Apparatus for encryption key management

US 7,200,868 B2
Filed: 09/12/2002
Issued: 04/03/2007
Est. Priority Date: 09/12/2002
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access to an encrypted instance of service, which was encrypted by a first key, the method implemented in a receiver in a subscriber television system, the method comprising the steps of:

(a) duplicating the first key;

(b) encrypting the duplicate first key with a second key;

(c) transmitting from the receiver the encrypted duplicate first key;

(d) encrypting the first key using a public key of a private key-public key pair belonging to the receiver, thereby converting the first key into an encrypted first key;

(e) associating a key validator with the encrypted first key, wherein the key validator includes a time indicator that indicates whether the encrypted first key is valid;

(f) determining whether the encrypted first key is valid;

(g) receiving at the receiver a second key validator that indicates the validity of the receiver to use the first key to decrypt the encrypted services;

(h) responsive to the encrypted first key being valid, decrypting the encrypted first key thereby recovering the first key; and

(i) responsive to the second key validator indicating the encrypted first key is valid, decrypting the encrypted service instance using the recovered first key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and a receiver, which is in a broadband communication system, includes the logic necessary for protecting keys used for encrypting content that is received by the receiver. The apparatus validates the keys and denies the receiver the use of the keys if they become invalid.

126 Citations

53 Claims

1. A method of controlling access to an encrypted instance of service, which was encrypted by a first key, the method implemented in a receiver in a subscriber television system, the method comprising the steps of:
- (a) duplicating the first key;
  
  (b) encrypting the duplicate first key with a second key;
  
  (c) transmitting from the receiver the encrypted duplicate first key;
  
  (d) encrypting the first key using a public key of a private key-public key pair belonging to the receiver, thereby converting the first key into an encrypted first key;
  
  (e) associating a key validator with the encrypted first key, wherein the key validator includes a time indicator that indicates whether the encrypted first key is valid;
  
  (f) determining whether the encrypted first key is valid;
  
  (g) receiving at the receiver a second key validator that indicates the validity of the receiver to use the first key to decrypt the encrypted services;
  
  (h) responsive to the encrypted first key being valid, decrypting the encrypted first key thereby recovering the first key; and
  
  (i) responsive to the second key validator indicating the encrypted first key is valid, decrypting the encrypted service instance using the recovered first key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, further including the steps of:
    - receiving the instance of service at the receiver;
      
      encrypting the instance of service using the first key;
      
      storing the encrypted instance of service; and
      
      storing the encrypted first key.
  - 3. The method of claim 2, wherein the instance of service received at the receiver includes ciphertext, further including the step of:
    - decrypting the ciphertext of the instance of service using the second key.
  - 4. The method of claim 3, prior to decrypting the ciphertext of the instance of service, further including the steps of:
    - receiving a message and the service instance concurrently, wherein the message includes a second key token; and
      
      generating the second key using the second key token.
  - 5. The method of claim 1, wherein the time indicator includes a starting time and an ending time for which the first key is valid.
  - 6. The method of claim 1, wherein the time indicator includes a time specifier and a range specifier, wherein the first key is valid for times between the time specifier and the time specifier plus the range specifier.
  - 7. The method of claim 1, wherein the time indicator includes a time specifier and a range specifier, wherein the first key is valid for times between the time specifier minus the range specifier and the time specifier.
  - 8. The method of claim 1, further including the steps of:
    - prior to step (f), (j) associating the encrypted first key with a key authenticator; and
      
      after step (h), (k) authenticating the recovered first key using at least a portion of the recovered first key, wherein the recovered first key is used for decrypting the encrypted instance of service only when the recovered first key is authentic.
  - 9. The method of claim 8, wherein the step (k) further includes the steps of:
    - making a HASH digest using at least a portion of the recovered first key as an input for a HASH function; and
      
