WO2002039661A2 - Data scrambling system for a shared transmission medium - Google Patents
Data scrambling system for a shared transmission medium Download PDFInfo
- Publication number
- WO2002039661A2 WO2002039661A2 PCT/US2001/046461 US0146461W WO0239661A2 WO 2002039661 A2 WO2002039661 A2 WO 2002039661A2 US 0146461 W US0146461 W US 0146461W WO 0239661 A2 WO0239661 A2 WO 0239661A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- client modem
- key
- communication
- server
- seed
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
- H04N21/4408—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/426—Internal components of the client ; Characteristics thereof
- H04N21/42676—Internal components of the client ; Characteristics thereof for modulating an analogue carrier signal to encode digital information or demodulating it to decode digital information, e.g. ADSL or cable modem
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/0001—Systems modifying transmission characteristics according to link quality, e.g. power backoff
- H04L1/0023—Systems modifying transmission characteristics according to link quality, e.g. power backoff characterised by the signalling
- H04L1/0026—Transmission of channel quality indication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/238—Interfacing the downstream path of the transmission network, e.g. adapting the transmission rate of a video stream to network bandwidth; Processing of multiplex streams
- H04N21/2389—Multiplex stream processing, e.g. multiplex stream encrypting
- H04N21/23895—Multiplex stream processing, e.g. multiplex stream encrypting involving multiplex stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/426—Internal components of the client ; Characteristics thereof
- H04N21/42684—Client identification by a unique number or address, e.g. serial number, MAC address, socket ID
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/637—Control signals issued by the client directed to the server or network components
- H04N21/6377—Control signals issued by the client directed to the server or network components directed to server
- H04N21/63775—Control signals issued by the client directed to the server or network components directed to server for uploading keys, e.g. for a client to communicate its public key to the server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
Definitions
- the present invention adds to the field of data communications. More particularly the invention is one of the ongoing improvements in the area of data communications addressing the use of tree and branch coax distribution systems for upstream and downstream data communication between a hub-server and a set of two or more client modems.
- the client modems are adapted to allow a plug and play connection or other easy connection between a laptop and the tree and branch network.
- the tree and branch network is preferably connected to the Internet.
- the present invention can be used in a hotel or Multiple Dwelling Units (MDU's) or analogous buildings to allow plug and play access to the Internet over existing coax television networks.
- MDU's Multiple Dwelling Units
- the '845 application describes a system that allows the connection of devices such as personal computers to special modems that connect to a legacy tree and branch coax network in a hotel, Multiple Dwelling Units (MDUs), or analogous building.
- the system described used one frequency range bandwidth in two ranges outside of the range used for cable TV.
- the system would have one frequency range for a downstream channel and one frequency range for an upstream channel.
- all communications heading downstream must identify which modem device (or devices) are being addressed since all modem devices will receive the communication.
- the communication from the many individual modem devices to the upstream end of the network must be controlled so that only one modem device is sending an upstream communication at any one time in order to avoid bus contention.
- Figure 1 can be subdivided into four clusters of components.
- the first cluster is Cable-TV Headend equipment 10.
- the second cluster is the Hybrid Fiber-coax (HFC) Distribution Network 20.
- the third cluster is the premises coax distribution equipment 30 which could exist in either an MDU or an analogous situation such as a hotel.
- the final cluster is the cluster of equipment in the user's room 40.
- Clusters 30 and 40 contain elements of the present invention.
- the Cable-TV headend and the Internet are the upstream end of Figure 1 for cable TV and IP data respectively.
- the television set or computer in the user's room are the downstream points.
- Upstream data transmissions travel upstream towards the upstream end.
- Downstream transmissions travel downstream towards the downstream end.
- a component on a data path receives a downstream data transmission from its upstream end and an upstream data transmission from its downstream end.
- a cable TV signal is provided to the HFC distribution network 20.
- Digital communication signals from Internet 15 travel through Cable-TV Headend equipment 10 to the HFC Distribution Network 20.
- the description of selected elements of the Cable-TV Headend is to provide context for the present invention and does not constitute a limitation or required elements for the present invention.
- the incoming signal from the HFC Distribution Network 20 is carried on cable 31 to joiner device 32.
- the joiner device 32 is connected to the input of TV Channel Amplifier 33.
- the Output of TV Channel Amplifier 33 is passed to a second joiner device 34 and then to set of one or more joiner devices forming the tree and branch distribution network 50 terminating at a series of TV coax Receptacles (not shown).
- the technology for tree and branch networks suitable to distribute Cable TV signals is well known to those of skill in the art.
- the tree and branch network 50 is shown with just a few joiner devices and connecting cables rather than the full set of components for a tree and branch network.
- Joiner devices 32 and 34 form a bypass around the TV Channel Amp 33.
- This bypass loop has a cable modem 35 at the upstream end and data hub 36 ("hub") (also called the "server") at the downstream end of the bypass loop.
