Cable television secure communication system for one way restricted
First Claim
1. A method of providing restricted access to an electronic signal comprising steps of:
- establishing a transmission capability for said electronic signal as an encrypted signal;
establishing an individual reception capability responsive to a completely unknown decryption key unknown to said individual reception capability and said transmission capability;
providing unsecure individualized information from said individual reception capability;
nascently generating said completely unknown decryption key that was unknown to said individual reception capability and said transmission capability prior to being nascently generated at least partially from and after providing said unsecure individualized information;
activating decryption processing of said encrypted signal as a result of said step of nascently generating said completely unknown decryption key; and
physically unlocking access to said encrypted signal at said individual reception capability.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus permit a one-way downloadable security for electronic signals such as cable television, free-to-air, direct broadcast satellite, electronic device enablement, and other services. The system can allow a broadcast transmission capability (1) to provide an encrypted signal to an individual reception capability (2) in a manner that maintains the full security of a traditional decryption key process while completely eliminating any need for a trusted authority. By including a nascent decryption key generator that may create a secure, key-based environment from an unsecure individualized information transmission (12), a sequence of key(s) from a root key(s) to a derived key(s) to a temporary key(s) and ultimately to a fully random key(s) can be generated in activating a device or a decryption capability for a subscriber.
33 Citations
202 Claims
-
1. A method of providing restricted access to an electronic signal comprising steps of:
-
establishing a transmission capability for said electronic signal as an encrypted signal; establishing an individual reception capability responsive to a completely unknown decryption key unknown to said individual reception capability and said transmission capability; providing unsecure individualized information from said individual reception capability; nascently generating said completely unknown decryption key that was unknown to said individual reception capability and said transmission capability prior to being nascently generated at least partially from and after providing said unsecure individualized information; activating decryption processing of said encrypted signal as a result of said step of nascently generating said completely unknown decryption key; and physically unlocking access to said encrypted signal at said individual reception capability. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103)
-
2. A method of providing restricted access to an electronic signal as described in claim 1 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises a step of adding cryptographic entropy for said decryption key.
-
3. A method of providing restricted access to an electronic signal as described in claim 2 wherein said step of adding cryptographic entropy for said decryption key comprises a step of utilizing provider information.
-
4. A method of providing restricted access to an electronic signal as described in claim 3 wherein said step of utilizing provider information to add cryptographic entropy comprises a step of utilizing a secure system wide cryptographic key.
-
5. A method of providing restricted access to an electronic signal as described in claim 4 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises a step of establishing a cryptographic key using said unsecure individualized information and said secure system wide key as inputs to a cryptographic encryption function.
-
6. A method of providing restricted access to an electronic signal as described in claim 5 wherein said step of establishing a cryptographic key comprises a step of establishing at least one derived cryptographic key.
-
7. A method of providing restricted access to an electronic signal as described in claim 5 wherein said step of establishing an individual reception capability comprises a step of establishing an individual reception capability having a security process capability and wherein said step of providing unsecure individualized information from said individual reception capability comprises a step of providing individualized security process capability identification information.
-
8. A method of providing restricted access to an electronic signal as described in claim 7 wherein said step of establishing an individual reception capability comprises a step of establishing an individual reception capability having a signal process capability and wherein said step of providing unsecure individualized information from said individual reception capability further comprises a step of providing individualized signal process capability identification information.
-
9. A method of providing restricted access to an electronic signal as described in claim 8 and further comprising a step of transmitting said encrypted signal from a signal origination point transmitter, and wherein said step of utilizing provider information further comprises a step of utilizing signal origination point identification information.
-
10. A method of providing restricted access to an electronic signal as described in claim 9 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises a step of establishing a cryptographic key using said derived cryptographic key and said signal origination point identification information as inputs to an encryption hash function.
-
11. A method of providing restricted access to an electronic signal as described in claim 9 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises a step of establishing a cryptographic key using said derived cryptographic key and said signal origination point identification information as inputs to a cryptographic encryption function.
-
12. A method of providing restricted access to an electronic signal as described in claim 10 wherein said step of establishing a cryptographic key comprises a step of establishing at least one ephemeral cryptographic key.
-
13. A method of providing restricted access to an electronic signal as described in claim 12 wherein said step of transmitting said encrypted signal from a signal origination point transmitter comprises a step of securely communicating using said at least one ephemeral cryptographic key.
-
14. A method of providing restricted access to an electronic signal as described in claim 13 and further comprising a step of generating at least one random decryption key.
-
15. A method of providing restricted access to an electronic signal as described in claim 14 wherein said step of securely communicating using said at least one ephemeral cryptographic key comprises a step of securely sending said at least one random decryption key encrypted by said at least one ephemeral cryptographic key.
-
16. A method of providing restricted access to an electronic signal as described in claim 15 wherein said step of securely sending said at least one random decryption key encrypted by said at least one ephemeral cryptographic key comprises a step of immediately sending said at least one random decryption key encrypted by said at least one ephemeral cryptographic key.
-
17. A method of providing restricted access to an electronic signal as described in claim 16 wherein said step of activating decryption processing comprises a step of activating decryption processing based upon said at least one random decryption key.
-
18. A method of providing restricted access to an electronic signal as described in claim 14 wherein said step of generating at least one random decryption key comprises a step of:
-
generating a security process capability random cryptographic key; and generating a signal process capability random cryptographic key.
