US20150319146A1 - System and Method for Security Key Transmission With Strong Pairing to Destination Client - Google Patents

System and Method for Security Key Transmission With Strong Pairing to Destination Client Download PDF

Info

Publication number
US20150319146A1
US20150319146A1 US14/800,242 US201514800242A US2015319146A1 US 20150319146 A1 US20150319146 A1 US 20150319146A1 US 201514800242 A US201514800242 A US 201514800242A US 2015319146 A1 US2015319146 A1 US 2015319146A1
Authority
US
United States
Prior art keywords
key
security
security key
client
keys
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/800,242
Inventor
Iue-Shuenn Chen
Kevin Patariu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Avago Technologies International Sales Pte Ltd
Original Assignee
Broadcom Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Broadcom Corp filed Critical Broadcom Corp
Priority to US14/800,242 priority Critical patent/US20150319146A1/en
Publication of US20150319146A1 publication Critical patent/US20150319146A1/en
Assigned to BANK OF AMERICA, N.A., AS COLLATERAL AGENT reassignment BANK OF AMERICA, N.A., AS COLLATERAL AGENT PATENT SECURITY AGREEMENT Assignors: BROADCOM CORPORATION
Assigned to AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD. reassignment AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BROADCOM CORPORATION
Assigned to BROADCOM CORPORATION reassignment BROADCOM CORPORATION TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS Assignors: BANK OF AMERICA, N.A., AS COLLATERAL AGENT
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25866Management of end-user data
    • H04N21/25875Management of end-user data involving end-user authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26606Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/601Broadcast encryption

Definitions

  • CA conditional access
  • the security key generation, and the destination module that uses the security key may be far apart within a chip.
  • a security key generation module may not be within the same design block as the destination module that utilizes the security key.
  • the distance between the security key generation module and the destination module may require a special bus to transmit the security key to the appropriate destinations, which may decrease the speed and efficiency of the circuit.
  • the addressability of the key to the destination module is currently the only known pairing between a security key generation module and a security key destination module.
  • a complete CA system usually includes three main functions: a scrambling/descrambling function, an entitlement control function, and an entitlement management function.
  • the scrambling/descrambling function is designed to make the program incomprehensible to unauthorized receivers. Scrambling may be applied commonly or separately to the different elementary stream components of a program. For example, the video, audio and data stream components of a TV program may be scrambled in order to make these streams unintelligible. Scrambling may be achieved by applying various scrambling algorithms to the stream components.
  • the scrambling algorithm usually utilizes a secret key, called a control word. Once the signal is received, the descrambling may be achieved by any receiver that holds the secret key or the control word, used by the scrambling algorithm prior to transmission.
  • Scrambling and descrambling operations do not cause any impairment on the quality of the signals.
  • the commonly used algorithms for scrambling digital data in CA systems are symmetric key ciphers.
  • the control word used by the scrambling algorithm is a secret parameter known only by the scrambler and the authorized descramblers. In order to preserve the integrity of the encryption process, the control word has to be changed frequently in order to avoid any exhaustive searches by an unauthorized user, which is intended to discover the control word.
  • the rights and associated keys needed to descramble a program are called entitlements.
  • the entitlement control function provides the conditions required to access a scrambled program together with the encrypted secret parameters enabling the signal descrambling process for the authorized receivers.
  • This data is broadcasted as conditional access messages, called entitlement control messages (ECMs).
  • ECMs carry an encrypted form of the control words, or a means to recover the control words, together with access parameters, such as identification of the service and of the conditions required for accessing this service.
  • the receiver Upon receipt of an ECM, the receiver transmits the encrypted control word and the access characteristics to the security device, for example, a smart card. After it has been confirmed that a user is authorized to watch the specific program, the security device checks the origin and integrity of the control word and the access parameters before decrypting the control word and sending it to the descrambler.
  • the entitlement management function is associated with distributing the entitlements to the receivers. There are several kinds of entitlements matching the different means to “buy” a video program. These entitlements are also broadcasted as conditional access messages, called entitlement management messages (EMMs).
  • EMMs are used to convey entitlements or keys to users, or to invalidate or delete entitlements or keys.
  • the entitlement control functions and the entitlement management functions require the use of secret keys and cryptographic algorithms. For example, most modern conditional access systems utilize a smart card to store secret keys and to am cryptographic algorithms safely.
  • CA systems scramble and/or randomize transmitted data bits so that unauthorized decoders cannot decode the transmitted data bits.
  • Authorized decoders are delivered a key that initializes the circuit that inverts the data bit randomization.
  • scrambling may be associated with the pseudo-random inversion of data bits based on a key that is valid for a short period of time.
  • a key may also be transformed into an encrypted key in order to protect it from any unauthorized users. From a cryptographic point of view, this transformation of the key to an encrypted key is the only part of the system that protects the data from a highly motivated pirate or a hacker.
  • a CA system is usually associated with a system that implements key encryption and distribution of the encrypted key.
  • the general requirements that a CA system with scrambling and encryption functionality must meet for digital video delivery are as follows: protection against signal piracy, efficient scrambling, flexibility, variety of supported formats, and ease of implementation.
  • a CA system is also flexible as it may be exercised on an elementary stream-by-stream basis, including the ability to selectively scramble bit streams in a program, if it is desired. Further, various business formats, such as multi-channel services and billing schemes, may be supported with low operating costs, and a private encryption system may be used, for example, by each program provider that is part of the CA system.
  • a CA system with scrambling and encryption functionality may be implemented in standard consumer devices, which also ensures cost effective receivers.
  • FIG. 1 is a block diagram illustrating a conditional access system utilizing a conventional key ladder system.
  • the configuration of the CA system 100 in FIG. 1 has been recommended by International Telecommunications Union-Radiocommunication Sector (ITU-R).
  • ITU-R International Telecommunications Union-Radiocommunication Sector
  • FIG. 1 there is shown a block diagram of an exemplary conditional access system 100 , which may include a scrambler 102 , a descrambler 108 , encryptors 104 and 106 , decryptors 110 and 112 , a switch 115 , and a viewing enable/disable circuit 114 .
  • the compressed audio/video signal 116 may be scrambled by the scrambler 102 , utilizing a scrambling key Ks 118 , in order to obtain a scrambled broadcast signal 128 .
  • Program attribute information 120 may be encrypted by the encryptor 104 , utilizing a work key Kw 122 , to obtain the entitlement control messages 130 .
  • Program subscription information 124 may be encrypted by the encryptor 106 , utilizing a master key 126 , to obtain the entitlement management messages 132 .
  • the scrambling key Ks 118 determines the scrambling pattern. It is common to change the scrambling key at fixed intervals of time, such as every few seconds, to maintain a secure system. The scrambling key 118 must, therefore, be continuously transmitted to the subscriber's receiver. This is achieved in the CA system 100 by encrypting the scrambling key 118 by the encryptor 104 and transmitting it within the entitlement control messages 130 .
  • the ECM 130 may also include the program attribute information 120 .
  • the program attribute information 120 may be utilized, for example, for determining whether a subscriber is entitled to view a program on the basis of his or her subscription.
  • the ECM 130 is encrypted by the encryptor 104 before transmission, by utilizing the work key Kw 122 .
  • the work key 122 may be updated on a monthly or yearly basis.
  • the work key 122 is sent to the receiver through the entitlement management messages 132 , together with the subscription information 124 .
  • the subscription information 124 may also contain any subscription updates for the specific subscriber.
  • the EMM 132 may be transmitted out-of-hand utilizing other media like the Internet, telephone lines, a signaling network, or a smart card.
  • the EMM 132 Prior to transmission, the EMM 132 is encrypted by a master key Km 126 .
  • a master key is unique to each receiver and its security must be commonly managed among different broadcast operators that use the same type of receiver. This normally may be accomplished by setting up an organization for uniform key management. For example, in the CA system 100 illustrated in FIG. 1 , the content scrambling key 118 is protected by the work key 122 , which is in turn protected by the master key 126 .
  • This key protection “chain” is, sometimes, referred to as a key ladder.
  • the same key ladder is utilized in order to decrypt the necessary secure keys and scrambled broadcast audio/video signals 128 .
  • the master key 126 may be utilized with the decryptor 112 in order to decrypt the EMM 132 and the work key 122 .
  • the work key 122 is obtained as one of the outputs from the decryptor 112 .
  • the decrypted work key 122 may then be utilized by the decryptor 110 to decrypt the ECM 130 and the scrambling key 118 .
  • the scrambling key 118 is obtained as one of the outputs from the decryptor 110 .
  • the decrypted scrambling key 118 may then be utilized by the descrambler 108 to descramble the scrambled broadcast signal 128 and obtain the compressed audio/video output 140 .
  • Access to the compressed audio/video output 140 by a user is determined in accordance with the user's subscription information 124 and the program attribute information 120 .
  • the decryptor 112 decrypts the EMM 132 to obtain decrypted subscription information 125 .
  • the decryptor 110 decrypts the ECM 130 to obtain decrypted program attribute information 120 .
  • the viewing enable/disable module 114 receives the decrypted subscription information 125 and the decrypted program attribute information 121 and may then determine whether or not a user is entitled to receive the compressed audio/video output 140 .
  • the viewing enable/disable module 114 issues a control signal 134 activating the switch 115 . Once the switch 115 is activated, this allows for the decrypted scrambling key 118 to be entered into the descrambler 108 , which in turn allows for the descrambling of the compressed audio/video output 140 .
  • FIG. 2 is a block diagram illustrating secure key unwrapping in a conventional key ladder system.
  • the key ladder system 200 may comprise a one time programmable (OTP) memory 202 , a secure key generating module 204 and a key unwrapping module 206 .
  • the key unwrapping module 206 may comprise scramblers 208 , 210 , 212 and 214 .
  • Each of the scramblers 208 , 210 , 212 and 214 may utilize a symmetric encryption algorithm, for example a Data Encryption Standard (DES), a 3DES, or an Advanced Encryption Standard (AES) type of algorithm, in order to descramble an encrypted key input.
  • DES Data Encryption Standard
  • 3DES 3DES
  • AES Advanced Encryption Standard
  • the OTP memory 202 in the key ladder system 200 may be adapted to store a root key, for example a key such as the master key 126 in FIG. 1 .
  • the root key stored in the OTP memory 202 may be further protected by the secure key-generating module 204 .
  • the secure key-generating module 204 may comprise suitable logic, circuitry, and/or code that may be adapted to scramble, or otherwise further enhance the security of the root key stored in the OTP memory 202 .
  • the key unwrapping module 206 may be adapted to “unwrap,” or descramble, various application keys, for example, application key 1 , 228 , and application key 2 , 230 . In order to achieve this, the key unwrapping module 206 may utilize several encrypted keys, for example, encrypted key 1 , 216 , encrypted key 2 , 218 , encrypted key 3 , 220 , and encrypted key 4 , 222 .
  • the scrambled root key 205 may be utilized by the scrambler 208 in order to decrypt the encrypted key 1 , 216 , and obtain a decrypted key 224 .
  • the decrypted key 224 may comprise, for example, a work key.
  • the decrypted key 224 may be utilized by the scrambler 210 in order to decrypt encrypted key 2 , 218 , and obtain the decrypted key 226 .
  • the decrypted key 226 may comprise, for example, a scrambling key.
  • the decrypted key 226 may be utilized by the scrambler 212 in order to decrypt encrypted key 3 , 220 , and obtain the decrypted application key 1 , 228 .
  • the decrypted application key 228 may be utilized by the scrambler 214 in order to decrypt encrypted key 4 , 222 , and obtain the decrypted application key 2 , 230 .
  • Decrypted application keys 228 and 230 may be further utilized for various functions, for example, for copy protection of broadcast signals.
  • the key ladder in the key unwrapping module 206 may be adapted to have varying levels of protection by increasing the number of the encrypted keys and the corresponding scramblers, and by utilizing each previously decrypted application key in a subsequent decryption of a following encrypted key.
  • the key ladder may be utilized to “unwrap” a master key, a work key and a scrambling key.
  • the master key, work key and scrambling key may then be utilized to decrypt one or more application keys.
  • the key unwrapping module 206 may provide increasing level of protection by increasing the number of scramblers and encrypted keys, it may be difficult to determine whether or not the received encrypted keys in the key ladder system 200 of FIG. 2 have been manipulated by unauthorized parties.
  • the transmitting and/or the receiving party may need the ability to monitor such communication and obtain verification of the identity of the other party, and of the integrity and origin of the encrypted data that was transmitted.
  • security keys may be generated either on the transmit or the receive side of a fee-based video broadcasting system.
  • the generated security keys may be utilized in the encryption/decryption of other keys, for example.
  • the security key may be paired with address information of the destination module it is intended for.
  • the security key data path from generation, distribution and use by a destination module may be susceptible to security breach since the only pairing used is the addressability of the security key to the destination module.
  • Certain embodiments of the invention may be found in a system and method for security key transmission with strong pairing to destination client. Aspects of the method may include pairing a rule with a security key and its associated address, and sending the rule along with the security key and the associated address to a destination.
  • the rule may define permissible usage by a destination module defined by the associated address and may comprise a command word, which may be implemented by a data structure.
  • the data structure may be associated with a permissible algorithm type, a security key size, and/or a security key source.
  • a failure report may be received from the destination if the sent rule is violated.
  • the security key may be generated by an on-chip key generator, an off-chip device, and/or software.
  • the rule along with the security key and the associated address, may be serially transmitted to one or more destinations.
  • the rule may be compared with an algorithm configuration at the at least one destination. If the rule does not match the algorithm configuration, an error message may be generated by the destination. If the rule does not match the algorithm configuration, the security key may be invalidated by the destination.
  • Another aspect of the invention may provide a machine-readable storage, having stored thereon, a computer program having at least one code section executable by a machine, thereby causing the machine to perform the steps as described above for security key transmission with strong pairing to a destination client.
  • a system for security key transmission with strong pairing to a destination client may include a rule paired with a security key and its associated address, and a serializer that sends the rule along with the security key and the associated address to at least one destination.
  • the rule may define permissible usage by a destination module defined by the associated address and may comprise a command word.
  • a data structure may be utilized to define various attributes of the command word. The data structure may be associated with a permissible algorithm type, a security key size, and/or a security key source.
  • a failure report may be received from the destination if the sent rule is violated.
  • a generator comprising an on-chip key generator, an off-chip device, and/or software, may be used to generate the security key.
  • the serializer may serially transmit the rule along with the security key and the associated address to the at least one destination.
  • a destination module processor may compare the rule with an algorithm configuration at the at least one destination. If the rule does not match the algorithm configuration, the destination module processor may generate an error message and may invalidate the security key.
  • FIG. 1 is a block diagram illustrating conditional access system utilizing a conventional key ladder system.
  • FIG. 2 is a block diagram illustrating secure key unwrapping in a conventional key ladder system.
  • FIG. 3 is a block diagram illustrating secure key unwrapping and signature verification system, in accordance with an embodiment of the present invention.
  • FIG. 4A is a block diagram of an exemplary system for secure key generation, secure key signing and secure key encryption, in accordance with an embodiment of the present invention.
  • FIG. 4B is a block diagram of an exemplary system for secure key decryption and secure key signature verification, in accordance with an embodiment of the present invention.
  • FIG. 5 is a block diagram of an exemplary system for security key generation and transmission with strong pairing to destination client, in accordance with an embodiment of the present invention.
  • FIG. 6 is a block diagram illustrating exemplary security architecture in an application specific integrated circuit (ASIC) utilizing the security key generation and transmission system of FIG. 5 , for example, in accordance with an embodiment of the present invention.
  • ASIC application specific integrated circuit
  • FIG. 7 is a flow diagram of a method for security key transmission with strong pairing to destination client, in accordance with an embodiment of the present invention.
  • a generated security key may be associated only with an address indicating the destination module that will utilize the security key. Strong pairing may be achieved by pairing the security key and its associated address with a security command, and subsequently transmitting the security key together with the security command and the associated address to a destination module. The security command may then be utilized by the destination module to ascertain the authenticity of the security key and compliance with applicable pairing rules.
  • a security key may be generated by an on-chip key generator, an off-chip device, and/or software.
  • a rule may then be paired with the security key and an address associated with the security key.
  • the rule may define permissible usage by a destination module, which is defined by the associated address.
  • the rule may comprise a command word, which may be implemented using a data structure associated with a permissible algorithm type, a security key size, and/or a security key source.
  • the rule, the security key and the address may be transmitted to the destination module where the rule may be compared with an algorithm configuration.
  • an error message may be generated by the destination module, and the security key may be invalidated. Strong pairing, therefore, may be achieved for the entire security key data path, including generation, distribution and use by a destination module, by pairing a rule (or a security word) with a security key and its corresponding address associated with a destination module.
  • FIG. 3 shows a block diagram illustrating a secure key unwrapping and signature verification system, in accordance with an embodiment of the present invention.
  • the key ladder system 500 may comprise a one time programmable (OTP) memory 502 , a secure key generating module 504 and a key unwrapping and signature verification module 506 .
  • OTP one time programmable
  • the key unwrapping and signature verification module 506 may be adapted to “unwrap”, or descramble, various application keys, for example, application key 1 , 528 , and application key 2 , 530 .
  • the key unwrapping and signature verification module 506 may utilize several encrypted and signed keys, for example, encrypted and signed key 1 , 516 , encrypted and signed key 2 , 518 , encrypted and signed key 3 , 520 , and encrypted and signed key 4 , 522 .
  • the encrypted and signed keys 516 , 518 , 520 and 522 may have been initially signed by a transmitting entity utilizing an asymmetric encryption algorithm, such as a public key algorithm, for example a Rivest-Shamir-Adleman (RSA), a Digital Signature Algorithm (DSA), or an Elliptic Curve Cryptography (ECC) type of algorithm.
  • asymmetric encryption algorithm such as a public key algorithm, for example a Rivest-Shamir-Adleman (RSA), a Digital Signature Algorithm (DSA), or an Elliptic Curve Cryptography (ECC) type of algorithm.
  • the signed keys may then have been encrypted utilizing a symmetric encryption algorithm, such as a DES, a 3DES, or an AES type of algorithm.
  • the key unwrapping and signature verification module 506 may comprise scrambler and signature verifiers 508 , 510 , 512 and 514 .
  • Each of the scrambler and signature verifiers 508 , 510 , 512 and 514 may comprise suitable logic, circuitry and/or code that may be adapted to utilize a symmetric encryption algorithm, for example a DES, a 3DES, or an AES type of algorithm, in order to descramble an encrypted signed key input.
  • Each of the scrambler and signature verifiers 508 , 510 , 512 and 514 may also be adapted to utilize a public key algorithm, for example an RSA, a DSA, or an EC type of algorithm, in order to verify a decrypted signed key.
  • a public key algorithm for example an RSA, a DSA, or an EC type of algorithm
  • the OTP memory 502 in the key ladder system 500 may be adapted to store a root key, for example a master key.
  • the root key stored in the OTP memory 502 may be further protected by the secure key-generating module 504 .
  • the secure key-generating module 504 may comprise suitable logic, circuitry and/or code that may be adapted to scramble, or otherwise further enhance the security of the root key stored in the OTP memory 502 .
  • the scrambled root key 505 may be utilized by the scrambler and signature verifier 508 in order to decrypt, and verify the signature of, the encrypted and signed key 1 , 516 .
  • the generated decrypted key 524 may be verified.
  • the decrypted and verified key 524 may comprise, for example, a work key.
  • the decrypted and verified key 524 may be utilized by the scrambler 510 in order to decrypt, and verify the signature of, encrypted and signed key 2 , 518 , and to obtain the decrypted and verified key 526 .
  • the decrypted and verified key 526 may comprise, fir example, a scrambling key.
  • the decrypted and verified key 526 may be utilized by the scrambler 512 in order to decrypt, and verify the signature of, encrypted and signed key 3 , 220 , and to obtain the decrypted and verified application key 1 , 528 .
  • the decrypted and verified application key 528 may be utilized by the scrambler 514 in order to decrypt, and verify the signature of, encrypted and signed key 4 , 522 , and to obtain the decrypted and verified application key 2 , 530 .
  • Decrypted and verified application keys 528 and 530 may be further utilized for various functions, for example, for copy protection of broadcast signals.
  • the key ladder in the key unwrapping and signature verification module 506 may be adapted to have varying levels of protection by increasing the number of the encrypted and signed keys and the corresponding scramblers, and by utilizing each previously decrypted and verified application key in a subsequent decryption of a following encrypted and signed key.
  • the key ladder may be utilized to “unwrap” a signed and encrypted master key, a signed and encrypted work key and a signed and encrypted scrambling key.
  • the master key, work key and scrambling key may then be utilized to decrypt one or more application keys.
  • strong pairing may be utilized in the secure key unwrapping and signature verification system 500 . More specifically, strong pairing may be utilized along the security key datapath from the (YIP memory 502 , where root keys are stored, up until application keys 528 and 530 are generated in the key unwrapping and signature verification module 506 .
  • FIG. 4A illustrates a block diagram of an exemplary system for secure key generation, secure key signing and secure key encryption, in accordance with an embodiment of the present invention.
  • the exemplary system 600 may comprise a key table 602 , a transmit server database 612 , a key signing module 614 , an input register 616 , a secure master key generating module 604 , a selector 606 , an encryptor 608 , and intermediate destination registers 610 .
  • the transmit server database 612 may comprise suitable logic, circuitry and/or code that may be adapted to generate a plurality of secure keys, for example, master decryption keys 618 .
  • Master decryption keys 618 may comprise a master key K 1 ′ 620 and master key K 2 ′ 622 .
  • the master decryption keys 618 may be utilized in the encryption and decryption of one or more secure keys, for example, a work key and/or a scrambling key.
  • the master decryption keys 618 may be stored in a key table 602 .
  • Each of the master decryption keys 620 and 622 may comprise a fixed number of bits.
  • master decryption keys 620 and 622 may each occupy two M-bit cells in the key table 602 .
  • the key table 602 may be part of a random access memory (RAM), such as a DRAM or SRAM, for example.
  • the key table 602 may also be adapted to store a plurality of master decryption keys.
  • the master decryption keys 618 may be sent to the secure master key generating module 604 .
  • the secure master key generating module 604 may comprise suitable logic, circuitry and/or code that may be adapted to further enhance the security of master decryption keys K 1 ′ 620 and K 2 ′ 622 .
  • the secure master key generating module 604 may comprise an encryptor or a scrambler.
  • the secure master key generating module 604 may enhance the security of master decryption keys K 1 ′ 620 and K 2 ′ 622 , and may generate a secure master decryption key K 1 624 and a secure master decryption key K 2 626 .
  • the transmit server database 612 may also generate a plurality of secure keys 636 , which may be communicated from the transmit server database 612 to the key signing module 614 .
  • the key-signing module 614 may comprise suitable logic, circuitry and/or code that may be adapted to “sign” the secure keys 636 and generate signed secure keys 638 .
  • the key-signing module may utilize a symmetric encryption algorithm and/or an asymmetric encryption algorithm to generate the signed secure keys 638 .
  • the signed secure keys 616 may then be stored in an input register 616 , prior to being communicated to the encryptor 608 .
  • the selector 606 may comprise suitable logic, circuitry and/or code that may be adapted to select from one or more inputs and generate one or more outputs.
  • the selector 606 may be a 2:1 selector and may generate three outputs from any two received inputs.
  • the secure master decryption keys 624 and 626 may be utilized by the selector 606 as inputs to generate an output with the secure master decryption key 624 selected twice and the secure master decryption key 626 selected once.
  • the encryptor 608 may comprise suitable logic, circuitry and/or code that may be adapted to encrypt any of the signed secure keys 638 .
  • the encryptor 608 may comprise a 3DES-Encrypt-Decrypt-Encrypt (EDE) or Decrypt-Encrypt-Decrypt (DED) encryption engine.
  • EEE 3DES-Encrypt-Decrypt-Encrypt
  • DED Decrypt-Encrypt-Decrypt
  • the encryptor 608 may utilize the secure master decryption key output from the selector 606 and encrypt the signed secure keys 638 to obtain encrypted and signed keys 632 .
  • the encrypted and signed keys 632 may be copied to intermediate destination registers 610 and may be subsequently utilized by the selector 606 and the encryptor 608 for encryption of subsequent signed secure keys 638 .
  • the secure master decryption keys 624 and 626 may be utilized by the selector 606 and the encryptor 608 only once, for the encryption of a first pair of signed secure keys received by the encryptor 608 .