- the server 36 is comprised of a number of components shown here as RP modem 37, protocol converter 38, and NIC unit 39. The operation of these components was described in the '845 application and does not need to be repeated here.
- a coax tree and branch network 50 connects the head end 42 of the tree and branch network to a set of splitter devices.
- a partial set of splitter devices is shown in Figure 1 as splitters 52, 54, and 56.
- the signal at head end 42 is present at the input to client modem devices 60, 62, 64, 66, 68, and 70.
- Output jacks on the client modem devices allow for connection of televisions (71, 75, 80, 84, 86, and 90), devices such as personal computers (72, 81, 87, and 92), and telephones (74, 77, 78, 82, 85, and 88).
- two telephones 77 and 78 are connected to modem device 64.
- Each of the two telephones is connected to its own telephone port.
- this signal can be taken from an external diplexer positioned upstream of the modem device rather than as shown from an output on the modem device. Note elements 94 and 96 will be discussed below.
- the '845 application includes an RF coax transmission system in which all information flowing downstream (from 42 to the client modem devices 60, 62, 64, 66, 68, and 70) is formatted according to DVB/MPEG-2 structure to facilitate multimedia applications.
- DVB/MPEG-2 structure to facilitate multimedia applications.
- the preferred formats for use in the downstream and upstream transmissions in a particular coaXmedia system are illustrated in Figure 2.
- the downstream transmission frame 100 is a 204-byte MPEG/DVB frame.
- the downstream transmission frame 100 is comprised of: a SYNC byte 104 (of value 47 hex for frame or packet start identification and B8 hex, i.e. inverted 47 hex for multi-frame identification); followed by two bytes used by MPEG2 for packet identification 108 ("PID"); followed by an additional byte reserved for packet type identification 112. a payload of 184 bytes; and a FEC field 120 of 16 bytes.
- the FEC field 120 is followed by a SYNC byte 104 from the next frame.
- Any downstream data (whether IP, voice, video, etc.) is placed in one or more data sub-packets 130.
- One or more data sub-packets are carried in the MPEG frame payload 116.
- the specific organization of the data-sub packets is not important to this invention but the data sub-packets are generally comprised of a sub-packet header 134 and a sub-packet payload 136.
- the sub-packet header contains the address of the target and several control fields.
- the address used for the target could be the MAC address of the client modem, a sub-portion of the MAC address, a nickname for a client modem, a broadcast group address, or other form of address so that the client modem can recognize which sub-packets are addressed to that client modem.
- the sub-packet payload contains a CRC value 140 appended at the end of the data 138 within the sub-packet payload 136.
- the upstream data frame 150 is comprised of: an 8-byte preamble 152; a SYNC byte 154; and a data packet 160.
- the specifics of the data packet are not important but can be usefully divided into a data packet header 166 and a data packet payload 168.
- the data packet payload 168 is of variable length and contains a CRC value 170.
- Figure 1 includes idle periods 180.
- the upstream data header 166 contains control fields to communicate the length of the variable payload and to identify the type of transmission.
- the particular system used by coaXmedia uses a polling scheme to grant time slots for the client modems (60, 62, 64, 66, 68, and 70) to use the upstream channel for communication to the server 36.
- the client modems 60, 62, 64, 66, 68, and 70
- the upstream data header 166 would be likely to include a source address.
- downstream and upstream Data flow downstream and upstream is concurrent, as both use unique frequencies to transmit their data.
- the downstream communications from server to client modem may be at a first frequency channel with the upstream data traveling on a second frequency channel.
- client modems listening to the first channel and speaking on the second channel cannot decode messages sent by other client modems as the client modem is not equipped to decode messages on the second channel.
- Figure 1 includes unauthorized device 94 connected to the tree and branch network 50 between splitter 54 and authorized client modem 70.
- connection is not important to the present invention.
- the concern is that any connection to the tree and branch network would have access to all downstream communication to all connected computers (72, 81, 87, and 92).
- the operation of a tree and branch network works against the eavesdropping on the entire range of upstream communications. Even if unauthorized device 94 attempted to listen to upstream communications from client modems to the server 36 on the upstream channel, this would be difficult as the standard technology for tree and branch networks will attenuate upstream signals on parallel branches. The degree of attenuation grows with the number of splitter devices that must be traversed between the transmitting client modem and the unauthorized device 94.
- unauthorized device 94 might receive a strong signal on the upstream channel from communications originating at client modem 70, communications on the upstream channel from client modem 66 would be attenuated. Communications on the upstream channel from client modem 64 would be further attenuated as that client modem is separated by two splitter devices (52 and 54) from unauthorized device 94.
- the '845 application recognized that users would prefer a system with additional security.
- the '845 application addressed this desire by suggesting that different client modems use different randomization sequences for DVB spectral shaping. This variation between the randomization sequences used by various client modems would add to the complexity faces by anyone attempting to intercept communications.
- the '845 application contained teachings that the sequence start points for each client modem and for each direction could be varied.