-
-
19. A method of providing restricted access to an electronic signal as described in claim 18 wherein said step of physically unlocking access to said encrypted signal at said individual reception capability comprises a step of allowing continued access to said encrypted signal at said individual reception capability based upon both said security process capability random cryptographic key and said signal process capability random cryptographic key.
-
20. A method of providing restricted access to an electronic signal as described in claim 1 and further comprising a step of selecting a secure system wide cryptographic key from among a plurality of secure system wide cryptographic keys.
-
21. A method of providing restricted access to an electronic signal as described in claim 1 wherein said step of establishing an individual reception capability responsive to a completely unknown decryption key comprises a step of establishing a conditional access television device receiver configured to receive an encrypted cable informational service signal.
-
22. A method of providing restricted access to an electronic signal as described in claim 1 wherein said step of establishing an individual reception capability responsive to a completely unknown decryption key comprises a step of establishing a conditionally operable electronic device configured to receive a service enablement signal, and wherein said step of physically unlocking access to said encrypted signal at said individual reception capability comprises a step of physically unlocking at least some capability for said electronic device as a result of said decryption key.
-
23. A method of providing restricted access to an electronic signal as described in claim 1 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises a step of generating a cryptographic key by mathematically functioning at least two items of information.
-
24. A method of providing restricted access to an electronic signal as described in claim 21 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises a step of multi-step mathematically manipulating items to support creation of a cryptographic key.
-
25. A method of providing restricted access to an electronic signal as described in claim 18 and further comprising a step of assessing continued operability based upon either of said random cryptographic keys.
-
26. A method of providing restricted access to an electronic signal as described in claim 25 wherein said step of assessing continued operability based upon either of said random cryptographic keys comprises a step of checking for a change in signal origination point identification information.
-
27. A method of providing restricted access to an electronic signal as described in claim 26 and further comprising a step of re-generating a completely unknown decryption key at least partially from said unsecure individualized information in the event of a change in said signal origination point identification information.
-
28. A method of providing restricted access to an electronic signal as described in claim 27 wherein said step of re-generating a completely unknown decryption key is accomplished in response to a step of re-issuing said unsecure individualized information from said individual reception capability.
-
29. A method of providing restricted access to an electronic signal as described in claim 23 and further comprising a step of discerning the existence of a location change for said individual reception capability.
-
30. A method of providing restricted access to an electronic signal as described in claim 1 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises a step of integrating said unsecure individualized information and provider commonality information into a cryptographic operation.
-
31. A method of providing restricted access to an electronic signal as described in claim 30 wherein said step of integrating said unsecure individualized information and provider commonality information into a cryptographic operation comprises a step of integrating said unsecure individualized information and secure provider commonality information into a cryptographic operation.
-
32. A method of providing restricted access to an electronic signal as described in claim 1 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises a step of utilizing multiple unsecure individualized information codes.
-
33. A method of providing restricted access to an electronic signal as described in claim 32 wherein said step of multiple unsecure individualized information codes comprises a step of:
-
utilizing a first item of unsecure individualized information in a cryptographic operation; and utilizing a second item of unsecure individualized information in a cryptographic operation.
-
-
34. A method of providing restricted access to an electronic signal as described in claim 33 wherein said step of utilizing a first item of unsecure individualized information in a cryptographic operation comprises a step of providing first process capability individualized identification information.
-
35. A method of providing restricted access to an electronic signal as described in claim 34 wherein said step of utilizing a second item of unsecure individualized information in a cryptographic operation comprises a step of providing second process capability individualized identification information.
-
36. A method of providing restricted access to an electronic signal as described in claim 35 wherein said step of providing first process capability individualized identification information comprises a step of providing individualized security process capability identification information.
-
37. A method of providing restricted access to an electronic signal as described in claim 36 wherein said step of providing second process capability individualized identification information comprises a step of providing individualized signal process capability identification information.
-
38. A method of providing restricted access to an electronic signal as described in claim 1 wherein said step of nascently generating said completely unknown decryption key from said unsecure individualized information comprises a step of cryptographically operating on said unsecure individualized information as at least part of discerning said completely unknown decryption key.
-
39. A method of providing restricted access to an electronic signal as described in claim 38 wherein said step of cryptographically operating on said unsecure individualized information as at least part of discerning said completely unknown decryption key comprises a step of cryptographically operating on provider information as at least part of discerning said completely unknown decryption key.
-
40. A method of providing restricted access to an electronic signal as described in claim 39 wherein said steps of cryptographically operating on said unsecure individualized information as at least part of discerning said completely unknown decryption key and cryptographically operating on said provider information as at least part of discerning said completely unknown decryption key comprises a step of operating an encryption function utilizing said unsecure individualized information and said provider information.
-
41. A method of providing restricted access to an electronic signal as described in claim 40 wherein said step of utilizing provider information further comprises a step of utilizing signal origination point identification information, and wherein said step of operating an encryption function utilizing said unsecure individualized information and said provider information comprises a step of establishing at least one derived cryptographic key, and wherein said step of nascently generating said completely unknown decryption key from said unsecure individualized information comprises a step of secondarily cryptographically operating on said at least one derived cryptographic key and said signal origination point identification information as at least part of discerning said completely unknown decryption key.
-
42. A method of providing restricted access to an electronic signal as described in claim 41 wherein said step of secondarily cryptographically operating on said at least one derived cryptographic key and said signal origination point identification information comprises a step of cryptographically hashing said at least one derived cryptographic key and said signal origination point identification information.
-
43. A method of providing restricted access to an electronic signal as described in claim 42 wherein said step of cryptographically hashing said at least one derived cryptographic key and said signal origination point identification information comprises a step of establishing at least one ephemeral cryptographic key.
-
44. A method of providing restricted access to an electronic signal as described in claim 41 wherein said step of secondarily cryptographically operating on said at least one derived cryptographic key and said signal origination point identification information comprises a step of cryptographically encrypting said at least one derived cryptographic key together with said signal origination point identification information.
-
45. A method of providing restricted access to an electronic signal as described in claim 44 wherein said step of cryptographically encrypting said at least one derived cryptographic key together with said signal origination point identification information comprises a step of comprises a step of establishing at least one ephemeral cryptographic key.
-
46. A method of providing restricted access to an electronic signal as described in claim 43 and further comprising a step of generating at least one random decryption key.
-
47. A method of providing restricted access to an electronic signal as described in claim 46 and further comprising a step of securely communicating said at least one random decryption key using said at least one ephemeral cryptographic key.
-
48. A method of providing restricted access to an electronic signal as described in claim 38 and further comprising a step of selecting an item of provider information from among a plurality of secure items of provider information.
-
49. A method of providing restricted access to an electronic signal as described in claim 48 wherein said step of selecting an item of provider information from among a plurality of secure items of provider information comprises a step of indicating a segment of secure cryptographic code to be utilized.
-
50. A method of providing restricted access to an electronic signal as described in claim 38 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises a step of utilizing multiple unsecure individualized information codes.
-
51. A method of providing restricted access to an electronic signal as described in claim 50 wherein said step of multiple unsecure individualized information codes comprises a step of:
-
utilizing a first item of unsecure individualized information in a cryptographic operation; and utilizing a second item of unsecure individualized information in a cryptographic operation.
-
-
53. A method of providing restricted access to an electronic signal as described in claim 1 and further comprising a step of generating a broadcast facility selected new cipher key for use between said individual reception capability and a broadcast facility.
-
54. A method of providing restricted access to an electronic signal as described in claim 53 wherein said step of generating a broadcast facility selected new cipher key for use between said individual reception capability and said broadcast facility comprises a step of establishing a potential compromise event triggered key regeneration capability within said broadcast facility.
-
55. A method of providing restricted access to an electronic signal as described in claim 1 and further comprising a step of securely delivering a conditional access component to said individual reception capability.
-
56. A method of providing restricted access to an electronic signal as described in claim 55 wherein said step of securely delivering a conditional access component to said individual reception capability comprises a step of activating secure bootloader functionality at said individual reception capability.
-
57. A method of providing restricted access to an electronic signal as described in claim 20 wherein said step of selecting a secure system wide cryptographic key from among a plurality of secure system wide cryptographic keys comprises a step of selecting a segment of information as a secure system wide cryptographic key.
-
58. A method of providing restricted access to an electronic signal as described in claim 57 wherein said step of selecting a secure system wide cryptographic key from among a plurality of secure system wide cryptographic keys comprises a step of pointing to a segment of information.
-
59. A method of providing restricted access to an electronic signal as described in claim 20 wherein said step of selecting a secure system wide cryptographic key from among a plurality of secure system wide cryptographic keys comprises a step of choosing a particular secure system wide cryptographic key from among a plurality of secure system wide cryptographic keys.
-
60. A method of providing restricted access to an electronic signal as described in claim 1 and further comprising a step of selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability.
-
61. A method of providing restricted access to an electronic signal as described in claim 60 wherein said step of selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability comprises a step of selecting a segment of information as a derived cryptographic key.
-
62. A method of providing restricted access to an electronic signal as described in claim 61 wherein said step of selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability comprises a step of pointing to a segment of information.
-
63. A method of providing restricted access to an electronic signal as described in claim 60 wherein said step of selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability comprises a step of choosing a particular derived cryptographic key from among a plurality of derived cryptographic keys.
-
64. A method of providing restricted access to an electronic signal as described in claim 60 wherein said step of selecting a derived cryptographic key comprises a step of broadcast facility based selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability.
-
65. A method of providing restricted access to an electronic signal as described in claim 20 and further comprising a step of selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability.
-
66. A method of providing restricted access to an electronic signal as described in claim 65 wherein said step of selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability comprises a step of selecting a segment of information as a derived cryptographic key.
-
67. A method of providing restricted access to an electronic signal as described in claim 66 wherein said step of selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability comprises a step of pointing to a segment of information.
-
68. A method of providing restricted access to an electronic signal as described in claim 65 wherein said step of selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability comprises a step of choosing a particular derived cryptographic key from among a plurality of derived cryptographic keys.
-
69. A method of providing restricted access to an electronic signal as described in claim 65 wherein said step of selecting a derived cryptographic key comprises a step of broadcast facility based selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability.
-
70. A method of providing restricted access to an electronic signal as described in claim 8 wherein said step of establishing an individual reception capability having a signal process capability comprises a steps of:
-
establishing an individual reception capability having a security partitioned signal transport capability; establishing an individual reception capability having a video signal process capability; and establishing an individual reception capability having an audio signal process capability.
-
-
71. A method of providing restricted access to an electronic signal as described in claim 70 wherein said step of providing unsecure individualized information comprises a step of providing cable informational service system hardware individualized information.
-
72. A method of providing restricted access to an electronic signal as described in claim 23 wherein said step of generating said cryptographic key by mathematically functioning at least two items of information comprises a step of utilizing one item of information as a mathematical operand to perform a transformative function on another item of information.
