1. Field of the Invention
The present invention relates generally to data encryption, and more particularly to the encryption of broadcast programs such that unauthorized clone receivers cannot easily decrypt the programs.
2. Description of the Related Art
To prevent the unauthorized viewing and/or copying of, e.g. satellite or cable pay-per-view broadcast programs by non-paying customers, such programs typically are encrypted. Authorized customers are provided with so-called xe2x80x9cset top boxesxe2x80x9d that decrypt the programs in accordance with decryption algorithms inside the boxes. Various billing schemes are tied to the set-top boxes or other customer identification to ensure that authorized customers are billed for the programs they receive.
While effective for blocking access to many non-paying customers, such boxes can be cloned using relatively sophisticated cloning techniques, then sold to people who can then use the clones to watch and/or copy for free the otherwise pay-per-view programs. While it is occasionally possible to discover a single clone box, most remain undetected in users"" homes, leading to a loss of revenue for the broadcasters.
This loss of revenue is a growing problem, particularly with the growth of in-home digital video devices, because digital copies are perfect copies. Indeed, the growth of digital video has led to the introduction of a new digital bus standard referred to both as xe2x80x9cFirewirexe2x80x9d and xe2x80x9cIEEE 1394xe2x80x9d, which has been proposed to standardize the interconnections between a user""s digital television, digital video cassette recorder (VCR), digital video disk (DVD) player, and set-top box.
Because millions of set-top boxes might use the same decryption algorithm keys, it is not feasible to individually reprogram each authorized device with new decryption algorithm keys. Indeed, the only feasible way to reprogram millions of in-home decryption receivers of pay-per-view programs is to broadcast a new encryption algorithm key, but the unauthorized clones also receive the broadcast of the new key leading to the classic broadcast encryption conundrum: how can authorized receivers be efficiently reprogrammed with new decryption keys while disenfranchising unauthorized clones? It is to this problem that the present invention is addressed.
Accordingly, it is an object of the present invention to provide an encryption system for the secure broadcasting of programs. Another object of the present invention is to provide an encryption system that can broadcast encryption updates to authorized in-home digital video devices. Still another object of the present invention is to provide an encryption system that can update the encryption algorithms of authorized in-home digital video devices while preventing known unauthorized devices from being effectively updated. Yet another object of the present invention is to provide an encryption system for the secure broadcasting of programs that is easy to use and cost-effective.
A system is disclosed for encrypting one or more broadcast programs. The system includes plural user devices, each of which includes plural computer-usable device keys selected from a set of device keys. A session key block generator encrypts plural session numbers with the set of device keys to render a session key block, and at least one of the session numbers can be a dummy number when it is determined that at least one of the devices is a compromised device defining compromised device keys. The dummy number is encrypted by a compromised device key, and the session key block then transmitted for use in decrypting the program. A decryption module that is accessible to each user device can access the device keys of the device to determine a session key based on the session key block and the respective device keys of the device. This session key is usable by a user device to decrypt the program, unless the device has a compromised device key that consequently decrypts and uses the dummy number to generate the session key.
In a preferred embodiment, the set of device keys is representable be at least a two-dimensional matrix including a key distension and a sets distension. The key dimension represents xe2x80x9cNxe2x80x9d key positions, each represented by a key index variable xe2x80x9cixe2x80x9d, and the sets dimension represents xe2x80x9cMxe2x80x9d sets, each represented by a sets index variable xe2x80x9cjxe2x80x9d, such that each device key can be represented by the notation Sj,i. In accordance with principles set forth more fully below, no two device keys of a device have the same key index variable xe2x80x9cixe2x80x9d as each other.
In the preferred embodiment, a respective session number is provided for each key index variable xe2x80x9cixe2x80x9d such that each session number can be represented by xi. Each session number xi is encrypted only by device keys in the ith key dimension to render the session key block. Furthermore, each device uses its respective ith device key Sj,i to decrypt the ith session number, such that all devices not having the compromised device key generate at least a first session key and all devices having the compromised device key generate at least a second session key, only the first session key being useful in decrypting the program.
In a particularly preferred embodiment, devices that generate the first session key define a first pool and devices that generate the second session key define a second pool. Computer readable code means determine whether all devices in the first pool are not compromised devices and, if they are not compromised, encrypted renewal data is sent to all devices; only devices in the first pool are able to decrypt the renewal data and act on it correctly. The devices operate on the renewal data to generate new device keys. Moreover, computer readable code means determine whether all devices in the second pool are compromised devices and, if not, devices in the second pool are caused to generate a new session key using a different compromised device key.
In a still further feature of the preferred embodiment, a first set of non-compromised devices defines the first pool and a second set of non-compromised devices defines a third pool, such that each of the first and third pools do not contain any compromised device. To conserve bandwidth under such circumstances, computer readable code means cause devices in the first pool to replace their session key with the session key of the devices in the third pool. A computer-implemented method that undertakes the function of the system summarized above is also disclosed.
In another aspect, the invention is a general purpose computer programmed according to the inventive steps herein to encrypt broadcast data. The invention can also be embodied as an article of manufacturexe2x80x94a machine componentxe2x80x94that is used by a digital processing apparatus and which tangibly, embodies a program of instructions that are executable by the digital processing apparatus to encrypt broadcast transmissions. This invention is realized in a critical machine component that causes a digital processing apparatus to perform the inventive method steps herein.
In accordance with the present invention, the method steps include accessing a matrix of device keys Sj,i, wherein i=the integers from 1 to N inclusive and j=the integers from 1 to M inclusive. In accordance with present principles, xe2x80x9cixe2x80x9d is a key index variable indicating a position in a key dimension of the matrix, xe2x80x9cjxe2x80x9d is a sets index variable indicating a position in a sets dimension of the matrix, and xe2x80x9cNxe2x80x9d is the number of device keys in each of xe2x80x9cMxe2x80x9d sets of keys. Respective plural device keys from the matrix of device keys are assigned to a plurality of digital video devices, each of which is assigned one and only one device key for each key index variable xe2x80x9cixe2x80x9d. Furthermore, plural session numbers xi are generated, i=1 to N, and each session number xi corresponds to a respective key index variable xe2x80x9cixe2x80x9d. Each session number xi is encrypted with all device keys Sj,i, j=1 to M, to generate a session key block.
In another aspect, a decryption module is disclosed for a digital video device that is configured for receiving and presenting at least one digital program. The module includes computer readable code means for receiving a session key block that is representable by a matrix having at least dimensions xe2x80x9cixe2x80x9d and xe2x80x9cjxe2x80x9d. The session key block includes encrypted session numbers xi, i=1 to N, wherein each session key number xi is encrypted by xe2x80x9cjxe2x80x9d device keys Sj,i, j=1 to M. As used herein, xe2x80x9cNxe2x80x9d is the number of device keys in each of xe2x80x9cMxe2x80x9d sets of keys. Computer readable code means access plural local device keys, it being understood that the video device is assigned one and only one local device key for variable xe2x80x9cixe2x80x9d. Also, computer readable code means are provided for decrypting a session key from the session key block using the local device keys. A computer program product is also disclosed that has code means for undertaking the functions of the decryption module.,
The details of the present intention, both as to its structure and operation, can best be understood in reference to the accompanying drawings, in which like reference numerals refer to like parts, and in which: