Apparatus and method for local encryption control of a global transport data stream
First Claim
1. An encryption control system to process an input transport data stream into an output transport data stream, the input transport data stream including first entitlement management message data, the system comprising:
- an input demultiplexer to cull the first entitlement management message data from the input transport data stream, the first entitlement management message data including an encrypted multi-session key;
a first secure microprocessor to process the first entitlement management message data to recover the multi-session key by decrypting the encrypted multi-session key using a first algorithm;
a second secure microprocessor to re-encrypt the multi-session key using a second algorithm and to format second entitlement management message data based on the first entitlement management message data with the re-encrypted multi-session key substituted for the encrypted multi-session key;
an output multiplexer to provide the output transport data stream based on the input transport data stream with the second entitlement management message data substituted for the first entitlement management message data.
4 Assignments
0 Petitions
Accused Products
Abstract
An encryption control system to process an input transport data stream into an output transport data stream includes an input demultiplexer, a first secure microprocessor, a second secure microprocessor and an output multiplexer. The input transport data stream includes first entitlement managment message data. The input demultiplexer culls the first entitlement managment message data from the input transport data stream, the first entitlement management message data including an encrypted multi-session key. The first secure microprocessor processes the first entitlement management message data to recover the multi-session key by decrypting the encrypted multi-session key using a first algorithm. The second secure microprocessor re-encrypts the multi-session key using a second algorithm and formats second entitlement management message data based on the first entitlement management message data with the re-encrypted multi-session key substituted for the encrypted multi-session key. The output multiplexer provides the output transport data stream based on the input transport data stream with the second entitlement management message data substituted for the first entitlement management message data.
99 Citations
7 Claims
-
1. An encryption control system to process an input transport data stream into an output transport data stream, the input transport data stream including first entitlement management message data, the system comprising:
-
an input demultiplexer to cull the first entitlement management message data from the input transport data stream, the first entitlement management message data including an encrypted multi-session key; a first secure microprocessor to process the first entitlement management message data to recover the multi-session key by decrypting the encrypted multi-session key using a first algorithm; a second secure microprocessor to re-encrypt the multi-session key using a second algorithm and to format second entitlement management message data based on the first entitlement management message data with the re-encrypted multi-session key substituted for the encrypted multi-session key; an output multiplexer to provide the output transport data stream based on the input transport data stream with the second entitlement management message data substituted for the first entitlement management message data. - View Dependent Claims (2)
-
-
3. An encryption control system to process an input transport data stream into an output transport data stream, the input transport data stream including first entitlement management message data, the system comprising:
-
an input demultiplexer to cull the first entitlement management message data from the input transport data stream, the first entitlement management message data including an encrypted multi-session key; a first secure microprocessor to process the first entitlement management message data to recover the encrypted multi-session key by decrypting the encrypted multi-session key using a first secret serial number; a second secure microprocessor to re-encrypt the multi-session key using a second secret serial number and to format second entitlement management message data based on the first entitlement management message data with the re-encrypted multi-session key substituted for the encrypted multi-session key; an output multiplexer to provide the output transport data stream based on the input transport data stream with the second entitlement management message data substituted for the first entitlement management message data.
-
-
4. An encryption control system to process an input transport data stream into an output transport data stream, the input transport data stream including first entitlement control message data, the system comprising:
-
a circuit for receiving a multi-session key; an input demultiplexer to cull the first entitlement control message data from the input transport data stream, the first entitlement control message data including encrypted seed data; a decryptor to process the first entitlement control message data to recover seed data by decrypting the encrypted seed data using the multi-session key and a first algorithm; an encryptor to process the recovered seed data using the multi-session key and a second algorithm to provide re-encrypted seed data and to format second entitlement control message data based on the first entitlement control message data with the re-encrypted seed data substituted for the encrypted seed data; and an output multiplexer to provide the output transport data stream based on the input transport data stream with the second entitlement control message data substituted for the first entitlement control message data.
-
-
5. An encryption control system to process an input transport data stream into an output transport data stream, the input transport data stream including first entitlement control message data and first encrypted service data, the system comprising:
-
a circuit for receiving a multi-session key; an input demultiplexer to cull the first entitlement control message data and the first encrypted service data from the input transport data stream, the first entitlement control message data including encrypted seed data; a first decryptor to process the first entitlement control message data to recover first seed data by decrypting the encrypted seed data using the multi-session key; a second decryptor to process the first encrypted service data using the first seed data to recover unencrypted service data; a seed generator to generate second seed data; a first encryptor to process the second seed data using the multi-session key to provide re-encrypted seed data and to format second entitlement control message data based on the first entitlement control message data with the re-encrypted seed data substituted for the encrypted seed data; a second encryptor to process the unencrypted service data using the second seed data to provide second encrypted service data; and an output multiplexer to provide the output transport data stream based on the input transport data stream with the second entitlement control message data substituted for the first entitlement control message data and the second encrypted service data substituted for the first encrypted service data.
-
-
6. An information distribution system to broadcast a transport data stream through a repeater station to user stations, the transport data stream including first and second entitlement management message data, the first entitlement management message data including a multi-session key encrypted using a first algorithm, the second entitlement management message data including the multi-session key encrypted using a second algorithm, the-information distribution system comprising:
-
a control center to transmit the transport data stream to the repeater station; a first user station to receive the transport data stream from the repeater station, the first user station providing the transport data stream to a first plurality of decoders without controlling the decoders'"'"' access to the transport data stream; and a second user station to receive the transport data stream from the repeater station, the second user station providing the transport data stream to a second plurality of decoders while controlling the decoders'"'"' access to the transport data stream. - View Dependent Claims (7)
-
Specification