  • the resulting encrypted and signed secure keys 628 and 630 may be stored in intermediate destination registers 610 prior to their utilization by the selector 606 and the encryptor 608 for the encryption of a second, subsequent pair of signed secure keys.
  • the secure key ladder protection increases since the number of generated encrypted and signed keys 632 increases.
  • the encrypted and signed keys 632 may be transmitted from an output location 634 .
  • strong pairing may be utilized in the exemplary system 600 for secure key generation, secure key signing and secure key encryption. More specifically, strong pairing may be utilized along the security key data path from the moment security keys are generated by the transmit server database 612 , or the secure master key generating module 604 , until encrypted and signed security keys are transmitted out from the output location 634 .
  • the exemplary system for secure key decryption and secure key signature verification 650 may comprise a one-time programmable non-volatile memory (OTP NVM) 652 , a secure master key generating module 654 , a CPU 653 , an input register 672 , a selector 656 , a decryptor 658 , an input register 660 , a signature verification module 662 , an intermediate destination register 664 , a switch 668 and final destination registers 670 .
  • OTP NVM one-time programmable non-volatile memory
  • the OTP NVM 652 may comprise a random access memory (RAM), such as a DRAM or SRAM, for example.
  • the OTP NVM 652 may be adapted to store, for example, read-only data 674 , keys 676 , and an enable bit 678 .
  • the keys 676 may comprise master decryption keys 681 and 680 .
  • the master decryption keys 681 and 680 may each occupy, for example, an even number of bits in the OTP NVM 652 . More specifically, the master decryption keys 680 and 681 may each occupy two M-bit cells in the OTP NVM 652 .
  • the read-only data 674 of the OTP NVM 652 may comprise chip identification information and other read-only information that may be accessed by the CPU 653 .
  • the CPU 653 may be, for example, a microprocessor, a microcontroller or other type of processor.
  • the master decryption keys 680 and 681 may be sent to the secure master key generating module 654 .
  • the secure master key generating module 654 may comprise suitable logic, circuitry and/or code that may be adapted to further enhance the security of the master decryption keys 680 and 681 .
  • the secure master key generating module 654 may comprise an encryptor, or a scrambler, that may receive master decryption keys 682 as input.
  • Master decryption keys 682 may comprise master decryption key 680 and master decryption key 681 .
  • the secure master key generating module 654 may enhance the security of master decryption key 680 and master decryption key 681 and may generate a secure master decryption key K 1 683 and secure master decryption key K 2 684 .
  • the selector 656 may comprise suitable logic, circuitry and/or code that may be adapted to select from one or more inputs and generate one or more outputs.
  • the selector 656 may be, for example, a 2:1 selector and may generate three outputs from any two received inputs.
  • the secure master decryption keys K 1 and K 2 , 683 and 684 respectively may be utilized by the selector 656 as inputs to generate an output.
  • the secure master decryption key 683 may be selected twice and the secure master decryption selected once.
  • the secure key decryption and secure key signature verification system 650 may be adapted to receive encrypted and signed keys 646 .
  • the encrypted and signed keys 646 may be generated, for example, by a secure key generation, secure key signing and secure key encryption system, such as the system illustrated on FIG. 6A .
  • the encrypted and signed keys 646 may be stored in an input register 672 .
  • the encrypted and signed keys 646 may then be transmitted to the decryptor 658 .
  • the encrypted and signed keys 646 may comprise multiples of 64-bits, for example, and may include at least one of an encrypted key, a key destination and/or a key signature.
  • the decryptor 658 may comprise suitable logic, circuitry and/or code that may be adapted to decrypt any of the encrypted and signed keys 646 .
  • the encryptor 658 may comprise a 3DES-Encrypt-Decrypt-Encrypt (EDE) and/or Decrypt-Encrypt-Decrypt (DED) decryption engine.
  • EEE 3DES-Encrypt-Decrypt-Encrypt
  • DED Decrypt-Encrypt-Decryption engine.
  • the decryptor 658 may utilize the secure master decryption keys K 1 and K 2 , 683 and 684 respectively, generated as an output of the selector 656 .
  • the decryptor 658 generates as output unwrapped decrypted keys 688 and signature bytes 690 .
  • the unwrapped decrypted keys 688 may be communicated to the intermediate destination registers 664 , and may subsequently be utilized by the selector 656 and the decryptor 658 for decryption of subsequent encrypted and signed keys 646 .
  • the secure master decryption key K 1 683 and the secure master decryption key K 2 684 may be utilized by the selector 656 and the decryptor 658 only once, for the decryption of a first pair of encrypted and signed keys 646 that may be received by the decryptor 658 .
  • the resulting unwrapped decrypted keys K 1 686 and K 2 685 may be stored in the intermediate destination registers 664 .
  • the unwrapped decrypted keys 685 and 686 may then be utilized by the selector 656 and decryptor 658 for the decryption of a second subsequent pair of encrypted and signed keys 646 that may be received by the decryptor 658 .
  • This loop process may continue until all encrypted and signed keys of the received key ladder are unwrapped and decrypted.
  • the signature bytes 690 of each of the encrypted and signed keys are generated as output from the decryptor 658 .
  • the signature bytes 690 may then be entered into the signature verification module 652 .
  • the signature verification module 652 may comprise suitable logic, circuitry and/or code but may be adapted to verify the authenticity of the signature bytes 690 .
  • the signature verification module 662 may utilize an asymmetric encryption algorithm, such as a public key encryption algorithm, in order to verify the received signature bytes 690 .
  • a verification key 687 may be loaded by the CPU 653 .
  • a verification key 687 may comprise for example, a public key that may be utilized to verify the signature 690 .
  • the verification key 687 may be initially stored in an input register 660 .
  • the signature verification module 662 may utilize the verification key (public key) 687 in order to verify the received signature 690 .
  • an enabled/disabled signal 691 may be generated by the signature verification module 662 .
  • the enabled/disabled signal 691 may then be communicated to the switch 668 .
  • the switch 668 may receive the unwrapped decrypted key 688 and may allow, or reject, a further transmission of the unlocked decrypted keys 688 through the final destination registers 670 . If the command 691 comprises an enable command, the unwrapped decrypted key 688 may be transmitted to the final destination registers 670 for any further processing. If the command 691 comprises a disable command, then the unwrapped decrypted keys 688 may not be transmitted to the final destination registers 670 . A disable command 691 may be generated, for example, if the signature verification module 690 ascertains that the signature 690 is not verified.
  • the signature 690 may be unverifiable if, for example, the encrypted and signed keys 646 had been manipulated by an attacker during their transmission to the secure key decryption and secure key verification system 650 . Verification of the signature 690 by the signature verification module 662 may be enabled or disabled with the help of the enable bit 678 .
  • the bit 678 may comprise a multi-stage programming (MSP) bit. For example, an enable bit 678 may be set to a predetermined value so that the signature verification module 662 is activated and the signature 690 may be verified.
  • MSP multi-stage programming
  • cryptography algorithms may be utilized to encrypt and/or decrypt data.
  • security keys may be utilized to enhance the authentication process.
  • a strong pairing may exist between the various keys and the destination modules where the keys may be used. This strong pairing may be utilized to add more security and authenticity in the transmission of a security key to the destination module associated with the key.
  • strong pairing may be utilized in the secure key decryption and secure key verification system 650 . More specifically, strong pairing may be utilized along the security key data path from the moment security keys are received by the input register 672 , or generated by the secure master key generating module 654 , until unwrapped and decrypted keys are communicated to the final destination registers 670 .
  • FIG. 5 is a block diagram of an exemplary system 700 for security key generation and transmission with strong pairing to destination client, in accordance with an embodiment of the present invention.
  • the system 700 may comprise an internal key generator 701 , an external key generator 703 , a security key sequence 705 , and a destination module 715 .
  • the security key sequence 705 may comprise a security key 707 , which may be paired with a security command 709 and a destination address 711 .
  • the internal key generator 701 may be disposed within a circuit utilizing a security key, such as an application specific integrated circuit (ASIC), for example, and may comprise suitable logic, circuitry and/or code that may be adapted to generate security keys.
  • ASIC application specific integrated circuit
  • the external key generator 703 may be disposed outside the circuit utilizing a generated security key, for example, and may comprise suitable logic, circuitry and/or code that may be adapted to generate security keys.
  • a security key 707 may be generated by the internal key generator 701 or by the external key generator 703 .
  • the generated security key 707 may be associated with a destination address 711 indicating the destination module 715 .
  • the key 707 and its associated destination address 711 may be paired with the security command 709 to form the security key sequence 705 .
  • the security command may comprise a rule, where the rule may be associated with characteristics of the destination module 715 , for example. More specifically, the security command 709 may relate to attributes and/or permissible usages of the security key 707 that may be transmitted along with it.
  • the security command 709 may include encryption/decryption method for which the security key 707 may be used, the size of the security key 707 , and/or information on the method used to calculate the security key 707 .
  • the transmission bus 713 may comprise a serial transmission bus, for example.
  • multiple destination modules may receive a security key sequence, such as the security key sequence 705 , and it may be determined on the basis of the security command within the security key sequence which destination module is to process the received security key.
  • Strong pairing between the source of the security key 707 and the destination module 715 may be achieved by the pairing of the security key 707 and the destination address 711 with the security command 709 prior to communicating the security key sequence 705 to the destination module 715 .
  • the pairing of the security key 707 with destination-related characteristics indicated by the security command 709 may provide a strong pairing for the entire security key data path in the system 700 , from generation of the security key 707 , distribution (communication) of the security key 709 , and use of the security key 707 by the destination module 715 .
  • FIG. 6 is a block diagram illustrating exemplary security architecture in an application specific integrated circuit (ASIC) utilizing the security key generation and transmission system of FIG. 5 , for example, in accordance with an embodiment of the present invention.
  • the ASIC 832 may comprise a CPU 834 , a transport core 802 , and external security clients 821 , 823 , and 825 .
  • the external security clients 821 , 823 , and 825 may comprise deserializers 832 , 834 , and 836 , respectively.
  • the transport core 802 may comprise a security top 804 and internal security clients 808 , 810 , and 812 .
  • the internal security clients 808 , 810 , and 812 may comprise deserializers 826 , 828 , and 830 , respectively.
  • the security top 804 may comprise a transport key serializer 807 , an internal key generator 801 , a register control 806 , a key route and control logic 805 , an external key interface 803 , and key serializers 811 , 813 , and 815 .
  • a set-top box may comprise an ASIC, such as the ASIC 832 , and the ASIC may be adapted to utilize a security key generation and transmission system, such as the security key generation and transmission system of FIG. 7 , to achieve strong pairing with a destination client.
  • the ASIC 832 may comprise suitable logic, circuitry and/or code and may be adapted to handle audio/video satellite or terrestrial data, storing such data on disk, and/or displaying such data on a monitor, such as a television monitor.
  • the transport core 802 within the ASIC 832 may comprise suitable logic, circuitry and/or code adapted to pre-process audio/video data received from an ASIC interface, for example, or from a source such as memory (e.g., data retrieved from memory).
  • the security top 804 within the transport core 802 may be adapted to perform security key calculation functions inside the transport core 802 , such as any functions necessary to achieve strong pairing between a security key and a destination module.
  • the internal key generator 801 may comprise suitable logic, circuitry and/or code and may be adapted to generate security keys. Security keys may also be generated by a key generator outside the ASIC 832 and may then be communicated to the external key interface 803 via the connection 804 .
  • the key serializers 807 , 811 , 813 , and 815 may comprise suitable logic, code and/or circuitry for pairing a security key and its associated destination module address with a security command to form a security key sequence, and subsequently transmitting the prepared security key sequence.
  • the key serializer 811 may be adapted to transmit a 256-bit security key and the security key may be calculated 32 bits at a time.
  • the key serialize 811 therefore, may be adapted to hold all intermediate 32-bit portions until the entire 256-bit security key is available and ready for transmission.
  • the address portion in each security key sequence may be configured via register writes from the CPU 834 .
  • the CPU register writes may be communicated to the key serializer 811 via the register control 806 .
  • the security command within a security key sequence prepared by a key serializer may be determined by either CPU register writes, or by hardcoding of values based on the way the security key was calculated or generated. When a segment of the security command is hardcoded, a register write may not be utilized to specify the value of that segment. For example, if a security key has been received externally via the external key interface 803 , two bits in the security key command may be hardcoded to indicate the source of the security key, i.e.; an external source.
  • the key serializers 807 , 811 , 813 , and 815 may utilize security keys generated by the internal key generator 801 or security keys received externally via the connection 804 and the external key interface 803 .
  • the key serializers 807 , 811 , 813 , and 815 may be separated according to the security clients that they may be adapted to service.
  • the external security clients 821 , 823 , and 825 may be involved in different operations—the external security client 821 may operate a specific software, for example, related to disk drive operation, and the external security clients 823 and 825 may be involved in different operations, which may not require sharing of a key serializer resources. Therefore, for ease of software implementation, for example, each of the security clients 821 , 823 , and 825 may utilize its own key serializer, 811 , 813 , and 815 , respectively.
  • a key serializer may be shared by several deserializers.
  • a destination address field may be utilized to specify an intended destination of a key.
  • a destination address may also be utilized in a configuration where one key serializer may be connected to only one key deserializer.
  • the key serializer 807 may be implemented as a plurality of separate serializers, and the key serializers 811 , 813 , and 815 may be implemented as a single serializer, for example.
  • a security command word may be utilized to invalidate a key transmitted in a prior event.
  • a security command and an address may be specified.
  • a transmission may be received by a key deserializer, and may be utilized to invalidate a key that may have already been transmitted to the deserializer.
  • Each of the security clients 808 , 810 , 812 , 821 , 823 , and 825 may be utilized for encrypting and/or decrypting of data.
  • each of the security clients 808 , 810 , 812 , 821 , 823 , and 825 may comprises key deserializers 826 , 828 , 830 , 832 , 834 , and 836 , respectively.
  • the key deserializers may comprise suitable logic, circuitry and/or code and may be adapted to receives a security key sequence transmission from a key serializer, and to recover (separate) the security key and the corresponding security command (or rule).
  • the security client may examine the security command and may determine the way the security key may be utilized and which destination module associated with the security client may utilize it. For example, a destination module associated with a security client may be adapted to utilize only internally generated security keys (i.e., security keys generated by the internal key generator 801 , for example). If the security command indicates, for example, that the deserialized security key was calculated using an external key generator, the security client may then indicate that the received security key may not be utilized. In this way, strong pairing between the security key and the destination module may be accomplished.
  • Security clients within the ASIC 832 may be divided into internal security clients and external security clients.
  • the internal security clients 808 , 810 , and 812 may be utilized for destination modules within the transport core 802
  • the external security clients 821 , 823 , and 825 may be utilized for destination modules outside the transport core 802 .
  • the internal security clients 808 , 810 , and 812 may be utilized for decrypting received data from a content provider, for example. Encrypted data may be received from a satellite or from a terrestrial cable connection, for example. In this way, the internal security clients 808 , 810 , and 812 may be utilized for the initial decryption of data received by the ASIC 832 . In addition, the internal security clients 808 , 810 , and 812 may be utilized for receiving/transmitting security keys that may be required by destination modules within the transport core 802 .
  • the ASIC 832 may utilize multiple internal security clients in order to handle several encrypted data streams. For example, internal security clients 808 and 810 may be utilized to decrypt two encrypted video streams received by the ASIC 832 , and the internal security client 812 may be utilized for decrypting a received audio stream.
  • the external security clients 821 , 823 , and 825 may be utilized in connection with destination modules that are outside of the transport core 802 .
  • Each of the external security clients 821 , 823 , and 825 may be adapted to store more than one security key for different operations.
  • a security key table may be associated with each external security client.
  • the destination module address portion of each deserialized security key sequence may be used to determine which part of the key table, or which destination module, to populate with the received security key transmission.
  • the external security clients 821 , 823 , and 825 may also be utilized for any other encryption and/or decryption operation that may be required after received data is decrypted.
  • a decrypted data may be stored into memory, how it may be stored on a hard disk, and how it may be transmitted over a network. For example, a subsequent encryption may be required prior to storing into memory, storing on a hard drive, or transmitting over a network. All such requirements related to the handling of data may be implemented via the security command transmitted together with the security key.
  • external security clients 821 , 823 , and 825 By utilizing the external security clients 821 , 823 , and 825 , rather than the internal security clients 808 , 810 , and 812 , hardware resources utilized to transmit a security key within the ASIC 832 may be minimized. In this way, because of decreased physical distance between the external security clients 821 , 823 , and 825 , and other blocks within the ASIC 832 , security key handling may be more efficient.
  • the external security clients 821 , 823 , and 825 may also be utilized for additional system applications, for example, if decrypted data has to be stored on a disk. An external security client may then be utilized to encrypt data prior to storage.
  • Each of the security clients within the ASIC 832 , internal or external security clients may have a different usage for a security key, and its associated security command, that have been calculated for it.
  • the key route and control logic 805 may be coupled to the internal key generator 801 and the external key interface 803 , and may comprise suitable logic, circuitry and/or code for calculating security keys that are available for use. For example, a set of rules may be associated with the permissible ways to use security keys received from the internal key generator 801 or the external key interface 803 , and a set of rules determining which destination module security keys may be sent to depending on the way the security key was generated. For example, the key route and control logic 805 may determine which key serializer within the ASIC 832 may be utilized for a specific key obtained from the external key interface 804 .
  • the key route and control logic 805 may also provide storage for intermediate results generated by the internal key generator 801 or the external key interface 803 in the security key generation process.
  • the key route and control logic 805 may receive status signals back from the key serializers 807 , 811 , 813 , and 815 .
  • serializer may be in the process of transmitting a security key. During the transmission process, the serializer may also transmit a status message informing the key route and control logic 805 that a new security key may not be currently transmitted. After the serializer completes transmission of the security key, a signal may be sent back to the key route and control logic 805 indicating availability to receive anew key for transmission.
  • the register control 806 may be coupled to the CPU 834 and may comprise suitable logic, circuitry and/or code adapted to configure the internal key generator 801 , the external key interface 803 and the key route and control logic 805 to properly complete a security key generating and serializing operation.
  • the register control 806 may configure the operation of the internal key generator 801 before an operation is done. It may also be utilized to initiate generation of a new key.
  • the register control 806 may be coupled to the CPU 834 inside the ASIC 832 , and it may execute instructions on behalf of the CPU 834 for generation of a security key, or an intermediate security key used for subsequent security key generation, for example.
  • the CPU 834 may provide the address portion of a security key sequence which may then be utilized by a security key serializer.
  • a security key may be generated by the internal key generator 801 .
  • a security key may also be generated by a source external to the ASIC 832 and then made available to the ASIC 832 via an interface, for example, the external key interface 803 and the communication path 804 .
  • the security key may be assembled via the key route and control logic 805 and may then be distributed to the appropriate destinations via a specialized security key transmission bus, utilizing the transport key serializer 807 , and/or key serializers 811 , 813 , and/or 815 .
  • the key serializers 807 , 811 , 813 , and 815 may be utilized to pair the security key and its associated destination module address with a security command to obtain a security key sequence.
  • the key serializers 807 , 811 , 813 , and 815 may then communicate the security key sequence to an internal security client, such as clients 808 , 810 , and 812 , and/or an external security client, such as clients 821 , 823 , and 825 .
  • the key serializers 811 , 813 , and 815 may comprise, for example, a MEM-MEM key serializer, a MEM-IDE key serializer, and/or a HDMI key serializer.
  • the external security clients 821 , 823 , and 825 may comprise, for example, a MEM-MEM, a MEM-IDE, and/or a HDMI security clients.
  • strong pairing between a security key and a destination may be achieved by pairing a security command (or a data-structure) with the security key and its associated security address to form a security key sequence.
  • the security key sequence may then be transmitted to a destination client.
  • the destination module may then utilize the security key and proceed based on control information contained in the attached data-structure.
  • the data structure may comprise control information, such as, for example, the algorithm type associated with the destination module, size of the security key, and source of the security key.
  • a destination module may compare the attached security command (or data-structure) with the selected algorithm configuration. If the algorithm configuration does not match with the security key data-structure, the destination module may report an error and/or initiate an action. For example, the destination module may report corruption of data, and/or initiate an action to resolve the corrupted data.
  • a security key, its associated destination module address, and the tagged security command (or data-structure) may be transmitted serially to the destination module via a specialized serial bus.
  • FIG. 7 is a flow diagram of a method 900 for security key transmission with strong pairing to destination client, in accordance with an embodiment of the present invention.
  • a security key may be generated.
  • a security key may be generated by an internal key generator on a chip, and/or by an external key generator outside the chip utilizing security key transmission with strong pairing.
  • a security key may be associated with a destination module address indicating a destination module within or outside the chip.
  • the generated security key and its associated destination module address may be paired with a rule.
  • the rule may comprise a security command and/or a data-structure.
  • the rule may be distributed to a destination module.
  • the rule may be compared with an algorithm configuration at the destination module.
  • it may be determined whether the rule has been violated, if the rule has been violated, at 911 , a failure report may be received from the destination module.
  • the security key may be invalidated by the destination module. If the rule has not been violated, at 915 , the security key may be utilized by the destination module.
  • the present invention may be realized in hardware, software, or a combination of hardware and software.
  • the present invention may be realized in a centralized fashion in at least one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other apparatus adapted for carrying out the methods described herein is suited.
  • a typical combination of hardware and software may be a general-purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.
  • the present invention may also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which when loaded in a computer system is able to carry out these methods.
  • Computer program in the present context means any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: a) conversion to another language, code or notation; b) reproduction in a different material form.