-
73. A method of providing restricted access to an electronic signal as described in claim 24 wherein said step of multi-step mathematically manipulating items to support creation of a cryptographic key comprises a step selected from a group consisting of:
-
manipulating items through a reversible cryptographic function to support creation of a cryptographic key; manipulating items through a one-way cryptographic function to support creation of a cryptographic key; manipulating items through an encryption function to support creation of a cryptographic key; manipulating items through a cryptographic hash function to support creation of a cryptographic key; utilizing a random value generator cryptographic function to support creation of a cryptographic key; and manipulating items through a data stream location pointer function to support creation of a cryptographic key.
-
-
74. A method of providing restricted access to an electronic signal as described in claim 24 wherein said step of multi-step mathematically manipulating items to support creation of a cryptographic key comprises a steps of:
-
manipulating items through a reversible cryptographic function to support creation of a cryptographic key; and manipulating items through a one-way cryptographic function to support creation of a cryptographic key.
-
-
75. A method of providing restricted access to an electronic signal as described in claim 74 wherein said step of manipulating items through a reversible cryptographic function to support creation of a cryptographic key comprises a step of encrypting items to support creation of a cryptographic key, and wherein said step of manipulating items through a one-way cryptographic function to support creation of a cryptographic key comprises a step of cryptographically hashing items to support creation of a cryptographic key.
-
76. A method of providing restricted access to an electronic signal as described in claim 24 wherein said step of multi-step mathematically manipulating items to support creation of a cryptographic key comprises a steps of:
-
manipulating first items through a reversible cryptographic function to support creation of a cryptographic key; and manipulating second items through a reversible cryptographic function to support creation of a cryptographic key.
-
-
77. A method of providing restricted access to an electronic signal as described in claim 76 wherein said step of manipulating first items through a reversible cryptographic function to support creation of a cryptographic key comprises a step of cryptographically encrypting first items to support creation of a cryptographic key, and wherein said step of manipulating second items through a one-way cryptographic function to support creation of a cryptographic key comprises a step of cryptographically encrypting second items to support creation of a cryptographic key.
-
78. A method of providing restricted access to an electronic signal as described in claim 75 wherein said step of multi-step mathematically manipulating items to support creation of a cryptographic key comprises a step of subsequently utilizing a random value generator cryptographic function to support creation of a cryptographic key.
-
79. A method of providing restricted access to an electronic signal as described in claim 78 wherein said step of multi-step mathematically manipulating items to support creation of a cryptographic key comprises a step of manipulating items through a data stream location pointer function to support creation of a cryptographic key.
-
80. A method of providing restricted access to an electronic signal as described in claim 23 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises a step of generating at least a 128-bit decryption key at least partially from said unsecure individualized information.
-
81. A method of providing restricted access to an electronic signal as described in claim 2 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises a step of utilizing an at least two dimensional cipher key derivation functionality.
-
82. A method of providing restricted access to an electronic signal as described in claim 81 wherein said step of utilizing an at least two dimensional cipher key derivation functionality comprises a step of:
-
utilizing at least some reception facility information; and utilizing at least some broadcast facility information.
-
-
83. A method of providing restricted access to an electronic signal as described in claim 82 wherein said step of utilizing at least some reception facility information comprises a step selected from a group consisting of:
-
utilizing individualized security process capability identification information; utilizing individualized signal process capability identification information; and utilizing both individualized security process capability identification information and individualized signal process capability identification information, and wherein said step of utilizing at least some broadcast facility information comprises a step selected from a group consisting of; utilizing secure system wide cryptographic key information; utilizing signal origination point identification information; and utilizing both secure system wide cryptographic key information and signal origination point identification information.
-
-
84. A method of providing restricted access to an electronic signal as described in claim 29 wherein said step of discerning the existence of a location change for said individual reception capability comprises a step of checking for a change in signal origination point identification information.
-
85. A method of providing restricted access to an electronic signal as described in claim 84 and further comprising a step of re-generating a completely unknown decryption key at least partially from said unsecure individualized information in the event of a change in said signal origination point identification information.
-
86. A method of providing restricted access to an electronic signal as described in claim 85 wherein said step of re-generating a completely unknown decryption key is accomplished in response to a step of re-issuing said unsecure individualized information from said individual reception capability.
-
87. A method of providing restricted access to an electronic signal as described in claim 30 wherein said step of integrating said unsecure individualized information and provider commonality information into a cryptographic operation comprises a step of integrating said unsecure individualized information and a selected multiple option secure provider commonality code into a cryptographic operation.
-
88. A method of providing restricted access to an electronic signal as described in claim 31 wherein said step of integrating said unsecure individualized information and secure provider commonality information into a cryptographic operation comprises a step of integrating said unsecure individualized information and secure hardware provider commonality information into a cryptographic operation.
-
89. A method of providing restricted access to an electronic signal as described in claim 30 wherein said step of integrating said unsecure individualized information and provider commonality information into a cryptographic operation comprises a step of integrating said unsecure individualized information and service provider commonality information into a cryptographic operation.
-
90. A method of providing restricted access to an electronic signal as described in claim 30 wherein said step of integrating said unsecure individualized information and provider commonality information into a cryptographic operation comprises a step of integrating said unsecure individualized information and specific transmitter commonality information into a cryptographic operation.
-
91. A method of providing restricted access to an electronic signal as described in claim 37 wherein said step of providing unsecure individualized information from said individual reception capability comprises a step of unsecurely transmitting both individualized security process capability identification information and individualized signal process capability identification information from said individual reception capability.
