CA2557824A1 - Secure negotiation and encryption module - Google Patents

Secure negotiation and encryption module Download PDF

Info

Publication number
CA2557824A1
CA2557824A1 CA002557824A CA2557824A CA2557824A1 CA 2557824 A1 CA2557824 A1 CA 2557824A1 CA 002557824 A CA002557824 A CA 002557824A CA 2557824 A CA2557824 A CA 2557824A CA 2557824 A1 CA2557824 A1 CA 2557824A1
Authority
CA
Canada
Prior art keywords
key
content
stream
encrypted
decrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002557824A
Other languages
French (fr)
Other versions
CA2557824C (en
Inventor
David A. Sedacca
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Scientific Atlanta LLC
Original Assignee
Scientific-Atlanta, Inc.
David A. Sedacca
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Scientific-Atlanta, Inc., David A. Sedacca filed Critical Scientific-Atlanta, Inc.
Publication of CA2557824A1 publication Critical patent/CA2557824A1/en
Application granted granted Critical
Publication of CA2557824C publication Critical patent/CA2557824C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/4104Peripherals receiving signals from specially adapted client devices
    • H04N21/4113PC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/436Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
    • H04N21/4367Establishing a secure communication between the client and a peripheral device or smart card
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/163Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Abstract

A digital subscriber communication terminal includes an adaptive output interface having a device key set, which, along with a subscriber device coupled to the adaptive output interface, determines a "shared secret." The adaptive output interface uses the "shared secret" to encrypt content and transmits the content to the subscriber device coupled to the adaptive output interface. The digital subscriber communications terminal includes a processor, a memory having an encrypted device key set and an encrypted device key set decryptor stored therein and a secure element having a key decryptor.
The secure element is adapted to receive the encrypted device key set decryptor and use the key decryptor to decrypt the encrypted device key set decryptor. The device key set decryptor is provided to the processor, which decrypts the encrypted device key set using the device key set decryptor, and the device key set is loaded into the adaptive output interface.

Claims (20)

1. A settop terminal in a subscriber television system, the settop terminal comprising:
a first memory having an encrypted first key and an encrypted device key set stored therein;
a secure element having a processor and a second memory, wherein the second memory is accessible only to the processor and has a private-key of a private-key/public-key pair stored therein, wherein the processor is adapted to decrypt the encrypted first key using the private-key, and wherein the decrypted first key is used to decrypt the encrypted device key set; and an adaptive output interface adapted to utilize a device key set to determine a shared-secret key with a receiver in communication therewith and adapted to provide an encrypted stream of content to the receiver using the shared-secret key to encrypt the stream of content.
2. The settop terminal of claim 1, wherein the device key set is used with protocols for high-bandwidth digital content protection.
3. The settop terminal of claim 1, wherein the device key set is used with protocols for digital transmission content protection.
4. The settop terminal of claim 1, wherein the adaptive output interface includes at least one of a digital visual interface and a High-Definition Multimedia Interface [HDMI].
5. The settop terminal of claim 1, wherein the output interface includes an IEEE
1394 interface.
6. The settop terminal of claim 1, further including:
a second processor adapted to receive the decrypted first key and decrypt the encrypted device key set using the decrypted first key and provide the decrypted device key set to the adaptive output interface.
7. The settop terminal of claim 6, wherein second processor implements a symmetric cryptographic algorithm using the device-key set decryptor as a key to decrypt the encrypted device-key set.
8. The settop terminal of claim 7, wherein the symmetric cryptographic algorithm is a 3DES algorithm.
9. The settop terminal of claim 7, wherein the symmetric cryptographic algorithm is a DES algorithm.
10. The settop terminal of claim 1, wherein the encrypted device key set and the encrypted first key are stored in the first memory prior to installing the settop terminal in the subscriber television system.
11. In a subscriber television system having a headend in communication with a plurality of settop terminals including a given settop terminal, the given settop terminal comprising:
a first memory having an encrypted first key and an encrypted device key set stored therein;
a secure element having a first processor and a second memory, wherein the second memory is accessible only to the first processor and has a private-key of a private-key/public-key pair stored therein, wherein the first processor is adapted to decrypt the encrypted first key using the private-key;
an input port receiving a stream of content from the headend;
a second processor adapted to determine from the stream of content whether the content of the stream of content is protected and adapted to receive the decrypted first key and decrypt the encrypted device key set using the decrypted first key; and an adaptive output interface adapted to implement the decrypted device key set to determine a shared-secret key with a receiver in communication therewith and, responsive to the first processor determining the content is protected, adapted to provide an encrypted stream of content to the receiver using the shared-secret key to encrypt the stream of content, and, responsive to the first processor determining the content is not protected, adapted to provide the stream of content to the receiver;
12. The settop terminal of claim 11, wherein the device key set includes protocols for high-bandwidth digital content protection.
13. The settop terminal of claim 11, wherein device key set includes protocols for digital transmission content protection.
14. The settop terminal of claim 11, wherein the adaptive output interface includes at least one of a digital visual interface and a High-Definition Multimedia Interface [HDMI].
15. The settop terminal of claim 11, wherein the output interface includes an IEEE
1394 interface.
16. A method of providing a receiver with a stream of content, the method implemented in a settop terminal in a subscriber television system, the method comprising the steps of:
decrypting an encrypted first key using a private-key of a private-key/public-key pair belonging to the settop terminal, wherein the first key is decrypted inside of a secure-element having a processor and a memory, wherein the private-key is accessible to only the processor;
decrypting an encrypted device key set using the decrypted first key;
providing the decrypted device key set to an adaptive output interface;
determining a shared-secret key with the receiver using the decrypted device key set; and outputting the stream of content to the receiver.
17. The method of claim 16, prior to the step of outputting, further including the steps of:
determining whether the content of the stream of content is protected content;
and responsive to determining the content is protected, encrypting the content of the stream of content using the shared-secret key, wherein the output stream of content is encrypted.
18. The method of claim 17, prior to the step of encrypting the content, further including the steps of:
receiving a second encrypted stream of content; and decrypting the second stream of content, wherein the decrypted second stream of content is the stream of content that is encrypted in the encryption step.
19. A method of providing a receiver with a stream of content, the method implemented in a settop terminal in a subscriber television system, the method comprising the steps of:
decrypting an encrypted first key using a private-key of a private-key/public-key pair belonging to the settop terminal, wherein the first key is decrypted inside of a secure-element having a processor and a memory, wherein the memory is accessible to only the processor and has the private-key stored therein;
decrypting an encrypted device key set using the decrypted first key;
providing the decrypted device key set to an adaptive output interface;
negotiating a shared-secret key with the receiver using the decrypted device key set;
receiving a stream of content from a headend of the subscriber television system;
determining whether the receiver is entitled to access the stream of content;
determining whether the received stream of content is encrypted content; and outputting the stream of content to the receiver.
20. The method of claim 16, prior to the step of outputting, further including the steps of:
determining whether the content of the stream of content is protected content;
and responsive to determining the content is protected, encrypting the content of the stream of content using the shared-secret key, wherein the output stream of content is encrypted.
CA2557824A 2004-02-27 2005-02-18 Secure negotiation and encryption module Expired - Fee Related CA2557824C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US10/789,337 2004-02-27
US10/789,337 US7519999B2 (en) 2004-02-27 2004-02-27 Secure negotiation and encryption module
PCT/US2005/005421 WO2005088958A1 (en) 2004-02-27 2005-02-18 Secure negotiation and encryption module

