Rapid decryption of data by key synchronization and indexing
A satellite broadcast conditional access system with key synchronization uses indexing of an authorization stream to quickly restart the decrypting process after short carrier fades and after carrier switches. The authorization stream includes cyphered seeds and index numbers which are sequentially sent to a group of receivers. The same authorization stream can also be broadcast multiple times to the group of receivers. A conditional access server selects a starting index number and increments the index number by a predefined value. The receivers have a memory to save the current index number for the authorization stream. Any receiver that loses its connection to the broadcast and thereafter reestablishes its connection can retrieve the latest index number being issued in the authorization stream and compare it with the stored index number. When the index numbers match or are within a defined threshold, the receiver will continue to decypher the seeds and decrypt the transport stream.
This application claims the benefit of U.S. Provisional Application Ser. No. 60/482,235 filed Jun. 25, 2003.
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENTNot Applicable.
BACKGROUND OF THE INVENTION1. Field of the Invention
This invention relates generally to satellite broadcast systems and, more particularly, to a conditional access system for encrypting and decrypting data.
2. Related Art
A conditional access system is used to permit access to a transport stream only to subscribers who have paid for it. This is generally done by distributing the transport stream in encrypted form. Although any integrated receiver-decoder (IRD) that is connected to a satellite broadcast network can receive the encrypted transport stream, only the IRDs of those authorized subscribers are able to decrypt the encrypted transport stream. The IRD determines whether the encrypted transport stream should be decrypted and, if so, to decrypt it to produce a decrypted transport stream comprising information making up the broadcast program.
After a subscriber has purchased a service, a service provider sends messages to the subscriber's IRD with an authorization stream for the purchased services. The authorization stream may be sent with the transport stream or may be sent via a separate channel to an IRD. Various techniques have been used to encrypt the authorization stream. The authorization stream may include a seed as a key for a service of the service provider and an indication of what programs in the service the subscriber is entitled to receive. If the authorization stream indicates that the subscriber is entitled to receive the program of an encrypted transport stream, the IRD decrypts the encrypted transport stream using the received seed.
A well known problem concerning such conditional access systems is that the IRDs may suffer either carrier fades or be switched between carriers bearing the same instantiation of the service provider. It is therefore desirable for the IRDs to recover and pass a correctly decrypted transport stream to downstream processing stages as quickly as possible. However, the magnitude of time delay in the recoveries, on a typical large network (12,000 satellite IRDs) can be extremely long, such as one or two minutes in legacy systems. Other implementations of conditional access solve the problem of quick restoration of the IRD's decrypter by either risking that still-scrambled material may inadvertently be passed to the downstream processing stages, or consuming far more bandwidth in the transport stream to send cyphered seeds.
Hence, there is a need in the industry for an efficient and reliable technique for rapidly decrypting data after brief or extended loss of transport or authorization streams due to short carrier fades or switches. For that purpose, the conditional access system should allow the IRDs to quickly determine, after restoration of the data link following a carrier fade or switch, whether their stored copies of the decryption seeds are still current and correct. Furthermore, it is needed to greatly reduce the likelihood that the carrier fade or switch could prevent the IRD from getting at least one copy of its own messages without the need for consuming large amounts of bandwidth.
SUMMARY OF THE INVENTIONIt is in view of the above problems that the present invention was developed. The present invention is a satellite broadcast conditional access system with key synchronization that allows the IRDs to quickly restart the decrypting process after short carrier fades and after carrier switches when they are within the same protected network. The invention uses an indexed authorization stream allowing the IRDs to quickly decide, after restoration of the data link following a carrier fade or switch, whether their stored copies of the decrypting seeds are still current and correct. The invention also uses multiple transmissions of the cyphered seeds during each distribution period providing the IRD with multiple opportunities to receive the current seed.
For the first attribute, the index numbers on all the authorization streams are assigned in a manner such that the authorization stream may be identified and that the specific time epoch of those cyphered seeds may be determined. When a conditional access server program initializes, it randomly selects the starting index number from a domain of numbers, and applies this number to each and every authorization stream bearing a cyphered seed. Then, while in operation, it increments that index by a predefined value at each new distribution period, i.e., an odd/even flavor switch according to the preferred embodiment. The IRDs, in their turn, after reestablishing connection to the carrier-borne transport stream, may quickly retrieve the index numbers being issued in the authorization stream and compare them to the same for both flavors of the cyphered seeds it keeps in volatile storage. If those numbers match, then the IRD will then immediately decypher those seed(s) and restart decrypting on the transport stream knowing it is using the correct seed. This restart may commence very quickly after the authorization stream is detected, and that the IRD need not wait until its own messages are received and decyphered.
For the second attribute, the distribution of the cyphered seeds is repeatedly sent with considerable delay between the cyphered seed messages. This greatly reduces the likelihood that a carrier switch or a short fade could prevent the IRD from getting at least one copy of its own cyphered seed message during each distribution period.
Further features and advantages of the present invention, as well as the structure and operation of various embodiments of the present invention, are described in detail below with reference to the accompanying drawings.
The accompanying drawings, which are incorporated in and form a part of the specification, illustrate the embodiments of the present invention and together with the description, serve to explain the principles of the invention. In the drawings:
Referring to the accompanying drawings in which like reference numbers indicate like elements,
The encryption function 22 in the conditional access server 16 provides an authorization stream 24 bearing cyphered messages which can only be decyphered and read by authorized devices. These messages give the cryptographic multiplexers 18, at the satellite uplink, and the authorized IRDs 20, at the downlink sites, a sequence of cyphered encrypting seeds. The cryptographic multiplexers 18 extract their own cyphered encryption seeds using their own serial number, and their decrypter 26 decyphers the cyphered encrypting seeds to get an encryption seed. These seeds initialize scrambler 28, in the cryptographic multiplexers 18 which appears to randomly encrypt the encrypt able portions of the MPEG transport stream 12. The authorization stream 24 and the encrypted transport stream 30 are transmitted through an interposed satellite broadcast network 31 by the multiplexer 32 and received by the input module 34 of the IRDs 20. Like the cryptographic multiplexers 18, the host microprocessor 36 of IRDs extract their own cyphered encryption seeds using their own serial number, and their decrypters 38 decypher the cyphered encrypting seeds to get an original encryption seed. Since the encrypting operation is symmetric, the encrypting seed sent to the IRDs 20 allows descrambler 40 to decrypt the transport stream encrypted by the cryptographic multiplexer 18.
