Encryption devices for use in a conditional access system
First Claim
1. A secure element for use in a receiver that receives a plurality of messages addressed to the receiver, the plurality of messages including messages having an encrypted content and being sent on behalf of an entity that determines whether the receiver has access to instances of services received in the receiver, the secure element comprising:
- writable non-volatile memory wherein is stored a plurality of keys including a public key-private key pair for the receiver and a public key for the entity, wherein the writable non-volatile memory includes all public keys stored in the receiver; and
a processing apparatus coupled to the non-volatile memory, the processing apparatus including apparatus for decrypting and authenticating the messages, wherein the decrypting apparatus uses the private key for the receiver to decrypt the message content of at least one message of the plurality of messages, and the authenticating apparatus uses the public key for the entity to determine whether the message content is authentic, the processing apparatus not responding to the message content unless the at least one message is authentic.
4 Assignments
0 Petitions
Accused Products
Abstract
A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances”, or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.
403 Citations
55 Claims
-
1. A secure element for use in a receiver that receives a plurality of messages addressed to the receiver, the plurality of messages including messages having an encrypted content and being sent on behalf of an entity that determines whether the receiver has access to instances of services received in the receiver, the secure element comprising:
-
writable non-volatile memory wherein is stored a plurality of keys including a public key-private key pair for the receiver and a public key for the entity, wherein the writable non-volatile memory includes all public keys stored in the receiver; and
a processing apparatus coupled to the non-volatile memory, the processing apparatus including apparatus for decrypting and authenticating the messages, wherein the decrypting apparatus uses the private key for the receiver to decrypt the message content of at least one message of the plurality of messages, and the authenticating apparatus uses the public key for the entity to determine whether the message content is authentic, the processing apparatus not responding to the message content unless the at least one message is authentic.
-
-
2. A secure element for use in a receiver that receives a plurality of messages addressed to the receiver, the plurality of messages including messages having an encrypted content and being sent on behalf of an entity that determines whether the receiver has access to instances of services received in the receiver, the secure element comprising:
-
non-volatile memory wherein is stored a public key-private key pair for the receiver and a public key for the entity; and
a processing apparatus coupled to the non-volatile memory, the processing apparatus including apparatus for decrypting and authenticating the messages, wherein the decrypting apparatus uses the private key for the receiver to decrypt the message content of at least one message of the plurality of messages, and the authenticating apparatus uses the public key for the entity to determine whether the message content is authentic, the processing apparatus not responding to the message content unless the at least one message is authentic, wherein;
the entity is a conditional access authority that authorizes an entitlement agent to grant an entitlement to the receiver to access at least one of the instances;
the at least one message is a first message of the plurality of messages whose content includes a specifier for the entitlement agent which is being authorized; and
when first the message is authentic, the processing apparatus responds to the message by storing the specifier in the non-volatile memory. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9)
the at least one message includes a second message of the plurality of messages whose content includes a public key for the entitlement agent; and
when the second message is authentic, the processing apparatus responds to the second message by storing the public key for the entitlement agent in the non-volatile memory.
-
-
4. The secure element of claim 2, wherein:
-
the at least one message includes a second message having content that includes limitations on the number and/or kinds of entitlements granted by the entitlement agent; and
when the second message is authentic, the processing apparatus responds to the second message by storing the limitations in the non-volatile memory.
-
-
5. The secure element of claim 2, wherein:
-
the non-volatile memory is divided into cells;
the at least one message includes a second message whose content specifies a number of cells; and
when the second message is authentic, the processing apparatus responds thereto by allocating the specific number of cells to the entitlement agent.
-
-
6. The secure element of claim 5, wherein:
-
the content of the second message further specifies names for the cells specified therein; and
when the second message is authentic, the processing apparatus responds thereto by allocating the specified number of cells to the entitlement agent by name.
-
-
7. The secure element of claim 5, wherein:
when the content of the second message is authentic and specifies no cells, the processing apparatus responds thereto by deallocating all cells belonging to the entitlement agent and removing the entitlement agent'"'"'s specifier from the non-volatile memory.
-
8. The secure element of claim 2, wherein:
-
the at least one message includes a second message whose content specifies removal of the entitlement agent from the secure element; and
when the content of the second message is authentic, the processing apparatus responds thereto by removing the entitlement agent'"'"'s specifier from the non-volatile memory.
-
-
9. The secure element of claim 3, wherein:
the entity includes an entitlement agent; and
the at least one message includes a third message that specifies the entitlement agent and whose content controls access to services received in the receiver on behalf of the entitlement agent.