      comparing the HASH digest with the key authenticator and authenticating the key authenticator when it is the same as the HASH digest.
  - 10. The method of claim 9, wherein the input for the HASH function includes at least a portion of the key validator.
  - 11. The method of claim 9, wherein the key authenticator is a digitally signed HASH digest that is signed by the private key of the public key-private key pair associated with the receiver, and the step (k) further includes:
    - authenticating the signature of the receiver using the public key of the public key-private key pair.
  - 12. The method of claim 1, further including the step of:
    - generating at the receiver the first key.
  - 13. The method of claim 1, wherein the private key is stored within a memory of a secure processor, wherein the memory is accessible only to the secure processor, and prior to step (h), further including the steps of:
    - responsive to the first key being valid, providing the encrypted first key to the secure processor; and
      
      decrypting the encrypted first key using the private key of the public key-private key pair.
  - 14. The method of claim 13, prior to step (h), further including the steps of:
    - associating the first key with a key authenticator, the key authenticator indicating the authenticity of the validator associated with the first key; and
      
      authenticating the first key using at least a portion of the first key, wherein the first key is used for decrypting the encrypted instance of service only when the validator associated with the first key is authentic.
  - 15. The method of claim 14, wherein the authenticating step further includes the steps of:
    - making a HASH digest using at least a portion of the first key as an input for HASH function; and
      
      comparing the HASH digest with the key authenticator and authenticating the key authenticator when it is the same as the HASH digest.
  - 16. The method of claim 15, wherein the input for the HASH function includes at least a portion of the key validator.
  - 17. The method of claim 15, wherein the key authenticator is a digitally signed HASH digest that was signed by the private key of the public key-private key pair associated with the receiver, and the authenticating step further includes:
    - authenticating the signature of the receiver using the public key of the public key-private key pair.
  - 18. The method of claim 1, wherein the key validator is encrypted using the public key of the private key-public key pair belonging to the receiver.
  - 19. The method of claim 1, wherein the second key is a public key of a public key-private key pair, the private key securely stored at a headend of a subscriber television system.

20. A receiver in a digital subscriber network, the receiver receiving content provided by an entitlement agent through a first communication link, the receiver comprising:
- a first key validator including a validation token having a time specifier for which a first key is validated;
  
  a processor for duplicating the first key;
  
  an encryptor adapted to encrypt the first key using a public key of a public key-private key pair associated with the receiver, and adapted to encrypt the duplicated first key with a second public key-private key pair, wherein the second public key is associated with the entitlement agent;
  
  a second key validator that indicates the validity of the receiver to use the first key; and
  
  based on the second key validator, a decryptor adapted to decrypt the first key using the private key of the public key-private key pair.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 21. The receiver of claim 20, wherein the decryptor is included in a secure processor having a memory that includes the private key of the receiver, and the memory is accessible only to the secure processor.
  - 22. The receiver of claim 20, further including:
    - a storage device having encrypted content stored therein, wherein the encrypted content was encrypted using the first key; and
      
      a second decryptor adapted to decrypt the encrypted content using the decrypted first key.
  - 23. The receiver of claim 20, further including:
    - an output port adapted to communication with an external storage device; and
      
      a second decryptor adapted to decrypt the encrypted content using the decrypted first key.
  - 24. The receiver of claim 20, further including:
    - an authenticator adapted to authenticate the first key, wherein the authenticator generates an authentication token associated with the first key.
  - 25. The receiver of claim 20, wherein the authenticator further includes:
    - a digest maker adapted to making a HASH digest using at least a portion of the first key as an input to a HASH function; and
      
      a comparator adapted to compare the HASH digest with the authentication token.
  - 26. The receiver of claim 25, wherein the authenticator further includes:
    - a digital signer adapted to apply the private key of the public key-private key pair to the authentication token.
  - 27. The receiver of claim 24, wherein the authenticator is included in a secure processor having a memory that includes a private key of the public key-private key pair and the memory is successful only to the secure processor.
  - 28. The receiver of claim 20, wherein the first key validator further includes:
    - a clock adapted to measure time from a predetermined time; and
      
      a comparator adapted to compare the measured time with the validation token, wherein the comparator uses the time specifier and the measured time to determine if the first key is valid.
  - 29. The receiver of claim 20, further including:
    - a transceiver adapted to transmit a request for a validation token, wherein the validation token includes a time specifier indicating when the first key is valid.

