Hybrid network encrypt/decrypt scheme
First Claim
1. A method, comprising:
- receiving a request for a service from a requestor over a bi-directional channel;
authenticating the requestor;
transmitting first decryption information to the requestor over the bi-directional channel, wherein the first decryption information decrypts the service;
transmitting the service, encrypted with encryption information corresponding to the first decryption information, over a unidirectional channel;
generating second decryption information for use in decrypting the service;
encrypting the second decryption information with the encryption information corresponding to the first decryption information;
transmitting the second decryption information, encrypted with the encryption information corresponding to the first decryption information, over the unidirectional channel, wherein the second decryption information decrypts the service; and
transmitting the service, encrypted with encryption information corresponding to the second decryption information rather than with encryption information corresponding to the first decryption information, over the unidirectional channel.
1 Assignment
0 Petitions
Accused Products
Abstract
A hybrid method for a service provider to transmit decryption information (e.g., algorithms, parameters, keys) to clients in a secure manner and at low cost for use in decrypting broadcast services. The service provider uses a bi-directional channel (e.g., a GPRS channel) to receive service requests, authenticate clients and transmit currently valid decryption information (and, optionally, future decryption information) necessary to decrypt a broadcast service. The service provider transmits the encrypted service on a unidirectional channel (e.g., a DVB-T channel). The service provider preferably also changes the encryption of the service with time, and, as it does, transmits updated decryption information to its clients on the unidirectional channel. The updated decryption information is encrypted using the currently valid decryption information and may also include future decryption information and synchronization information.
-
Citations
74 Claims
-
1. A method, comprising:
-
receiving a request for a service from a requestor over a bi-directional channel; authenticating the requestor; transmitting first decryption information to the requestor over the bi-directional channel, wherein the first decryption information decrypts the service; transmitting the service, encrypted with encryption information corresponding to the first decryption information, over a unidirectional channel; generating second decryption information for use in decrypting the service; encrypting the second decryption information with the encryption information corresponding to the first decryption information; transmitting the second decryption information, encrypted with the encryption information corresponding to the first decryption information, over the unidirectional channel, wherein the second decryption information decrypts the service; and transmitting the service, encrypted with encryption information corresponding to the second decryption information rather than with encryption information corresponding to the first decryption information, over the unidirectional channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method, comprising:
-
receiving a request for a service from a requestor over a bi-directional channel; authenticating the requestor; providing decryption information to the requestor over the bi-directional channel, wherein the decryption information decrypts the service; transmitting the service, encrypted with encryption information corresponding to the decryption information, over a unidirectional channel; changing the decryption information needed to decrypt the service throughout the transmission of the service; encrypting the changed decryption information with encryption information corresponding to decryption information that was previously provided to the reguestor; providing the requestor with the encrypted changed decryption information over the unidirectional channel; and transmitting the service, encrypted with encryption information corresponding to the changed decryption information rather than with encryption information corresponding to the decryption information sent over the hi-directional channel, over the unidirectional channel. - View Dependent Claims (21, 22)
-
-
23. A method, comprising:
-
requesting a service over a hi-directional channel; transmitting authentication information over the hi-directional channel; receiving first decryption information over the hi-directional channel, wherein the first decryption information decrypts the service; receiving the service over a unidirectional channel, wherein the service is encrypted with encryption information corresponding to the first decryption information; decrypting the service using the first decryption information; receiving second decryption information over the unidirectional channel, wherein the second decryption information is encrypted with the encryption information corresponding to the first decryption information; decrypting the encrypted second decryption information using the first decryption information; receiving the service over the unidirectional channel, wherein the service is encrypted with encryption information corresponding to the second decryption information; and decrypting the service using the second decryption information rather than the first decryption information. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A method, comprising:
-
receiving a request for a service from a requestor; authenticating the requestor; transmitting first decryption information over a bi-directional channel for reception by the requestor; installing the first decryption information on a device of the requestor, wherein the first decryption information decrypts the service; transmitting the service, encrypted with encryption information corresponding to the first decryption information, over a unidirectional channel; generating second decryption information for use in decrypting the service at a later time; encrypting the second decryption information with the encryption information corresponding to the first decryption information; transmitting the encrypted second decryption information over the unidirectional channel for reception by the requestor; and transmitting the service, encrypted with encryption information corresponding to the second decryption information rather than with encryption information corresponding to the first decryption information, over the unidirectional channel.
