrambled information associated with a series of authorization packets which are employed to authorize subscribers to access the information in clear form, and with a series of offset values, wherein each offset value in said series of offset values is paired with a corresponding authorization packet in said series of authorization packets; and
  
  a multiplicity of subscriber units, each including;
  
  a communication receiver and decoder which is operative to receive said scrambled information, said series of authorization packets and said series of offset values, and to provide an output including a selected one of said authorization packets, selected in accordance with a random number algorithm; and
  
  a smart card, coupled to said communication receiver and decoder, and operative to receive said output including a selected one of said authorization packets and to provide to said communication receiver and decoder a key which uniquely corresponds to said selected one of said authorization packets, whereinsaid communication receiver and decoder employs said key and an offset value which is paired with said selected one of said authorization packets to generate a secret number which is used by said communication receiver and decoder to descramble said scrambled information, said secret number being the same for all of said multiplicity of subscriber units.

24. A hacking prevention system comprising:
- a communication network;
  
  a transmitter for transmitting, via said communication network, scrambled information associated with a series of authorization packets which are employed to authorize subscribers to access the information in clear form, with a first series of offset values, and with a second series of offset values, wherein each offset value in said first series of offset values is paired with a corresponding authorization packet in said series of authorization packets, and each offset value in said second series of offset values identifies a group of subscribers characterized by at least one of the following parameters;
  
  information suppliers, geographic locations, and demographics; and
  
  a multiplicity of subscriber units, each including;
  
  a communication receiver and decoder which is operative to receive said scrambled information, said series of authorization packets, said series of first offset values, and said series of second offset values, and to provide an output including a selected one of said authorization packets, selected in accordance with a random number algorithm; and
  
  a smart card, coupled to said communication receiver and decoder, and operative to receive said output including a selected one of said authorization packets and to provide to said communication receiver and decoder a key which uniquely corresponds to said selected one of said authorization packets, whereinsaid communication receiver and decoder employs said key, a first offset value which is paired with said selected one of said authorization packets, and a second offset value which identifies said communication receiver and decoder as being part of a subscriber unit which belongs to a group of subscribers characterized by at least one of said parameters to generate a secret number which is used by said communication receiver and decoder to descramble said scrambled information, said secret number being the same for all of said multiplicity of subscriber units.

25. A subscriber unit for use with a network including a transmitter which transmits information to a multiplicity of subscriber units, wherein each of the multiplicity of subscriber units is independently enabled by a decrypting secret number, and when enabled being responsive to data received from the transmitter for decrypting encrypted information, the subscriber unit comprising:
- a packet receiver unit for receiving, via said network, a data stream including a series of authorization packets, and a series of offset values, wherein each offset value in said series of offset values is paired with a corresponding authorization packet in said series of authorization packets;
  
  a random number generator for providing a random number integer in the range between one and the total number of packets in said series of authorization packets;
  
  a packet provider for providing to a removable smart card a selected packet, wherein said selected packet is a packet having a serial number in the series of authorization packets which is equal to said random number integer; and
  
  a decrypter including;
  
  a key receiver for receiving from said removable smart card a key which uniquely corresponds to said selected packet, and for receiving from said packet provider an offset value which is paired with said selected packet; and
  
  a secret number generator utilizing the key with the offset value which is paired with said selected packet to produce said decrypting secret number,whereby said key and said selected packet intercepted at a first subscriber unit cannot be effective to enable a second subscriber unit.

26. A subscriber unit for use with a network including a transmitter which transmits information to a multiplicity of subscriber units, wherein each of the multiplicity of subscriber units is independently enabled by a descrambling secret number, and when enabled being responsive to data received from the transmitter for descrambling scrambled information, the subscriber unit comprising:
- a packet receiver unit for receiving, via said network, a data stream including a series of authorization packets, and a series of offset values, wherein each offset value in said series of offset values is paired with a corresponding authorization packet in said series of authorization packets;
  
  a random number generator for providing a random number integer in the range between one and the total number of packets in said series of authorization packets;
  
  a packet provider for providing a selected packet, wherein said selected packet is a packet having a serial number in the series of authorization packets which is equal to said random number integer; and
  
  a descrambler including;
  
  a key receiver for receiving from said packet provider said selected packet and an offset value which is paired with said selected packet;
  
  a key producer for producing a key which uniquely corresponds to said selected packet; and
  
  a secret number generator utilizing the key with the offset value which is paired with said selected packet to produce said descrambling secret number,whereby said selected packet and said offset value which is paired with said selected packet intercepted at a first subscriber unit cannot be effective to enable a second subscriber unit.

