Content protection key encryptor for security providers

US 8,837,726 B2
Filed: 10/16/2009
Issued: 09/16/2014
Est. Priority Date: 10/16/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving at an encryption device from a control device an encryption request comprising a content protection key (CPK) to be encrypted and an identifier for a decryption device, wherein the control device is controlled by a security provider that provides secure content to the decryption device using the CPK encrypted with a device key that is securely embedded in the decryption device and also stored on the encryption device, wherein the encryption device is provided by a key provider and the device key is not divulged to the security provider in order to prevent a compromise of the device key, and wherein the secure content is secured by encrypting content using a control word that itself is encrypted by the CPK;

retrieving at the encryption device the device key based on the decryption device identifier;

encrypting the CPK with the device key using a predetermined algorithm; and

sending the encrypted CPK to the control device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided to receive at an encryption device from a control device an encryption request comprising a message and an identifier for a device. The control device and the device are associated with a security provider that provides secure content to the device using the message encrypted with a device key that is securely embedded in the device and also stored on the encryption device. The encryption device is associated with a key provider and the device key is not divulged to the security provider. At the encryption device, the device key is retrieved based on the identifier. The message is encrypted with the device key using a predetermined algorithm, and the encrypted message is then sent to the control device.

13 Citations

20 Claims

1. A method comprising:
- receiving at an encryption device from a control device an encryption request comprising a content protection key (CPK) to be encrypted and an identifier for a decryption device, wherein the control device is controlled by a security provider that provides secure content to the decryption device using the CPK encrypted with a device key that is securely embedded in the decryption device and also stored on the encryption device, wherein the encryption device is provided by a key provider and the device key is not divulged to the security provider in order to prevent a compromise of the device key, and wherein the secure content is secured by encrypting content using a control word that itself is encrypted by the CPK;
  
  retrieving at the encryption device the device key based on the decryption device identifier;
  
  encrypting the CPK with the device key using a predetermined algorithm; and
  
  sending the encrypted CPK to the control device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the predetermined algorithm is supplied by the security provider.
  - 3. The method of claim 1, wherein encrypting comprises encrypting the CPK with the device key using a secure hardware module within the encryption device provided by the security provider, and wherein the predetermined algorithm is embedded in the secure hardware module.
  - 4. The method of claim 1, wherein the predetermined algorithm comprises a plurality of encryption algorithms agreed upon by the security provider and the key provider, and further comprising selecting one of the plurality of encryption algorithms to encrypt the CPK.
  - 5. The method of claim 1, wherein the device key is programmed into a secure one-time programmable memory of the decryption device during manufacture.
  - 6. The method of claim 1, further comprising applying a predetermined transformation to the CPK prior to encrypting the CPK.
  - 7. The method of claim 1, further comprising:
    - encrypting a control word with the CPK; and
      
      encrypting a service intended for the decryption device with the control word.
  - 8. The method of claim 1, wherein the CPK is used to encrypt services in a cable system and further comprising:
    - encrypting a control word with the CPK at a headend facility; and
      
      encrypting a service intended for the decryption device with the control word, wherein the decryption device is a digital transport adapter.

9. An apparatus comprising:
- a storage device configured to securely store device identifiers and corresponding device keys;
  
  an interface configured to communicate with a control device that is controlled by a security provider that provides secure content to a decryption device using a content protection key (CPK) encrypted with a device key that is securely embedded in the decryption device and stored on the storage device;
  
  a processor configured to;
  
  receive an encryption request from the control device comprising the CPK to be encrypted and an identifier for the decryption device, wherein the apparatus is provided by a key provider and the device key is not divulged to the security provider in order to prevent a compromise of the device key, and wherein the secure content is secured by encrypting content using a control word that itself is encrypted by the CPK;
  
  retrieve the device key from the storage device corresponding to the identifier;
  
  encrypt the CPK with the device key using a predetermined algorithm; and
  
  send the encrypted CPK to the control device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus of claim 9, wherein the processor is configured to encrypt the CPK using the predetermined algorithm that is supplied by the security provider.
  - 11. The apparatus of claim 9, wherein the processor is configured to encrypt the CPK using a secure hardware module provided by the security provider, and wherein the predetermined algorithm is embedded in the secure hardware module.
  - 12. The apparatus of claim 9, wherein the processor is configured to encrypt the CPK using a plurality of predetermined encryption algorithms agreed upon by the security provider and the key provider, and wherein the processor is further configured to select one of the plurality of encryption algorithms to encrypt the CPK.
  - 13. A system comprising the apparatus of claim 9, and further comprising the decryption device, wherein the device key is programmed into a secure one-time programmable memory of the decryption device during manufacture.
  - 14. A system comprising the apparatus of claim 9, and further comprising the control device, wherein the control device is configured to apply a predetermined transformation to the CPK prior to encrypting the CPK.
  - 15. A system comprising the apparatus of claim 9, and further comprising the control device, wherein the control device is configured to:
    - encrypt a control word with the CPK; and
      
      direct that a service intended for the decryption device be encrypted with the control word.
  - 16. A system comprising the apparatus of claim 9, and further comprising the control device residing in a cable system headend facility and the decryption device comprising a digital transport adapter (DTA), wherein the control device is configured to:
    - encrypt a control word with the CPK; and
      
      direct that a service intended for the DTA be encrypted with the control word.

17. A non-transitory processor readable tangible medium encoded with instructions that, when executed by a processor, cause the processor to:
- receive at an encryption device from a control device an encryption request comprising a content protection key (CPK) to be encrypted and an identifier for a decryption device, wherein the control device is controlled by a security provider that provides secure content to the decryption device using the CPK encrypted with a device key that is securely embedded in the decryption device and also stored on the encryption device, wherein the encryption device is provided by a key provider, and the device key is not divulged to the security provider in order to prevent a compromise of the device key, and wherein the secure content is secured by encrypting content using a control word that itself is encrypted by the CPK;
  
  retrieve at the encryption device the device key based on the decryption device identifier;
  
  encrypt the CPK with the device key using a predetermined algorithm; and
  
  send the encrypted CPK to the control device.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory processor readable tangible medium of claim 17, wherein the predetermined algorithm is supplied by the security provider.
  - 19. The non-transitory processor readable tangible medium of claim 17, wherein the instructions that encrypt comprise instructions that cause the processor to encrypt using a secure hardware module within the encryption device provided by the security provider, and wherein the predetermined algorithm is embedded in the secure hardware module.
  - 20. The non-transitory processor readable tangible medium of claim 17, wherein the predetermined algorithm comprises a plurality of encryption algorithms agreed upon by the security provider and the key provider, and further encoded with instructions that, when executed by a processor, cause the processor to select one of the plurality of encryption algorithms to encrypt the CPK.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tech 5 SAS
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Pinder, Howard G.
Primary Examiner(s)
Rahman, Mohammad L
Assistant Examiner(s)
CHANG, KENNETH W

Application Number

US12/580,589
Publication Number

US 20110091037A1
Time in Patent Office

1,796 Days
Field of Search

380/255
US Class Current

380/255
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/0822   using key encryption key

H04L 9/083   involving central third par...

H04L 9/0897   involving additional device...

Content protection key encryptor for security providers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Content protection key encryptor for security providers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links