30. In a receiver coupled to a subscriber television network, a method of controlling access to an encrypted instance of service provided to the receiver by a headend of the subscriber television network, the method comprising the steps of:
- receiving at the receiver a service instance;
  
  encrypting the service instance with a first key;
  
  duplicating the first key with a second key;
  
  transmitting from the receiver the encrypted duplicate first key;
  
  generating a key validator having a time indicator included therein;
  
  encrypting the first key with a public key of a private key-public key pair key, thereby converting the first key into an encrypted first key;
  
  associating the encrypted first key with the key validator;
  
  storing the encrypted service instance, the encrypted first key and the key validator in a storage device;
  
  responsive to receiving a request for the stored encrypted service, retrieving the encrypted first key and the key validator from the storage device;
  
  responsive to retrieving the encrypted key validator, determining whether the encrypted first key is valid using the key validator;
  
  responsive to the encrypted first key being valid, receiving at the receiver a second key validator that indicates the validity of the receiver to use the first key;
  
  responsive to the validity of the receiver to use the first key, decrypting the encrypted first key with a private key of the private key-public key pair, thereby recovering the first key; and
  
  responsive to recovering first key, decrypting the encrypted service instance.
- View Dependent Claims (31, 32, 33, 34, 35, 36)
- - 31. The method of claim 30, further including the steps of:
    - generating a key authenticator using at least a portion of the key validator;
      
      associating the key authenticator with the encrypted first key and with the key validator; and
      
      storing the key authenticator in the storage device;
      
      wherein the step of determining whether the encrypted first key is valid, further includes the steps of;
      
      retrieving the key authenticator from the storage device; and
      
      determining whether the key validator is authentic using the key authenticator, wherein the encrypted first key is valid only if the key validator is authentic.
  - 32. The method of claim 31, wherein the key authenticator includes a signed first HASH digest, the first HASH digest being the output of a HASH function having at least a portion of the key validator as an input, wherein the first HASH digest was signed by the private key, and the step of determining whether the key validator is authentic includes the steps of:
    - generating a second HASH digest using at least a portion of the key validator as an input to a HASH function;
      
      decoding the signed first HASH digest with the public key; and
      
      comparing the decoded first HASH digest with the second HASH digest, wherein the key validator is authentic only if the decoded first HASH digest is the same as the second HASH digest.
  - 33. The method of claim 30, wherein the service instance received at the receiver includes ciphertext, and prior to encrypting the service instance, further including the step of:
    - receiving a decryption key token at the receiver, wherein the decryption key token is received concurrently with the service instance;
      
      generating a fourth key using the decryption key token; and
      
      decrypting the ciphertext of the service instance using the fourth key.
  - 34. The method of claim 30, wherein the time indicator includes a starting time and an ending time for which the first key is valid.
  - 35. The method of claim 30, wherein the time indicator includes a time specifier and a range specifier, wherein the first key is valid for times between the time specifier and the time specifier plus the range specifier.
  - 36. The method of claim 30, wherein the time indicator includes a time specifier and a range specifier, wherein the first key is valid for times between the time specifier minus the range specifier and the time specifier.

37. In a subscriber television system having a head-end and a receiver that receives a service instance from the head-end, the receiver, the receiver comprising:
- a first processor adapted to encrypt a service instance with a first key and adapted to encrypt the first key with a public key of a public key-private key pair belonging to the receiver, thereby converting the first key into an encrypted first key, the first processor further adapted to generate a key validator having a time indicator included therein;
  
  storage means in communication with the first processor, the storage means adapted to store the encrypted first key, the encrypted service instance and a key authenticator;
  
  a secure element in communication with the first processor, the secure element having a second processor and a memory, the memory having the private key belonging to the receiver stored therein, the second processor adapted to generate a key authenticator using at least a portion of the key validator and the public key belonging to the receiver, wherein the memory of the secure element is not accessible to the first processor;
  
  an input port in communication with the first processor adapted to receiver commands from a subscriber input device, wherein responsive to a command from the subscriber input device received at the input port, the first processor determines whether the encrypted first key is valid using the key validator, the second processor decrypts the encrypted first key using the private key, thereby recovering the first key, and determines whether the key validator is authentic using the private key and the key validator, and responsive to both the first key being valid and the key validator being authentic, the first processor decrypts the service instance using the recovered first key;
  
