USRE41919EExpiredUtility

Rapid decryption of data by key synchronization and indexing

54
Assignee: OLIVIER STEVEPriority: Jun 25, 2003Filed: Apr 16, 2009Granted: Nov 9, 2010
Est. expiryJun 25, 2023(expired)· nominal 20-yr term from priority
H04H 40/90H04N 21/63345H04N 21/26606H04N 21/26613H04L 9/0662H04N 7/1675H04L 2209/601H04L 2209/12H04L 9/12H04H 60/23H04N 21/6143H04N 21/454
54
PatentIndex Score
0
Cited by
234
References
65
Claims

Abstract

A satellite broadcast conditional access system with key synchronization uses indexing of an authorization stream to quickly restart the decrypting process after short carrier fades and after carrier switches. The authorization stream includes cyphered seeds and index numbers which are sequentially sent to a group of receivers. The same authorization stream can also be broadcast multiple times to the group of receivers. A conditional access server selects a starting index number and increments the index number by a predefined value. The receivers have a memory to save the current index number for the authorization stream. Any receiver that loses its connection to the broadcast and thereafter reestablishes its connection can retrieve the latest index number being issued in the authorization stream and compare it with the stored index number. When the index numbers match or are within a defined threshold, the receiver will continue to decypher the seeds and decrypt the transport stream.

Claims

exact text as granted — not AI-modified
1. A method of encrypting data for rapid decryption, the method comprising the steps of:
 sequentially generating a plurality of random numbers;  
 sequentially generating a plurality of index numbers respectively associated with said random numbers, wherein a first index number is initially generated and said index numbers increment by a predefined value;  
 calculating a plurality of cyphered seeds according to a combination of each one of said random numbers and each one of said respectively associated index numbers;  
 sending said plurality of cyphered seeds and said corresponding index numbers from a server to at least one receiver; and  
 resending each one of said plurality of cyphered seeds and said corresponding index numbers from said server to said receiver, wherein a cyphered seed and index number pair is resent before sending a subsequent cyphered seed and index number pair.  
 
     
     
       2. The method according to  claim 1 , wherein said generating of said index numbers is further comprised of the step of randomly generating said first index number. 
     
     
       3. The method according to  claim 1 , wherein said sending and resending steps further comprise the steps of sending a first flavored cyphered seed and index number pair and resending said first flavored cyphered seed and index number pair. 
     
     
       4. The method according to  claim 3 , wherein said sending and resending steps further comprise the steps of: sending a second flavored cyphered seed and index number pair; resending said second flavored cyphered seed and index number pair; and repeating said sending and resending steps for a plurality of first flavored cyphered seed and index number pairs and for a plurality of second flavored cyphered seed and index number pairs. 
     
     
       5. The method according to  claim 1 , further comprising the steps of: decyphering said cyphered seed and index number pair; storing said decyphered seed and index number pair in a memory; repeating said decyphering and storing steps for a plurality of subsequent cyphered seed and index number pairs until an occurrence of a reset; after said reset, decyphering a most recently received index number and comparing said most recently received index number with said stored index number; and continuing with said decyphering and storing steps if said most recently received index number is within a defined tolerance of said stored index number. 
     
     
       6. The method according to  claim 5 , further comprising the steps of: when a cyphered seed of a particular flavor is received, decyphered, and loaded to said receiver, setting a flavor seed flag to designate said flavor; and when said receiver detects that a flavor in incoming encrypted transport streams changes to a new flavor, examining whether said flavor seed flag is set to correspond said new flavor for checking if said decyphered seed is valid to decrypt said incoming encrypted transport streams. 
     
     
       7. The method according to  claim 5 , further comprising the step of defining said tolerance of said stored index number to one. 
     
     
       8. The method according to  claim 5 , further comprising the steps of: sending a group of cyphered seed and corresponding index number pairs from said server to a respective group of receivers during a flavor distribution period; resending said group of cyphered seed and corresponding index number pairs to said respective group of receivers during said flavor distribution period; and repeating said sending and resending steps for a plurality of subsequent groups of cyphered seed and corresponding index number pairs to said respective group of receivers. 
     
     
       9. The method according to  claim 8 , wherein said repeating step further comprises the step of switching between a first flavor and a second flavor. 
     
     
       10. The method according to  claim 8 , further comprising the step of sending an authorization stream from said server to said group of receivers during said flavor distribution period, said authorization stream comprising said group of cyphered seed and corresponding index number pairs, a plurality of serial numbers corresponding to said respective group of receivers, a flavor indicator, and an encryption on/off message. 
     
     
       11. The method according to  claim 10 , further comprising the step of indicating to said group of receivers whether corresponding transport streams are encrypted according to said encryption on/off message. 
     