-
92. A method of providing restricted access to an electronic signal as described in claim 1 wherein said step of providing unsecure individualized information from said individual reception capability comprises a step of transmitting cryptographic entropy rate of zero identification information.
-
93. A method of providing restricted access to an electronic signal as described in claim 1 and further comprising a step of assuring that said completely unknown decryption key is ubiquitously secreted from all persons.
-
94. A method of providing restricted access to an electronic signal as described in claim 93 wherein said step of assuring that said completely unknown decryption key is ubiquitously secreted from all persons comprises a step of destructively tamper proofing computer chip information within said individual reception capability.
-
95. A method of providing restricted access to an electronic signal as described in claim 94 wherein said step of assuring that said completely unknown decryption key is ubiquitously secreted from all persons comprises a step of assuring that said completely unknown decryption key is initially unknowable at said broadcast transmission capability.
-
96. A method of providing restricted access to an electronic signal as described in claim 93 wherein said step of assuring that said completely unknown decryption key is ubiquitously secreted from all persons comprises a step of eliminating any use of a cryptographic trusted authority for said completely unknown decryption key.
-
97. A method of providing restricted access to an electronic signal as described in claim 96 wherein said step of assuring that said completely unknown decryption key is ubiquitously secreted from all persons comprises a step of assuring that said completely unknown decryption key is initially unknowable at said individual reception capability.
-
98. A method of providing restricted access to an electronic signal as described in claim 97 wherein said step of assuring that said completely unknown decryption key is initially unknowable at said individual reception capability comprises a step of preventing said individual reception capability from any knowledge as to how said completely unknown decryption key is derived.
-
99. A method of providing restricted access to an electronic signal as described in claim 38 wherein said step of providing unsecure individualized information from said individual reception capability comprises a step of verbally conveying said unsecure individualized information.
-
100. A method of providing restricted access to an electronic signal as described in claim 38 and further comprising a step of selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability.
-
101. A method of providing restricted access to an electronic signal as described in claim 100 wherein said step of selecting a derived cryptographic key comprises a step of broadcast facility based selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability.
-
102. A method of providing restricted access to an electronic signal as described in claim 48 and further comprising a step of selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability.
-
103. A method of providing restricted access to an electronic signal as described in claim 102 wherein said step of selecting a derived cryptographic key comprises a step of broadcast facility based selecting a derived cryptographic key from among a plurality of derived cryptographic keys for said individual reception capability.
-
2. A method of providing restricted access to an electronic signal as described in claim 1 wherein said step of nascently generating said completely unknown decryption key at least partially from said unsecure individualized information comprises a step of adding cryptographic entropy for said decryption key.
-
-
52. A method of providing restricted access to an electronic signal as described in claim wherein said step of providing first process capability individualized identification information comprises a step of providing individualized security process capability identification information, and wherein said step of providing second process capability individualized identification information comprises a step of providing individualized signal process capability identification information.
-
104. A system for restricted access to an electronic signal comprising:
-
a transmission facility configured to generate said electronic signal as an encrypted signal; at least one individual reception capability responsive to a completely unknown decryption key unknown to said individual reception capability and said transmission capability; an unsecure individualized information transmission to which said transmission facility is responsive; a nascent decryption key generator responsive after operation of said unsecure individualized information transmission wherein said nascent decryption key generator generates said completely unknown decryption key that was unknown by said individual reception capability and said transmission capability prior to being nascently generated; a transmitter comprising hardware, wherein said transmitter is responsive to said nascent decryption key generator; an individual subscriber receiver responsive to said transmitter; and a subscriber decryption processor responsive to said completely unknown decryption key and configured to physically unlock access to said encrypted signal at said individual reception capability. - View Dependent Claims (105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202)
-
105. A system for restricted access to an electronic signal as described in claim 104 wherein said nascent decryption key generator is manipulatively responsive to said unsecure individualized information transmission.
-
106. A system for restricted access to an electronic signal as described in claim 105 and further comprising an unsecure individualized information generator for said individual reception capability.
-
107. A system for restricted access to an electronic signal as described in claim 104 wherein said nascent decryption key generator comprises a cryptographic decryption key entropy addition generator.
-
108. A system for restricted access to an electronic signal as described in claim 107 and further comprising a provider information input to which said nascent decryption key generator is responsive.
-
109. A system for restricted access to an electronic signal as described in claim 108 wherein said provider information input comprises a secure system wide cryptographic key input.
-
110. A system for restricted access to an electronic signal as described in claim 109 and further comprising:
-
a unsecure individualized information input; and a secure system wide key input, and wherein said nascent decryption key generator comprises a cryptographic encryption processor responsive to said unsecure individualized information input and said secure system wide key input.
-
-
111. A system for restricted access to an electronic signal as described in claim 110 wherein said cryptographic encryption processor comprises at least one derived cryptographic key.
-
112. A system for restricted access to an electronic signal as described in claim 110 wherein said individual reception capability comprises a security processor, and wherein said unsecure individualized information transmission comprises an individualized security process capability identification information transmission.
-
113. A system for restricted access to an electronic signal as described in claim 112 wherein said individual reception capability further comprises a signal processor, and wherein said unsecure individualized information transmission comprises an individualized signal process capability identification information transmission.
-
114. A system for restricted access to an electronic signal as described in claim 113 and further comprising a signal origination point information transmitter, and wherein said provider information input further comprises a signal origination point identification information input.
