Abstract: The present invention provides secure communication from one encryption domain to another using a trusted module. In one embodiment, the invention includes generating a cipher stream based on a first key for encrypted streamed content, and generating a second cipher stream based on a second key to re-encrypt the streamed content. The invention further includes receiving the encrypted streamed content, simultaneously decrypting and re-encrypting the encrypted content using a combination of the first and the second cipher streams and conveying the re-encrypted content to a sink.

Abstract: A method and apparatus for increasing the entropy of a pseudorandom number (PRN). An intervener unit receives one or more signals from an authenticating device during a false authentication attempt. The intervener unit generates, in response to the one or more signals, a first PRN with an associated level of entropy, and transmits the first PRN to the authenticating device. The entropy level of the first PRN causes the authenticating device to generate during a subsequent authentication attempt a second PRN with a greater level of entropy than the first PRN.

Abstract: A stream cipher is provided with a first and a second data bit generators to generate in parallel a first and a second stream of data bits. The stream cipher is further provided with a combiner function having a shuffling unit including a storage structure to generate a pseudo random sequence, by combining the first stream of data bits with at least stochastically generated past values of the first streams of data bits, generated by using the second stream of data bits to stochastically operate the storage structure of the shuffle unit to memorize and reproduce the data bits of the first stream.

Abstract: Secure communication from one encryption domain to another using a trusted module. In one embodiment, the invention includes receiving encrypted streamed content encrypted with a first key, generating a substitution key stream based on the first key and a second key, generating a transposition key stream based on the first and second keys, and simultaneously decrypting and re-encrypting the encrypted streamed content using a combination of the substitution and transposition streams to produce re-encrypted streamed content encrypted with the second key.

Abstract: A dual use block/stream cipher is provided with a first key section and a data section. The first key section is to be initialized with a first cipher key, and to successively transform the first cipher key or a modified version of the first cipher key. The data section, coupled to the first key section, is to be initialized with either a block of plain text or a random number, and to successively and dependently, on the first key section, transform the plain text/random number. The cipher is further provided with a second key section and a mapping function. The second key section, coupled to the first key section, is selectively enableable to modify the first cipher key. The mapping section, coupled to the first key section, is to generate a pseudo random bit sequence when the second key section is selectably enabled to modify the stored first cipher key.

Abstract: A video source device generates a session key for each transmission session wherein a multi-frame video content is to be transmitted to a video sink device. The video source device uses the session key to generate a successive number of frame keys. The frame keys in turn are used to generate corresponding pseudo random bit sequences for ciphering the corresponding frames to protect the video content from unauthorized copying during transmission. The video sink device practices a complementary approach to decipher the received video content. In one embodiment, both devices are each provided with an integrated block/stream cipher to practice the transmission protection method.

Abstract: The present invention provides secure communication from one encryption domain to another using a trusted module. In one embodiment, the invention includes receiving a first key for decryption of encrypted content over a secure authenticated channel, receiving a second key for re-encrypting the encrypted content over a secure authenticated channel. The invention further includes receiving the encrypted content, decrypting and re-encrypting the encrypted content using the first key and the second key, and conveying the re-encrypted content to a sink.

Abstract: A video source device and a video repeater device cooperatively authenticates said video repeater apparatus to said video source device. In one embodiment, the authentication is performed using an identical authentication process a video sink device would authenticate itself to the video source device. The video repeater device augment the identical process identifying itself as a repeater device. The video repeater device also in cooperation with at least one video sink device authenticates the at least one video sink device. The video repeater device in turn, in cooperation with the video source device, authenticates the at least one video sink device to the video source device. In one embodiment, the video repeater device also in cooperation with another video repeater device, authenticates yet another at least one video sink device to the video repeater device.

Abstract: A stream cipher is provided with one or more data bit generators to generate a first, second and third set of data bits. The stream cipher is further provided with a combiner function having a network of shuffle units to combine the third set of data bits, using the first and second sets of data bits as first input data bits and control signals respectively of the network of shuffle units. In one embodiment, the shuffle units are binary shuffle units and they are serially coupled to one another.

Abstract: A video source device includes a cipher unit. The video source device uses the cipher unit to generate cipher bits for ciphering video to be transmitted to protect the video from unauthorized copying. The video source device authenticates video receiving devices using a symmetric ciphering/deciphering process that requires the video source device to generate and provide the video receiving device with a pseudo random number as the seed/basis number for the symmetric ciphering/deciphering process. The video source device is further provided with a state machine that controls the cipher unit to generate the required pseudo random number for the video source devices, thereby eliminating the need of having to provide separate circuitry to generate the required pseudo random numbers.

Abstract: A video source application in a video source device requests from a video hardware interface of the video source device status with respect to a link linking the video source device to an external video sink device, and supplements the status request with a first basis value to a symmetric ciphering/deciphering process. The video source application, upon receiving from the video hardware interface the requested status and a verification key, generated using said symmetric ciphering/deciphering process and employing the first basis value, verifies the correctness of the verification key to determine whether to trust said provided status. In like manner, the video source application requests from the video hardware interface a secret the video hardware interface uses to cipher video to be transmitted by the video hardware interface to the external video sink device. The secret request is supplemented with a second basis value to the symmetric ciphering/deciphering process.

