Technique for securely communicating and storing programming material in a trusted domain

Description

FIELD OF THE INVENTION

The invention relates to a communications technique, and more particularly to a technique for securely communicating and storing programming material in a communications system, e.g., a cable TV system.

BACKGROUND OF THE INVENTION

A set-top terminal (STT) serves as a gateway between a user's television and a cable TV network delivering programming content. Such programming content may be delivered as a broadcast. It may also be delivered on an on-demand basis, for which services such as video on demand (VOD), subscription VOD, movies on demand, etc., are offered. In addition, a “network personal video recorder (NPVR)” service has been developed, allowing the user to perform trick mode functions (rewind, fast-forward, pause, etc.) on a presentation of programming content through use of a network. In fact, a network architecture and functionalities for implementing the NPVR service are described, e.g., in copending commonly assigned application Ser. No. 10/302,550, filed on Nov. 22, 2002, hereby incorporated by reference. The NPVR service also allows a user to “reserve” past and future programs for his/her review, even if such reserved programs were not identified by the user before their broadcast.

An STT receives, through the cable TV network, programming content which may be encrypted, e.g., in accordance with the data encryption standard (DES) technique, to secure its delivery. DES is a well known symmetrical cipher which utilizes a single key for both encryption and decryption of messages. Because the DES algorithm is publicly known, learning the DES key would allow an encrypted message to be read by anyone. As such, both the message sender and receiver must keep the DES key a secret from others. A DES key typically is a sequence of eight bytes, each containing eight bits. To enhance the DES integrity, the DES algorithm may be applied successive times. With this approach, the DES algorithm enciphers and deciphers data, e.g., three times in sequence, using different keys, resulting in a so-called triple DES (3DES) technique.

In contrast to the DES technique, a public key encryption technique, e.g., an RSA technique (named for its developers, Rivest, Shamir, and Adleman), uses two different keys. A first key, referred to as a private key, is kept secret by a user. The other key, referred to as a public key, is available to anyone wishing to communicate with the user in a confidential manner. The two keys uniquely match each other, collectively referred to as a “public key-private key pair.” However, the private key cannot be easily derived from the public key. A party wishing to send a message to the user may utilize the public key to encrypt a message before transmitting it. The user then utilizes the private key to decrypt the message. Conversely, the private key may be used to encrypt a message, in which case the message can subsequently be decrypted with the public key. For example, the keys for the RSA algorithm are mathematically generated, in part, by combining prime numbers. The security of the RSA algorithm, and the like, depends on the use of very large numbers for its keys, which typically are 512 bits long.

In prior art, programming content may be encrypted using a DES key, in accordance with a DES algorithm, to secure its delivery from a headend of a cable TV system to an STT. In order for the STT to decrypt the encrypted programming content, the DES key is transmitted from the headend to the STT in an entitlement control message (ECM), which is encrypted using a 3DES key in accordance with a 3DES algorithm. The 3DES key (also known as a “multi-session key (MSK)”) is sent to the STT in a separate entitlement management message (EMM), which is encrypted using an STT public key in accordance with a public key algorithm, whose private key counterpart is securely maintained in the STT. Thus, after receiving the encrypted EMM and ECM, the STT decrypts the encrypted EMM using the STT private key to obtain the 3DES key therein. Using such a 3DES key, the STT decrypts the encrypted ECM to obtain the DES key therein. Using such a DES key, the STT can decrypt the encrypted programming content it received.

Recently, some STTs for cable TV were improved to incorporate digital video recorder (DVR) functions (“DVR STTs”). Like a DVR, e.g., a TiVo or ReplayTV device, a DVR STT typically includes a hard drive, e.g., a disk, for digitally recording TV programs. Also like a DVR, a DVR STT allows a cable TV subscriber to record his/her favorite TV programs for later review, and exercise a season-pass-like option to record every episode of his/her favorite program for a period. It may automatically record programs for the user based on his/her viewing habit and preferences. The presentation of the recorded programming content can be manipulated by exercising rewind, pause and fast-forward functions.

However, cable operators have observed that providing to subscribers unrestricted content might result in an unacceptable amount of unauthorized copying. Accordingly, there is a continuing need for a strategy that allows content to be stored by a subscriber, but at the same time prevents (or controls) copying and distributing the content to unauthorized parties. A number of techniques have been developed to address this need. One such technique involves use of an indicator, e.g., an encryption mode indicator (EMI), which may be inserted into a data stream used to transmit content from a source device to a destination device. The EMI provides to the destination device information concerning the status of the content; the status may indicate that the content can be freely copied, copied once, never copied, etc. The destination device reads the EMI and determines whether or not the content may be copied. If copying is permitted, the destination device may then copy the content. For details on such a content protection technique, one may refer to: “SC Digital Transmission Content Protection White Paper,” Hitachi, Ltd et al., Revision 1.0, Jul. 14, 1998.

Another technique requires a device intending to transmit protected content to determine whether or not the receiving device is authorized to receive such content. This may be achieved, e.g., by requiring the receiving device to demonstrate knowledge of a set of secret device keys. Only after the receiving device has established its legitimacy does the transmitting device deliver the content. An example of one such content protection system is described in “High-Bandwidth Digital Content Protection System,” Digital Content Protection LLC, Revision 1.1, Jun. 9, 2003.

Similarly, there is a need for a strategy that enables a subscriber to perform authorized copying of protected content, e.g., copying content from a set-top terminal to a second device in the subscriber's home, while at the same time preventing unauthorized copying. This need is of growing importance given the increasing popularity of home networking. In recent years, numerous systems for providing interconnectivity among devices in a home have been developed, allowing home networks to include not only cable set-top terminals but also personal computers, cellphones, PDA devices, etc. An example of a system for interconnecting various devices in a home is described in International Patent Application Publication No. WO 02/121841, published on Mar. 14, 2003.

SUMMARY OF THE INVENTION

The invention overcomes the prior art limitations by defining a “trusted domain” within which programming content is protected from unauthorized access and copying. For example, in a cable TV system, the trusted domain includes not only the system portion where programming content traditionally is secured by, and within total control of, a cable operator, including, e.g., the headend, delivery network, etc., but also user devices at subscribers' premises which are capable of receiving and securely storing programming content. Using the inventive trusted domain approach, the cable operator can guarantee certain subscriber access and usage with respect to content held within the domain. For example, a motion picture held within a cable operator's trusted domain (e.g., on a hard drive of a user device) cannot be distributed over the Internet in viewable form and cannot become a source for duplication of multiple viewable copies.

To realize a trusted domain, two cryptographic elements (e.g., encryption keys), associated with a subscriber and his/her user device(s), respectively, are utilized to control access to content stored in the user device(s) within the domain. For example, the stored content in the user device may be encrypted using a secret key in accordance with a DES technique. Thus, when the encrypted content is transported from the user device to a new device associated with the same subscriber within the domain, the new device needs a first cryptographic element (e.g., the secret key) to decrypt the encrypted content for viewing. To that end, the new device also receives from the source device a first encrypted version of the first cryptographic element. The latter is generated by encrypting the first cryptographic element using a second cryptographic element (e.g., a public key in accordance with a public key algorithm) associated with the subscriber. The new device provides the first encrypted version of the first cryptographic element to a remote apparatus, e.g., in a headend, where the first cryptographic element is recovered based on at least the first encrypted version of the first cryptographic element and data representative of the subscriber. The new device then receives from the apparatus a second encrypted version of the first cryptographic element. The latter is generated by encrypting the recovered first cryptographic element using a third cryptographic element (e.g., a public key in accordance with a public key algorithm) associated with the new device. Based on at least the second encrypted version of the first cryptographic element, the first cryptographic element can be recovered in the new device to decrypt the encrypted content transported thereto.

In one aspect of the present disclosure, a computerized method is disclosed. In one embodiment, the computerized method is for providing access to encrypted content at a computerized user device of a content delivery network, and the computerized method includes: receiving a first encrypted cryptographic element; identifying a user associated with the computerized user device; decrypting the first encrypted cryptographic element; encrypting the decrypted first cryptographic element; providing the new encrypted cryptographic element to the computerized user device; and enabling the computerized user device to (i) decrypt the new encrypted cryptographic element based on a second cryptographic element associated with the computerized device, and (ii) access the encrypted content using the decrypted new cryptographic element.

In another aspect of the present disclosure, an apparatus of a content delivery network is disclosed. In one embodiment, the apparatus includes: a computerized server apparatus configured to receive an encrypted content key issued from a first computerized user device of the plurality of computerized user devices; decrypt the encrypted content key; produce a second encrypted content key; cause the first computerized user device to decrypt the second encrypted content key; cause the first computerized user device to utilize the decrypted second content key.

In another aspect of the present disclosure, a user device is disclosed. In one embodiment, the user device is configured to receive and access encrypted content within a content network, and the user device includes: a first interface configured for data communication with another user device; a second interface configured for data communication with a server apparatus; and a processor apparatus configured to execute at least one computer program, the execution of the at least one computer program configured to cause the user device to: transmit a first encrypted cryptographic element to the server apparatus; receive a second encrypted cryptographic element from the server apparatus; decrypt the second encrypted cryptographic element; and access the encrypted content using at least the decrypted second cryptographic element.

