Method and apparatus for encrypted transmission

US 7,191,335 B1
Filed: 02/04/2000
Issued: 03/13/2007
Est. Priority Date: 02/04/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method of encryption of data in a digital television system communicated between a first decoder and a portable security module operatively connected to the first decoder on a receiving side of the digital television system, comprising:

storing a plurality of precalculated key pairs in a memory of the first decoder, each of said plurality of precalculated key pairs comprising a session key and an encrypted session key prepared using a transport key,selecting and processing at least one session key to generate a definitive session key, wherein the definitive session key is generated by repeatedly encrypting an initial session key value known to both the first decoder and the portable security module in both devices using an ordered sequence of session keys and an encryption algorithm sensitive to an order of encryption; and

communicating the ordered sequence of session keys and an encrypted version of said at least one session key to the portable security module,wherein the portable security module is configured to use the ordered sequence of session keys and the transport key to decrypt the encrypted version of the at least one session key to obtain the definitive session key,wherein the transport key is stored in a memory associated with the portable security module;

wherein data communicated from at least the portable security module to the first decoder may thereafter be encrypted and decrypted by the definitive session key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of encryption of data in a digital television system communicated between a first decoder and a portable security module, wherein a precalculated key pair is stored in a memory of the first decoder, wherein the key pair includes a session key and an encrypted version of the session key prepared using a transport key, the encrypted version of the session key being subsequently communicated to the portable security module which decrypts the encrypted version using an equivalent transport key stored in its memory such that data communicated from at least the portable security module to the first decoder may thereafter be encrypted and decrypted by the session key.

96 Citations

View as Search Results

17 Claims

1. A method of encryption of data in a digital television system communicated between a first decoder and a portable security module operatively connected to the first decoder on a receiving side of the digital television system, comprising:
- storing a plurality of precalculated key pairs in a memory of the first decoder, each of said plurality of precalculated key pairs comprising a session key and an encrypted session key prepared using a transport key,selecting and processing at least one session key to generate a definitive session key, wherein the definitive session key is generated by repeatedly encrypting an initial session key value known to both the first decoder and the portable security module in both devices using an ordered sequence of session keys and an encryption algorithm sensitive to an order of encryption; and
  
  communicating the ordered sequence of session keys and an encrypted version of said at least one session key to the portable security module,wherein the portable security module is configured to use the ordered sequence of session keys and the transport key to decrypt the encrypted version of the at least one session key to obtain the definitive session key,wherein the transport key is stored in a memory associated with the portable security module;
  
  wherein data communicated from at least the portable security module to the first decoder may thereafter be encrypted and decrypted by the definitive session key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as claimed in claim 1 in which a subset of a plurality of stored session keys is chosen by the first decoder to generate the definitive session key, the associated encrypted versions of the subset of session keys being communicated to the portable security module for decryption and processing.
  - 3. A method as claimed in claim 1 in which said at least one precalculated key pair is selected from a larger set of precalculated key pairs prior to being stored in the first decoder.
  - 4. A method as claimed in claim 1 in which the encrypted version of a session key communicated to the portable security module also includes a signature value readable by the portable security module to verify the authenticity of the encrypted session key.
  - 5. A method as claimed in claim 1 in which an algorithm and transport key used to encrypt and decrypt a session key correspond to a symmetric algorithm and associated symmetric key.
  - 6. A method as claimed in claim 1 in which an encryption algorithm used with the definitive session key to encrypt and decrypt data communicated between the first decoder and the portable security module corresponds to a symmetric algorithm.
  - 7. A method as claimed in claim 1, in which the portable security module corresponds to one of a smart card and a conditional access module.
  - 8. A method as claimed in claim 1, in which the first decoder corresponds to a conditional access module and the portable security module corresponds to a smart card.
  - 9. A method as claimed in claim 1, in which data encrypted and decrypted with the definitive session key corresponds to a control word data.
  - 10. A method as claimed in claim 1, in which data encrypted and decrypted with the definitive session key corresponds to descrambled broadcast data.
  - 11. A method as claimed in claim 1 as applied to a home network system, wherein the first decoder and the portable security module correspond to consumer electronic devices adapted to transfer data via a communication link.

12. A digital television system for providing secure communication of data, comprising:
- a first decoder comprising;
  
  a memory for storing a plurality of precalculated key pairs, wherein each of the plurality of precalculated key pairs comprises a session key and an encrypted session key prepared using a transport key;
  
  a means for selecting and processing at least one session key to generate a definitive session key, wherein the definitive session key is generated by repeatedly encrypting an initial session key value known to both the first decoder and a portable security module using an ordered sequence of session keys and an encryption algorithm sensitive to an order of encryption; and
  
  communicate the ordered sequence of session keys and an encrypted version of said at least one session key to the portable security module;
  
  the portable security module operatively connected to the first decoder on a receiving side of the digital television system comprising;
  
  a memory for storing the transport key;
  
  means for decrypting the encrypted version of said at least one session key using the transport key and the ordered sequence of session keys to obtain the definitive session key; and
  
  means for encrypting data using the definitive session key, wherein the encrypted data is communicated using a communication means to said first decoder.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. A system as claimed in claim 12, in which the encrypted version of a session key includes a signature value readable by the portable security module to verify the authenticity of the encrypted session key.
  - 14. A system as claimed in claim 12, in which an algorithm and transport key used to encrypt and decrypt a session key correspond to a symmetric algorithm and associated symmetric key.
  - 15. A system as claimed in claim 12, in which an encryption algorithm used with the definitive session key to encrypt and decrypt data communicated between first decoder and the portable security module corresponds to a symmetric algorithm.
  - 16. A system as claimed in claim 12, in which the portable security module corresponds to one of a smart card and a conditional access module.
  - 17. A system as claimed in claim 12 as applied to a home network system, wherein the first decoder and the portable security module correspond to consumer electronic devices adapted to transfer data via a communication link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nagra France SAS (Kudelski SA)
Original Assignee
Canal+ Technologies (Vantiva SA)
Inventors
Maillard, Michel
Primary Examiner(s)
Moazzami, Nasser
Assistant Examiner(s)
Parthasarathy, Pramila

Application Number

US09/890,587
Time in Patent Office

2,594 Days
Field of Search

380/284, 380/29, 380/42, 380/259, 380/277
US Class Current

713/176
CPC Class Codes

H04N 21/26606   for generating or managing ...

H04N 21/4181   for conditional access

H04N 21/4367   Establishing a secure commu...

H04N 21/4623   Processing of entitlement m...

H04N 7/163   by receiver means only

H04N 7/1675   Providing digital key or au...

Method and apparatus for encrypted transmission

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

96 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for encrypted transmission

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links