System and method for a variable key ladder
DCFirst Claim
Patent Images
1. A decryption apparatus, comprising:
- a non-transitory computer-readable storage medium configured to store configuration data and at least some of a plurality of keys, wherein a first one of the keys is a symmetric device key and a second one of the keys is an asymmetric key;
a key decryption operator configured to generate a third one of the keys as another device key by decrypting a data message using the second one of the keys, the data message being included in a data stream;
a switch configured to select between the first one of the keys and the third one of the keys depending on the configuration data; and
a decryption engine configured to decrypt at least a portion of the data stream using a key ladder that includes the selected first or third one of the keys.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A method of generating encryption and decryption keys for a multiple tier, variable key ladder (VKL) hierarchy includes determining a device key based on network connection and configuration data contained in conditional access system firmware, decrypting and extracting a session or category key from an input media stream or an Entitlement Management Message using the device key, and configuring a key ladder in response to at least one Entitlement Control Message (ECM), wherein the key ladder comprises the device key and at least one of (i) a program key, (ii) the session or category key, and (iii) at least one control word.
93 Citations
20 Claims
-
1. A decryption apparatus, comprising:
-
a non-transitory computer-readable storage medium configured to store configuration data and at least some of a plurality of keys, wherein a first one of the keys is a symmetric device key and a second one of the keys is an asymmetric key; a key decryption operator configured to generate a third one of the keys as another device key by decrypting a data message using the second one of the keys, the data message being included in a data stream; a switch configured to select between the first one of the keys and the third one of the keys depending on the configuration data; and a decryption engine configured to decrypt at least a portion of the data stream using a key ladder that includes the selected first or third one of the keys. - View Dependent Claims (2, 3, 7, 20)
-
-
4. A method for decrypting a data stream, comprising:
-
storing configuration data and at least some of a plurality of keys, wherein a first one of the keys is a symmetric device key and a second one of the keys is an asymmetric key; receiving, by a receiver, a data stream including a data message; generating a third one of the keys as another device key by decrypting the data message using the second one of the keys; selecting between the first one of the keys and the third one of the keys depending on the configuration data; and decrypting at least a portion of the data stream using a key ladder that includes the selected first or third one of the keys. - View Dependent Claims (5, 6, 8, 9)
-
-
10. A decryption apparatus, comprising:
-
a non-transitory computer-readable storage medium configured to store configuration data, a symmetric first key that is a device key, a second key, and an asymmetric third key; a key decryption operator configured to receive a data message and to generate a fourth key as another device key by decrypting the data message using the asymmetric third key; a switch configured to select between the symmetric first key and the fourth key depending upon the configuration data, and also to select the second key so as to be used for decryption at a particular tier in a key ladder, wherein the particular tier also depends upon the configuration data; and a decryption engine configured to decrypt at least a portion of a data stream using the key ladder that includes the second key at the particular tier and the selected one of the first and fourth keys. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method, comprising:
-
receiving configuration data, a symmetric first key as a device key, a second key, and an asymmetric third key; generating a fourth key by decrypting a received data message using the asymmetric third key; selecting between the symmetric first key and a fourth key as another device key generated by decrypting a received data message using the asymmetric third key depending upon the configuration data; selecting the second key so as to be used for decryption at a particular tier in a key ladder, wherein the particular tier also depends upon the configuration data; and decrypting at least a portion of a data stream using a key ladder that includes the second key at the particular tier and the selected one of the first and fourth keys. - View Dependent Claims (16, 17, 18, 19)
-
Specification