Cryptographic method and apparatus for restricting access to transmitted programming content using program identifiers
First Claim
1. A method of transmitting a program having restricted access to an end-user, said method comprising the steps of:
- assigning a program identifier to said program, said program identifier uniquely identifying said program for a duration of said program;
defining a plurality of master keys;
providing entitlement information to said end-user derived from said master keys;
encrypting said program using a program key, said program key being a linear combination of said master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key; and
transmitting said encrypted program together with said program identifier to said end-user, whereby said end-user can derive said program key from only said program identifier and said entitlement information.
8 Assignments
0 Petitions
Accused Products
Abstract
A system for restricting access to transmitted programming content is disclosed, which transmits a program identifier with the encrypted programming content. A set-top terminal or similar mechanism restricts access to the transmitted multimedia information using stored decryption keys. The set-top terminal preferably receives entitlement information periodically from the head-end, corresponding to one or more packages of programs that the customer is entitled to for a given period. Each program is preferably encrypted by the head-end server prior to transmission, using a program key, Kp, which may be unique to the program. The set-top terminal uses the received program identifier, p, together with the stored entitlement information, to derive the decryption key necessary to decrypt the program. Each of the k-bit program keys, Kp, used to encrypt transmitted programs is a linear combination of a defined set of k-bit master keys, m1 . . . m1. The head-end server preferably generates a new set of master keys for the matrix, M, once per billing period. Since each program key, Kp, is a linear combination of the set of master keys, M, a customer desiring r programs, obtains access to the smallest linear subspace of programs, U, that contains those r programs. In addition, a package consists of (2i−1) program identifiers for some i less than or equal to n, which need not all be assigned to programs. An optional check matrix, C, allows the set-top terminal to determine, in advance, whether a received program is in the entitled subspace, U.
-
Citations
52 Claims
-
1. A method of transmitting a program having restricted access to an end-user, said method comprising the steps of:
-
assigning a program identifier to said program, said program identifier uniquely identifying said program for a duration of said program;
defining a plurality of master keys;
providing entitlement information to said end-user derived from said master keys;
encrypting said program using a program key, said program key being a linear combination of said master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key; and
transmitting said encrypted program together with said program identifier to said end-user, whereby said end-user can derive said program key from only said program identifier and said entitlement information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of transmitting a program to a plurality of end-users, said method comprising the steps of:
-
providing entitlement information to said end-user derived from a set of master keys;
encrypting said program using a program key, said program having a program identifier that uniquely identifies said program for a duration of said program, said program key being a linear combination of a plurality of master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key; and
transmitting said encrypted program together with said program identifier to said end-user, said program being a portion of a linear subspace of programs obtained by said end-user, whereby said end-user can derive said program key from only said program identifier and said entitlement information. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method of transmitting a program associated with at least one package of programs to a plurality of end-users, said method comprising the steps of:
-
providing entitlement information to said end-users based on the set of programs obtained by said end-user;
encrypting said program using a program key, said program having a program identifier that uniquely identifies said program for a duration of said program, said program key being a linear combination of a plurality of master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key; and
transmitting said program identifier with said encrypted program to said end-users, whereby said end-users can derive said program key from only said program identifier and said stored entitlement information if said end-user is entitled to said program. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A method for decoding an encrypted program, said method comprising the steps of:
-
receiving entitlement information from a provider of said program, said entitlement information based on a set of programs obtained by said customer;
receiving said encrypted program together with a program identifier that uniquely identifies said program for a duration of said program, said encrypted program encrypted with a program key, said program key being a linear combination of master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key;
deriving said program key from only said program identifier and said stored entitlement information; and
decrypting said encrypted program using said program key. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method for receiving an encrypted program having restricted access, said method comprising the steps of:
-
receiving entitlement information derived from a set of master keys;
receiving said program together with a program identifier that uniquely identifies said program for a duration of said program, said program encrypted using a program key, said program key being a linear combination of a plurality of master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key;
deriving said program key from only said program identifier and said stored entitlement information, said entitlement information being derived from said master keys based on a linear subspace of programs obtained by said customer; and
decrypting said encrypted program using said program key. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. An article of manufacture for transmitting a program having restricted access to an end-user, comprising:
-
a computer readable medium having computer readable program code means embodied thereon, said computer readable program code means comprising;
a step to assign a program identifier to said program that uniquely identifies said program for a duration of said program;
a step to define a plurality of master keys;
a step to provide entitlement information to said end-user derived from said master keys;
a step to encrypt said program using a program key, said program key being a linear combination of said master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key; and
a step to transmit said encrypted program together with said program identifier to said end-user, whereby said end-user can derive said program key from only said program identifier and said entitlement information.
-
-
52. An article of manufacture for decoding an encrypted program, comprising:
-
a computer readable medium having computer readable program code means embodied thereon, said computer readable program code means comprising;
a step to receive entitlement information from a provider of said program, said entitlement information based on a set of programs obtained by said customer;
a step to receive said program together with a program identifier that uniquely identifies said program for a duration of said program, said program encrypted using a program key, said program key being a linear combination of a plurality of master keys and said program identifier determining which keys in said plurality of master keys are utilized to generate said program key;
a step to derive said program key from only said program identifier and stored entitlement information, said entitlement information being derived from said master keys based on a linear subspace of programs obtained by said customer; and
a step to decrypt said encrypted program using said program key.
-
Specification