At the uplink site, a conditional access server 16 runs the conditional access system 10. It can retrieve database information 41 from a conditional access database 42 by a network connection to the conditional access server 16 if on separate machines. This information is used to build and edit a list of authorized IRDs 20 by serial number n 102 under local operator control.
When the conditional access server's encryption engine is activated, it generates a sequence of random numbers Ki 122 and associated index numbers i 124 (operation 220). While each Ki in the sequence is independently random, the i values preferably begin with a randomly selected number, i.e., the initial index number is randomly generated. In a preferred embodiment of the invention, the i index then increments by a given value, preferably one, for each new (Ki,i) pair 122, 124 that is generated. For each pair 122, 124 in the sequence, the conditional access server 16 creates a cyphered message for every authorized IRD 20 plus all encrypting cryptographic multiplexers 18. It does this using the list of secret serial numbers Sn 114. Each cyphered message (CM) contains a value Cni 126, the index i, 124 the destination unit serial number n 102, and an even/odd flavor indicator 128. The value Cni is calculated (operation 220): Cni=Ki xor F(Sn∥i) and it is called the cyphered seed 126. After the entire set of cyphered messages is distributed, the conditional access server 16 sends either an encryption ON or OFF message 130, addressed to all. The aggregate of all these messages (Cni 126, i 124, n 102, an even/odd flavor indicator 128, an encryption ON or OFF message 130) is generally called the authorization stream 24. This stream then feeds the cryptographic multiplexers 18 (operation 230).
The authorization stream 24 is preferably structured as shown in FIG. 3. The time interval over which cyphered messages are used to distribute a (Ki,i) pair 122, 124 to the universe of IRDs 20 and cryptographic multiplexers 18 is the odd/even flavor distribution period 142. Within this period, all the cyphered messages 144 intended for the downlink IRDs 20 are sent first as an ordered group. The ordered group is a set of cyphered messages (CM1, CM2, . . . , CMm) corresponding with the group of IRDs (IRD1, IRD2, . . . , IRDm), respectively. For each distribution period, the cyphered messages will all contain the same index number and even/odd flavor indicator, but will vary according to the IRDn serial numbers (Sn1, Sn2, . . . , Snnm). Of course, the cyphered seed 126 will also vary according to the different serial numbers based on operation 220. Then that whole set of messages 146 is repeated in the same order. Following this, there is a delay period 148 where no messages are transmitted. Then cyphered messages 150 addressed to all the cryptographic multiplexers 18 listed in the conditional access database 42 are sent, in order, just once. This is followed preferably, without delay, by some number of encryption ON or OFF commands 130. After this, there is another delay 154 before transmission of the next (Ki,i) pair 122, 124 begins, which preferably has the opposing odd/even flavor 156.
In a preferred embodiment of the invention, the conditional access system 10 may be in one of three states. They are (1) encryption off; (2) encryption on and starting up; (3) encryption on static. In the first state, the engine continues to create the (Ki,i) pairs 122, 124, but only a single encryption off authorization message is sent at the end of each distribution period. In the second state, the engine begins distribution of the encrypting seeds. At the end of the first two distribution periods, the conditional access server 16 sends an encryption off message 130 to all devices. After the second state, the conditional access system 10 enters the third state. Here, after the seeds have been distributed to the IRDs 20 and cryptographic multiplexers 18, an encryption on message 130 is sent to all devices. Note that there is no similar transition from the encryption on state to the off state. As soon as the user orders encryption to stop, distribution of new seeds ceases immediately and the very next authorization message sent is an encryption off message 130.
In the preferred embodiment of the invention, the list of all cryptographic multiplexers 18 which may do encryption is found in the associated conditional access database 42. The presence or absence of the cryptographic multiplexer 18 from conditional access system's authorized list does not mean the same thing as the presence or absence of an IRD 20, as shall be seen. If a cryptographic multiplexer 18 is in the conditional access database 42, then, when the conditional access state is encryption on, the cryptographic multiplexer 18 will always be receiving addressed authorization messages from the conditional access system 10. However, the cryptographic multiplexer behavior is then affected by the conditional access mode in use while encryption is on. In the preferred embodiment of the invention, only the authorized cryptographic multiplexers 18 receive addressed encryption on commands, while the unauthorized cryptographic multiplexers (in the conditional access database but not authorized in conditional access) receive addressed encryption off commands. For all networks logically connected to those unauthorized cryptographic multiplexers 18, this has the effect of leaving them completely in the clear (unencrypted).
The cryptographic multiplexer 18 has three functions within the conditional access system 10: (1) to receive and decypher the next encrypting seed, (2) to encrypt the required program IDs (PIDs) in the MPEG transport stream 12 using that seed, and to (3) inject the authorization stream into a ghost PID of the transport stream for use by the authorized IRDs. In support of these functions, the cryptographic multiplexer 18 accepts the authorization stream 24 from the conditional access server 16. In addition, it accepts an MPEG transport stream 12, provides the encrypting processing, and then outputs it, preferably for ultimate distribution to a network of downlink IRDs 20.
In a preferred embodiment of the invention, once the new encryption seed value is available, the host processor immediately sets the scrambler 28 to begin encrypting using that value if (1) the conditional access server 16 has previously sent an encryption ON command 130 more recently than an encryption OFF command, and (2) the cryptographic multiplexer 18 has been set to accept those commands. The encryption seed value used for encrypting is the starting state of a linear feedback shift register (LFSR) generator of the scrambler 28 (operation 430), a device which creates a pseudo-random bit sequence. This sequence of bits is XOR'd with several of the low-order bits in nearly every byte of the payload of the eligible MPEG packets 12, not including the authorization stream-carrying packets. The encryption bit on those packets is then set to indicate to IRD descrambler 40 that those packets are encrypted. In addition, the even-odd bit is set to show which flavor of seed was used to do that encrypting. When the next encryption seed is received by the cryptographic multiplexer 18, it will have the opposing flavor, and when transport streams are encrypted using that new encryption seed, the odd-even bit in the transport streams is toggled to that new opposing state.