Abstract

Systems and methods for security key transmission with strong pairing to a destination client are disclosed. A security key may be generated by an on-chip key generator, an off-chip device, and/or software. A rule may then be paired with the security key and an address associated with the security key. The rule may define permissible usage by a destination module, which is defined by the associated address. The rule may comprise a command word, which may be implemented using a data structure associated with a permissible algorithm type, a security key size, and/or a security key source.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS/INCORPORATION BY REFERENCE
  • This application is a continuation of U.S. application Ser. No. 10/871,120, filed on Jun. 18, 2004. This application also makes reference to, claims priority to, and claims the benefit of U.S. Provisional Application Ser. No. 60/542,585, filed Feb. 5, 2004 and entitled “A Method of Security Key Transmission with Strong Pairing to Destination Client.”
  • The complete subject matter of the each of the above-referenced United States patent applications is hereby incorporated herein by reference, in its entirety.
    • BACKGROUND OF THE INVENTION
  • The implementation of fee-based video broadcasting requires a conventional conditional access (CA) system to prevent non-subscribers and unauthorized users from receiving signal broadcasts. Cryptography algorithms may be utilized, for example, in content protection in digital set-top box systems and in other systems utilized in fee-based video broadcasting. Security keys may, therefore, play a significant part in the encryption and/or decryption process initiated by a cryptography algorithm. For each cryptography algorithm used in a tee-based video broadcasting system, there may be a set of associated security keys that may be needed by the algorithm. In a typical set-top box System-on-Chip integrated circuit, for example, depending on the security sub-system within the circuit, the security key generation, and the destination module that uses the security key may be far apart within a chip. For example, a security key generation module may not be within the same design block as the destination module that utilizes the security key. The distance between the security key generation module and the destination module may require a special bus to transmit the security key to the appropriate destinations, which may decrease the speed and efficiency of the circuit. The addressability of the key to the destination module is currently the only known pairing between a security key generation module and a security key destination module.
  • A complete CA system usually includes three main functions: a scrambling/descrambling function, an entitlement control function, and an entitlement management function. The scrambling/descrambling function is designed to make the program incomprehensible to unauthorized receivers. Scrambling may be applied commonly or separately to the different elementary stream components of a program. For example, the video, audio and data stream components of a TV program may be scrambled in order to make these streams unintelligible. Scrambling may be achieved by applying various scrambling algorithms to the stream components. The scrambling algorithm usually utilizes a secret key, called a control word. Once the signal is received, the descrambling may be achieved by any receiver that holds the secret key or the control word, used by the scrambling algorithm prior to transmission. Scrambling and descrambling operations, in general, do not cause any impairment on the quality of the signals. The commonly used algorithms for scrambling digital data in CA systems are symmetric key ciphers. The control word used by the scrambling algorithm is a secret parameter known only by the scrambler and the authorized descramblers. In order to preserve the integrity of the encryption process, the control word has to be changed frequently in order to avoid any exhaustive searches by an unauthorized user, which is intended to discover the control word.
  • The rights and associated keys needed to descramble a program are called entitlements. The entitlement control function provides the conditions required to access a scrambled program together with the encrypted secret parameters enabling the signal descrambling process for the authorized receivers. This data is broadcasted as conditional access messages, called entitlement control messages (ECMs). The ECMs carry an encrypted form of the control words, or a means to recover the control words, together with access parameters, such as identification of the service and of the conditions required for accessing this service. Upon receipt of an ECM, the receiver transmits the encrypted control word and the access characteristics to the security device, for example, a smart card. After it has been confirmed that a user is authorized to watch the specific program, the security device checks the origin and integrity of the control word and the access parameters before decrypting the control word and sending it to the descrambler.
  • The entitlement management function is associated with distributing the entitlements to the receivers. There are several kinds of entitlements matching the different means to “buy” a video program. These entitlements are also broadcasted as conditional access messages, called entitlement management messages (EMMs). The EMMs are used to convey entitlements or keys to users, or to invalidate or delete entitlements or keys. The entitlement control functions and the entitlement management functions require the use of secret keys and cryptographic algorithms. For example, most modern conditional access systems utilize a smart card to store secret keys and to am cryptographic algorithms safely.
  • Most CA systems scramble and/or randomize transmitted data bits so that unauthorized decoders cannot decode the transmitted data bits. Authorized decoders are delivered a key that initializes the circuit that inverts the data bit randomization. As used herein, the term scrambling may be associated with the pseudo-random inversion of data bits based on a key that is valid for a short period of time. In addition to scrambling, a key may also be transformed into an encrypted key in order to protect it from any unauthorized users. From a cryptographic point of view, this transformation of the key to an encrypted key is the only part of the system that protects the data from a highly motivated pirate or a hacker. As a result, the scrambling portion of the process alone, in the absence of key encryption, may be easily defeated. A CA system is usually associated with a system that implements key encryption and distribution of the encrypted key. The general requirements that a CA system with scrambling and encryption functionality must meet for digital video delivery are as follows: protection against signal piracy, efficient scrambling, flexibility, variety of supported formats, and ease of implementation.
  • With regard to robust protection against signal piracy, it must be difficult for a third party to perform unauthorized reception. In addition, the scrambled signal content must not be understandable. Efficient scrambling of all kinds of signals, as in multimedia broadcasts for example, must be possible and quality must not deteriorate (perceptibly) when these signals are being restored (quality signal restoration). A CA system is also flexible as it may be exercised on an elementary stream-by-stream basis, including the ability to selectively scramble bit streams in a program, if it is desired. Further, various business formats, such as multi-channel services and billing schemes, may be supported with low operating costs, and a private encryption system may be used, for example, by each program provider that is part of the CA system. A CA system with scrambling and encryption functionality may be implemented in standard consumer devices, which also ensures cost effective receivers.
  • With either a conditional access system or a copy protection system, private (secure) keys are nearly always used for scrambling and descrambling high-value content or for protecting highly sensitive transactions. In a CA system, the content scrambling key must be protected. To ensure proper functionality, the CA system should perform scrambling according to the properties of the data for transmission. In addition, the CA system should change the key regularly to maintain the security of the scrambling system, and transmit the key information to the receiver in a secure manner using a hierarchical encryption system. Thirdly, for the purpose of operating fee-based broadcasting service, reception should be controlled according to the details of each user's subscription.
  • Such CA system may be achieved in various ways depending on types of services, required functions, and security. FIG. 1 is a block diagram illustrating a conditional access system utilizing a conventional key ladder system. The configuration of the CA system 100 in FIG. 1 has been recommended by International Telecommunications Union-Radiocommunication Sector (ITU-R). Referring to FIG. 1, there is shown a block diagram of an exemplary conditional access system 100, which may include a scrambler 102, a descrambler 108, encryptors 104 and 106, decryptors 110 and 112, a switch 115, and a viewing enable/disable circuit 114. On the transmit side of the diagram, TX, the compressed audio/video signal 116 may be scrambled by the scrambler 102, utilizing a scrambling key Ks 118, in order to obtain a scrambled broadcast signal 128. Program attribute information 120 may be encrypted by the encryptor 104, utilizing a work key Kw 122, to obtain the entitlement control messages 130. Program subscription information 124 may be encrypted by the encryptor 106, utilizing a master key 126, to obtain the entitlement management messages 132.
  • During signal scrambling in the CA system 100, the scrambling key Ks 118 determines the scrambling pattern. It is common to change the scrambling key at fixed intervals of time, such as every few seconds, to maintain a secure system. The scrambling key 118 must, therefore, be continuously transmitted to the subscriber's receiver. This is achieved in the CA system 100 by encrypting the scrambling key 118 by the encryptor 104 and transmitting it within the entitlement control messages 130. The ECM 130 may also include the program attribute information 120. The program attribute information 120 may be utilized, for example, for determining whether a subscriber is entitled to view a program on the basis of his or her subscription. To prevent the ECM 130, which includes the scrambling key 118, from being understood by a third party, the ECM 130 is encrypted by the encryptor 104 before transmission, by utilizing the work key Kw 122. The work key 122 may be updated on a monthly or yearly basis. The work key 122 is sent to the receiver through the entitlement management messages 132, together with the subscription information 124. The subscription information 124 may also contain any subscription updates for the specific subscriber.
  • Besides being transmitted in-band, the EMM 132 may be transmitted out-of-hand utilizing other media like the Internet, telephone lines, a signaling network, or a smart card. Prior to transmission, the EMM 132 is encrypted by a master key Km 126. A master key is unique to each receiver and its security must be commonly managed among different broadcast operators that use the same type of receiver. This normally may be accomplished by setting up an organization for uniform key management. For example, in the CA system 100 illustrated in FIG. 1, the content scrambling key 118 is protected by the work key 122, which is in turn protected by the master key 126. This key protection “chain” is, sometimes, referred to as a key ladder.
  • On the receive side of the diagram, RX, the same key ladder is utilized in order to decrypt the necessary secure keys and scrambled broadcast audio/video signals 128. The master key 126 may be utilized with the decryptor 112 in order to decrypt the EMM 132 and the work key 122. As a result, the work key 122 is obtained as one of the outputs from the decryptor 112. The decrypted work key 122 may then be utilized by the decryptor 110 to decrypt the ECM 130 and the scrambling key 118. As a result, the scrambling key 118 is obtained as one of the outputs from the decryptor 110. The decrypted scrambling key 118 may then be utilized by the descrambler 108 to descramble the scrambled broadcast signal 128 and obtain the compressed audio/video output 140.
  • Access to the compressed audio/video output 140 by a user is determined in accordance with the user's subscription information 124 and the program attribute information 120. The decryptor 112 decrypts the EMM 132 to obtain decrypted subscription information 125. The decryptor 110 decrypts the ECM 130 to obtain decrypted program attribute information 120. The viewing enable/disable module 114 receives the decrypted subscription information 125 and the decrypted program attribute information 121 and may then determine whether or not a user is entitled to receive the compressed audio/video output 140. If the user is entitled to receive the compressed audio/video output 140 (for example, the user has a valid subscription for a given programming channel), then the viewing enable/disable module 114 issues a control signal 134 activating the switch 115. Once the switch 115 is activated, this allows for the decrypted scrambling key 118 to be entered into the descrambler 108, which in turn allows for the descrambling of the compressed audio/video output 140.
  • FIG. 2 is a block diagram illustrating secure key unwrapping in a conventional key ladder system. Referring to FIG. 2, the key ladder system 200 may comprise a one time programmable (OTP) memory 202, a secure key generating module 204 and a key unwrapping module 206. The key unwrapping module 206 may comprise scramblers 208, 210, 212 and 214. Each of the scramblers 208, 210, 212 and 214 may utilize a symmetric encryption algorithm, for example a Data Encryption Standard (DES), a 3DES, or an Advanced Encryption Standard (AES) type of algorithm, in order to descramble an encrypted key input. The OTP memory 202 in the key ladder system 200 may be adapted to store a root key, for example a key such as the master key 126 in FIG. 1. The root key stored in the OTP memory 202 may be further protected by the secure key-generating module 204. The secure key-generating module 204 may comprise suitable logic, circuitry, and/or code that may be adapted to scramble, or otherwise further enhance the security of the root key stored in the OTP memory 202.
  • The key unwrapping module 206 may be adapted to “unwrap,” or descramble, various application keys, for example, application key 1, 228, and application key 2, 230. In order to achieve this, the key unwrapping module 206 may utilize several encrypted keys, for example, encrypted key 1, 216, encrypted key 2, 218, encrypted key 3, 220, and encrypted key 4, 222. Once the root key stored in the OTP memory 202 is scrambled by the secure key-generating module 204, the scrambled root key 205 may be utilized by the scrambler 208 in order to decrypt the encrypted key 1, 216, and obtain a decrypted key 224. The decrypted key 224 may comprise, for example, a work key. The decrypted key 224 may be utilized by the scrambler 210 in order to decrypt encrypted key 2, 218, and obtain the decrypted key 226. The decrypted key 226 may comprise, for example, a scrambling key.
  • The decrypted key 226 may be utilized by the scrambler 212 in order to decrypt encrypted key 3, 220, and obtain the decrypted application key 1, 228. Similarly, the decrypted application key 228 may be utilized by the scrambler 214 in order to decrypt encrypted key 4, 222, and obtain the decrypted application key 2, 230. Decrypted application keys 228 and 230 may be further utilized for various functions, for example, for copy protection of broadcast signals. The key ladder in the key unwrapping module 206 may be adapted to have varying levels of protection by increasing the number of the encrypted keys and the corresponding scramblers, and by utilizing each previously decrypted application key in a subsequent decryption of a following encrypted key. The key ladder may be utilized to “unwrap” a master key, a work key and a scrambling key. The master key, work key and scrambling key may then be utilized to decrypt one or more application keys.
  • Even though the key unwrapping module 206 may provide increasing level of protection by increasing the number of scramblers and encrypted keys, it may be difficult to determine whether or not the received encrypted keys in the key ladder system 200 of FIG. 2 have been manipulated by unauthorized parties.
  • When encrypted data is transmitted over an insecure channel, the transmitting and/or the receiving party may need the ability to monitor such communication and obtain verification of the identity of the other party, and of the integrity and origin of the encrypted data that was transmitted.
  • With either a conditional access system or a copy protection system, security keys may be generated either on the transmit or the receive side of a fee-based video broadcasting system. The generated security keys may be utilized in the encryption/decryption of other keys, for example. In order for a security key to be properly utilized by a destination module, the security key may be paired with address information of the destination module it is intended for. The security key data path from generation, distribution and use by a destination module, however, may be susceptible to security breach since the only pairing used is the addressability of the security key to the destination module.
  • Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of skill in the art, through comparison of such systems with some aspects of the present invention as set forth in the remainder of the present application with reference to the drawings.
    • BRIEF SUMMARY OF THE INVENTION
  • Certain embodiments of the invention may be found in a system and method for security key transmission with strong pairing to destination client. Aspects of the method may include pairing a rule with a security key and its associated address, and sending the rule along with the security key and the associated address to a destination. The rule may define permissible usage by a destination module defined by the associated address and may comprise a command word, which may be implemented by a data structure. The data structure may be associated with a permissible algorithm type, a security key size, and/or a security key source. A failure report may be received from the destination if the sent rule is violated. The security key may be generated by an on-chip key generator, an off-chip device, and/or software. The rule, along with the security key and the associated address, may be serially transmitted to one or more destinations. The rule may be compared with an algorithm configuration at the at least one destination. If the rule does not match the algorithm configuration, an error message may be generated by the destination. If the rule does not match the algorithm configuration, the security key may be invalidated by the destination.
  • Another aspect of the invention may provide a machine-readable storage, having stored thereon, a computer program having at least one code section executable by a machine, thereby causing the machine to perform the steps as described above for security key transmission with strong pairing to a destination client.
  • In yet a different aspect of the invention, a system for security key transmission with strong pairing to a destination client may include a rule paired with a security key and its associated address, and a serializer that sends the rule along with the security key and the associated address to at least one destination. The rule may define permissible usage by a destination module defined by the associated address and may comprise a command word. A data structure may be utilized to define various attributes of the command word. The data structure may be associated with a permissible algorithm type, a security key size, and/or a security key source. A failure report may be received from the destination if the sent rule is violated. A generator comprising an on-chip key generator, an off-chip device, and/or software, may be used to generate the security key. The serializer may serially transmit the rule along with the security key and the associated address to the at least one destination. A destination module processor may compare the rule with an algorithm configuration at the at least one destination. If the rule does not match the algorithm configuration, the destination module processor may generate an error message and may invalidate the security key.
  • These and other advantages, aspects and novel features of the present invention, as well as details of an illustrated embodiment thereof, will be more fully understood from the following description and drawings.
    • BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS
  • FIG. 1 is a block diagram illustrating conditional access system utilizing a conventional key ladder system.
  • FIG. 2 is a block diagram illustrating secure key unwrapping in a conventional key ladder system.