- the communication of the information to initiate the DVB spectral shaping could be sent under a secure communication, such as an encrypted session with a public key/private key or other means known to those of skill in the art.
- Implementation of the method suggested in the '845 application would preclude the use of some mass produced DVB randomization devices that do not allow the individualization of the DVB sequence or sequence start point.
- the establishment of a secure connection using conventional techniques such as public key/private key encryptions would require that the client modem have additional capabilities to support these brief encrypted sessions.
- the encrypted sessions to pass the information needed to individualize the DVB randomization would impose a delay on the process to add a client modem into the network.
- the '845 does not pass either a new sequence start point or new modification to randomization sequence once the client modem has been added to the network.
- the DVB randomization process continues along a set sequence after receiving the initial randomization sequence and/or sequence start point.
- An objective of the present invention is to provide for added security for transporting upstream and downstream data between the client and the server.
- Another objective of the present invention is to greatly increase the difficulty in obtaining access to downstream data by making it necessary for eavesdroppers to access information on the upstream channel in order to eavesdrop on the downstream channel.
- Yet another objective of the present invention is to increase the difficulty in obtaining access to downstream data without requiring significant additions to the hardware required at the client modem.
- the present invention is directed to various methods of providing additional security to communications over a shared transmission media. More specifically, the present invention provides a method to use scrambling seeds that are based on keys that are preferably passed in scrambled communications.
- a preferred embodiment of the present invention provides a method of sharing one new key with each upstream transmission from a client modem and one new key with each downstream transmission to that client modem to provide two scrambling seeds based on the keys for each transmission between the client modem and the server.
- the present application teaches a method of initializing the process to pass the keys under an individualized but static seed and a modification to address the need to send multicast messages under an individualized but static regime.
- Figure 1 shows network topology for a system that can use the present invention including a tree and branch network connected to a series of client modem devices, where the client modem devices are connected to combinations of televisions, devices such as personal computers, and telephones.
- Figure 2 shows downstream and upstream transmission formats used in this disclosure to illustrate certain embodiments of the present invention.
- Figure 3 is a conceptual drawing showing the process of scrambling and unscrambling a portion of a binary message.
- Figure 4 is a conceptual drawing showing various logical components involved in the sequence of events set forth in Table A.
- DVB randomization is sometimes called DVB scrambling.
- traditional DVB randomization is not scrambling in the sense that it is intended to increase security.
- Traditional DVB randomization is done through a standard process in order to improve the transmission of data to make it easier to receive the transmitted information without transmission errors.
- the unauthorized device 94 chooses to capture downstream transmissions for a communication session with device 72 addressed to client modem 60 these communications can be read by device 96 after the unauthorized device 94 passes the data communications them through the standard DVB sequence to reverse the DVB randomization for spectral shaping.
- a current MPEG/DVB protocol excludes the FEC field from DVB randomization.
- the traditional DVB randomization process is part of the transmission process and is described in this specification as part of the context for this invention.
- the present invention does not require DVB randomization.
- the present invention can be combined with the alternative method of DVB randomization suggested in the '845 application to provide additional layers of security.
- the improved method calls for both upstream and downstream data to be scrambled twice for security.
- the preferred embodiment adds two levels of scrambling/un-scrambling for selected portions of the communication
- the disclosure shows a method for adding just one additional level of scrambling/un-scrambling.
- One of skill in the art would be able to make minor modifications to the disclosed invention to add more than two levels of additional scrambling/un-scrambling operations.
- a sub-packet 130 sent downstream is composed of the data sub-packet header 134 and an optional sub-packet payload 136 comprising the sub-packet data 138 and the sub-packet CRC field 140.
- the downstream coaXmedia header is comprised of the target device address and several control fields.
- the purpose of the scrambling is to protect the sub-packet data 138. Thus, these bits receive the scrambling for security purposes.
- the CRC field 140 also receives the scrambling.
- some control fields of the sub-packet header also receive the scrambling.
- the upstream message would be sent with the data packet payload 168 scrambled.
- some or all of the data packet header 166 would also be scrambled. Scrambling some or all of the header would add an additional obstacle to those attempting to decipher the transmission since the length of the variable length payload would be scrambled.
- the upstream transmission has padding to achieve a minimum transmission length. Thus, the lack of a non-scrambled length indicator would make it difficult to discern the end of data and the start of padding.
- a Pseudo Random Binary Sequence (“PRBS”) generator is used to scramble the data at the transmitter and to unscramble the data at the receiver.
- PRBS Pseudo Random Binary Sequence
- One suitable generator is a linear feedback shift register known to those of skill in the art.
- the PRBS generator starts with a seed value and then performs a series of manipulations on individual bits or sets of bits in the seed value. This process will then provide a repeatable sequence of pseudo random numbers.
- a well-designed linear feedback shift register will have a sequence of numbers that equals the 2 to N power where N is the size of the shift register.