-
10. A secure element for use in a receiver that receives a plurality of messages addressed to the receiver, the plurality of messages including messages having an encrypted content and being sent on behalf of an entity that determines whether the receiver has access to instances of services received in the receiver, the secure element comprising:
-
non-volatile memory wherein is stored a public key-private key pair for the receiver and a public key for the entity; and
a processing apparatus coupled to the non-volatile memory, the processing apparatus including apparatus for decrypting and authenticating the messages, wherein the decrypting apparatus uses the private key for the receiver to decrypt the message content of at least one message of the plurality of messages, and the authenticating apparatus uses the public key for the entity to determine whether the message content is authentic, the processing apparatus not responding to the message content unless the at least one message is authentic, wherein;
the entity is an entitlement agent that grants an entitlement to the receiver to access at least one of the instances; and
the at least one message is a first message of the plurality of messages that specifies the entitlement agent and whose content controls access to services received in the receiver on behalf of the entitlement agent. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
the instance of the service is encrypted;
the content of the first message further includes a long-term key used in decrypting the instance of the service; and
when the first message is authentic, the processing responds to the message by storing the long-term key in association with the entitlement agent.
-
-
12. The secure element of claim 11, wherein:
-
the plurality of messages includes a global broadcast message that is sent on behalf of the entitlement agent but not addressed to any particular receiver;
the global broadcast message includes a global broadcast message content and a digest made from the global broadcast message content and the long-term key; and
the apparatus for decrypting and authenticating authenticates the global broadcast message by making a new digest from the global broadcast message content and the long-term key stored in the secure element and comparing the new digest with the digest.
-
-
13. The secure element of claim 11, wherein:
-
the plurality of messages includes a second global broadcast message together with the encrypted instance of the service, the second global broadcast message including an entitlement agent specifier for the entitlement agent and an encrypted short-term key derivation value from which a short-term key for decrypting the encrypted instance may be derived;
the receiver provides the entitlement agent specifier agent and the short-term key derivation value to the secure element; and
the processing apparatus responds thereto by using the entitlement agent specifier to locate the long-term key associated with the entitlement agent and using the long-term key with the apparatus for decrypting and authenticating to decrypt the short-term key derivation value, deriving the short-term key therefrom, and providing the short-term key to the receiver.
-
-
14. The secure element of claim 13, wherein:
-
the second global broadcast message further includes an authentication value for authenticating the second global broadcast message; and
the receiver further provides the authentication value to the secure element; and
the processing apparatus responds thereto by using the authentication value with the apparatus for decrypting and authenticating to authenticate the second global broadcast message.
-
-
15. The secure element of claim 13, wherein:
-
the authentication value is a digest made from the contents and the long-term key; and
the apparatus for decrypting and authenticating authenticates the second global broadcast message by marking a new digest from the contents and the long-term key stored in the secure element and comparing the new digest with the digest.
-
-
16. The secure element of claim 10, wherein:
-
the first message further contains an entitlement identifier that identifies an entitlement to an instance of a service provided by the entitlement agent; and
when the first message is authentic, the processing apparatus responds to the message by storing the entitlement identifier in the memory in association with the entitlement agent.
-
-
17. The secure element of claim 16, wherein:
-
the first message further contains entitlement information that further describes the entitlement; and
when the first message is authentic, the processing apparatus responds to the message by storing the entitlement information in the memory in association with the entitlement agent.
-
-
18. The secure element of claim 17, wherein:
-
the entitlement information further contains information indicating that the entitlement is to be deleted; and
when the first message is authentic, the processing apparatus responds to the message by deleting the entitlement information from the memory.
-
-
19. The secure element of claim 17, wherein:
-
the plurality of messages includes a global broadcast message together with the instance of the service, the global broadcast message including an entitlement agent specifier for the entitlement agent and an entitlement identifier;
the receiver provides the entitlement agent specifier agent and entitlement identifier to the secure element; and
the processing apparatus responds thereto by using the entitlement agent specifier to locate the entitlement identifier in the memory, the processing apparatus enabling access to the instance only if there is an entitlement identifier associated with the entitlement agent specifier that matches the entitlement identifier in the global broadcast message.
-
-
20. The secure element of claim 17, wherein:
-
the instance is encrypted with a short-term key;
the memory contains a long-term key that is associated with the entitlement agent and with a long-term key identifier;
the global broadcast message further includes a key identifier and an encrypted short-term key derivation value;
the receiver further provides they key identifier and the short-term key derivation value to the secure element; and
the processing apparatus further responds thereto by using the entitlement agent specifier and the long-term key identifier to locate the long-term key, using the long-term key and the short-term key derivation value with the apparatus for decrypting and authenticating to obtain the short-term key, the processing apparatus providing the key to the receiver only if the entitlement identifier in the global broadcast message matches the entitlement identifier associated with the entitlement agent in the memory.