BRIEF DESCRIPTION OF THE DRAWINGS

Further objects, features and advantages of the invention will become apparent from the following detailed description taken in conjunction with the accompanying drawing showing illustrative embodiments of the invention, in which:

FIG. 1 illustrates components of a broadband communications system, in accordance with an embodiment of the invention;

FIG. 2 illustrates a subscriber registry maintained in a headend of the system of FIG. 1;

FIG. 3 illustrates a device key table maintained in a headend of the system of FIG. 1;

FIG. 4 illustrates a subscriber key table maintained in a headend of the system of FIG. 1;

FIG. 5 illustrates components of a first secure digital video recorder (SDVR) STT, in accordance with an embodiment of the invention;

FIG. 6 illustrates storage in the first SDVR STT;

FIG. 7 is a flowchart depicting a routine for encrypting and storing a content file, in accordance with an embodiment of the invention;

FIG. 8 is a flowchart depicting a routine for generating an encrypted content key associated with a subscriber, in accordance with an embodiment of the invention;

FIG. 9 illustrates components of a second SDVR STT, in accordance with an embodiment of the invention;

FIG. 10 is a flowchart depicting a routine for generating an encrypted content key associated with the second SDVR STT, in accordance with an embodiment of the invention; and

FIG. 11 is a flowchart depicting a routine for transferring a content file from a first device to a second device, e.g., via a home network, in accordance with an embodiment of the invention.

DETAILED DESCRIPTION

The invention is directed to a technique for securing programming content within a protected area from unauthorized access and copying. Such a protected area hereinafter is referred to as a “trusted domain.” In a cable TV system, the trusted domain includes not only the system portion where programming content traditionally is secured by, and within total control of, a cable operator, including, e.g., the headend, delivery network, etc., but also user devices at subscribers' premises which are capable of receiving and storing programming content, e.g., a DVR STT, and which implement a conditional access mechanism in accordance with the invention. For the sake of convenience, a DVR STT which implements the inventive conditional access mechanism hereinafter is referred to as a “secure DVR STT (SDVR STT).” The trusted domain may further encompass other devices at a subscriber's premises, e.g., a series of devices connected (wired or wireless) to an SDVR STT, which hold or exchange data encrypted through, and managed under, the inventive conditional access mechanism. The trusted domain is intact with respect to the stored content so long as the content remains so encrypted and continues to be managed under the inventive mechanism, regardless of which device holds the content. Once the content is decrypted by the conditional access mechanism, for example, when data is sent from the SDVR STT to a television monitor for display, the decrypted content is no longer within the trusted domain, and may no longer be secure.

Using the inventive trusted domain approach, the cable operator can guarantee certain subscriber access and usage with respect to content held within the domain. For example, a motion picture held within a cable operator's trusted domain (e.g., on a hard drive of an SDVR STT) cannot be distributed over the Internet in viewable form and cannot become a source for duplication of multiple viewable copies. On the other hand, a motion picture held outside the trusted domain (e.g., in unencrypted form on a third party's DVR hard drive) can be distributed over the Internet or copied onto removable media in viewable form.

FIG. 1 illustrates components of a broadband communications system, e.g., a cable TV system, embodying the principles of the invention. Headend 120 receives programming content attributed to various program channels, and provides cable television services to STTs including, e.g., SDVR STTs 158-1 through 158-M, where M represents an integer. It should be noted that the same cable television services are also provided to prior art STTs with no programming content storage capability which, however, are not of interest here. It should also be noted that the terms “transmission channel” and “program channel” should not be confused. A “transmission channel” signifies a designated frequency band through which a transport stream containing programming content and/or data is transmitted. A “program channel” signifies the source of programming content or the service selected by a user to view. For example, a user may select program channel 2 to view programming content provided by CBS, program channel 14 to view programming content provided by ESPN, etc.

In a conventional manner, headend 120 delivers programming content downstream to SDVR STTs 158-1 through 158-M in a service area or neighborhood, where M represents an integer. As shown in FIG. 1, SDVR STTs 158 are connected to network 150 through a service area node 161. In this instance, network 150 is a multi-channel delivery network comprises a well-known hybrid fiber coaxial (HFC) cable network.

Programming content is delivered downstream from headend 120 to SDVR STTs 158 through “in-band” transmission channels. In one embodiment, these transmission channels may be 6 MHz bands populating a forward passband, e.g., 350-750 MHz band, of a coaxial cable. QAM modulator bank 137 in hub 130 modulates the transport streams containing the programming content onto selected in-band channels, in accordance with a QAM scheme.

In addition, downstream data, e.g., control messages, emergency information, etc., may be communicated from headend 120 to SDVR STTs 158 via one or more forward data channels (FDCs), sometimes referred to as “out-of-band” channels. The FDCs may occupy the 70-130 MHz band of a coaxial cable. QPSK modem pool 138 in hub 130 modulates downstream data onto selected FDCs, in accordance with a QPSK scheme.

Upstream data, e.g., application data, file requests, etc., may be transmitted from SDVR STTs 158 to headend 120 via one or more reverse data channels (RDCs), which occupy a reverse passband, e.g., 5-40 MHz band, of a coaxial cable. The data traversing the RDCs is modulated in accordance with a QPSK scheme. QPSK modem pool 138 in hub 130 receives the QPSK signals containing the data from the RDCs and performs any necessary demodulation before transmitting the underlying data to headend 120. Using a contention-based access mechanism established by the Digital Audio Visual Council (DA VIC), a standard setting organization, each STT can share an RDC with other STTs in the network. This mechanism enables an STT, e.g., SDVR STT 158-1, to transmit upstream messages without a dedicated connection to a QPSK demodulator. The mechanism also provides equal access to the STTs that share the RDC, and enables detection and recovery from reverse path collisions that occur when two or more of the STTs transmit an upstream message simultaneously. As also specified by DAVIC, for communications purposes, each STT and network controller 209 are identified by the Internet protocol (IP) addresses assigned thereto. However, these IP addresses may be randomly assigned each time the broadband communication system is reconfigured. As a result, the IP address of an STT or that of network controller 209 may change after a system reconfiguration. Nevertheless, each STT and network controller 209 are also assigned a media access control (MAC) address on a permanent basis, surviving any system reconfiguration.

Headend 120 includes, among others, program material processing unit 231, application server 220, network controller 209, and switching unit 230. In a well-known manner, program material processing unit 231 receives programming content from various sources attributed to different program channels, and generates transport streams containing the programming content, e.g., in accordance with a well known MPEG-2 scheme. Under control of network controller 209, the transport streams are switched by switching unit 230 to appropriate modulators in QAM modulator bank 137 in hub 130, where the transport streams are modulated onto the corresponding in-band transmission channels for delivery to STTs over network 150.

Application server 220 may include one or more server systems that provide software applications and services for STT users. For example, application server 220 may contain one or more software applications for providing database services, network management services, interactive program guide services, billing services, etc. Server 220 may maintain in memory 220 a subscriber registry, denoted 360 in FIG. 2. Registry 360 is illustrated in the form of a table, where column 363 includes, for each STT in the system, an identifier identifying the STT (STID). In this example, each STT is identified by its MAC address. For example, SDVR STT 158-1 may be identified by a MAC address denoted MAC-I. Column 364 includes a subscriber ID (e.g., subscriber's name, ID number, etc.) identifying a subscriber to the cable television services who is associated with each respective STT. For example, referring to row 368-1, STT 158-1 is associated with the subscriber identified by S-I. In this example, subscriber S-1 may be, for example, an individual who purchased or leased SDVR STT 158-1 and registered with the operator as the user thereof. It should be noted that a given subscriber may be associated with more than one STT. Referring to row 368-2, for example, SDVR STT 158-2 is also associated with subscriber S-I. In this example, subscriber S-1 may have purchased or leased STT 158-2 for use as a second STT in his or her home.

In this instance, application server 220 also includes access control manager 225 for realizing the aforementioned access control mechanism in accordance with the invention. To that end, manager 225 maintains access control related data pertaining to SDVR STTs and/or subscribers. For example, manager 225 may maintain in memory 222 a library of device public keys associated with the SDVR STTs in the cable TV system. When an SDVR STT is provided to a subscriber, a “public key-private key pair” has been assigned to the SDVR STT in anticipation of data encryption in accordance with a public key algorithm. The “device private key” of the SDVR STT is stored in a secure memory therein while the “device public key” may be transmitted to manager 225 through an RDC during an initialization process of the SDVR STT. Alternatively, during registration of the SDVR STT, the subscriber may provide the cable operator with the serial number of the SDVR STT, if the cable operator has not already had it, for the cable operator to look up the public key associated with the SDVR STT. The library of device public keys is illustrated in the form of a table, denoted 273 in FIG. 3. Device key table 273 comprises column 276 which includes an STID of each SDVR STT in the system, which is its MAC address in this instance. For example, SDVR STT 158-1 is identified by address MAC1 as mentioned before. Column 277 registers a device public key assigned to each respective STT. In this example, each device public key is 512 bits long. Referring to row 279-1, for example, STT 158-1 is assigned a public key denoted DPUBKEY-1. It should be noted that table 273 is intended for illustrative purposes only. In other embodiments, different identifiers, e.g., IP addresses, may be used in table 273 to identify various STTs in the network.