     
       12. The method according to  claim 10 , further comprising the step of generating a plurality of secret serial numbers according to a combination of a secret identification number and a serial number associated with each of said receivers. 
     
     
       13. The method according to  claim 12 , further comprising the step of allowing a customer controlling said group of receivers to generate said secret identification number unique to said customer. 
     
     
       14. The method according to  claim 12  wherein said step for calculating a plurality of cyphered seeds is further comprised of the step of combining each one of said random numbers and said respectively associated index numbers with each one of said secret serial numbers. 
     
     
       15. A method of encrypting data for rapid decryption, the method comprising the steps of: sequentially generating a plurality of random numbers; sequentially generating a plurality of index numbers respectively associated with said random numbers, wherein a first index number is initially generated and said index numbers increment by a predefined value; calculating a plurality of cyphered seeds according to a combination of each one of said random numbers, each one of said respectively associated index numbers, and a plurality of serial numbers respectively associated with a group of receivers; sending a group of cyphered seed and corresponding index number pairs from a server to said group of receivers during a flavor distribution period; resending said group of cyphered seed and corresponding index number pairs to said group of receivers during said flavor distribution period; repeating said sending and resending steps for a plurality of subsequent groups of cyphered seed and corresponding index number pairs to said group of receivers, extracting a cyphered seed using its serial number from said cyphered seed and index number pairs in each one of said receivers; decyphering said cyphered seed and index number pairs in each one of said receivers; storing said decyphered seed and index number pair in a memory of each one of said receivers; repeating said decyphering and storing steps for a plurality of subsequent cyphered seed and index number pairs until an occurrence of a reset; after said reset, decyphering a most recently received index number and comparing said most recently received index number with said stored index number; and continuing with said decyphering and storing steps if said most recently received index number is within a defined tolerance of said stored index number. 
     
     
       16. The method according to  claim 15 , wherein said generating of said index numbers is further comprised of the step of randomly generating said first index number. 
     
     
       17. The method according to  claim 15 , further comprising the step of sending an authorization stream from said server to said group of receivers during said flavor distribution period, said authorization stream comprising said group of cyphered seed and corresponding index number pairs, said plurality of serial numbers corresponding to said respective group of receivers, a flavor indicator, and an encryption on/off message. 
     
     
       18. The method according to  claim 15 , further comprising the step of generating a plurality of secret serial numbers according to a combination of a secret identification number and a serial number associated with each of said receivers. 
     
     
       19. The method according to  claim 18 , further comprising the step of allowing a customer controlling said group of receivers to generate said secret identification number unique to said customer. 
     
     
       20. The method according to  claim 18 , wherein said secret serial numbers are used as said serial numbers in calculating said cyphered seeds. 
     
     
       21. The method according to  claim 15 , further comprising the steps of: receiving, decyphering, and loading at least one of said cyphered seeds of an indicated flavor in each one of said receivers; respectively setting a flavor seed flag in each one of said receivers to designate said indicated flavor; detecting a flavor change associated with a new flavor in incoming encrypted transport streams in each one of said receivers; determining whether said flavor seed flag is set to correspond with said new flavor and whether said decyphered seed is valid in each one of said receivers; and decrypting said incoming encrypted transport streams in each one of said receivers when said decyphered seed is valid. 
     
     
       22. The method according to  claim 15 , further comprising the step of defining said tolerance of said stored index number to one. 
     
     
       23. A system for encrypting and decrypting data, comprising: means for sequentially generating a plurality of random numbers and a plurality of index numbers respectively associated with said random numbers, wherein a first index number is initially generated and said index numbers increment by a predefined value; means for calculating a plurality of cyphered seeds according to a combination of each one of said random numbers, each one of said respectively associated index numbers, and a plurality of serial numbers respectively associated with a group of receivers; means for sending a group of cyphered seed and corresponding index number pairs from a server to said group of receivers during a flavor distribution period, and resending said group of cyphered seed and corresponding index number pairs to said group of receivers during said flavor distribution period; means for extracting a cyphered seed and corresponding index number from said cyphered seed and index number pairs, wherein at least one of said serial numbers is used to extract said cyphered seed; a decrypter in operative communication with said extracting means receives said extracted cyphered seed and said index number and decyphers said cyphered seed into a decyphered seed; a memory device in operative communication with said decrypter receives and stores said decyphered seed and index number; means for setting a reset command and thereafter comparing a new index number with said stored index number according to a defined tolerance. 
     
     
       24. The system according to  claim 23 , wherein said first index number is further comprised of a randomly generated number. 
     