  a transceiver in communication with the first processor and the headend of the subscriber television system, wherein the first processor is adapted to duplicate the first key and encrypt the duplicate first key with a second public key, thereby converting the duplicate first key into a second encrypted first key, responsive to the encrypted first key being invalid, the first processor generates a message for the headend including the second encrypted first key and the transceiver transmits the message to the headend, wherein the transceiver receives a second message, responsive to the second message, the first processor decrypts the encrypted service instance, wherein the second message includes a second key validator, responsive to the second key validator, the first processor validates the first encrypted first key using the second key validator.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45)
- - 38. The receiver of claim 37, wherein the time indicator includes a starting time and an ending time for which the first key is valid.
  - 39. The receiver of claim 37, wherein the time indicator includes a time specifier and a range specifier, wherein the first key is valid for times between the time specifier and the time specifier plus the range specifier.
  - 40. The receiver of claim 37, wherein the time indicator includes a time specifier and a range specifier, wherein the first key is valid for times between the time specifier minus the range specifier and the time specifier.
  - 41. The receiver of claim 37, wherein the second processor is further adapted to generate a HASH digest of at least a portion of the key validator and at least a portion the first key, wherein the key authenticator includes the HASH digest signed by the private key.
  - 42. The receiver of claim 41, wherein the second processor is further adapted to generate a second HASH digest of at least a portion of the key validator and at least a portion the recovered first key, decode the signed HASH digest of the key authenticator using the public key, and compare the second HASH digest with the decoded HASH digest, wherein responsive to the second HASH digest being the same as the decoded HASH digest, the second processor provides the recovered first key to the first processor.
  - 43. The receiver of claim 42, wherein responsive to the second HASH digest not being the same as the decoded HASH digest, the second processor does not provide the recovered first key to the first processor.
  - 44. The receiver of claim 37, wherein the storage means includes a harddrive.
  - 45. The receiver of claim 37, wherein the storage means includes a storage device external to the receiver.

46. In a subscriber network system having a head-end and a receiver that receives a service instance from the head-end, the receiver, which is located remotely from the head-end, stores the service instance at the remote location and restricts access to the stored service instance, the receiver comprising:
- a port adapted to receive the service instance, wherein the service instance is provided to the subscriber network by an entitlement agent having a public key-private key pair associated therewith, the memory having the public key associated with the entitlement agent stored therein, and the processor is further adapted to copy the first key and encrypt the copy of the first key with public key associated with the entitlement agent and provide the encrypted copy of the first key to the storage device, which stores the encrypted copy of first key therein;
  
  a storage device at the remote location, the storage device having an encrypted first key, a key validator, and key authenticator stored therein, and wherein the first key is used for decrypting the service instance when the first key is valid;
  
  a memory having a private key-public key pair for the receiver stored therein;
  
  a processor in communication with the memory, the processor adapted to use the public key of the receiver to encrypt the first key and generate the key validator and the key authenticator, wherein the key validator includes a time indicator used for determining whether the first key is valid or has expired, the key authenticator includes a hash digest signed by the private key of the receiver, and the hash digest is the output of a hash function having as inputs at least a portion of the key validator and at least a portion of the first key; and
  
  a transceiver in communication with the processor adapted to transmit messages to the head-end, wherein the processor is further adapted to generate a message having the encrypted copy of the first key included therein, and the transceiver transmits the message to the head-end, wherein the transceiver receives message from the head-end, the received message includes an encrypted second copy of the first key, and the processor decrypts the encrypted second copy of the first key using the private key of the receiver, wherein the received message includes a second key validator, the processor uses the second key validator to generate a second key authenticator, and the second key validator and the second key authenticator are stored in the storage device.
- View Dependent Claims (47, 48, 49)
- - 47. The receiver of claim 46, further including:
    - a decryptor in communication with the processor and the storage device, the decryptor adapted to use the first key to decrypt the encrypted stored service instance; and
      
      wherein the processor is adapted to use the encrypted first key, the key validator and the key authenticator to determine whether the decryptor should be provided with the first key.
  - 48. The receiver of claim 47, wherein the processor is further adapted to decrypt the encrypted first key using the private key of the receiver and generate a second hash digest using at least a portion of the first key and at least a portion of the key validator as inputs to the hash function, use the public key of the receiver to process the authentication token, compare the second hash digest with the processed authentication token, and responsive to the second hash digest and the processed authentication token not being the same, the processor determines therefrom that the decryptor is not to be provided with the first key.
  - 49. The receiver of claim 48, wherein the processor is further adapted to use the time specifier of the key validator to determine whether the first key has expired and when the first key is expired determine therefrom that the decryptor is not to be provided with the first key.

