Systems and methods for performing transport I/O

US 9,888,283 B2
Filed: 03/13/2013
Issued: 02/06/2018
Est. Priority Date: 03/13/2013
Status: Active Grant

First Claim

Patent Images

1. A removable security device comprising:

at least one processor; and

memory encoding computer executable instructions that, when executed by the at least one processor, performs a method comprising;

receiving a signal during initialization;

based upon the signal, determining whether the removable security device is operating in a legacy mode;

when the removable security device is not operating in the legacy mode, performing, by the removable security device, operations comprising;

receiving, from a head-end, at least one network control word;

maintaining the at least one network control word on the removable security device such that the at least one network control word is not transmitted from the removable security device;

receiving a first network encrypted elementary stream;

receiving a second network encrypted elementary stream;

decrypting the first and second network encrypted elementary streams using the at least one network control word to generate first and second clear content streams;

obtaining at least one local control word, wherein the at least one local control word is generated by the removable security device;

encrypting the first and second clear content streams by the removable device to produce first and second locally encrypted content streams, wherein the first and second locally encrypted content streams are produced using the at least one local control word;

multiplexing the first and second locally encrypted content streams to produce an output stream; and

providing the output stream to a video processing device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for implementing a Transport I/O system are described. Network encrypted content may be received by a device. The device may provide the network encrypted content to a secure processor, such as, for example, a smart card. The secure processor obtains a network control word that may be used to decrypt the network encrypted content. The secure processor may decrypt the network encrypted content to produce clear content. In embodiments, the secure processor may then use a local control word to generate locally encrypted content specific to the device. The device may then receive the locally encrypted content from the secure processor and proceed to decrypt the locally encrypted content using a shared local encryption key. The Transport I/O system ensures the protection of the network control word by maintaining the network control word on the secure processor.

360 Citations

23 Claims

1. A removable security device comprising:
- at least one processor; and
  
  memory encoding computer executable instructions that, when executed by the at least one processor, performs a method comprising;
  
  receiving a signal during initialization;
  
  based upon the signal, determining whether the removable security device is operating in a legacy mode;
  
  when the removable security device is not operating in the legacy mode, performing, by the removable security device, operations comprising;
  
  receiving, from a head-end, at least one network control word;
  
  maintaining the at least one network control word on the removable security device such that the at least one network control word is not transmitted from the removable security device;
  
  receiving a first network encrypted elementary stream;
  
  receiving a second network encrypted elementary stream;
  
  decrypting the first and second network encrypted elementary streams using the at least one network control word to generate first and second clear content streams;
  
  obtaining at least one local control word, wherein the at least one local control word is generated by the removable security device;
  
  encrypting the first and second clear content streams by the removable device to produce first and second locally encrypted content streams, wherein the first and second locally encrypted content streams are produced using the at least one local control word;
  
  multiplexing the first and second locally encrypted content streams to produce an output stream; and
  
  providing the output stream to a video processing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The removable security device of claim 1, wherein the removable security device is a smart card in a set-top-box.
  - 3. The removable security device of claim 1, wherein the removable security device supports a legacy form factor.
  - 4. The removable security device of claim 3, wherein the legacy form factor is compatible with the ISO-7816 standard.
  - 5. The removable security device of claim 1, wherein encrypting the first and second clear content streams utilizes a transport mode encryption.
  - 6. The removable security device of claim 1, wherein encrypting the first and second clear content streams utilizes a bulk mode encryption.
  - 7. The removable security device of claim 1, wherein the removable security device and the video processing device communicate using LVDS signaling.
  - 8. The removable security device of claim 1, wherein a first network control word is used to decrypt the first network encrypted elementary stream and second network control word is used to decrypt the second network encrypted elementary stream, and wherein the first and second network control words are different.
  - 9. The removable security device of claim 1, wherein the at least one local control word is generated by the removable security device.
  - 10. The removable security device of claim 1, wherein the local control word is obtained from a key ladder.
  - 11. The removable security device of claim 1, wherein the operations further comprise:
    - receiving at least one additional network encrypted elementary stream;
      
      decrypting the at least one additional network encrypted elementary stream using at least one additional network control word to generate at least one additional clear content stream;
      
      encrypting the at least one additional clear content stream to produce at least one additional locally encrypted content stream; and
      
      wherein multiplexing further comprises multiplexing the first, second, and at least one additional locally encrypted content stream into the output stream.
  - 12. The removable security device of claim 1, wherein the operations further comprise:
    - obtaining a first local control word, wherein the first clear content stream is encrypted using the first local control word; and
      
      obtaining optional additional local control word(s), wherein the optional additional network content stream(s) are encrypted using the optional additional local control word(s), and wherein some or all of the local control words are different.

