Preventing replay attacks on digital information distributed by network service providers

US 6,005,938 A
Filed: 12/16/1996
Issued: 12/21/1999
Est. Priority Date: 12/16/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method of protecting a given encrypted instance of a service that a service provider provides via a network to a subscriber,the method being practiced in apparatus by means of which the subscriber accesses instances of the service for limited periods of time and the method comprising the steps of:

receiving a first message from the service provider, the first message including at least a period specifier which specifies a given period of time and an authorization for the service;

receiving a second message from the service provider, the second message being associated with the given instance and including at least an identification of the service, a time specifier which specifies a time, and first decryption information for the given instance;

receiving the given instance; and

using the first decryption information and second decryption information accessible to the apparatus to decrypt the given instance only if the identification of the service from the second message indicates the same service as the authorization therefor from the first message and the time specified by the time specifier from the second message is within the period specified by the period specifier from the first message.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for preventing replay attacks on digital information distributed by network service providers. At the beginning of a subscription period for a service, a network service provider sends entitlement messages to the subscriber which provide the subscriber for the service with a session key and authorization information. The authorization information specifies a service and a period of time. When an encrypted instance of a service is distributed on the network, it is accompanied by a series of entitlement control messages. Each of the messages includes a value which can be used with the session key to obtain a control word for decrypting the encrypted instance and a time specifier. The subscriber equipment which decrypts the instance of the service does so only if the time specifier in the entitlement control message specifies a time within the time period specified by the authorization information.

180 Citations

42 Claims

1. A method of protecting a given encrypted instance of a service that a service provider provides via a network to a subscriber,the method being practiced in apparatus by means of which the subscriber accesses instances of the service for limited periods of time and the method comprising the steps of:
- receiving a first message from the service provider, the first message including at least a period specifier which specifies a given period of time and an authorization for the service;
  
  receiving a second message from the service provider, the second message being associated with the given instance and including at least an identification of the service, a time specifier which specifies a time, and first decryption information for the given instance;
  
  receiving the given instance; and
  
  using the first decryption information and second decryption information accessible to the apparatus to decrypt the given instance only if the identification of the service from the second message indicates the same service as the authorization therefor from the first message and the time specified by the time specifier from the second message is within the period specified by the period specifier from the first message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method set forth in claim 1 wherein:
    - the period specifier specifies an expiration time; and
      
      the step of using the first and second decryption information is performed only if the time specified by the time specifier is no later than the expiration time.
  - 3. The method set forth in claim 1 wherein:
    - the period specifier specifies an earliest valid time; and
      
      the step of using the first and second decryption information is performed only if the time specified by the time specifier is later than the earliest valid time.
  - 4. The method set forth in claim 1 wherein:
    - the period specifier specifies the period by means of a first time and a second time; and
      
      the step of using the first and second decryption information is performed only if the time specified by the time specifier is in the period specified by the first time and the second time.
  - 5. The method set forth in any of claims 1 through 4 wherein:
    - any of the steps of receiving the first message or receiving the second message receives the first message or the second message from the network.
  - 6. The method set forth in any of claims 1 through 4 wherein:
    - the apparatus has an address for receiving messages;
      
      the method includes the step of storing the period specifier and the authorization in the apparatus; and
      
      the apparatus performs the step of storing only if the first message is addressed to the apparatus.
  - 7. The method set forth in any of claims 1 through 4 whereinthe apparatus includes a secure memory,the first message is encrypted, andthe method further comprises the step of:
    - decrypting the first message and storing the first message in the secure memory.
  - 8. The method set forth in claim 7 wherein:
    - the first message further includes a digest value which is a result of a function applied at least to the values of the period specifier and the authorization;
      
      the digest value is encrypted in the first message differently from the remainder of the first message; and
      
      the method further includes the steps ofdecrypting the digest value;
      
      using the function to derive a new digest value from at least the decrypted period specifier and authorization; and
      
      storing the decrypted period specifier and authorization in the secure memory only if the digest value and the new digest value are the same.
  - 9. The method set forth in claim 8 wherein:
    - at least the period specifier and the authorization are encrypted using a public key belonging to the apparatus and the digest value is encrypted using a private key belonging to the service provider.
  - 10. The method set forth in any of claims 1 through 4 whereinthe service provider provides a plurality of the services,the authorization specifies a subset of the plurality of the services, andthe second decryption information includes a plurality of session keys for the plurality of services;
    - andthe step of using the first and second decryption information employs a given one of the session keys corresponding to the service to which the instance belongs to decrypt the given instance and does not decrypt the given instance unless the identification of the service from the second message indicates one of the services specified in the authorization.
  - 11. The method set forth in any of claims 1 through 4 wherein:
    - the second decryption information is an integer value;
      
      the first decryption information is a session key; and
      
      the step of using the first and second decryption information includes the steps ofusing the integer value and the session key to generate an instance key for the given instance andusing the instance key to decrypt the instance.