In accordance with the invention, each subscriber associated with an SDVR STT is also assigned a public key-private key pair in anticipation of another data encryption in accordance with a public key algorithm. Manager 225 may maintain a subscriber key table, denoted 283 in FIG. 4. Subscriber key table 283 includes column 286 which enumerates an identifier of each subscriber associated with an SDVR STT, e.g., S-I, S-2, S-3, etc. Columns 287 and 288 contain, respectively, a “subscriber public key” and the “subscriber private key” counterpart assigned to each subscriber. Referring to row 289-1, for example, subscriber S-1 is assigned a subscriber public key denoted SPUBKEY-1 and subscriber private key denoted SPRIKEY-1. Such a key pair may be assigned to each subscriber by the cable operator during a service registration by the subscriber. Because the subscriber private keys need to be kept secret, table 283 may be maintained by manager 225 in secure memory 227.

FIG. 5 illustrates components of a generic SDVR STT (e.g. 158-1) in accordance with the invention, which include, among others, processor 330, interface 250, memory 210, storage 610, and encryption module 165. Processor 330 orchestrates the operations of SDVR STT 158-1. Interface 250 includes cable modem 258 capable of demodulating signals containing programming content and data from in-band channels and FDCs, and modulating data signals onto RDCs. Interface 250 also performs other well-known formatting and reformatting functions necessary to transmit or receive programming content and data.

Memory 210 stores a variety of software applications and data including, e.g., an operating system (not shown) which provides the basic functionality for SDVR STT 158-1, and STID 214 for identifying SDVR STT 158-1, which is its MAC address MAC-I in this instance. Memory 210 may be, e.g., a non-volatile random-access memory.

The aforementioned device private key assigned to STT 158-1, namely, DPRIKEY-1, is stored in secure memory 212 in encryption module 165 in such a manner that it cannot be discovered or tampered with easily and certainly not without notice. On the other hand, the device public key assigned to SDVR STT 158-1, namely, DPUBKEY-I, a copy of which is registered in table 273 in headend 120 as discussed before, is stored in memory 210.

Storage 610 is used for storing programming content, which in this instance may be a removable hard disk drive. It will be appreciated that storage 610 may comprise other forms of memory including, e.g., a digital video disk (DVD) drive, memory sticks, network-based storage, etc. Processor 330 may also perform such DVR functions as recording selected programming content in one or more content files, and storing them in storage 610. As used herein, the term “content file” refers to a container that holds a distinct quantity of programming content. A content file may contain, e.g., a digitally recorded version of a movie such as “Citizen Kane.”

Cable operators have observed that providing to subscribers an unrestricted right to save programming content often results in an unacceptable amount of unauthorized copying. Accordingly, the aforementioned access control mechanism in accordance with the invention is implemented to prevent such unauthorized copying. In accordance with the inventive mechanism, encryption module 165 generates a content key, e.g., a 3DES key for encrypting, in accordance with a 3DES algorithm, a content file provided by processor 330 before its storage. In this illustrative embodiment, a different content key is generated for encrypting each respective content file. However, it will be appreciated that a single content key may be used to encrypt all content files in the same storage. It will also be appreciated that multiple content keys may be used to encrypt a single content file.

In addition, module 165 encrypts each generated content key to form “encrypted content key version 1 (V-1),” and “encrypted content key version 2 (V-2)”, and stores the encrypted content key versions (denoted 603 and 604 respectively in FIG. 6) in association with the corresponding encrypted content file 602 (i.e., encrypted using the content key) in storage 610. In this illustrative embodiment, the encrypted content key V-I is formed by encrypting the content key with the device public key (i.e., DPUBKEY-l) assigned to SDVR STT 158-1. On the other hand, the encrypted content key V-2 is formed by encrypting the content key with the subscriber public key (Le., SPUBKEY-1) assigned to subscriber S-1 associated with SDVR STT 158-1 in this instance.

By way of example, subscriber S-1 may direct SDVR STT 158-1 to record specified programming content, say, the “Citizen Kane” movie as it is broadcast over cable network 150. Accordingly, processor 330 generates a content file containing the specified movie content received from interface 250. FIG. 7 is a flowchart depicting a routine for encrypting and storing a content file. Instructed by such a routine, encryption module 165 at step 308 generates the aforementioned content key associated with the specified content file. At step 310, module 165 encrypts the content file using the content key, in accordance with the aforementioned 3DES algorithm. At step 315, module 165 stores the encrypted content file 602 in storage 610. At step 318, module 165 retrieves the device public key DPUBKEY-1 from memory 210. At step 320, module 165 uses DPUBKEY-1 to encrypt the content key in accordance with a first public key algorithm, e.g., an RSA algorithm. As mentioned above, the resulting encrypted content key is referred to as the “encrypted content key V-I.” At step 325, module 165 stores the encrypted content key V-I, denoted 603, in storage 610. In one embodiment, the encrypted content key V 1 is stored in the form of meta data associated with the encrypted content file.

To generate the encrypted content key V-2, denoted 604, module 165 retrieves from storage 610 the encrypted content key V-I, from secure memory 212 device private key DPRIKEY-1, and from memory 210 STID 214 which is MAC-1 in this instance. Module 165 uses DPRIKEY-1 to decrypt the encrypted content key V-I, thereby recovering the content key in the clear. Module 165 then transmits the content key to headend 120 via an RDC in a secure manner. The secure transmission of a content key from STT 158-1 to headend 120 may be accomplished using a prior art encryption technique, e.g., a prior art public key encryption technique where a system private key is stored in head end 120, and the corresponding system public key is made public to, and stored in, all STTs including SDVR STT 158-1. In this instance, module 165 in SDVR STT 158-1 transmits, to control access manager 225 in application server 220, a message containing STID 214 and the content key encrypted using the system public key, in accordance with the prior art public key encryption technique.

FIG. 8 is a flowchart depicting a routine for generating the encrypted content key V-2, in accordance with one embodiment. At step 427, manager 225 receives the encrypted content key and STID 214 in the message from SDVR STT 158-1, and at step 430 decrypts, using the aforementioned system private key, the encrypted content key to recover the content key in the clear. At step 431, manager 225 consults subscriber registry 360 and uses STID 214, which is MAC-1 in this instance, to determine the associated subscriber ID, which is S-1 in this instance.

At step 432, manager 225 retrieves from subscriber key table 283 the subscriber public key, SPUBKEY-1 associated with S-I. At step 435, manager 225 uses the subscriber public key SPUBKEY-1 to encrypt the content key in accordance with a second public key algorithm, thereby generating the encrypted content key V-2. At step 440, manager 225 transmits the encrypted content key V-2 to SDVR STT 158-1 via an FDC.

After receiving the encrypted content key V-2 from manager 225, module 165 stores the encrypted content key V-2, denoted 604 in storage 610. In one embodiment, the encrypted content key V-2 is stored in the form of meta data associated with the encrypted content file 602. To decrypt the encrypted content file 602 for viewing the “Citizen Kane” movie content, module 165 may decrypt the associated encrypted content key V-I (603) using DPRIKEY-1 in memory 212, thereby recovering the content key in the clear. Module 165 then applies the recovered content key to decrypt the encrypted content file 602.

Alternatively, STT 158-1 may be provided with the subscriber public key SPUBKEY-1. In a similar process used to create encrypted content key V-I, module 165 may use SPUBKEY-1 to generate encrypted content key V-2.

To show the portability of the encrypted content file 602, supposing that subscriber S-1 has purchased SDVR STT 158-2 for use as a second STT in his or her home, he or she may wish to transfer the content file to SDVR STT 158-2 and watch the program on a television set connected to SDVR STT 158-2. Alternatively, supposing that SDVR STT 158-1 is broken or is no longer functional for any reason, subscriber S-1 may wish to use SDVR STT 158-2 to view the stored programming content. To permit subscriber S-1 to copy the programming content for limited purposes such as these, the invention relies on encrypted content key V-2 (604), which is not associated with any particular device, to “migrate” programming content stored on a first device (e.g., STT 158-1) to a second device (e.g., STT 158-2). Specifically, in order for the second device to obtain the content key to decrypt the copy of the encrypted content file in STT 158-2, the latter needs an encrypted content key V-I associated therewith. In accordance with an aspect of the invention, the content key V-I associated with STT 158-2 can be successfully derived from the encrypted content key V-2 (604) provided that the subscriber associated with STT 158-2 be also S-I, which is the case here and reflected by subscriber registry 360 in FIG. 2. Referring to rows 368-1 and 368-2 of registry 360, in this instance both STT 158-1 having the MAC-1 address and STT 158-2 having the MAC-2 address are associated with S-I.

