Encryption key distribution method in mobile broadcasting system and system for the same

US 9,191,204 B2
Filed: 06/10/2009
Issued: 11/17/2015
Est. Priority Date: 06/11/2008
Status: Active Grant

First Claim

Patent Images

1. A method of distributing an encryption key for protecting a broadcasting service in a mobile broadcasting system, comprising the steps of:

generating, by a network, first information for encryption key derivation in response to providing the broadcasting service to a terminal, and transmitting a long term key message including the generated first information to the terminal; and

generating, by the network, second information for encryption key derivation before a lifetime of the first information expires, and transmitting a long term key message including the generated second information to the terminal,wherein the lifetime of the first information and a lifetime of the second information are an integer multiple of a lifetime of a traffic encryption key, the first information and the second information derive a plurality of traffic encryption keys, and the first information and the second information are derived from at least one key seed pair (KSP) composed of KS₁, KS₂arbitrarily generated in the network, andwherein the traffic encryption key is calculated based on a hash value of KS₁to which a hash function is applied and a hash value of KS₂to which a hash function is applied, andwherein a message sent for requesting the traffic encryption key includes at least one of a key domain ID and a KSP ID.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system for distributing an encryption key for service protection and content protection in a mobile broadcasting system are provided where a network generates a first encryption key when a broadcasting service is first provided to the terminal, and transmits a long term key message including the generated first encryption key to the terminal. Also, the network generates a second encryption key before the lifetime of a first access value pair expires, and transmits a long term key message including the generated second encryption key to the terminal.

29 Citations

View as Search Results

14 Claims

1. A method of distributing an encryption key for protecting a broadcasting service in a mobile broadcasting system, comprising the steps of:
- generating, by a network, first information for encryption key derivation in response to providing the broadcasting service to a terminal, and transmitting a long term key message including the generated first information to the terminal; and
  
  generating, by the network, second information for encryption key derivation before a lifetime of the first information expires, and transmitting a long term key message including the generated second information to the terminal,wherein the lifetime of the first information and a lifetime of the second information are an integer multiple of a lifetime of a traffic encryption key, the first information and the second information derive a plurality of traffic encryption keys, and the first information and the second information are derived from at least one key seed pair (KSP) composed of KS₁, KS₂arbitrarily generated in the network, andwherein the traffic encryption key is calculated based on a hash value of KS₁to which a hash function is applied and a hash value of KS₂to which a hash function is applied, andwherein a message sent for requesting the traffic encryption key includes at least one of a key domain ID and a KSP ID.
- View Dependent Claims (2, 3, 4)
- - 2. The method as claimed in claim 1, wherein the first information and the second information are encrypted based on a subscriber management key that is shared between the terminal and the network.
  - 3. The method as claimed in claim 1, wherein the first information and the second information are program encryption key information derived from service encryption key information, and the network transmits a long term key message that includes the first information and the second information to the terminal based on a terminal purchase request for the first information and the second information.
  - 4. The method as claimed in claim 3, further comprising receiving, by the network, a purchase request of the second information from the terminal before the lifetime of the first information expires.

5. A method of distributing an encryption key for protecting a broadcasting service in a mobile broadcasting system, comprising the steps of:
- verifying, by a terminal, a long term key message using a subscriber management key if the long term key message is received from a network;
  
  performing, by the terminal, replay detection if the long term key message is valid;
  
  confirming, by the terminal, validity of information for encryption key derivation included in the long term key message using a security function if the replay detection succeeds; and
  
  decoding, by the terminal, the information, generating and storing a traffic encryption key from the information if the information is valid,wherein a lifetime of the information is an integer multiple of a lifetime of a traffic encryption key, a plurality of the traffic encryption keys are derived from the information, and the information is derived from a key seed pair (KSP) composed of KS₁, KS₂arbitrarily generated in the network,wherein the traffic encryption key is calculated based on a hash value of KS₁to which a hash function is applied and a hash value of KS₂to which a hash function is applied, andwherein a message sent for requesting the traffic encryption key includes at least one of a key domain ID and a KSP ID.
- View Dependent Claims (6, 7)
- - 6. The method as claimed in claim 5, further comprising the steps of:
    - transmitting, by the terminal, a request message for requesting new traffic encryption key to the security function; and
      
      receiving, by the terminal, the new traffic encryption key from the security function in response to the request message.
  - 7. The method as claimed in claim 6, wherein the request message for requesting the new traffic encryption key includes a key domain ID and a traffic encryption key ID.

