CA2318026C - Encryption synchronisation for use with data streams - Google Patents
Encryption synchronisation for use with data streams Download PDFInfo
- Publication number
- CA2318026C CA2318026C CA 2318026 CA2318026A CA2318026C CA 2318026 C CA2318026 C CA 2318026C CA 2318026 CA2318026 CA 2318026 CA 2318026 A CA2318026 A CA 2318026A CA 2318026 C CA2318026 C CA 2318026C
- Authority
- CA
- Canada
- Prior art keywords
- packet
- heart beat
- stream
- packets
- cryptoperiod
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Synchronisation In Digital Transmission Systems (AREA)
Abstract
A method of ensuring synchronization of the encryption of a stream of data packets from a transmission end and the decryption of the stream of data packets at a reception end. The stream is encrypted by a changing encryption key. The method is comprised of inserting at least one heart beat packet in the stream per cryptoperiod, receiving the heart beat packets at the reception end, removing the heart beat packets from the data stream at the reception end, wherein the encryption key is changed once per cryptoperiod.
Description
ENCRYPTION SYNCHRONISATION FOR USE WITH DATA STREAMS
Field of the Invention The invention relates to encryption and decryption methods for data streams and, more particularly, to methods and devices for synchronizing the encryption and decryption keys between a transmission end and a reception end.
Background to the Invention In the field of encrypted digital transmissions, synchronizing the encryption keys between the transmission end and the reception end can be a problem.
In the field of DVB (Digital Video Broadcasting), the currently accepted DVB standards are silent on how to accomplish this. The current standards assume that there is a constant data stream between the transmission end and the reception end. Because the encryption keys are periodically changed, there is a need to synchronize between the transmission end and the reception end.
Normally, this synchronization is not ditficult if one assumes a constan-t data stream -- the system becomes self-synchronizing. The system only needs to synchronize once -- usually at the beginning of the transmission stream -- and this synchronicity is maintained during the constant transmission. However, the use of DVB for ends other than video or audio broadcasting -- such as data transmissions -- has led to some problems.
Synchronization between the ends is normally . -- --------- - - _ _ . _ ,.....~~
accomplished thus: the reception end knows the transmission rate and the timing of the transmission end. After a set amount of time, - known as the crytoperiod - the encryption keys are changed. In any given crytoperiod, the transmission end continuously sends ECM (Entitlement Control Message) packets to the reception end through the ECM channel. The ECM packets contain the decryption key for the immediately succeeding cryptoperiod. The reception end receives these ECM packets and can prepare for the new decryption key. Once the transmission end signals the reception end that the current cryptoperiod had ended and that the encryption keys need to be replaced, the reception end switches to the new decryption key. Thus, for cryptoperiod n, the reception end receives the key for cryptoperiod n+1, for cryptoperiod n+l, the reception end receives the keys for cryptoperiod n+2, and so on.
However, the reception end only checks the ECM channel for ECM packets if there is data in the data stream. If the data packets are not received by the reception end, then the reception end does not check the ECM channel for ECM packets. If the data stream is constant, the transmission end and the reception enci do not encounter any problems as.the reception end simply keeps receiving one new encryption key per cryptoperiod through the ECM
packets.
However, if the data stream is interrupted, the reception end has no data packets to process from the transmission end. When the data stream resumes, the synchronicity of encryption key pairs between the reception end and the transmission end is lost. The reception end will thus need to resynchronize with the
Field of the Invention The invention relates to encryption and decryption methods for data streams and, more particularly, to methods and devices for synchronizing the encryption and decryption keys between a transmission end and a reception end.
Background to the Invention In the field of encrypted digital transmissions, synchronizing the encryption keys between the transmission end and the reception end can be a problem.
In the field of DVB (Digital Video Broadcasting), the currently accepted DVB standards are silent on how to accomplish this. The current standards assume that there is a constant data stream between the transmission end and the reception end. Because the encryption keys are periodically changed, there is a need to synchronize between the transmission end and the reception end.
