Hybrid network encrypt/decrypt scheme

US 7,477,743 B2
Filed: 02/07/2002
Issued: 01/13/2009
Est. Priority Date: 02/07/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

receiving a request for a service from a requestor over a bi-directional channel;

authenticating the requestor;

transmitting first decryption information to the requestor over the bi-directional channel, wherein the first decryption information decrypts the service;

transmitting the service, encrypted with encryption information corresponding to the first decryption information, over a unidirectional channel;

generating second decryption information for use in decrypting the service;

encrypting the second decryption information with the encryption information corresponding to the first decryption information;

transmitting the second decryption information, encrypted with the encryption information corresponding to the first decryption information, over the unidirectional channel, wherein the second decryption information decrypts the service; and

transmitting the service, encrypted with encryption information corresponding to the second decryption information rather than with encryption information corresponding to the first decryption information, over the unidirectional channel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A hybrid method for a service provider to transmit decryption information (e.g., algorithms, parameters, keys) to clients in a secure manner and at low cost for use in decrypting broadcast services. The service provider uses a bi-directional channel (e.g., a GPRS channel) to receive service requests, authenticate clients and transmit currently valid decryption information (and, optionally, future decryption information) necessary to decrypt a broadcast service. The service provider transmits the encrypted service on a unidirectional channel (e.g., a DVB-T channel). The service provider preferably also changes the encryption of the service with time, and, as it does, transmits updated decryption information to its clients on the unidirectional channel. The updated decryption information is encrypted using the currently valid decryption information and may also include future decryption information and synchronization information.

Citations

74 Claims

1. A method, comprising:
- receiving a request for a service from a requestor over a bi-directional channel;
  
  authenticating the requestor;
  
  transmitting first decryption information to the requestor over the bi-directional channel, wherein the first decryption information decrypts the service;
  
  transmitting the service, encrypted with encryption information corresponding to the first decryption information, over a unidirectional channel;
  
  generating second decryption information for use in decrypting the service;
  
  encrypting the second decryption information with the encryption information corresponding to the first decryption information;
  
  transmitting the second decryption information, encrypted with the encryption information corresponding to the first decryption information, over the unidirectional channel, wherein the second decryption information decrypts the service; and
  
  transmitting the service, encrypted with encryption information corresponding to the second decryption information rather than with encryption information corresponding to the first decryption information, over the unidirectional channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1 wherein the first decryption information corresponds to a seed of a macro period and the second decryption information corresponds to a micro period of the macro period.
  - 3. The method of claim 2 wherein the micro period is a first micro period of the macro period.
  - 4. The method of claim 1 wherein the second decryption information is transmitted as future decryption information.
  - 5. The method of claim 1 wherein the first decryption information and the second decryption information correspond to different micro periods of a macro period.
  - 6. The method of claim 1 further comprising:
    - transmitting future decryption information over the bi-directional channel; and
      
      transmitting the service encrypted with encryption information corresponding to the future decryption information.
  - 7. The method of claim 1 wherein the request for a service is a request for the service in its entirety or a time interval thereof.
  - 8. The method of claim 1 wherein the bi-directional channel is one of a wireless network.
  - 9. The method of claim 8 wherein the wireless network is a GSM network.
  - 10. The method of claim 8 wherein the wireless network is a Bluetooth network.
  - 11. The method of claim 1 wherein the unidirectional channel is one of a DVB-T network.
  - 12. The method of claim 1 wherein the authenticating is performed using a SIM card number.
  - 13. The method of claim 1 wherein the authenticating is performed using a user ID and password.
  - 14. The method of claim 1 wherein the authenticating is performed using IP authentication.
  - 15. The method of claim 14 wherein the IP authentication is a public key encryption scheme.
  - 16. The method of claim 1 wherein the first decryption information is transmitted to the requestor over the bi-directional channel before the service has begun.
  - 17. The method of claim 1 wherein generating second decryption information involves changing a decryption key, a decryption parameter and/or a decryption algorithm of the first decryption information.
  - 18. The method of claim 1 further comprising:
    - transmitting synchronization information for use by the requestor in determining when the second decryption information is valid.
  - 19. The method of claim 1 further comprising:
    - re-transmitting the second decryption information over the unidirectional channel.