     
       25. The system according to  claim 23 , wherein said means for generating said random numbers and said index numbers is comprised of a server with a computer processor. 
     
     
       26. The system according to  claim 23 , wherein said means for calculating said cyphered seeds is comprised of an encryption function in said server. 
     
     
       27. The system according to  claim 23 , wherein said means for sending and resending said cyphered seed and index number pairs from said server to said receivers is comprised of a multiplexer controlled by said server. 
     
     
       28. The system according to  claim 23 , wherein said means for extracting said cyphered seed, setting said reset command, and returning to said steady state operation is comprised of a host microprocessor in at least one of said receivers. 
     
     
       29. The system according to  claim 23 , wherein said defined tolerance of said stored index number is one. 
     
     
       30. The system according to  claim 23 , wherein said plurality of serial numbers are further comprised of a combination of a secret identification number, and wherein said secret identification number is unique to a customer controlling said group of receivers. 
     
     
       31. A server for encrypting data, comprising: means for sequentially generating a plurality of random numbers and a plurality of index numbers respectively associated with said random numbers, wherein a first index number is initially generated and said index numbers increment by a predefined value; means for calculating a plurality of cyphered seeds according to a combination of each one of said random numbers and each one of said respectively associated index numbers; and means for sending a group of cyphered seed and corresponding index number pairs from a server to a respective group of receivers during a flavor distribution period, and resending said group of cyphered seed and corresponding index number pairs to said respective group of receivers during said flavor distribution period. 
     
     
       32. The system according to  claim 31 , wherein said first index number is further comprised of a randomly generated number. 
     
     
       33. The system according to  claim 31 , wherein said cyphered seeds are further comprised according to a combination of said random numbers and said index numbers with a plurality of serial numbers respectively associated with said group of receivers. 
     
     
       34. The system according to  claim 33 , wherein said plurality of serial numbers are further comprised of a combination of a secret identification number, and wherein said secret identification number is unique to a customer controlling said group of receivers. 
     
     
       35. An integrated receiver decoder for decrypting data, comprising: means for extracting a cyphered seed and a corresponding index number from a group of cyphered seed and index number pairs; wherein a plurality of serial numbers are used to generate a plurality of cyphered seeds and wherein at least one of said serial numbers is used to extract said cyphered seed; a decrypter in operative communication with said extracting means receives said extracted cyphered seed and said corresponding index number and decyphers said cyphered seed into a decyphered seed; a memory device in operative communication with said decrypter receives and stores said decyphered seed and index number; and means for setting a reset command and thereafter comparing a new index number with said stored index number according to a defined tolerance. 
     
     
       36. The system according to  claim 35 , wherein said defined tolerance of said stored index number is one. 
     
     
       37. A computer- implemented method, comprising:      sending, by an access server, one or more ciphered seeds and one or more index numbers associated with the one or more ciphered seeds to at least one content receiver; and        resending, by the access server, the one or more ciphered seeds and the one or more index numbers, wherein a ciphered seed and index number pair are sent before sending subsequent ciphered seed and index number pairs.     
     
     
       38. The computer- implemented method as recited in    claim 37   , further comprising determining one or more ciphered seeds by:      sequentially generating a plurality of random numbers;        sequentially generating a plurality of index numbers associated with the random numbers; and        combining each random number with each index number associated with the random number.     
     
     
       39. The computer- implemented method as recited in    claim 38   , wherein a first index number is generated randomly and subsequent index numbers are generated by incrementing the first index number by a value.   
     
     
       40. The computer- implemented method as recited in    claim 37   , wherein the one or more ciphered seeds and the one or more index numbers are sent and resent during a first flavor distribution period.   
     
     
       41. The computer- implemented method as recited in    claim 40   , further comprising:      sending, by the access server, a ciphered seed and an index number pair during a second flavor distribution period; and        resending, by the access server, the ciphered seed and the index number pair during the second flavor distribution period.     
     
     
       42. The computer- implemented method as recited in    claim 37   , further comprising sending, by the access server, an authorization stream, the authorization stream comprising the one or more ciphered seeds, the one or more index numbers, one or more numbers associated with one or more content receivers, a flavor indicator, and an encryption message.   
     
     
       43. The computer- implemented method as recited in    claim 42   , wherein the one or more numbers associated with one or more content receivers are configured to enable decryption of the one or more ciphered seeds.   
     
     
       44. The computer- implemented method as recited in    claim 42   , wherein the flavor indicator is configured to indicate an odd/even flavor of the one or more ciphered seeds.   
     
     
       45. The computer- implemented method as recited in    claim 42   , wherein the encryption message is configured to indicate whether a transport stream is encrypted.   
     
