US2020068174A1PendingUtilityA1

Method and apparatus for supporting multiple broadcasters independently using a single conditional access system

53
Assignee: VERIMATRIXPriority: Oct 18, 2004Filed: Oct 31, 2019Published: Feb 27, 2020
Est. expiryOct 18, 2024(expired)· nominal 20-yr term from priority
G06F 2221/2105G06F 2221/2153G06F 2221/2141G06F 2221/2107G06F 21/74H04N 21/4181H04N 7/1675H04N 21/26606H04N 7/163H04N 21/4367H04N 21/25866H04N 21/42684H04N 21/2543H04N 21/472H04N 7/165H04N 7/17318G06F 21/1012G06F 21/109
53
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method of enabling of communication of encrypted data from a plurality of data providers to a plurality of devices in a network, each encrypted media program decryptable by a first device module securely communicating with a second device module according to a pairing key associated with one of the plurality of devices, comprising the steps of:
 transmitting a first service enabling request comprising an identification of the one of the plurality of devices;   receiving a first encrypted version of the pairing key E S     1   [K p ], the first encrypted version of the pairing key E S     1   [K p ] decryptable by first information S 1  securely stored in the first device module of the one of the plurality of devices;   encrypting the pairing key with second information S 2  to generate a second encrypted version of the pairing key K P , the second encrypted version of the pairing key E S     1   [K p ] decryptable by the second information S 2  securely stored in the second device module; and   transmitting the first encrypted version of the pairing key E S     1   [K p ] and the second encrypted version of the pairing key E S     1   [K p ] to the one of the plurality of devices;   wherein at least one of the first information S 1  and the second information S 2  is derived from a hardware root of trust stored in at least one of the first device module and the second device module.   
     
     
         2 . The method of  claim 1 , wherein the hardware root of trust is a secret one-time programmably stored in at least one of the first device module and the second device module. 
     
     
         3 . The method of  claim 1 , wherein:
 the first information S 1  is derived from a first secret one time programmably stored in the first device module and first deriving information.   
     
     
         4 . The method of  claim 3 , wherein:
 the first deriving information comprises a plurality of instructions stored in the first device module.   
     
     
         5 . The method of  claim 4 , wherein:
 the first deriving information further comprises a key.   
     
     
         6 . The method of  claim 5 , wherein:
 the key is a security provider-unique one time programmable value known only to the security provider.   
     
     
         7 . The method of  claim 3 , wherein the first deriving information is remotely downloaded to the first device module. 
     
     
         8 . The method of  claim 1 , wherein the data is encrypted according to an encrypted control word E[CW], and the method further comprising the steps of:
 decrypting the first encrypted version of the pairing key E S     1   [K p ] in the first device module;   decrypting the second encrypted version of the pairing key E S     2   [K p ] in the second device module;   decrypting the encrypted control word E[CW] in the second device module;   re-encrypting the decrypted control word CW according to the decrypted second encrypted version of the pairing key;   providing the re-encrypted control word E K     p   [CW] from the second device module to the first device module; and   decrypting the re-encrypted control word E K     p   [CW] using the decrypted first encrypted version of the pairing key K.   
     
     
         9 . The method of  claim 1 , wherein the first service enabling request is for one service from the one of the plurality of data providers. 
     
     
         10 . The method of  claim 1 , wherein the first service enabling request is for a plurality of services from the one of the plurality of data providers. 
     
     
         11 . A system for enabling of communication of encrypted data from a plurality of independent data providers to a plurality of devices in a network, each encrypted media program decryptable by a first device module securely communicating with a second device module according to a pairing key K p  associated with one of the plurality of devices, the system comprising:
 a processor;   a memory, communicatively coupled to the processor, the memory comprising processor instructions including instructions for providing a first encrypted version of the pairing key E S     1   [K p ] in response to a service enabling request from one of the plurality of data providers, the service enabling request having an identification of one of the plurality of devices; and   wherein:   the first encrypted version of the pairing key E S     1   [K p ] is decryptable by first information S 1  stored in the first device module; and   the first information S 1  is derived from a hardware root of trust stored in at least one of the first device module and the second device module.   
     
     
         12 . The system of  claim 11 , wherein the hardware root of trust is a secret one-time programmably stored in at least one of the first device module and the second device module. 
     