8. A network for distributing an encryption key for protecting a broadcasting service in a mobile broadcasting system, the network comprising:
- a controller configured to generate first information for encryption key derivation in response to providing the broadcasting service to a terminal, and generate second information for encryption key derivation before a lifetime of the first information expires; and
  
  a transmitter configured to transmit a long term key message including the generated first information to the terminal, and transmit a long term key message including the generated second information to the terminal,wherein the lifetime of the first information and a lifetime of the second are an integer multiple of a lifetime of a traffic encryption key, the first information and the second information derive a plurality of traffic encryption keys, and the first information and the second information are derived from at least one key seed pair (KSP) composed of KS₁, KS₂arbitrarily generated in the network,wherein the traffic encryption key is calculated based on a hash value of KS₁to which a hash function is applied and a hash value of KS₂to which a hash function is applied, andwherein a message sent for requesting the traffic encryption key includes at least one of a key domain ID and a KSP ID.
- View Dependent Claims (9, 10, 11)
- - 9. The network as claimed in claim 8, wherein the first information and the second information are encrypted based on a subscriber management key that is shared between the terminal and the network.
  - 10. The network as claimed in claim 8, wherein the first information and the second information are program encryption key information derived from service information, and the transmitter transmits a long term key message that includes the first information and the second to the terminal based on a terminal purchase request for the first information and the second information.
  - 11. The network as claimed in claim 10, further comprising a receiver, the receiver receives a purchase request of the second information from the terminal before the lifetime of the first information expires.

12. A terminal for distributing an encryption key for protecting a broadcasting service in a mobile broadcasting system, the terminal comprising:
- a processor configured to verify a long term key message using a subscriber management key if the long term key message is received from a network, perform replay detection if the long term key message is valid, confirm validity of information for encryption key derivation included in the long term key message using a security function if the replay detection succeeds, decode the information, and generate and store a traffic encryption key from the information if the information is valid,wherein a lifetime of the information is an integer multiple of a lifetime of a traffic encryption key, a plurality of traffic encryption keys are derived from the information, and the information is derived from a key seed pair (KSP) composed of KS₁, KS₂arbitrarily generated in the network,wherein the traffic encryption key is calculated based on a hash value of KS₁to which a hash function is applied and a hash value of KS₂to which a hash function is applied, andwherein a message sent for requesting the traffic encryption key includes at least one of a key domain ID and a KSP ID.
- View Dependent Claims (13, 14)
- - 13. The terminal as claimed in claim 12, wherein the processor transmits a request message for requesting a new traffic encryption key to the security function, and receives the new traffic encryption key from the security function in response to the request message.
  - 14. The terminal as claimed in claim 12, wherein the request message for requesting the new traffic encryption key includes a key domain ID and a traffic encryption key ID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Seleznev, Sergey Nikolayevich, Lee, Byung-Rae, Hwang, Sung-Oh
Primary Examiner(s)
Gee, Jason K.
Assistant Examiner(s)
Zhu, Zhimei

Application Number

US12/997,857
Publication Number

US 20110206205A1
Time in Patent Office

2,351 Days
Field of Search

380/45
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 2209/601   Broadcast encryption

H04L 2209/80   Wireless network architectu...

H04L 2463/101   applying security measures ...

H04L 63/068   using time-dependent keys, ...

H04L 9/0891   Revocation or update of sec...

H04N 21/26613   for generating or managing ...

H04N 7/1675   Providing digital key or au...

H04W 12/041   Key generation or derivation

H04W 4/06   Selective distribution of b...

H04W 4/50   Service provisioning or rec...

Encryption key distribution method in mobile broadcasting system and system for the same

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption key distribution method in mobile broadcasting system and system for the same

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links