13. A method comprising:
- receiving a signal during initialization;
  
  based upon the signal, determining whether the removable security device is operating in a legacy mode;
  
  when the removable security device is not operating in the legacy mode, performing, by the removable security device, operations comprising;
  
  receiving, from a head-end, at least one network control word;
  
  maintaining the at least one network control word on the removable security device such that the at least one network control word is not transmitted from the removable security device;
  
  receiving a first network encrypted elementary stream;
  
  receiving a second network encrypted elementary stream;
  
  decrypting the first and second network encrypted elementary streams using the at least one network control word to generate first and second clear content streams;
  
  obtaining at least one local control word, wherein the at least one local control word is generated by the removable security device;
  
  encrypting the first and second clear content streams by the removable device to produce first and second locally encrypted content streams, wherein the first and second locally encrypted content streams are produced using the at least one local control word;
  
  multiplexing the first and second locally encrypted content streams to produce an output stream; and
  
  providing the output stream to a video processing device.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, wherein the removable security device is a smart card.
  - 15. The method of claim 13, wherein encrypting the first and second clear content streams utilizes a transport mode encryption.
  - 16. The method of claim 13, wherein encrypting the first and second clear content streams utilizes a bulk mode encryption.
  - 17. The method of claim 13, wherein the removable security device and the video processing device communicate using LVDS signaling.
  - 18. The method of claim 13, further comprising:
    - receiving at least one additional network encrypted elementary stream;
      
      decrypting the at least one additional network encrypted elementary stream using at least one additional network control word to generate at least one additional clear content stream;
      
      encrypting the at least one additional clear content stream to produce at least one additional locally encrypted content stream; and
      
      wherein multiplexing further comprises multiplexing the first, second, and at least one additional locally encrypted content stream into the output stream.
  - 19. The method of claim 13, wherein the operations further comprising:
    - obtaining a first local control word, wherein the first clear content stream is encrypted using the first local control word; and
      
      obtaining optional additional local control word(s), wherein the optional additional network content stream(s) are encrypted using the optional additional local control word(s), and wherein some or all of the local control words are different.

20. A system comprising:
- a set-top-box; and
  
  a smart card connected to the set-top-box, the smart card performing a method comprising;
  
  receiving, at the smart card, a signal from the set-top-box during initialization;
  
  based upon the signal, determining whether the smart card is operating in a legacy mode;
  
  when the smart card is not operating in the legacy mode, performing, by the smart card, operations comprising;
  
  receiving, from a head-end, at least one network control word;
  
  maintaining the at least one network control word on the smart card such that the at least one network control word is not transmitted from the smart card;
  
  receiving a first network encrypted elementary stream;
  
  receiving a second network encrypted elementary stream;
  
  decrypting the first and second network encrypted elementary streams using the at least one network control word to generate first and second clear content streams;
  
  obtaining at least one local control word, wherein the at least one local control word is generated by the smart card;
  
  encrypting the first and second clear content streams by the removable device to produce first and second locally encrypted content streams, wherein the first and second locally encrypted content streams are produced using the at least one local control word;
  
  multiplexing the first and second locally encrypted content streams to produce an output stream; and
  
  providing the output stream to a video processing device.
- View Dependent Claims (21, 22, 23)
- - 21. The system of claim 20, wherein the operations further comprise:
    - receiving at least one additional network encrypted elementary stream;
      
      decrypting the at least one additional network encrypted elementary stream using at least one additional network control word to generate at least one additional clear content stream;
      
      encrypting the at least one additional clear content stream to produce at least one additional locally encrypted content stream; and
      
      wherein multiplexing further comprises multiplexing the first, second, and at least one additional locally encrypted content stream into the output stream.
  - 22. The system of claim 20, wherein the operations further comprise:
    - obtaining a first local control word, wherein the first clear content stream is encrypted using the first local control word; and
      
      obtaining optional additional local control word(s), wherein the optional additional network content stream(s) are encrypted using the optional additional local control word(s), and wherein some or all of the local control words are different.
  - 23. The system of claim 20, wherein the smart card and the set-top-box communicate using LVDS signaling.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NagraStar LLC (Kudelski SA)
Original Assignee
NagraStar LLC (Kudelski SA)
Inventors
Beals, William Michael, Fischer, Nicolas, Ellis, Benjamin Brian, Duval, Gregory
Primary Examiner(s)
CHEN, CAI Y

Application Number

US13/799,891
Publication Number

US 20140282685A1
Time in Patent Office

1,791 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 9/14   using a plurality of keys o...

H04N 21/23406   involving management of ser...

H04N 21/2401   Monitoring of the client bu...

H04N 21/4181   for conditional access

H04N 21/4367   Establishing a secure commu...

H04N 21/44004   involving video buffer mana...

H04N 21/4405   involving video stream decr...

H04N 21/4408   involving video stream encr...

H04N 21/4623   Processing of entitlement m...

H04N 21/64715   Protecting content from una...

H04N 21/835   Generation of protective da...

Systems and methods for performing transport I/O

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

360 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for performing transport I/O

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

360 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links