Encrypting method and apparatus enabling multiple access for multiple services and multiple transmission modes over a broadband communication network
First Claim
1. A method for encryption of a digital signal transmitted from a source to a destination, said method comprising the steps of:
- generating a multiplicity of periodic units from a clock;
representing each of said multiplicity of periodic units with an identifying pattern of bits corresponding thereto;
utilizing said identifying pattern of bits as an encrypting variable at said source; and
transmitting said identifying pattern of bits, accompanying said digital signal, to said destination.
6 Assignments
0 Petitions
Accused Products
Abstract
The specification relates to the encryption of data transmitted over a broadband multiple access bi-directional hybrid fiber/coax (HFC) network. The method supports downstream broadcast encryption from headend to cable modem, and also provides for encryption of transmissions from cable modems back to the headend. Although the present invention is described in relation to an HFC network, it is also equally applicable to a cellular wireless communications environment or any other digital broadcast medium. The invention is implemented in two subdivisions, a slow but secure software encrypting algorithm, and a fast but less secure hardware encrypting algorithm. The combination produces the security of the software subdivision, with the encrypting speed of the hardware subdivision. The encryption method and apparatus supports the various access and transmission modes, such as STM, ATM, and VL. The present invention utilizes a virtual random number generator at the individual cable modems to reduce cable modem hardware. The authentication and key generation process between headend and cable modem produces a mutually authenticated and mutually generated permanent key. The present invention features a cryptosync clock at the headend which is transmitted to individual cable modems as a broadcast clock, thus eliminating a need for a clock at each cable modem.
334 Citations
34 Claims
-
1. A method for encryption of a digital signal transmitted from a source to a destination, said method comprising the steps of:
-
generating a multiplicity of periodic units from a clock; representing each of said multiplicity of periodic units with an identifying pattern of bits corresponding thereto; utilizing said identifying pattern of bits as an encrypting variable at said source; and transmitting said identifying pattern of bits, accompanying said digital signal, to said destination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for encryption of a digital signal transmitted from a source and subsequent decryption at a destination, said method comprising the steps of:
-
dividing time into a multiplicity of periodic units; representing each of said multiplicity of periodic units with a unique bit pattern corresponding thereto; utilizing said unique bit pattern for encrypting said digital signal at said source; transmitting said unique bit pattern, accompanying said digital signal, to said destination; and utilizing said unique bit pattern for decrypting said digital signal at said destination. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method for encryption at a source, and decryption at a destination, of digital signal bi-directional transmission between a headend and a plurality of cable modems, said digital signal bi-directional transmission over a broadband hybrid fiber/coax communications network, said method comprising the steps of:
-
dividing time into a multiplicity of periodic units at said headend; representing each of said multiplicity of periodic units with an identifying bit pattern corresponding thereto; utilizing said identifying bit pattern as an encrypting variable at said headend; transmitting said identifying bit pattern to said plurality of cable modems; and utilizing said identifying bit pattern as a decrypting variable at said plurality of cable modems. - View Dependent Claims (27, 28, 29)
-
-
30. A bi-directional broadband communications and data transfer encryption system having a plurality of cable modems, said plurality of cable modems interconnected with a headend via a transmission medium having a multiple access upstream channel and a broadcast downstream channel, comprising:
-
a cryptosync clock at said headend, said cryptosync clock dividing time into a multiplicity of periodic units; a CV refresh unit, said CV refresh unit obtaining one input from said cryptosync clock and a second input from a connection key, said CV refresh unit encrypting said cryptosyne clock with said connection key, said CV refresh unit producing a cryptovariable output; a load subframe counter, said load subframe counter obtaining one input from said cryptosync clock, a second input of a subframe identifying number, and a third input of a subframe start indicator; a cryptosync pseudorandom feedback shift register (PFSR), said load subframe counter input to said PFSR, said PFSR providing initial prespreading of high speed engine cryptosync; a high speed engine (HSE), said HSE producing an keystream generator output, said HSE having a HSE cryptosync as a first input and said cryptovariable as a second input;
said second input utilized as an encryption key for said first input;an XOR gate, said XOR gate performing a bit by bit "exclusive or" operation between said keystream generator output and a plaintext bytestream, said XOR gate producing a ciphertext bytestream output for transmission to said cable modem; and a broadcast clock, said broadcast clock consisting of the transmission of said headend cryptoclock to said plurality of cable modems, said broadcast clock utilized for decryption of said ciphertext bytestream at said plurality of cable modems. - View Dependent Claims (31, 32, 33, 34)
-
Specification