Conditional access system using messages with multiple encryption keys

US 6,091,818 A
Filed: 07/28/1997
Issued: 07/18/2000
Est. Priority Date: 07/29/1996
Status: Expired due to Term

First Claim

Patent Images

1. A message for delivering access conditions to a service scrambled using a control word, said message containing:

n items, each comprising said control word encrypted using n different encryption keys K1, K2, . . . , Kj, . . . , Kn,wherein n is an integer greater than 1.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a conditional access system making it possible for a service provider to supply his services solely to users having acquired entitlements to these services.

The services supplied by a service provider consist of an item scrambled by control words. To keep these control words secret, they are supplied in messages (MEC) after having been encrypted with an encryption algorithm with key K.

According to the invention, one and the same message (MEC) contains the same control word (Cwi) encrypted several times, each encryption (E(Cwi)Kj) of the control word depending on a different encryption key (Kj).

The invention applies to any type of conditional access system, be this system either of "off-line" or "on-line" type.

19 Citations

View as Search Results

35 Claims

1. A message for delivering access conditions to a service scrambled using a control word, said message containing:
- n items, each comprising said control word encrypted using n different encryption keys K1, K2, . . . , Kj, . . . , Kn,wherein n is an integer greater than 1.
- View Dependent Claims (2, 3, 4)
- - 2. The message according to claim 1, further comprising n additional items, each comprising a key index associated with one of said n encryption keys.
  - 3. The message according to claim 1, further comprising a second item for validating and verifying the content of said message, the content of said second item being controlled by a validation key Q, wherein said validation key Q is different from all said encryption keys K1, K2, . . . , Kj, . . . , Kn.
  - 4. The message according to claim 1, wherein said encryption keys Kj (j=1, 2, . . . , n) have a size increasing with rank j of the key Kj.

5. A message for delivering access conditions to services delivered by p different service providers scrambled using a control word, said message containing:
- p first items, each for identifying one of said p service providers; and
  
  , for each of said p service providers of rank k (k=1, 2, . . . , p);
  
  v_k (v_k =n, m, . . . , v, . . . , w) second items, each comprising said control word encrypted using different encryption keys Kk1, Kk2, . . . , Kkj, . . . , Kkv_k ;
  
  wherein p and v_k are integers greater than 1.
- View Dependent Claims (6, 7, 8, 9, 10)
- - 6. The message according to claim 5, further comprising, for each of said p service providers of rank k (k=1, 2, . . . , p):
    - v_k (v_k =n, m, . . . , v, . . . , w) key index fields I(Kk1), I(Kk2), . . . , I(Kkj), . . . , I(Kkv), wherein each key index is associated with one of said encryption keys.
  - 7. The message according to claim 5, wherein said integer v_k is different from one service provider to another or from one group of service providers to another.
  - 8. The message according to claim 5, further comprising p additional items, each being associated with one of said service providers for validating and verifying access conditions to the service as well as the content of the message relating to the service provider with which each said p additional item is associated, the content of each of said p additional items being controlled by a validation key Q1, Q2, . . . , Qp which is individual thereto.
  - 9. The message according to claim 8, wherein said validation keys Q1, Q2, . . . , Qp are different from all said encryption keys.
  - 10. The message according to claim 5, wherein successive encryption keys of at least one service provider have a size increasing with the rank of the key.

11. A method for descrambling a service scrambled using a control word, said method comprising the step of:
- supplying a message containing access conditions associated with a user and n-items, each comprising said control word encrypted using n different encryption keys K1, K2, . . . , Kj, . . . , Kn,wherein n is an integer greater than 1.
- View Dependent Claims (12)
- - 12. The method according to claim 11, wherein the step of supplying said message is performed with the aid of a second item for validating and verifying the content of said message, the content of said second item being controlled by a validation key Q, said validation key Q being different from all said encryption keys K1, K2, . . . , Kj, . . . , Kn.