-
-
21. A secure element for use in a receiver that receives a plurality of messages addressed to the receiver, the plurality of messages including messages having an encrypted content and being sent on behalf of an entity that determines whether the receiver has access to instances of services received in the receiver, the secure element comprising:
-
non-volatile memory wherein is stored a public key-private key pair for the receiver and a public key for the entity; and
a processing apparatus coupled to the non-volatile memory, the processing apparatus including apparatus for decrypting and authenticating the messages, wherein the decrypting apparatus uses the private key for the receiver to decrypt the message content of at least one message of the plurality of messages, and the authenticating apparatus uses the public key for the entity to determine whether the message content is authentic, the processing apparatus not responding to the message content unless the at least one message is authentic, wherein;
the at least one message includes a digest of the unencrypted message content, wherein the digest has been encrypted with the private key corresponding to the public key for the entity;
the apparatus for decrypting and authenticating includes digest making apparatus; and
the apparatus for decrypting and authenticating determines whether the at least one message is authentic by decrypting the digest in the at least one message and making a new digest from the decrypted message content, the message content being authentic only if the digest and the new digest are the same.
-
-
22. A secure element for use in a receiver that receives at least one global broadcast message sent on behalf of an entitlement agent, the at least one global broadcast message including authentication information produced using a secret shared between the entitlement agent and the receiver, the secure element comprising:
non-volatile memory wherein is stored the shared secret; and
a processing apparatus coupled to the non-volatile memory, the processing apparatus including authentication apparatus for authenticating the at least one global broadcast message, wherein the processing apparatus receives the authentication information, uses the authentication apparatus and the authentication information and the shared secret to authenticate the at least one global broadcast message, and provides an indication of validity of the at least one global broadcast message to the receiver only if the at least one global broadcast message is authentic.
-
23. A secure element for use in a receiver that receives at least one global broadcast message sent on behalf of an entitlement agent, the at least one global broadcast message including authentication information produced using a secret shared between the entitlement agent and the receiver, the secure element comprising:
-
non-volatile memory wherein is stored the shared secret; and
a processing apparatus coupled to the non-volatile memory, the processing apparatus including authentication apparatus for authenticating the at least one global broadcast message, wherein the processing apparatus receives the authentication information, uses the authentication apparatus and the authentication information to authenticate the at least one global broadcast message, and provides an indication of validity of the at least one global broadcast message to the receiver only if the at least one global broadcast message is authentic, wherein;
there are a plurality of the entitlement agents;
the at least one global broadcast message further includes a specifier for the entitlement agent of the plurality on whose behalf the message is being sent;
there is further stored in the non-volatile memory at least one stored specifier for at least one of the plurality of entitlement agents; and
the processing apparatus further receives the specifier for the entitlement agent from the at least one global broadcast message and provides the indication of validity only if the specifier for the entitlement agent matches the stored specifier. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 55)
the receiver receives an instance of a service on behalf of an entitlement agent of the plurality thereof;
the at least one global broadcast message includes a first global broadcast message that accompanies the instance and further includes an entitlement identifier indicating entitlement to the instance;
there is further stored in the non-volatile memory at least one stored entitlement identifier for at least one of a plurality of instances of a service; and
the processing apparatus further receives the entitlement identifier from the first global broadcast message and provides the indication of validity only if the entitlement identifier matches the stored entitlement identifier.
-
-
25. The secure element of claim 24, wherein:
-
the instance of the service is encrypted using a short-term key;
the first global broadcast message further includes a key derivation value;
there is further stored in the non-volatile memory a long-term key associated with the entitlement agent;
the processing apparatus further receives the key derivation value, uses the long-term key together with the key derivation value to obtain the short-term key and provides the short-term key to the receiver to use in decrypting the instance of the service if the first global broadcast message is valid.
-
-
26. The secure element of claim 25, wherein:
-
there are a plurality of long-term keys associated with the entitlement agent and stored in the non-volatile memory, each of the long-term keys being associated with a stored key identifier that is stored in the non-volatile memory;
the first global broadcast message further includes a key identifier identifying a long-term key; and
the processing apparatus further receives the key identifier and uses the long-term key associated with a stored key identifier that matches the key identifier to obtain the short-term key.