- One typical use of a feedback shift register to scramble bits is to provide the feedback shift register with a seed value and then have the feedback shift register perform its manipulation of the register contents to move to the next number in the sequence.
- a particular bit from the feedback shift register is used in an exclusive OR operation with the first bit to be scrambled.
- the output of the exclusive OR becomes the replacement for the bit to be scrambled.
- the scrambled output is either equal to the value in the unscrambled bit or it is inverted.
- the feedback shift register performs its manipulations of the register contents and then performs an exclusive OR operation on the next bit to be scrambled. At the receiving end, the process can be repeated. If a corresponding feedback shift register and identical seed is used, the scrambled message undergoes the same pattern of inversions and no inversions on the individual bits so that the received message after unscrambling is the same as the sent message before it was scrambled.
- non-scrambled message 204 undergoes a bit by bit exclusive OR operation 206 with a sequence of bits 208 generated by the feedback shift register.
- the resulting sequence of scrambled bits is sent as part of scrambled message 212.
- a feedback shift register performing the same internal manipulation for the same number of iterations after receiving the same seed as used at the transmit end will generate a sequence of bits 216 at the receive end. Repetition of the bit by bit exclusive OR operation 206 with the received scrambled message yields a received unscrambled message 220 that matches the non-scrambled send message 204.
- One of the problems overcome by the present invention is the need to synchronize both ends of the link (client modem and server) with a scrambling seed (initial contents) that can be used in the PRBS generator without allowing other client modems or an unauthorized device 94 to have easy access to the seed.
- the actual seed is not passed but a key that is used to generate the seed.
- a seed is the actual value fed to the scrambling device and the seed is a function of a key (including the trivial case where the seed equals the key).
- the key must remain confidential to protect the scrambled data and yet must be passed between the client modem and the server so that each will be able to un-scramble the incoming scrambled communications.
- a solution to synchronizing both ends is to allow each client modem the ability to pick its own key and pass the key to the server in the upstream channel.
- the upstream channel (client modem to server) is in a different frequency band than the downstream channel and is not receivable by any other client modems. Therefore, this precludes one client modem from listening in on another client modem's upstream message and key by the fact that it is incapable of receiving any upstream RF channel.
- the use of the upstream channel adds technical difficulty to any attempt to eavesdrop on downstream data transmissions, even if there is unauthorized listening on the upstream channel. These problems include the attenuation that would be present in attempts to listen to remote branches and the need to decipher upstream transmission in order to eavesdrop on downstream transmissions.
- the sequence of events for the preferred embodiment is as set forth below.
- Table A provides a summary of the sequence steps. (Table A is located after the Glossary and before the Claims.)
- Figure 4 illustrates the relationship between logical components in the system to perform the various steps. The actual physical layout may differ from Figure 4 as one or more logical functions may be performed by one physical device. In order to reduce the length of the names of various components, US will represent Upstream and DS will replace Downstream. Figure 4 does not include other functions performed at the server 36 or at the client modem 70 that are not relevant to the discussion of the present invention.
- a predetermined default seed word will be used for both the upstream and downstream scrambler.
- the seed will be based on the MAC ID for each client modem, although other values could be used to generate the seeds if the values were made known to both the client modem and the server. While the entire MAC ID could be used within the spirit of the present invention, it is likely that a shorter seed based on the MAC ID will be used. Since the seeds will be based on the MAC ID, this will mean each client will have a unique scrambling sequence at power-up.
- the MAC ID for an individual client modem can be made known to the server by keying the MAC ID with a keyboard connected to the server when the client modem is added as an authorized device.
- a frame containing one or more sub-packets destined for delivery to one or more client modem arrives in DS Data Buffer 508.
- the sub-packets receive CRC values 140 calculated at CRC Calculator 510 based on a portion of the sub-packet.
- CRC values are one of the well-known methods of providing a transmission check word. Transmission check words are used to detect whether the transmission process altered the communication. Ideally, all altered communications are detected and discarded. By calculating a transmission check word and sending it with the transmission, the integrity of the transmission process can be checked by calculating the transmission check word on the relevant portion of the received communication and checking this value against the transmitted value of the transmission check word.
- CRC values are sent as a means for detecting an error in the transmission process. A CRC calculation is performed on the received data and the data is discarded if the CRC value for the received data does not match the sent CRC value.
- a seed can be sent from the key generator 516 to the DS Layer2 Scrambling block 520.
- the outgoing downstream message can be scrambled based on a seed fed to the feedback shift register where the seed is a known variation of the client modem MAC address.
- the message sent to the client modem will receive a first level of scrambling using a seed based on the MAC ID.
- the portion of the sub-packet that is scrambled can be the sub-packet payload 136 or the payload plus some of the control fields of the sub-packet header 134.
- one field in the sub-packet header 134 can be used to indicate that the message is using the MAC ID based seed as the scrambling seed. If this option is selected, then this portion of the sub-packet header 134 should not receive scrambling so that this field can be read before any attempt to unscramble the levels of scrambling.
