Apparatus and method for local encryption control of a global transport data stream

US 5,937,067 A
Filed: 11/12/1996
Issued: 08/10/1999
Est. Priority Date: 11/12/1996
Status: Expired due to Term

First Claim

Patent Images

1. An encryption control system to process an input transport data stream into an output transport data stream, the input transport data stream including first entitlement management message data, the system comprising:

an input demultiplexer to cull the first entitlement management message data from the input transport data stream, the first entitlement management message data including an encrypted multi-session key;

a first secure microprocessor to process the first entitlement management message data to recover the multi-session key by decrypting the encrypted multi-session key using a first algorithm;

a second secure microprocessor to re-encrypt the multi-session key using a second algorithm and to format second entitlement management message data based on the first entitlement management message data with the re-encrypted multi-session key substituted for the encrypted multi-session key;

an output multiplexer to provide the output transport data stream based on the input transport data stream with the second entitlement management message data substituted for the first entitlement management message data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption control system to process an input transport data stream into an output transport data stream includes an input demultiplexer, a first secure microprocessor, a second secure microprocessor and an output multiplexer. The input transport data stream includes first entitlement managment message data. The input demultiplexer culls the first entitlement managment message data from the input transport data stream, the first entitlement management message data including an encrypted multi-session key. The first secure microprocessor processes the first entitlement management message data to recover the multi-session key by decrypting the encrypted multi-session key using a first algorithm. The second secure microprocessor re-encrypts the multi-session key using a second algorithm and formats second entitlement management message data based on the first entitlement management message data with the re-encrypted multi-session key substituted for the encrypted multi-session key. The output multiplexer provides the output transport data stream based on the input transport data stream with the second entitlement management message data substituted for the first entitlement management message data.

99 Citations

View as Search Results

7 Claims

1. An encryption control system to process an input transport data stream into an output transport data stream, the input transport data stream including first entitlement management message data, the system comprising:
- an input demultiplexer to cull the first entitlement management message data from the input transport data stream, the first entitlement management message data including an encrypted multi-session key;
  
  a first secure microprocessor to process the first entitlement management message data to recover the multi-session key by decrypting the encrypted multi-session key using a first algorithm;
  
  a second secure microprocessor to re-encrypt the multi-session key using a second algorithm and to format second entitlement management message data based on the first entitlement management message data with the re-encrypted multi-session key substituted for the encrypted multi-session key;
  
  an output multiplexer to provide the output transport data stream based on the input transport data stream with the second entitlement management message data substituted for the first entitlement management message data.
- View Dependent Claims (2)
- - 2. The system of claim 1, further comprising first and second decoders wherein:
    - the first decoder includes first circuitry for recovering the multi-session key from the first entitlement management message data, the first circuitry being incapable of recovering the multi-session key from the second entitlement management message data; and
      
      the second decoder includes second circuitry for recovering the multi-session key from the second entitlement management message data, the second circuitry being incapable of recovering the multi-session key from the first entitlement management message data.

3. An encryption control system to process an input transport data stream into an output transport data stream, the input transport data stream including first entitlement management message data, the system comprising:
- an input demultiplexer to cull the first entitlement management message data from the input transport data stream, the first entitlement management message data including an encrypted multi-session key;
  
  a first secure microprocessor to process the first entitlement management message data to recover the encrypted multi-session key by decrypting the encrypted multi-session key using a first secret serial number;
  
  a second secure microprocessor to re-encrypt the multi-session key using a second secret serial number and to format second entitlement management message data based on the first entitlement management message data with the re-encrypted multi-session key substituted for the encrypted multi-session key;
  
  an output multiplexer to provide the output transport data stream based on the input transport data stream with the second entitlement management message data substituted for the first entitlement management message data.

