Reduced hierarchy key management system and method
First Claim
1. A method comprising:
- prior to receiving a first encrypted media stream and a second encrypted media stream, receiving, by a computing device associated with a user, a plurality of indexes and a plurality of content keys corresponding to the plurality of indexes, wherein a first index, of the plurality of indexes, corresponds to a first content key, of the plurality of content keys, and a second index, of the plurality of indexes, corresponds to a combination of a second content key and a third content key of the plurality of content keys;
receiving, by the computing device, the first encrypted media stream and the second encrypted media stream, the first encrypted media stream comprising a first identifier that corresponds to the first index, and the second encrypted media stream comprising a second identifier that corresponds to the second index;
generating, by the computing device, a first decryption key based on the first content key that corresponds to the first index and a second decryption key based on the combination of the second content key and the third content key that corresponds to the second index;
decrypting, by the computing device, at least a portion of the first encrypted media stream using the first decryption key, and at least a portion of the second encrypted media stream using the second decryption key; and
receiving, by the computing device, an entitlement management message that comprises an update to the plurality of indexes corresponding to the plurality of content keys, wherein the update does not include any of the plurality of content keys, and wherein the update updates the first index from corresponding to the first content key to corresponding to a fourth content key, of the plurality of content keys, different from the first content key.
2 Assignments
0 Petitions
Accused Products
Abstract
A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.
-
Citations
20 Claims
-
1. A method comprising:
-
prior to receiving a first encrypted media stream and a second encrypted media stream, receiving, by a computing device associated with a user, a plurality of indexes and a plurality of content keys corresponding to the plurality of indexes, wherein a first index, of the plurality of indexes, corresponds to a first content key, of the plurality of content keys, and a second index, of the plurality of indexes, corresponds to a combination of a second content key and a third content key of the plurality of content keys; receiving, by the computing device, the first encrypted media stream and the second encrypted media stream, the first encrypted media stream comprising a first identifier that corresponds to the first index, and the second encrypted media stream comprising a second identifier that corresponds to the second index; generating, by the computing device, a first decryption key based on the first content key that corresponds to the first index and a second decryption key based on the combination of the second content key and the third content key that corresponds to the second index; decrypting, by the computing device, at least a portion of the first encrypted media stream using the first decryption key, and at least a portion of the second encrypted media stream using the second decryption key; and receiving, by the computing device, an entitlement management message that comprises an update to the plurality of indexes corresponding to the plurality of content keys, wherein the update does not include any of the plurality of content keys, and wherein the update updates the first index from corresponding to the first content key to corresponding to a fourth content key, of the plurality of content keys, different from the first content key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
receiving, by a computing device, a plurality of content keys and a plurality of indexes corresponding to the plurality of content keys, each index of the plurality of indexes corresponding with a different content key of the plurality of content keys, wherein a first index of the plurality of indexes corresponds to a first content key of the plurality of content keys; subsequent to the receiving, receiving, by the computing device, a first encrypted media stream comprising an identifier associated with the first index; selecting, by the computing device, the first content key corresponding to the first index; generating, by the computing device, a decryption key based on the first content key for decrypting the first encrypted media stream; receiving an update to the plurality of indexes corresponding to the plurality of content keys, wherein the update does not include any of the plurality of content keys, and wherein the update updates the first index from corresponding to the first content key to corresponding to a second content key, of the plurality of content keys, different from the first content key; and after receiving a second encrypted media stream comprising the identifier associated with the first index, selecting the second content key corresponding to the first index and generating a different decryption key based on the second content key for decrypting the second encrypted media stream. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. An apparatus comprising:
-
one or more processors, and a memory storing executable instructions configured to, when executed by the one or more processors, cause the apparatus to; prior to receiving a first encrypted media stream and a second encrypted media stream, receive a plurality of indexes and a plurality of content keys corresponding to the plurality of indexes, wherein a first index, of the plurality of indexes, corresponds to a first content key and a second content key, of the plurality of content keys, and a second index, of the plurality of indexes, corresponds to a combination of a second content key and a third content key of the plurality of content keys, receive the first encrypted media stream and the second encrypted media stream, the first encrypted media stream comprising a first identifier that corresponds to the first index, and the second encrypted media stream comprising a second identifier that corresponds to the second index, generate a first decryption key using the first content key that corresponds to the first index, and a second decryption key using the combination of the second content key and the third content key that corresponds to the second index, decrypt at least a portion of the first encrypted media stream using the first decryption key, and at least a portion of the second encrypted media stream using the second decryption key, and receive an entitlement management message that comprises an update to the plurality of indexes corresponding to the plurality of content keys, wherein the update does not include any of the plurality of content keys, wherein the update updates the first index from corresponding to the first content key to corresponding to a fourth content key, of the plurality of content keys, different from the first content key, and wherein the apparatus is associated with a user. - View Dependent Claims (20)
-
Specification