Assuming that SDVR STT 158-2 in FIG. 9 has in storage 910 a copy of the encrypted content file 602 and an encrypted content key V-2 (604) from SDVR STT 158-1 (e.g., by physically removing storage 610 from SDVR STT 158-1 to SDVR STT 158-2, i.e., storage 610 the same as storage 910), encryption module 965 of STT 158-2 retrieves the encrypted content key V-2 (604) from storage 910, and STID 914 from memory 990. Module 965 transmits a message containing the encrypted content key V-2 (604) and STID 914 to headend 120.

At headend 120, the encrypted content key V-2 (604) is utilized to generate an encrypted content key V-I associated with the SDVR STT 158-2, which is needed for STT 158-2 to derive the content key for decrypting the encrypted content file 602. FIG. 10 is a flowchart depicting a routine for generating an encrypted content key V-I associated with STT 158-2, in accordance with an embodiment of the invention. At step 571, manager 225 in headend 120 receives from the new device STT 158-2 the encrypted content key V-2 (604) and STID 914. At step 572, manager 225 consults subscriber registry 360, and uses STID 914 (i.e., MAC-2) to determine the corresponding subscriber ID (i.e., S-I). At step 573, manager 225 retrieves from subscriber key table 283 the subscriber private key SPRIKEY-1 associated with subscriber S-I. At step 574, manager 225 uses the subscriber private key to decrypt the encrypted content key V-2 (604) and thereby recover the content key in the clear.

At step 576, manager 225 consults device key table 273 and retrieves the device public key DPUBKEY-2 associated with STID 914 which is MAC-2 in this instance. At step 577, manager 225 uses the device public key DPUBKEY-2 associated with STT 158-2 to encrypt the content key. The resulting encrypted version of the content key is referred to as the “new-device (ND) encrypted content key version 1 (V-I).” At step 579, manager 225 transmits the ND encrypted content key V-I to STT 158-2 through an FDC.

Module 965 in SDVR STT 158-2 receives the ND encrypted content key V-I from headend 120. Module 965 stores the ND content key V-I in storage 910. At a subsequent point in time, module 965 may retrieve device private key DPRIKEY-2 from memory 912, and use it to decrypt the ND encrypted content key V-I and recover the content key. Module 965 may then utilize the content key to decrypt the encrypted content file 602 for viewing the “Citizen Kane” movie content.

In a second embodiment, a system-wide public key-private key pair is used in place of the subscriber key pairs stored in table 283. A system public key is made public to a collection of STTs in the network. A system private key (not shown) is stored in headend 120 by manager 225, e.g., in memory 227. Thus, for example, in this second embodiment after SDVR STT 158-1 uses a content key to encrypt a content file, resulting in encrypted content file 602, it uses the system public key (not shown) in memory 210 to encrypt the content key, thereby generating an encrypted content key V-2. SDVR STT 158-1 stores the encrypted content key V-2 in association with content file 602. It should be noted that the encrypted content key V-I in SDVR STT 158-1 remains the same as the previous embodiment.

To realize portability of the content file, SDVR STT 158-1 may transfer the content file and encrypted content key V-2 therein to a second device, e.g., SDVR STT 158-2, an encrypted content key V-I associated with SDVR STT 158-2 may be generated as follows. Module 965 in SDVR STT 158-2 transmits the received encrypted content key V-2 to headend 120. Manager 225 in headend 120 receives the encrypted content key V-2, retrieves the system private key from memory 227, and uses it to decrypt the encrypted content key V-2, recovering the content key in the clear. Manager 225 then consults device key table 273 and retrieves the device public key DPUBKEY-2 associated with SDVR STT 158-2. Manager 225 uses the device public key DPUBKEY-2 to encrypt the content key, producing an ND encrypted content key V-I. The ND encrypted content key is transmitted to SDVR STT 158-2, where it is stored in storage 910 in association with content file 602. It should be noted that the ND encrypted content key V-2, also stored in storage 910, is the same as the received encrypted content key V-2 from SDVR STT 158-1. At a subsequent point in time, module 965 may retrieve device private key DPRIKEY-2 from memory 912, and use it to decrypt the ND encrypted content key V-I and recover the content key. Module 965 may then utilize the content key to decrypt the encrypted content file 602 for viewing the “Citizen Kane” movie content.

In a third embodiment, a subscriber may transfer content from one device to another, e.g., via a home network without involving headend 120, and control access manager 220 in −15 particular. For example, subscriber S-1 establishes a home network within his/her home and connects both SDVR STT 158-1 and SDVR STT 158-2 to the network. The “Citizen Kane” movie is stored in the form of encrypted content file 602 in storage 610 of SDVR STT 158-1 as described before. Suppose that subscriber S-1 wishes to transfer a copy of encrypted content file 602 from SDVR STT 158-1 to SDVR STT 158-2 via the home network. FIG. 11 is a flowchart depicting a routine for transferring one such content file from a first device to a second device. SDVR STT 158-2 may act as an initiator and transmit to SDVR STT 158-1 a request for a copy of content file 602. SDVR STT 158-2 may also transmit to SDVR STT 158-1 its own device public key, which is in this instance DPUBKEY-2.

Module 165 receives the request and the device public key associated with SDVR STT 158-2 (step 1105), and in response, identifies the desired content file 602 in storage 610. At step 1120, module 165 retrieves encrypted content key V-I (603) from storage 610. At step 1125, module 165 retrieves DPRIKEY-1 from memory 212 and (at step 1130) uses DPRIKEY-1 to decrypt encrypted content key V-I (603), thereby recovering the content key in the clear. At step 1150, module 165 uses the received DPUBKEY-2 to encrypt the recovered content key. The resulting encrypted version of the content key becomes the ND encrypted content key V-I. At step 1160, module 165 transmits the ND encrypted content key V-I to SDVR STT 158-2, along with a copy of encrypted content file 602.

Module 965 in SDVR STT 158-2 receives the ND encrypted content key V-I from SDVR STT 158-1. Module 965 stores the ND content key V-I and content file 602 in storage 910. At a subsequent point in time, module 965 may retrieve device private key DPRIKEY-2 from memory 912, and use it to decrypt the ND encrypted content key V-I and recover the content key in the clear. Module 965 may then utilize the content key to decrypt the encrypted content file 602 for viewing the “Citizen Kane” movie content.

The foregoing merely illustrates the principles of the invention. It will thus be appreciated that those skilled in the art will be able to devise numerous other arrangements which embody the principles of the invention and are thus within its spirit and scope.

For example, while STTs are illustratively used in the above-described embodiments, other comparable or functionally equivalent devices (e.g., point-of-deployment (POD) or CableCARD™ devices) may be used in addition to, or in lieu of, such STTs.

In addition, in the embodiment shown in FIG. 1, the network transport is illustratively 5 realized using HFC cable network 150. However, other networks such as digital subscriber line (DSL) networks, ethernet networks and satellite networks may be used, instead.

Finally, the system components of FIG. 1 are disclosed herein in a form in which various functions are performed by discrete functional blocks. However, anyone or more of these functions could equally well be embodied in an arrangement in which the functions of anyone or more of those blocks or indeed, all of the functions thereof, are realized, for example, by one or more appropriately programmed processors.