- the use of the MAC ID based seed could be the default seed to use to unscramble messages if the client modem does not have another seed value or if the last received seed value does not provide an unscrambled message that matches the transmitted CRC code.
- this process is repeated at DS Level 1 Scrambling 524.
- the seed is based on the MAC ID for the targeted client modem and this information is passed to block 524 from the Key Generator 516.
- this second set of scrambling based on the MAC ID would not be the same as. the first set of scrambling (else it would un-do the first set).
- the difference in scrambling could be achieved by using a different way to calculate the seed based on the target client modem MAC ID.
- the difference in scrambling could be achieved by having differences in the operation of the two feedback shift registers or having differences in both the feedback shift registers and the ways the seeds are calculated.
- the system could operate initially with just one level of scrambling at either block 520 or block 524.
- Conventional DVB randomization for spectral shaping is added by DS DVB
- Randomization block 528 The message is modulated and transmitted to the client modems on the downstream channel.
- each client modem receives the message and reverse the RF modulation.
- each client modem removes the DVB randomization as represented by block 632.
- the client modem reads a field within the header of the sub-packet that indicates that the client modem must use its MAC ID as the basis for both of the seeds to unscramble the scrambled information.
- unscrambling is performed sequentially in DS Layerl Scrambling block 636 and DS Layer2 Scrambling block 640.
- a CRC value is calculated at CRC Verify 614.
- the message in the DS Data Buffer 608 is retained and used. If not, then the message is discarded.
- the client formulates its response (such as I have no data to send or the initiation of the process of transmitting data from the client modem). A response is created and placed in a frame that is placed in the US Data Buffer 612.
- a CRC value 170 is calculated at the CRC Calc block 610 and added to the upstream packet.
- the CRC value is passed to the Seed / Key Generator 616 for future use in STEPS 434 and 440.
- the client modem performs scrambling at first at US Layer2 Scrambling 620 and again at US Layerl Scrambling 624 using a seed based on the MAC ID of the client modem. As discussed above, the two scrambling operations will use different ways to calculate the MAC ID based seeds, will manipulate the seeds differently in the feedback shift registers, or will do both.
- a portion of the upstream data packet header 166 will receive the scrambling and a non-scrambled field will inform the server whether this upstream transmission is using the scrambling based on the MAC ID.
- the use of this field is not required in the preferred embodiment as the server interprets a response from the client modem as the next logical step in the initialization sequence and acts accordingly.
- the server only the server initiates a new attempt to connect with the client modem. Thus, it is only the client modem that must ascertain whether a communication is a continuation of a previous sequence of communications or a restart.
- US DVB Randomization is added at block 632 and the frame is sent out with RF modulation on the upstream channel.
- the server receives the frame and demodulates it.
- the US DVB Randomization is removed at block 532.
- the US Layerl Scrambling is removed at block 536 with a seed based on the MAC ID of the client modem.
- a second round of unscrambling occurs at block 540. Again, a seed based on the
- the sent CRC code 170 is checked against a CRC code calculated based on the received data packet in the CRC Verify block 514. If the CRC codes match, then the data packet is accepted and the CRC code is sent to the Key Generator 516 for subsequent use as a key for a seed value. If the CRC codes do not match then the received data packet is discarded.
- STEP 430 the process of sending downstream sub-packets is repeated.
- a random number generated by the Key Generator 516 is added to the data payload of the downstream data sub-packet at the CRC Calc block 510 before the CRC value 140 is again calculated in the CRC Calc block 510.
- An initial level of scrambling based on the MAC ID occurs at the DS Layer2 Scrambling block 520.
- DS Layerl Scrambling is added at block 524 using a seed based on the most recent CRC code from the last upstream data packet received from the target client modem.
- the process of receiving downstream sub-packets is repeated in each client modem.
- the DS DVB Randomization is removed at block 632
- the DS Layerl Scrambling is removed at block 636 using a seed based on the last CRC code for the last upstream transmission from that client modem.
- the client modem reads a non-scrambled field in the downstream data sub-packet indicating that the downstream sub-packet is scrambled with combination of a CRC code based seed and a MAC ID based seed.
- This field value tells the client modem that the last CRC code was received correctly by the server and that it should use the last upstream CRC code 170 as the key for the seed to scramble the next upstream message, which in turn passes a new CRC value.
- the scrambling based on the MAC ID based seeds is removed- in DS Layer2 Scrambling block 640.
- the unscrambled data sub-packet is used to generate another CRC value in the CRC Verify block 614. For all but one client modem this will not lead to an unscrambled data packet with a correct downstream CRC code 170 that matches the CRC code generated for the received data and a downstream address associated with that client modem. Thus, all but one client modem will discard the data sub-packet.
- the targeted client modem will correctly unscramble the data sub-packet and find that both the CRC code and the address are good.
- the CRC Verify block 614 will then pass the received random number to the Key Generator 616.
- STEP 440 repeats the process of sending a data packet upstream.