20. A method, comprising:
- receiving a request for a service from a requestor over a bi-directional channel;
  
  authenticating the requestor;
  
  providing decryption information to the requestor over the bi-directional channel, wherein the decryption information decrypts the service;
  
  transmitting the service, encrypted with encryption information corresponding to the decryption information, over a unidirectional channel;
  
  changing the decryption information needed to decrypt the service throughout the transmission of the service;
  
  encrypting the changed decryption information with encryption information corresponding to decryption information that was previously provided to the reguestor;
  
  providing the requestor with the encrypted changed decryption information over the unidirectional channel; and
  
  transmitting the service, encrypted with encryption information corresponding to the changed decryption information rather than with encryption information corresponding to the decryption information sent over the hi-directional channel, over the unidirectional channel.
- View Dependent Claims (21, 22)
- - 21. The method of claim 20 wherein the previously provided decryption information was provided over the bi-directional channel.
  - 22. The method of claim 20 wherein the previously provided decryption information was provided over the unidirectional channel.

23. A method, comprising:
- requesting a service over a hi-directional channel;
  
  transmitting authentication information over the hi-directional channel;
  
  receiving first decryption information over the hi-directional channel, wherein the first decryption information decrypts the service;
  
  receiving the service over a unidirectional channel, wherein the service is encrypted with encryption information corresponding to the first decryption information;
  
  decrypting the service using the first decryption information;
  
  receiving second decryption information over the unidirectional channel, wherein the second decryption information is encrypted with the encryption information corresponding to the first decryption information;
  
  decrypting the encrypted second decryption information using the first decryption information;
  
  receiving the service over the unidirectional channel, wherein the service is encrypted with encryption information corresponding to the second decryption information; and
  
  decrypting the service using the second decryption information rather than the first decryption information.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 24. The method of claim 23, further comprising:
    - upon completion of the service, requesting another service via the bi-directional channel.
  - 25. The method of claim 23, further comprising:
    - decrypting the service with the first decryption information until unsuccessful and thereafter decrypting the service with the second decryption information.
  - 26. The method of claim 23 wherein the authentication includes a SIM card number.
  - 27. The method of claim 25 wherein the authentication includes a user ID and password.
  - 28. The method of claim 23 wherein the authentication includes IP authentication.
  - 29. The method of claim 28 wherein the IP authentication is a public key encryption scheme.
  - 30. The method of claim 23 wherein the service is requested during a predetermined window of time.
  - 31. The method of claim 23, further comprising:
    - determining whether the service has been dropped;
      
      if the service has been dropped,attempting to re-receive the service;
      
      upon re-receiving the service, determining whether either the first decryption information or the second decryption information is valid decryption information;
      
      if one of the first decryption information or the second decryption information is valid decryption information,decrypting the service with the valid decryption information.
  - 32. The method of claim 31, further comprising:
    - upon re-receiving the service, if nether the first decryption information nor the second decryption information is valid decryption information,establishing a connection to the service provider via the bi-directional channel;
      
      transmitting authentication information over the bi-directional channel;
      
      receiving valid decryption information over the bi-directional channel; and
      
      decrypting the service using the valid decryption information.
  - 33. The method of claim 23, further comprising:
    - receiving synchronization information for determining when the second decryption information is valid.
  - 34. The method of claim 25, further comprising:
    - receiving and storing one or more future keys for decrypting the service after the first and second decryption information are no longer valid.

35. A method, comprising:
- receiving a request for a service from a requestor;
  
  authenticating the requestor;
  
  transmitting first decryption information over a bi-directional channel for reception by the requestor;
  
  installing the first decryption information on a device of the requestor, wherein the first decryption information decrypts the service;
  
  transmitting the service, encrypted with encryption information corresponding to the first decryption information, over a unidirectional channel;
  
  generating second decryption information for use in decrypting the service at a later time;
  
  encrypting the second decryption information with the encryption information corresponding to the first decryption information;
  
  transmitting the encrypted second decryption information over the unidirectional channel for reception by the requestor; and
  
  transmitting the service, encrypted with encryption information corresponding to the second decryption information rather than with encryption information corresponding to the first decryption information, over the unidirectional channel.

36. A method comprising:
- receiving a request for a service from a requestor over a bi-directional channel;
  
  authenticating the requestor;
  
  transmitting a first key to the requestor over the bi-directional channel for decrypting the service;
  
  transmitting the service, encrypted with the first key, over a unidirectional channel;
  
  generating a second key for decrypting the service;
  
  encrypting the second key with the first key;
  
  transmitting the encrypted second key over the unidirectional channel; and
  
  transmitting the service, encrypted with the second key rather than with the first key, over the unidirectional channel.
- View Dependent Claims (37)
- - 37. The method of claim 36 wherein, in addition to the first and second keys, at least one of an algorithm and a parameter are transmitted to the requestor to decrypt the service.

