Apparatus for encryption key management
First Claim
Patent Images
1. A method of controlling access to an encrypted instance of service, which was encrypted by a first key, the method implemented in a receiver in a subscriber television system, the method comprising the steps of:
- (a) duplicating the first key;
(b) encrypting the duplicate first key with a second key;
(c) transmitting from the receiver the encrypted duplicate first key;
(d) encrypting the first key using a public key of a private key-public key pair belonging to the receiver, thereby converting the first key into an encrypted first key;
(e) associating a key validator with the encrypted first key, wherein the key validator includes a time indicator that indicates whether the encrypted first key is valid;
(f) determining whether the encrypted first key is valid;
(g) receiving at the receiver a second key validator that indicates the validity of the receiver to use the first key to decrypt the encrypted services;
(h) responsive to the encrypted first key being valid, decrypting the encrypted first key thereby recovering the first key; and
(i) responsive to the second key validator indicating the encrypted first key is valid, decrypting the encrypted service instance using the recovered first key.
4 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and a receiver, which is in a broadband communication system, includes the logic necessary for protecting keys used for encrypting content that is received by the receiver. The apparatus validates the keys and denies the receiver the use of the keys if they become invalid.
126 Citations
53 Claims
-
1. A method of controlling access to an encrypted instance of service, which was encrypted by a first key, the method implemented in a receiver in a subscriber television system, the method comprising the steps of:
-
(a) duplicating the first key; (b) encrypting the duplicate first key with a second key; (c) transmitting from the receiver the encrypted duplicate first key; (d) encrypting the first key using a public key of a private key-public key pair belonging to the receiver, thereby converting the first key into an encrypted first key; (e) associating a key validator with the encrypted first key, wherein the key validator includes a time indicator that indicates whether the encrypted first key is valid; (f) determining whether the encrypted first key is valid; (g) receiving at the receiver a second key validator that indicates the validity of the receiver to use the first key to decrypt the encrypted services; (h) responsive to the encrypted first key being valid, decrypting the encrypted first key thereby recovering the first key; and (i) responsive to the second key validator indicating the encrypted first key is valid, decrypting the encrypted service instance using the recovered first key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A receiver in a digital subscriber network, the receiver receiving content provided by an entitlement agent through a first communication link, the receiver comprising:
-
a first key validator including a validation token having a time specifier for which a first key is validated; a processor for duplicating the first key; an encryptor adapted to encrypt the first key using a public key of a public key-private key pair associated with the receiver, and adapted to encrypt the duplicated first key with a second public key-private key pair, wherein the second public key is associated with the entitlement agent; a second key validator that indicates the validity of the receiver to use the first key; and based on the second key validator, a decryptor adapted to decrypt the first key using the private key of the public key-private key pair. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. In a receiver coupled to a subscriber television network, a method of controlling access to an encrypted instance of service provided to the receiver by a headend of the subscriber television network, the method comprising the steps of:
-
receiving at the receiver a service instance; encrypting the service instance with a first key; duplicating the first key with a second key; transmitting from the receiver the encrypted duplicate first key; generating a key validator having a time indicator included therein; encrypting the first key with a public key of a private key-public key pair key, thereby converting the first key into an encrypted first key; associating the encrypted first key with the key validator; storing the encrypted service instance, the encrypted first key and the key validator in a storage device; responsive to receiving a request for the stored encrypted service, retrieving the encrypted first key and the key validator from the storage device; responsive to retrieving the encrypted key validator, determining whether the encrypted first key is valid using the key validator; responsive to the encrypted first key being valid, receiving at the receiver a second key validator that indicates the validity of the receiver to use the first key; responsive to the validity of the receiver to use the first key, decrypting the encrypted first key with a private key of the private key-public key pair, thereby recovering the first key; and responsive to recovering first key, decrypting the encrypted service instance. - View Dependent Claims (31, 32, 33, 34, 35, 36)
-
-
37. In a subscriber television system having a head-end and a receiver that receives a service instance from the head-end, the receiver, the receiver comprising:
-