     
         13 . The system of  claim 11 , wherein:
 the first information S 1  is derived from a first secret one time programmably stored in the first device module and first deriving information.   
     
     
         14 . The system of  claim 13 , wherein:
 the first deriving information comprises a plurality of device instructions stored in the first device module.   
     
     
         15 . The system of  claim 14 , wherein:
 the first deriving information further comprises a key.   
     
     
         16 . The system of  claim 15 , wherein:
 the key is a security provider-unique one time programmable value known only to the security provider.   
     
     
         17 . The system of  claim 13 , wherein the first deriving information is remotely downloaded to the first device module. 
     
     
         18 . The system of  claim 11 , wherein a first encrypted version of a different pairing key is provided for each service requested from the one of the plurality of data providers to the one of the plurality of devices. 
     
     
         19 . The system of  claim 11 , wherein a first encrypted version of the same pairing key for every service requested is provided from the one of the plurality of data providers to the one of the plurality of devices. 
     
     
         20 . The system of  claim 11 , wherein:
 the first device module receives the first encrypted version E S     1   [K p ] of the pairing key K p  and a second encrypted version of the pairing key E S     2   [K p ] from the one of the plurality of data providers, the second encrypted version of the pairing key E S     1   [K P ] being generated by the one of the plurality of data providers and decryptable by second information S 2  stored in the second device module.   
     
     
         21 . An apparatus for enabling of communication of encrypted data from a plurality of independent data providers to a plurality of devices in a network, each encrypted media program decryptable by a first device module securely communicating with a second device module according to a pairing key associated with one of the plurality of devices, the apparatus comprising:
 means for transmitting a service enabling request from one of the plurality of data providers, the request comprising an identification of the one of the plurality of devices;   means for receiving a first encrypted version of the pairing key E S     1   [K p ], the first encrypted version of the pairing key E S     1   [K p ] decryptable by first information S 1  securely stored in the first device module of the one of the plurality of devices;   means for encrypting the pairing key with second information S 2  to generate a second encrypted version of the pairing key K p , the second encrypted version of the pairing key E S     2   [K p ] decryptable by the second information S 2  securely stored in the second device module; and   means for transmitting the first encrypted version of the pairing key E S     1   [K p ] and the second encrypted version of the pairing key E S     1   [K p ] to the one of the plurality of devices;   wherein at least one of the first information S 1  and the second information S 2  is derived from a hardware root of trust stored in at least one of the first device module and the second device module.   
     
     
         22 . The apparatus of  claim 21 , wherein the hardware root of trust is a secret one-time programmably stored in at least one of the first device module and the second device module. 
     
     
         23 . The apparatus of  claim 21 , wherein:
 the first information S 1  is derived from a first secret one time programmably stored in the first device module and first deriving information.   
     
     
         24 . The apparatus of  claim 23 , wherein:
 the first deriving information comprises a plurality of instructions stored in the first device module.   
     
     
         25 . The apparatus of  claim 24 , wherein:
 the first deriving information further comprises a key.   
     
     
         26 . The apparatus of  claim 25 , wherein:
 the key is a security provider-unique one time programmable value known only to the security provider.   
     
     
         27 . The apparatus of  claim 23 , wherein the first deriving information is remotely downloaded to the first device module. 
     
     
         28 . The apparatus of  claim 21 , wherein the data is encrypted according to an encrypted control word E[CW] , and the apparatus further comprises:
 means for decrypting the first encrypted version of the pairing key E S     1   [K p ] in the first device module;   means for decrypting the second encrypted version of the pairing key E S     1   [K p ] in the second device module;   means for decrypting the encrypted control word E[CW] in the second device module;   means for re-encrypting the decrypted control word CW according to the decrypted second encrypted version of the pairing key;   means for providing the re-encrypted control word E K     p   [CW] from the second device module to the first device module; and   means for decrypting the re-encrypted control word E K     p   [CW] using the decrypted first encrypted version of the pairing key K p .   
     
     
         29 . The apparatus of  claim 21 , wherein the first service enabling request is for one service from the one of the plurality of data providers. 
     
     
         30 . The apparatus of  claim 21 , wherein the first service enabling request is for a plurality of services from the one of the plurality of data providers.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.