- a new CRC code 170 is generated at the CRC Calc block 610 and placed in the upstream data packet 160.
- the upstream data packet is scrambled in US Layer2 Scrambling block 620 with a seed based on the random number key received in the last downstream transmission.
- the scrambled data packet is scrambled again at the US Layerl Scrambling block 624 using a seed based on the CRC code from the previous upstream data packet.
- US DVB Randomization is added at block 628.
- STEP 444 repeats the process of receiving an upstream transmission.
- US DVB Randomization is removed in block 532
- the US Layerl Scrambling is removed in block 536 with the seed based on the CRC code of the previous upstream transmission from that particular client modem.
- the US Layer2 scrambling is removed at block 540 with the seed based on the random number key passed with the last downstream transmission to that particular client modem.
- the sent CRC code 170 is checked against a CRC code calculated based on the received data packet in the CRC Verify block 514. If the CRC codes match, then the data packet is accepted and the CRC code is sent to the Key Generator 516 for subsequent use as a seed value. If the CRC codes do not match then the received data packet is discarded.
- STEP 450 repeats the process of sending sub-packets downstream.
- a new random number is generated at the Seed / Key Generator 516 and passed to the CRC Calc block 510 to be inserted into the data portion of each downstream sub-packet before the CRC value 140 is calculated and added to the downstream sub-packets 130.
- the random number is stored in the Key Generator 516 for use in unscrambling the next upstream transmission from this particular client modem.
- DS Layer2 Scrambling occurs at block 520 using a seed based on the random number previously sent to the targeted client modem.
- DS Layerl Scrambling occurs at block 524 using a seed based on the most recent CRC code from the last upstream transmission from the targeted client modem.
- STEP 454 repeats the process of receiving a downstream transmission.
- the DS Layerl Scrambling is removed correctly in block 640 for the targeted client modem through use of a seed based on the CRC code for the last upstream transmission from that client modem.
- the DS Layer2 Scrambling is removed correctly in block 636 through use of a seed based on the previously sent random number.
- the new random number sent by the server will be taken from a properly unscrambled message in the Calc Verify block 614 and stored in the Seed / Key Generator 616.
- STEP 460 the process continues with US Layerl Scrambling based on the most recent upstream CRC code from that particular modem and US Layer2 Scrambling based on the most recent random number sent by the server to that particular client modem. This process will continue until there is some interruption that causes the process to be restarted with the use of the MAC ID based seed.
- the server must maintain the relevant random numbers and CRC codes for each of the client modems.
- a variation of the preferred embodiment would be to have seeds based on manipulation of a sequence of keys.
- the key for the DS Layerl Scrambling could be based on a number of the least significant bits of the sum of the last six stored CRC values for a particular client modem.
- a set of CRC values and random numbers could be accumulated for a particular client modem before switching from the MAC ID based seeds. This accumulation of values would allow the use of a lag between the transmission of a CRC value or a random number and its use.
- Restarting Restarting would be necessary after the server 36 has received a seed from a client modem, if later the server sent the client modem a poll message or transmitted a packet and did not receive a reply from the client modem. In such a situation, the server will immediately return to using the power-up scrambling seeds, which in this case are based on the MAC ID.
- the downstream data sub-packet would have the relevant header field indicating that the MAC ID based seeds were used for that packet and this would tell the client modems to use the MAC ID based seeds.
- the process will briefly return to using the MAC ID seeds to reinitiate the communications.
- the upstream message is contaminated, the server will briefly return to using the MAC ID seeds to reinitiate the communications.
- a preferred embodiment has an added nuance to prevent the scrambling from being initialized with an all zeros seed. (Some feedback shift registers do not effectively change an all zero seed.) One way of preventing an all zero seed is to make the actual scrambler seed at least one bit longer than the fed seed. The extra bit would always be set to one so that the seed used for scrambling is always initialized with a non-zero number. The use of feedback shift registers that alter an all zero seed or the use of seed and key generators that do not generate seeds of all zero are other ways of preventing problems from an all zero seed.
- the novel method can be adapted in a wide variety of ways by those of skill in the art.
- the preferred embodiment uses two levels of scrambling.
- One of skill in the art could use the steps set forth above to initiate one level of scrambling based on the upstream CRC code as set forth above and not add the second level of scrambling based on the server generated random number.
- server generated random number could be used as the next step after the scrambling using a MAC ID based seed and use this as the one level of scrambling.
- downstream CRC code 170 would be passed to the Seed / Key Generator 516 instead of passing the random number from the Seed / Key Generator 516 to the CRC Calc block 510.
- the system could be adopted to use the downstream CRC code and a random number generated by the client modem.
- one of skill in the art could choose to deploy the teachings of the present invention with a system that uses a random number generated by the client modem and a random number generated by the server. The downside of using random numbers is this adds to the overhead that must be passed with the data.
- the upstream messages could be scrambled first by the CRC based seed and then by the random number based seed with the downstream messages scrambled first by the random number based seed and then by the CRC based seed.
