Cascading dynamic crypto periods

US 8,687,807 B2
Filed: 01/26/2011
Issued: 04/01/2014
Est. Priority Date: 01/26/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for encrypting a data transmission stream using cascading dynamic crypto periods, the method comprising:

sending a first set of functions to a recipient device for use during a first crypto period, the first crypto period comprising a number of sub-crypto periods correlated to a number of functions included in the first set of functions, wherein the plurality of sub-crypto periods comprises at least a first sub-crypto period and a second sub-crypto period, and wherein the first sub-crypto period is a discrete portion of the first crypto period and the second sub-crypto period is a second discrete portion of the first crypto period;

sending a first control word to the recipient device;

encrypting the first sub-crypto period of the data transmission stream using the first control word;

sending the first sub-crypto period of the encrypted data transmission stream to the recipient device;

generating a first derived control word, wherein the first derived control word is generated by applying a first function from the first set of functions to retrieved data;

encrypting the second sub-crypto period of the data transmission stream using the first derived control word; and

sending the second sub-crypto period of the encrypted data transmission stream to the recipient device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for performing cascading dynamic crypto periods are disclosed. In embodiments, a control word and a set of functions is transmitted between a head-end and recipient devices at the beginning of a crypto period. The crypto period is divided into a discrete number of sub-crypto periods. The control word used to encrypt and decrypt the broadcast content is changed during each sub-crypto period. At the end of the first sub-crypto period, a derived control word is generated by passing the original control word to a function in the set of functions in order to generate a derived control word at the first transition between sub-crypto periods. The derived control word is used for encryption and decryption of the broadcasted content during the second sub-crypto period. Upon transitioning to the third sub-control-period, the derived control word is input into another function to produce a second derived control word.

Citations

66 Claims

1. A computer-implemented method for encrypting a data transmission stream using cascading dynamic crypto periods, the method comprising:
- sending a first set of functions to a recipient device for use during a first crypto period, the first crypto period comprising a number of sub-crypto periods correlated to a number of functions included in the first set of functions, wherein the plurality of sub-crypto periods comprises at least a first sub-crypto period and a second sub-crypto period, and wherein the first sub-crypto period is a discrete portion of the first crypto period and the second sub-crypto period is a second discrete portion of the first crypto period;
  
  sending a first control word to the recipient device;
  
  encrypting the first sub-crypto period of the data transmission stream using the first control word;
  
  sending the first sub-crypto period of the encrypted data transmission stream to the recipient device;
  
  generating a first derived control word, wherein the first derived control word is generated by applying a first function from the first set of functions to retrieved data;
  
  encrypting the second sub-crypto period of the data transmission stream using the first derived control word; and
  
  sending the second sub-crypto period of the encrypted data transmission stream to the recipient device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein the retrieved data is the first control word.
  - 3. The method of claim 1, wherein the retrieved data is prior data transmission stream data.
  - 4. The method of claim 1, wherein the retrieved data resides in at least one of:
    - local memory; and
      
      local storage.
  - 5. The method of claim 1, wherein the first set of functions is sent to the recipient device in an Entitlement Management Message (EMM).
  - 6. The method of claim 1, wherein the first control word is sent to the recipient device in an Entitlement Control Message (ECM).
  - 7. The method of claim 1, wherein the data transmission is an MPEG stream.
  - 8. The method of claim 1, wherein the recipient device is a set-top-box.
  - 9. The method of claim 8, wherein the set-top-box comprises a smart card.
  - 10. The method of claim 1, further comprising, determining when a transition from the first sub-crypto period to the second sub-crypto period occurs.
  - 11. The method of claim 10, wherein the transition from the first sub-crypto period to the second sub-crypto period is based upon predetermined timing.
  - 12. The method of claim 10, wherein the transition from the first sub-crypto period to the second sub-crypto period is triggered based upon a signal in the data transmission stream.
  - 13. The method of claim 12, wherein the signal is a flag in the data transmission stream.
  - 14. The method of claim 12, wherein the signal is a function identifier in the data transmission stream.
  - 15. The method of claim 14, wherein the first function is identified by the function identifier.
  - 16. The method of claim 1, wherein the first set of functions comprises deterministic functions.
  - 17. The method of claim 1, wherein the first set of functions are predetermined and loaded at a head-end.
  - 18. The method of claim 1, wherein the first set of functions is dynamically derived at a head-end using a root function.
  - 19. The method of claim 1, wherein the first control word is a randomly generated number.
  - 20. The method of claim 1, further comprising:
    - sending a second set of functions to the recipient device for use during a second crypto period; and
      
      sending a second control word to the recipient device.