  • FIG. 3 is a block diagram illustrating secure key unwrapping and signature verification system, in accordance with an embodiment of the present invention.
  • FIG. 4A is a block diagram of an exemplary system for secure key generation, secure key signing and secure key encryption, in accordance with an embodiment of the present invention.
  • FIG. 4B is a block diagram of an exemplary system for secure key decryption and secure key signature verification, in accordance with an embodiment of the present invention.
  • FIG. 5 is a block diagram of an exemplary system for security key generation and transmission with strong pairing to destination client, in accordance with an embodiment of the present invention.
  • FIG. 6 is a block diagram illustrating exemplary security architecture in an application specific integrated circuit (ASIC) utilizing the security key generation and transmission system of FIG. 5, for example, in accordance with an embodiment of the present invention.
  • FIG. 7 is a flow diagram of a method for security key transmission with strong pairing to destination client, in accordance with an embodiment of the present invention.
    •  DETAILED DESCRIPTION OF THE INVENTION
  • In conventional security key generation and transmission systems, a generated security key may be associated only with an address indicating the destination module that will utilize the security key. Strong pairing may be achieved by pairing the security key and its associated address with a security command, and subsequently transmitting the security key together with the security command and the associated address to a destination module. The security command may then be utilized by the destination module to ascertain the authenticity of the security key and compliance with applicable pairing rules.
  • Certain aspects of the invention may be found in a system and method for security key transmission with strong pairing to destination client. A security key may be generated by an on-chip key generator, an off-chip device, and/or software. A rule may then be paired with the security key and an address associated with the security key. The rule may define permissible usage by a destination module, which is defined by the associated address. The rule may comprise a command word, which may be implemented using a data structure associated with a permissible algorithm type, a security key size, and/or a security key source. The rule, the security key and the address may be transmitted to the destination module where the rule may be compared with an algorithm configuration. If the rule does not match the algorithm configuration, an error message may be generated by the destination module, and the security key may be invalidated. Strong pairing, therefore, may be achieved for the entire security key data path, including generation, distribution and use by a destination module, by pairing a rule (or a security word) with a security key and its corresponding address associated with a destination module.
  • FIG. 3 shows a block diagram illustrating a secure key unwrapping and signature verification system, in accordance with an embodiment of the present invention. Referring to FIG. 3, the key ladder system 500 may comprise a one time programmable (OTP) memory 502, a secure key generating module 504 and a key unwrapping and signature verification module 506.
  • The key unwrapping and signature verification module 506 may be adapted to “unwrap”, or descramble, various application keys, for example, application key 1, 528, and application key 2, 530. In order to achieve this, the key unwrapping and signature verification module 506 may utilize several encrypted and signed keys, for example, encrypted and signed key 1, 516, encrypted and signed key 2, 518, encrypted and signed key 3, 520, and encrypted and signed key 4, 522. In accordance with an aspect of the present invention, the encrypted and signed keys 516, 518, 520 and 522 may have been initially signed by a transmitting entity utilizing an asymmetric encryption algorithm, such as a public key algorithm, for example a Rivest-Shamir-Adleman (RSA), a Digital Signature Algorithm (DSA), or an Elliptic Curve Cryptography (ECC) type of algorithm. The signed keys may then have been encrypted utilizing a symmetric encryption algorithm, such as a DES, a 3DES, or an AES type of algorithm.
  • The key unwrapping and signature verification module 506; may comprise scrambler and signature verifiers 508, 510, 512 and 514. Each of the scrambler and signature verifiers 508, 510, 512 and 514 may comprise suitable logic, circuitry and/or code that may be adapted to utilize a symmetric encryption algorithm, for example a DES, a 3DES, or an AES type of algorithm, in order to descramble an encrypted signed key input. Each of the scrambler and signature verifiers 508, 510, 512 and 514 may also be adapted to utilize a public key algorithm, for example an RSA, a DSA, or an EC type of algorithm, in order to verify a decrypted signed key.
  • The OTP memory 502 in the key ladder system 500 may be adapted to store a root key, for example a master key. The root key stored in the OTP memory 502 may be further protected by the secure key-generating module 504. The secure key-generating module 504 may comprise suitable logic, circuitry and/or code that may be adapted to scramble, or otherwise further enhance the security of the root key stored in the OTP memory 502.
  • Once the root key stored in the OTP memory 502 is scrambled by the secure key-generating module 504, the scrambled root key 505 may be utilized by the scrambler and signature verifier 508 in order to decrypt, and verify the signature of, the encrypted and signed key 1, 516. In this way, the generated decrypted key 524 may be verified. The decrypted and verified key 524 may comprise, for example, a work key. The decrypted and verified key 524 may be utilized by the scrambler 510 in order to decrypt, and verify the signature of, encrypted and signed key 2, 518, and to obtain the decrypted and verified key 526. The decrypted and verified key 526 may comprise, fir example, a scrambling key.
  • The decrypted and verified key 526 may be utilized by the scrambler 512 in order to decrypt, and verify the signature of, encrypted and signed key 3, 220, and to obtain the decrypted and verified application key 1, 528. Similarly, the decrypted and verified application key 528 may be utilized by the scrambler 514 in order to decrypt, and verify the signature of, encrypted and signed key 4, 522, and to obtain the decrypted and verified application key 2, 530. Decrypted and verified application keys 528 and 530 may be further utilized for various functions, for example, for copy protection of broadcast signals. In accordance with an aspect of the present invention, the key ladder in the key unwrapping and signature verification module 506 may be adapted to have varying levels of protection by increasing the number of the encrypted and signed keys and the corresponding scramblers, and by utilizing each previously decrypted and verified application key in a subsequent decryption of a following encrypted and signed key. The key ladder may be utilized to “unwrap” a signed and encrypted master key, a signed and encrypted work key and a signed and encrypted scrambling key. The master key, work key and scrambling key may then be utilized to decrypt one or more application keys.
  • In accordance with an embodiment of the present invention, strong pairing may be utilized in the secure key unwrapping and signature verification system 500. More specifically, strong pairing may be utilized along the security key datapath from the (YIP memory 502, where root keys are stored, up until application keys 528 and 530 are generated in the key unwrapping and signature verification module 506.
  • FIG. 4A illustrates a block diagram of an exemplary system for secure key generation, secure key signing and secure key encryption, in accordance with an embodiment of the present invention. Referring to FIG. 4A, the exemplary system 600 may comprise a key table 602, a transmit server database 612, a key signing module 614, an input register 616, a secure master key generating module 604, a selector 606, an encryptor 608, and intermediate destination registers 610.
  • The transmit server database 612 may comprise suitable logic, circuitry and/or code that may be adapted to generate a plurality of secure keys, for example, master decryption keys 618. Master decryption keys 618 may comprise a master key K1620 and master key K2622. In accordance with an aspect of the present invention, the master decryption keys 618 may be utilized in the encryption and decryption of one or more secure keys, for example, a work key and/or a scrambling key.
  • Once master decryption keys 618 are generated by the transmit server database 612, the master decryption keys 618 may be stored in a key table 602. Each of the master decryption keys 620 and 622 may comprise a fixed number of bits. For example, master decryption keys 620 and 622 may each occupy two M-bit cells in the key table 602. The key table 602 may be part of a random access memory (RAM), such as a DRAM or SRAM, for example. The key table 602 may also be adapted to store a plurality of master decryption keys.
  • Once the master decryption keys are stored in the key table 602, the master decryption keys 618 may be sent to the secure master key generating module 604. The secure master key generating module 604 may comprise suitable logic, circuitry and/or code that may be adapted to further enhance the security of master decryption keys K1620 and K2622. In accordance with an aspect of the present invention, the secure master key generating module 604 may comprise an encryptor or a scrambler. The secure master key generating module 604 may enhance the security of master decryption keys K1620 and K2622, and may generate a secure master decryption key K1 624 and a secure master decryption key K2 626.
  • The transmit server database 612 may also generate a plurality of secure keys 636, which may be communicated from the transmit server database 612 to the key signing module 614. The key-signing module 614 may comprise suitable logic, circuitry and/or code that may be adapted to “sign” the secure keys 636 and generate signed secure keys 638. In accordance with an aspect of the present invention, the key-signing module may utilize a symmetric encryption algorithm and/or an asymmetric encryption algorithm to generate the signed secure keys 638. The signed secure keys 616 may then be stored in an input register 616, prior to being communicated to the encryptor 608.
  • The selector 606 may comprise suitable logic, circuitry and/or code that may be adapted to select from one or more inputs and generate one or more outputs. In accordance with an aspect of the present invention, the selector 606 may be a 2:1 selector and may generate three outputs from any two received inputs. For example, the secure master decryption keys 624 and 626 may be utilized by the selector 606 as inputs to generate an output with the secure master decryption key 624 selected twice and the secure master decryption key 626 selected once.
  • The encryptor 608 may comprise suitable logic, circuitry and/or code that may be adapted to encrypt any of the signed secure keys 638. In accordance with an aspect of the present invention, the encryptor 608 may comprise a 3DES-Encrypt-Decrypt-Encrypt (EDE) or Decrypt-Encrypt-Decrypt (DED) encryption engine. The encryptor 608 may utilize the secure master decryption key output from the selector 606 and encrypt the signed secure keys 638 to obtain encrypted and signed keys 632.
  • The encrypted and signed keys 632 may be copied to intermediate destination registers 610 and may be subsequently utilized by the selector 606 and the encryptor 608 for encryption of subsequent signed secure keys 638. For example, the secure master decryption keys 624 and 626 may be utilized by the selector 606 and the encryptor 608 only once, for the encryption of a first pair of signed secure keys received by the encryptor 608. The resulting encrypted and signed secure keys 628 and 630 may be stored in intermediate destination registers 610 prior to their utilization by the selector 606 and the encryptor 608 for the encryption of a second, subsequent pair of signed secure keys.
  • As the key generation, signing and encryption system 600 generates encrypted and signed keys 632, the secure key ladder protection increases since the number of generated encrypted and signed keys 632 increases. As the encrypted and signed keys 632 are generated, they may be transmitted from an output location 634.
  • In accordance with an embodiment of the present invention, strong pairing may be utilized in the exemplary system 600 for secure key generation, secure key signing and secure key encryption. More specifically, strong pairing may be utilized along the security key data path from the moment security keys are generated by the transmit server database 612, or the secure master key generating module 604, until encrypted and signed security keys are transmitted out from the output location 634.
  • Referring now to FIG. 4B, there is illustrated a block diagram of an exemplary system for secure key decryption and secure key signature verification in accordance with an embodiment of the present invention. The exemplary system for secure key decryption and secure key signature verification 650 may comprise a one-time programmable non-volatile memory (OTP NVM) 652, a secure master key generating module 654, a CPU 653, an input register 672, a selector 656, a decryptor 658, an input register 660, a signature verification module 662, an intermediate destination register 664, a switch 668 and final destination registers 670.
  • The OTP NVM 652 may comprise a random access memory (RAM), such as a DRAM or SRAM, for example. The OTP NVM 652 may be adapted to store, for example, read-only data 674, keys 676, and an enable bit 678. The keys 676 may comprise master decryption keys 681 and 680. The master decryption keys 681 and 680 may each occupy, for example, an even number of bits in the OTP NVM 652. More specifically, the master decryption keys 680 and 681 may each occupy two M-bit cells in the OTP NVM 652. The read-only data 674 of the OTP NVM 652 may comprise chip identification information and other read-only information that may be accessed by the CPU 653. The CPU 653 may be, for example, a microprocessor, a microcontroller or other type of processor.
  • The master decryption keys 680 and 681 may be sent to the secure master key generating module 654. The secure master key generating module 654 may comprise suitable logic, circuitry and/or code that may be adapted to further enhance the security of the master decryption keys 680 and 681. In accordance with an aspect of the present invention, the secure master key generating module 654 may comprise an encryptor, or a scrambler, that may receive master decryption keys 682 as input. Master decryption keys 682 may comprise master decryption key 680 and master decryption key 681. The secure master key generating module 654 may enhance the security of master decryption key 680 and master decryption key 681 and may generate a secure master decryption key K1 683 and secure master decryption key K2 684.
  • The selector 656 may comprise suitable logic, circuitry and/or code that may be adapted to select from one or more inputs and generate one or more outputs. In accordance with an aspect of the present invention, the selector 656 may be, for example, a 2:1 selector and may generate three outputs from any two received inputs. For example, the secure master decryption keys K1 and K2, 683 and 684 respectively, may be utilized by the selector 656 as inputs to generate an output. For example, the secure master decryption key 683 may be selected twice and the secure master decryption selected once.
  • The secure key decryption and secure key signature verification system 650 may be adapted to receive encrypted and signed keys 646. The encrypted and signed keys 646 may be generated, for example, by a secure key generation, secure key signing and secure key encryption system, such as the system illustrated on FIG. 6A. Once received by the secure key decryption and secure key verification system 650, the encrypted and signed keys 646 may be stored in an input register 672. The encrypted and signed keys 646 may then be transmitted to the decryptor 658. In accordance with an aspect of the present invention, the encrypted and signed keys 646 may comprise multiples of 64-bits, for example, and may include at least one of an encrypted key, a key destination and/or a key signature.
  • The decryptor 658 may comprise suitable logic, circuitry and/or code that may be adapted to decrypt any of the encrypted and signed keys 646. In accordance with an aspect of the present invention, the encryptor 658 may comprise a 3DES-Encrypt-Decrypt-Encrypt (EDE) and/or Decrypt-Encrypt-Decrypt (DED) decryption engine. The decryptor 658 may utilize the secure master decryption keys K1 and K2, 683 and 684 respectively, generated as an output of the selector 656. The decryptor 658 generates as output unwrapped decrypted keys 688 and signature bytes 690.
  • The unwrapped decrypted keys 688 may be communicated to the intermediate destination registers 664, and may subsequently be utilized by the selector 656 and the decryptor 658 for decryption of subsequent encrypted and signed keys 646. For example, the secure master decryption key K1 683 and the secure master decryption key K2 684 may be utilized by the selector 656 and the decryptor 658 only once, for the decryption of a first pair of encrypted and signed keys 646 that may be received by the decryptor 658. The resulting unwrapped decrypted keys K1 686 and K2 685 may be stored in the intermediate destination registers 664. The unwrapped decrypted keys 685 and 686 may then be utilized by the selector 656 and decryptor 658 for the decryption of a second subsequent pair of encrypted and signed keys 646 that may be received by the decryptor 658. This loop process may continue until all encrypted and signed keys of the received key ladder are unwrapped and decrypted.
  • After decryption of the encrypted and signed keys 646 by the decryptor 658, the signature bytes 690 of each of the encrypted and signed keys are generated as output from the decryptor 658. The signature bytes 690 may then be entered into the signature verification module 652. The signature verification module 652 may comprise suitable logic, circuitry and/or code but may be adapted to verify the authenticity of the signature bytes 690. In accordance with an aspect of the present invention, the signature verification module 662 may utilize an asymmetric encryption algorithm, such as a public key encryption algorithm, in order to verify the received signature bytes 690. A verification key 687 may be loaded by the CPU 653. A verification key 687 may comprise for example, a public key that may be utilized to verify the signature 690. The verification key 687 may be initially stored in an input register 660. The signature verification module 662 may utilize the verification key (public key) 687 in order to verify the received signature 690. As a result, an enabled/disabled signal 691 may be generated by the signature verification module 662. The enabled/disabled signal 691 may then be communicated to the switch 668.
  • The switch 668 may receive the unwrapped decrypted key 688 and may allow, or reject, a further transmission of the unlocked decrypted keys 688 through the final destination registers 670. If the command 691 comprises an enable command, the unwrapped decrypted key 688 may be transmitted to the final destination registers 670 for any further processing. If the command 691 comprises a disable command, then the unwrapped decrypted keys 688 may not be transmitted to the final destination registers 670. A disable command 691 may be generated, for example, if the signature verification module 690 ascertains that the signature 690 is not verified. The signature 690 may be unverifiable if, for example, the encrypted and signed keys 646 had been manipulated by an attacker during their transmission to the secure key decryption and secure key verification system 650. Verification of the signature 690 by the signature verification module 662 may be enabled or disabled with the help of the enable bit 678. The bit 678 may comprise a multi-stage programming (MSP) bit. For example, an enable bit 678 may be set to a predetermined value so that the signature verification module 662 is activated and the signature 690 may be verified.
  • In an embodiment of the present invention, cryptography algorithms may be utilized to encrypt and/or decrypt data. In addition, security keys may be utilized to enhance the authentication process. A strong pairing may exist between the various keys and the destination modules where the keys may be used. This strong pairing may be utilized to add more security and authenticity in the transmission of a security key to the destination module associated with the key. For example, strong pairing may be utilized in the secure key decryption and secure key verification system 650. More specifically, strong pairing may be utilized along the security key data path from the moment security keys are received by the input register 672, or generated by the secure master key generating module 654, until unwrapped and decrypted keys are communicated to the final destination registers 670.
