Cryptographic method and apparatus for restricting access to transmitted programming content using program identifiers

US 6,373,948 B1
Filed: 08/15/1997
Issued: 04/16/2002
Est. Priority Date: 08/15/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method of transmitting a program having restricted access to an end-user, said method comprising the steps of:

assigning a program identifier to said program, said program identifier uniquely identifying said program for a duration of said program;

defining a plurality of master keys;

providing entitlement information to said end-user derived from said master keys;

encrypting said program using a program key, said program key being a linear combination of said master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key; and

transmitting said encrypted program together with said program identifier to said end-user, whereby said end-user can derive said program key from only said program identifier and said entitlement information.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for restricting access to transmitted programming content is disclosed, which transmits a program identifier with the encrypted programming content. A set-top terminal or similar mechanism restricts access to the transmitted multimedia information using stored decryption keys. The set-top terminal preferably receives entitlement information periodically from the head-end, corresponding to one or more packages of programs that the customer is entitled to for a given period. Each program is preferably encrypted by the head-end server prior to transmission, using a program key, K_p, which may be unique to the program. The set-top terminal uses the received program identifier, p, together with the stored entitlement information, to derive the decryption key necessary to decrypt the program. Each of the k-bit program keys, K_p, used to encrypt transmitted programs is a linear combination of a defined set of k-bit master keys, m₁. . . m₁. The head-end server preferably generates a new set of master keys for the matrix, M, once per billing period. Since each program key, K_p, is a linear combination of the set of master keys, M, a customer desiring r programs, obtains access to the smallest linear subspace of programs, U, that contains those r programs. In addition, a package consists of (2ⁱ−1) program identifiers for some i less than or equal to n, which need not all be assigned to programs. An optional check matrix, C, allows the set-top terminal to determine, in advance, whether a received program is in the entitled subspace, U.

Citations

52 Claims

1. A method of transmitting a program having restricted access to an end-user, said method comprising the steps of:
- assigning a program identifier to said program, said program identifier uniquely identifying said program for a duration of said program;
  
  defining a plurality of master keys;
  
  providing entitlement information to said end-user derived from said master keys;
  
  encrypting said program using a program key, said program key being a linear combination of said master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key; and
  
  transmitting said encrypted program together with said program identifier to said end-user, whereby said end-user can derive said program key from only said program identifier and said entitlement information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, wherein said program is a portion of a linear subspace of programs obtained by said end-user.
  - 3. The method according to claim 1, wherein said programs are organized in a manner that allows programs with related content to fit into a low dimensional linear subspace.
  - 4. The method according to claim 1, further comprising the step of providing entitlement information to said end-user derived from said master keys based on the set of programs obtained by said end-user.
  - 5. The method according to claim 4, wherein said entitlement information includes a set of keys derived from said master keys based on the set of programs obtained by said end-user.
  - 6. The method according to claim 4, wherein said entitlement information includes a basis matrix representing a linear subspace of programs obtained by said end-user.
  - 7. The method according to claim 4, wherein said end-user uses said received program identifier to derive said program key from said stored entitlement information.
  - 8. The method according to claim 1, wherein said plurality of master keys are linearly independent.
  - 9. The method according to claim 1, wherein said program key for said program is obtained by multiplying said plurality of master keys by said program identifier.
  - 10. The method according to claim 1, wherein said program identifier is interleaved with the transmission of said encrypted program.
  - 11. The method according to claim 1, wherein said program identifier is transmitted on a control channel.
  - 12. The method according to claim 1, further comprising the step of providing a check matrix to said end-user that permits said end-user to determine whether said end-user is entitled to said program.

13. A method of transmitting a program to a plurality of end-users, said method comprising the steps of:
- providing entitlement information to said end-user derived from a set of master keys;
  
  encrypting said program using a program key, said program having a program identifier that uniquely identifies said program for a duration of said program, said program key being a linear combination of a plurality of master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key; and
  
  transmitting said encrypted program together with said program identifier to said end-user, said program being a portion of a linear subspace of programs obtained by said end-user, whereby said end-user can derive said program key from only said program identifier and said entitlement information.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The method according to claim 13, wherein said programs are organized in a manner that allows programs with related content to fit into a low dimensional linear subspace.
  - 15. The method according to claim 13, further comprising the step of providing entitlement information to said end-user derived from said master keys based on the set of programs obtained by said end-user.
  - 16. The method according to claim 15, wherein said entitlement information includes a set of keys derived from said master keys based on the set of programs obtained by said end-user.
  - 17. The method according to claim 15, wherein said entitlement information includes a basis matrix representing a linear subspace of programs obtained by said end-user.
  - 18. The method according to claim 15, wherein said end-user uses said received program identifier to derive said program key from said stored entitlement information.
  - 19. The method according to claim 13, wherein said plurality of master keys are linearly independent.
  - 20. The method according to claim 13, wherein said program key for said program is obtained by multiplying said plurality of master keys by said program identifier.
  - 21. The method according to claim 13, further comprising the step of providing a check matrix to said end-user that permits said end-user to determine whether said end-user is entitled to said program.