- a variation of the disclosed invention is to use the disclosed method to improve the method for improved security disclosed in the referenced '845 application by passing keys to modify the sequence start point for the DVB randomization. This could be done in addition to or as an alternative to one of the scrambling stages. This would allow for an improvement over the method suggested in the '845 application in that it would afford dynamic variation of the sequence start point for the DVB randomization.
- Using the disclosed method to provide the DVB sequence start point alleviates the need to establish a secure communication session under traditional methods before passing the sequence start point for the DVB randomization.
- the disclosed invention could be used to pass a static key or a set of dynamic keys to select a particular DVB randomization scheme out of several possible DVB randomization schemes.
- Multicast messages are data packets sent downstream that are sent to a predetermined set of client modems. This could be all of the client modems or some set of one or more. Multicast messages may be used in a variety of applications such as conference calls where more than one telephone needs to receive the signal, broadcast of videos to multiple subscribers, multi-player gaming or other applications. Since the multicast message is usually sent to more than one client, none of the clients can send a response back to the server else the return messages would collide. The data sent downstream must still be scrambled but the seed word cannot be dynamically chosen by the upstream message since the client modems cannot respond to the multicast message.
- the server will generate multicast one or more scrambling seeds for a given multicast group and send the seed or keys for the seeds to each multicast group member client modem via a special message that is inherently protected by the scrambling technique with two levels of scrambling.
- the system could be set to pass two seeds so that the multicast messages are protected by two levels of scrambling. Therefore, the transmissions to the multicast group will be protected by double scrambling but the dynamic and unique packet-to-packet scrambling will not occur.
- a system using multicast messages would tend to not scramble the address portion of the downstream data sub-packet.
- the client modem needs to read the non- scrambled address in order to determine whether to use the regular keys for a message from the server to the client modem or use the special multicast keys for the specific multicast group to generate the seeds to un-scramble the scrambled portion of the communication.
Abstract
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP01989916A EP1334601A2 (en) | 2000-11-08 | 2001-11-08 | Data scrambling system for a shared transmission medium |
JP2002541861A JP2004523937A (en) | 2000-11-08 | 2001-11-08 | Data scrambling system for shared transmission media |
AU2002228799A AU2002228799A1 (en) | 2000-11-08 | 2001-11-08 | Data scrambling system for a shared transmission medium |
CA002425388A CA2425388A1 (en) | 2000-11-08 | 2001-11-08 | Data scrambling system for a shared transmission medium |
MXPA03004031A MXPA03004031A (en) | 2000-11-08 | 2001-11-08 | Data scrambling system for a shared transmission media. |
KR10-2003-7006281A KR20030048464A (en) | 2000-11-08 | 2001-11-08 | Data scrambling system for a shared transmission media |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US24668400P | 2000-11-08 | 2000-11-08 | |
US60/246,684 | 2000-11-08 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2002039661A2 true WO2002039661A2 (en) | 2002-05-16 |
WO2002039661A3 WO2002039661A3 (en) | 2003-02-20 |
Family
ID=22931760
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2001/046461 WO2002039661A2 (en) | 2000-11-08 | 2001-11-08 | Data scrambling system for a shared transmission medium |
Country Status (8)
Country | Link |
---|---|
EP (1) | EP1334601A2 (en) |
JP (1) | JP2004523937A (en) |
KR (1) | KR20030048464A (en) |
CN (1) | CN1473423A (en) |
AU (1) | AU2002228799A1 (en) |
CA (1) | CA2425388A1 (en) |
MX (1) | MXPA03004031A (en) |
WO (1) | WO2002039661A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1517507A1 (en) * | 2003-09-22 | 2005-03-23 | Ricoh Company | Processing and printing devices, methods, program, and recording medium |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1821538A1 (en) * | 2006-02-15 | 2007-08-22 | Irdeto Access B.V. | Method and system providing scrambled content |
KR100923858B1 (en) | 2007-12-04 | 2009-10-28 | 한국전자통신연구원 | Cable network system and method for controlling security in cable network dynamic encrypted multicast session |
CN104158643B (en) | 2008-10-31 | 2017-08-15 | Lg电子株式会社 | The method for sending broadcast singal |
EP3275121B1 (en) | 2015-03-26 | 2020-06-10 | Maxxian Technology Inc. | Systems and methods for detecting and interfering with compromised devices |
KR102463555B1 (en) * | 2018-07-31 | 2022-11-07 | 텔레호낙티에볼라게트 엘엠 에릭슨(피유비엘) | Method, transmitter, structure, transceiver and access point for provision of multicarrier on-off keying signal |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5375169A (en) * | 1993-05-28 | 1994-12-20 | Tecsec, Incorporated | Cryptographic key management method and apparatus |