50. In a subscriber television system having a head-end and a receiver that receives a service instance from the head-end, the receiver, which is located remotely from the head-end at a subscriber'"'"'s premises restricts access to the stored service instance, a method of accessing the restricted service instance, the method implemented at the receiver and comprising the steps of:
- receiving the service instance;
  
  duplicating the first key;
  
  encrypting the service instance with a first key;
  
  storing the encrypted service instance in a storage device at the premises of the subscriber;
  
  encrypting the first key with a second key, thereby converting the first key to an encrypted first key, wherein the second key is a public key of a private key-public key pair belonging to the receiver;
  
  encrypting the duplicate first key with a third key, wherein the third key is a public key provided to the receiver from the head-end of the subscriber television system;
  
  storing the encrypted duplicate first key;
  
  associating a key validator with the encrypted first key, wherein the key validator includes a time indicator that indicates whether the encrypted first key is valid;
  
  associating a key authenticator with the encrypted first key, wherein the key authenticator includes a digest signed by the private key and indicates whether the key validator is authentic;
  
  storing the encrypted first key, the key validator, and the key authenticator;
  
  determining whether the encrypted first key is valid using the key validator;
  
  authenticating the key authenticator using the key authenticator;
  
  responsive to the encrypted first key being valid, transmitting the encrypted duplicate first key to the headend;
  
  receiving from the head-end a second key validator;
  
  validating the encrypted first key using the second key validator;
  
  responsive to the encrypted first key being valid using the second key validator, decrypting the encrypted first key with the private key of the receiver, thereby recovering the first key; and
  
  decrypting the encrypted service instance using the recovered first key.
- View Dependent Claims (51, 52, 53)
- - 51. The method of claim 50, wherein the digest of the key authenticator includes the HASH digest that is the output of a HASH function having as inputs at least a portion of the key validator and at least a portion of the first key.
  - 52. The method of claim 51, wherein the step of authenticating further includes the steps of:
    - signing the HASH digest of the key authenticator with the public key of the receiver;
      
      generating a second HASH digest using at least a portion of the key validator and at least a portion of the recovered first key as inputs; and
      
      comparing the second HASH digest with the first HASH digest, wherein the key validator is authentic responsive to the first and second HASH digests being the same.
  - 53. The method of claim 50, wherein the step of determining whether the first key is valid further includes the steps of:
    - determining a current time; and
      
      determining from the current time and the time indicator of the key validator whether the first encrypted key is valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tech 5 SAS
Original Assignee
Scientific-Atlanta Incorporated (Cisco Systems, Inc.)
Inventors
Wasilewski, Anthony J., Mattox, Mark D.
Primary Examiner(s)
Barroń, Jr.; Gilberto
Assistant Examiner(s)
Brown; Christopher J

Application Number

US10/242,100
Publication Number

US 20040052377A1
Time in Patent Office

1,664 Days
Field of Search

713/193
US Class Current

726/26
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 9/088   Usage controlling of secret...

H04L 9/0894   Escrow, recovery or storing...

H04N 21/2347   involving video stream encr...

H04N 21/2541   Rights Management protectin...

H04N 21/26606   for generating or managing ...

H04N 21/26613   for generating or managing ...

H04N 21/4181   for conditional access

H04N 21/4405   involving video stream decr...

H04N 21/4623   Processing of entitlement m...

H04N 21/63345   by transmitting keys key di...

H04N 7/163   by receiver means only

H04N 7/1675   Providing digital key or au...

Apparatus for encryption key management

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

126 Citations

53 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus for encryption key management

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

126 Citations

53 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links