Reduced hierarchy key management system and method

US 11,115,709 B2
Filed: 05/27/2011
Issued: 09/07/2021
Est. Priority Date: 08/09/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

prior to receiving a first encrypted media stream and a second encrypted media stream, receiving, by a computing device associated with a user, a plurality of indexes and a plurality of content keys corresponding to the plurality of indexes, wherein a first index, of the plurality of indexes, corresponds to a first content key, of the plurality of content keys, and a second index, of the plurality of indexes, corresponds to a combination of a second content key and a third content key of the plurality of content keys;

receiving, by the computing device, the first encrypted media stream and the second encrypted media stream, the first encrypted media stream comprising a first identifier that corresponds to the first index, and the second encrypted media stream comprising a second identifier that corresponds to the second index;

generating, by the computing device, a first decryption key based on the first content key that corresponds to the first index and a second decryption key based on the combination of the second content key and the third content key that corresponds to the second index;

decrypting, by the computing device, at least a portion of the first encrypted media stream using the first decryption key, and at least a portion of the second encrypted media stream using the second decryption key; and

receiving, by the computing device, an entitlement management message that comprises an update to the plurality of indexes corresponding to the plurality of content keys, wherein the update does not include any of the plurality of content keys, and wherein the update updates the first index from corresponding to the first content key to corresponding to a fourth content key, of the plurality of content keys, different from the first content key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.

Citations

20 Claims

1. A method comprising:
- prior to receiving a first encrypted media stream and a second encrypted media stream, receiving, by a computing device associated with a user, a plurality of indexes and a plurality of content keys corresponding to the plurality of indexes, wherein a first index, of the plurality of indexes, corresponds to a first content key, of the plurality of content keys, and a second index, of the plurality of indexes, corresponds to a combination of a second content key and a third content key of the plurality of content keys;
  
  receiving, by the computing device, the first encrypted media stream and the second encrypted media stream, the first encrypted media stream comprising a first identifier that corresponds to the first index, and the second encrypted media stream comprising a second identifier that corresponds to the second index;
  
  generating, by the computing device, a first decryption key based on the first content key that corresponds to the first index and a second decryption key based on the combination of the second content key and the third content key that corresponds to the second index;
  
  decrypting, by the computing device, at least a portion of the first encrypted media stream using the first decryption key, and at least a portion of the second encrypted media stream using the second decryption key; and
  
  receiving, by the computing device, an entitlement management message that comprises an update to the plurality of indexes corresponding to the plurality of content keys, wherein the update does not include any of the plurality of content keys, and wherein the update updates the first index from corresponding to the first content key to corresponding to a fourth content key, of the plurality of content keys, different from the first content key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein a total number of the plurality of indexes is less than a total number of media streams and the plurality of content keys.
  - 3. The method of claim 1, further comprising storing the plurality of indexes in an index table.
  - 4. The method of claim 1, further comprising storing the plurality of content keys in a content key list.
  - 5. The method of claim 1, wherein the computing device comprises a set-top-box.
  - 6. The method of claim 1, wherein the first identifier is a video-on-demand identifier.
  - 7. The method of claim 1, wherein the generating comprises generating the first decryption key as a function of the first content key and a working key modifier.
  - 8. The method of claim 7, wherein the generating comprises generating the first decryption key as a function of the first content key and the working key modifier using at least one of an exclusive OR (EXOR) operation and a hashing operation.
  - 9. The method of claim 1, wherein the plurality of indexes comprises a plurality of initialization vector (“
    - IV”
      
      ) values and the plurality of content keys comprises initialization vectors.
  - 10. The method of claim 1, wherein the receiving the plurality of content keys occurs during a session setup time for a video on demand service.
  - 11. The method of claim 1, further comprising:
    - after receiving a third encrypted media stream comprising the first identifier corresponding to the first index, selecting the fourth content key corresponding to the first index and generating a different decryption key based on the fourth content key for decrypting the third encrypted media stream.