Claims

1. A computerized method for providing access to encrypted content at a computerized user device of a content delivery network, the computerized method comprising: receiving, from the computerized user device, a first encrypted cryptographic element and data representative of an identifier, the identifier being associated with the computerized user device;identifying a user associated with the computerized user device based on the data representative of the identifier associated with the computerized user device;decrypting the first encrypted cryptographic element based at least on a private key associated with the identified user;encrypting the decrypted first cryptographic element based at least on a public key associated with the computerized user device to produce a new encrypted cryptographic element;providing the new encrypted cryptographic element to the computerized user device; andenabling the computerized user device to (i) decrypt the new encrypted cryptographic element based on a private key associated with the computerized device, and (ii) access the encrypted content using the decrypted new cryptographic element.
2. The computerized method of claim 1, wherein: the receiving, from the computerized user device, of the first encrypted cryptographic element comprises receiving an encrypted content key associated with the encrypted content.
3. The computerized method of claim 1, further comprising: enabling the computerized user device to retrieve the private key associated with the computerized user device from a memory apparatus associated with the computerized user device.
4. The computerized method of claim 1, further comprising: maintaining a first data structure at a computerized server apparatus, the first data structure comprising a plurality of cryptographic elements associated with a plurality of computerized user devices in data communication with the computerized server apparatus, the computerized server apparatus and the plurality of computerized user devices configured for data communication via at least the content delivery network, the plurality of computerized user devices comprising the computerized user device.
5. The computerized method of claim 1, further comprising: maintaining a second data structure at a computerized server apparatus, the second data structure comprising a plurality of data representative of identifiers associated with respective ones of a plurality of users associated with respective ones of a plurality of computerized user devices in data communication with the computerized server apparatus, the plurality of data representative of identifiers comprising the data representative of the identifier associated with the computerized user device.
6. The computerized method of claim 1, further comprising: enabling the encrypted content to be transferred to the computerized user device from another computerized user device, the computerized user device and the another computerized user device both being associated with a common user of the content delivery network.
7. The computerized method of claim 6, further comprising: accessing a third data structure at a computerized server apparatus, the third data structure comprising pairs of cryptographic elements, each of the pairs of cryptographic elements comprising a private key and a public key each assigned to a given user;wherein: the private key associated with the identified user is inaccessible to the another computerized user device.
8. An apparatus of a content delivery network, the apparatus comprising: a data interface capable of data communication with a plurality of computerized user devices; anda computerized server apparatus configured to: receive an encrypted content key issued from a first computerized user device of the plurality of computerized user devices;decrypt the encrypted content key based at least on a private key associated with a user of the first computerized user device;produce a second encrypted content key via encryption of the decrypted content key, the encryption of the decrypted content key comprising an encryption based at least on a public key associated with the first computerized user device;cause the first computerized user device to decrypt the second encrypted content key based at least on a private key associated with the first computerized user device; andcause the first computerized user device to utilize the decrypted second content key to decrypt encrypted content that the first computerized user device has received from a second computerized user device.
9. The apparatus of claim 8, wherein the first computerized user device and the second computerized user device are associated with a same user.
10. The apparatus of claim 8, wherein the apparatus further comprises a data structure, the data structure comprising an identifier for each user associated with the first computerized user device and the second computerized user device.
11. The apparatus of claim 10, wherein the computerized server apparatus is further configured to: receive identifying information corresponding to the first computerized user device; andbased on the data structure, determine the user of the first computerized user device based on the identifying information.
12. The apparatus of claim 8, wherein: the computerized server apparatus further comprises a memory apparatus, the memory apparatus comprising a database, the data base comprising (i) identifiers for each user associated with a computerized user device, (ii) a public key assigned to each user, and (iii) a private key assigned to each user;the database is unavailable for access by each of the first computerized user device and the second computerized user device; andthe decryption of the encrypted content key based on the private key associated with the user of the first computerized user device comprises a retrieval of the private key associated with the user of the first computerized user device from the database.
13. The apparatus of claim 8, wherein the computerized server apparatus is further configured to: transmit the second encrypted content key to the first computerized user device prior to causation of the first computerized user device to decrypt the encrypted content; andcause the first computerized user device to store the second encrypted content key in associated memory, the associated memory configured to allow retrieval of the second encrypted content key for decryption of the second encrypted content key based on the private key associated with the first computerized user device.
14. The apparatus of claim 8, wherein the encrypted content comprises content recorded by the second computerized user device during broadcast of the content.
15. A user device configured to receive and access encrypted content within a content network, the user device comprising: a first interface configured for data communication with another user device;a second interface configured for data communication with a server apparatus; anda processor apparatus configured to execute at least one computer program, the execution of the at least one computer program configured to cause the user device to: transmit a first encrypted content key associated with the encrypted content to the server apparatus;receive a second encrypted content key associated with the encrypted content from the server apparatus, the second encrypted content key having been generated based at least on (i) a private key associated with a user of the user device and (ii) another private key associated with the user device;decrypt the second encrypted content key; andaccess the encrypted content using at least the decrypted second content key.
16. The user device of claim 15, wherein the execution of the at least one computer program is further configured to cause the user device to receive the encrypted content from the another user device, the another user device configured for operation within a trusted domain of the content network.
17. The user device of claim 16, wherein the user device and the another user device are associated with a common user of the content network.
18. The user device of claim 15, wherein the execution of the at least one computer program is further configured to cause the user device to cause the server apparatus to: decrypt the transmitted first encrypted content key using the another private key associated with the user of the user device; andencrypt the decrypted first encrypted content key using at least the private key associated with the user device.
19. The user device of claim 15, further comprising a memory apparatus in data communication with the processor apparatus, the memory apparatus being configured to store a second private key associated with the user device; wherein the decryption of the second encrypted content key from the server apparatus comprises retrieval and usage of the second private key associated with the user device.
20. The user device of claim 15, wherein the execution of the at least one computer program is further configured to cause the user device to: decrypt the encrypted content using the decrypted second content key; andcause rendering of the decrypted content on a display device.

PRIORITY AND RELATED APPLICATIONS

This application is a continuation of and claims the benefit of priority to co-owned and co-pending U.S. patent application Ser. No. 14/790,456 of the same title filed Jul. 2, 2015, issuing as U.S. Pat. No. 10,178,072 on Jan. 8, 2019, which is a continuation of and claims the benefit of priority to co-owned U.S. patent application Ser. No. 13/608,969 of the same title filed Sep. 10, 2012, issued as U.S. Pat. No. 9,083,513 on Jul. 14, 2015, which is a divisional of and claims the benefit of priority to co-owned U.S. patent application Ser. No. 10/894,884 of the same title filed Jul. 20, 2004, issued as U.S. Pat. No. 8,266,429 on Sep. 11, 2012, each of the foregoing is incorporated herein by reference in its entirety. This application is also generally related to the subject matter of co-owned and co-pending U.S. patent application Ser. No. 15/979,318 entitled “TECHNIQUE FOR SECURELY COMMUNICATING PROGRAMMING CONTENT” and filed on May 14, 2018, co-owned U.S. patent application Ser. No. 15/096,019 entitled “TECHNIQUE FOR SECURELY COMMUNICATING PROGRAMMING CONTENT” and filed on Apr. 11, 2016, co-owned U.S. patent application Ser. No. 13/674,866 entitled “TECHNIQUE FOR SECURELY COMMUNICATING PROGRAMMING CONTENT” and filed on Nov. 12, 2012, and co-owned U.S. patent application Ser. No. 11/006,404 entitled “TECHNIQUE FOR SECURELY COMMUNICATING PROGRAMMING CONTENT” filed on Dec. 7, 2004, each of the foregoing is incorporated herein by reference in its entirety.

US Referenced Citations (433)