-
-
27. The secure element of claim 25, wherein:
-
the key derivation value has been encrypted using the long-term key;
the processing apparatus further includes decryption apparatus; and
the processing apparatus uses the long-term key and the decryption apparatus to decrypt the key derivation value.
-
-
28. The secure element of claim 25, wherein:
-
the shared secret is the long-term key;
the authentication information is a digest made using contents of the first global broadcast message and the shared secret; and
the authentication apparatus authenticates the message by making a new digest using the contents with the long-term key and comparing the new digest with the digest.
-
-
29. The secure element of claim 24, wherein:
-
the at least one global broadcast message includes a second global broadcast message that accompanies the instance and further includes a purchasable entitlement identifier that identifies an entitlement to the instance which a user of the receiver may purchase;
the receiver responds to the second global broadcast message by interacting with the user to indicate purchasability of the instance and to an indication of purchasability from the user by providing the purchasable entitlement identifier to the secure element; and
the processing apparatus responds thereto by storing the purchasable entitlement identifier in the memory in association with the entitlement agent, the processing apparatus further using the purchasable entitlement identifier in the same fashion as the entitlement identifier to determine validity of the first global broadcast message.
-
-
30. The secure element of claim 29, wherein:
-
the receiver further sends a message addressed to the entitlement agent;
the message has contents that include at least an encryption of the purchasable entitlement identifier, a key for decrypting the encryption, and an encrypted digest of the contents;
the memory further includes a public key for the entitlement agent and private key for the receiver;
the processing apparatus further includes encryption apparatus; and
the processing apparatus receives the contents, provides a further key for decrypting the encryption, uses the encryption apparatus and the further key to encrypt the encryption, uses the public key for the entitlement agent and the encryption apparatus to encrypt the further key, makes the digest of the contents, and uses the private key and the encryption apparatus to encrypt the digest.
-
-
55. The secure element of claim 23, wherein the processing apparatus uses the shared secret with the authentication information to authenticate the message.
-
31. A secure element for use in a receiver that has access to instances of services as determined by an entitlement agent, the receiver sending messages to the entitlement agent and the secure element comprising:
-
non-volatile memory wherein is stored a public key-private key pair for the receiver and a public key for the entitlement agent;
processing apparatus coupled to the non-volatile memory, the processing apparatus including apparatus for encrypting, the apparatus for encrypting responding to content of a given message by making a digest of the content and encrypting the digest using the private key for the receiver, encrypting the content with a further key, encrypting the further key with a public key for the entitlement agent, and returning the encrypted content, the encrypted digest, and the encrypted further key to the receiver for inclusion in the message. - View Dependent Claims (32)
the secure element is implemented in a module which is separate from the remainder of the receiver and is consumer-installable in the receiver.
-
-
33. A service origination component included in a cable television system for securely transmitting to a service reception component, the service origination component comprising:
-
a transaction encryption device for storing a private key for an entitlement agent that is included in the cable television system for transmitting instances of service to the service reception component, and wherein the private key of the entitlement agent is used for encrypting information for subsequent transmission to the service reception component; and
a controller securely linked to the transaction encryption device, said controller having a memory with a key stored therein, the key corresponding to the private key of the entitlement agent. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41)
a processor coupled to the transaction encryption device for processing data using a secure hash function to generate the information.
-
-
36. The service origination component of claim 33, wherein the entitlement agent is coupled to the controller;
- and wherein the transaction encryption device further includes a random number generator for generating a multi-session key (MSK) coupled to the memory of the transaction encryption device, a processor coupled to the random number generator for hashing the at least a portion of the information and the MSK in a secure one-way hash to generate a digest that is included as part of the information.
-
37. The service origination component of claim 36, wherein the transaction encryption device further includes an encryptor coupled to the processor for encrypting the information using a public key associated with the service reception component prior to transmission of the information.
-
38. The service origination component of claim 36, further comprising:
a message generator coupled to the processor for generating an entitlement management message including the digest, wherein the digest is encrypted by the processor using the private key to generate the information that is transmitted to the service reception component.
-
39. The service origination component of claim 38, wherein at least a portion of the content of the entitlement management message is encrypted using a public key of the service reception component.
-
40. The service origination component of claim 33, further comprising:
a conditional access authority establishment apparatus coupled to the controller, the conditional access authority establishment apparatus for establishing a conditional access authority.
-
41. The service origination component of claim 40, wherein:
the transaction encryption device further stores a private key of the conditional access authority.