38. An apparatus, comprising:
- a service provider configured to;
  
  receive a request for a service from a requestor over a bi-directional channel;
  
  authenticate the requestor;
  
  transmit first decryption information to the requestor over the bi-directional channel, wherein the first decryption information decrypts the service;
  
  transmit the service, encrypted with encryption information corresponding to the first decryption information, over a unidirectional channel;
  
  generate second decryption information for use in decrypting the service;
  
  encrypt the second decryption information with the encryption information corresponding to the first decryption information;
  
  transmit the second decryption information, encrypted with the encryption information corresponding to the first decryption information, over the unidirectional channel, wherein the second decryption information decrypts the service; and
  
  transmit the service, encrypted with encryption information corresponding to the second decryption information rather than with encryption information corresponding to the first decryption information, over the unidirectional channel.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
- - 39. The apparatus of claim 38 wherein the first decryption information corresponds to a seed of a macro period and the second decryption information corresponds to a micro period of the macro period.
  - 40. The apparatus of claim 39 wherein the micro period is a first micro period of the macro period.
  - 41. The apparatus of claim 38 wherein the second decryption information is transmitted as future decryption information.
  - 42. The apparatus of claim 38 wherein the first decryption information and the second decryption information correspond to different micro periods of a macro period.
  - 43. The apparatus of claim 38 wherein the service provider is further configured to:
    - transmit future decryption information over the bi-directional channel; and
      
      transmit the service encrypted with encryption information corresponding to the future decryption information.
  - 44. The apparatus of claim 38 wherein the request for a service is a request for the service in its entirety or a time interval thereof.
  - 45. The apparatus of claim 38 wherein the bidirectional channel is one of a wireless network.
  - 46. The apparatus of claim 45 wherein the wireless network is a GSM network.
  - 47. The apparatus of claim 45 wherein the wireless network is a Bluetooth network.
  - 48. The apparatus of claim 38 wherein the unidirectional channel is one of a DViB-T network.
  - 49. The apparatus of claim 38 wherein the authenticating is performed using a SIM card number.
  - 50. The apparatus of claim 38 wherein the authenticating is performed using a user ID and password.
  - 51. The apparatus of claim 38 wherein the authenticating is performed using IP authentication.
  - 52. The apparatus of claim 51 wherein the IP authentication is a public key encryption scheme.
  - 53. The apparatus of claim 38 wherein the first decryption information is transmitted to the requestor over the bidirectional channel before the service has begun.
  - 54. The apparatus of claim 38 wherein generating second decryption information involves changing a decryption key, a decryption parameter and/or a decryption algorithm of the first decryption information.
  - 55. The apparatus of claim 38 wherein the service provider is further configured to:
    - transmit synchronization information for use by the requestor in determining when the second decryption information is valid.
  - 56. The apparatus of claim 38 wherein the service provider is further configured to:
    - re-transmit the second decryption information over the unidirectional channel.

57. An apparatus, comprising:
- a service provider configured to;
  
  receive a request for a service from a requestor over a bi-directional channel;
  
  authenticate the requestor;
  
  provide decryption information to the requestor over the bi-directional channel, wherein the decryption information decrypts the service;
  
  transmit the service, encrypted with encryption information corresponding to the decryption information, over a unidirectional channel;
  
  change the decryption information needed to decrypt the service throughout the transmission of the service;
  
  encrypt the changed decryption information with encryption information corresponding to decryption information that was previously provided to the requestor;
  
  provide the requestor with the encrypted changed decryption information over the unidirectional channel; and
  
  transmit the service, encrypted with encryption information corresponding to the changed decryption information rather than with encryption information corresponding to the decryption information sent over the bi-directional channel, over the unidirectional channel.
- View Dependent Claims (58, 59)
- - 58. The apparatus of claim 57 wherein the previously provided decryption information is provided over the bidirectional channel.
  - 59. The apparatus of claim 57 wherein the previously provided decryption information is provided over the unidirectional channel.

60. An apparatus, comprising:
- a client configured to;
  
  request a service over a bi-directional channel;
  
  transmit authentication information over the bi-directional channel;
  
  receive first decryption information over the bi-directional channel, wherein the first decryption infonnation decrypts the service;
  
  receive the service over a unidirectional channel, wherein the service is encrypted with encryption information corresponding to the first decryption information;
  
  decrypt the service using the first decryption information;
  
  receive second decryption information over the unidirectional channel, wherein the second decryption information is encrypted with the encryption information corresponding to the first decryption information;
  
  decrypt the encrypted second decryption information using the first decryption information;
  
  receive the service over the unidirectional channel, wherein the service is encrypted with encryption information corresponding to the second decryption information; and
  
