Method and apparatus for protecting the transfer of data

US 7,730,300 B2
Filed: 03/11/2003
Issued: 06/01/2010
Est. Priority Date: 03/30/1999
Status: Active Grant

First Claim

Patent Images

1. A secure content delivery system, comprising:

a set-top box to initiate a request for program data, the request including a unique identifier of the set-top box; and

a conditional access (CA) control system in communication with the set-top box and a remote source, the CA control system adapted to do the following;

to transmit information including the unique identifier and a mating key generator to the remote source,to receive a mating key from the remote source, the mating key being based on the transmitted unique identifier and mating key generator, the mating key being used to encrypt a control word used for scrambling the program data prior to transmission to the set-top box, andto transmit the mating key generator and the encrypted control word to the set-top box.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, a method for scrambling and descrambling program data comprises the receipt of a mating key generator message including a manufacturer identifier. The mating key generator message is transmitted to a first remote source identified by the manufacturer identifier. In response, a mating key is received from the first remote source. Then, the mating key is supplied to a second remote source, the mating key being subsequently used to encrypt a service key used for scrambling program data.

Citations

36 Claims

1. A secure content delivery system, comprising:
- a set-top box to initiate a request for program data, the request including a unique identifier of the set-top box; and
  
  a conditional access (CA) control system in communication with the set-top box and a remote source, the CA control system adapted to do the following;
  
  to transmit information including the unique identifier and a mating key generator to the remote source,to receive a mating key from the remote source, the mating key being based on the transmitted unique identifier and mating key generator, the mating key being used to encrypt a control word used for scrambling the program data prior to transmission to the set-top box, andto transmit the mating key generator and the encrypted control word to the set-top box.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The secure content delivery system of claim 1, wherein the remote source is a plurality of servers each associated with a manufacturer of set-top boxes.
  - 3. The secure content delivery system of claim 2, wherein the transmitted information including a manufacturer identifier that identifies one of the plurality of servers associated with the manufacturer of the set-top box in order to retrieve the mating key therefrom.
  - 4. The secure content delivery system of claim 1, wherein transmitted information comprises a mating key sequence number being used for aging the mating key.
  - 5. The secure content delivery system of claim 1, wherein transmitted information comprises an identifier that identifies a supplier of the program data, the supplier being one of a cable provider, a satellite-based provider, a terrestrial-based provider, and an Internet service provider.
  - 6. The secure content delivery system of claim 1, wherein transmitted information comprises an identifier that indicates a provider of the CA control system.
  - 7. The secure content delivery system of claim 1, wherein the remote source is a trusted third party including a plurality of databases accessible by the CA control system.
  - 8. The secure content delivery system of claim 1, wherein the CA control system generates and provides an entitlement control message (ECM) and an entitlement management message (EMM) to the set-top box after receipt of the mating key, the ECM comprises at least one global key to decrypt the ECM and a corresponding key identifier being a value that is digitally signed for use in checking whether the global key has been illicitly altered.
  - 9. The secure content delivery system of claim 1, wherein CA control system generates and provides an entitlement control message (ECM) and an entitlement management message (EMM) to the set-top box after receipt of the mating key, the ECM comprises the control word in an encrypted format and the EMM comprises the mating key generator.
  - 10. The secure content delivery system of claim 9, wherein the set-top box comprises a smart card and a descrambler component.
  - 11. The secure content delivery system of claim 10, wherein the smart card of the set-top box receives the EMM and forwards the mating key generator from the EMM and the encrypted control word recovered from the ECM to the descrambler component of the set-top-box.
  - 12. The secure content delivery system of claim 11, wherein the descrambler component comprises a first process block that performs an encryption operation on the mating key generator message using a unique key previously stored in the descrambler component to produce a key identical to the mating key, the key being loaded into a second process block that is used to decrypt the encrypted control word to produce the control word used for descrambling the scrambled program data.

13. A method performed by a device with circuitry for processing information, comprising:
- receiving a mating key generator message including a manufacturer identifier of a set-top box;
  
  transmitting the mating key generator message and a unique identifier of the set-top box to a first remote source associated with the manufacturer identifier;
  
  receiving a mating key from the first remote source, the mating key being based on the transmitted unique identifier and mating key generator message;
  
  supplying the mating key to a second remote source, the mating key being subsequently used to encrypt a service key used for scrambling program data; and
  
  supplying the encrypted service key and the mating key generator message to a descrambler component of the set-top box.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, wherein the mating key generator message further comprises a mating key sequence number being used to update the mating key.
  - 15. The method of claim 13, wherein the mating key generator message further comprises an identifier that identifies a supplier of the program data, the supplier being one of a cable provider, a satellite-based provider, a terrestrial-based provider, and an Internet service provider.
  - 16. The method of claim 13, wherein the supplying of the mating key to the second remote source includes providing the mating key to a conditional access (CA) control system being in communication with a set-top box.
  - 17. The method according to claim 13, wherein the first remote source is different than the second remote source.
  - 18. The method of claim 16 further comprising:
    - producing an entitlement management message (EMM) that comprises the mating key generator message, the encrypted service key and a key identifier being a value that indicates a tier of service associated with the encrypted service key; and
      
      providing the EMM to the set-top box.
  - 19. The method of claim 16 further comprising:
    - providing meta-data with an electronic program guide in an unscrambled format from the CA control system to the set-top box, the meta-data comprises a plurality of tag entries each comprising a channel name, a name of the program data, and an identifier for the service key required for access to the channel; and
      
      providing the mating key generator message from the CA control system to the set-top box.
  - 20. The method of claim 19, wherein the meta-data further comprises the mating key generator message.