While the cryptographic multiplexer 18 is decyphering new encryption seeds and using them to encrypt the transport stream 12, it is also injecting the authorization stream 24 into the transport (operation 440). This operates as a simple logical pipe from the cryptographic multiplexer host processor to all the IRD host processors 36. The authorization stream 24 is inserted as the payload into MPEG packets. As these packets are built, they are queued within the cryptographic multiplexer 18. Each authorized IRD 20 in the receiving network has three tasks to perform within this conditional access system 10: (1) extract and decypher its own authorization streams to get new encryption seeds, (2) decrypt the encrypted transport stream packets 30 and pass the new clear packets to the payload processing portion of the IRD 20, and (3) achieve and maintain synchronization to the timing of the cryptographic multiplexer scrambler 28, to ensure that decrypting is done with the correct seed.
As described above, the IRD 20 detects authorization streams 24 addressed to itself and routes the enclosed (Cni,i) pair 126, 124 to the decrypter 38. In addition, it maintains a circular buffer in volatile memory where the last messages received of each odd/even flavor are stored. When new messages are received, they overwrite the previous message of the same flavor. The purpose of this, which shall be discussed in more detail below, is to provide a way for IRDs 20 to recover from brief losses of transport stream input and, of course, loss of the authorization stream as well.
The IRD 20 accepts an incoming MPEG transport stream 12, either from a satellite carrier or from a terrestrial interface. It applies a process of decrypting the transport stream which is essentially identical to the encrypting operation. The payload of the transport stream packets are XOR'd by the same pseudo-random bit sequence which encrypted them jin the cryptographic multiplexer 18. This process restores the payloads of those transport stream packets back to the clear or normal state. Those packets are then routed to the downstream processing circuitry 46 within the IRD 20.
IRD synchronization to the conditional access system 10 differs depending on the state of the system. Steady state operation of an authorized IRD 20 and the several transient states are discussed in detail below: (1) authorization by conditional access system, (2) de-authorization by conditional access system, (3) brief transport stream loss, and (4) extended transport stream loss.
In steady state operation of the system, authorization streams bearing the cyphered seeds of a particular flavor are distributed to the cryptographic multiplexers 18 and IRDs 20 while those same units are encrypting and decrypting with the previously distributed seed of the opposing odd/even flavor. Within the IRDs themselves, the synchronization is maintained as follows. When a seed of a particular flavor is received, decyphered, and loaded to the IRD 20, an X_SEED_WRITTEN flag is SET within the IRD 20 (where X designates the seed's odd/even flavor). When the IRD detects that the odd/even flavor bit in the incoming encrypted transport streams changes (operation 540, referring to FIG. 5), it looks to see if the X_SEED_WRITTEN flag corresponding to the new flavor is set (test 550). If so, it knows it has a valid seed for that new flavor, and it begins decrypting immediately (operation 560). If not, it blocks all incoming encrypted transport streams 30 from entering the IRD demux chip 44 and clears the X_SEED_WRITTEN flag (operation 570). When the very next flavor change occurs in the incoming encrypted transport packet stream 30, that same flag clears in anticipation of the distribution of the next seed of that flavor.
When an IRD 20 is unauthorized in the conditional access system 10, it does not receive the cyphered authorization streams, addressed to itself, bearing its own (Cni,i) value pair. Without the (Cni,i) pair 126, 124, seeds cannot be decyphered, so the X_SEED_WRITTEN flags remain continuously clear, and the IRD removes all incoming encrypted transport streams and substitutes null streams. When the IRD 20 is first authorized in the conditional access system 10, authorization streams addressed to it begin to be received. In the flavor distribution period corresponding to the first addressed stream received by the IRD 20, the IRD basically performs the following steps: (1) a seed of a particular flavor is later received, decyphered, and loaded to the descrambler 40, setting that respective X_SEED_WRITTEN flag; (2) the odd/even flavor bit in the incoming encrypted transport stream packets later changes over to that flavor; and (3) the seed is used to decrypt the encrypted transport streams. Starting with the steady state described earlier, when an RD 20 is de-authorized by conditional access system 10, it stops receiving authorization streams.
Since the IRDs 20 may suffer either short carrier fades or deliberate carrier switches between carriers bearing the same instantiation of a conditional access system 10, transport streams could be briefly lost.
For all losses of transport streams, the X_SEED_WRITTEN flags are cleared, the IRD host 36 resets the descrambler 40. As just described, when the transport stream is restored, the IRD host 36 examines the first authorization streams received. In the case where the first incoming authorization stream's i index value is not exactly equal to, or is not equal to one more than either of the i index values in the stored authorization streams, then the IRD host 36 assumes that the stored cyphered seeds are unusable. From then on, it behaves as if it had just boot up. The IRD 20 remains unauthorized until the IRD first gets an addressed cyphered seed through authorization stream and, thence until the succeeding transport encrypting flavor switch. Note that this holds true if the IRD 20 switched to an encrypted transport stream with a different authorization stream, or if the IRD 20 has been disconnected from the original authorization stream for an extended period. In a preferred embodiment of the invention, an extended period would be any outage exceeding half of the difference between flavor distribution period 142 and the total delays 148, 154 where double-sending of the cyphered seeds is employed (referring to FIG. 3). Failing to use double-sending of the seeds could cause an IRD 20 to miss its current seed distribution on even the shortest outages. In this case, the IRD 20 will appear to initially recover after an outage, but revert to unauthorized at the next flavor switch and remain that way through that next flavor distribution period.
In view of the foregoing, it will be seen that the several advantages of the invention are achieved and attained. The embodiments were chosen and described in order to best explain the principles of the invention and its practical application to thereby enable others skilled in the art to best utilize the invention in various embodiments and with various modifications as are suited to the particular use contemplated.