12. A method of protecting a given encrypted instance of a service that a service providerprovides via a network to a subscriber,the method comprising the steps performed by the service provider of:
- sending a first message to apparatus by means of which the subscriber accesses instances of the service for limited periods of time, the first message including at least a period specifier which specifies a given period of time and an authorization for the service;
  
  sending a second message to the apparatus, the second message being associated with the given instance and including at least an identification of the service, a time specifier which specifies a time, and first decryption information for the given instance, andsending the given instance via the network to the apparatus, the apparatus using the first decryption information and second decryption information accessible to the apparatus to decrypt the given instance only if the identification of the service from the second message indicates the same service as the authorization therefor from the first message and the time specified by the time specifier from the second message is within the period specified by the period specifier from the first message.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method set forth in claim 12 wherein:
    - the period specifier specifies an expiration time; and
      
      the apparatus uses the first and second decryption information only if the time specified by the time specifier is no later than the expiration time.
  - 14. The method set forth in claim 12 wherein:
    - the period specifier specifies an earliest valid time; and
      
      the apparatus uses the first and second decryption information only if the time specified by the time specifier is later than the earliest valid time.
  - 15. The method set forth in claim 12 wherein:
    - the period specifier specifies the period by means of a first time and a second time; and
      
      the apparatus uses the first and second decryption information only if the time specified by the time specifier is in the period specified by the first time and the second time.
  - 16. The method set forth in any of claims 12 through 15 wherein:
    - any of the steps of sending the first message or sending the second message sends the first message or the second message via the network.
  - 17. The method set forth in any of claims 12 through 15 wherein:
    - the apparatus has an address for receiving messages; and
      
      the step of sending the first message sends the first message to the address.
  - 18. The method set forth in any of claims 12 through 15 whereinthe apparatus includes a secure memory and the method further comprises the step of:
    - encrypting the first message,the apparatus decrypting the first message and storing the first message in the secure memory.
  - 19. The method set forth in claim 18 wherein the method further includes the steps of:
    - making a digest value which is a result of a function applied at least to the values of the period specifier and the authorization;
      
      encrypting the digest value differently from the period specifier and the authorization; and
      
      adding the encrypted digest value to the message,the apparatus operating to decrypt the digest value, use the function to derive a new digest value from at least the decrypted period specifier and authorization, and store the decrypted period specifier and authorization in the secure memory only if the digest value and the new digest value are the same.
  - 20. The method set forth in claim 19 wherein the step of encrypting the first message includes the steps ofencrypting at least the period specifier and the authorization using a public key belonging to the apparatus and encrypting the digest value using a private key belonging to the service provider.
  - 21. The method set forth in any of claims 12 through 15 whereinthe service provider provides a plurality of the services,the authorization specifies a subset of the plurality of the services, andthe second decryption information includes a plurality of session keys for the plurality of services;
    - andthe apparatus employs a given one of the session keys corresponding to the service to which the instance belongs to decrypt the given instance and does not decrypt the given instance unless the identification of the service from the second message indicates one of the services specified in the authorization.
  - 22. The method set forth in any of claims 12 through 15 wherein:
    - the first decryption information is an integer value;
      
      the second decryption information is a session key; and
      
      the apparatus uses the integer value and the session key to generate an instance key for the given instance and uses the instance key to decrypt the instance.

23. An entitlement management message used in a system for providing encrypted instances of services to subscribers via a network, the subscribers accessing the instances by means of apparatus coupled to the network and each subscriber having subscribed for access to instances of the service for a period of time,the entitlement management message comprising:
- a period specifier which specifies the period of time andan authorization for the service;
  
  the apparatus responding to the entitlement management message by storing the contents thereof for later use in determining whether to decrypt an instance of the service.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. The entitlement management message set forth in claim 23 wherein:
    - the period specifier specifies an expiration time.
  - 25. The entitlement management message set forth in claim 23 wherein:
    - the period specifier specifies an earliest valid time.
  - 26. The entitlement management message set forth in claim 23 wherein:
    - the period specifier specifies the period by means of a first time and a second time.
  - 27. The entitlement management message of claim 23 wherein:
    - the contents of the entitlement management message are encrypted,the apparatus further responding to the entitlement management message by decrypting the contents thereof.
  - 28. The entitlement management message of claim 27 further comprising:
    - a digest value which is a result of a function applied at least to the values of the period specifier and the authorization, the digest value being encrypted differently from the remainder of the first message.
  - 29. The entitlement management message of claim 28 wherein:
    - at least the period specifier and the authorization are encrypted using a public key belonging to the apparatus and the digest value is encrypted using a private key belonging to the service provider.
  - 30. The entitlement management message of claim 23 wherein:
    - the service provider provides a plurality of the services; and
      
      the authorization specifies a subset of the plurality of the services.

