Encryption key distribution method in mobile broadcasting system and system for the same
US-9191204-B2 · Nov 17, 2015 · US
Method for controlling access to a plurality of channels by a receiver/decoder
US9609280B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9609280-B2 |
| Application number | US-201113042011-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 7, 2011 |
| Priority date | Mar 5, 2010 |
| Publication date | Mar 28, 2017 |
| Grant date | Mar 28, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for controlling access to a plurality of channels by a unit comprising a security module, each channel being encrypted by a specific control word and having a channel identifier, this method comprising the steps of: tuning to a first channel having first channel identifier and receiving first messages containing a first control word; decrypting the first messages and using the first control word; storing the first control word and the first channel identifier; tuning to a second channel having second channel identifier; calculating the second control word by: calculating a root control word with an inverse cryptographic function F −1 using the first control word and the first channel identifier; calculating the second control word with the cryptographic function F using the root control word and the second channel identifier; and using the second control word to access the second channel.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for controlling access to a plurality of channels by a receiver/decoder comprising a security module, each channel being encrypted by a specific channel control word, each channel having a channel identifier and transporting entitlement messages containing at least the current channel control word and the channel access conditions, this method comprising the steps of: tuning to a first channel having a first channel identifier by the receiver/decoder; transmitting the first channel identifier to the security module by the receiver/decoder; receiving first entitlement messages containing at least a first control word by the receiver/decoder; transmitting the first entitlement messages to the security module by the receiver/decoder; decrypting the first entitlement messages and verifying the channel access conditions by the security module; if the access conditions are met, returning the first control word to the receiver/decoder by the security module; storing of the first control word and the first channel identifier by the security module; tuning to a second channel having a second channel identifier and encrypted by a second control word by the receiver/decoder, the first control word being the result of a cryptographic function using the first channel identifier and a root control word, the second control word being the result of the cryptographic function using the second channel identifier and the root control word; transmitting the second channel identifier to the security module by the receiver/decoder; calculating, by the security module, the second control word by the following steps: calculating the root control word with an inverse cryptographic function using the first control word and the first channel identifier; calculating the second control word with the cryptographic function using the root control word and the second channel identifier; and returning the second control word to the receiver/decoder, wherein the root control word is not received by the receiver/decoder. 2. The method of claim 1 , wherein the security module comprises a list, each entry of the list comprising at least a channel identifier and a control value, the method further comprising the steps of: before returning the second control word, verifying that the control value corresponding to the second channel identifier authorizes the access to the second channel; and returning the second control word only if the access is authorized. 3. The method of claim 2 , wherein the control value is a counter, the verification of the control value comprising the verification that the counter is positive and said counter being decremented while the second control word is returned to the receiver/decoder. 4. The method of claim 3 , further comprising the steps of: receiving a second entitlement message containing at least the second control word by the receiver/decoder; transmitting the second entitlement messages to the security module by the receiver/decoder; decrypting the second entitlement messages and verifying the channel access conditions by the security module; if the access conditions are met, returning the second control word to the receiver/decoder by the security module; and setting the counter of the second channel to a positive value by the security module. 5. The method of the claim 1 , further comprising the steps of: diversifying the first channel identifier with a diversification value before applying the inverse cryptographic function; and diversifying the second channel identifier with the diversification value before applying the cryptographic function. 6. The method of claim 5 , characterized in that the diversification value is extracted from the first entitlement message. 7. A method for controlling access to a plurality of channels by a receiver/decoder comprising a security module, each channel being encrypted by a specific channel control word, each channel having a channel identifier and transporting entitlement messages containing at least the current channel control word and the channel access conditions, this method comprising the steps of: tuning to a first channel having a first channel identifier by the receiver/decoder; transmitting the first channel identifier to the security module by the receiver/decoder; receiving first entitlement messages containing at least a first control word by the receiver/decoder; transmitting the first entitlement messages to the security module by the receiver/decoder; decrypting the first entitlement messages and verifying the channel access conditions by the security module; if the access conditions are met, returning the first control word to the receiver/decoder by the security module; calculating a root control word with an inverse cryptographic function using the first control word and the first channel identifier by the security module; storing the root control word by the security module; tuning to a second channel having a second channel identifier and encrypted by a second control word by the receiver/decoder, the first control word being the result of a cryptographic function using the first channel identifier and the root control word, the second control word being the result of the cryptographic function using the second channel identifier and the root control word; transmitting the second channel identifier to the security module by the receiver/decoder; calculating, by the security module, the second control word with the cryptographic function using the root control word and the second channel identifier; and returning the second control word to the receiver/decoder by the security module, wherein the root control word is not received by the receiver/decoder. 8. The method of claim 7 , wherein the security module comprises a list, each entry of the list comprising at least a channel identifier and a control value, the method further comprising the steps of: before returning the second control word, verifying that the control value corresponding to the second channel identifier authorizes the access to the second channel; and returning the second control word only if the access is authorized. 9. The method of claim 8 , wherein the control value is a counter, the verification of the control value comprising the verification that the counter is positive and said counter being decremented while the second control word is returned to the receiver/decoder. 10. A method for controlling access to a plurality of channels by a security module, the method comprising the steps of: receiving a channel identifier for a first channel and a control word for a first channel from a receiver/decoder; decrypting the encrypted control word for the first channel; transmitting the control word for the first channel to the receiver/decoder; calculating a root control word using an inverse cryptographic function, the decrypted control word from the first channel and the identifier for the first control channel; receiving a second channel identifier from the receiver/decoder; calculating a second control word using the second channel identifier, a cryptographic function inversely related to the inverse cryptographic function, and the root control word; transmitting the second control word to the receiver/decoder, wherein the root control word is not received by the receiver/decoder. 11. The method of claim 10 , wherein the security module comprises a list, each entry of the list comprising at least a channel identifier and a control value, the method further comprising the steps of: before returning the second control word, verifying that the control value correspon
Assignees
Inventors
Classifications
Digital content management, e.g. content distribution · CPC title
by receiver means only · CPC title
Rights management {associated to the content (security in data switching network management H04L41/28; security management or policies for network security H04L63/20; access security in wireless networks H04W12/08)} · CPC title
Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message] {(arrangements for conditional access to broadcast information or to broadcast-related services H04H60/14)} · CPC title
for conditional access · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9609280B2 cover?
- A method for controlling access to a plurality of channels by a unit comprising a security module, each channel being encrypted by a specific control word and having a channel identifier, this method comprising the steps of: tuning to a first channel having first channel identifier and receiving first messages containing a first control word; decrypting the first messages and using the first co…
- Who is the assignee on this patent?
- Kudelski Andre, Nagravision Sa
- What technology area does this patent fall under?
- Primary CPC classification H04N7/1675. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 28 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).