Normally, this synchronization is not ditficult if one assumes a constan-t data stream -- the system becomes self-synchronizing. The system only needs to synchronize once -- usually at the beginning of the transmission stream -- and this synchronicity is maintained during the constant transmission. However, the use of DVB for ends other than video or audio broadcasting -- such as data transmissions -- has led to some problems.
Synchronization between the ends is normally . -- --------- - - _ _ . _ ,.....~~
accomplished thus: the reception end knows the transmission rate and the timing of the transmission end. After a set amount of time, - known as the crytoperiod - the encryption keys are changed. In any given crytoperiod, the transmission end continuously sends ECM (Entitlement Control Message) packets to the reception end through the ECM channel. The ECM packets contain the decryption key for the immediately succeeding cryptoperiod. The reception end receives these ECM packets and can prepare for the new decryption key. Once the transmission end signals the reception end that the current cryptoperiod had ended and that the encryption keys need to be replaced, the reception end switches to the new decryption key. Thus, for cryptoperiod n, the reception end receives the key for cryptoperiod n+1, for cryptoperiod n+l, the reception end receives the keys for cryptoperiod n+2, and so on.
However, the reception end only checks the ECM channel for ECM packets if there is data in the data stream. If the data packets are not received by the reception end, then the reception end does not check the ECM channel for ECM packets. If the data stream is constant, the transmission end and the reception enci do not encounter any problems as.the reception end simply keeps receiving one new encryption key per cryptoperiod through the ECM
packets.
However, if the data stream is interrupted, the reception end has no data packets to process from the transmission end. When the data stream resumes, the synchronicity of encryption key pairs between the reception end and the transmission end is lost. The reception end will thus need to resynchronize with the
2 transmission end by waiting for a new encryption key.
This is accomplished by the reception end waiting for the current cryptoperiod to end so that the reception end may receive a new encryption key from the transmission end. However, this delay -- caused by the reception end having to wait until the current cryptoperiod ends and having to wait until it receives a new encryption key -- is problematic. This delay may take up to two full cryptoperiods (wait for the current cryptoperiod to end and wait for the next cryptoperiod to end while receiving the next key). Since the normal cryptoperiod is of the order of 15 seconds, this delay could be as much as two cryptoperiods -- a delay of 30 seconds. During this delay, all data transmitted is lost.
From the above, it is clear that there is a need to overcome the drawbacks of the current DVB system for bursty data transmissions. The delays associated with the resynchronization problem need to be overcome and, if possible, eliminated.
Summary of the Invention The invention provides methods..arid systems which overcome the problQms_outlined above. The transmission end inserts into the data stream at least one "heart beat" packet per cryptoperiod. This packet carries no data and performs no other function except to ensure proper cryptoperiod synchronization. Even with a bursty data stream, the heart beat packet -- which may not necessarily contain data -- allows the reception end to maintain synchronization with the transmission end. The presence of at least one packet in the data stream
This is accomplished by the reception end waiting for the current cryptoperiod to end so that the reception end may receive a new encryption key from the transmission end. However, this delay -- caused by the reception end having to wait until the current cryptoperiod ends and having to wait until it receives a new encryption key -- is problematic. This delay may take up to two full cryptoperiods (wait for the current cryptoperiod to end and wait for the next cryptoperiod to end while receiving the next key). Since the normal cryptoperiod is of the order of 15 seconds, this delay could be as much as two cryptoperiods -- a delay of 30 seconds. During this delay, all data transmitted is lost.
From the above, it is clear that there is a need to overcome the drawbacks of the current DVB system for bursty data transmissions. The delays associated with the resynchronization problem need to be overcome and, if possible, eliminated.
