US2020068175A1PendingUtilityA1
Method and apparatus for supporting multiple broadcasters independently using a single conditional access system
Est. expiryOct 18, 2024(expired)· nominal 20-yr term from priority
Inventors:Ronald P. CocchiGregory J. GagnonDennis R. FlahartyMichael A. GormanJacob T. CarsonMatthew A. Skubiszewski
G06F 2221/2105G06F 2221/2141G06F 2221/2153G06F 21/74G06F 2221/2107H04N 21/25866H04N 7/1675H04N 7/165H04N 21/4181H04N 7/163H04N 7/17318H04N 21/4367H04N 21/26606H04N 21/2543H04N 21/42684H04N 21/472G06F 21/1012G06F 21/109
53
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method of brokering an enabling of communication of at least one encrypted service of a group of encrypted services from a plurality of data providers to a plurality of devices, the at least one encrypted service decryptable by a first device module securely communicating with a second device module according to a pairing key associated with a device of the plurality of devices, comprising:
transmitting a first service enabling request for a first service from a data provider of the plurality of data providers to a broker independent from the data provider, the first service enabling request comprising an identification of the device; receiving a first encrypted version of the pairing key E S 1 [K p ] in the data provider from the broker, the first encrypted version of the pairing key E S 1 [K p ] decryptable by first information S 1 securely stored in the first device module of the device; generating a second encrypted version of the pairing key E S 2 [K p ] in the data provider, the second encrypted version of the pairing key E S 2 [K p ] decryptable by second information S 2 securely stored in the second device module; and transmitting the first encrypted version of the pairing key E S 1 [K p ] and the second encrypted version of the pairing key E S 2 [K p ] to the device; wherein each service in the group is enabled by a different pairing key K p .
2 . The method of claim 1 , wherein the first service is selected from a group consisting of:
a general broadcast service from the data provider, including access to a number of media channels as a baseline fee service; particular data from the data provider; and a particular set of data from the data provider.
3 . The method of claim 2 , wherein the service is encrypted according to a control word CW, and the method further comprising
decrypting the first encrypted version of the pairing key E S 1 [K p ] in the first device module; decrypting the second encrypted version of the pairing key E S 2 [K p ] in the second device module; decrypting an encrypted version of the control word E[CW] in the second device module; re-encrypting the decrypted control word CW according to the decrypted second encrypted version of the pairing key; providing the re-encrypted control word E K p [CW] from the second device module to the first device module; and decrypting the re-encrypted control word E K p [CW] using the decrypted first encrypted version of the pairing key K p .
4 . The method of claim 1 , further comprising the steps of:
transmitting a second service enabling request for a second service from the data providers to the broker, the second service enabling request comprising an identification of the device; receiving a first encrypted version of a second pairing key E S 1 [K p 2 ] from the broker, the first encrypted version of the second pairing key E S 1 [K p 2 ] decryptable by the first information S 1 securely stored in the first device module of the device; generating a second encrypted version of the second pairing key E S 2 [K p 2 ], the second encrypted version of the pairing key E S 2 [K p 2 ] decryptable by the second information S 2 securely stored in the second device module; and transmitting the first encrypted version of the second pairing key E S 1 [K p 2 ] and the second encrypted version of the second pairing key E S 1 [K p 2 ] to the device; wherein the second service is different than the first service.
5 . The method of claim 4 , wherein the data is encrypted according to a control word CW and the method further comprises the steps of:
decrypting the first encrypted version of the second pairing key E S 1 [K p 2 ] in the first device module; decrypting the second encrypted version of the second pairing key E S 1 [K p 2 ] in the second device module; decrypting an encrypted version of the control word E[CW] in the second device module; re-encrypting the decrypted control word CW according to the decrypted second encrypted version of the second pairing key K p 2 ; providing the re-encrypted control word
E
K
p
2
[
CW
]
from the second device module to the first device module; and
decrypting the re-encrypted control word E K P2 [CW] using the decrypted first encrypted version of the second pairing key K p 2 .