  • FIG. 5 is a block diagram of an exemplary system 700 for security key generation and transmission with strong pairing to destination client, in accordance with an embodiment of the present invention. Referring to FIG. 5, the system 700 may comprise an internal key generator 701, an external key generator 703, a security key sequence 705, and a destination module 715. The security key sequence 705 may comprise a security key 707, which may be paired with a security command 709 and a destination address 711. The internal key generator 701 may be disposed within a circuit utilizing a security key, such as an application specific integrated circuit (ASIC), for example, and may comprise suitable logic, circuitry and/or code that may be adapted to generate security keys. The external key generator 703 may be disposed outside the circuit utilizing a generated security key, for example, and may comprise suitable logic, circuitry and/or code that may be adapted to generate security keys.
  • In operation, a security key 707 may be generated by the internal key generator 701 or by the external key generator 703. The generated security key 707 may be associated with a destination address 711 indicating the destination module 715. The key 707 and its associated destination address 711 may be paired with the security command 709 to form the security key sequence 705. The security command may comprise a rule, where the rule may be associated with characteristics of the destination module 715, for example. More specifically, the security command 709 may relate to attributes and/or permissible usages of the security key 707 that may be transmitted along with it. The security command 709 may include encryption/decryption method for which the security key 707 may be used, the size of the security key 707, and/or information on the method used to calculate the security key 707.
  • After the security key sequence 705 is formed, it may be communicated to the destination module 715 via the transmission bus 713. The transmission bus 713 may comprise a serial transmission bus, for example. In an aspect of the present invention, multiple destination modules may receive a security key sequence, such as the security key sequence 705, and it may be determined on the basis of the security command within the security key sequence which destination module is to process the received security key.
  • Strong pairing between the source of the security key 707 and the destination module 715 may be achieved by the pairing of the security key 707 and the destination address 711 with the security command 709 prior to communicating the security key sequence 705 to the destination module 715. The pairing of the security key 707 with destination-related characteristics indicated by the security command 709, may provide a strong pairing for the entire security key data path in the system 700, from generation of the security key 707, distribution (communication) of the security key 709, and use of the security key 707 by the destination module 715.
  • FIG. 6 is a block diagram illustrating exemplary security architecture in an application specific integrated circuit (ASIC) utilizing the security key generation and transmission system of FIG. 5, for example, in accordance with an embodiment of the present invention. Referring to FIG. 6, the ASIC 832 may comprise a CPU 834, a transport core 802, and external security clients 821, 823, and 825. The external security clients 821, 823, and 825 may comprise deserializers 832, 834, and 836, respectively. The transport core 802 may comprise a security top 804 and internal security clients 808, 810, and 812. The internal security clients 808, 810, and 812 may comprise deserializers 826, 828, and 830, respectively. The security top 804 may comprise a transport key serializer 807, an internal key generator 801, a register control 806, a key route and control logic 805, an external key interface 803, and key serializers 811, 813, and 815.
  • A set-top box (STB) may comprise an ASIC, such as the ASIC 832, and the ASIC may be adapted to utilize a security key generation and transmission system, such as the security key generation and transmission system of FIG. 7, to achieve strong pairing with a destination client. The ASIC 832 may comprise suitable logic, circuitry and/or code and may be adapted to handle audio/video satellite or terrestrial data, storing such data on disk, and/or displaying such data on a monitor, such as a television monitor.
  • The transport core 802 within the ASIC 832 may comprise suitable logic, circuitry and/or code adapted to pre-process audio/video data received from an ASIC interface, for example, or from a source such as memory (e.g., data retrieved from memory). The security top 804 within the transport core 802 may be adapted to perform security key calculation functions inside the transport core 802, such as any functions necessary to achieve strong pairing between a security key and a destination module.
  • The internal key generator 801 may comprise suitable logic, circuitry and/or code and may be adapted to generate security keys. Security keys may also be generated by a key generator outside the ASIC 832 and may then be communicated to the external key interface 803 via the connection 804.
  • The key serializers 807, 811, 813, and 815 may comprise suitable logic, code and/or circuitry for pairing a security key and its associated destination module address with a security command to form a security key sequence, and subsequently transmitting the prepared security key sequence. For example, the key serializer 811 may be adapted to transmit a 256-bit security key and the security key may be calculated 32 bits at a time. The key serialize 811, therefore, may be adapted to hold all intermediate 32-bit portions until the entire 256-bit security key is available and ready for transmission.
  • The address portion in each security key sequence may be configured via register writes from the CPU 834. The CPU register writes may be communicated to the key serializer 811 via the register control 806. The security command within a security key sequence prepared by a key serializer may be determined by either CPU register writes, or by hardcoding of values based on the way the security key was calculated or generated. When a segment of the security command is hardcoded, a register write may not be utilized to specify the value of that segment. For example, if a security key has been received externally via the external key interface 803, two bits in the security key command may be hardcoded to indicate the source of the security key, i.e.; an external source.
  • The key serializers 807, 811, 813, and 815 may utilize security keys generated by the internal key generator 801 or security keys received externally via the connection 804 and the external key interface 803. The key serializers 807, 811, 813, and 815 may be separated according to the security clients that they may be adapted to service. For examples, the external security clients 821, 823, and 825 may be involved in different operations—the external security client 821 may operate a specific software, for example, related to disk drive operation, and the external security clients 823 and 825 may be involved in different operations, which may not require sharing of a key serializer resources. Therefore, for ease of software implementation, for example, each of the security clients 821, 823, and 825 may utilize its own key serializer, 811, 813, and 815, respectively.
  • Similarly, the internal security clients 808, 810, and 812 may require sharing of key serializer resources and, therefore, a single key serializer 807 may be provided to service the internal security clients 808, 810, and 812. In one aspect of the invention, a key serializer may be shared by several deserializers. In this case, a destination address field may be utilized to specify an intended destination of a key. A destination address may also be utilized in a configuration where one key serializer may be connected to only one key deserializer.
  • In another aspect of the invention, the key serializer 807 may be implemented as a plurality of separate serializers, and the key serializers 811, 813, and 815 may be implemented as a single serializer, for example.
  • In yet another aspect of the invention, a security command word may be utilized to invalidate a key transmitted in a prior event. In this case, a security command and an address may be specified. A transmission may be received by a key deserializer, and may be utilized to invalidate a key that may have already been transmitted to the deserializer.
  • Each of the security clients 808, 810, 812, 821, 823, and 825 may be utilized for encrypting and/or decrypting of data. In addition, each of the security clients 808, 810, 812, 821, 823, and 825 may comprises key deserializers 826, 828, 830, 832, 834, and 836, respectively. The key deserializers may comprise suitable logic, circuitry and/or code and may be adapted to receives a security key sequence transmission from a key serializer, and to recover (separate) the security key and the corresponding security command (or rule). After the security key and the security command are separated from the security key sequence in the deserializer, the security client may examine the security command and may determine the way the security key may be utilized and which destination module associated with the security client may utilize it. For example, a destination module associated with a security client may be adapted to utilize only internally generated security keys (i.e., security keys generated by the internal key generator 801, for example). If the security command indicates, for example, that the deserialized security key was calculated using an external key generator, the security client may then indicate that the received security key may not be utilized. In this way, strong pairing between the security key and the destination module may be accomplished.
  • Security clients within the ASIC 832 may be divided into internal security clients and external security clients. The internal security clients 808, 810, and 812 may be utilized for destination modules within the transport core 802, and the external security clients 821, 823, and 825 may be utilized for destination modules outside the transport core 802.
  • The internal security clients 808, 810, and 812 may be utilized for decrypting received data from a content provider, for example. Encrypted data may be received from a satellite or from a terrestrial cable connection, for example. In this way, the internal security clients 808, 810, and 812 may be utilized for the initial decryption of data received by the ASIC 832. In addition, the internal security clients 808, 810, and 812 may be utilized for receiving/transmitting security keys that may be required by destination modules within the transport core 802. The ASIC 832 may utilize multiple internal security clients in order to handle several encrypted data streams. For example, internal security clients 808 and 810 may be utilized to decrypt two encrypted video streams received by the ASIC 832, and the internal security client 812 may be utilized for decrypting a received audio stream.
  • The external security clients 821, 823, and 825 may be utilized in connection with destination modules that are outside of the transport core 802. Each of the external security clients 821, 823, and 825 may be adapted to store more than one security key for different operations. In this way, a security key table may be associated with each external security client. The destination module address portion of each deserialized security key sequence may be used to determine which part of the key table, or which destination module, to populate with the received security key transmission. The external security clients 821, 823, and 825 may also be utilized for any other encryption and/or decryption operation that may be required after received data is decrypted. Once received and encrypted data has been decrypted within the ASIC 832 with the help of a security key, there may be requirements of how a decrypted data may be stored into memory, how it may be stored on a hard disk, and how it may be transmitted over a network. For example, a subsequent encryption may be required prior to storing into memory, storing on a hard drive, or transmitting over a network. All such requirements related to the handling of data may be implemented via the security command transmitted together with the security key.
  • By utilizing the external security clients 821, 823, and 825, rather than the internal security clients 808, 810, and 812, hardware resources utilized to transmit a security key within the ASIC 832 may be minimized. In this way, because of decreased physical distance between the external security clients 821, 823, and 825, and other blocks within the ASIC 832, security key handling may be more efficient. The external security clients 821, 823, and 825 may also be utilized for additional system applications, for example, if decrypted data has to be stored on a disk. An external security client may then be utilized to encrypt data prior to storage. Each of the security clients within the ASIC 832, internal or external security clients, may have a different usage for a security key, and its associated security command, that have been calculated for it.
  • The key route and control logic 805 may be coupled to the internal key generator 801 and the external key interface 803, and may comprise suitable logic, circuitry and/or code for calculating security keys that are available for use. For example, a set of rules may be associated with the permissible ways to use security keys received from the internal key generator 801 or the external key interface 803, and a set of rules determining which destination module security keys may be sent to depending on the way the security key was generated. For example, the key route and control logic 805 may determine which key serializer within the ASIC 832 may be utilized for a specific key obtained from the external key interface 804.
  • The key route and control logic 805 may also provide storage for intermediate results generated by the internal key generator 801 or the external key interface 803 in the security key generation process. In addition, the key route and control logic 805 may receive status signals back from the key serializers 807, 811, 813, and 815. For example, serializer may be in the process of transmitting a security key. During the transmission process, the serializer may also transmit a status message informing the key route and control logic 805 that a new security key may not be currently transmitted. After the serializer completes transmission of the security key, a signal may be sent back to the key route and control logic 805 indicating availability to receive anew key for transmission.
  • The register control 806 may be coupled to the CPU 834 and may comprise suitable logic, circuitry and/or code adapted to configure the internal key generator 801, the external key interface 803 and the key route and control logic 805 to properly complete a security key generating and serializing operation. The register control 806 may configure the operation of the internal key generator 801 before an operation is done. It may also be utilized to initiate generation of a new key. In addition, the register control 806 may be coupled to the CPU 834 inside the ASIC 832, and it may execute instructions on behalf of the CPU 834 for generation of a security key, or an intermediate security key used for subsequent security key generation, for example. The CPU 834 may provide the address portion of a security key sequence which may then be utilized by a security key serializer.
  • In operation, a security key may be generated by the internal key generator 801. A security key may also be generated by a source external to the ASIC 832 and then made available to the ASIC 832 via an interface, for example, the external key interface 803 and the communication path 804. The security key may be assembled via the key route and control logic 805 and may then be distributed to the appropriate destinations via a specialized security key transmission bus, utilizing the transport key serializer 807, and/or key serializers 811, 813, and/or 815. The key serializers 807, 811, 813, and 815 may be utilized to pair the security key and its associated destination module address with a security command to obtain a security key sequence. The key serializers 807, 811, 813, and 815 may then communicate the security key sequence to an internal security client, such as clients 808, 810, and 812, and/or an external security client, such as clients 821, 823, and 825. The key serializers 811, 813, and 815 may comprise, for example, a MEM-MEM key serializer, a MEM-IDE key serializer, and/or a HDMI key serializer. The external security clients 821, 823, and 825 may comprise, for example, a MEM-MEM, a MEM-IDE, and/or a HDMI security clients. U.S. application Ser. No. 10/414,844 filed Mar. 14, 2003 discloses a MEM-3DES-MEM system and is hereby incorporated herein by reference in its entirety, U.S. application Ser. No. 10/414,575 filed Mar. 14, 2003 discloses a MEM-3DES-IDE system and is hereby incorporated herein by reference in its entirety.
  • In an embodiment of the present invention, strong pairing between a security key and a destination may be achieved by pairing a security command (or a data-structure) with the security key and its associated security address to form a security key sequence. The security key sequence may then be transmitted to a destination client. The destination module may then utilize the security key and proceed based on control information contained in the attached data-structure. The data structure may comprise control information, such as, for example, the algorithm type associated with the destination module, size of the security key, and source of the security key. When a destination module receives a security key, it may compare the attached security command (or data-structure) with the selected algorithm configuration. If the algorithm configuration does not match with the security key data-structure, the destination module may report an error and/or initiate an action. For example, the destination module may report corruption of data, and/or initiate an action to resolve the corrupted data.
  • In an embodiment of the present invention, a security key, its associated destination module address, and the tagged security command (or data-structure) may be transmitted serially to the destination module via a specialized serial bus.
  • FIG. 7 is a flow diagram of a method 900 for security key transmission with strong pairing to destination client, in accordance with an embodiment of the present invention. At 901, a security key may be generated. For example, a security key may be generated by an internal key generator on a chip, and/or by an external key generator outside the chip utilizing security key transmission with strong pairing. In addition, a security key may be associated with a destination module address indicating a destination module within or outside the chip. At 903, the generated security key and its associated destination module address may be paired with a rule. The rule may comprise a security command and/or a data-structure.
  • At 905, the rule, together with the security address and its associated destination module address, may be distributed to a destination module. At 907, the rule may be compared with an algorithm configuration at the destination module. At 909, it may be determined whether the rule has been violated, if the rule has been violated, at 911, a failure report may be received from the destination module. At 913, the security key may be invalidated by the destination module. If the rule has not been violated, at 915, the security key may be utilized by the destination module.
  • Accordingly, the present invention may be realized in hardware, software, or a combination of hardware and software. The present invention may be realized in a centralized fashion in at least one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other apparatus adapted for carrying out the methods described herein is suited. A typical combination of hardware and software may be a general-purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.
  • The present invention may also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which when loaded in a computer system is able to carry out these methods. Computer program in the present context means any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: a) conversion to another language, code or notation; b) reproduction in a different material form.
  • While the present invention has been described with reference to certain embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the present invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the present invention without departing from its scope. Therefore, it is intended that the present invention not be limited to the particular embodiment disclosed, but that the present invention will include all embodiments falling within the scope of the appended claims.