US5432850A (en) * | 1992-07-02 | 1995-07-11 | Lannet Data Communications Ltd. | Method and apparatus for secure data transmission |
EP0765061A2 (en) * | 1995-09-22 | 1997-03-26 | Hewlett-Packard Company | High-speed data communications modem |
-
2001
- 2001-11-08 CA CA002425388A patent/CA2425388A1/en not_active Abandoned
- 2001-11-08 AU AU2002228799A patent/AU2002228799A1/en not_active Abandoned
- 2001-11-08 CN CNA018185509A patent/CN1473423A/en active Pending
- 2001-11-08 JP JP2002541861A patent/JP2004523937A/en active Pending
- 2001-11-08 EP EP01989916A patent/EP1334601A2/en not_active Withdrawn
- 2001-11-08 MX MXPA03004031A patent/MXPA03004031A/en unknown
- 2001-11-08 KR KR10-2003-7006281A patent/KR20030048464A/en not_active Application Discontinuation
- 2001-11-08 WO PCT/US2001/046461 patent/WO2002039661A2/en not_active Application Discontinuation
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5432850A (en) * | 1992-07-02 | 1995-07-11 | Lannet Data Communications Ltd. | Method and apparatus for secure data transmission |
US5375169A (en) * | 1993-05-28 | 1994-12-20 | Tecsec, Incorporated | Cryptographic key management method and apparatus |
EP0765061A2 (en) * | 1995-09-22 | 1997-03-26 | Hewlett-Packard Company | High-speed data communications modem |
Non-Patent Citations (1)
Title |
---|
SCHNEIER B: "Applied Cryptography, PASSAGE" APPLIED CRYPTOGRAPHY. PROTOCOLS, ALGORITHMS, AND SOURCE CODE IN C, NEW YORK, JOHN WILEY & SONS, US, 1996, pages 372-375, 419, 420, XP002223127 ISBN: 0-471-11709-9 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1517507A1 (en) * | 2003-09-22 | 2005-03-23 | Ricoh Company | Processing and printing devices, methods, program, and recording medium |
US7535586B2 (en) | 2003-09-22 | 2009-05-19 | Ricoh Company, Ltd. | Information processing device, printing device, print data transmission method, printing method, print data transmitting program, and recording medium |
Also Published As
Publication number | Publication date |
---|---|
WO2002039661A3 (en) | 2003-02-20 |
CN1473423A (en) | 2004-02-04 |
AU2002228799A1 (en) | 2002-05-21 |
CA2425388A1 (en) | 2002-05-16 |
EP1334601A2 (en) | 2003-08-13 |
KR20030048464A (en) | 2003-06-19 |
JP2004523937A (en) | 2004-08-05 |
MXPA03004031A (en) | 2004-05-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7308575B2 (en) | Data scrambling system for a shared transmission media | |
US6028933A (en) | Encrypting method and apparatus enabling multiple access for multiple services and multiple transmission modes over a broadband communication network | |
US6891841B2 (en) | Time division multiple access over broadband modulation method and apparatus | |
JP2728342B2 (en) | Terminal device | |
US8498294B1 (en) | Multimedia over coaxial cable access protocol | |
US8891544B1 (en) | Multimedia over coaxial cable access protocol | |
TWI254519B (en) | Time division multiplexing over broadband modulation method and apparatus | |
US7617510B2 (en) | Media network using set-top boxes as nodes | |
US6256321B1 (en) | Information communication network system, central information communication control device and information communication device used in the system, information sending method, and modulation method | |
KR100770485B1 (en) | Automatic resynchronization of crypto-sync information | |
US5841864A (en) | Apparatus and method for authentication and session key exchange in a communication system | |
US6373952B2 (en) | Data transmitting apparatus, data transmitting method, data receiving apparatus, data receiving method, data transmission apparatus, and data transmission method | |
JPH07193566A (en) | Communication method and communication equipment | |
JP2003037832A (en) | Dialogic information service control system | |
JPH11331310A (en) | Data transmission control method and data transmission system | |
JP2000138668A (en) | Encipherment system for packet exchange circuit network based on digital chaos model | |
KR20060008976A (en) | Transmission/reception system | |
US20060048202A1 (en) | Method and apparatus for providing access to data at a consumer location | |
JP4832959B2 (en) | Voice communication terminal device, voice communication control method, and voice communication terminal program | |
CA2331612A1 (en) | Data transfer method with varying packet transmission time interval security protocol | |
WO2002039661A2 (en) | Data scrambling system for a shared transmission medium | |
US20050047449A1 (en) | Individual video encryption system and method | |
Perkins et al. | Two-way broadband CATV-HFC networks: state-of-the-art and future trends | |
EP1499062B1 (en) | Individual video encryption system and method | |
Samarakoon et al. | Encrypted video over TETRA |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ CZ DE DE DK DK DM DZ EC EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2425388 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: PA/a/2003/004031 Country of ref document: MX Ref document number: 1020037006281 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002541861 Country of ref document: JP Ref document number: 018185509 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2001989916 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1020037006281 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2001989916 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2001989916 Country of ref document: EP |