Number	Name	Date	Kind
5369707	Follendore, III	Nov 1994	A
5528284	Iwami et al.	Jun 1996	A
5577209	Boyle et al.	Nov 1996	A
5708961	Hylton et al.	Jan 1998	A
5715403	Stefik	Feb 1998	A
5787172	Arnold	Jul 1998	A
5818438	Howe et al.	Oct 1998	A
5828832	Holden et al.	Oct 1998	A
5870474	Wasilewski et al.	Feb 1999	A
5897635	Torres et al.	Apr 1999	A
5982412	Nulty	Nov 1999	A
6009103	Woundy	Dec 1999	A
6148400	Arnold	Nov 2000	A
6154844	Touboul et al.	Nov 2000	A
6157719	Wasilewski et al.	Dec 2000	A
6167432	Jiang	Dec 2000	A
6167521	Smith et al.	Dec 2000	A
6181697	Nurenberg et al.	Jan 2001	B1
6212636	Boyle et al.	Apr 2001	B1
6219710	Gray et al.	Apr 2001	B1
6233341	Riggins	May 2001	B1
6233687	White	May 2001	B1
6256393	Safadi et al.	Jul 2001	B1
6259701	Shur et al.	Jul 2001	B1
6266421	Domyo et al.	Jul 2001	B1
6456716	Arnold	Sep 2002	B1
6519062	Yoo	Feb 2003	B1
6523696	Saito et al.	Feb 2003	B1
6601171	Carter et al.	Jul 2003	B1
6640145	Hoffberg et al.	Oct 2003	B2
6657991	Akgun et al.	Dec 2003	B1
6694145	Riikonen et al.	Feb 2004	B2
6742116	Matsui	May 2004	B1
6760768	Holden et al.	Jul 2004	B2
6782475	Sumner	Aug 2004	B1
6782550	Cao	Aug 2004	B1
6785810	Lirov et al.	Aug 2004	B1
6788676	Partanen et al.	Sep 2004	B2
6807573	Saito et al.	Oct 2004	B2
6813505	Walley et al.	Nov 2004	B2
6859535	Tatebayashi et al.	Feb 2005	B1
6898708	Hori et al.	May 2005	B2
6910064	Astarabadi et al.	Jun 2005	B1
6925257	Yoo	Aug 2005	B2
6944150	McConnell et al.	Sep 2005	B1
6948183	Peterka	Sep 2005	B1
6954632	Kobayashi	Oct 2005	B2
6957261	Lortz	Oct 2005	B2
6957328	Goodman et al.	Oct 2005	B2
6973576	Giobbi	Dec 2005	B2
6975730	Kuroiwa et al.	Dec 2005	B1
6985355	Allirot	Jan 2006	B2
6996544	Sellars et al.	Feb 2006	B2
7006881	Hoffberg et al.	Feb 2006	B1
7007170	Morten	Feb 2006	B2
7009972	Maher et al.	Mar 2006	B2
7016963	Judd et al.	Mar 2006	B1
7017189	Demello et al.	Mar 2006	B1
7027460	Iyer et al.	Apr 2006	B2
7039048	Monta et al.	May 2006	B1
7054443	Jakubowski et al.	May 2006	B1
7054902	Toporek et al.	May 2006	B2
7055040	Klemba et al.	May 2006	B2
7065216	Benaloh et al.	Jun 2006	B1
7068639	Varma et al.	Jun 2006	B1
7069449	Weaver et al.	Jun 2006	B2
7069578	Prus et al.	Jun 2006	B1
7072950	Toft	Jul 2006	B2
7073199	Raley	Jul 2006	B1
7080039	Marsh	Jul 2006	B1
7092397	Chandran et al.	Aug 2006	B1
7099308	Merrill et al.	Aug 2006	B2
7103181	Ananth	Sep 2006	B2
7106382	Shiotsu	Sep 2006	B2
7107326	Fijolek et al.	Sep 2006	B1
7149772	Kalavade	Dec 2006	B1
7154912	Chong et al.	Dec 2006	B2
7165268	Moore et al.	Jan 2007	B1
7174126	McElhatten et al.	Feb 2007	B2
7174127	Otten et al.	Feb 2007	B2
7174371	Elo et al.	Feb 2007	B2
7174385	Li	Feb 2007	B2
7194756	Addington et al.	Mar 2007	B2
7209458	Ahvonen et al.	Apr 2007	B2
7225333	Peinado et al.	May 2007	B2
7228427	Fransdonk	Jun 2007	B2
7237112	Ishiguro et al.	Jun 2007	B1
7242960	Van Rooyen et al.	Jul 2007	B2
7248694	Husemann et al.	Jul 2007	B2
7254608	Yeager et al.	Aug 2007	B2
7257227	Chen et al.	Aug 2007	B2
7266726	Ladd et al.	Sep 2007	B1
7289534	Bailey et al.	Oct 2007	B1
7299502	Schmeling et al.	Nov 2007	B2
7305460	Park	Dec 2007	B2
7313611	Jacobs et al.	Dec 2007	B1
7324531	Cho	Jan 2008	B2
7325073	Shao et al.	Jan 2008	B2
7330483	Peters, Jr. et al.	Feb 2008	B1
7330967	Pujare et al.	Feb 2008	B1
7353543	Ohmori et al.	Apr 2008	B2
7373506	Asano et al.	May 2008	B2
7376386	Phillips et al.	May 2008	B2
7376976	Fierstein et al.	May 2008	B2
7397825	Woodward et al.	Jul 2008	B2
7409546	Platt	Aug 2008	B2
7457520	Rosetti et al.	Nov 2008	B2
7472280	Giobbi	Dec 2008	B2
7486869	Alexander et al.	Feb 2009	B2
7487363	Alve et al.	Feb 2009	B2
7506367	Ishibashi	Mar 2009	B1
7592912	Hasek et al.	Sep 2009	B2
7602820	Helms et al.	Oct 2009	B2
7673004	Sherstinsky et al.	Mar 2010	B1
7690020	Lebar	Mar 2010	B2
7693171	Gould	Apr 2010	B2
7707644	Choi et al.	Apr 2010	B2
7721314	Sincaglia et al.	May 2010	B2
7730321	Gasparini et al.	Jun 2010	B2
7742074	Minatogawa	Jun 2010	B2
7752617	Blinick et al.	Jul 2010	B2
7757101	Nonaka et al.	Jul 2010	B2
7783891	Perlin et al.	Aug 2010	B2
7809942	Baran et al.	Oct 2010	B2
7865440	Jaquette	Jan 2011	B2
7870599	Pemmaraju	Jan 2011	B2
7925592	Issa et al.	Apr 2011	B1
7930558	Hori	Apr 2011	B2
7954131	Cholas et al.	May 2011	B2
7983418	Oyama et al.	Jul 2011	B2
8166508	Mitsuji et al.	Apr 2012	B2
8181262	Cooper et al.	May 2012	B2
8234387	Bradley et al.	Jul 2012	B2
8280982	La Joie et al.	Oct 2012	B2
8332370	Gattegno et al.	Dec 2012	B2
8332657	Eskicioglu et al.	Dec 2012	B1
8341242	Dillon et al.	Dec 2012	B2
8472627	Denning et al.	Jun 2013	B2
8520850	Helms et al.	Aug 2013	B2
8761402	McAvoy et al.	Jun 2014	B2
9706160	Marsh et al.	Jul 2017	B2
9906838	Cronk et al.	Feb 2018	B2
20010004768	Hodge et al.	Jun 2001	A1
20010014946	Ichinoi et al.	Aug 2001	A1
20010019614	Madoukh et al.	Sep 2001	A1
20010029581	Knauft	Oct 2001	A1
20010053223	Ishibashi et al.	Dec 2001	A1
20010053226	Akins et al.	Dec 2001	A1
20010056541	Matsuzaki et al.	Dec 2001	A1
20020013772	Peinado	Jan 2002	A1
20020026575	Wheeler et al.	Feb 2002	A1
20020027883	Belaiche	Mar 2002	A1
20020032754	Logston et al.	Mar 2002	A1
20020048367	Maillard	Apr 2002	A1
20020056125	Hodge et al.	May 2002	A1
20020059619	Lebar	May 2002	A1
20020062440	Akama	May 2002	A1
20020066033	Dobbins et al.	May 2002	A1
20020077984	Ireton	Jun 2002	A1
20020126654	Preston et al.	Sep 2002	A1
20020129358	Buehl et al.	Sep 2002	A1
20020138442	Hori	Sep 2002	A1
20020144067	Jeong	Oct 2002	A1
20020147771	Traversat et al.	Oct 2002	A1
20020152299	Traversat et al.	Oct 2002	A1
20020152393	Thoma et al.	Oct 2002	A1
20020183985	Hori et al.	Dec 2002	A1
20020184154	Hori et al.	Dec 2002	A1
20020188744	Mani	Dec 2002	A1
20020188869	Patrick	Dec 2002	A1
20020199105	Ishiguro et al.	Dec 2002	A1
20030009681	Harada et al.	Jan 2003	A1
20030021421	Yokota et al.	Jan 2003	A1
20030041336	Del Sordo et al.	Feb 2003	A1
20030046560	Inomata et al.	Mar 2003	A1
20030048380	Tamura	Mar 2003	A1
20030056217	Brooks	Mar 2003	A1
20030069965	Ma et al.	Apr 2003	A1
20030074571	Fujiwara et al.	Apr 2003	A1
20030084003	Pinkas et al.	May 2003	A1
20030097340	Okamoto et al.	May 2003	A1
20030115267	Hinton et al.	Jun 2003	A1
20030140227	Asano et al.	Jul 2003	A1
20030163697	Pabla et al.	Aug 2003	A1
20030163739	Armington et al.	Aug 2003	A1
20030165241	Fransdonk	Sep 2003	A1
20030166401	Combes et al.	Sep 2003	A1
20030174838	Bremer	Sep 2003	A1
20030187799	Sellars et al.	Oct 2003	A1
20030205763	Park et al.	Nov 2003	A1
20030208763	McElhatten et al.	Nov 2003	A1
20030208767	Williamson et al.	Nov 2003	A1
20030217137	Roese et al.	Nov 2003	A1
20030217365	Caputo	Nov 2003	A1
20030219127	Russ	Nov 2003	A1
20040024688	Bi et al.	Feb 2004	A1
20040034877	Nogues	Feb 2004	A1
20040045032	Cummings et al.	Mar 2004	A1
20040045035	Cummings et al.	Mar 2004	A1
20040045037	Cummings et al.	Mar 2004	A1
20040052377	Mattox et al.	Mar 2004	A1
20040078602	Rothbarth et al.	Apr 2004	A1
20040088558	Candelore	May 2004	A1
20040107356	Shamoon	Jun 2004	A1
20040109569	Ellison et al.	Jun 2004	A1
20040117836	Karaoguz et al.	Jun 2004	A1
20040123129	Ginter et al.	Jun 2004	A1
20040128499	Peterka et al.	Jul 2004	A1
20040133923	Watson et al.	Jul 2004	A1
20040137918	Varonen et al.	Jul 2004	A1
20040177369	Akins, III	Sep 2004	A1
20040181800	Rakib et al.	Sep 2004	A1
20040184616	Morten	Sep 2004	A1
20040190714	Masui et al.	Sep 2004	A1
20040190721	Barrett et al.	Sep 2004	A1
20040193609	Phan et al.	Sep 2004	A1
20040193680	Gibbs et al.	Sep 2004	A1
20040224425	Gjerde et al.	Nov 2004	A1
20040237100	Pinder et al.	Nov 2004	A1
20040250273	Swix et al.	Dec 2004	A1
20040260798	Addington et al.	Dec 2004	A1
20040261093	Rebaud et al.	Dec 2004	A1
20040268386	Logan et al.	Dec 2004	A1
20050005287	Claussen	Jan 2005	A1
20050015810	Gould et al.	Jan 2005	A1