As various modifications could be made in the constructions and methods herein described and illustrated without departing from the scope of the invention, it is intended that all matter contained in the foregoing description or shown in the accompanying drawings shall be interpreted as illustrative rather than limiting. Thus, the breadth and scope of the present invention should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the following claims appended hereto and their equivalents.
Claims
1. A method of encrypting data for rapid decryption, the method comprising the steps of:
- sequentially generating a plurality of random numbers;
- sequentially generating a plurality of index numbers respectively associated with said random numbers, wherein a first index number is initially generated and said index numbers increment by a predefined value;
- calculating a plurality of cyphered seeds according to a combination of each one of said random numbers and each one of said respectively associated index numbers;
- sending said plurality of cyphered seeds and said corresponding index numbers from a server to at least one receiver; and
- resending each one of said plurality of cyphered seeds and said corresponding index numbers from said server to said receiver, wherein a cyphered seed and index number pair is resent before sending a subsequent cyphered seed and index number pair.
2. The method according to claim 1, wherein said generating of said index numbers is further comprised of the step of randomly generating said first index number.
3. The method according to claim 1, wherein said sending and resending steps further comprise the steps of sending a first flavored cyphered seed and index number pair and resending said first flavored cyphered seed and index number pair.
4. The method according to claim 3, wherein said sending and resending steps further comprise the steps of: sending a second flavored cyphered seed and index number pair; resending said second flavored cyphered seed and index number pair; and repeating said sending and resending steps for a plurality of first flavored cyphered seed and index number pairs and for a plurality of second flavored cyphered seed and index number pairs.
5. The method according to claim 1, further comprising the steps of: decyphering said cyphered seed and index number pair; storing said decyphered seed and index number pair in a memory; repeating said decyphering and storing steps for a plurality of subsequent cyphered seed and index number pairs until an occurrence of a reset; after said reset, decyphering a most recently received index number and comparing said most recently received index number with said stored index number; and continuing with said decyphering and storing steps if said most recently received index number is within a defined tolerance of said stored index number.
6. The method according to claim 5, further comprising the steps of: when a cyphered seed of a particular flavor is received, decyphered, and loaded to said receiver, setting a flavor seed flag to designate said flavor; and when said receiver detects that a flavor in incoming encrypted transport streams changes to a new flavor, examining whether said flavor seed flag is set to correspond said new flavor for checking if said decyphered seed is valid to decrypt said incoming encrypted transport streams.
7. The method according to claim 5, further comprising the step of defining said tolerance of said stored index number to one.
8. The method according to claim 5, further comprising the steps of: sending a group of cyphered seed and corresponding index number pairs from said server to a respective group of receivers during a flavor distribution period; resending said group of cyphered seed and corresponding index number pairs to said respective group of receivers during said flavor distribution period; and repeating said sending and resending steps for a plurality of subsequent groups of cyphered seed and corresponding index number pairs to said respective group of receivers.
9. The method according to claim 8, wherein said repeating step further comprises the step of switching between a first flavor and a second flavor.
10. The method according to claim 8, further comprising the step of sending an authorization stream from said server to said group of receivers during said flavor distribution period, said authorization stream comprising said group of cyphered seed and corresponding index number pairs, a plurality of serial numbers corresponding to said respective group of receivers, a flavor indicator, and an encryption on/off message.
11. The method according to claim 10, further comprising the step of indicating to said group of receivers whether corresponding transport streams are encrypted according to said encryption on/off message.
12. The method according to claim 10, further comprising the step of generating a plurality of secret serial numbers according to a combination of a secret identification number and a serial number associated with each of said receivers.
13. The method according to claim 12, further comprising the step of allowing a customer controlling said group of receivers to generate said secret identification number unique to said customer.
14. The method according to claim 12 wherein said step for calculating a plurality of cyphered seeds is further comprised of the step of combining each one of said random numbers and said respectively associated index numbers with each one of said secret serial numbers.
15. A method of encrypting data for rapid decryption, the method comprising the steps of: sequentially generating a plurality of random numbers; sequentially generating a plurality of index numbers respectively associated with said random numbers, wherein a first index number is initially generated and said index numbers increment by a predefined value; calculating a plurality of cyphered seeds according to a combination of each one of said random numbers, each one of said respectively associated index numbers, and a plurality of serial numbers respectively associated with a group of receivers; sending a group of cyphered seed and corresponding index number pairs from a server to said group of receivers during a flavor distribution period; resending said group of cyphered seed and corresponding index number pairs to said group of receivers during said flavor distribution period; repeating said sending and resending steps for a plurality of subsequent groups of cyphered seed and corresponding index number pairs to said group of receivers, extracting a cyphered seed using its serial number from said cyphered seed and index number pairs in each one of said receivers; decyphering said cyphered seed and index number pairs in each one of said receivers; storing said decyphered seed and index number pair in a memory of each one of said receivers; repeating said decyphering and storing steps for a plurality of subsequent cyphered seed and index number pairs until an occurrence of a reset; after said reset, decyphering a most recently received index number and comparing said most recently received index number with said stored index number; and continuing with said decyphering and storing steps if said most recently received index number is within a defined tolerance of said stored index number.
16. The method according to claim 15, wherein said generating of said index numbers is further comprised of the step of randomly generating said first index number.
17. The method according to claim 15, further comprising the step of sending an authorization stream from said server to said group of receivers during said flavor distribution period, said authorization stream comprising said group of cyphered seed and corresponding index number pairs, said plurality of serial numbers corresponding to said respective group of receivers, a flavor indicator, and an encryption on/off message.
18. The method according to claim 15, further comprising the step of generating a plurality of secret serial numbers according to a combination of a secret identification number and a serial number associated with each of said receivers.
19. The method according to claim 18, further comprising the step of allowing a customer controlling said group of receivers to generate said secret identification number unique to said customer.
20. The method according to claim 18, wherein said secret serial numbers are used as said serial numbers in calculating said cyphered seeds.