-
-
36. A method comprising:
-
receiving a request for a service from a requestor over a bi-directional channel; authenticating the requestor; transmitting a first key to the requestor over the bi-directional channel for decrypting the service; transmitting the service, encrypted with the first key, over a unidirectional channel; generating a second key for decrypting the service; encrypting the second key with the first key; transmitting the encrypted second key over the unidirectional channel; and transmitting the service, encrypted with the second key rather than with the first key, over the unidirectional channel. - View Dependent Claims (37)
-
-
38. An apparatus, comprising:
-
a service provider configured to; receive a request for a service from a requestor over a bi-directional channel; authenticate the requestor; transmit first decryption information to the requestor over the bi-directional channel, wherein the first decryption information decrypts the service; transmit the service, encrypted with encryption information corresponding to the first decryption information, over a unidirectional channel; generate second decryption information for use in decrypting the service; encrypt the second decryption information with the encryption information corresponding to the first decryption information; transmit the second decryption information, encrypted with the encryption information corresponding to the first decryption information, over the unidirectional channel, wherein the second decryption information decrypts the service; and transmit the service, encrypted with encryption information corresponding to the second decryption information rather than with encryption information corresponding to the first decryption information, over the unidirectional channel. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
-
-
57. An apparatus, comprising:
-
a service provider configured to; receive a request for a service from a requestor over a bi-directional channel; authenticate the requestor; provide decryption information to the requestor over the bi-directional channel, wherein the decryption information decrypts the service; transmit the service, encrypted with encryption information corresponding to the decryption information, over a unidirectional channel; change the decryption information needed to decrypt the service throughout the transmission of the service; encrypt the changed decryption information with encryption information corresponding to decryption information that was previously provided to the requestor; provide the requestor with the encrypted changed decryption information over the unidirectional channel; and transmit the service, encrypted with encryption information corresponding to the changed decryption information rather than with encryption information corresponding to the decryption information sent over the bi-directional channel, over the unidirectional channel. - View Dependent Claims (58, 59)
-
-
60. An apparatus, comprising:
-
a client configured to; request a service over a bi-directional channel; transmit authentication information over the bi-directional channel; receive first decryption information over the bi-directional channel, wherein the first decryption infonnation decrypts the service; receive the service over a unidirectional channel, wherein the service is encrypted with encryption information corresponding to the first decryption information; decrypt the service using the first decryption information; receive second decryption information over the unidirectional channel, wherein the second decryption information is encrypted with the encryption information corresponding to the first decryption information; decrypt the encrypted second decryption information using the first decryption information; receive the service over the unidirectional channel, wherein the service is encrypted with encryption information corresponding to the second decryption information; and decrypt the service using the second decryption information rather than the first decryption information. - View Dependent Claims (61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
-
-
72. An apparatus, comprising:
-
a service provider configured to; receive a request for a service from a requestor; authenticate the requestor; transmit first decryption information over a bidirectional channel for reception by the requestor; install the first decryption information on a device of the requestor, wherein the first decryption information decrypts the service; transmit the service, encrypted with encryption information corresponding to the first decryption information, over a unidirectional channel; generate second decryption information for use in decrypting the service at a later time; encrypt the second decryption information with the encryption information corresponding to the first decryption information; transmit the encrypted second decryption information over the unidirectional channel for reception by the requestor, and transmit the service, encrypted with encryption information corresponding to the second decryption information rather than with encryption information corresponding to the first decryption information, over the unidirectional channel.
-
-
73. An apparatus, comprising:
-
a service provider configured to; receive a request for a service from a requestor over a bi-directional channel; authenticate the requestor; transmit a first key to the requestor over the bi-directional channel for decrypting the service; transmit the service, encrypted with the first key, over a unidirectional channel;
generate a second key for decrypting the service;encrypt the second key with the first key; transmit the encrypted second key over the unidirectional channel; and transmit the service, encrypted with the second key rather than with the first key, over the unidirectional channel. - View Dependent Claims (74)
-
Specification