Conditional access system and method prevention of replay attacks
First Claim
1. A cryptographic method for rendering a conditional access system resistant to replay attacks comprising the steps of:
- generating a set of one or more keys usable for encryption or decryption, said generating caused by an authorization module controlling authorization of access to a plurality of transport streams, said authorization module on or in communication with a receiver among a plurality of receivers in communication with a headend;
storing an encrypted transport stream transmitted from said headend, wherein said encrypted transport stream is further encrypted at said receiver, using one or more keys from said set of one or more keys usable for encryption or decryption, so that a doubly encrypted transport stream is stored on a storage medium on or accessible to said receiver; and
decrypting said doubly encrypted transport stream by a decryption module on or in communication with said receiver using one or more keys from said set of one or more keys usable for encryption or decryption.
12 Assignments
0 Petitions
Accused Products
Abstract
In a conditional access system, a headend transmits content to one or more receivers in encrypted transport streams. The system provides a multi-layer security architecture, rendering the system resistant to key replay attacks; if one layer is circumvented, subsequent layers remain intact. A first layer prevents unencrypted keys from being recorded by shielding the unencrypted keys from users and encrypting the path from the receiver'"'"'s conditional access module to the transport decryption module; a second layer prevents a key recorded on one receiver from being played back to the transport decryption module on a second receiver; a third layer prevents a user from decrypting transport streams without the encryption module by encrypting the stream a second time prior to being passed through any user-accessible memory or processor. Events tables are transmitted with the transport stream, either unencrypted for immediate use or encrypted, to prevent unauthorized use.
-
Citations
30 Claims
-
1. A cryptographic method for rendering a conditional access system resistant to replay attacks comprising the steps of:
-
generating a set of one or more keys usable for encryption or decryption, said generating caused by an authorization module controlling authorization of access to a plurality of transport streams, said authorization module on or in communication with a receiver among a plurality of receivers in communication with a headend; storing an encrypted transport stream transmitted from said headend, wherein said encrypted transport stream is further encrypted at said receiver, using one or more keys from said set of one or more keys usable for encryption or decryption, so that a doubly encrypted transport stream is stored on a storage medium on or accessible to said receiver; and decrypting said doubly encrypted transport stream by a decryption module on or in communication with said receiver using one or more keys from said set of one or more keys usable for encryption or decryption. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A conditional access system resistant to replay attacks, comprising:
-
a generated set of one or more keys usable for encryption or decryption, said generation caused by an authorization module controlling authorization of access to a plurality of transport streams, said authorization module on or in communication with a receiver among a plurality of receivers in communication with a headend, said receiver capable of further encrypting an encrypted transport stream transmitted from said headend using one or more keys from said generated set of one or more keys usable for encryption or decryption, so that a doubly encrypted transport stream is stored on a storage medium on or accessible to said receiver; and a decryption module on or in communication with said receiver for decrypting said doubly encrypted transport stream. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification