Satellite (re)transmission of a restricted distribution television program relies upon transmission of an encrypted version of the program. The encrypted program is decrypted at the television receiver by a decryption chip or module that is provided for legitimate subscribers. Unfortunately, these decryption chips are often cloned without authorization, and the satellite television broadcasting industry estimates that as much as $8 billion in potential revenues is lost annually because of these clones. Various signal encryption schemes have been proposed by workers in this field.
Hermann, in U.S. Pat. No. 4,102,521, discloses a system for coding guidance signals that are produced at a central station and transmitted to a self-propelled vehicle, such as a missile or guidable satellite, that is to be guided or whose control surfaces are to be adjusted from time to time. The length of the coded signal is kept low, and transmission of the coded signal is immediately preceded by transmission of a noise signal with uniform power density per unit frequency interval, to frustrate attempts to jam or interfere with transmission and receipt of the coded signal. The coded signal, when received by the vehicle, is decoded and applied to guide or control the vehicle. The concern here is interference with receipt by the intended recipient (the vehicle) of the transmitted message, not receipt and comprehension of the guidance signal by some other entity. Coding and anti-interference measures, but not encryption and decryption, are employed.
Teeter et al disclose use of pseudo-noise modulations and specific address encoding to permit multiple conversations or signal transmissions between a central station and a plurality of vehicles, or between the vehicles, in U.S. Pat. No. 4,117,271. A receiver for such (broadcast) signals is provided with a filter that accepts only signals with the proper address coding and disposes of all other messages. The encoded address also identifies the source of the message. The inventors note that this technique is useful only over modest ranges and that the most suitable frequency range is tens of kilohertz up to tens of megahertz.
U.S. Pat. No. 4,205,343, issued to Barrett, discloses transmission of an enciphered television signal during a field blanking interval that can be received, recognized and deciphered by a viewer with an authorized signal decoder and deciphering key. A subset of television viewers, those with the decoder and particular key, can be addressed for particular messages or programs.
Stern et al, in U.S. Pat. No. 4,222,067, disclose a tamper-resistant subscription television signal descrambling system in which a security carrier signal causes a television receiver to receive a selected program or an adjacent channel program, depending on whether the subscriber is or is not authorized to receive the selected program. If the viewer attempts to tamper with the descrambling system, to retune the receiver to receive a program on an unauthorized channel, the security carrier signal interferes with and blocks reception of comprehensible signals on the unauthorized channel.
Provision of a television signal filter, arranged for maximum attenuation for channels that a receiver is not authorized to receive, is disclosed by Waldo in U.S. Pat. No. 4,286,288. Authorized channel signals have little or no attenuation. Any attempt to disable the filter results in blockage of signals on all channels.
Encryption using destination addresses using a TDMA satellite communications system is disclosed in U.S. Pat. No. 4,418,415, issued to Fennel et al. A common encryption/decryption key is held by all authorized users of a network. This key is EXclusively ORed with the specified destination address, and the output (digital) signal is passed through an encryption engine, on the satellite and at the intended ground-based receiver, using the same key or another key. The encryption engine output signal is then combined with the channel data to be transmitted in another EXclusive OR circuit and transmitted to the network users. Each of the receivers receives the message and reverses the encryption process, using its own destination address as part of the decryption key. However, only the (single) intended receiver produces a cleartext message that is comprehensible.
Hanas et al, in U.S. Pat. No. 4,709,266, disclose use of a satellite scrambling network to provide messages that are scrambled or encrypted differently for different geographical regions. This is useful for distributing scrambled video, voice and data subscriber messages. A master uplink message (ground-to-satellite) is used to control the scrambling or encryption commands that determine the scrambling applied to each geographical area and/or to groups of individual subscribers.
A cable television subscriber system with two-way telephone communication is disclosed in U.S. Pat. No. 4,710,955, issued to Kauffman. When a receiver transmits a request to view a particular television program, the headend determines if sufficient credits are available to pay for viewing the requested program. The requested program signals are descrambled only if sufficient credits are available.
A cable television security arrangement disclosed in U.S. Pat. No. 4,712,239, issued to Frezza et al, attaches a bootable checksum to the requested program signals transmitted to a requesting receiver. The receiver compares the received checksum with a checksum stored at the receiver. The signal descrambler is enabled only if the two checksums agree.
U.S. Pat. No. 4,739,510, issued to Jeffers et al, discloses insertion of digitized audio and control signals in the horizontal blanking intervals of a television signal. The control signals appear as frames or packets, with a header containing a group address, synchronization and program-related information. A second portion of the header, containing control information addressed only to one or more specified receiver units, allows control of certain receiver functions at the transmission end of the system. The system uses several tiers of message authorization levels and a common audio or video key that is encrypted differently for use by each receiving authorized receiver. An authorized receiver receives only the information intended for that receiver, and unauthorized receivers receive only a scrambled message.
A cable television system with signal descrambling circuits located remote from the subscriber's premises is disclosed by Dumbauld et al in U.S. Pat. No. 4,823,386. When a receiver requests viewing of a particular channel, the requested channel is compared with a list of channels authorized for viewing by that receiver. Signal descrambling occurs only if the requested channel is on the authorized list.
Horne, in U.S. Pat. No. 4,887,296, discloses a three-key cryptographic system for a direct broadcast satellite system, to be used in video broadcasting to a plurality of ground-based receivers, each having a unique address number. A signature key, which is an encryption using the address number for that receiver, is stored in the receiver at the time of manufacturing. At the transmitter, a common key is encrypted, using the unique signature key for a receiver that is targeted for a portion of the message to be transmitted. The data stream contains message portions intended for all receivers and message portions intended for, and decryptable only by, individual receivers. A target receiver decrypts its messages, using the common key and signature key used by the transmitter to encrypt the receiver's portions of the message.
Use of frequency hopping for transmission of cleartext cable television signals is disclosed in U.S. Pat. Nos. 4,912,760 and 5,014,309, issued to West et al. An assembly of off-premises voltage-controlled oscillators provides jamming of the transmitted signal for a requesting receiver if that receiver is not authorized to receive that program, as determined at the head end or at the VCO assembly. Use of addressable, remotely located signal traps or jammers for program signals transmitted in the clear is also disclosed by Barany in U.S. Pat. No. 4,937,865.
U.S. Pat. No. 4,916,737, issued to Chomet et al, discloses an anti-piracy television program scrambling/descrambling system that allows the encryption/decryption code to be changed periodically (e.g., once per month) by communication from the head end or central station. The receiver's decryption unit has an unalterable ROM portion, containing its unique serial or address number, and an EPROM portion, containing an alterable ROM portion with a look-up table that can be changed by receipt of special signals from the head end.
Kolbert discloses use of parallel transmission of "real" data and "junk" data to all recipients, to mask which user is the intended recipient of a message, in U.S. Pat. No. 4,932,057. The system is intended to be used where several different systems on an aircraft (e.g., communication, navigation, visual display) receive different subsets of data, some of which are confidential. The radiation produced by transmission along hardwired circuits in parallel allegedly masks the message and the intended recipient.
Transmission of a television program signal together with a general addressing control message and a shared or special addressing control message is disclosed by Guillou et al in U.S. Pat. No. 4,947,428. The special message determines which receivers can view the transmitted signal and is reconfigurable at any time.
U.S. Pat. No. 4,972,431, issued to Keegan, discloses a method of decryption of encrypted P-code signals in a Global Positioning System (GPS). The encrypted binary signals are squared using a relatively narrow bandwidth so that each GPS satellite signal can be separated from the other signals and so that the GPS carrier phase and pseudorange signals can be recovered from the composite signal. The signal-to-noise ratio is kept reasonably high so that very weak signals can be received and analyzed.
An encrypted satellite communications system with relatively easy rekeying is disclosed by Leopold in U.S. Pat. No. 4,993,067. The contemplated system provides communications between a satellite and all ground receivers in a defined geographic area. A message received by or from a receiver located in an improper receiver area is discarded. A designated ground receiver transmits a rekeying request to the satellite. The satellite determines whether the rekeyed areas correspond to geographically permitted areas. If the answer is affirmative, the satellite transmits rekeying instructions to change the geographical configuration of the ground-based receivers, either immediately or at a previously selected time.
Geographically defined lock-out of direct broadcast satellite signals, such as pay-per-view television, is also disclosed by Jeffers et al in U.S. Pat. No. 5,036,537. Before the broadcast, each receiver in the geographic area intended to be locked out is addressed and prevented from receiving that broadcast, using a blackout tier system that determines which receivers are to be locked out, based upon a designation code assigned to that receiver.
U.S. Pat. No. 5,113,443, issued to Brockman, discloses a method for scrambling a satellite communication by (1) encoding and modulating different portions of the communication signals onto different carrier frequencies to form a total signal and (2) transmitting the total signal to a ground station using the different frequency channels. The ground station receives the transmitted signal, decodes the individual channel signals using the known carrier frequencies, and accumulates the signal as a decoded whole. Only an authorized ground station possessing a key can decode and properly sum the received signals to produce the message originally transmitted from the satellite.
Esserman et al disclose signal encryption apparatus for satellite communications that generates a plurality of distinct keys, in U.S. Pat. No. 5,115,467. A secret common key is combined with distinct parameter data (unique to a particular station) to produce a distinct key for communications transmitted to that station.
A global communications system for transmitting encrypted messages to each of a plurality of different geographic areas is disclosed by Davis et al in U.S. Pat. No. 5,129,095. One or more satellites communicates with ground stations in each distinct geographic area by use of identification words on different channels. The system is intended for use in paging selected users in a plurality of countries.
In U.S. Pat. No. 5,221,925, Cross discloses a location interrogation system in which a mobile unit, upon receipt of an interrogation signal, transmits its present location in a conventionally encoded format to a central station that has issued the interrogation signal, to assist in tracking the mobile unit.
Bestler et al, in U.S. Pat. No. 5,231,664, disclose provision of a descrambling authorization signal in the vertical blanking intervals during transmission of a scrambled cable television program. A decoder at a requesting receiver examines the authorization signal, determines if this receiver is authorized to receive this program or channel, and descrambles the transmitted program signal only if this receiver is so authorized.