21. The method according to claim 15, further comprising the steps of: receiving, decyphering, and loading at least one of said cyphered seeds of an indicated flavor in each one of said receivers; respectively setting a flavor seed flag in each one of said receivers to designate said indicated flavor; detecting a flavor change associated with a new flavor in incoming encrypted transport streams in each one of said receivers; determining whether said flavor seed flag is set to correspond with said new flavor and whether said decyphered seed is valid in each one of said receivers; and decrypting said incoming encrypted transport streams in each one of said receivers when said decyphered seed is valid.
22. The method according to claim 15, further comprising the step of defining said tolerance of said stored index number to one.
23. A system for encrypting and decrypting data, comprising: means for sequentially generating a plurality of random numbers and a plurality of index numbers respectively associated with said random numbers, wherein a first index number is initially generated and said index numbers increment by a predefined value; means for calculating a plurality of cyphered seeds according to a combination of each one of said random numbers, each one of said respectively associated index numbers, and a plurality of serial numbers respectively associated with a group of receivers; means for sending a group of cyphered seed and corresponding index number pairs from a server to said group of receivers during a flavor distribution period, and resending said group of cyphered seed and corresponding index number pairs to said group of receivers during said flavor distribution period; means for extracting a cyphered seed and corresponding index number from said cyphered seed and index number pairs, wherein at least one of said serial numbers is used to extract said cyphered seed; a decrypter in operative communication with said extracting means receives said extracted cyphered seed and said index number and decyphers said cyphered seed into a decyphered seed; a memory device in operative communication with said decrypter receives and stores said decyphered seed and index number; means for setting a reset command and thereafter comparing a new index number with said stored index number according to a defined tolerance.
24. The system according to claim 23, wherein said first index number is further comprised of a randomly generated number.
25. The system according to claim 23, wherein said means for generating said random numbers and said index numbers is comprised of a server with a computer processor.
26. The system according to claim 23, wherein said means for calculating said cyphered seeds is comprised of an encryption function in said server.
27. The system according to claim 23, wherein said means for sending and resending said cyphered seed and index number pairs from said server to said receivers is comprised of a multiplexer controlled by said server.
28. The system according to claim 23, wherein said means for extracting said cyphered seed, setting said reset command, and returning to said steady state operation is comprised of a host microprocessor in at least one of said receivers.
29. The system according to claim 23, wherein said defined tolerance of said stored index number is one.
30. The system according to claim 23, wherein said plurality of serial numbers are further comprised of a combination of a secret identification number, and wherein said secret identification number is unique to a customer controlling said group of receivers.
31. A server for encrypting data, comprising: means for sequentially generating a plurality of random numbers and a plurality of index numbers respectively associated with said random numbers, wherein a first index number is initially generated and said index numbers increment by a predefined value; means for calculating a plurality of cyphered seeds according to a combination of each one of said random numbers and each one of said respectively associated index numbers; and means for sending a group of cyphered seed and corresponding index number pairs from a server to a respective group of receivers during a flavor distribution period, and resending said group of cyphered seed and corresponding index number pairs to said respective group of receivers during said flavor distribution period.
32. The system according to claim 31, wherein said first index number is further comprised of a randomly generated number.
33. The system according to claim 31, wherein said cyphered seeds are further comprised according to a combination of said random numbers and said index numbers with a plurality of serial numbers respectively associated with said group of receivers.
34. The system according to claim 33, wherein said plurality of serial numbers are further comprised of a combination of a secret identification number, and wherein said secret identification number is unique to a customer controlling said group of receivers.
35. An integrated receiver decoder for decrypting data, comprising: means for extracting a cyphered seed and a corresponding index number from a group of cyphered seed and index number pairs; wherein a plurality of serial numbers are used to generate a plurality of cyphered seeds and wherein at least one of said serial numbers is used to extract said cyphered seed; a decrypter in operative communication with said extracting means receives said extracted cyphered seed and said corresponding index number and decyphers said cyphered seed into a decyphered seed; a memory device in operative communication with said decrypter receives and stores said decyphered seed and index number; and means for setting a reset command and thereafter comparing a new index number with said stored index number according to a defined tolerance.
36. The system according to claim 35, wherein said defined tolerance of said stored index number is one.
37. A computer-implemented method, comprising:
- sending, by an access server, one or more ciphered seeds and one or more index numbers associated with the one or more ciphered seeds to at least one content receiver; and
- resending, by the access server, the one or more ciphered seeds and the one or more index numbers, wherein a ciphered seed and index number pair are sent before sending subsequent ciphered seed and index number pairs.
38. The computer-implemented method as recited in claim 37, further comprising determining one or more ciphered seeds by:
- sequentially generating a plurality of random numbers;
- sequentially generating a plurality of index numbers associated with the random numbers; and
- combining each random number with each index number associated with the random number.
39. The computer-implemented method as recited in claim 38, wherein a first index number is generated randomly and subsequent index numbers are generated by incrementing the first index number by a value.
40. The computer-implemented method as recited in claim 37, wherein the one or more ciphered seeds and the one or more index numbers are sent and resent during a first flavor distribution period.
41. The computer-implemented method as recited in claim 40, further comprising:
- sending, by the access server, a ciphered seed and an index number pair during a second flavor distribution period; and
- resending, by the access server, the ciphered seed and the index number pair during the second flavor distribution period.
42. The computer-implemented method as recited in claim 37, further comprising sending, by the access server, an authorization stream, the authorization stream comprising the one or more ciphered seeds, the one or more index numbers, one or more numbers associated with one or more content receivers, a flavor indicator, and an encryption message.
43. The computer-implemented method as recited in claim 42, wherein the one or more numbers associated with one or more content receivers are configured to enable decryption of the one or more ciphered seeds.
44. The computer-implemented method as recited in claim 42, wherein the flavor indicator is configured to indicate an odd/even flavor of the one or more ciphered seeds.
45. The computer-implemented method as recited in claim 42, wherein the encryption message is configured to indicate whether a transport stream is encrypted.