Publications (2)

Publication Number Publication Date
CA2557824A1 true CA2557824A1 (en) 2005-09-22
CA2557824C CA2557824C (en) 2010-12-14

Family

ID=34887256

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2557824A Expired - Fee Related CA2557824C (en) 2004-02-27 2005-02-18 Secure negotiation and encryption module

Country Status (4)

Country Link
US (1) US7519999B2 (en)
EP (1) EP1726156B1 (en)
CA (1) CA2557824C (en)
WO (1) WO2005088958A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4375995B2 (en) * 2003-04-30 2009-12-02 ローム株式会社 Device key protection method, encryption device and decryption device that can use the method, video transmission device, and video reception device
US20060205449A1 (en) * 2005-03-08 2006-09-14 Broadcom Corporation Mechanism for improved interoperability when content protection is used with an audio stream
KR20060107282A (en) * 2005-04-07 2006-10-13 엘지전자 주식회사 Data reproducing method, data recording/reproducing player and data transmitting method
JP4448800B2 (en) * 2005-07-07 2010-04-14 株式会社ソニー・コンピュータエンタテインメント Device controller
US9277295B2 (en) * 2006-06-16 2016-03-01 Cisco Technology, Inc. Securing media content using interchangeable encryption key
US9137480B2 (en) * 2006-06-30 2015-09-15 Cisco Technology, Inc. Secure escrow and recovery of media device content keys
US7966637B2 (en) * 2007-07-24 2011-06-21 Sony Corporation Hardware module for adding functionality to television
US7949133B2 (en) * 2007-09-26 2011-05-24 Pinder Howard G Controlled cryptoperiod timing to reduce decoder processing load
US9420336B1 (en) * 2009-11-05 2016-08-16 Cisco Technology, Inc. Localization of customer premises equipment in a digital communication network
TWI410908B (en) * 2010-01-18 2013-10-01 Chin Chen Chang A (2,2) circular sharing method for two color secret images
EP2461534A1 (en) * 2010-12-01 2012-06-06 Irdeto B.V. Control word protection
US9313534B2 (en) 2010-12-07 2016-04-12 Intertech Corp. Efficient authorization system for multi-channel broadcast program options
CN110769308B (en) * 2019-12-25 2021-03-30 深圳创维-Rgb电子有限公司 Signal channel switching method, display terminal and storage medium
US11528130B1 (en) * 2022-06-04 2022-12-13 Uab 360 It Stateless system to protect data

