US2020068175A1PendingUtilityA1

Method and apparatus for supporting multiple broadcasters independently using a single conditional access system

53
Assignee: VERIMATRIXPriority: Oct 18, 2004Filed: Oct 31, 2019Published: Feb 27, 2020
Est. expiryOct 18, 2024(expired)· nominal 20-yr term from priority
G06F 2221/2105G06F 2221/2141G06F 2221/2153G06F 21/74G06F 2221/2107H04N 21/25866H04N 7/1675H04N 7/165H04N 21/4181H04N 7/163H04N 7/17318H04N 21/4367H04N 21/26606H04N 21/2543H04N 21/42684H04N 21/472G06F 21/1012G06F 21/109
53
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method of brokering an enabling of communication of at least one encrypted service of a group of encrypted services from a plurality of data providers to a plurality of devices, the at least one encrypted service decryptable by a first device module securely communicating with a second device module according to a pairing key associated with a device of the plurality of devices, comprising:
 transmitting a first service enabling request for a first service from a data provider of the plurality of data providers to a broker independent from the data provider, the first service enabling request comprising an identification of the device;   receiving a first encrypted version of the pairing key E S     1   [K p ] in the data provider from the broker, the first encrypted version of the pairing key E S     1   [K p ] decryptable by first information S 1  securely stored in the first device module of the device;   generating a second encrypted version of the pairing key E S     2   [K p ] in the data provider, the second encrypted version of the pairing key E S     2   [K p ] decryptable by second information S 2  securely stored in the second device module; and   transmitting the first encrypted version of the pairing key E S     1   [K p ] and the second encrypted version of the pairing key E S     2   [K p ] to the device;   wherein each service in the group is enabled by a different pairing key K p .   
     
     
         2 . The method of  claim 1 , wherein the first service is selected from a group consisting of:
 a general broadcast service from the data provider, including access to a number of media channels as a baseline fee service;   particular data from the data provider; and   a particular set of data from the data provider.   
     
     
         3 . The method of  claim 2 , wherein the service is encrypted according to a control word CW, and the method further comprising
 decrypting the first encrypted version of the pairing key E S     1   [K p ] in the first device module;   decrypting the second encrypted version of the pairing key E S     2   [K p ] in the second device module;   decrypting an encrypted version of the control word E[CW] in the second device module;   re-encrypting the decrypted control word CW according to the decrypted second encrypted version of the pairing key;   providing the re-encrypted control word E K     p   [CW] from the second device module to the first device module; and   decrypting the re-encrypted control word E K     p   [CW] using the decrypted first encrypted version of the pairing key K p .   
     
     
         4 . The method of  claim 1 , further comprising the steps of:
 transmitting a second service enabling request for a second service from the data providers to the broker, the second service enabling request comprising an identification of the device;   receiving a first encrypted version of a second pairing key E S     1   [K p     2   ] from the broker, the first encrypted version of the second pairing key E S     1   [K p     2   ] decryptable by the first information S 1  securely stored in the first device module of the device;   generating a second encrypted version of the second pairing key E S     2   [K p     2   ], the second encrypted version of the pairing key E S     2   [K p     2   ] decryptable by the second information S 2  securely stored in the second device module; and   transmitting the first encrypted version of the second pairing key E S     1   [K p     2   ] and the second encrypted version of the second pairing key E S     1   [K p     2   ] to the device;   wherein the second service is different than the first service.   
     
     
         5 . The method of  claim 4 , wherein the data is encrypted according to a control word CW and the method further comprises the steps of:
 decrypting the first encrypted version of the second pairing key E S     1   [K p     2   ] in the first device module;   decrypting the second encrypted version of the second pairing key E S     1   [K p     2   ] in the second device module;   decrypting an encrypted version of the control word E[CW] in the second device module;   re-encrypting the decrypted control word CW according to the decrypted second encrypted version of the second pairing key K p     2   ;   providing the re-encrypted control word   
       
         
           
             
               
                 E 
                 
                   K 
                   
                     p 
                     
                       2 
                        
                       
                           
                       
                     
                   
                 
               
                
               
                 [ 
                 CW 
                 ] 
               
             
           
         
       
       from the second device module to the first device module; and
 decrypting the re-encrypted control word E K     P2   [CW] using the decrypted first encrypted version of the second pairing key K p     2   . 
 