12. A method comprising:
- receiving, by a computing device, a plurality of content keys and a plurality of indexes corresponding to the plurality of content keys, each index of the plurality of indexes corresponding with a different content key of the plurality of content keys, wherein a first index of the plurality of indexes corresponds to a first content key of the plurality of content keys;
  
  subsequent to the receiving, receiving, by the computing device, a first encrypted media stream comprising an identifier associated with the first index;
  
  selecting, by the computing device, the first content key corresponding to the first index;
  
  generating, by the computing device, a decryption key based on the first content key for decrypting the first encrypted media stream;
  
  receiving an update to the plurality of indexes corresponding to the plurality of content keys, wherein the update does not include any of the plurality of content keys, and wherein the update updates the first index from corresponding to the first content key to corresponding to a second content key, of the plurality of content keys, different from the first content key; and
  
  after receiving a second encrypted media stream comprising the identifier associated with the first index, selecting the second content key corresponding to the first index and generating a different decryption key based on the second content key for decrypting the second encrypted media stream.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, further comprising:
    - storing a content key index table comprising the plurality of indexes; and
      
      storing a content key list comprising the plurality of content keys.
  - 14. The method of claim 12, wherein the computing device is a set-top-box.
  - 15. The method of claim 12, wherein receiving the plurality of indexes comprises receiving an entitlement management message comprising the plurality of indexes.
  - 16. The method of claim 12, wherein generating the decryption key based on the first content key comprises determining the decryption key based on the first content key and a working key modifier.
  - 17. The method of claim 16, wherein generating the decryption key based on the first content key and the working key modifier comprises using an exclusive OR (EXOR) or a hashing operator.
  - 18. The method of claim 12, wherein:
    - generating the decryption key is further based on a third content key for a service tier; and
      
      generating the different decryption key is further based on the third content key for the service tier.

19. An apparatus comprising:
- one or more processors, anda memory storing executable instructions configured to, when executed by the one or more processors, cause the apparatus to;
  
  prior to receiving a first encrypted media stream and a second encrypted media stream, receive a plurality of indexes and a plurality of content keys corresponding to the plurality of indexes, wherein a first index, of the plurality of indexes, corresponds to a first content key and a second content key, of the plurality of content keys, and a second index, of the plurality of indexes, corresponds to a combination of a second content key and a third content key of the plurality of content keys,receive the first encrypted media stream and the second encrypted media stream, the first encrypted media stream comprising a first identifier that corresponds to the first index, and the second encrypted media stream comprising a second identifier that corresponds to the second index,generate a first decryption key using the first content key that corresponds to the first index, and a second decryption key using the combination of the second content key and the third content key that corresponds to the second index,decrypt at least a portion of the first encrypted media stream using the first decryption key, and at least a portion of the second encrypted media stream using the second decryption key, andreceive an entitlement management message that comprises an update to the plurality of indexes corresponding to the plurality of content keys, wherein the update does not include any of the plurality of content keys, wherein the update updates the first index from corresponding to the first content key to corresponding to a fourth content key, of the plurality of content keys, different from the first content key, and wherein the apparatus is associated with a user.
- View Dependent Claims (20)
- - 20. The apparatus of claim 19, wherein the executable instructions, when executed by the processor, cause the apparatus to:
    - extract the plurality of indexes from another entitlement management message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Original Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Inventors
Fahrny, James William, Compton, Charles L.
Primary Examiner(s)
Pham, Luu T
Assistant Examiner(s)
Le, Canh

Application Number

US13/117,417
Publication Number

US 20110228942A1
Time in Patent Office

3,756 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/0836   using tree structure or hie...

H04L 9/0897   involving additional device...

H04N 21/2347   involving video stream encr...

H04N 21/26613   for generating or managing ...

H04N 21/4405   involving video stream decr...

H04N 21/4623   Processing of entitlement m...

H04N 21/835   Generation of protective da...

H04N 7/162   Authorising the user termin...

H04N 7/1675   Providing digital key or au...

H04N 7/17309   Transmission or handling of...

Reduced hierarchy key management system and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Reduced hierarchy key management system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links