46. A system for encrypting data, comprising:
- an access server configured to generate one or more ciphered seeds; and
- a cryptographic multiplexer configured to: send the one or more ciphered seeds and one or more index numbers to one or more content receivers during a flavor distribution period; and resend the one or more ciphered seeds and the one or more index numbers to the one or more content receivers during the flavor distribution period.
47. The system as recited in claim 46, wherein the cryptographic multiplexer is further configured to:
- send a ciphered seed and an index number pair during a second flavor distribution period; and
- resend the ciphered seed and the index number pair during the second flavor distribution period.
48. A computer-implemented method, comprising:
- receiving, by a content receiver, an encrypted data stream;
- extracting, by the content receiver, a ciphered seed and index number pair from the encrypted data stream using a number associated with the content receiver;
- deciphering, by the content receiver, the ciphered seed to create a deciphered seed;
- storing, by the content receiver, the deciphered seed and index number in memory;
- detecting, by the content receiver, a reset, and responsive to the reset: comparing a received index number with the stored index number; and deciphering and storing additional ciphered seeds responsive to the received index number corresponding to the stored index number.
49. The computer-implemented method, as recited in claim 48, wherein the received index number corresponds to the stored index number when the received index number is within a defined tolerance of the stored index number.
50. The computer-implemented method, as recited in claim 49, wherein the defined tolerance is one.
51. The computer-implemented method, as recited in claim 48, further comprising deciphering and storing, by the content receiver, additional ciphered seed and index number pairs until a reset is detected.
52. The computer-implemented method, as recited in claim 48, further comprising:
- deciphering, by the content receiver, a ciphered seed corresponding to a first flavor;
- detecting, by the content receiver, a second flavor;
- determining, by the content receiver, whether the deciphered seed is valid by comparing the second flavor with the first flavor; and
- decrypting, by the content receiver, the encrypted data stream responsive to the deciphered seed being valid.
53. The computer-implemented method, as recited in claim 52, further comprising blocking, by the content receiver, the encrypted data stream responsive to the deciphered seed being invalid.
54. A system for decrypting data, comprising:
- a demultiplexer configured to extract a ciphered seed from an encrypted data stream using a number associated with a content receiver;
- a decrypter configured to decipher the extracted ciphered seed;
- a processor configured to: detect a reset; and validate the deciphered seed responsive to the reset; and
- a descrambler configured to decrypt the encrypted data stream using the deciphered seed responsive to the deciphered seed being valid.
55. The system, as recited in claim 54, wherein the processor is configured to validate the deciphered seed by comparing an index number associated with the deciphered seed with a stored index number.
56. The system, as recited in claim 55, wherein the processor is configured to validate the deciphered seed by comparing the index number associated with the deciphered seed with the stored index number according to a defined tolerance.
57. The system, as recited in claim 54, wherein the processor detects a reset responsive to not receiving an encrypted data stream.
58. The system, as recited in claim 54, wherein the processor detects a reset responsive to a change in an odd/even flavor associated with the encrypted data stream.
59. The system, as recited in claim 54, wherein the descrambler is further configured to block an encrypted data stream responsive to the deciphered seed being invalid.
60. A computer-implemented method, comprising:
- detecting, by a content receiver, a loss of an encrypted data stream;
- determining, by the content receiver, an index number and odd/even flavor associated with a restored encrypted data stream;
- determining, by the content receiver, whether the index number corresponds to a stored index number; and
- decrypting, by the content receiver, the restored encrypted data stream using an encryption seed corresponding to the stored index number if the index number corresponds to the stored index number.
61. The computer-implemented method as recited in claim 60, wherein an index number (i) corresponds to a stored index number (i0) when the index number (i) is equal to i0 or i0−1.
62. The computer-implemented method as recited in claim 60, further comprising resetting, by the content receiver, a descrambler configured to descramble the encrypted data stream.
63. The computer-implemented method as recited in claim 60, further comprising blocking, by the content receiver, one or more encrypted data packets associated with the restored encrypted data stream.
64. The computer-implemented method as recited in claim 60, further comprising deciphering, by the content receiver, at least one authorization stream to acquire an encryption seed.