     
     
         6 . The method of  claim 2 , further comprising the steps of:
 transmitting a second service enabling request for a second service from a second data provider of the plurality of data providers to the broker, the request comprising the identification of the device;   receiving a first encrypted version of a second pairing key E S     1   [K p     2   ] from the broker, the first encrypted version of the second pairing key E S     1   [K p     2   ] decryptable by the first information S 1  securely stored in the first device module of the device;   generating a second encrypted version of the second pairing key E S     2   [K p     2   ], the second encrypted version of the pairing key E S     2   [K p     2   ] decryptable by the second information S 2  securely stored in the second device module; and   transmitting the first encrypted version of the second pairing key E S     1   [K p     2   ] and the second encrypted version of the second pairing key E S     1   [K p     2   ] to the device;   wherein the second service is selected from the group consisting of:
 a general broadcast service from the second data provider, including access to a number of media channels as a baseline fee service; 
 particular data from the second data provider, including an order ahead pay per view service and an impulse pay per view service; and 
 a particular set of data from the second data provider. 
   
     
     
         7 . The method of  claim 6 , wherein the service is encrypted according to a control word CW, and the method further comprises the steps of:
 decrypting the first encrypted version of the second pairing key E S     1   [K p     2   ] in the first device module;   decrypting the second encrypted version of the second pairing key E S     2   [K p     2   ] in the second device module;   decrypting the encrypted version of the control word E[CW] in the second device module;   re-encrypting the decrypted control word CW according to the decrypted second encrypted version of the second pairing key K p     2   ;   providing the re-encrypted control word   
       
         
           
             
               
                 E 
                 
                   K 
                   
                     p 
                     
                       2 
                        
                       
                           
                       
                     
                   
                 
               
                
               
                 [ 
                 CW 
                 ] 
               
             
           
         
       
       from the second device module to the first device module; and
 decrypting the re-encrypted control word 
 
       
         
           
             
               
                 E 
                 
                   K 
                   
                     p 
                     
                       2 
                        
                       
                           
                       
                     
                   
                 
               
                
               
                 [ 
                 CW 
                 ] 
               
             
           
         
       
       using the decrypted first encrypted version of the second pairing key K p     2   . 
     
     
         8 . The method of  claim 1 , wherein the first service enabling request is transmitted in response to a service request, the service request transmitted from the device to the data provider. 
     
     
         9 . The method of  claim 1 , wherein the first information S 1  and the second information S 2  is known to the broker and the data providers. 
     
     
         10 . The method of  claim 1 , wherein the first information S 1  is known to the broker and unknown to the data provider, and wherein the second information S 2  is known to the data provider and unknown to the broker. 
     
     
         11 . The method of  claim 1 , wherein:
 the first information S 1  is a first secret unique to the device and stored in a first module of the device;   the second information S 2  is a second secret is securely stored in a second module of the device.   
     
     
         12 . The method of  claim 11 , wherein the second module is a smart card removably coupleable to the first module. 
     
     
         13 . The method of  claim 11 , wherein the second module is irremovably integrated with the device. 
     
     
         14 . The method of  claim 1 , wherein the pairing key is generated by the data provider and transmitted to the broker. 
     
     
         15 . The method of  claim 1 , wherein the pairing key is generated by the broker and transmitted to the data provider in response to the service enabling request. 
     
     
         16 . A system for brokering the enabling of communication of at least one encrypted service of a group of encrypted services from a plurality of data providers to a plurality of devices, the at least one encrypted service decryptable by a first device module securely communicating with a second device module according to a pairing key K p  associated with a device of the plurality of devices, the system comprising:
 a broker, for providing a first encrypted version of the pairing key E S     1   [K p ] in response to a service enabling request for a service from a data provider of the plurality of data providers, the service request having an identification of the device; and   wherein the first encrypted version of the pairing key E S     1   [K p ] is decryptable by first information S 1  stored in the first device module and wherein the first device module receives the first encrypted version E S     1   [K p ] of the pairing key K p  and a second encrypted version of the pairing key E S     2   [K p ] from the data provider, the second encrypted version of the pairing key E S     2   [K p ] being generated by the data provider and decryptable by second information S 2  stored in the second device module;   wherein each service in the group is enabled by a different pairing key K p .   
     
     
         17 . The system of  claim 16 , wherein the service is selected from a group consisting of:
 a general broadcast service from the data provider, including access to a number of media channels as a baseline fee service;   particular data from the data provider; and   a particular set of data from the data provider.   
     
     
         18 . The system of  claim 17 , wherein the first information S 1  and the second information S 2  is known to the broker and the data provider. 
     
     
         19 . The system of  claim 17 , wherein the first information S 1  is known to the broker and unknown to the data provider, and wherein the second information S 2  is known to the data provider and unknown to the broker. 
     
     
         20 . The system of  claim 17 , wherein:
 the first information S 1  is a first secret unique to the device and is securely stored in first module of the device; and   wherein the second information S 2  is a second secret securely stored in second module of the device.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.