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5870474A (en) 1995-12-04 1999-02-09 Scientific-Atlanta, Inc. Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
US6292568B1 (en) 1966-12-16 2001-09-18 Scientific-Atlanta, Inc. Representing entitlements to service in a conditional access system
US5742677A (en) 1995-04-03 1998-04-21 Scientific-Atlanta, Inc. Information terminal having reconfigurable memory
US6005938A (en) 1996-12-16 1999-12-21 Scientific-Atlanta, Inc. Preventing replay attacks on digital information distributed by network service providers
US6560340B1 (en) 1995-04-03 2003-05-06 Scientific-Atlanta, Inc. Method and apparatus for geographically limiting service in a conditional access system
US6157719A (en) * 1995-04-03 2000-12-05 Scientific-Atlanta, Inc. Conditional access system
US6252964B1 (en) 1995-04-03 2001-06-26 Scientific-Atlanta, Inc. Authorization of services in a conditional access system
US6246767B1 (en) 1995-04-03 2001-06-12 Scientific-Atlanta, Inc. Source authentication of download information in a conditional access system
US6424717B1 (en) 1995-04-03 2002-07-23 Scientific-Atlanta, Inc. Encryption devices for use in a conditional access system
US6937729B2 (en) 1995-04-03 2005-08-30 Scientific-Atlanta, Inc. Representing entitlements to service in a conditional access system
US5937067A (en) * 1996-11-12 1999-08-10 Scientific-Atlanta, Inc. Apparatus and method for local encryption control of a global transport data stream
BR9815610A (en) 1997-08-01 2004-06-22 Scientific Atlanta Verification of program information source in conditional access system
WO1999009743A2 (en) 1997-08-01 1999-02-25 Scientific-Atlanta, Inc. Conditional access system
US6223285B1 (en) * 1997-10-24 2001-04-24 Sony Corporation Of Japan Method and system for transferring information using an encryption mode indicator
US20020003884A1 (en) * 2000-05-26 2002-01-10 Sprunk Eric J. Authentication and/or authorization launch
US6996238B2 (en) * 2000-10-02 2006-02-07 Sony Corporation Method for generating and looking-up transaction keys in communication networks
ATE488094T1 (en) 2000-12-22 2010-11-15 Irdeto Eindhoven B V CONDITIONAL ACCESS SYSTEM
US6510619B2 (en) * 2001-02-28 2003-01-28 Gregory Mills Wallpaper template for closures
US7184550B2 (en) * 2002-08-15 2007-02-27 Intel Corporation Method and apparatus for simultaneous decryption and re-encryption of publicly distributed content via stream ciphers
US7296295B2 (en) * 2002-12-11 2007-11-13 Broadcom Corporation Media processing system supporting different media formats via server-based transcoding

Also Published As

Publication number Publication date
EP1726156A1 (en) 2006-11-29
EP1726156B1 (en) 2013-04-10
US7519999B2 (en) 2009-04-14
WO2005088958A1 (en) 2005-09-22
CA2557824C (en) 2010-12-14
US20050190916A1 (en) 2005-09-01

Similar Documents

Publication Publication Date Title
CA2557824A1 (en) Secure negotiation and encryption module
EP1059001B1 (en) Method for protecting the audio/visual data across the nrss inte rface
EP2219374A1 (en) Securely providing a control word from a smartcard to a conditional access module
US20030026428A1 (en) Method of transmitting confidential data
AU770370B2 (en) Secure control of security mode
US9432709B2 (en) System and method to prevent manipulation of transmitted video data
CN103210658A (en) Method and system for decrypting a transport stream
WO2011120901A1 (en) Secure descrambling of an audio / video data stream
US9191621B2 (en) System and method to record encrypted content with access conditions
TWI523533B (en) Control-word deciphering, transmission and reception methods, recording medium for these methods and control-word server
KR102281972B1 (en) Method for protecting decryption keys in a decoder and decoder for implementing said method
WO2008077303A1 (en) A method and system for processing broadcast signal and a receiving terminal of broadcast signal
CN201515456U (en) Safe device, set-top box and receiving terminal for digital television receiving terminals
Hou et al. Based on cryptosystem secure communication between set-top box and smart card in DTV broadcasting
CN107077542A (en) Common interface main frame and common interface conditional access module
CN101790073A (en) Method for establishing safety communication channel and communication device thereof
JP2000004431A (en) Pay broadcast receiving method and its device
CN102238360A (en) Method and equipment for preventing pirated videos
CN107948727B (en) Digital television program stream transmission system and method based on quantum encryption
KR100510692B1 (en) Conditional Access System
CN1438783A (en) Digital enciphering system
MXPA06009708A (en) Secure negotiation and encryption module
WO2010017703A1 (en) Set-card separation method in digital tv receiving terminal

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20190218