-
115. A system for restricted access to an electronic signal as described in claim 114 and further comprising:
-
a signal origination point identification information input to which said nascent decryption key generator is responsive; at least one derived key input to which said nascent decryption key generator is responsive, and wherein said nascent decryption key generator comprises an encryption hash function processor responsive to said signal origination point identification information input and said at least one derived key input.
-
-
116. A system for restricted access to an electronic signal as described in claim 114 and further comprising:
-
a signal origination point identification information input to which said nascent decryption key generator is responsive; at least one derived key input to which said nascent decryption key generator is responsive, and wherein said nascent decryption key generator comprises a cryptographic encryption function processor responsive to said signal origination point identification information input and said at least one derived key input.
-
-
117. A system for restricted access to an electronic signal as described in claim 115 wherein said nascent decryption key generator establishes at least one ephemeral cryptographic key.
-
118. A system for restricted access to an electronic signal as described in claim 117 wherein said signal origination point information transmitter is responsive to said at least one ephemeral cryptographic key.
-
119. A system for restricted access to an electronic signal as described in claim 118 and further comprising at least one random decryption key generator.
-
120. A system for restricted access to an electronic signal as described in claim 119 wherein said nascent decryption key generator comprises a secure random decryption key transmitter cryptographically responsive to said at least one ephemeral cryptographic key and said at least one random decryption key generator.
-
121. A system for restricted access to an electronic signal as described in claim 120 wherein said secure random decryption key transmitter is configured to serve as a transient ephemeral cryptographic key based secure random decryption key transmitter.
-
122. A system for restricted access to an electronic signal as described in claim 121 wherein said subscriber decryption processor comprises an enduring operation random decryption key based decryption processor.
-
123. A system for restricted access to an electronic signal as described in claim 119 wherein said at least one random decryption key generator comprises:
-
a security process capability random cryptographic key generator; and a signal process capability random cryptographic key generator.
-
-
124. A system for restricted access to an electronic signal as described in claim 104 and further comprising a secure system wide cryptographic key multiple option selector.
-
125. A system for restricted access to an electronic signal as described in claim 104 wherein said comprises an at least dual information input mathematically functional cryptographic key generator.
-
126. A system for restricted access to an electronic signal as described in claim 104 wherein said nascent decryption key generator comprises a multi-step mathematically functional cryptographic key generator.
-
127. A system for restricted access to an electronic signal as described in claim 107 wherein said nascent decryption key generator comprises an at least two dimensional cipher key derivation processor.
-
128. A system for restricted access to an electronic signal as described in claim 127 wherein said at least two dimensional cipher key derivation processor comprises:
-
at least some reception facility information input; and at least some broadcast facility information input.
-
-
129. A system for restricted access to an electronic signal as described in claim 128 wherein said at least some reception facility information input is selected from a group consisting of:
-
an individualized security process capability identification information input; an individualized signal process capability identification information input; and both an individualized security process capability identification information input and an individualized signal process capability identification information input, and wherein said at least some broadcast facility information input is selected from a group consisting of; a secure system wide cryptographic key information input; a signal origination point identification information input; and both a secure system wide cryptographic key information input and a signal origination point identification information input.
-
-
130. A system for restricted access to an electronic signal as described in claim 104 and further comprising a potential key compromise assessor.
-
131. A system for restricted access to an electronic signal as described in claim 130 wherein said potential key compromise assessor comprises a signal origination point identification information change assessor.
-
132. A system for restricted access to an electronic signal as described in claim 131 and further comprising a nascent decryption key re-generator responsive to an unsecure individualized information transmission and said signal origination point identification information change comparator.
-
133. A system for restricted access to an electronic signal as described in claim 132 wherein said nascent decryption key re-generator comprises an unsecure individualized information re-issue command.
-
134. A system for restricted access to an electronic signal as described in claim 125 and further comprising a location change assessor for said individual reception capability.
-
135. A system for restricted access to an electronic signal as described in claim 104 wherein said nascent decryption key generator comprises an individualized information cryptographic transformation processor.
-
136. A system for restricted access to an electronic signal as described in claim 135 wherein said individualized information cryptographic transformation processor further comprises a provider information cryptographic transformation processor.
-
137. A system for restricted access to an electronic signal as described in claim 136 wherein said cryptographic transformation processor comprises an encryption operation function processor.
-
138. A system for restricted access to an electronic signal as described in claim 137 wherein said nascent decryption key generator comprises a secondary provider information cryptographic transformation processor.
-
139. A system for restricted access to an electronic signal as described in claim 138 wherein said secondary provider information cryptographic transformation processor comprises an encryption hash function processor.
-
140. A system for restricted access to an electronic signal as described in claim 139 wherein said nascent decryption key generator comprises at least one ephemeral cryptographic key generator.
-
141. A system for restricted access to an electronic signal as described in claim 138 wherein said secondary provider information cryptographic transformation processor comprises a cryptographic encryption function processor.
-
142. A system for restricted access to an electronic signal as described in claim 140 wherein said cryptographic encryption function processor comprises at least one ephemeral cryptographic key generator.
-
143. A system for restricted access to an electronic signal as described in claim 140 and further comprising a random decryption key generator.
-
144. A system for restricted access to an electronic signal as described in claim 143 and further comprising a secure decryption key transmitter cryptographically responsive to said at least one ephemeral cryptographic key generator and configured to transmit a random decryption key.
-
145. A system for restricted access to an electronic signal as described in claim 135 and further comprising a secure system wide cryptographic key multiple option selector.