21. A mating key gateway adapted for communication with a plurality of subscriber management systems each associated with a different content provider, comprising:
- hardware means for routing a mating key generator to a selected mating key server;
  
  hardware means for retrieving a mating key based on a unique identifier associated with a set-top box targeted to receive program data and the mating key generator; and
  
  hardware means for transmitting the mating key to one of the plurality of subscriber management systems, the mating key being used to encrypt at least one service key provided to the set-top box.
- View Dependent Claims (22, 23)
- - 22. The mating key gateway of claim 21 further comprising:
    - hardware means for retrieving a second mating key based on the unique identifier and the mating key generator; and
      
      hardware means for transmitting the second mating key to a second one of the plurality of subscriber management systems;
      
      wherein the hardware means for retrieving the second mating key and the hardware means for transmitting the second mating key operate concurrently with the hardware means for retrieving the mating key and the hardware means for transmitting the mating key.
  - 23. The mating key gateway of claim 22, wherein the at least two subscriber management systems include at least two of a group consisting of cable provider, a satellite-based provider, terrestrial broadcaster, and an Internet service provider.

24. An apparatus adapted to receive scrambled content, comprising:
- a network interface; and
  
  a descrambler component to receive (i) a mating key generator message including a unique identifier, (ii) at least one encrypted service key and (iii) a corresponding key identifier to indicates a tier of service associated with the encrypted service key over the network interface, the descrambler component performing a cryptographic operation on the mating key generator message to produce a key for decrypting the encrypted service key to recover a service key used to descramble the scrambled content, the mating key generator message being received from a conditional access (CA) control system.
- View Dependent Claims (25, 26, 27)
- - 25. The apparatus of claim 24, wherein the mating key generator message, the encrypted service key and the corresponding key identifier are contained in a single entitlement management message (EMM).
  - 26. The apparatus of claim 24, wherein the mating key generator message is supplied with an electronic program guide and the encrypted service key and the corresponding key identifier are contained in an entitlement management message (EMM).
  - 27. The apparatus of claim 24, wherein both the mating key generator message and the corresponding key identifier are supplied by meta-data associated with an electronic program guide while the encrypted service key is contained in an entitlement management message (EMM).

28. A method adapted for protecting the transfer of program data to a digital device, comprising:
- producing a mating key generator being a message that comprises(i) a first value to identify a provider of a conditional access (CA) system that is producing the mating key generator, and(ii) a second value to identify a service provider that is supplying the program data;
  
  transmitting the mating key generator to a first remote source;
  
  transmitting a unique identifier of the digital device targeted to receive the program data to the first remote source;
  
  receiving a mating key from the first remote source being a trusted third party, the mating key being generated based on the mating key generator and the unique identifier; and
  
  supplying the mating key to the digital device, the mating key being subsequently used to encrypt either a control word or a service key, each being used for scrambling the program data.
- View Dependent Claims (29, 30)
- - 29. The method of claim 28, wherein the producing of the mating key generator further comprises loading a third value to identify a manufacturer of the digital device.
  - 30. The method of claim 28, wherein the producing of the mating key generator further comprises loading a mating key sequence number to indicate a time of expiration of the mating key generator.

31. A secure content delivery system, comprising:
- a digital device including a unique identifier; and
  
  a conditional access (CA) control system in communication with the digital device, the CA control system to transmit(1) digital content scrambled with a key encrypted using a mating key, the mating key is a permutation of the unique identifier and a mating key generator including at least two of a manufacturer identifier, a service provider identifier, a CA provider identifier, and a mating key sequence number,(2) the mating key generator, and(3) at least one entitlement management message (EMM), the EMM comprises a plurality of service keys and a plurality of key identifiers each indicating a tier of service associated with a service key of the plurality of service keys.
- View Dependent Claims (32, 33, 34, 35, 36)
- - 32. The secure content delivery system of claim 31, wherein the digital device is a set-top box.
  - 33. The secure content delivery system of claim 31, wherein the digital device is a television.
  - 34. The secure content delivery system of claim 31, wherein the digital device is a computer operating in combination with a network interface.
  - 35. The secure content delivery system of claim 31, wherein the digital device is a video recording device.
  - 36. The secure content delivery system of claim 31, wherein the plurality of service keys of the EMM are encrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.), Sony Electronics Inc. (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.), Sony Electronics Inc. (Sony Group Corp.)
Inventors
Candelore, Brant L.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Tolentino, Roderick

Application Number

US10/387,163
Publication Number

US 20030174844A1
Time in Patent Office

2,639 Days
Field of Search

713/155, 713/150, 380/201, 380/229, 726/3, 709/225, 709/226, 705/67
US Class Current

713/155
CPC Class Codes

G06Q 20/3674   involving authentication

H04N 21/254   Management at additional da...

H04N 21/25808   Management of client data t...

H04N 21/26606   for generating or managing ...

H04N 21/26613   for generating or managing ...

H04N 21/4135   external recorder interface...

H04N 21/4181   for conditional access

H04N 21/4623   Processing of entitlement m...

H04N 21/47211   for requesting pay-per-view...

H04N 21/63345   by transmitting keys key di...

H04N 7/163   by receiver means only

H04N 7/1675   Providing digital key or au...

H04N 7/17318   Direct or substantially dir...

Method and apparatus for protecting the transfer of data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for protecting the transfer of data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links