CA2557824A1 - Secure negotiation and encryption module - Google Patents
Secure negotiation and encryption module Download PDFInfo
- Publication number
- CA2557824A1 CA2557824A1 CA002557824A CA2557824A CA2557824A1 CA 2557824 A1 CA2557824 A1 CA 2557824A1 CA 002557824 A CA002557824 A CA 002557824A CA 2557824 A CA2557824 A CA 2557824A CA 2557824 A1 CA2557824 A1 CA 2557824A1
- Authority
- CA
- Canada
- Prior art keywords
- key
- content
- stream
- encrypted
- decrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/4104—Peripherals receiving signals from specially adapted client devices
- H04N21/4113—PC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/4367—Establishing a secure communication between the client and a peripheral device or smart card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
Abstract
A digital subscriber communication terminal includes an adaptive output interface having a device key set, which, along with a subscriber device coupled to the adaptive output interface, determines a "shared secret." The adaptive output interface uses the "shared secret" to encrypt content and transmits the content to the subscriber device coupled to the adaptive output interface. The digital subscriber communications terminal includes a processor, a memory having an encrypted device key set and an encrypted device key set decryptor stored therein and a secure element having a key decryptor.
The secure element is adapted to receive the encrypted device key set decryptor and use the key decryptor to decrypt the encrypted device key set decryptor. The device key set decryptor is provided to the processor, which decrypts the encrypted device key set using the device key set decryptor, and the device key set is loaded into the adaptive output interface.
The secure element is adapted to receive the encrypted device key set decryptor and use the key decryptor to decrypt the encrypted device key set decryptor. The device key set decryptor is provided to the processor, which decrypts the encrypted device key set using the device key set decryptor, and the device key set is loaded into the adaptive output interface.
Claims (20)
1. A settop terminal in a subscriber television system, the settop terminal comprising:
a first memory having an encrypted first key and an encrypted device key set stored therein;
a secure element having a processor and a second memory, wherein the second memory is accessible only to the processor and has a private-key of a private-key/public-key pair stored therein, wherein the processor is adapted to decrypt the encrypted first key using the private-key, and wherein the decrypted first key is used to decrypt the encrypted device key set; and an adaptive output interface adapted to utilize a device key set to determine a shared-secret key with a receiver in communication therewith and adapted to provide an encrypted stream of content to the receiver using the shared-secret key to encrypt the stream of content.
a first memory having an encrypted first key and an encrypted device key set stored therein;
a secure element having a processor and a second memory, wherein the second memory is accessible only to the processor and has a private-key of a private-key/public-key pair stored therein, wherein the processor is adapted to decrypt the encrypted first key using the private-key, and wherein the decrypted first key is used to decrypt the encrypted device key set; and an adaptive output interface adapted to utilize a device key set to determine a shared-secret key with a receiver in communication therewith and adapted to provide an encrypted stream of content to the receiver using the shared-secret key to encrypt the stream of content.
2. The settop terminal of claim 1, wherein the device key set is used with protocols for high-bandwidth digital content protection.
3. The settop terminal of claim 1, wherein the device key set is used with protocols for digital transmission content protection.
4. The settop terminal of claim 1, wherein the adaptive output interface includes at least one of a digital visual interface and a High-Definition Multimedia Interface [HDMI].
5. The settop terminal of claim 1, wherein the output interface includes an IEEE
1394 interface.
1394 interface.
6. The settop terminal of claim 1, further including:
a second processor adapted to receive the decrypted first key and decrypt the encrypted device key set using the decrypted first key and provide the decrypted device key set to the adaptive output interface.
a second processor adapted to receive the decrypted first key and decrypt the encrypted device key set using the decrypted first key and provide the decrypted device key set to the adaptive output interface.
7. The settop terminal of claim 6, wherein second processor implements a symmetric cryptographic algorithm using the device-key set decryptor as a key to decrypt the encrypted device-key set.
8. The settop terminal of claim 7, wherein the symmetric cryptographic algorithm is a 3DES algorithm.
9. The settop terminal of claim 7, wherein the symmetric cryptographic algorithm is a DES algorithm.
10. The settop terminal of claim 1, wherein the encrypted device key set and the encrypted first key are stored in the first memory prior to installing the settop terminal in the subscriber television system.