20050021985	Ono et al.	Jan 2005	A1
20050022227	Shen et al.	Jan 2005	A1
20050034171	Benya	Feb 2005	A1
20050039212	Baran et al.	Feb 2005	A1
20050049886	Grannan et al.	Mar 2005	A1
20050049933	Upendran et al.	Mar 2005	A1
20050055220	Lee et al.	Mar 2005	A1
20050065888	Benaloh	Mar 2005	A1
20050076210	Thomas	Apr 2005	A1
20050086683	Meyerson	Apr 2005	A1
20050091173	Alve	Apr 2005	A1
20050097006	Nyako	May 2005	A1
20050108763	Baran et al.	May 2005	A1
20050114686	Ball et al.	May 2005	A1
20050114900	Ladd et al.	May 2005	A1
20050138357	Swenson et al.	Jun 2005	A1
20050169468	Fahrny et al.	Aug 2005	A1
20050172127	Hartung et al.	Aug 2005	A1
20050177740	Athaide et al.	Aug 2005	A1
20050177741	Chen et al.	Aug 2005	A1
20050177855	Maynard et al.	Aug 2005	A1
20050182931	Robert et al.	Aug 2005	A1
20050185626	Meier et al.	Aug 2005	A1
20050188210	Perlin et al.	Aug 2005	A1
20050190912	Hopkins et al.	Sep 2005	A1
20050195975	Kawakita	Sep 2005	A1
20050198693	Choi et al.	Sep 2005	A1
20050210500	Stone	Sep 2005	A1
20050268107	Harris et al.	Dec 2005	A1
20050273629	Abrams et al.	Dec 2005	A1
20050278259	Gunaseelan et al.	Dec 2005	A1
20050289618	Hardin	Dec 2005	A1
20060002551	Brown et al.	Jan 2006	A1
20060004662	Nadalin et al.	Jan 2006	A1
20060008256	Khedouri et al.	Jan 2006	A1
20060015352	Wynn et al.	Jan 2006	A1
20060020786	Helms et al.	Jan 2006	A1
20060020826	Felton et al.	Jan 2006	A1
20060020950	Ladd et al.	Jan 2006	A1
20060021004	Moran et al.	Jan 2006	A1
20060036750	Ladd et al.	Feb 2006	A1
20060041903	Kahn et al.	Feb 2006	A1
20060041905	Wasilewski	Feb 2006	A1
20060047801	Haag et al.	Mar 2006	A1
20060047957	Helms et al.	Mar 2006	A1
20060064583	Birnbaum et al.	Mar 2006	A1
20060095940	Yearwood	May 2006	A1
20060130099	Rooyen	Jun 2006	A1
20060130107	Gonder et al.	Jun 2006	A1
20060130113	Carlucci et al.	Jun 2006	A1
20060136964	Diez et al.	Jun 2006	A1
20060137005	Park	Jun 2006	A1
20060137015	Fahrny et al.	Jun 2006	A1
20060148362	Bridges	Jul 2006	A1
20060149850	Bowman	Jul 2006	A1
20060161635	Lamkin et al.	Jul 2006	A1
20060168219	Ahluwalia et al.	Jul 2006	A1
20060179138	Van Gassel et al.	Aug 2006	A1
20060184972	Rafey et al.	Aug 2006	A1
20060187900	Akbar	Aug 2006	A1
20060200856	Salowey et al.	Sep 2006	A1
20060206712	Dillaway et al.	Sep 2006	A1
20060209799	Gallagher et al.	Sep 2006	A1
20060212400	Kamperman et al.	Sep 2006	A1
20060218604	Riedl et al.	Sep 2006	A1
20060218647	Hars et al.	Sep 2006	A1
20060236131	Vauclair	Oct 2006	A1
20060248553	Mikkelson et al.	Nov 2006	A1
20060259927	Acharya et al.	Nov 2006	A1
20060291506	Cain	Dec 2006	A1
20070011335	Burns et al.	Jan 2007	A1
20070019645	Menon	Jan 2007	A1
20070022459	Gaebel, Jr. et al.	Jan 2007	A1
20070022469	Cooper et al.	Jan 2007	A1
20070033531	Marsh	Feb 2007	A1
20070046791	Wang et al.	Mar 2007	A1
20070049245	Lipman	Mar 2007	A1
20070067851	Fernando et al.	Mar 2007	A1
20070079381	Hartung et al.	Apr 2007	A1
20070094691	Gazdzinski	Apr 2007	A1
20070098178	Raikar	May 2007	A1
20070104456	Craner	May 2007	A1
20070121678	Brooks et al.	May 2007	A1
20070124488	Baum et al.	May 2007	A1
20070124602	Wald et al.	May 2007	A1
20070157295	Mangalore et al.	Jul 2007	A1
20070174888	Rubinstein	Jul 2007	A1
20070192615	Varghese et al.	Aug 2007	A1
20070204314	Hasek et al.	Aug 2007	A1
20070206799	Wingert et al.	Sep 2007	A1
20070209059	Moore et al.	Sep 2007	A1
20070217436	Markley et al.	Sep 2007	A1
20070219910	Martinez	Sep 2007	A1
20070220024	Putterman et al.	Sep 2007	A1
20070250872	Dua	Oct 2007	A1
20070250880	Hainline	Oct 2007	A1
20070261116	Prafullchandra et al.	Nov 2007	A1
20070276925	La Joie et al.	Nov 2007	A1
20070276926	Lajoie et al.	Nov 2007	A1
20070294178	Pinder et al.	Dec 2007	A1
20080008321	Gagnon et al.	Jan 2008	A1
20080008371	Woods et al.	Jan 2008	A1
20080021836	Lao	Jan 2008	A1
20080022012	Wang	Jan 2008	A1
20080059804	Shah et al.	Mar 2008	A1
20080066112	Bailey et al.	Mar 2008	A1
20080091805	Malaby et al.	Apr 2008	A1
20080091807	Strub et al.	Apr 2008	A1
20080098212	Helms et al.	Apr 2008	A1
20080103976	Read et al.	May 2008	A1
20080103977	Khosravy et al.	May 2008	A1
20080112405	Cholas et al.	May 2008	A1
20080117920	Tucker	May 2008	A1
20080123862	Rowley	May 2008	A1
20080133551	Wensley et al.	Jun 2008	A1
20080141353	Brown	Jun 2008	A1
20080148362	Gilder et al.	Jun 2008	A1
20080154626	Gounares et al.	Jun 2008	A1
20080155059	Hardin et al.	Jun 2008	A1
20080162353	Tom et al.	Jul 2008	A1
20080165460	Whitby-Strevens	Jul 2008	A1
20080177998	Apsangi et al.	Jul 2008	A1
20080212945	Khedouri et al.	Sep 2008	A1
20080222684	Mukraj et al.	Sep 2008	A1
20080235746	Peters et al.	Sep 2008	A1
20080256510	Auerbach	Oct 2008	A1
20080270307	Olson et al.	Oct 2008	A1
20080273591	Brooks et al.	Nov 2008	A1
20080282299	Koat et al.	Nov 2008	A1
20080288618	Vardi et al.	Nov 2008	A1
20090007234	Birger et al.	Jan 2009	A1
20090025075	Chow et al.	Jan 2009	A1
20090031371	Munsell et al.	Jan 2009	A1
20090083813	Dolce et al.	Mar 2009	A1
20090098861	Kalliola et al.	Apr 2009	A1
20090100147	Igarashi	Apr 2009	A1
20090100459	Riedl et al.	Apr 2009	A1
20090102983	Malone et al.	Apr 2009	A1
20090151006	Saeki et al.	Jun 2009	A1
20090182815	Czechowski, III et al.	Jul 2009	A1
20090185576	Kisel et al.	Jul 2009	A1
20090201917	Maes et al.	Aug 2009	A1
20090210912	Cholas et al.	Aug 2009	A1
20090220216	Marsh et al.	Sep 2009	A1
20090225760	Foti	Sep 2009	A1
20090265750	Jones et al.	Oct 2009	A1
20090282241	Prafullchandra et al.	Nov 2009	A1
20090282449	Lee	Nov 2009	A1
20090290711	Bloom et al.	Nov 2009	A1
20090292922	Park	Nov 2009	A1
20090293101	Carter et al.	Nov 2009	A1
20100017627	Princen et al.	Jan 2010	A1
20100030578	Siddique et al.	Feb 2010	A1
20100031299	Harrang et al.	Feb 2010	A1
20100042478	Reisman	Feb 2010	A1
20100082983	Shah et al.	Apr 2010	A1
20100083329	Joyce et al.	Apr 2010	A1
20100088236	Karabulut et al.	Apr 2010	A1
20100088292	Tirpak et al.	Apr 2010	A1
20100106846	Noldus et al.	Apr 2010	A1
20100131973	Dillon et al.	May 2010	A1
20100138900	Peterka et al.	Jun 2010	A1
20100169977	Dasher et al.	Jul 2010	A1
20100185855	Margolus et al.	Jul 2010	A1
20100198888	Blomstedt et al.	Aug 2010	A1
20100217837	Ansari et al.	Aug 2010	A1
20100251304	Donoghue et al.	Sep 2010	A1
20100251305	Kimble et al.	Sep 2010	A1
20100287609	Gonzalez et al.	Nov 2010	A1
20100310076	Barzilai et al.	Dec 2010	A1
20100313225	Cholas et al.	Dec 2010	A1
20100313226	Cholas et al.	Dec 2010	A1
20100313235	Straub	Dec 2010	A1
20110071841	Fomenko et al.	Mar 2011	A1
20110078721	Wang et al.	Mar 2011	A1
20110093900	Patel et al.	Apr 2011	A1
20110103374	Lajoie et al.	May 2011	A1
20110107379	Lajoie et al.	May 2011	A1
20110164753	Dubhashi et al.	Jul 2011	A1
20110169977	Masuda	Jul 2011	A1
20110179196	Friedman	Jul 2011	A1
20110197070	Mizrah	Aug 2011	A1
20110206200	Sovio et al.	Aug 2011	A1
20110213688	Santos et al.	Sep 2011	A1
20110219229	Cholas et al.	Sep 2011	A1
20110252236	De Atley et al.	Oct 2011	A1
20110252243	Brouwer et al.	Oct 2011	A1
20120008786	Cronk et al.	Jan 2012	A1
20120011567	Cronk et al.	Jan 2012	A1
20120017271	Smith et al.	Jan 2012	A1
20120030714	Sweatt, III et al.	Feb 2012	A1
20120089699	Cholas	Apr 2012	A1
20120131629	Shrum, Jr. et al.	May 2012	A1
20120159603	Queck	Jun 2012	A1
20120167173	Nadalin et al.	Jun 2012	A1
20120260346	Carey et al.	Oct 2012	A1
20120291062	Pearson et al.	Nov 2012	A1
20130191443	Gan et al.	Jul 2013	A1
20130309971	Kiukkonen et al.	Nov 2013	A1
20130318629	Lajoie et al.	Nov 2013	A1
20130347089	Bailey et al.	Dec 2013	A1
20140233923	Bradley et al.	Aug 2014	A1
20140282750	Civiletto	Sep 2014	A1
20140283137	Rebaud et al.	Sep 2014	A1
20160050190	Mooij et al.	Feb 2016	A1
20160165650	Kim et al.	Jun 2016	A1
20160165651	Pathuri et al.	Jun 2016	A1
20160301525	Canard et al.	Oct 2016	A1