31. An entitlement control message used in a system for providing encrypted instances of services to subscribers via a network, the subscribers accessing the instances by means of apparatus coupled to the network and each subscriber having subscribed for access to instances of the service for a period of time,the entitlement control message being associated with an instance and comprising:
- an identification of the service;
  
  a time specifier which specifies a time; and
  
  first decryption information for the given instance,the apparatus using previously-stored second decryption information and the first decryption information to decrypt the given instance only if the identification of the service from the entitlement control message indicates the same service as a previously-stored authorization therefor and the time specified by the time specifier is within a period specified by a previously-stored period specifier.
- View Dependent Claims (32)
- - 32. The entitlement control message set forth in claim 31 herein:
    - the first decryption information is an integer value,the second decryption information being a session key and the apparatus employing the integer value and the session key to generate an instance key and employing the instance key to decrypt the instance.

33. Apparatus coupled to a network for accessing encrypted instances of a service which a service provider provides to a subscriber via the network, the subscriber being permitted by the service provider to access instances of the service for limited periods of time and the apparatus comprising:
- a receiver that receives messages and the instances from the service provider via the network;
  
  a processor coupled to the receiver that processes the messages; and
  
  a decrypter coupled to the processor and the receiver that decrypts the instances, the messages includinga first message including at least a period specifier which specifies a given period of time and an authorization for the service anda second message associated with the given instance and including at least an identification of the service, a time specifier which specifies a time, and first decryption information for the given instance andthe receiver receiving the first and second messages and providing them to the processor,the processor using the first decryption information and second decryption information accessible to the apparatus to enable the decrypter to decrypt an instance received in the receiver only if the processor determines that the identification of the service from the second message indicates the same service as the authorization therefor from the first message and the time specified by the time specifier from the second message is within the period specified by the period specifier from the first message.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 34. The apparatus set forth in claim 33 wherein:
    - the period specifier specifies an expiration time; and
      
      the processor uses the first and second decryption information to enable the decrypter to decrypt the instance only if the processor determines that the time specified by the time specifier is no later than the expiration time.
  - 35. The apparatus set forth in claim 33 wherein:
    - the period specifier specifies an earliest valid time; and
      
      the processor uses the first and second decryption information to enable the decrypter to decrypt the instance only if the processor determines that the time specified by the time specifier is at least as late as the earliest valid time.
  - 36. The apparatus set forth in claim 33 wherein:
    - the period specifier specifies the period by means of a first time and a second time; and
      
      the processor uses the first and second decryption information to enable the decrypter to decrypt the instance only if the time specified by the time specifier is within the period specified by the first time and the second time.
  - 37. The apparatus set forth in any of claims 33 through 36 wherein:
    - the apparatus has an address for receiving messages;
      
      the apparatus stores the period specifier and the authorization in the apparatus; and
      
      the apparatus does the storing only if the first message is addressed to the apparatus.
  - 38. The apparatus set forth in any of claims 33 through 36 whereinthe apparatus includes a secure memory,the first message is encrypted, andthe processor further decrypts the first message and stores the first message in the secure memory.
  - 39. The apparatus set forth in claim 38 wherein:
    - the first message further includes a digest value which is a result of a function applied to the values of the period specifier and the authorization;
      
      the digest value is encrypted in the first message differently from the remainder of the first message; and
      
      the processor further decrypts the digest value, uses the function to derive a new digest value from at least the decrypted period specifier and authorization, and stores the decrypted period specifier and authorization in the secure memory only if the digest value and the new digest value are the same.
  - 40. The apparatus set forth in claim 39 wherein:
    - the service provider encrypts at least the period specifier and the authorization using a public key belonging to the apparatus and encrypts the digest value using a private key belonging to the service provider.
  - 41. The apparatus set forth in any of claims 33 through 36 whereinthe service provider provides a plurality of the services,the authorization specifies a subset of the plurality of the services, andthe second decryption information includes a plurality of session keys for the plurality of services;
    - andthe processor employs a given one of the session keys corresponding to the service to which the instance belongs to enable the decrypter to decrypt the given instance and does not enable the decrypter unless the identification of the service from the second message indicates one of the services specified in the authorization.
  - 42. The apparatus set forth in any of claims 33 through 36 wherein:
    - the first decryption information is an integer value;
      
      the second decryption information is a session key; and
      
      the processor uses the integer value and the session key to generate an instance key for the given instance and enables the decrypter by providing the instance key to the decrypter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Scientific-Atlanta Incorporated (Cisco Systems, Inc.)
Inventors
Akins, Glendon L. III, Banker, Robert O.
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/767,535
Time in Patent Office

1,100 Days
Field of Search

380/20
US Class Current

380/239
CPC Class Codes

H04L 63/04   for providing a confidentia...

H04L 63/0442   wherein the sending and rec...

H04L 63/045   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04N 21/4524   involving the geographical ...

H04N 7/162   Authorising the user termin...

H04N 7/1675   Providing digital key or au...

Preventing replay attacks on digital information distributed by network service providers

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

180 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing replay attacks on digital information distributed by network service providers

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

180 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links