11. In a subscriber television system having a headend in communication with a plurality of settop terminals including a given settop terminal, the given settop terminal comprising:
a first memory having an encrypted first key and an encrypted device key set stored therein;
a secure element having a first processor and a second memory, wherein the second memory is accessible only to the first processor and has a private-key of a private-key/public-key pair stored therein, wherein the first processor is adapted to decrypt the encrypted first key using the private-key;
an input port receiving a stream of content from the headend;
a second processor adapted to determine from the stream of content whether the content of the stream of content is protected and adapted to receive the decrypted first key and decrypt the encrypted device key set using the decrypted first key; and an adaptive output interface adapted to implement the decrypted device key set to determine a shared-secret key with a receiver in communication therewith and, responsive to the first processor determining the content is protected, adapted to provide an encrypted stream of content to the receiver using the shared-secret key to encrypt the stream of content, and, responsive to the first processor determining the content is not protected, adapted to provide the stream of content to the receiver;
a first memory having an encrypted first key and an encrypted device key set stored therein;
a secure element having a first processor and a second memory, wherein the second memory is accessible only to the first processor and has a private-key of a private-key/public-key pair stored therein, wherein the first processor is adapted to decrypt the encrypted first key using the private-key;
an input port receiving a stream of content from the headend;
a second processor adapted to determine from the stream of content whether the content of the stream of content is protected and adapted to receive the decrypted first key and decrypt the encrypted device key set using the decrypted first key; and an adaptive output interface adapted to implement the decrypted device key set to determine a shared-secret key with a receiver in communication therewith and, responsive to the first processor determining the content is protected, adapted to provide an encrypted stream of content to the receiver using the shared-secret key to encrypt the stream of content, and, responsive to the first processor determining the content is not protected, adapted to provide the stream of content to the receiver;
12. The settop terminal of claim 11, wherein the device key set includes protocols for high-bandwidth digital content protection.
13. The settop terminal of claim 11, wherein device key set includes protocols for digital transmission content protection.
14. The settop terminal of claim 11, wherein the adaptive output interface includes at least one of a digital visual interface and a High-Definition Multimedia Interface [HDMI].
15. The settop terminal of claim 11, wherein the output interface includes an IEEE
1394 interface.
1394 interface.
16. A method of providing a receiver with a stream of content, the method implemented in a settop terminal in a subscriber television system, the method comprising the steps of:
decrypting an encrypted first key using a private-key of a private-key/public-key pair belonging to the settop terminal, wherein the first key is decrypted inside of a secure-element having a processor and a memory, wherein the private-key is accessible to only the processor;
decrypting an encrypted device key set using the decrypted first key;
providing the decrypted device key set to an adaptive output interface;
determining a shared-secret key with the receiver using the decrypted device key set; and outputting the stream of content to the receiver.
decrypting an encrypted first key using a private-key of a private-key/public-key pair belonging to the settop terminal, wherein the first key is decrypted inside of a secure-element having a processor and a memory, wherein the private-key is accessible to only the processor;
decrypting an encrypted device key set using the decrypted first key;
providing the decrypted device key set to an adaptive output interface;
determining a shared-secret key with the receiver using the decrypted device key set; and outputting the stream of content to the receiver.
17. The method of claim 16, prior to the step of outputting, further including the steps of:
determining whether the content of the stream of content is protected content;
and responsive to determining the content is protected, encrypting the content of the stream of content using the shared-secret key, wherein the output stream of content is encrypted.
determining whether the content of the stream of content is protected content;
and responsive to determining the content is protected, encrypting the content of the stream of content using the shared-secret key, wherein the output stream of content is encrypted.
18. The method of claim 17, prior to the step of encrypting the content, further including the steps of:
receiving a second encrypted stream of content; and decrypting the second stream of content, wherein the decrypted second stream of content is the stream of content that is encrypted in the encryption step.
receiving a second encrypted stream of content; and decrypting the second stream of content, wherein the decrypted second stream of content is the stream of content that is encrypted in the encryption step.
19. A method of providing a receiver with a stream of content, the method implemented in a settop terminal in a subscriber television system, the method comprising the steps of:
decrypting an encrypted first key using a private-key of a private-key/public-key pair belonging to the settop terminal, wherein the first key is decrypted inside of a secure-element having a processor and a memory, wherein the memory is accessible to only the processor and has the private-key stored therein;
decrypting an encrypted device key set using the decrypted first key;
providing the decrypted device key set to an adaptive output interface;
negotiating a shared-secret key with the receiver using the decrypted device key set;
receiving a stream of content from a headend of the subscriber television system;
determining whether the receiver is entitled to access the stream of content;
determining whether the received stream of content is encrypted content; and outputting the stream of content to the receiver.
decrypting an encrypted first key using a private-key of a private-key/public-key pair belonging to the settop terminal, wherein the first key is decrypted inside of a secure-element having a processor and a memory, wherein the memory is accessible to only the processor and has the private-key stored therein;
decrypting an encrypted device key set using the decrypted first key;
providing the decrypted device key set to an adaptive output interface;
negotiating a shared-secret key with the receiver using the decrypted device key set;
receiving a stream of content from a headend of the subscriber television system;
determining whether the receiver is entitled to access the stream of content;
determining whether the received stream of content is encrypted content; and outputting the stream of content to the receiver.