Foreign Referenced Citations (67)

Number	Date	Country
1139198	Oct 2001	EP
2113860	Nov 2009	EP
2381709	May 2003	GB
H08263440	Oct 1996	JP
2000156676	Jun 2000	JP
2000332746	Nov 2000	JP
2001243707	Sep 2001	JP
2001274786	Oct 2001	JP
2001274788	Oct 2001	JP
2001285821	Oct 2001	JP
2002163396	Jun 2002	JP
2002352094	Dec 2002	JP
2003058657	Feb 2003	JP
2003162600	Jun 2003	JP
2003233690	Aug 2003	JP
2003248508	Sep 2003	JP
2003296484	Oct 2003	JP
2003348508	Dec 2003	JP
2004030111	Jan 2004	JP
2004072721	Mar 2004	JP
2004120736	Apr 2004	JP
2004120738	Apr 2004	JP
2004303111	Oct 2004	JP
2005506627	Mar 2005	JP
2005519365	Jun 2005	JP
2005519501	Jun 2005	JP
2005339093	Dec 2005	JP
2006185473	Jul 2006	JP
2006311267	Nov 2006	JP
2007020144	Jan 2007	JP
2007534030	Nov 2007	JP
2007336553	Dec 2007	JP
2008005047	Jan 2008	JP
2008015936	Jan 2008	JP
2008021293	Jan 2008	JP
2008507905	Mar 2008	JP
2008167018	Jul 2008	JP
2008186272	Aug 2008	JP
2008206039	Sep 2008	JP
2008539631	Nov 2008	JP
2009071786	Apr 2009	JP
2009515238	Apr 2009	JP
2009176060	Aug 2009	JP
2009211632	Sep 2009	JP
2010502109	Jan 2010	JP
2010079902	Apr 2010	JP
2012505436	Mar 2012	JP
2012523614	Oct 2012	JP
WO-0103410	Jan 2001	WO
WO-0110125	Feb 2001	WO
WO-0137479	May 2001	WO
WO-0169842	Sep 2001	WO
WO-0177778	Oct 2001	WO
WO-0213032	Feb 2002	WO
WO-0221841	Mar 2002	WO
WO-0242966	May 2002	WO
WO-02080556	Oct 2002	WO
WO-03038704	May 2003	WO
WO-03087799	Oct 2003	WO
WO-03093944	Nov 2003	WO
WO-2004027622	Apr 2004	WO
WO-2005015422	Feb 2005	WO
WO-2006020141	Feb 2006	WO
WO-2008070062	Jun 2008	WO
WO-2008080556	Jul 2008	WO
WO-2009020476	Feb 2009	WO
WO-2012021245	Feb 2012	WO

Non-Patent Literature Citations (23)

Entry
5C Digital Transmission Content Protection White Paper, Hitachi, Ltd., et al., dated Jul. 14, 1998, 15 pages.
Cantor, et al., Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard, Mar. 15, 2005. Document ID: saml-core-2.0-os (http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf).
Cantor, et al., Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard, Mar. 2005, Document ID saml-bindings-2.0-os ,(http://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf).
DCAS Authorized< gwmw class=“ginger-module-highlighter-mistake-type-3” id=“gwmw-15487095474138963691403”>Service Domain</gwmw>, Version 1.2, dated Nov. 4, 2008, 58 pages.
DCAS Authorized Service Domain, Version 1.2, Nov. 30, 2005, 56 pages.
DCAS Licensed Specification Abstracts, CableLabs Confidential Information, Jan. 12, 2006, 4 pages.
DVB (Digital Video Broadcasting), DVB Document A045 Rev. 3, Jul. 2004, “Head-end Implementation of SimulCrypt,” 289 pages.
DVB (Digital Video Broadcasting); DVB SimulCrypt; Part 1: “Head-end architecture and synchronization” Technical Specification—ETSI TS 101 197 V1.2.1 (Feb. 2002), 40 pages.
Federal Information Processing Standards Publication, US FIPS Pub 197, Nov. 26, 2001, “Advanced Encryption Standards (Aes),” 47 pages.
High-bandwidth Digital Content Protection System, Revision 1.091, dated Apr. 22, 2003, Digital Content< gwmw class=“ginger-module-highlighter-mistake-type-3” id=“gwmw-15487095483507149357216”>Protection LLC</gwmw> Draft, 78 pages.
Marusic, et al., “Share it!—Content Transfer in Home-to-Home Networks.” IEEE MELECON 2004, May 12-15, 2004, Dubrovnik, Croatia.
Media Server; 1 Device Template Version 1.01 Jun. 25, 2002.
OpenCable Application Platform Specification, OCAP 2.0 Profile, OC-SP-OCAP2.0-I01-020419, Apr. 19, 2002.
OpenCable Application Platform Specifications, OCAP Extensions, OC-SP-OCAP--HNEXT-I03-080418, 2005-2008.
OpenCable Host Device, Core Functional Requirements, OC-SP-HOST-CFR-I13-030707, Jul. 7, 2003.
OpenCable, HOST-POD Interface Specification, OC-SP-HOSTPOD-IF-113-030707, Jul. 7, 2003.
OpenCable Specification, Home Networking Protocol 2.0, OC-SP-HNP2.0-I01-08418, 2007.
OpenCable Specifications, Home Networking Security Specification, OC-SP-HN-SEC-DO1-081027, draft (Oct. 27, 2008).
Primergy BX300 Switch Blade user's manual, Fujitsu Corp., Sep. 30, 2002, first edition, pp. 1 to 20.
Real System Media Commerce Suite Technical White Paper, Copyright 2011, Real Networks, Inc., 16 pages, (http://www.realnetworkis).
RealSystem Media Commerce Suite Technical White Paper, Copyrgt, 2001 RealNetworks, Inc., http://www.realnetworks.com, 16 pages.
Van Moffaert, A., et al.< gwmw class=“ginger-module-highlighter-mistake-type-3” id=“gwmw-15487095623201874158750”>(</gwmw>“Digital Rights Management: DRM is a key enabler for the future growth of the broadband access market and the telecom/networking market in general”, Alcatel Telecommunications Review, Alcatel, Paris Cedex FR, Apr. 1, 2003, XP007005930ISSN; 8 pages.
Zhang, et al., “A Flexible Content Protection System for Media-On-Demand” Multimedia Software Engineering, 2002 Proceedings. Fourth International Symposium on Dec. 11-13, 2002, Piscataway, NJ, USAA, IEEE, Dec. 11, 2002, pp. 272-277, XP010632760ISBN: 978-0-7695-1857-2.

Related Publications (1)

	Number	Date	Country
	20190215310 A1	Jul 2019	US

Divisions (1)

	Number	Date	Country
Parent	10894884	Jul 2004	US
Child	13608969		US

Continuations (2)

	Number	Date	Country
Parent	14790456	Jul 2015	US
Child	16241857		US
Parent	13608969	Sep 2012	US
Child	14790456		US

Technique for securely communicating and storing programming material in a trusted domain

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

CPC

International Classifications

Disclaimer

Term Extension

Abstract