초록 ▼

To afford copy protection for information, e.g. elementary streams, from a service provider while in transit between a point of deployment (POD) module and a set-top box, the information is accompanied by control information pairs. The pairs are respectively associated with the portions of the copy

To afford copy protection for information, e.g. elementary streams, from a service provider while in transit between a point of deployment (POD) module and a set-top box, the information is accompanied by control information pairs. The pairs are respectively associated with the portions of the copy protected information and are incorporated into a shared key calculation in the POD module and set-top box. The shared keys are used by the POD module and set-top box to encrypt and decrypt the information. Tampering with a control information pair, as by an intruder or hacker, prevents keys shared by the set-top box and POD module from matching. A mismatch prevents the set-top box from correctly decrypting information received from the deployment module.

대표청구항 ▼

The invention claimed is: 1. A system for copy protecting information, the system comprising: a point of deployment module; and a set-top box including; wherein the set-top box transmits a request message for information, the point of deployment module generates a reply message which includes at le

The invention claimed is: 1. A system for copy protecting information, the system comprising: a point of deployment module; and a set-top box including; wherein the set-top box transmits a request message for information, the point of deployment module generates a reply message which includes at least one control information pair, relating to the information, each control information pair having copy control information and a stream identifier, respectively generating a first key in the point of deployment module and a second key in the set-top box, using information associated with each respective device and the at least one control information pair, and the point of deployment module encrypting the information with the first shared key and transmitting the encrypted information to the set-top box, and the set-top box decrypting the encrypted information with the second shared key when the first and second shared keys match. 2. The system of claim 1, wherein to use the at least one control information pair in the generating of said second key the set-top box receives a transmission of said at least one control information pair, the respective copy control information of said at least one control information pair not being encrypted for the transmission. 3. The system of claim 1, wherein said stream identifier uniquely identifies an elementary stream that is assigned said copy control information. 4. The system of claim 3, wherein said stream identifier is within a Packetized Elementary Stream (PES) header of the elementary stream. 5. The system of claim 4, wherein the encrypted information to be transmitted to the set-top box includes said header, said set-top box being configured to retrieve said stream identifier from said header. 6. The system as recited in claim 1, wherein the information associated with each respective device is a random number generated by each respective device. 7. A method of copy protecting information transmitted between a deployment module and a host device, the method comprising the steps of: (a) transmitting a request message for the information from the host device to the deployment module; (b) transmitting a reply message from the deployment module to the host device, wherein the reply message includes at least one control information pair, each pair having a copy control information and a stream identifier; (c) generating a first shared key at the host and a second shared key at the deployment module, respectively, using information associated with each respective device and the at least one control information pair and an encryption means; (d) encrypting, in the deployment module, the information; (e) transmitting the encrypted information from the deployment module to the host; (f) decrypting, at the host, the encrypted information; and (g) receiving the information at the host when the first and second shared keys match. 8. The method of claim 7, wherein the deployment module is a point of deployment module. 9. The method of claim 7, wherein the host is a set-top box. 10. The method of claim 7, wherein the encryption means includes a hash function. 11. The method of claim 7, wherein the encrypted information in an elementary stream of information is encrypted with the first shared key. 12. The method of claim 11, wherein the stream identifier that is transmitted to the host is incorporated with the Packetized Elementary Stream (PES) header of the elementary stream. 13. The method of claim 7, wherein step b) is executed without encrypting said copy control information of said at least one control information pair. 14. A deployment module for use with a host device, the deployment module comprising: means for communicating with the host device; and a processor for, in response to a request message for information from the host device, generating a reply message to the host device, the reply message including at least one control information pair, each pair having copy control information and a stream identifier, generating a first shared key using information associated with the deployment module and the at least one control information pair, encrypting the information with the first shared key and transmitting the encrypted information to the host device. 15. The deployment module of claim 14, wherein the deployment module is selected from the group consisting of a point of deployment module, wireless data interface appliance, smartcard, personal computer or internet interface appliance. 16. The deployment module of claim 15, wherein the host device is a set-top box. 17. The deployment module of claim 16, wherein the encrypted information is transmitted to the host device using a transport stream, wherein the transport stream includes at least one elementary stream. 18. The deployment module of claim 17, wherein respective ones of the at least one control information pairs is associated with respective ones of the at least one elementary streams. 19. The deployment module of claim 14, wherein said copy control information of said at least one control information pair in the reply message is unencrypted upon transmission to the host device. 20. The deployment module of claim 14, wherein the information to be encrypted comprises content information. 21. The deployment module of claim 20, wherein said content information comprises content information of an elementary stream, said stream identifier being an identifier of an elementary stream. 22. A host device for use with a deployment module, the host device comprising: means for communicating with the deployment module; and a processor for generating a request message for information to the deployment module, and in response, receiving a reply message from the deployment module, wherein the reply message includes at least one control information pair, each pair having copy control information and a stream identifier, generating a second shared key using information associated with the host device and the at least one control information pair, and decrypting encrypted information, received from the deployment module, with the second shared key, and receiving the information when the second shared key matches a first shared key generated in the deployment module. 23. The host device of claim 22, wherein the deployment module is selected from the group consisting of a point of deployment module, wireless data interface appliance, smartcard, personal computer or internet interface appliance. 24. The host device of claim 23, wherein the host device is a set-top box. 25. The host device of claim 22, wherein the received encrypted information is included in a transport stream, wherein the transport stream includes at least one elementary stream. 26. The host device of claim 25, wherein respective ones of the at least one control information pairs is associated with respective ones of the at least one elementary streams. 27. The host device of claim 22, wherein said stream identifier uniquely identifies an elementary stream that is assigned said copy control information. 28. The host device of claim 27, wherein said stream identifier is within a Packetized Elementary Stream (PES) header of the elementary stream. 29. The host device of claim 28, wherein the encrypted information to be received includes said header, said host device being configured to retrieve said stream identifier from said header. 30. An article of manufacture comprising a computer readable medium in which resides a computer program, said article being part of a deployment module for use with a host device, said program comprising: instruction means for communicating with the host device; and instructions for, in response to a request message for information from the host device, generating a reply message to the host device, the reply message including at least one control information pair, each pair having copy control information and a stream identifier, generating a first shared key using information associated with the deployment module and the at least one control information pair, encrypting the information with the first shared key and transmitting the encrypted information to the host device.