System and method for a variable key ladder

US 7,933,410 B2
Filed: 02/16/2005
Issued: 04/26/2011
Est. Priority Date: 02/16/2005
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A decryption apparatus, comprising:

a non-transitory computer-readable storage medium configured to store configuration data and at least some of a plurality of keys, wherein a first one of the keys is a symmetric device key and a second one of the keys is an asymmetric key;

a key decryption operator configured to generate a third one of the keys as another device key by decrypting a data message using the second one of the keys, the data message being included in a data stream;

a switch configured to select between the first one of the keys and the third one of the keys depending on the configuration data; and

a decryption engine configured to decrypt at least a portion of the data stream using a key ladder that includes the selected first or third one of the keys.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A method of generating encryption and decryption keys for a multiple tier, variable key ladder (VKL) hierarchy includes determining a device key based on network connection and configuration data contained in conditional access system firmware, decrypting and extracting a session or category key from an input media stream or an Entitlement Management Message using the device key, and configuring a key ladder in response to at least one Entitlement Control Message (ECM), wherein the key ladder comprises the device key and at least one of (i) a program key, (ii) the session or category key, and (iii) at least one control word.

93 Citations

View as Search Results

20 Claims

1. A decryption apparatus, comprising:
- a non-transitory computer-readable storage medium configured to store configuration data and at least some of a plurality of keys, wherein a first one of the keys is a symmetric device key and a second one of the keys is an asymmetric key;
  
  a key decryption operator configured to generate a third one of the keys as another device key by decrypting a data message using the second one of the keys, the data message being included in a data stream;
  
  a switch configured to select between the first one of the keys and the third one of the keys depending on the configuration data; and
  
  a decryption engine configured to decrypt at least a portion of the data stream using a key ladder that includes the selected first or third one of the keys.
- View Dependent Claims (2, 3, 7, 20)
- - 2. The decryption apparatus of claim 1, wherein the key ladder includes at least one asymmetric key and at least one symmetric key.
  - 3. The decryption apparatus of claim 1, wherein the configuration data indicates how many of the keys are to be included in the key ladder.
  - 7. The decryption apparatus of claim 1, wherein the data message is an Entitlement Management Message (EMM).
  - 20. The decryption apparatus of claim 1, further comprising a receiver configured to receive the configuration data as part of the data stream.

4. A method for decrypting a data stream, comprising:
- storing configuration data and at least some of a plurality of keys, wherein a first one of the keys is a symmetric device key and a second one of the keys is an asymmetric key;
  
  receiving, by a receiver, a data stream including a data message;
  
  generating a third one of the keys as another device key by decrypting the data message using the second one of the keys;
  
  selecting between the first one of the keys and the third one of the keys depending on the configuration data; and
  
  decrypting at least a portion of the data stream using a key ladder that includes the selected first or third one of the keys.
- View Dependent Claims (5, 6, 8, 9)
- - 5. The method of claim 4, wherein the key ladder includes at least one asymmetric key and at least one symmetric key.
  - 6. The method of claim 4, wherein the configuration data indicates how many of the keys are to be included in the key ladder.
  - 8. The method of claim 4, wherein the data message is an Entitlement Management Message (EMM).
  - 9. The method of claim 4, further comprising receiving the configuration data as part of the data stream.

10. A decryption apparatus, comprising:
- a non-transitory computer-readable storage medium configured to store configuration data, a symmetric first key that is a device key, a second key, and an asymmetric third key;
  
  a key decryption operator configured to receive a data message and to generate a fourth key as another device key by decrypting the data message using the asymmetric third key;
  
  a switch configured to select between the symmetric first key and the fourth key depending upon the configuration data, and also to select the second key so as to be used for decryption at a particular tier in a key ladder, wherein the particular tier also depends upon the configuration data; and
  
  a decryption engine configured to decrypt at least a portion of a data stream using the key ladder that includes the second key at the particular tier and the selected one of the first and fourth keys.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The decryption apparatus of claim 10, wherein the data message is an Entitlement Management Message (EMM).
  - 12. The decryption apparatus of claim 10, wherein the key ladder comprises at least one asymmetric key and at least one symmetric key.
  - 13. The decryption apparatus of claim 10, wherein the key ladder comprises a single asymmetric key in a first tier of the key ladder, and further comprises a plurality of symmetric keys.
  - 14. The decryption apparatus of claim 10, further comprising a receiver configured to receive the configuration data as part of the data stream.

15. A method, comprising:
- receiving configuration data, a symmetric first key as a device key, a second key, and an asymmetric third key;
  
  generating a fourth key by decrypting a received data message using the asymmetric third key;
  
  selecting between the symmetric first key and a fourth key as another device key generated by decrypting a received data message using the asymmetric third key depending upon the configuration data;
  
  selecting the second key so as to be used for decryption at a particular tier in a key ladder, wherein the particular tier also depends upon the configuration data; and
  
  decrypting at least a portion of a data stream using a key ladder that includes the second key at the particular tier and the selected one of the first and fourth keys.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, wherein the data message is an Entitlement Management Message (EMM).
  - 17. The method of claim 15, wherein the key ladder comprises at least one asymmetric key and at least one symmetric key.
  - 18. The method of claim 15, wherein the key ladder comprises a single asymmetric key in a first tier of the key ladder, and further comprises a plurality of symmetric keys.
  - 19. The method of claim 15, further comprising receiving the configuration data as part of the data stream.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Original Assignee
Comcast Cable Holdings LLC (Comcast Corporation)
Inventors
Fahrny, James William
Primary Examiner(s)
Pyzocha; Michael
Assistant Examiner(s)
WILLIAMS, JEFFERY L

Application Number

US11/058,894
Publication Number

US 20060184796A1
Time in Patent Office

2,260 Days
Field of Search

None
US Class Current

380/201
CPC Class Codes

H04N 21/26606   for generating or managing ...

H04N 21/4623   Processing of entitlement m...

Y04S 40/20   Information technology spec...

System and method for a variable key ladder

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

93 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for a variable key ladder

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links