65. The computer-implemented method as recited in claim 60, further comprising waiting, by the content receiver, to receive an addressed ciphered seed responsive to the index number not corresponding to the stored index number.
4518989 | May 21, 1985 | Yabiki et al. |
4538176 | August 27, 1985 | Nakajima et al. |
4578531 | March 25, 1986 | Everhart et al. |
4719364 | January 12, 1988 | Pequet et al. |
4723283 | February 2, 1988 | Nagasawa et al. |
4761785 | August 2, 1988 | Clark et al. |
4864615 | September 5, 1989 | Bennett et al. |
4887296 | December 12, 1989 | Horne |
4903031 | February 20, 1990 | Yamada |
4930062 | May 29, 1990 | Yamada |
4985895 | January 15, 1991 | Pelkey |
5019910 | May 28, 1991 | Filmer |
5029232 | July 2, 1991 | Nall |
5036537 | July 30, 1991 | Jeffers et al. |
5046092 | September 3, 1991 | Walker et al. |
5054064 | October 1, 1991 | Walker et al. |
5235643 | August 10, 1993 | Anderson et al. |
5367571 | November 22, 1994 | Bowen et al. |
5381481 | January 10, 1995 | Gammie et al. |
5404505 | April 4, 1995 | Levinson |
5410326 | April 25, 1995 | Goldstein |
5421017 | May 30, 1995 | Scholz et al. |
5440632 | August 8, 1995 | Bacon et al. |
5485577 | January 16, 1996 | Eyer et al. |
5550576 | August 27, 1996 | Klosterman |
5594490 | January 14, 1997 | Dawson et al. |
5644354 | July 1, 1997 | Thompson et al. |
5651115 | July 22, 1997 | Hasebe et al. |
5657414 | August 12, 1997 | Lett et al. |
5684525 | November 4, 1997 | Klosterman |
5694334 | December 2, 1997 | Donahue et al. |
5712969 | January 27, 1998 | Zimmermann et al. |
5717887 | February 10, 1998 | Leslie |
5751950 | May 12, 1998 | Crisan |
5754938 | May 19, 1998 | Herz et al. |
5761406 | June 2, 1998 | Kobayashi et al. |
5764773 | June 9, 1998 | Nishiura |
5799083 | August 25, 1998 | Brothers et al. |
5805705 | September 8, 1998 | Gray |
5815409 | September 29, 1998 | Lee |
5815662 | September 29, 1998 | Ong |
5828402 | October 27, 1998 | Collings |
5828945 | October 27, 1998 | Klosterman |
5864621 | January 26, 1999 | Katznelson |
5872846 | February 16, 1999 | Ichikawa |
5886733 | March 23, 1999 | Zdepski et al. |
5892767 | April 6, 1999 | Bell et al. |
5898695 | April 27, 1999 | Fujii |
5903766 | May 11, 1999 | Walker et al. |
5917915 | June 29, 1999 | Hirose |
5918059 | June 29, 1999 | Tavallaei |
5920626 | July 6, 1999 | Durden et al. |
5923362 | July 13, 1999 | Klosterman |
5930515 | July 27, 1999 | Ducharme et al. |
5936660 | August 10, 1999 | Gurantz |
5973723 | October 26, 1999 | DeLuca |
5987518 | November 16, 1999 | Gotwald |
5987519 | November 16, 1999 | Peifer et al. |
5991800 | November 23, 1999 | Burke et al. |
5999654 | December 7, 1999 | Toujima et al. |
6023723 | February 8, 2000 | McCormick et al. |
6025869 | February 15, 2000 | Stas et al. |
6026439 | February 15, 2000 | Chowdhury et al. |
6040781 | March 21, 2000 | Murray |
6040850 | March 21, 2000 | Un et al. |
6044205 | March 28, 2000 | Reed et al. |
6054920 | April 25, 2000 | Smith et al. |
6067300 | May 23, 2000 | Baumert et al. |
6072983 | June 6, 2000 | Klosterman |
6094671 | July 25, 2000 | Chase et al. |
6097662 | August 1, 2000 | Itou |
6101180 | August 8, 2000 | Donahue et al. |
6113652 | September 5, 2000 | Lysik et al. |
6115824 | September 5, 2000 | Ha |
6134589 | October 17, 2000 | Hultgren |
6154745 | November 28, 2000 | Kari et al. |
6157722 | December 5, 2000 | Lerner et al. |
6163809 | December 19, 2000 | Buckley |
6169802 | January 2, 2001 | Lerner |
6173330 | January 9, 2001 | Guo et al. |
6182187 | January 30, 2001 | Cox et al. |
6219422 | April 17, 2001 | Sato |
6222923 | April 24, 2001 | Schwenk |
6230163 | May 8, 2001 | Thijssen |
6240188 | May 29, 2001 | Dondeti et al. |
6246752 | June 12, 2001 | Bscheider et al. |
6250930 | June 26, 2001 | Mintz |
6252652 | June 26, 2001 | Kung et al. |
6253027 | June 26, 2001 | Weber et al. |
6262982 | July 17, 2001 | Donahue et al. |
6266339 | July 24, 2001 | Donahue et al. |
6266810 | July 24, 2001 | Tanaka et al. |
6272549 | August 7, 2001 | Daniel |
6292586 | September 18, 2001 | Kawakami et al. |
6317162 | November 13, 2001 | Matsumoto |
6331876 | December 18, 2001 | Koster et al. |
6332198 | December 18, 2001 | Simons et al. |
6343379 | January 29, 2002 | Ozawa et al. |
6351524 | February 26, 2002 | Schuster et al. |
6359636 | March 19, 2002 | Schindler et al. |
6373948 | April 16, 2002 | Wool |
6377981 | April 23, 2002 | Ollikainen et al. |
6378129 | April 23, 2002 | Zetts |
6385647 | May 7, 2002 | Willis et al. |
6393585 | May 21, 2002 | Houha et al. |
6400265 | June 4, 2002 | Saylor et al. |
6401242 | June 4, 2002 | Eyer et al. |
6411616 | June 25, 2002 | Donahue et al. |
6415329 | July 2, 2002 | Gelman et al. |
6421674 | July 16, 2002 | Yoakum et al. |
6424714 | July 23, 2002 | Wasilewski et al. |
6424717 | July 23, 2002 | Pinder et al. |
6425127 | July 23, 2002 | Bates et al. |
6430223 | August 6, 2002 | Lim |
6449634 | September 10, 2002 | Capiel |
6463059 | October 8, 2002 | Movshovich et al. |
6466765 | October 15, 2002 | Tanaka et al. |
6467093 | October 15, 2002 | Inoue et al. |
6470496 | October 22, 2002 | Kato et al. |
6477647 | November 5, 2002 | Venkatraman et al. |
6487589 | November 26, 2002 | Yoshino et al. |
6487721 | November 26, 2002 | Safadi |
6487723 | November 26, 2002 | MacInnis |
6490353 | December 3, 2002 | Tan |
6493871 | December 10, 2002 | McGuire et al. |
6493876 | December 10, 2002 | DeFreese et al. |
6510454 | January 21, 2003 | Walukiewicz |
6515376 | February 4, 2003 | Mederer |
6516412 | February 4, 2003 | Wasilewski |