20. The method of claim 16, prior to the step of outputting, further including the steps of:
determining whether the content of the stream of content is protected content;
and responsive to determining the content is protected, encrypting the content of the stream of content using the shared-secret key, wherein the output stream of content is encrypted.
determining whether the content of the stream of content is protected content;
and responsive to determining the content is protected, encrypting the content of the stream of content using the shared-secret key, wherein the output stream of content is encrypted.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/789,337 | 2004-02-27 | ||
US10/789,337 US7519999B2 (en) | 2004-02-27 | 2004-02-27 | Secure negotiation and encryption module |
PCT/US2005/005421 WO2005088958A1 (en) | 2004-02-27 | 2005-02-18 | Secure negotiation and encryption module |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2557824A1 true CA2557824A1 (en) | 2005-09-22 |
CA2557824C CA2557824C (en) | 2010-12-14 |
Family
ID=34887256
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2557824A Expired - Fee Related CA2557824C (en) | 2004-02-27 | 2005-02-18 | Secure negotiation and encryption module |
Country Status (4)
Country | Link |
---|---|
US (1) | US7519999B2 (en) |
EP (1) | EP1726156B1 (en) |
CA (1) | CA2557824C (en) |
WO (1) | WO2005088958A1 (en) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4375995B2 (en) * | 2003-04-30 | 2009-12-02 | ローム株式会社 | Device key protection method, encryption device and decryption device that can use the method, video transmission device, and video reception device |
US20060205449A1 (en) * | 2005-03-08 | 2006-09-14 | Broadcom Corporation | Mechanism for improved interoperability when content protection is used with an audio stream |
KR20060107282A (en) * | 2005-04-07 | 2006-10-13 | 엘지전자 주식회사 | Data reproducing method, data recording/reproducing player and data transmitting method |
JP4448800B2 (en) * | 2005-07-07 | 2010-04-14 | 株式会社ソニー・コンピュータエンタテインメント | Device controller |
US9277295B2 (en) * | 2006-06-16 | 2016-03-01 | Cisco Technology, Inc. | Securing media content using interchangeable encryption key |
US9137480B2 (en) * | 2006-06-30 | 2015-09-15 | Cisco Technology, Inc. | Secure escrow and recovery of media device content keys |
US7966637B2 (en) * | 2007-07-24 | 2011-06-21 | Sony Corporation | Hardware module for adding functionality to television |
US7949133B2 (en) * | 2007-09-26 | 2011-05-24 | Pinder Howard G | Controlled cryptoperiod timing to reduce decoder processing load |
US9420336B1 (en) * | 2009-11-05 | 2016-08-16 | Cisco Technology, Inc. | Localization of customer premises equipment in a digital communication network |
TWI410908B (en) * | 2010-01-18 | 2013-10-01 | Chin Chen Chang | A (2,2) circular sharing method for two color secret images |
EP2461534A1 (en) * | 2010-12-01 | 2012-06-06 | Irdeto B.V. | Control word protection |
US9313534B2 (en) | 2010-12-07 | 2016-04-12 | Intertech Corp. | Efficient authorization system for multi-channel broadcast program options |
CN110769308B (en) * | 2019-12-25 | 2021-03-30 | 深圳创维-Rgb电子有限公司 | Signal channel switching method, display terminal and storage medium |
US11528130B1 (en) * | 2022-06-04 | 2022-12-13 | Uab 360 It | Stateless system to protect data |
Family Cites Families (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5870474A (en) | 1995-12-04 | 1999-02-09 | Scientific-Atlanta, Inc. | Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers |
US6292568B1 (en) | 1966-12-16 | 2001-09-18 | Scientific-Atlanta, Inc. | Representing entitlements to service in a conditional access system |
US5742677A (en) | 1995-04-03 | 1998-04-21 | Scientific-Atlanta, Inc. | Information terminal having reconfigurable memory |
US6005938A (en) | 1996-12-16 | 1999-12-21 | Scientific-Atlanta, Inc. | Preventing replay attacks on digital information distributed by network service providers |
US6560340B1 (en) | 1995-04-03 | 2003-05-06 | Scientific-Atlanta, Inc. | Method and apparatus for geographically limiting service in a conditional access system |
US6157719A (en) * | 1995-04-03 | 2000-12-05 | Scientific-Atlanta, Inc. | Conditional access system |
US6252964B1 (en) | 1995-04-03 | 2001-06-26 | Scientific-Atlanta, Inc. | Authorization of services in a conditional access system |