27. A subscriber unit in a system for selective transmission of information to a multiplicity of subscribers which subscribers may be individually characterized by at least one of the following parameters:
- information suppliers, geographic locations, and demographics, wherein information is transmitted from an information source to a multiplicity of subscribers which fall into different groups according to at least one of said parameters, each group being entitled to receive at least a portion of the information, the system being employed in a network including a transmitter and a multiplicity of subscriber units, wherein each of the multiplicity of subscriber units is associated with a subscriber and is independently enabled by a descrambling secret number and when enabled being responsive to data received from the transmitter for descrambling scrambled information, the subscriber unit comprising;
  
  a packet receiver unit for receiving, via said network, a data stream including a series of authorization packets, a first series of offset values, and a second series of offset values, wherein each offset value in said first series of offset values is paired with a corresponding authorization packet in said series of authorization packets, and each offset value in said second series of offset values identifies a group of subscribers characterized by at least one of said parameters;
  
  a random number generator for providing a random number integer in the range between one and the total number of packets in said series of authorization packets;
  
  a packet provider for providing a selected packet, wherein said selected packet is a packet having a serial number in the series of authorization packets which is equal to said random number integer; and
  
  a descrambler including;
  
  a key receiver for receiving from said packet provider said selected packet, a first offset value which is paired with said selected packet, and a second offset value which identifies said subscriber unit as belonging to a group of subscribers characterized by at least one of said parameters;
  
  a key producer for producing a key which uniquely corresponds to said selected packet; and
  
  a secret number generator utilizing the key, the first offset value which is paired with said selected packet, and the second offset value to produce said descrambling secret number,whereby said selected packet, said first offset value and said second offset value intercepted at a subscriber unit which forms part of a first group of subscriber units cannot be effective to enable a subscriber unit which forms part of a second group of subscriber units.

28. A hacking prevention method comprising:
- providing a communication network including a transmitter and a multiplicity of subscriber units;
  
  transmitting, via said communication network, scrambled information associated with a series of authorization packets which are employed to authorize subscribers to access the information in clear form, and with a series of offset values, wherein each offset value in said series of offset values is paired with a corresponding authorization packet in said series of authorization packets;
  
  receiving, at a subscriber unit, said scrambled information, said series of authorization packets and said series of offset values;
  
  coupling a removable smart card to said subscriber unit;
  
  outputting, to said smart card, a selected one of said authorization packets, selected in accordance with a random number algorithm;
  
  employing, at said smart card, the selected one of said authorization packets received thereat to produce a key which uniquely corresponds to said selected one of said authorization packets;
  
  transmitting said key to the subscriber unit; and
  
  generating, at said subscriber unit, a secret number by employing said key and an offset value which is paired with said selected one of said authorization packets, wherein said secret number is used by said subscriber unit to descramble said scrambled information.

29. A hacking prevention method comprising:
- providing a communication network including a transmitter and a multiplicity of subscriber units;
  
  transmitting, via said communication network, scrambled information associated with a series of authorization packets which are employed to authorize subscribers to access the information in clear form, with a first series of offset values, and with a second series of offset values, wherein each offset value in said first series of offset values is paired with a corresponding authorization packet in said series of authorization packets, and each offset value in said second series of offset values identifies a group of subscribers characterized by at least one of the following parameters;
  
  information suppliers, geographic locations, and demographics;
  
  receiving, at a subscriber unit, said scrambled information, said series of authorization packets, said series of first offset values, and said series of second offset values;
  
  coupling a removable smart card to said subscriber unit;
  
  outputting, to said smart card, a selected one of said authorization packets, selected in accordance with a random number algorithm;
  
  employing, at said smart card, the selected one of said authorization packets received thereat to produce a key which uniquely corresponds to said selected one of said authorization packets;
  
  transmitting said key to the subscriber unit; and
  
  generating, at said subscriber unit, a secret number by employing said key, a first offset value which is paired with said selected one of said authorization packets, and a second offset value which identifies the subscriber unit as belonging to a group of subscribers characterized by at least one of said parameters, wherein said secret number is used by said subscriber unit to descramble said scrambled information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
News Datacom Ltd (Cisco Systems, Inc.)
Inventors
Tsuria, Yossef, Nachman, Jacob B.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
SAYADIAN, HRAYR

Application Number

US08/309,807
Time in Patent Office

832 Days
Field of Search

380/23, 380/25, 380/44, 380/46, 380/47, 380/49, 380/21
US Class Current

380/46
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/0833   involving conference or gro...

H04L 9/0877   using additional device, e....

H04N 21/4181   for conditional access

H04N 21/4367   Establishing a secure commu...

H04N 21/4623   Processing of entitlement m...

H04N 7/163   by receiver means only

H04N 7/1675   Providing digital key or au...

Apparatus and method for securing communication systems

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

147 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for securing communication systems

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

147 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links