6516467 | February 4, 2003 | Schindler et al. |
6557052 | April 29, 2003 | Kubo |
6574733 | June 3, 2003 | Langford |
6577806 | June 10, 2003 | Hirota |
6615404 | September 2, 2003 | Garfunkel et al. |
6714973 | March 30, 2004 | Heiske et al. |
6731323 | May 4, 2004 | Doss et al. |
6738808 | May 18, 2004 | Enzmann et al. |
6792269 | September 14, 2004 | Boehmke |
6859787 | February 22, 2005 | Fisher et al. |
7007050 | February 28, 2006 | Saarinen |
7089561 | August 8, 2006 | Morrison et al. |
20010003846 | June 14, 2001 | Rowe et al. |
20010005902 | June 28, 2001 | Bacon et al. |
20010021997 | September 13, 2001 | Lee |
20010043573 | November 22, 2001 | Kelly |
20010044934 | November 22, 2001 | Hirai et al. |
20020000831 | January 3, 2002 | Smith |
20020007418 | January 17, 2002 | Hegde et al. |
20020007485 | January 17, 2002 | Rodriguez et al. |
20020007494 | January 17, 2002 | Hodge |
20020010936 | January 24, 2002 | Adam |
20020010938 | January 24, 2002 | Zhang et al. |
20020023143 | February 21, 2002 | Stephenson et al. |
20020023165 | February 21, 2002 | Lahr |
20020026645 | February 28, 2002 | Son et al. |
20020034179 | March 21, 2002 | Ollikainen et al. |
20020035730 | March 21, 2002 | Ollikainen et al. |
20020040475 | April 4, 2002 | Yap et al. |
20020041337 | April 11, 2002 | Candelore |
20020044094 | April 18, 2002 | May |
20020046407 | April 18, 2002 | Franco et al. |
20020047899 | April 25, 2002 | Son et al. |
20020053073 | May 2, 2002 | Shimamoto |
20020056122 | May 9, 2002 | Yokoyama |
20020059256 | May 16, 2002 | Halim et al. |
20020065891 | May 30, 2002 | Malik et al. |
20020069295 | June 6, 2002 | Edwards et al. |
20020071434 | June 13, 2002 | Furukawa |
20020083441 | June 27, 2002 | Flickinger et al. |
20020095600 | July 18, 2002 | Deen et al. |
20020095676 | July 18, 2002 | Knee et al. |
20020095689 | July 18, 2002 | Novak |
20020104097 | August 1, 2002 | Jerding et al. |
20020105976 | August 8, 2002 | Kelly et al. |
20020108124 | August 8, 2002 | Sato |
20020108126 | August 8, 2002 | Horowitz et al. |
20020108128 | August 8, 2002 | Lash et al. |
20020112076 | August 15, 2002 | Rueda et al. |
20020120885 | August 29, 2002 | Choi et al. |
20020124243 | September 5, 2002 | Broeksteeg et al. |
20020124249 | September 5, 2002 | Shintani et al. |
20020129364 | September 12, 2002 | Smith et al. |
20020131428 | September 19, 2002 | Pecus et al. |
20020136218 | September 26, 2002 | Cardoso |
20020138641 | September 26, 2002 | Taylor et al. |
20020138852 | September 26, 2002 | Reynolds et al. |
20020144291 | October 3, 2002 | Smiley et al. |
20020146125 | October 10, 2002 | Eskicioglu et al. |
20020150102 | October 17, 2002 | Janko et al. |
20020152467 | October 17, 2002 | Fiallos |
20020161997 | October 31, 2002 | Yamasaki et al. |
20020163935 | November 7, 2002 | Paatela et al. |
20020178360 | November 28, 2002 | Wenocur et al. |
20020184339 | December 5, 2002 | Mackintosh et al. |
20020184529 | December 5, 2002 | Foster et al. |
20020184642 | December 5, 2002 | Lude et al. |
20020184651 | December 5, 2002 | Matsushita |
20020191640 | December 19, 2002 | Haymes et al. |
20020194260 | December 19, 2002 | Headley et al. |
20020194595 | December 19, 2002 | Miller et al. |
20020199001 | December 26, 2002 | Wenocur et al. |
20020199096 | December 26, 2002 | Wenocur et al. |
20030003904 | January 2, 2003 | Matsumoto |
20030005037 | January 2, 2003 | Aija et al. |
20030005439 | January 2, 2003 | Rovira |
20030005444 | January 2, 2003 | Crinon et al. |
20030009694 | January 9, 2003 | Wenocur et al. |
20030009769 | January 9, 2003 | Hensgen et al. |
20030012190 | January 16, 2003 | Kaku et al. |
20030014767 | January 16, 2003 | Stumphauzer |
20030016664 | January 23, 2003 | MeLampy et al. |
20030018912 | January 23, 2003 | Boyle et al. |
20030046708 | March 6, 2003 | Jutzi |
20060059024 | March 16, 2006 | Bailey et al. |
20030093327 | May 15, 2003 | Roberts et al. |
20030106064 | June 5, 2003 | Plourde |
20030110511 | June 12, 2003 | Schutte et al. |
20030135605 | July 17, 2003 | Penkadur |
20030140107 | July 24, 2003 | Rezvani et al. |
20030154475 | August 14, 2003 | Rodriguez et al. |
20030154492 | August 14, 2003 | Falvo et al. |
20030163821 | August 28, 2003 | Knutson et al. |
20030111911 | June 19, 2003 | Hsu |
20040122489 | June 24, 2004 | Mazar et al. |
0993183 | April 2000 | EP |
2001-136085 | May 2001 | JP |
WO-9854642 | December 1998 | WO |
- Unknown, “Wegner Compel Control; The Advanced network control system user manual”, Wegener communications, (May 2001).
- Unknown, “Network cpontrol brochure”, Wegenar communications compel, (Feb. 28, 2002).
- Notification of Transmittalof the International Search Report and the Written Opinion of the international Searching Authority, Or the Declaration, (Jun. 23, 2006).
- “Optibase MGW 3100 Brochure (2001)”, (2001).
- “Bridging DVB And IP Networks With Optibase's MGW 3100”, Available from http://www.optibase.com.cn/html/solutions/white_papers/Bridging_DVB_and_IP.html on Jul. 11, 2002, (Jul. 11, 2002), 7 pages.
- “MPEG-2 Transport Stream Description”, Rev. 2.29.00, Compiled by Ron Wallace, (Feb. 29, 2000), 35 pages.
Type: Grant
Filed: Apr 16, 2009
Date of Patent: Nov 9, 2010
Inventors: Steve Olivier (Sugar Hill, GA), Gary L. Pelkey (Woodstock, GA), David M. Placek (Duluth, GA), Kevin Kennedy (Suwanee, GA)
Primary Examiner: Hosuk Song
Application Number: 12/425,314
International Classification: H04L 9/00 (20060101);