     
       46. A system for encrypting data, comprising:
   an access server configured to generate one or more ciphered seeds; and        a cryptographic multiplexer configured to:      send the one or more ciphered seeds and one or more index numbers to one or more content receivers during a flavor distribution period; and        resend the one or more ciphered seeds and the one or more index numbers to the one or more content receivers during the flavor distribution period.       
     
     
       47. The system as recited in  claim 46 , wherein the cryptographic multiplexer is further configured to:
   send a ciphered seed and an index number pair during a second flavor distribution period; and        resend the ciphered seed and the index number pair during the second flavor distribution period.     
     
     
       48. A computer- implemented method, comprising:      receiving, by a content receiver, an encrypted data stream;        extracting, by the content receiver, a ciphered seed and index number pair from the encrypted data stream using a number associated with the content receiver;        deciphering, by the content receiver, the ciphered seed to create a deciphered seed;        storing, by the content receiver, the deciphered seed and index number in memory;        detecting, by the content receiver, a reset, and responsive to the reset:      comparing a received index number with the stored index number; and        deciphering and storing additional ciphered seeds responsive to the received index number corresponding to the stored index number.       
     
     
       49. The computer- implemented method, as recited in    claim 48   , wherein the received index number corresponds to the stored index number when the received index number is within a defined tolerance of the stored index number.   
     
     
       50. The computer- implemented method, as recited in    claim 49   , wherein the defined tolerance is one.   
     
     
       51. The computer- implemented method, as recited in    claim 48   , further comprising deciphering and storing, by the content receiver, additional ciphered seed and index number pairs until a reset is detected.   
     
     
       52. The computer- implemented method, as recited in    claim 48   , further comprising:      deciphering, by the content receiver, a ciphered seed corresponding to a first flavor;        detecting, by the content receiver, a second flavor;        determining, by the content receiver, whether the deciphered seed is valid by comparing the second flavor with the first flavor; and        decrypting, by the content receiver, the encrypted data stream responsive to the deciphered seed being valid.     
     
     
       53. The computer- implemented method, as recited in    claim 52   , further comprising blocking, by the content receiver, the encrypted data stream responsive to the deciphered seed being invalid.   
     
     
       54. A system for decrypting data, comprising:
   a demultiplexer configured to extract a ciphered seed from an encrypted data stream using a number associated with a content receiver;        a decrypter configured to decipher the extracted ciphered seed;        a processor configured to:      detect a reset; and        validate the deciphered seed responsive to the reset; and          a descrambler configured to decrypt the encrypted data stream using the deciphered seed responsive to the deciphered seed being valid.     
     
     
       55. The system, as recited in  claim 54 , wherein the processor is configured to validate the deciphered seed by comparing an index number associated with the deciphered seed with a stored index number. 
     
     
       56. The system, as recited in  claim 55 , wherein the processor is configured to validate the deciphered seed by comparing the index number associated with the deciphered seed with the stored index number according to a defined tolerance. 
     
     
       57. The system, as recited in  claim 54 , wherein the processor detects a reset responsive to not receiving an encrypted data stream. 
     
     
       58. The system, as recited in  claim 54 , wherein the processor detects a reset responsive to a change in an odd/even flavor associated with the encrypted data stream. 
     
     
       59. The system, as recited in  claim 54 , wherein the descrambler is further configured to block an encrypted data stream responsive to the deciphered seed being invalid. 
     
     
       60. A computer- implemented method, comprising:      detecting, by a content receiver, a loss of an encrypted data stream;        determining, by the content receiver, an index number and odd/even flavor associated with a restored encrypted data stream;        determining, by the content receiver, whether the index number corresponds to a stored index number; and        decrypting, by the content receiver, the restored encrypted data stream using an encryption seed corresponding to the stored index number if the index number corresponds to the stored index number.     
     
     
       61. The computer- implemented method as recited in    claim 60   , wherein an index number  ( i )  corresponds to a stored index number  ( i   0 )  when the index number  ( i )  is equal to i   0    or i   0   − 1 .   
     
     
       62. The computer- implemented method as recited in    claim 60   , further comprising resetting, by the content receiver, a descrambler configured to descramble the encrypted data stream.   
     
     
       63. The computer- implemented method as recited in    claim 60   , further comprising blocking, by the content receiver, one or more encrypted data packets associated with the restored encrypted data stream.   
     
     
       64. The computer- implemented method as recited in    claim 60   , further comprising deciphering, by the content receiver, at least one authorization stream to acquire an encryption seed.   
     
     
       65. The computer- implemented method as recited in    claim 60   , further comprising waiting, by the content receiver, to receive an addressed ciphered seed responsive to the index number not corresponding to the stored index number.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.