Secure packet-based data broadcasting architecture

US 7,739,496 B2
Filed: 07/13/2001
Issued: 06/15/2010
Est. Priority Date: 07/14/2000
Status: Active Grant

First Claim

Patent Images

1. A method for secure packet-based transmission of content data from a head-end to at least one client, through at least one network to which the head-end and the client are connected, comprising:

retrieving a clear data packet in accordance to a data packet protocol comprising a clear data packet header in accordance to the data packet protocol and an unencrypted payload;

dividing the unencrypted payload from the clear data packet into one or more fragments;

applying an encryption algorithm to each fragment to generate encrypted fragments;

generating an encryption header for each encrypted fragment;

composing a packet with encrypted data for each encrypted fragment, comprising the encrypted fragment, the encryption header for the encrypted fragment, and a data packet header in accordance to the data packet protocol; and

transmitting each of the thus composed packets to the client in accordance to the data packet protocol.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for processing packets with encrypted data received by a client from a server through at least one network wherein the data packets comprise at least an encryption header (46) and payload (45), extracting the encryption header (54, 55; 69) from a data packet, extracting and decrypting the encrypted payload to form a clear data, generating a clear data packet segment. Secure packet-based transmission of content data from a server to at least one client comprises retrieving a clear data packet comprising an unencrypted payload, dividing the unencrypted payload into one or more segments, applying an encrypted algorithm to each segment to generate encrypted segments (47), generating encryption header for each encrypted segment composing a packet with encrypted data for each encrypted segment comprising the encrypted header (46), a data packet header and transmission of each of the composed packets to the client.

42 Citations

View as Search Results

12 Claims

1. A method for secure packet-based transmission of content data from a head-end to at least one client, through at least one network to which the head-end and the client are connected, comprising:
- retrieving a clear data packet in accordance to a data packet protocol comprising a clear data packet header in accordance to the data packet protocol and an unencrypted payload;
  
  dividing the unencrypted payload from the clear data packet into one or more fragments;
  
  applying an encryption algorithm to each fragment to generate encrypted fragments;
  
  generating an encryption header for each encrypted fragment;
  
  composing a packet with encrypted data for each encrypted fragment, comprising the encrypted fragment, the encryption header for the encrypted fragment, and a data packet header in accordance to the data packet protocol; and
  
  transmitting each of the thus composed packets to the client in accordance to the data packet protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, wherein, in dividing the unencrypted payload into fragments, the fragment size is chosen to keep the size of the packets with encrypted data below a maximum transmission unit of the network.
  - 3. The method according to claim 1, further comprising retrieving conditional access data specified in the clear data packet wherein the conditional access data is used to generate the encrypted fragments.
  - 4. The method according to claim 1, wherein information is encoded in the encryption header for each encrypted fragment regarding the length of the fragment before encryption and extra length added to the packet with encrypted data relative to the unencrypted data associated with respective clear data by the encryption algorithm.
  - 5. The method according to claim 1, wherein the encryption header for at least one fragment is provided with information regarding a checksum of the unencrypted payload to allow re-assembly of the clear data packet at the client.
  - 6. The method according to claim 1, wherein the encryption header comprises a flag to distinguish the first transmitted one of the composed packets from packets composed from further encrypted fragments generated from the same unencrypted payload.
  - 7. The method according to claim 1, wherein information comprising an offset of an unencrypted fragment with respect a first fragment of the unencrypted payload is provided in the encryption header for the encrypted fragment generated from the unencrypted fragment.
  - 8. The method according to claim 1, wherein information specifying the encryption algorithm applied to the fragment is encoded in the encryption header.
  - 9. The method according to claim 1, further comprising transmitting as data packets Entitlement Management Messages, for authorizing a client to make use of a particular service.
  - 10. The method according to claim 1, further comprising transmitting as data packets Entitlement Control Messages, comprising decryption information, for selectively authorizing a client to receive data belonging to a particular service.
  - 11. The method according to claim 1, further comprising transmitting as data packets Information Messages identifying a service and comprising information for receiving messages belonging to the service.
  - 12. The method according to claim 1, wherein the data packet protocol is an IP protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Irdeto B.V. (MultiChoice Group Ltd.)
Original Assignee
Irdeto Access B.V. (MultiChoice Group Ltd.)
Inventors
Jacobs, Andre
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Powers; William S

Application Number

US10/333,007
Publication Number

US 20040064688A1
Time in Patent Office

3,259 Days
Field of Search

713/160, 726/26, 380/210
US Class Current

713/160
CPC Class Codes

H04L 2463/101   applying security measures ...

H04L 63/0245   Filtering by information in...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 69/166   IP fragmentation; TCP segme...

Secure packet-based data broadcasting architecture

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Secure packet-based data broadcasting architecture

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links