-
42. A service origination component included in a cable television system for securely transmitting to a service reception component, the service origination component comprising:
-
a transaction encryption device for storing a private key for an entitlement agent that is included in the cable television system for transmitting instances of service to the service reception component, and wherein the private key of the entitlement agent is used for encrypting information for subsequent transmission to the service reception component, wherein the transaction encryption device further stores a private key of the conditional access authority, wherein;
a controller securely linked to the transaction encryption device, said controller having a memory with a key stored therein, the key corresponding to the private key of the entitlement agent; and
a conditional access authority establishment apparatus coupled to the controller, the conditional access authority establishment apparatus for establishing a conditional access authority;
a message generator for generating a message comprising a public key of the entitlement agent;
an encryptor coupled to the message generator for encrypting at least a portion of a digest of the message using the private key of the conditional access authority; and
a transmitter coupled to the encryptor for transmitting the message to the service reception component that is intended to receive the instances of service from the entitlement agent.
-
-
43. A cable television system for providing secure transmissions, the cable television system comprising:
-
an entitlement agent for generating instances of service;
a service origination component in communication with the entitlement agent, the service origination component including a transaction encryption device having a memory with a private key of the entitlement agent stored therein, the transaction encryption device for encrypting information using the private key for subsequent transmission, and a controller securely linked to the transaction encryption device, said controller having a memory with a key stored therein, wherein the key corresponds to the private key of the entitlement agent; and
a service reception component for receiving the information and for decrypting the information using a public key of the entitlement agent in communication with the service origination component. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51)
a random number generator for generating a multi-session key (MSK) coupled to the memory;
a processor coupled to the random number generator for hashing at least a portion of the information and the MSK in a secure one-way hash to generate a digest that is included as a part of the information.
-
-
48. The cable television system of claim 47, wherein the transaction encryption component of the service origination component further includes:
a message generator coupled to the processor for generating an entitlement management message including the digest, wherein the entitlement management message is encrypted by the processor using the private key to generate the information that is transmitted to the service reception component.
-
49. The cable television system of claim 48, wherein the entitlement management message including the digest is further encrypted using a public key of the service reception component.
-
50. The cable television system of claim 43, further comprising:
conditional access authority establishment apparatus for establishing a conditional access authority in communication with the controller.
-
51. The cable television system of claim 50, wherein the transaction encryption device of the service origination component further stores a private key of the conditional access authority.
-
52. A cable television system for providing secure transmissions, the cable television system comprising:
-
an entitlement agent for generating instances of service;
a service origination component in communication with the entitlement agent, the service origination component including a transaction encryption device having a memory with a private key of the entitlement agent stored therein, the transaction encryption device for encrypting information using the private key for subsequent transmission, and a controller securely linked to the transaction encryption device, said controller having a memory with a key stored therein, wherein the key corresponds to the private key of the entitlement agent; and
a service reception component for receiving the information and for decrypting the information using a public key of the entitlement agent in communication with the service origination component;
a conditional access authority establishment apparatus for establishing a conditional access authority in communication with the controller, wherein the transaction encryption device of the service origination component further stores a private key of the conditional access authority, and wherein the transaction encryption device of the service origination component further includes;
a message generator for generating a message comprising a public key of the entitlement agent, the message generator in communication with the memory;
an encryptor coupled to the message generator for encrypting the message using the private key of the conditional access authority and a public key of the service reception component; and
a transmitter coupled to the controller for transmitting the message to the service reception component that is intended to receive the instances of service from the entitlement agent.
-
-
53. A service origination component included in a cable television system for securely transmitting to a service reception component, the service origination component comprising:
-
a transaction encryption device for storing a private key for an entitlement agent that is included in the cable television system for transmitting instances of service to the service reception component, and wherein the private key of the entitlement agent is used for encrypting information for subsequent transmission to the service reception component; and
a controller securely linked to the transaction encryption device, said controller having a memory with a key stored therein, the key corresponding to the private key of the entitlement agent, wherein the key corresponding to the private key of the entitlement agent stored in said controller is encrypted.
-
-
54. A cable television system for providing secure transmissions, the cable television system comprising:
-
an entitlement agent for generating instances of service;
a service origination component in communication with the entitlement agent, the service origination component including a transaction encryption device having a memory with a private key of the entitlement agent stored therein, the transaction encryption device for encrypting information using the private key for subsequent transmission, and a controller securely linked to the transaction encryption device, said controller having a memory with a key stored therein, wherein the key corresponds to the private key of the entitlement agent; and
a service reception component for receiving the information and for decrypting the information using a public key of the entitlement agent in communication with the service origination component, wherein the key corresponding to the private key of the entitlement agent stored in said controller is encrypted.
-
Specification