-
146. A system for restricted access to an electronic signal as described in claim 135 wherein said unsecure individualized information transmission comprises a multiple unsecure individualized information code transmission.
-
147. A system for restricted access to an electronic signal as described in claim 146 wherein said multiple unsecure individualized information code transmission comprises:
-
a first item of unsecure individualized information transmission; and a second item of unsecure individualized information transmission.
-
-
148. A system for restricted access to an electronic signal as described in claim 147 wherein said first item of unsecure individualized information transmission comprises a first process capability individualized identification information transmission, and wherein said second item of unsecure individualized information transmission comprises a second process capability individualized identification information transmission.
-
149. A system for restricted access to an electronic signal as described in claim 123 wherein said subscriber decryption processor comprises:
-
an enduring operation security process capability random cryptographic key based decryption processor; and an enduring operation signal process capability random cryptographic key based decryption processor.
-
-
150. A system for restricted access to an electronic signal as described in claim 124 wherein said provider information input comprises a segmented secure system wide cryptographic key.
-
151. A system for restricted access to an electronic signal as described in claim 150 wherein said secure system wide cryptographic key multiple option selector comprises a segmented interdata pointer.
-
152. A system for restricted access to an electronic signal as described in claim 124 wherein said provider information input comprises a chosen secure system wide cryptographic key.
-
153. A system for restricted access to an electronic signal as described in claim 104 and further comprising a derived cryptographic key multiple option selector.
-
154. A system for restricted access to an electronic signal as described in claim 153 wherein said provider information input comprises a segmented derived cryptographic key.
-
155. A system for restricted access to an electronic signal as described in claim 154 wherein said derived cryptographic key multiple option selector comprises a segmented interdata pointer.
-
156. A system for restricted access to an electronic signal as described in claim 153 wherein said provider information input comprises a chosen derived cryptographic key.
-
157. A system for restricted access to an electronic signal as described in claim 153 wherein said derived cryptographic key multiple option selector comprises a broadcast facility based multiple option derived cryptographic key selector.
-
158. A system for restricted access to an electronic signal as described in claim 124 and further comprising a derived cryptographic key multiple option selector.
-
159. A system for restricted access to an electronic signal as described in claim 158 wherein said provider information input comprises a segmented derived cryptographic key.
-
160. A system for restricted access to an electronic signal as described in claim 159 wherein said derived cryptographic key multiple option selector comprises a segmented interdata pointer.
-
161. A system for restricted access to an electronic signal as described in claim 158 wherein said provider information input comprises a chosen derived cryptographic key.
-
162. A system for restricted access to an electronic signal as described in claim 158 wherein said derived cryptographic key multiple option selector comprises a broadcast facility based multiple option derived cryptographic key selector.
-
163. A system for restricted access to an electronic signal as described in claim 104 wherein said broadcast transmission facility comprises a cable informational service signal origination point facility for an encrypted cable informational service signal, and wherein said at least one individual reception capability comprises a conditional access television device receiver configured to receive said encrypted cable informational service signal.
-
164. A system for restricted access to an electronic signal as described in claim 113 wherein said signal processor comprises:
-
a security partitioned signal transport capability; a video signal process capability; and an audio signal process capability.
-
-
165. A system for restricted access to an electronic signal as described in claim 164 wherein said unsecure individualized information transmission comprises a cable informational service system hardware individualized information transmission.
-
166. A system for restricted access to an electronic signal as described in claim 104 wherein said broadcast transmission facility comprises an electronic device enabling facility, and wherein said at least one individual reception capability comprises conditionally operable electronic device configured to receive a service enablement signal.
-
167. A system for restricted access to an electronic signal as described in claim 125 wherein said at least dual information input mathematically functional cryptographic key generator comprises:
-
a first informational input mathematical operand processor; and a second informational input transformative function processor.
-
-
168. A system for restricted access to an electronic signal as described in claim 126 wherein said multi-step mathematically functional cryptographic key generator is selected from a group consisting of:
-
a reversible cryptographic function key generator; a one-way cryptographic function key generator; an encryption function key generator; a cryptographic hash function key generator; a random cryptographic key generator; and a data stream location pointer function key generator.
-
-
169. A system for restricted access to an electronic signal as described in claim 126 wherein said multi-step mathematically functional cryptographic key generator comprises:
-
a reversible cryptographic function key generator; and a one-way cryptographic function key generator.
-
-
170. A system for restricted access to an electronic signal as described in claim 169 wherein said reversible cryptographic function key generator comprises an encryption function key generator, and wherein said one-way cryptographic function key generator comprises a cryptographic hash function key generator.
-
171. A system for restricted access to an electronic signal as described in claim 126 wherein said multi-step mathematically functional cryptographic key generator comprises:
-
a first reversible cryptographic function key generator; and a second reversible cryptographic function key generator.
-
-
172. A system for restricted access to an electronic signal as described in claim 171 wherein said first reversible cryptographic function key generator comprises a first cryptographic encryption function key generator, and wherein said second reversible cryptographic function key generator comprises a second cryptographic encryption function key generator.
-
173. A system for restricted access to an electronic signal as described in claim 170 wherein said multi-step mathematically functional cryptographic key generator comprises a random cryptographic key generator.
-
174. A system for restricted access to an electronic signal as described in claim 173 wherein said multi-step mathematically functional cryptographic key generator comprises a data stream location pointer function key generator.
-
175. A system for restricted access to an electronic signal as described in claim 125 wherein said nascent decryption key generator comprises an at least 128-bit decryption key generator.
