Cryptography – Key management
Reexamination Certificate
2000-06-20
2003-11-18
Barrón, Gilberto (Department: 2132)
Cryptography
Key management
C380S239000, C380S240000
Reexamination Certificate
active
06650753
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to data encryption, and more particularly to the encryption of broadcast programs such that unauthorized clone receivers cannot easily decrypt the programs.
2. Description of the Related Art
To prevent the unauthorized viewing and/or copying of, e.g. satellite or cable pay-per-view broadcast programs by non-paying customers, such programs typically are encrypted. Authorized customers are provided with so-called “set top boxes” that decrypt the programs in accordance with decryption algorithms inside the boxes. Various billing schemes are tied to the set-top boxes or other customer identification to ensure that authorized customers are billed for the programs they receive.
While effective for blocking access to many non-paying customers, such boxes can be cloned using relatively sophisticated cloning techniques, then sold to people who can then use the clones to watch and/or copy for free the otherwise pay-per-view programs. While it is occasionally possible to discover a single clone box, most remain undetected in users' homes, leading to a loss of revenue for the broadcasters.
This loss of revenue is a growing problem, particularly with the growth of in-home digital video devices, because digital copies are perfect copies. Indeed, the growth of digital video has led to the introduction of a new digital bus standard referred to both as “Firewire” and “IEEE 1394”, which has been proposed to standardize the interconnections between a user's digital television, digital video cassette recorder (VCR), digital video disk (DVD) player, and set-top box.
Because millions of set-top boxes might use the same decryption algorithm keys, it is not feasible to individually reprogram each authorized device with new decryption algorithm keys. Indeed, the only feasible way to reprogram millions of in-home decryption receivers of pay-per-view programs is to broadcast a new encryption algorithm key, but the unauthorized clones also receive the broadcast of the new key leading to the classic broadcast encryption conundrum: how can authorized receivers be efficiently reprogrammed with new decryption keys while disenfranchising unauthorized clones? It is to this problem that the present invention is addressed.
Accordingly, it is an object of the present invention to provide an encryption system for the secure broadcasting of programs. Another object of the present invention is to provide an encryption system that can broadcast encryption updates to authorized in-home digital video devices. Still another object of the present invention is to provide an encryption system that can update the encryption algorithms of authorized in-home digital video devices while preventing known unauthorized devices from being effectively updated. Yet another object of the present invention is to provide an encryption system for the secure broadcasting of programs that is easy to use and cost-effective.
SUMMARY OF THE INVENTION
A system is disclosed for encrypting one or more broadcast programs. The system includes plural user devices, each of which includes plural computer-usable device keys selected from a set of device keys. A session key block generator encrypts plural session numbers with the set of device keys to render a session key block, and at least one of the session numbers can be a dummy number when it is determined that at least one of the devices is a compromised device defining compromised device keys. The dummy number is encrypted by a compromised device key, and the session key block then transmitted for use in decrypting the program. A decryption module that is accessible to each user device can access the device keys of the device to determine a session key based on the session key block and the respective device keys of the device. This session key is usable by a user device to decrypt the program, unless the device has a compromised device key that consequently decrypts and uses the dummy number to generate the session key.
In a preferred embodiment, the set of device keys is representable be at least a two-dimensional matrix including a key distension and a sets distension. The key dimension represents “N” key positions, each represented by a key index variable “i”, and the sets dimension represents “M” sets, each represented by a sets index variable “j”, such that each device key can be represented by the notation S
j,i
. In accordance with principles set forth more fully below, no two device keys of a device have the same key index variable “i” as each other.
In the preferred embodiment, a respective session number is provided for each key index variable “i” such that each session number can be represented by x
i
. Each session number x
i
is encrypted only by device keys in the i
th
key dimension to render the session key block. Furthermore, each device uses its respective i
th
device key S
j,i
to decrypt the i
th
session number, such that all devices not having the compromised device key generate at least a first session key and all devices having the compromised device key generate at least a second session key, only the first session key being useful in decrypting the program.
In a particularly preferred embodiment, devices that generate the first session key define a first pool and devices that generate the second session key define a second pool. Computer readable code means determine whether all devices in the first pool are not compromised devices and, if they are not compromised, encrypted renewal data is sent to all devices; only devices in the first pool are able to decrypt the renewal data and act on it correctly. The devices operate on the renewal data to generate new device keys. Moreover, computer readable code means determine whether all devices in the second pool are compromised devices and, if not, devices in the second pool are caused to generate a new session key using a different compromised device key.
In a still further feature of the preferred embodiment, a first set of non-compromised devices defines the first pool and a second set of non-compromised devices defines a third pool, such that each of the first and third pools do not contain any compromised device. To conserve bandwidth under such circumstances, computer readable code means cause devices in the first pool to replace their session key with the session key of the devices in the third pool. A computer-implemented method that undertakes the function of the system summarized above is also disclosed.
In another aspect, the invention is a general purpose computer programmed according to the inventive steps herein to encrypt broadcast data. The invention can also be embodied as an article of manufacture—a machine component—that is used by a digital processing apparatus and which tangibly, embodies a program of instructions that are executable by the digital processing apparatus to encrypt broadcast transmissions. This invention is realized in a critical machine component that causes a digital processing apparatus to perform the inventive method steps herein.
In accordance with the present invention, the method steps include accessing a matrix of device keys S
j,i
, wherein i=the integers from 1 to N inclusive and j=the integers from 1 to M inclusive. In accordance with present principles, “i” is a key index variable indicating a position in a key dimension of the matrix, “j” is a sets index variable indicating a position in a sets dimension of the matrix, and “N” is the number of device keys in each of “M” sets of keys. Respective plural device keys from the matrix of device keys are assigned to a plurality of digital video devices, each of which is assigned one and only one device key for each key index variable “i”. Furthermore, plural session numbers x
i
are generated, i=1 to N, and each session number x
i
corresponds to a respective key index variable “i”. Each session number x
i
is encrypted with all device keys S
j,i
, j=1 to M, to generate a session key block.
In a
Lotspiech Jeffrey Bruce
McCurley Kevin Snow
Barrón Gilberto
Lanier Benjamin E.
Rogitz John L.
LandOfFree
System for encrypting broadcast programs in the presence of... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System for encrypting broadcast programs in the presence of..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System for encrypting broadcast programs in the presence of... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3153401