US6246767B1 (en) | 1995-04-03 | 2001-06-12 | Scientific-Atlanta, Inc. | Source authentication of download information in a conditional access system |
US6424717B1 (en) | 1995-04-03 | 2002-07-23 | Scientific-Atlanta, Inc. | Encryption devices for use in a conditional access system |
US6937729B2 (en) | 1995-04-03 | 2005-08-30 | Scientific-Atlanta, Inc. | Representing entitlements to service in a conditional access system |
US5937067A (en) * | 1996-11-12 | 1999-08-10 | Scientific-Atlanta, Inc. | Apparatus and method for local encryption control of a global transport data stream |
BR9815610A (en) | 1997-08-01 | 2004-06-22 | Scientific Atlanta | Verification of program information source in conditional access system |
WO1999009743A2 (en) | 1997-08-01 | 1999-02-25 | Scientific-Atlanta, Inc. | Conditional access system |
US6223285B1 (en) * | 1997-10-24 | 2001-04-24 | Sony Corporation Of Japan | Method and system for transferring information using an encryption mode indicator |
US20020003884A1 (en) * | 2000-05-26 | 2002-01-10 | Sprunk Eric J. | Authentication and/or authorization launch |
US6996238B2 (en) * | 2000-10-02 | 2006-02-07 | Sony Corporation | Method for generating and looking-up transaction keys in communication networks |
ATE488094T1 (en) | 2000-12-22 | 2010-11-15 | Irdeto Eindhoven B V | CONDITIONAL ACCESS SYSTEM |
US6510619B2 (en) * | 2001-02-28 | 2003-01-28 | Gregory Mills | Wallpaper template for closures |
US7184550B2 (en) * | 2002-08-15 | 2007-02-27 | Intel Corporation | Method and apparatus for simultaneous decryption and re-encryption of publicly distributed content via stream ciphers |
US7296295B2 (en) * | 2002-12-11 | 2007-11-13 | Broadcom Corporation | Media processing system supporting different media formats via server-based transcoding |
-
2004
- 2004-02-27 US US10/789,337 patent/US7519999B2/en active Active
-
2005
- 2005-02-18 EP EP05723398.3A patent/EP1726156B1/en not_active Not-in-force
- 2005-02-18 WO PCT/US2005/005421 patent/WO2005088958A1/en active Application Filing
- 2005-02-18 CA CA2557824A patent/CA2557824C/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
EP1726156A1 (en) | 2006-11-29 |
EP1726156B1 (en) | 2013-04-10 |
US7519999B2 (en) | 2009-04-14 |
WO2005088958A1 (en) | 2005-09-22 |
CA2557824C (en) | 2010-12-14 |
US20050190916A1 (en) | 2005-09-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2557824A1 (en) | Secure negotiation and encryption module | |
EP1059001B1 (en) | Method for protecting the audio/visual data across the nrss inte rface | |
EP2219374A1 (en) | Securely providing a control word from a smartcard to a conditional access module | |
US20030026428A1 (en) | Method of transmitting confidential data | |
AU770370B2 (en) | Secure control of security mode | |
US9432709B2 (en) | System and method to prevent manipulation of transmitted video data | |
CN103210658A (en) | Method and system for decrypting a transport stream | |
WO2011120901A1 (en) | Secure descrambling of an audio / video data stream | |
US9191621B2 (en) | System and method to record encrypted content with access conditions | |
TWI523533B (en) | Control-word deciphering, transmission and reception methods, recording medium for these methods and control-word server | |
KR102281972B1 (en) | Method for protecting decryption keys in a decoder and decoder for implementing said method | |
WO2008077303A1 (en) | A method and system for processing broadcast signal and a receiving terminal of broadcast signal | |
CN201515456U (en) | Safe device, set-top box and receiving terminal for digital television receiving terminals | |
Hou et al. | Based on cryptosystem secure communication between set-top box and smart card in DTV broadcasting | |
CN107077542A (en) | Common interface main frame and common interface conditional access module | |
CN101790073A (en) | Method for establishing safety communication channel and communication device thereof | |
JP2000004431A (en) | Pay broadcast receiving method and its device | |
CN102238360A (en) | Method and equipment for preventing pirated videos | |
CN107948727B (en) | Digital television program stream transmission system and method based on quantum encryption | |
KR100510692B1 (en) | Conditional Access System | |
CN1438783A (en) | Digital enciphering system | |
MXPA06009708A (en) | Secure negotiation and encryption module | |
WO2010017703A1 (en) | Set-card separation method in digital tv receiving terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |
Effective date: 20190218 |