Claims (21)

1-34. (canceled)
35. An integrated circuit comprising:
a security client configured to receive a security key sequence comprising a security key and a security command; and
a key serializer configured to generate the security key sequence and transmit the security key sequence to the security client.
36. The integrated circuit of claim 35, further comprising:
a key generator configured to generate the security key,
wherein the key generator and the key serializer are disposed within a security boundary.
37. The integrated circuit of claim 35, wherein the key serializer is disposed within a security boundary, and the security client is disposed outside the security boundary.
38. The integrated circuit of claim 35, wherein the key serializer is disposed within a security boundary, and the security client is disposed inside the security boundary.
39. The integrated circuit of claim 35, wherein the security command comprises an algorithm associated with the security key, and the security client is further configured to compare the algorithm to an algorithm configuration.
40. The integrated circuit of claim 39, wherein the security client is further configured to produce an error message in response to the algorithm being different than the algorithm configuration.
41. The integrated circuit of claim 35, wherein the security key sequence further comprises an address associated with the security client.
42. The integrated circuit of claim 35, wherein the security client comprises a destination module, and the security key sequence further comprises an address associated with the destination module.
43. The integrated circuit of claim 35, wherein the security command comprises permissible usage by the security client.
44. The integrated circuit of claim 35, wherein the security command comprises a security key size.
45. The integrated circuit of claim 35, wherein the security command comprises a security key source.
46. The integrated circuit of claim 35, wherein the security command indicates whether the security client is authorized to use the security key.
47. A method for security key transmission within an integrated circuit, the method comprising:
generating, by a key serializer disposed on the integrated circuit, a security key sequence comprising a security key and a security command;
transmitting, by the key serializer, the security key sequence to a security client disposed on the integrated circuit; and
receiving, by the security client, the security key sequence.
48. The method of claim 47, further comprising:
recovering, by a de-serializer of the security client, the security key and the security command from the security key sequence.
49. The method of claim 47, further comprising:
comparing, by the security client, an algorithm of the security command with an algorithm configuration; and
generating, by the security client, an error message in response to the algorithm being different than the algorithm configuration.
50. The method of claim 47, further comprising:
generating, by a key generator, the security key.
51. A set-top box comprising:
an integrated circuit comprising:
a security client configured to receive a security key sequence comprising a security key and a security command; and
a key serializer configured to generate the security key sequence and transmit the security key sequence to the security client.
52. The set-top box of claim 51, wherein the security client is further configured to decrypt data received from a content provider.
53. The set-top box of claim 51, wherein the security command comprises an algorithm associated with the security key, and the security client is further configured to compare the algorithm to an algorithm configuration.
54. The set-top box of claim 53, wherein the security client is further configured to produce an error message in response to the algorithm being different than the algorithm configuration.
US14/800,242 2004-02-05 2015-07-15 System and Method for Security Key Transmission With Strong Pairing to Destination Client Abandoned US20150319146A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/800,242 US20150319146A1 (en) 2004-02-05 2015-07-15 System and Method for Security Key Transmission With Strong Pairing to Destination Client

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US54258504P 2004-02-05 2004-02-05
US10/871,120 US9094699B2 (en) 2004-02-05 2004-06-18 System and method for security key transmission with strong pairing to destination client
US14/800,242 US20150319146A1 (en) 2004-02-05 2015-07-15 System and Method for Security Key Transmission With Strong Pairing to Destination Client

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10/871,120 Continuation US9094699B2 (en) 2004-02-05 2004-06-18 System and method for security key transmission with strong pairing to destination client

Publications (1)

Publication Number Publication Date
US20150319146A1 true US20150319146A1 (en) 2015-11-05

Family

ID=34681702

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/871,120 Active 2033-06-01 US9094699B2 (en) 2004-02-05 2004-06-18 System and method for security key transmission with strong pairing to destination client
US14/800,242 Abandoned US20150319146A1 (en) 2004-02-05 2015-07-15 System and Method for Security Key Transmission With Strong Pairing to Destination Client

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10/871,120 Active 2033-06-01 US9094699B2 (en) 2004-02-05 2004-06-18 System and method for security key transmission with strong pairing to destination client

Country Status (4)

Country Link
US (2) US9094699B2 (en)
EP (1) EP1562318B1 (en)
CN (1) CN1655495B (en)
TW (1) TWI271079B (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170251022A1 (en) * 2016-02-26 2017-08-31 Fornetix Llc Policy-enabled encryption keys having complex logical operations
CN107896341A (en) * 2017-11-30 2018-04-10 青岛海信电器股份有限公司 The player method and television equipment of a kind of scrambled program
US9967289B2 (en) 2015-03-12 2018-05-08 Fornetix Llc Client services for applied key management systems and processes
US10348485B2 (en) 2016-02-26 2019-07-09 Fornetix Llc Linking encryption key management with granular policy
US10560440B2 (en) 2015-03-12 2020-02-11 Fornetix Llc Server-client PKI for applied key management system and process
US10630686B2 (en) 2015-03-12 2020-04-21 Fornetix Llc Systems and methods for organizing devices in a policy hierarchy
US10757474B2 (en) 2018-04-27 2020-08-25 Twentieth Century Fox Home Entertainment Llc Method and apparatus for protecting data via application of corrupting function and complimentary restitution at video processing endpoints
US10880281B2 (en) 2016-02-26 2020-12-29 Fornetix Llc Structure of policies for evaluating key attributes of encryption keys
US10917239B2 (en) 2016-02-26 2021-02-09 Fornetix Llc Policy-enabled encryption keys having ephemeral policies
US10931653B2 (en) 2016-02-26 2021-02-23 Fornetix Llc System and method for hierarchy manipulation in an encryption key management system
US10965459B2 (en) 2015-03-13 2021-03-30 Fornetix Llc Server-client key escrow for applied key management system and process
US11063980B2 (en) 2016-02-26 2021-07-13 Fornetix Llc System and method for associating encryption key management policy with device activity

Families Citing this family (93)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7519274B2 (en) 2003-12-08 2009-04-14 Divx, Inc. File format for multiple track digital data
US8472792B2 (en) 2003-12-08 2013-06-25 Divx, Llc Multimedia distribution system
US20050172132A1 (en) 2004-01-30 2005-08-04 Chen Sherman (. Secure key authentication and ladder system
US9461825B2 (en) 2004-01-30 2016-10-04 Broadcom Corporation Method and system for preventing revocation denial of service attacks
US9094699B2 (en) * 2004-02-05 2015-07-28 Broadcom Corporation System and method for security key transmission with strong pairing to destination client
US8312267B2 (en) * 2004-07-20 2012-11-13 Time Warner Cable Inc. Technique for securely communicating programming content
US8266429B2 (en) 2004-07-20 2012-09-11 Time Warner Cable, Inc. Technique for securely communicating and storing programming material in a trusted domain
US20060031873A1 (en) * 2004-08-09 2006-02-09 Comcast Cable Holdings, Llc System and method for reduced hierarchy key management
KR100709318B1 (en) * 2005-02-01 2007-04-20 삼성전자주식회사 Method and system for CAS key assignment in digital broadcast service
US7933410B2 (en) * 2005-02-16 2011-04-26 Comcast Cable Holdings, Llc System and method for a variable key ladder
US8468361B2 (en) * 2005-09-21 2013-06-18 Broadcom Corporation System and method for securely provisioning and generating one-time-passwords in a remote device
JP5200204B2 (en) 2006-03-14 2013-06-05 ディブエックス リミテッド ライアビリティー カンパニー A federated digital rights management mechanism including a trusted system
US8627092B2 (en) 2006-03-22 2014-01-07 Lg Electronics Inc. Asymmetric cryptography for wireless systems
US8560829B2 (en) 2006-05-09 2013-10-15 Broadcom Corporation Method and system for command interface protection to achieve a secure interface
US8285988B2 (en) * 2006-05-09 2012-10-09 Broadcom Corporation Method and system for command authentication to achieve a secure interface
US8520850B2 (en) 2006-10-20 2013-08-27 Time Warner Cable Enterprises Llc Downloadable security and protection methods and apparatus
US8732854B2 (en) 2006-11-01 2014-05-20 Time Warner Cable Enterprises Llc Methods and apparatus for premises content distribution
US9064135B1 (en) * 2006-12-12 2015-06-23 Marvell International Ltd. Hardware implemented key management system and method
US20090323971A1 (en) * 2006-12-28 2009-12-31 Munguia Peter R Protecting independent vendor encryption keys with a common primary encryption key
JP5559544B2 (en) 2007-01-05 2014-07-23 ソニック アイピー, インコーポレイテッド Video distribution system including progressive playback
US8621540B2 (en) 2007-01-24 2013-12-31 Time Warner Cable Enterprises Llc Apparatus and methods for provisioning in a download-enabled system
WO2008100009A1 (en) 2007-02-12 2008-08-21 Lg Electronics Inc. Methods and procedures for high speed ue access
US20100023767A1 (en) * 2007-05-18 2010-01-28 Microsoft Corporation API for Diffie-Hellman secret agreement
US8316441B2 (en) * 2007-11-14 2012-11-20 Lockheed Martin Corporation System for protecting information
WO2009065137A1 (en) 2007-11-16 2009-05-22 Divx, Inc. Hierarchical and reduced index structures for multimedia files
US8117447B2 (en) * 2008-01-10 2012-02-14 Industrial Technology Research Institute Authentication method employing elliptic curve cryptography
US20090190762A1 (en) * 2008-01-30 2009-07-30 Andrew Dellow Method and system for preventing generation of decryption keys via sample gathering
US20090208020A1 (en) * 2008-02-15 2009-08-20 Amiram Grynberg Methods for Protecting from Pharming and Spyware Using an Enhanced Password Manager
US8238559B2 (en) * 2008-04-02 2012-08-07 Qwest Communications International Inc. IPTV follow me content system and method
US8270920B2 (en) * 2008-06-05 2012-09-18 Broadcom Corporation Systems and methods for receiving and transferring video information
US8594333B2 (en) * 2008-09-05 2013-11-26 Vixs Systems, Inc Secure key access with one-time programmable memory and applications thereof
US9432184B2 (en) * 2008-09-05 2016-08-30 Vixs Systems Inc. Provisioning of secure storage for both static and dynamic rules for cryptographic key information
US8781127B2 (en) * 2008-09-05 2014-07-15 Vixs Systems, Inc. Device with privileged memory and applications thereof
US9501429B2 (en) * 2008-09-05 2016-11-22 Vixs Systems Inc. Dynamic key and rule storage protection
US10236950B2 (en) 2009-02-27 2019-03-19 Qualcomm Incorporated Video transmission over SDMA
US8385542B2 (en) * 2009-04-27 2013-02-26 Nagrastar L.L.C. Methods and apparatus for securing communications between a decryption device and a television receiver
US9866609B2 (en) 2009-06-08 2018-01-09 Time Warner Cable Enterprises Llc Methods and apparatus for premises content distribution
US9602864B2 (en) 2009-06-08 2017-03-21 Time Warner Cable Enterprises Llc Media bridge apparatus and methods
EP2317767A1 (en) * 2009-10-27 2011-05-04 Nagravision S.A. Method for accessing services by a user unit
JP2011097421A (en) * 2009-10-30 2011-05-12 Panasonic Corp Communication terminal device and content data receiving method
JP5723888B2 (en) 2009-12-04 2015-05-27 ソニック アイピー, インコーポレイテッド Basic bitstream cryptographic material transmission system and method
CN101854362B (en) * 2010-05-21 2014-07-16 中兴通讯股份有限公司 Data card, data card system and method for realizing multimedia service
US9906838B2 (en) 2010-07-12 2018-02-27 Time Warner Cable Enterprises Llc Apparatus and methods for content delivery and message exchange across multiple content delivery networks
US9247312B2 (en) 2011-01-05 2016-01-26 Sonic Ip, Inc. Systems and methods for encoding source media in matroska container files for adaptive bitrate streaming using hypertext transfer protocol
GB2489671A (en) 2011-03-28 2012-10-10 Sony Corp Cryptographic key distribution for IPTV
GB2489672A (en) * 2011-03-28 2012-10-10 Sony Corp Authentication certificate distribution to set top boxes
US8812662B2 (en) 2011-06-29 2014-08-19 Sonic Ip, Inc. Systems and methods for estimating available bandwidth and performing initial stream selection when streaming content
KR101928910B1 (en) 2011-08-30 2018-12-14 쏘닉 아이피, 아이엔씨. Systems and methods for encoding and streaming video encoded using a plurality of maximum bitrate levels
US9467708B2 (en) 2011-08-30 2016-10-11 Sonic Ip, Inc. Selection of resolutions for seamless resolution switching of multimedia content
US8799647B2 (en) 2011-08-31 2014-08-05 Sonic Ip, Inc. Systems and methods for application identification
US8787570B2 (en) 2011-08-31 2014-07-22 Sonic Ip, Inc. Systems and methods for automatically genenrating top level index files
US8909922B2 (en) 2011-09-01 2014-12-09 Sonic Ip, Inc. Systems and methods for playing back alternative streams of protected content protected using common cryptographic information
US8964977B2 (en) 2011-09-01 2015-02-24 Sonic Ip, Inc. Systems and methods for saving encoded media streamed using adaptive bitrate streaming
CA2847855A1 (en) 2011-09-15 2013-03-21 Cubic Corporation Secure key self-generation
US20130179199A1 (en) 2012-01-06 2013-07-11 Rovi Corp. Systems and methods for granting access to digital content using electronic tickets and ticket tokens
US9936267B2 (en) 2012-08-31 2018-04-03 Divx Cf Holdings Llc System and method for decreasing an initial buffering period of an adaptive streaming system
US9565472B2 (en) 2012-12-10 2017-02-07 Time Warner Cable Enterprises Llc Apparatus and methods for content transfer protection
US9191457B2 (en) 2012-12-31 2015-11-17 Sonic Ip, Inc. Systems, methods, and media for controlling delivery of content
US9313510B2 (en) 2012-12-31 2016-04-12 Sonic Ip, Inc. Use of objective quality measures of streamed content to reduce streaming bandwidth
US20140282786A1 (en) 2013-03-12 2014-09-18 Time Warner Cable Enterprises Llc Methods and apparatus for providing and uploading content to personalized network storage
US10368255B2 (en) 2017-07-25 2019-07-30 Time Warner Cable Enterprises Llc Methods and apparatus for client-based dynamic control of connections to co-existing radio access networks
US9066153B2 (en) 2013-03-15 2015-06-23 Time Warner Cable Enterprises Llc Apparatus and methods for multicast delivery of content in a content delivery network
US10397292B2 (en) 2013-03-15 2019-08-27 Divx, Llc Systems, methods, and media for delivery of content
US9906785B2 (en) 2013-03-15 2018-02-27 Sonic Ip, Inc. Systems, methods, and media for transcoding video data according to encoding parameters indicated by received metadata
US9094737B2 (en) 2013-05-30 2015-07-28 Sonic Ip, Inc. Network video streaming with trick play based on separate trick play files
US9380099B2 (en) 2013-05-31 2016-06-28 Sonic Ip, Inc. Synchronizing multiple over the top streaming clients
US9100687B2 (en) 2013-05-31 2015-08-04 Sonic Ip, Inc. Playback synchronization across playback devices
US9313568B2 (en) 2013-07-23 2016-04-12 Chicago Custom Acoustics, Inc. Custom earphone with dome in the canal
US9386067B2 (en) 2013-12-30 2016-07-05 Sonic Ip, Inc. Systems and methods for playing adaptive bitrate streaming content by multicast
US9866878B2 (en) 2014-04-05 2018-01-09 Sonic Ip, Inc. Systems and methods for encoding and playing back video at different frame rates using enhancement layers
US9621940B2 (en) 2014-05-29 2017-04-11 Time Warner Cable Enterprises Llc Apparatus and methods for recording, accessing, and delivering packetized content
US11540148B2 (en) 2014-06-11 2022-12-27 Time Warner Cable Enterprises Llc Methods and apparatus for access point location
EP3134995B1 (en) 2014-08-07 2021-12-22 DivX, LLC Systems and methods for protecting elementary bitstreams incorporating independently encoded tiles
US9935833B2 (en) 2014-11-05 2018-04-03 Time Warner Cable Enterprises Llc Methods and apparatus for determining an optimized wireless interface installation configuration
EP3910904A1 (en) 2015-01-06 2021-11-17 DivX, LLC Systems and methods for encoding and sharing content between devices
CN107251008B (en) 2015-02-27 2020-11-13 帝威视有限公司 System and method for frame replication and frame expansion in live video encoding and streaming
US9986578B2 (en) 2015-12-04 2018-05-29 Time Warner Cable Enterprises Llc Apparatus and methods for selective data network access
US9918345B2 (en) 2016-01-20 2018-03-13 Time Warner Cable Enterprises Llc Apparatus and method for wireless network services in moving vehicles
TWI588676B (en) * 2016-03-07 2017-06-21 Walton Advanced Eng Inc Device pairing method
US10492034B2 (en) 2016-03-07 2019-11-26 Time Warner Cable Enterprises Llc Apparatus and methods for dynamic open-access networks
US10075292B2 (en) 2016-03-30 2018-09-11 Divx, Llc Systems and methods for quick start-up of playback
US10231001B2 (en) 2016-05-24 2019-03-12 Divx, Llc Systems and methods for providing audio content during trick-play playback
US10129574B2 (en) 2016-05-24 2018-11-13 Divx, Llc Systems and methods for providing variable speeds in a trick-play mode
US10148989B2 (en) 2016-06-15 2018-12-04 Divx, Llc Systems and methods for encoding video content
US10164858B2 (en) 2016-06-15 2018-12-25 Time Warner Cable Enterprises Llc Apparatus and methods for monitoring and diagnosing a wireless network
US10498795B2 (en) 2017-02-17 2019-12-03 Divx, Llc Systems and methods for adaptive switching between multiple content delivery networks during adaptive bitrate streaming
US10645547B2 (en) 2017-06-02 2020-05-05 Charter Communications Operating, Llc Apparatus and methods for providing wireless service in a venue
US10638361B2 (en) 2017-06-06 2020-04-28 Charter Communications Operating, Llc Methods and apparatus for dynamic control of connections to co-existing radio access networks
US10643006B2 (en) * 2017-06-14 2020-05-05 International Business Machines Corporation Semiconductor chip including integrated security circuit
GB201807257D0 (en) * 2018-05-02 2018-06-13 Nordic Semiconductor Asa Cryptographic key distribution
US11216575B2 (en) * 2018-10-09 2022-01-04 Q-Net Security, Inc. Enhanced securing and secured processing of data at rest
US10528754B1 (en) * 2018-10-09 2020-01-07 Q-Net Security, Inc. Enhanced securing of data at rest
WO2020191406A1 (en) 2019-03-21 2020-09-24 Divx, Llc Systems and methods for multimedia swarms