13. A method for descrambling services, delivered by p different service providers, scrambled using a control word, said method comprising the step of:
- supplying a message containing access conditions associated with a user together with p first items, each for identifying one of said p service providers;
  
  said message further comprising, for each service provider of rank k (k=1, 2, . . . , p);
  
  v_k (v_k =n, m, . . . , v, . . . , w) second items, each comprising said control word encrypted using different encryption keys Kk1, Kk2, . . . , Kkj, . . . , Kkv;
  
  wherein p and v_k are integers greater than 1.
- View Dependent Claims (14, 15, 16)
- - 14. The method according to claim 13, wherein the step of supplying said message further comprises, for each of said p service providers of rank k (k=1, 2, . . . , p):
    - distributing v_k (v_k =n, m, . . . , v, . . . , w) key index fields I(Kk1), I(Kk2), . . . , I(Kkv) (k=1, 2, . . . , p), each key index being associated with one of said encryption keys.
  - 15. The method according to claim 14, wherein the step of supplying said message further comprises:
    - distributing p additional items HASH_Q1, . . . , HASH_Qk, . . . , HASH_Qp, each of said additional items being associated with one of said service providers for validating and verifying access conditions to the service as well as the content of the message relating to the service provider with which said item is associated, the content of each of said p additional items being controlled by a validation key Q1, Q2, . . . , Qp which is individual thereto.
  - 16. The method according to claim 15, wherein said validation keys Q1, Q2, . . . , Qp are different from all said encryption keys.

17. A smart card for providing a control word for descrambling a received scrambled service comprising:
- means for receiving a first message, said first message containing data corresponding to access conditions associated with a user and n items each comprising said control word encrypted using n different encryption keys K1, K2, . . . , Kj, . . . , Kn, wherein n is an integer greater than 1; and
  
  means for validating said first message using a validation key Q;
  
  wherein said validation key Q is different from all said encryption keys.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The smart card according to claim 17, further comprising:
    - means for receiving a second message, said second message containing data corresponding to entitlements associated with said user;
      
      means for validating said second message using a control key KC;
      
      wherein said control key KC is different from said validation key Q for validating said first message.
  - 19. The smart card according to claim 18, wherein said control key is different from all said encryption keys.
  - 20. The smart card according to claim 17, further comprising:
    - deciphering means for decrypting said encrypted control word, wherein said deciphering means includes at least one of said encryption keys.
  - 21. The smart card according to claim 20, wherein said deciphering means further includes:
    - means for recognizing in said first message an item containing said control word encrypted using an encryption key contained in said deciphering means.
  - 22. The smart card according to claim 17, wherein said validation means comprises means for recognizing in said message an item, associated with said service provider delivering said scrambled service, for validating and verifying access conditions to said service as well as the content of said message, the content of said item being controlled by said validation key Qk.
  - 23. The smart card according to claim 22, wherein said means comprises a validation key index I(Qk).

24. A conditional access system for selectively supplying services to a user comprising:
- means for providing a service scrambled using a control word, entitlement data associated with said user'"'"'s entitlements and access conditions data associated with access conditions, said access conditions data containing n items each comprising said control word encrypted using n different encryption keys K1, K2, . . . , Kj, . . . , Kn, wherein n is an integer greater than 1;
  
  a decoder for descrambling said scrambled service;
  
  a smart card for receiving said entitlement data and said access condition data and for providing said control word to said decoder, wherein said smart card comprises deciphering means for decrypting said encrypted control word, said deciphering means containing at least one of said encryption keys.
- View Dependent Claims (25, 26)
- - 25. The conditional access system according to claim 24, wherein said system is an "on-line" type.
  - 26. The conditional access system according to claim 24, wherein said system is an "off-line" type.

