The present invention relates generally to security apparatus for information processing systems, and more particularly to signal encryption apparatus for generating time varying common and distinct keys from a generating key.
There are many schemes available for controlling the remote descrambling of television signals. Such schemes are necessary to maintain security in subscription television systems, including cable television systems and satellite television systems. Typically, a system subscriber is provided with a descrambler connected between a television signal source (e.g., cable feed or satellite receiver) and a television set. Each subscriber's descrambler is remotely accessed by the system operator to enable or disable the receipt of specific services such as the Home Box Office movie channel or special pay-per-view sports events. One problem with such systems is that "pirates" are apt to break the system security and sell "black boxes" that enable the reception of all programming without paying for the services received. It has been difficult and expensive for system operators to contend with the piracy problem.
Various systems have been designed to make piracy more difficult. One such system is disclosed in U.S. Pat. No. 4,613,901 to Gilhousen, et al entitled "Signal Encryption and Distribution System for Controlling Scrambling and Selective Remote Descrambling of Television Signals", incorporated herein by reference. In the Gilhousen, et al system, various cryptographic keys are provided for use in providing an encrypted television signal. Among the keys described are category keys, each common to a different subset of subscriber descramblers. It is also known to provide program keys, in which each television program has a specific key associated therewith that is necessary to descramble the particular program signal.
It is known to generate category keys and program keys as a simple function of time. For example, category keys can be a function of a category epoch start time. The category keys are periodically changed, and at each change the category epoch start time is updated for use in generating the category keys. Similarly, program keys have been generated using a program epoch start time, which is updated each time a new program epoch starts.
The generation of category keys and program keys from corresponding epoch start times may result in insecure keys, in that all inputs are publicly available quantities. Therefore, a system using such an algorithm may be subject to piracy once the category and program keys are ascertained.
It would be advantageous to provide an improved system in which security does not rely on the generation of keys from simple time functions. It would be further advantageous if such a system provided generation of a plurality of keys using a common generating key. Hardware simplification and cost reductions could then be achieved. In addition, it would be advantageous to provide a system wherein the same common keys are generated at different sites without the need for communication between the sites.
The present invention provides signal encryption apparatus having the aforementioned advantages.