22. A method of transmitting a program associated with at least one package of programs to a plurality of end-users, said method comprising the steps of:
- providing entitlement information to said end-users based on the set of programs obtained by said end-user;
  
  encrypting said program using a program key, said program having a program identifier that uniquely identifies said program for a duration of said program, said program key being a linear combination of a plurality of master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key; and
  
  transmitting said program identifier with said encrypted program to said end-users, whereby said end-users can derive said program key from only said program identifier and said stored entitlement information if said end-user is entitled to said program.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 23. The method according to claim 22, wherein said program is a portion of a linear subspace of programs obtained by said end-user.
  - 24. The method according to claim 22, wherein said programs are organized in a manner that allows programs with related content to fit into a low dimensional linear subspace.
  - 25. The method according to claim 22, further comprising the step of providing entitlement information to said end-user derived from said master keys based on the set of programs obtained by said end-user.
  - 26. The method according to claim 25, wherein said entitlement information includes a set of keys derived from said master keys based on the set of programs obtained by said end-user.
  - 27. The method according to claim 25, wherein said entitlement information includes a basis matrix representing a linear subspace of programs obtained by said end-user.
  - 28. The method according to claim 25, wherein said end-user uses said received program identifier to derive said program key from said stored entitlement information.
  - 29. The method according to claim 22, wherein said plurality of master keys are linearly independent.
  - 30. The method according to claim 22, wherein said program key for said program is obtained by multiplying said plurality of master keys by said program identifier.
  - 31. The method according to claim 22, further comprising the step of providing a check matrix to said end-user that permits said end-user to determine whether said end-user is entitled to said program.

32. A method for decoding an encrypted program, said method comprising the steps of:
- receiving entitlement information from a provider of said program, said entitlement information based on a set of programs obtained by said customer;
  
  receiving said encrypted program together with a program identifier that uniquely identifies said program for a duration of said program, said encrypted program encrypted with a program key, said program key being a linear combination of master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key;
  
  deriving said program key from only said program identifier and said stored entitlement information; and
  
  decrypting said encrypted program using said program key.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 33. The method according to claim 32, wherein said program is a portion of a linear subspace of programs obtained by an end-user.
  - 34. The method according to claim 32, wherein said entitlement information includes a set of keys derived from said master keys based on the set of programs obtained by an end-user.
  - 35. The method according to claim 32, wherein said entitlement information includes a basis matrix representing a linear subspace of programs obtained by an end-user.
  - 36. The method according to claim 32, wherein said plurality of master keys are linearly independent.
  - 37. The method according to claim 32, wherein said program identifier is interleaved with the transmission of said encrypted program.
  - 38. The method according to claim 32, wherein said program identifier is transmitted on a control channel.
  - 39. The method according to claim 32, further comprising the step of receiving a check matrix that permits an end-user to determine whether said end-user is entitled to said program.
  - 40. The method according to claim 32, wherein said program identifier is evaluated upon a request to view said program.
  - 41. The method according to claim 32, wherein said program identifier is evaluated in advance of a request to view said program.

42. A method for receiving an encrypted program having restricted access, said method comprising the steps of:
- receiving entitlement information derived from a set of master keys;
  
  receiving said program together with a program identifier that uniquely identifies said program for a duration of said program, said program encrypted using a program key, said program key being a linear combination of a plurality of master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key;
  
  deriving said program key from only said program identifier and said stored entitlement information, said entitlement information being derived from said master keys based on a linear subspace of programs obtained by said customer; and
  
  decrypting said encrypted program using said program key.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50)
- - 43. The method according to claim 42, wherein said entitlement information includes a set of keys derived from said master keys based on the set of programs obtained by an end-user.
  - 44. The method according to claim 42, wherein said entitlement information includes a basis matrix representing a linear subspace of programs obtained by an end-user.
  - 45. The method according to claim 42, wherein said plurality of master keys are linearly independent.
  - 46. The method according to claim 42, wherein said program identifier is interleaved with the transmission of said encrypted program.
  - 47. The method according to claim 42, wherein said program identifier is transmitted on a control channel.
  - 48. The method according to claim 42, further comprising the step of receiving a check matrix that permits an end-user to determine whether said end-user is entitled to said program.
  - 49. The method according to claim 42, wherein said program identifier is evaluated upon a request to view said program.
  - 50. The method according to claim 42, wherein said program identifier is evaluated in advance of a request to view said program.

51. An article of manufacture for transmitting a program having restricted access to an end-user, comprising:
- a computer readable medium having computer readable program code means embodied thereon, said computer readable program code means comprising;
  
  a step to assign a program identifier to said program that uniquely identifies said program for a duration of said program;
  
  a step to define a plurality of master keys;
  
  a step to provide entitlement information to said end-user derived from said master keys;
  
  a step to encrypt said program using a program key, said program key being a linear combination of said master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key; and
  
  a step to transmit said encrypted program together with said program identifier to said end-user, whereby said end-user can derive said program key from only said program identifier and said entitlement information.

52. An article of manufacture for decoding an encrypted program, comprising:
- a computer readable medium having computer readable program code means embodied thereon, said computer readable program code means comprising;
  
  a step to receive entitlement information from a provider of said program, said entitlement information based on a set of programs obtained by said customer;
  
  a step to receive said program together with a program identifier that uniquely identifies said program for a duration of said program, said program encrypted using a program key, said program key being a linear combination of a plurality of master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key;
  
  a step to derive said program key from only said program identifier and stored entitlement information, said entitlement information being derived from said master keys based on a linear subspace of programs obtained by said customer; and
  
  a step to decrypt said encrypted program using said program key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Inventors
Wool, Avishai
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
MEISLAHN, DOUGLAS J

Application Number

US08/912,186
Time in Patent Office

1,705 Days
Field of Search

380/20, 380/239, 380/241
US Class Current

380/241
CPC Class Codes

H04H 60/23   using cryptography, e.g. en...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 9/088   Usage controlling of secret...

H04L 9/14   using a plurality of keys o...

H04N 21/2347   involving video stream encr...

H04N 21/2362   Generation or processing of...

H04N 21/26606   for generating or managing ...

H04N 21/4405   involving video stream decr...

H04N 21/4623   Processing of entitlement m...

H04N 7/163   by receiver means only

H04N 7/1675   Providing digital key or au...

Cryptographic method and apparatus for restricting access to transmitted programming content using program identifiers

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic method and apparatus for restricting access to transmitted programming content using program identifiers

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links