21. A computer-implemented method for decrypting an encrypted data transmission stream using cascading dynamic crypto periods, the method comprising:
- receiving, at a recipient device, a first set of functions comprising a plurality of functions, wherein the plurality of functions is correlated to a number of sub-crypto periods;
  
  receiving, at the recipient device, a first control word;
  
  receiving, at the recipient device, a first portion of an encrypted data transmission, wherein the first portion of the encrypted data transmission stream is encrypted using the first control word and represents a first sub-crypto period of the encrypted data transmission stream, wherein the first sub-crypto period is a discrete portion of a crypto period;
  
  generating a first portion of a clear data stream by decrypting the first portion of the encrypted data transmission stream using the first control word;
  
  receiving, at the recipient device, a second portion of the encrypted data transmission stream, wherein the second portion of the encrypted data transmission stream is encrypted using a first derived control word and represents a second sub-crypto period of the encrypted data transmission stream, wherein the second sub-crypto period is a discrete portion of the crypto period;
  
  generating the first derived control word by applying a first function from the first set of functions to retrieved data; and
  
  generating a second portion of the clear data stream by decrypting the second portion of the encrypted data transmission stream using the first derived control word.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 22. The method of claim 21, further comprising, sending the first and second portions of the clear data stream to a display device.
  - 23. The method of claim 21, further comprising, storing the first and second portions of the clear data stream.
  - 24. The method of claim 21, wherein the encrypted data transmission stream is an encrypted MPEG stream.
  - 25. The method of claim 21, wherein the clear data stream is an MPEG stream.
  - 26. The method of claim 21, wherein the first set of functions is received in an Entitlement Control Message (ECM).
  - 27. The method of claim 21, wherein first control word is received in an Entitlement Control Message.
  - 28. The method of claim 21, further comprising determining when a transition from the first sub-crypto period to the second sub-crypto period occurs.
  - 29. The method of claim 28 wherein the transition from the first sub-crypto period to the second sub-crypto period is based upon a predetermined timing.
  - 30. The method of claim 28, wherein the transition from the first sub-crypto period to the second sub-crypto period is triggered based upon a signal in the encrypted data transmission stream.
  - 31. The method of claim 30, wherein the signal is a flag in the encrypted data transmission stream.
  - 32. The method of claim 21, wherein the first set of functions comprises deterministic functions.
  - 33. The method of claim 21, wherein the recipient device is a set-top-box.
  - 34. The method of claim 21, wherein the recipient device is a mobile device.
  - 35. The method of claim 21, wherein the recipient device is a television.
  - 36. The method of claim 21, wherein the first derived control word is generated before receiving the second portion of the encrypted data transmission stream.
  - 37. The method of claim 21, wherein the retrieved data is the first control word.
  - 38. The method of claim 21, wherein the retrieved data is prior data transmission stream data.
  - 39. The method of claim 21, wherein the retrieved data resides in at least one of:
    - local memory; and
      
      local storage.

40. A system for encrypting and decrypting a data transmission stream using cascading dynamic crypto periods, the system comprising:
- a head-end device for receiving and encrypting a clear data transmission stream, the head-end comprising device;
  
  at least a first processor; and
  
  a first memory in communication with and readable by at least the first processor, wherein the first memory comprises instructions that, when executed by at least the first processor, cause the at least one processor to perform a first method comprising;
  
  sending a first set of functions to a recipient device for use during a first crypto period, the first crypto period comprising a number of sub-crypto periods correlating to a number of functions in the first set of functions, wherein the number of sub-crypto periods comprises at least a first sub-crypto period and a second sub-crypto period, and wherein the first sub-crypto period is a first discrete portion of the first crypto period and the second sub-crypto period is a second discrete portion of the first crypto period;
  
  sending a first control word to the recipient device;
  
  encrypting the first sub-crypto period of the data transmission stream using the first control word;
  
  sending the first sub-crypto period of the encrypted data transmission stream to the recipient device;
  
  generating a first derived control word, wherein the first derived control word is generated by applying a first function from the first set of functions to the first control word;
  
  encrypting the second sub-crypto period of the data transmission stream using the first derived control word; and
  
  sending the second sub-crypto period of the encrypted data transmission stream to the recipient device.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 41. The system of claim 40, further comprising, determining when a transition from the first sub-crypto period to the second sub-crypto period occurs.
  - 42. The system of claim 41, wherein the transition from the first sub-crypto period to the second sub-crypto period is based upon predetermined timing.
  - 43. The system of claim 41, wherein the transition from the first sub-crypto period to the second sub-crypto period is triggered based upon a signal in the data transmission stream.
  - 44. The system of claim 43, wherein the signal is a flag in the data transmission stream.
  - 45. The system of claim 43, wherein the signal is a function identifier in the data transmission stream.
  - 46. The system of claim 43, wherein the first set of functions comprises at least one deterministic function.
  - 47. The system of claim 43, wherein the first set of functions are predetermined and loaded at the head-end.
  - 48. The system of claim 43, wherein the first set of functions is dynamically derived at the head-end device using a root function.
  - 49. The system of claim 40, further comprising:
    - the recipient device for receiving and decrypting the encrypted data transmission stream, the recipient device comprising;
      