Abstract: A method and apparatus for increasing the entropy of a pseudorandom number (PRN). An intervener unit receives one or more signals from an authenticating device during a false authentication attempt. The intervener unit generates, in response to the one or more signals, a first PRN with an associated level of entropy, and transmits the first PRN to the authenticating device. The entropy level of the first PRN causes the authenticating device to generate during a subsequent authentication attempt a second PRN with a greater level of entropy than the first PRN.

Abstract: A video source device generates a session key for each transmission session wherein a multi-frame video content is to be transmitted to a video sink device. The video source device uses the session key to generate a successive number of frame keys. The frame keys in turn are used to generate corresponding pseudo random bit sequences for ciphering the corresponding frames to protect the video content from unauthorized copying during transmission. The video sink device practices a complementary approach to decipher the received video content. In one embodiment, both devices are each provided with an integrated block/stream cipher to practice the transmission protection method.

Abstract: A block cipher supporting a selectable block size of bit granularity includes a recursive Feistal network structure having a plurality of substitution boxes (S-boxes), each S-box being generated by a message digest function used as a pseudo-random number generator and one of a plurality of keys. Rather than use message digest functions as dynamic S-boxes (as in the well-known Luby-Rackoff cipher), in the present invention S-boxes may be constructed from a key at cipher build time. For larger S-boxes, a subordinate Feistal network composed of S-boxes half the size of the desired S-box may be used. Once the S-box size, N, is sufficiently small (e.g., less than 16 input bits), a permutation of integers 0 . . . 2N−1 may be computed using the message digest as a cryptographic strength pseudo-random number generator (RNG) and the key. The generated integers may be used within the S-box as part of a look-up table for shuffling the input data to the S-box into encrypted output data.

Abstract: A video source device includes a cipher unit. The video source device uses the cipher unit to generate cipher bits for ciphering video to be transmitted to protect the video from unauthorized copying. The video source device authenticates video receiving devices using a symmetric ciphering/deciphering process that requires the video source device to generate and provide the video receiving device with a pseudo random number as the seed/basis number for the symmetric ciphering/deciphering process. The video source device is further provided with a state machine that controls the cipher unit to generate the required pseudo random number for the video source devices, thereby eliminating the need of having to provide separate circuitry to generate the required pseudo random numbers.

Abstract: A source-level compiler may randomly select compilation conventions to implement portable content protection, securing the secrets embedded in a program by shuffling associated data. The program may be developed using a source language that is applicative on the associated data. To obscure the embedded secrets, in one embodiment, pre-compiler software may be deployed for compiling the program in a random-execution-order based on a random seed indication that randomly selects compilation conventions and a shuffling algorithm that moves the associated data across the program during execution.

Abstract: Protected content distribution is accomplished by a first entity generating a set of asymmetric key pairs, creating a plurality of sets of private keys by selecting a combination of private keys from the set of asymmetric key pairs for each created set, and distributing the sets of private keys to playback devices. A second entity produces protected content including encrypted content and a public key media key block, encrypts a symmetric content key with each public key in the set of asymmetric key pairs to form the public key media key block and encrypts a content title with the symmetric content key to form the encrypted content. A playback device stores one set of private keys, receives the protected content, and decrypts and plays the content title stored in the protected content when a selected one of the set of private keys stored by the playback device successfully decrypts the encrypted symmetric content key stored in the public key media key block of the received protected content.

Abstract: A video source device generates a session key for each transmission session wherein a multi-frame video content is to be transmitted to a video sink device. The video source device uses the session key to generate a successive number of frame keys. The frame keys in turn are used to generate corresponding pseudo random bit sequences for ciphering the corresponding frames to protect the video content from unauthorized copying during transmission. The video sink device practices a complementary approach to decipher the received video content. In one embodiment, both devices are each provided with an integrated block/stream cipher to practice the transmission protection method.

Abstract: In a cryptographic system, a nonce is removed from a communication stream. The nonce is encrypted based on a shared secret. The encrypted nonce is inserted into the communication stream. The encrypted nonce is removed from the communication stream. The encrypted nonce is decrypted based on the shared secret formed by an authenticated key exchange. The decrypted nonce is inserted into the communication stream. The nonce may be an An value generated by a HDCP function. The authenticated key exchange may use Diffie-Hellman Key Exchange.

Abstract: Secure communication from one encryption domain to another using a trusted module. In one embodiment, the invention includes receiving encrypted streamed content encrypted with a first key, generating a substitution key stream based on the first key and a second key, generating a transposition key stream based on the first and second keys, and simultaneously decrypting and re-encrypting the encrypted streamed content using a combination of the substitution and transposition streams to produce re-encrypted streamed content encrypted with the second key.