A verification procedure for mobile stations in a cellular network is disclosed by Raith in U.S. Pat. No. 5,237,612. In response to receipt of a random challenge signal or interrogation, the mobile station transmits to the central station a first response signal, depending only upon an unchanging, commonly-held encryption key, and a second response signal, dependent upon a changeable encryption key. The first and second response signals are analyzed by an authentication algorithm to authenticate, or deny authentication to, the putative mobile station.
A communication system for control of access to a location-sensitive remote database is disclosed in U.S. Pat. No. 5,243,652, issued to Teare et al. A central station stores and transmits encrypted television material whose encryption key is available only for a viewers in a specified geographical area, as determined by a GPS or Loran location determination system.
Transmission of encrypted information packages from a central site to a remote site, in response to receipt of a request for specified information from that site, is disclosed in U.S. Pat. No. 5,247,575, issued to Sprague et al. The encryption key is changed periodically (e.g., weekly) and does not depend upon any past information.
Goldfine et al disclose a financial or telephone service transaction authentication system, in U.S. Pat. No. 5,343,529, in which any attempt to gain access to a protected system is thereafter answered and controlled by a centralized authentication agency. In response, the agency issues an identification request, requesting information that is unique to that request; a subsequent attempt by that person to gain access would require submission of different information. If the information supplied by the access seeker matches the information on file, the access seeker identity is authenticated and access is granted.
In U.S. Pat. No. 5,347,580, Molva et al disclose an authentication method using a smartcard to encrypt the presently displayed time with a cryptographically strong key. A public work station receives the encrypted time message, generates one or more values from this message, and further encrypts and/or transmits these values to a server station. The server station uses the received values to authenticate the holder of the smartcard and to accept or reject a message or command from the holder.
A remote control transmitter-receiver pair that cooperatively implement a code transmission sequence that minimizes energy use and protects the communication channel from unauthorized access is disclosed in U.S. Pat. No. 5,349,459, issued to Reed. The transmitter issues a specified sequence of start/stop pulses of different lengths, similar to pulse code modulation, which are received by the receiver and compared with a copy of this sequence. If the sequences agree, the receiver authenticates the transmitter and opens the secured channel to receive the remainder of the message.
Generation of two pseudorandom numbers, each generated by an independently chosen number of iterations, is the basis for a cryptographic authentication system disclosed by Koopman et al in U.S. Pat. No. 5,363,448. The two pseudorandom numbers are concatenated and encrypted into a single word. This word is transmitted by or on behalf of a person seeking access to a protected system, and the word is decrypted and deconcatenated to produce the two pseudorandom numbers, for comparison and authentication purposes. Immediately after the concatenated and encrypted word is received, the receiving system locks out receipt of any additional signals for a selected time interval, such as 0.5 sec. Thus, breach of the protected system by rapid, exhaustive, numerical trials is made difficult or impossible.
Blume discloses a system to allow a space platform to distinguish between a friendly object and an unfriendly object in U.S. Pat. No. 5,382,957. The platform, which includes a GPS receiver/processor and antenna, transmits an encrypted interrogation signal to the object, which can be positioned tens or hundreds of kilometers from the platform, requesting certain information including the location coordinates of the object. Simultaneously, the platform uses high directivity radar and line of sight measurements to estimate the object range and the object location coordinates, using the platform's GPS-based knowledge of its own location. A friendly object will reply to the encrypted interrogation signal with an authenticating reply, including the GPS-determined location coordinates of the object. A receiver on the platform receives the object location coordinates from the object and compares these coordinates with its own estimate of the object location coordinates. If the object-supplied object location is within a determinable distance of the platform-supplied object location and all other authenticating replies from the object are appropriate, the platform authenticates the object as a "friendly" object.
Several of these approaches provide an encryption method that may be used to withhold decryption of an encrypted message for a receiver not in a geographically selected region, such as a time zone (roughly 1,200-1,600 kilometers in a direction measured parallel to the equator) or selected broadcast zone. However, none of these approaches provides a method for withholding decryption of an encrypted message by a receiver that is not within a small distance D, such as 200 meters or less, of a selected location. To achieve this with many of the approaches summarized above would require provision of an enormous number of special codes, with a unique code being provided for each individual receiver. Further, most of these approaches would require replacement or extensive reconfiguring of a decryption system, if a change in the group of authorized channels or in the group of unauthorized channels is to be implemented. Further, most of these approaches are applicable to cable transmission but not to over-the-air transmission of the program signals. What is needed is an approach that allows decryption of an encrypted over-the-air message to be withheld at any otherwise-appropriate receiver that is not within a selected small distance D of a licensed site or location for receipt and viewing of the message or program. This approach should not require provision of a separate code for each receiver, and the location of a licensed site should be easily changeable without major surgery on the signal transmission system. This approach should allow easy reconfiguring of the decryption system to allow relocation of an authorized receiver and to implement a change in the group of authorized channels or in the group of unauthorized channels.