a first processor adapted to encrypt a service instance with a first key and adapted to encrypt the first key with a public key of a public key-private key pair belonging to the receiver, thereby converting the first key into an encrypted first key, the first processor further adapted to generate a key validator having a time indicator included therein; storage means in communication with the first processor, the storage means adapted to store the encrypted first key, the encrypted service instance and a key authenticator; a secure element in communication with the first processor, the secure element having a second processor and a memory, the memory having the private key belonging to the receiver stored therein, the second processor adapted to generate a key authenticator using at least a portion of the key validator and the public key belonging to the receiver, wherein the memory of the secure element is not accessible to the first processor; an input port in communication with the first processor adapted to receiver commands from a subscriber input device, wherein responsive to a command from the subscriber input device received at the input port, the first processor determines whether the encrypted first key is valid using the key validator, the second processor decrypts the encrypted first key using the private key, thereby recovering the first key, and determines whether the key validator is authentic using the private key and the key validator, and responsive to both the first key being valid and the key validator being authentic, the first processor decrypts the service instance using the recovered first key; a transceiver in communication with the first processor and the headend of the subscriber television system, wherein the first processor is adapted to duplicate the first key and encrypt the duplicate first key with a second public key, thereby converting the duplicate first key into a second encrypted first key, responsive to the encrypted first key being invalid, the first processor generates a message for the headend including the second encrypted first key and the transceiver transmits the message to the headend, wherein the transceiver receives a second message, responsive to the second message, the first processor decrypts the encrypted service instance, wherein the second message includes a second key validator, responsive to the second key validator, the first processor validates the first encrypted first key using the second key validator. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. In a subscriber network system having a head-end and a receiver that receives a service instance from the head-end, the receiver, which is located remotely from the head-end, stores the service instance at the remote location and restricts access to the stored service instance, the receiver comprising:
-
a port adapted to receive the service instance, wherein the service instance is provided to the subscriber network by an entitlement agent having a public key-private key pair associated therewith, the memory having the public key associated with the entitlement agent stored therein, and the processor is further adapted to copy the first key and encrypt the copy of the first key with public key associated with the entitlement agent and provide the encrypted copy of the first key to the storage device, which stores the encrypted copy of first key therein; a storage device at the remote location, the storage device having an encrypted first key, a key validator, and key authenticator stored therein, and wherein the first key is used for decrypting the service instance when the first key is valid; a memory having a private key-public key pair for the receiver stored therein; a processor in communication with the memory, the processor adapted to use the public key of the receiver to encrypt the first key and generate the key validator and the key authenticator, wherein the key validator includes a time indicator used for determining whether the first key is valid or has expired, the key authenticator includes a hash digest signed by the private key of the receiver, and the hash digest is the output of a hash function having as inputs at least a portion of the key validator and at least a portion of the first key; and a transceiver in communication with the processor adapted to transmit messages to the head-end, wherein the processor is further adapted to generate a message having the encrypted copy of the first key included therein, and the transceiver transmits the message to the head-end, wherein the transceiver receives message from the head-end, the received message includes an encrypted second copy of the first key, and the processor decrypts the encrypted second copy of the first key using the private key of the receiver, wherein the received message includes a second key validator, the processor uses the second key validator to generate a second key authenticator, and the second key validator and the second key authenticator are stored in the storage device. - View Dependent Claims (47, 48, 49)
-
-
50. In a subscriber television system having a head-end and a receiver that receives a service instance from the head-end, the receiver, which is located remotely from the head-end at a subscriber'"'"'s premises restricts access to the stored service instance, a method of accessing the restricted service instance, the method implemented at the receiver and comprising the steps of:
-
receiving the service instance; duplicating the first key; encrypting the service instance with a first key; storing the encrypted service instance in a storage device at the premises of the subscriber; encrypting the first key with a second key, thereby converting the first key to an encrypted first key, wherein the second key is a public key of a private key-public key pair belonging to the receiver; encrypting the duplicate first key with a third key, wherein the third key is a public key provided to the receiver from the head-end of the subscriber television system; storing the encrypted duplicate first key; associating a key validator with the encrypted first key, wherein the key validator includes a time indicator that indicates whether the encrypted first key is valid; associating a key authenticator with the encrypted first key, wherein the key authenticator includes a digest signed by the private key and indicates whether the key validator is authentic; storing the encrypted first key, the key validator, and the key authenticator; determining whether the encrypted first key is valid using the key validator; authenticating the key authenticator using the key authenticator; responsive to the encrypted first key being valid, transmitting the encrypted duplicate first key to the headend; receiving from the head-end a second key validator; validating the encrypted first key using the second key validator; responsive to the encrypted first key being valid using the second key validator, decrypting the encrypted first key with the private key of the receiver, thereby recovering the first key; and decrypting the encrypted service instance using the recovered first key. - View Dependent Claims (51, 52, 53)
-
Specification