-
176. A system for restricted access to an electronic signal as described in claim 134 wherein said location change assessor comprises a signal origination point identification information change comparator.
-
177. A system for restricted access to an electronic signal as described in claim 176 and further comprising nascent decryption key re-generator responsive to said signal origination point identification information change comparator.
-
178. A system for restricted access to an electronic signal as described in claim 177 and further comprising an unsecure individualized information re-issue command responsive to said signal origination point identification information change comparator, and wherein said nascent decryption key re-generator is responsive said unsecure individualized information re-issue command.
-
179. A system for restricted access to an electronic signal as described in claim 104 wherein said nascent decryption key generator comprises a cryptographic provider commonality information integrator responsive to provider commonality information and said cryptographic unsecure individualized information.
-
180. A system for restricted access to an electronic signal as described in claim 179 wherein said cryptographic provider commonality information integrator comprises a multiple option secure provider commonality code selector.
-
181. A system for restricted access to an electronic signal as described in claim 179 wherein said cryptographic provider commonality information integrator comprises a unsecure individualized information and secure provider commonality information cryptographic integrator.
-
182. A system for restricted access to an electronic signal as described in claim 181 wherein said an unsecure individualized information and secure provider commonality information cryptographic integrator comprises an unsecure individualized information and secure hardware provider commonality information cryptographic integrator.
-
183. A system for restricted access to an electronic signal as described in claim 179 wherein said cryptographic provider commonality information integrator comprises an unsecure individualized information and service provider commonality information cryptographic integrator.
-
184. A system for restricted access to an electronic signal as described in claim 179 wherein said cryptographic provider commonality information integrator comprises an unsecure individualized information and specific transmitter commonality information cryptographic integrator.
-
185. A system for restricted access to an electronic signal as described in claim 104 wherein said unsecure individualized information transmission comprises a multiple unsecure individualized information code transmission.
-
186. A system for restricted access to an electronic signal as described in claim 185 wherein said multiple unsecure individualized information code transmission comprises:
-
a first item of unsecure individualized information transmission; and a second item of unsecure individualized information transmission.
-
-
187. A system for restricted access to an electronic signal as described in claim 186 wherein said a first item of unsecure individualized information transmission comprises a first process capability individualized identification information transmission.
-
188. A system for restricted access to an electronic signal as described in claim 187 wherein said second item of unsecure individualized information transmission comprises a second process capability individualized identification information transmission.
-
189. A system for restricted access to an electronic signal as described in claim 188 wherein said first process capability individualized identification information transmission comprises an individualized security process capability identification information transmission.
-
190. A system for restricted access to an electronic signal as described in claim 189 wherein said second item of unsecure individualized information transmission comprises an individualized signal process capability identification information transmission.
-
191. A system for restricted access to an electronic signal as described in claim 190 wherein said multiple unsecure individualized information code transmission comprises:
-
an individualized security process capability identification information transmission from said individual reception capability; and an individualized signal process capability identification information transmission from said individual reception capability.
-
-
192. A system for restricted access to an electronic signal as described in claim 104 wherein said multiple unsecure individualized information code transmission comprises an entropy rate of zero identification information transmission.
-
193. A system for restricted access to an electronic signal as described in claim 145 wherein said secure system wide cryptographic key multiple option selector comprises a segmented interdata pointer.
-
194. A system for restricted access to an electronic signal as described in claim 135 wherein said unsecure individualized information transmission comprises an unsecure verbal individualized information transmission.
-
195. A system for restricted access to an electronic signal as described in claim 135 and further comprising a derived cryptographic key multiple option selector.
-
196. A system for restricted access to an electronic signal as described in claim 195 wherein said derived cryptographic key multiple option selector comprises a broadcast facility based multiple option derived cryptographic key selector.
-
197. A system for restricted access to an electronic signal as described in claim 145 and further comprising a derived cryptographic key multiple option selector.
-
198. A system for restricted access to an electronic signal as described in claim 197 wherein said derived cryptographic key multiple option selector comprises a broadcast facility based multiple option derived cryptographic key selector.
-
199. A system for restricted access to an electronic signal as described in claim 104 and further comprising a broadcast transmission capability prompted nascent decryption key re-generator.
-
200. A system for restricted access to an electronic signal as described in claim 199 and further comprising a potential key compromise assessor to which said broadcast transmission capability prompted nascent decryption key re-generator is responsive.
-
201. A system for restricted access to an electronic signal as described in claim 104 and further comprising a conditional access component transmitter to which said individual reception capability is operationally responsive.
-
202. A system for restricted access to an electronic signal as described in claim 201 wherein said conditional access component transmitter comprises secure bootloader.
-
105. A system for restricted access to an electronic signal as described in claim 104 wherein said nascent decryption key generator is manipulatively responsive to said unsecure individualized information transmission.
-
Specification
- Resources
-
Current AssigneeWilliam D. Bauer
-
Original AssigneeBeyond Broadband Technology LLC
-
InventorsBauer, William D., White, Donovan Steve, Eder, David W.
-
Primary Examiner(s)Blair, April Y
-
Application NumberUS12/599,499Publication NumberTime in Patent Office1,624 DaysField of Search725/26, 380/281, 380/284, 380/210US Class Current380/210CPC Class CodesH04L 9/0866 involving user or device id...H04L 9/088 Usage controlling of secret...H04N 21/26613 for generating or managing ...H04N 21/4181 for conditional accessH04N 21/4623 Processing of entitlement m...H04N 7/17309 Transmission or handling of...