  decrypt the service using the second decryption information rather than the first decryption information.
- View Dependent Claims (61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
- - 61. The apparatus of claim 60, wherein the client is further configured to:
    - upon completion of the service, request another service via the bi-directional channel.
  - 62. The apparatus of claim 60, wherein the client is further configured to:
    - decrypt the service with the first decryption information until unsuccessful and thereafter decrypt the service with the second decryption information.
  - 63. The apparatus of claim 60 wherein the authentication includes a SIM card number.
  - 64. The apparatus of claim 60 wherein the authentication includes a user ID and password.
  - 65. The apparatus of claim 60 wherein the authentication includes IP authentication.
  - 66. The apparatus of claim 65 wherein the IP authentication is a public key encryption scheme.
  - 67. The apparatus of claim 60 wherein the service is requested during a predetermined window of time.
  - 68. The apparatus of claim 60, wherein the client is further configured to:
    - determine whether the service has been dropped;
      
      if the service has been dropped,attempt to re-receive the service;
      
      upon re-receiving the service, determine whether either the first decryption information or the second decryption information is valid decryption information;
      
      if one of the first decryption information or the second decryption information is valid decryption information,decrypt the service with the valid decryption information.
  - 69. The apparatus of claim 68, wherein the client is further configured to:
    - upon re-receiving the service, if nether the first decryption information nor the second decryption information is valid decryption information,establish a connection to the service provider via the bi-directional channel;
      
      transmit authentication information over the bi-directional channel;
      
      receive valid decryption information over the bi-directional channel; and
      
      decrypt the service using the valid decryption information.
  - 70. The apparatus of claim 60, wherein the client is further configured to:
    - receive synchronization information for determining when the second decryption information is valid.
  - 71. The apparatus of claim 60, wherein the client is further configured to:
    - receive and store one or more future keys for decrypting the service after the first and second decryption information are no longer valid.

72. An apparatus, comprising:
- a service provider configured to;
  
  receive a request for a service from a requestor;
  
  authenticate the requestor;
  
  transmit first decryption information over a bidirectional channel for reception by the requestor;
  
  install the first decryption information on a device of the requestor, wherein the first decryption information decrypts the service;
  
  transmit the service, encrypted with encryption information corresponding to the first decryption information, over a unidirectional channel;
  
  generate second decryption information for use in decrypting the service at a later time;
  
  encrypt the second decryption information with the encryption information corresponding to the first decryption information;
  
  transmit the encrypted second decryption information over the unidirectional channel for reception by the requestor, andtransmit the service, encrypted with encryption information corresponding to the second decryption information rather than with encryption information corresponding to the first decryption information, over the unidirectional channel.

73. An apparatus, comprising:
- a service provider configured to;
  
  receive a request for a service from a requestor over a bi-directional channel;
  
  authenticate the requestor;
  
  transmit a first key to the requestor over the bi-directional channel for decrypting the service;
  
  transmit the service, encrypted with the first key, over a unidirectional channel;
  
  generate a second key for decrypting the service;
  
  encrypt the second key with the first key;
  
  transmit the encrypted second key over the unidirectional channel; and
  
  transmit the service, encrypted with the second key rather than with the first key, over the unidirectional channel.
- View Dependent Claims (74)
- - 74. The apparatus of claim 73 wherein, in addition to the first and second keys, at least one of an algorithm and a parameter are transmitted to the requestor to decrypt the service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Walsh, Rod, Hakkarainen, Tomi
Primary Examiner(s)
Barron Jr.; Gilberto
Assistant Examiner(s)
Dinh; Minh

Application Number

US10/072,147
Publication Number

US 20030147532A1
Time in Patent Office

2,532 Days
Field of Search

380/239, 380/260, 380/262, 380/278, 380/287, 725/31
US Class Current

380/239
CPC Class Codes

H04H 60/23   using cryptography, e.g. en...

H04H 60/91   Mobile communication networ...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 9/0891   Revocation or update of sec...

H04L 9/3226   using a predetermined code,...

H04N 2007/1739   the upstream communication ...

H04N 21/25816   involving client authentica...

H04N 21/26613   for generating or managing ...

H04N 21/6181   involving transmission via ...

H04N 21/63345   by transmitting keys key di...

H04N 7/162   Authorising the user termin...

H04N 7/1675   Providing digital key or au...

H04N 7/17318   Direct or substantially dir...

Hybrid network encrypt/decrypt scheme

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

74 Claims

Specification

Solutions

Use Cases

Quick Links

Hybrid network encrypt/decrypt scheme

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

74 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links