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6005938A (en) * 1996-12-16 1999-12-21 Scientific-Atlanta, Inc. Preventing replay attacks on digital information distributed by network service providers
US20020094089A1 (en) * 2000-12-28 2002-07-18 Shigeki Kamiya Data delivery method and data delivery system
US20020126847A1 (en) * 1999-12-22 2002-09-12 Wajs Andrew Augustine Method for operating a conditional access system for broadcast applications
US20020174366A1 (en) * 2000-10-26 2002-11-21 General Instrument, Inc. Enforcement of content rights and conditions for multimedia content
WO2003039153A2 (en) * 2001-10-29 2003-05-08 France Telecom Controlled-access method and system for transmitting scrambled digital data in a data exchange network
US6697489B1 (en) * 1999-03-30 2004-02-24 Sony Corporation Method and apparatus for securing control words
US20050084106A1 (en) * 2002-01-14 2005-04-21 Jilles Venema System for providing time dependent conditional access

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5309516A (en) * 1990-12-07 1994-05-03 Hitachi, Ltd. Group cipher communication method and group cipher communication system
GB9605472D0 (en) * 1996-03-15 1996-05-15 Digi Media Vision Ltd A secure method and apparatus for data transmission in digital video broadcast data services
US6041408A (en) * 1996-06-28 2000-03-21 Hitachi, Ltd. Key distribution method and system in secure broadcast communication
FR2750554B1 (en) * 1996-06-28 1998-08-14 Thomson Multimedia Sa CONDITIONAL ACCESS SYSTEM AND CHIP CARD ALLOWING SUCH ACCESS
US5920626A (en) * 1996-12-20 1999-07-06 Scientific-Atlanta, Inc. Analog/digital system for television services
US6144743A (en) * 1997-02-07 2000-11-07 Kabushiki Kaisha Toshiba Information recording medium, recording apparatus, information transmission system, and decryption apparatus
PL186325B1 (en) 1997-03-21 2003-12-31 Canal Plus Sa Transmit-receive system and conditional access system therefor
AU8823698A (en) 1997-08-01 1999-02-22 Scientific-Atlanta, Inc. Encryption devices for use in a conditional access system
US7143438B1 (en) * 1997-09-12 2006-11-28 Lucent Technologies Inc. Methods and apparatus for a computer network firewall with multiple domain support
US20030037235A1 (en) * 1998-08-19 2003-02-20 Sun Microsystems, Inc. System for signatureless transmission and reception of data packets between computer networks
US6038322A (en) * 1998-10-20 2000-03-14 Cisco Technology, Inc. Group key distribution
US6760752B1 (en) * 1999-06-28 2004-07-06 Zix Corporation Secure transmission system
US6985431B1 (en) * 1999-08-27 2006-01-10 International Business Machines Corporation Network switch and components and method of operation
JP3570311B2 (en) * 1999-10-07 2004-09-29 日本電気株式会社 Wireless LAN encryption key update system and update method thereof
US7127069B2 (en) * 2000-12-07 2006-10-24 Igt Secured virtual network in a gaming environment
US20030061405A1 (en) * 2001-08-15 2003-03-27 Open Technologies Group, Inc. System, method and computer program product for protocol-independent processing of information in an enterprise integration application
JP2003101570A (en) * 2001-09-21 2003-04-04 Sony Corp Communication processing system and method, and its server device and computer program
US8312265B2 (en) * 2001-12-11 2012-11-13 Pinder Howard G Encrypting received content
US7181010B2 (en) * 2002-05-24 2007-02-20 Scientific-Atlanta, Inc. Apparatus for entitling remote client devices
US7861082B2 (en) * 2002-05-24 2010-12-28 Pinder Howard G Validating client-receivers
EP1395015B1 (en) * 2002-08-30 2005-02-02 Errikos Pitsos Method, gateway and system for transmitting data between a device in a public network and a device in an internal network
JP3742056B2 (en) * 2002-12-19 2006-02-01 株式会社バッファロー Wireless network access authentication technology
US20040177369A1 (en) * 2003-03-06 2004-09-09 Akins Glendon L. Conditional access personal video recorder
US20050066355A1 (en) * 2003-09-19 2005-03-24 International Business Machines Corporation System and method for satellite broadcasting and receiving encrypted television data signals
US7509674B2 (en) * 2003-10-07 2009-03-24 Alcatel Lucent Access control listing mechanism for routers
US9094699B2 (en) * 2004-02-05 2015-07-28 Broadcom Corporation System and method for security key transmission with strong pairing to destination client

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6005938A (en) * 1996-12-16 1999-12-21 Scientific-Atlanta, Inc. Preventing replay attacks on digital information distributed by network service providers
US6697489B1 (en) * 1999-03-30 2004-02-24 Sony Corporation Method and apparatus for securing control words
US20020126847A1 (en) * 1999-12-22 2002-09-12 Wajs Andrew Augustine Method for operating a conditional access system for broadcast applications
US20020174366A1 (en) * 2000-10-26 2002-11-21 General Instrument, Inc. Enforcement of content rights and conditions for multimedia content
US20020094089A1 (en) * 2000-12-28 2002-07-18 Shigeki Kamiya Data delivery method and data delivery system
WO2003039153A2 (en) * 2001-10-29 2003-05-08 France Telecom Controlled-access method and system for transmitting scrambled digital data in a data exchange network
US20040243803A1 (en) * 2001-10-29 2004-12-02 Andre Codet Controlled-access method and system for transmitting scrambled digital data in a data exchange network
US20050084106A1 (en) * 2002-01-14 2005-04-21 Jilles Venema System for providing time dependent conditional access

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11470086B2 (en) 2015-03-12 2022-10-11 Fornetix Llc Systems and methods for organizing devices in a policy hierarchy
US9967289B2 (en) 2015-03-12 2018-05-08 Fornetix Llc Client services for applied key management systems and processes
US10560440B2 (en) 2015-03-12 2020-02-11 Fornetix Llc Server-client PKI for applied key management system and process
US10567355B2 (en) 2015-03-12 2020-02-18 Fornetix Llc Server-client PKI for applied key management system and process
US10630686B2 (en) 2015-03-12 2020-04-21 Fornetix Llc Systems and methods for organizing devices in a policy hierarchy
US10965459B2 (en) 2015-03-13 2021-03-30 Fornetix Llc Server-client key escrow for applied key management system and process
US11924345B2 (en) * 2015-03-13 2024-03-05 Fornetix Llc Server-client key escrow for applied key management system and process
US20210226786A1 (en) * 2015-03-13 2021-07-22 Fornetix Llc Server-client key escrow for applied key management system and process
US10880281B2 (en) 2016-02-26 2020-12-29 Fornetix Llc Structure of policies for evaluating key attributes of encryption keys
US10860086B2 (en) * 2016-02-26 2020-12-08 Fornetix Llc Policy-enabled encryption keys having complex logical operations
US20170251022A1 (en) * 2016-02-26 2017-08-31 Fornetix Llc Policy-enabled encryption keys having complex logical operations
US10917239B2 (en) 2016-02-26 2021-02-09 Fornetix Llc Policy-enabled encryption keys having ephemeral policies
US10931653B2 (en) 2016-02-26 2021-02-23 Fornetix Llc System and method for hierarchy manipulation in an encryption key management system
US20210072815A1 (en) * 2016-02-26 2021-03-11 Fornetix Llc Policy-enabled encryption keys having complex logical operations
US11063980B2 (en) 2016-02-26 2021-07-13 Fornetix Llc System and method for associating encryption key management policy with device activity
US10348485B2 (en) 2016-02-26 2019-07-09 Fornetix Llc Linking encryption key management with granular policy
US11537195B2 (en) * 2016-02-26 2022-12-27 Fornetix Llc Policy-enabled encryption keys having complex logical operations
US11700244B2 (en) 2016-02-26 2023-07-11 Fornetix Llc Structure of policies for evaluating key attributes of encryption keys
WO2017147317A1 (en) * 2016-02-26 2017-08-31 Fornetix Llc Policy-enabled encryption keys having complex logical operations
CN107896341A (en) * 2017-11-30 2018-04-10 青岛海信电器股份有限公司 The player method and television equipment of a kind of scrambled program
US10757474B2 (en) 2018-04-27 2020-08-25 Twentieth Century Fox Home Entertainment Llc Method and apparatus for protecting data via application of corrupting function and complimentary restitution at video processing endpoints

Also Published As

Publication number Publication date
TW200601773A (en) 2006-01-01
US9094699B2 (en) 2015-07-28
EP1562318B1 (en) 2019-10-02
CN1655495A (en) 2005-08-17
US20050177741A1 (en) 2005-08-11
TWI271079B (en) 2007-01-11
EP1562318A1 (en) 2005-08-10
CN1655495B (en) 2011-06-08

Similar Documents

Publication Publication Date Title
US9094699B2 (en) System and method for security key transmission with strong pairing to destination client
US9608804B2 (en) Secure key authentication and ladder system
US9461825B2 (en) Method and system for preventing revocation denial of service attacks
US9866381B2 (en) Conditional entitlement processing for obtaining a control word
KR101277418B1 (en) Method to upgrade content encryption
US7039816B2 (en) Using smartcards or other cryptographic modules for enabling connected devices to access encrypted audio and visual content
US7783897B2 (en) Programmable logic device
US20130262869A1 (en) Control word protection
US8914647B2 (en) Method and system for protecting data
EP1768408A1 (en) Integrated circuit, method and system restricting use of decryption keys using encrypted digital signatures
US11308242B2 (en) Method for protecting encrypted control word, hardware security module, main chip and terminal
US20070253551A1 (en) Portable Security Module Pairing
US9026800B2 (en) Method and system for allowing customer or third party testing of secure programmable code
US10411900B2 (en) Control word protection method for conditional access system
EP1978467A1 (en) Integrated circuit and method for secure execution of software
KR20110097683A (en) Disabling a cleartext control word loading mechanism in a conditional access system

Legal Events

Date Code Title Description
AS Assignment

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH CAROLINA

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001

Effective date: 20160201

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001

Effective date: 20160201

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD., SINGAPORE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001

Effective date: 20170120

Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001

Effective date: 20170120

AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:041712/0001

Effective date: 20170119