      at least a second processor; and
      
      a second memory in communication with and readable by the at least the second processor, wherein the second memory comprises instructions that, when executed by at least the second processor, cause at least the second processor to perform a second method, the second method comprising;
      
      receiving the first set of functions;
      
      receiving the first control word;
      
      receiving the first sub-crypto period of the encrypted data transmission stream;
      
      generating a first portion of a clear data stream by decrypting the first sub-crypto period of the encrypted data transmission stream using the first control word;
      
      receiving the second sub-crypto period of the encrypted data transmission stream;
      
      generating the first derived control word by applying the first function from the first set of functions to the first control word; and
      
      generating a second portion of the clear data stream by decrypting the second sub-crypto period of the encrypted data transmission stream using the first derived control word.
  - 50. The system of claim 49, wherein the recipient device is a set-top-box.
  - 51. The system of claim 50, wherein the at least second processor is located on a smart card that is a part of the set-top-box.
  - 52. The system of claim 49, wherein the recipient device is a mobile device.
  - 53. The system of claim 49, wherein the second memory further comprises instructions that, when executed by the processor, cause the processor to perform:
    - sending the clear data stream to a display device.
  - 54. The system of claim 49, wherein the second memory further comprises instructions that, when executed by the processor, cause the processor to perform:
    - storing the clear data stream.

55. A recipient device for receiving and decrypting an encrypted data stream, the recipient device comprising:
- a processor; and
  
  a memory in communication with and readable by the processor, wherein the memory comprises instructions that, when executed by the processor, cause the processor to perform a method, the method comprising;
  
  receiving a first set of functions comprising a plurality of functions, wherein a number of sub-crypto periods correlates to a number of functions included in the plurality of functions;
  
  receiving a first control word;
  
  receiving a first portion of an encrypted data transmission, wherein the first portion of the encrypted data transmission stream is encrypted using the first control word and represents a first sub-crypto period of the encrypted data transmission stream, wherein the first sub-crypto period is a discrete portion of a crypto period;
  
  generating a first portion of a clear data stream by decrypting the first portion of the encrypted data transmission stream using the first control word;
  
  receiving a second portion of the encrypted data transmission stream, wherein the second portion of the encrypted data transmission stream is encrypted using a first derived control word and represents a second sub-crypto period of the encrypted data transmission stream, wherein the second sub-crypto period is a discrete portion of the crypto period;
  
  generating the first derived control word by applying a first function from the first set of functions to the first control word; and
  
  generating a second portion of the clear data stream by decrypting the second portion of the encrypted data transmission stream using the first derived control word.
- View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
- - 56. The recipient device of claim 55, wherein the recipient device is a set-top-box.
  - 57. The recipient device of claim 56, wherein the processor is located on a smart card that is part of the set-top-box.
  - 58. The recipient device of claim 55, wherein the recipient device is a mobile device.
  - 59. The recipient device of claim 55, wherein the first portion of the encrypted data stream corresponds to the first sub-crypto period.
  - 60. The recipient device of claim 55, wherein the second portion of the encrypted data stream corresponds to the second sub-crypto period.
  - 61. The recipient device of claim 55, wherein the memory further comprises instructions that, when executed by the processor, cause the processor to perform:
    - sending the clear data stream to a display device.
  - 62. The recipient device of claim 55, wherein the memory further comprises instructions that, when executed by the processor, cause the processor to perform:
    - rendering the clear data stream; and
      
      displaying the clear data stream to a user.
  - 63. The recipient device of claim 55, wherein the memory further comprises instructions that, when executed by the processor, cause the processor to perform:
    - storing the clear data stream.
  - 64. The recipient device of claim 55, wherein the first set of functions comprises one or more deterministic functions.
  - 65. The recipient device of claim 55, wherein the clear data stream is a MPEG stream.
  - 66. The recipient device of claim 55, wherein the recipient device is a television.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NagraStar LLC (Kudelski SA)
Original Assignee
NagraStar LLC (Kudelski SA)
Inventors
Duval, Gregory, Kudelski, Henri
Primary Examiner(s)
Lewis, Lisa
Assistant Examiner(s)
Tsang, Henry

Application Number

US13/014,654
Publication Number

US 20120189121A1
Time in Patent Office

1,161 Days
Field of Search

None
US Class Current

380/255
CPC Class Codes

H04L 2209/601   Broadcast encryption

H04L 2463/062   applying encryption of the ...

H04L 63/0435   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/068   using time-dependent keys, ...

H04L 9/065   Encryption by serially and ...

H04L 9/0869   involving random numbers or...

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04N 21/2347   involving video stream encr...

H04N 21/26613   for generating or managing ...

H04N 21/4405   involving video stream decr...

H04N 21/4623   Processing of entitlement m...

Cascading dynamic crypto periods

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

66 Claims

Specification

Solutions

Use Cases

Quick Links

Cascading dynamic crypto periods

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

66 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links