6 . The method of claim 2 , further comprising the steps of:
transmitting a second service enabling request for a second service from a second data provider of the plurality of data providers to the broker, the request comprising the identification of the device; receiving a first encrypted version of a second pairing key E S 1 [K p 2 ] from the broker, the first encrypted version of the second pairing key E S 1 [K p 2 ] decryptable by the first information S 1 securely stored in the first device module of the device; generating a second encrypted version of the second pairing key E S 2 [K p 2 ], the second encrypted version of the pairing key E S 2 [K p 2 ] decryptable by the second information S 2 securely stored in the second device module; and transmitting the first encrypted version of the second pairing key E S 1 [K p 2 ] and the second encrypted version of the second pairing key E S 1 [K p 2 ] to the device; wherein the second service is selected from the group consisting of:
a general broadcast service from the second data provider, including access to a number of media channels as a baseline fee service;
particular data from the second data provider, including an order ahead pay per view service and an impulse pay per view service; and
a particular set of data from the second data provider.
7 . The method of claim 6 , wherein the service is encrypted according to a control word CW, and the method further comprises the steps of:
decrypting the first encrypted version of the second pairing key E S 1 [K p 2 ] in the first device module; decrypting the second encrypted version of the second pairing key E S 2 [K p 2 ] in the second device module; decrypting the encrypted version of the control word E[CW] in the second device module; re-encrypting the decrypted control word CW according to the decrypted second encrypted version of the second pairing key K p 2 ; providing the re-encrypted control word
E
K
p
2
[
CW
]
from the second device module to the first device module; and
decrypting the re-encrypted control word
E
K
p
2
[
CW
]
using the decrypted first encrypted version of the second pairing key K p 2 .
8 . The method of claim 1 , wherein the first service enabling request is transmitted in response to a service request, the service request transmitted from the device to the data provider.
9 . The method of claim 1 , wherein the first information S 1 and the second information S 2 is known to the broker and the data providers.
10 . The method of claim 1 , wherein the first information S 1 is known to the broker and unknown to the data provider, and wherein the second information S 2 is known to the data provider and unknown to the broker.
11 . The method of claim 1 , wherein:
the first information S 1 is a first secret unique to the device and stored in a first module of the device; the second information S 2 is a second secret is securely stored in a second module of the device.
12 . The method of claim 11 , wherein the second module is a smart card removably coupleable to the first module.
13 . The method of claim 11 , wherein the second module is irremovably integrated with the device.
14 . The method of claim 1 , wherein the pairing key is generated by the data provider and transmitted to the broker.
15 . The method of claim 1 , wherein the pairing key is generated by the broker and transmitted to the data provider in response to the service enabling request.
16 . A system for brokering the enabling of communication of at least one encrypted service of a group of encrypted services from a plurality of data providers to a plurality of devices, the at least one encrypted service decryptable by a first device module securely communicating with a second device module according to a pairing key K p associated with a device of the plurality of devices, the system comprising:
a broker, for providing a first encrypted version of the pairing key E S 1 [K p ] in response to a service enabling request for a service from a data provider of the plurality of data providers, the service request having an identification of the device; and wherein the first encrypted version of the pairing key E S 1 [K p ] is decryptable by first information S 1 stored in the first device module and wherein the first device module receives the first encrypted version E S 1 [K p ] of the pairing key K p and a second encrypted version of the pairing key E S 2 [K p ] from the data provider, the second encrypted version of the pairing key E S 2 [K p ] being generated by the data provider and decryptable by second information S 2 stored in the second device module; wherein each service in the group is enabled by a different pairing key K p .
17 . The system of claim 16 , wherein the service is selected from a group consisting of:
a general broadcast service from the data provider, including access to a number of media channels as a baseline fee service; particular data from the data provider; and a particular set of data from the data provider.
18 . The system of claim 17 , wherein the first information S 1 and the second information S 2 is known to the broker and the data provider.
19 . The system of claim 17 , wherein the first information S 1 is known to the broker and unknown to the data provider, and wherein the second information S 2 is known to the data provider and unknown to the broker.
20 . The system of claim 17 , wherein:
the first information S 1 is a first secret unique to the device and is securely stored in first module of the device; and wherein the second information S 2 is a second secret securely stored in second module of the device.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.