4. An encryption control system to process an input transport data stream into an output transport data stream, the input transport data stream including first entitlement control message data, the system comprising:
- a circuit for receiving a multi-session key;
  
  an input demultiplexer to cull the first entitlement control message data from the input transport data stream, the first entitlement control message data including encrypted seed data;
  
  a decryptor to process the first entitlement control message data to recover seed data by decrypting the encrypted seed data using the multi-session key and a first algorithm;
  
  an encryptor to process the recovered seed data using the multi-session key and a second algorithm to provide re-encrypted seed data and to format second entitlement control message data based on the first entitlement control message data with the re-encrypted seed data substituted for the encrypted seed data; and
  
  an output multiplexer to provide the output transport data stream based on the input transport data stream with the second entitlement control message data substituted for the first entitlement control message data.

5. An encryption control system to process an input transport data stream into an output transport data stream, the input transport data stream including first entitlement control message data and first encrypted service data, the system comprising:
- a circuit for receiving a multi-session key;
  
  an input demultiplexer to cull the first entitlement control message data and the first encrypted service data from the input transport data stream, the first entitlement control message data including encrypted seed data;
  
  a first decryptor to process the first entitlement control message data to recover first seed data by decrypting the encrypted seed data using the multi-session key;
  
  a second decryptor to process the first encrypted service data using the first seed data to recover unencrypted service data;
  
  a seed generator to generate second seed data;
  
  a first encryptor to process the second seed data using the multi-session key to provide re-encrypted seed data and to format second entitlement control message data based on the first entitlement control message data with the re-encrypted seed data substituted for the encrypted seed data;
  
  a second encryptor to process the unencrypted service data using the second seed data to provide second encrypted service data; and
  
  an output multiplexer to provide the output transport data stream based on the input transport data stream with the second entitlement control message data substituted for the first entitlement control message data and the second encrypted service data substituted for the first encrypted service data.

6. An information distribution system to broadcast a transport data stream through a repeater station to user stations, the transport data stream including first and second entitlement management message data, the first entitlement management message data including a multi-session key encrypted using a first algorithm, the second entitlement management message data including the multi-session key encrypted using a second algorithm, the-information distribution system comprising:
- a control center to transmit the transport data stream to the repeater station;
  
  a first user station to receive the transport data stream from the repeater station, the first user station providing the transport data stream to a first plurality of decoders without controlling the decoders'"'"' access to the transport data stream; and
  
  a second user station to receive the transport data stream from the repeater station, the second user station providing the transport data stream to a second plurality of decoders while controlling the decoders'"'"' access to the transport data stream.
- View Dependent Claims (7)
- - 7. The system of claim 6, wherein decoders of the first plurality of decoders recover the multi-session key from the first entitlement management message data by decryption based on the first algorithm, and wherein the second user station includes:
    - a circuit for recovering the multi-session key from the second entitlement management message data by decrypting the encrypted multi-session key based on the second algorithm;
      
      a memory to store a local key;
      
      an encryptor to re-encrypt the multi-session key using the local key and the second algorithm to provide third entitlement management message data; and
      
      an output multiplexer to provide a local data stream to the second plurality of decoders based on the transport data stream with the third entitlement management message data substituted for the second entitlement management message data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tech 5 SAS
Original Assignee
Scientific-Atlanta Incorporated (Cisco Systems, Inc.)
Inventors
Thatcher, William Bradford, Wasilewski, Anthony J.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/745,483
Time in Patent Office

1,001 Days
Field of Search

380/9, 380/10, 380/20, 380/21, 380/28, 380/44, 380/45, 380/46, 380/47, 380/49, 380/50, 380/59, 380/11, 380/12, 380/13, 380/14, 380/15, 380/16, 380/17, 380/18, 380/19, 380/23, 380/25
US Class Current

380/212
CPC Class Codes

H04N 21/2347   involving video stream encr...

H04N 21/2362   Generation or processing of...

H04N 21/26606   for generating or managing ...

H04N 21/4405   involving video stream decr...

H04N 21/4623   Processing of entitlement m...

H04N 7/1675   Providing digital key or au...

Apparatus and method for local encryption control of a global transport data stream

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

99 Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for local encryption control of a global transport data stream

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links