27. A conditional access system for selectively supplying services delivered by p different service providers to a user comprising:
- means for providing a service scrambled using a control word, entitlement data associated with said user'"'"'s entitlements and access condition data associated with access conditions;
  
  a decoder for descrambling said scrambled service;
  
  a smart card for receiving said entitlement data and said access condition data and for providing said control word to said decoder,wherein said access conditions data are conveyed to said smart card in a message containing p first items, each for identifying one of said p service providers; and
  
  , for each of said p service providers of rank k (k=1, 2, . . . , p);
  
  v_k (v_k =n, m, . . . , v, . . . , w) second items, each comprising said control word encrypted using different encryption keys Kk1, Kk2, . . . , Kkj, . . . , Kkv_k ;
  
  wherein p and v_k are integers greater than 1; and
  
  wherein said smart card includes;
  
  means for receiving a first message, said first message containing data corresponding to access conditions associated with a user and n items each comprising said control word encrypted using n different encryption keys K1, K2, . . . , Kj, . . . , Kn, wherein n is an integer greater than 1; and
  
  means for validating said first message using a validation key Q;
  
  wherein said validation key Q is different from all said encryption keys.
- View Dependent Claims (28, 29)
- - 28. The conditional access system according to claim 27, wherein said system is an "on-line" type.
  - 29. The conditional access system according to claim 27, wherein said system is an "off-line" type.

30. An off-line information medium containing:
- data scrambled using a string of N control words Cw1, . . . , Cwi, . . . CwN, N being an integer greater than 1; and
  
  for each of said N control words Cwi;
  
  a string of additional data comprising said control word encrypted using different encryption keys K11, . . . , K1n, K21, . . . , K2m, Kk1, . . . , Kkv, Kp1, . . . Kpw.
- View Dependent Claims (31, 32, 33, 34)
- - 31. The off-line information medium according to claim 30, further comprising:
    - access conditions to said scrambled data;
      
      a second item for validating and verifying said access conditions;
      
      wherein said second item is controlled by a validation key different from all said encryption keys.
  - 32. The off-line information medium according to claim 30, further comprising:
    - access conditions to said scrambled data;
      
      p first additional items, each for identifying one among p service providers;
      
      p second additional items, each being associated with one of said service providers for validating and verifying said access conditions as well as information specific to said service provider corresponding to it;
      
      wherein the string of additional items comprising said control word encrypted using different encryption keys is broken down into p data sub-sets, each of said p data sub-sets being associated with a different service provider.
  - 33. The off-line information medium according to claim 32, wherein said second additional items are controlled by validation keys which are different from all said encryption keys.
  - 34. The off-line information medium according to claim 32, further comprising, for each item of said string of additional items comprising said control word encrypted using different encryption keys, an encryption index for recognizing the encrypted control word.

35. A smart card for providing a control word for descrambling a received scrambled service delivered by one among p different service providers comprising:
- means for receiving a message, said message containing data corresponding to access conditions associated with a user and containing;
  
  p first items, each for identifying one of said p service providers; and
  
  , for each of said p service providers of rank k (k=1, 2, . . . , p);
  
  v_k (v_k =n, m, . . . , v, . . . , w) second items, each comprising said control word encrypted using different encryption keys Kk1, Kk2, . . . , Kkj, . . . , Kkv_k wherein p and v_k are integers greater than 1;
  
  means for validating said message using a validation key Qk which is associated with said service provider delivering the scrambled service, wherein said validation key Qk is different from all said encryption keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thomson Multimedia Incorporated (Vantiva SA)
Original Assignee
Thomson Multimedia Incorporated (Vantiva SA)
Inventors
Fischer, Jean-Bernard, Campinos, Arnaldo
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
JACK, TODD M

Application Number

US08/901,842
Time in Patent Office

1,086 Days
Field of Search

380/25, 380/23, 380/4, 395/186, 340/182, 340/5.31
US Class Current

713/155
CPC Class Codes

H04N 21/26606   for generating or managing ...

H04N 21/4181   for conditional access

H04N 21/4623   Processing of entitlement m...

H04N 7/163   by receiver means only

H04N 7/1675   Providing digital key or au...

Conditional access system using messages with multiple encryption keys

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Conditional access system using messages with multiple encryption keys

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links