Key distribution system
First Claim
1. A key distribution system for controlling access to content by a plurality of rendering devices, comprising computer processing machinery including:
- an epoch processing machinery to provide a plurality of epochs, each of the epochs including a plurality of service key periods;
a service key processing machinery to provide a plurality of service keys so that, for each one of the epochs, a batch of the service keys is provided for employment in decryption of the content for a plurality of services across the service key periods of the one epoch such that a different one of the service keys in the batch is valid for each different combination of the services and the service key periods;
a group processing machinery to provide a plurality of group keys for each of the epochs such that;
for each of the epochs, each of the rendering devices is assigned one of the group keys such that more than one of the rendering devices may be assigned a same one of the group keys;
for each of the epochs, the assignment of the group keys groups together the rendering devices having the same one group key, thereby defining a plurality of groups;
each of the service keys is valid across all the groups; and
in different ones of the epochs, the rendering devices are grouped differently thereby facilitating traitor tracing;
a period master key processing machinery to provide for each one of the service key periods in the one epoch a different period master key;
an encryption processing machinery to encrypt, for each of the epochs, each of the service keys, in the batch of the service keys with each of the group keys, such that each of the service keys is individually encrypted with a different one of the group keys yielding a plurality of group-key-encrypted service keys from each of the service keys the encryption processing machinery being configured to further encrypt each one of the group-key-encrypted service keys using the period master key of the one service key period; and
a delivery processing machinery to;
(a) distribute to the rendering devices for each one of the epochs, the group-key-encrypted service keys for the batch of the service keys and the group keys of the one epoch; and
(b) for each one of the service key periods, distribute the period master key for the one service key period to the rendering devices during the service key period immediately prior to the one service key period.
2 Assignments
0 Petitions
Accused Products
Abstract
A key distribution system for controlling access to content by rendering devices, comprising an epoch module to provide epochs, each epoch including service key periods, a service key module to provide a batch of service keys, a group module to provide group keys for each epoch such that each rendering device is assigned a group key grouping together the devices having the same group key, thereby defining groups, in different epochs the devices are grouped differently, an encryption module to encrypt, for each epoch, each service key in the batch of service keys, individually with each group key yielding a plurality of group-key-encrypted service keys from each service key, and a delivery module to distribute to the devices, for each one of the epochs, the group-key-encrypted service keys for the batch of service keys and the group keys of the one epoch. Related apparatus and methods are also described.
-
Citations
21 Claims
-
1. A key distribution system for controlling access to content by a plurality of rendering devices, comprising computer processing machinery including:
-
an epoch processing machinery to provide a plurality of epochs, each of the epochs including a plurality of service key periods; a service key processing machinery to provide a plurality of service keys so that, for each one of the epochs, a batch of the service keys is provided for employment in decryption of the content for a plurality of services across the service key periods of the one epoch such that a different one of the service keys in the batch is valid for each different combination of the services and the service key periods; a group processing machinery to provide a plurality of group keys for each of the epochs such that;
for each of the epochs, each of the rendering devices is assigned one of the group keys such that more than one of the rendering devices may be assigned a same one of the group keys;
for each of the epochs, the assignment of the group keys groups together the rendering devices having the same one group key, thereby defining a plurality of groups;
each of the service keys is valid across all the groups; and
in different ones of the epochs, the rendering devices are grouped differently thereby facilitating traitor tracing;a period master key processing machinery to provide for each one of the service key periods in the one epoch a different period master key; an encryption processing machinery to encrypt, for each of the epochs, each of the service keys, in the batch of the service keys with each of the group keys, such that each of the service keys is individually encrypted with a different one of the group keys yielding a plurality of group-key-encrypted service keys from each of the service keys the encryption processing machinery being configured to further encrypt each one of the group-key-encrypted service keys using the period master key of the one service key period; and a delivery processing machinery to;
(a) distribute to the rendering devices for each one of the epochs, the group-key-encrypted service keys for the batch of the service keys and the group keys of the one epoch; and
(b) for each one of the service key periods, distribute the period master key for the one service key period to the rendering devices during the service key period immediately prior to the one service key period. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A key distribution method for controlling access to content by a plurality of rendering devices by a server, the server performing acts comprising:
-
providing a plurality of epochs, each of the epochs including a plurality of service key periods; providing a plurality of service keys so that, for each one of the epochs, a batch of the service keys is provided for employment in decryption of the content for a plurality of services across the service key periods of the one epoch such that a different one of the service keys in the batch is valid for each different combination of the services and the service key periods; providing a plurality of group keys for each of the epochs such that;
for each of the epochs, each of the rendering devices is assigned one of the group keys such that more than one of the rendering devices may be assigned a same one of the group keys;
for each of the epochs, the assignment of the group keys groups together the rendering devices having the same one group key, thereby defining a plurality of groups;
each of the service keys is valid across all the groups; and
in different ones of the epochs, the rendering devices are grouped differently thereby facilitating traitor tracing;providing for each one of the service key periods in the one epoch a different period master key; encrypting, for each of the epochs, each of the service keys, in the batch of the service keys with each of the group keys, such that each of the service keys is individually encrypted with a different one of the group keys yielding a plurality of group-key-encrypted service keys from each of the service keys; encrypting each one of the group-key-encrypted service keys using the period master key of the one service key period; distributing to the rendering devices, for each one of the epochs, the group-key-encrypted service keys for the batch of the service keys and the group keys of the one epoch; and for each one of the service key periods, distributing the period master key for the one service key period to the rendering devices during the service key period immediately prior to the one service key period.
-
Specification