Summary of the Invention The invention provides methods..arid systems which overcome the problQms_outlined above. The transmission end inserts into the data stream at least one "heart beat" packet per cryptoperiod. This packet carries no data and performs no other function except to ensure proper cryptoperiod synchronization. Even with a bursty data stream, the heart beat packet -- which may not necessarily contain data -- allows the reception end to maintain synchronization with the transmission end. The presence of at least one packet in the data stream
3 Provides the reception end with one packet to process per cryptoperiod even if the data source is not providing data to the data stream. Thus, the reception end can maintain synchronicity with the transmission end and, because of the inserted packet, can ensure proper cryptoperiod encryption key transitions.
According to a first broad aspect of an embodiment of the present invention, there is disclosed a method of ensuring synchronization of encryption of a stream of data packets from a transmission end and decryption of the stream of data packets at a reception end in a digital video broadcast conditional access system (DVB-CAS), said stream being encrypted by a changing encryption key and decrypted by a changing decryption key, the method comprising:
- inserting at least one heart beat packet in the stream per cryptoperiod, - receiving the heart beat packets at the reception end, - removing the heart beat packets from the data stream at the reception end, wherein the encryption and decryption keys are changed once per cryptoperiod.
According to a second broad aspect of an embodiment of the present invention, there is disclosed a system for ensuring synchronization of a stream of data packets in a digital video broadcast conditional access system (DVB-CAS), the system comprising:
at.= a transmi s s i on end :
- transmission means foi transmitting data packets to a reception end,.
-. packbt irisertion means for inserting a.heart beat packet in tb.e send stream, - encryptiozi means for encrypting data packets p.rio.r to bei'ng 'transmitted to the reception end; said encrypti.ozn means us.ing an encryption key for encrypting the data packets, at the reception end:
- reception means for receiving data packets from the transmission end,
According to a first broad aspect of an embodiment of the present invention, there is disclosed a method of ensuring synchronization of encryption of a stream of data packets from a transmission end and decryption of the stream of data packets at a reception end in a digital video broadcast conditional access system (DVB-CAS), said stream being encrypted by a changing encryption key and decrypted by a changing decryption key, the method comprising:
- inserting at least one heart beat packet in the stream per cryptoperiod, - receiving the heart beat packets at the reception end, - removing the heart beat packets from the data stream at the reception end, wherein the encryption and decryption keys are changed once per cryptoperiod.
According to a second broad aspect of an embodiment of the present invention, there is disclosed a system for ensuring synchronization of a stream of data packets in a digital video broadcast conditional access system (DVB-CAS), the system comprising:
at.= a transmi s s i on end :
- transmission means foi transmitting data packets to a reception end,.
-. packbt irisertion means for inserting a.heart beat packet in tb.e send stream, - encryptiozi means for encrypting data packets p.rio.r to bei'ng 'transmitted to the reception end; said encrypti.ozn means us.ing an encryption key for encrypting the data packets, at the reception end:
- reception means for receiving data packets from the transmission end,
4 - packet sensing means for detecting heart beat packets in the receive stream, = packet discarding'means for discarding heart beat packets detected by the packet sensing means from the receive stream, - decryption means for decrypting data packets after being received by the reception means, said Brief Descri,ptiOn of the Draw~,~gs A better understanding of the invention may be 20 obtained by reading the detailed description of the invention below, in conjunction with the following drawings, in which-:
Fig. .1 is an illustration of a transmission system accordin.g to the prior art;
25 Fig. 2 illustrates a transmission system according -to an 'emboazment of the invenf'ion.
Detailed Description of the Preferred Embodiment Referring to Fig 1, a typical,digital transmission 30 system 5 is illustrated. A data source 10 feeds data to a transmission end 20. Within the transmission end 2'0, an encryption module 30 encrypts the data and sends the encrypted data to a modulator 40 for subsequent transmission via a transport medium 50 to a reception end 60. At the reception end 60, a demodulator 70 demodulates the transmitted signal and feeds it to a decryption module 80. The decryption module 80 decrypts the signal and sends the decrypted data to a user 90.
In applications requiring it, the encryption module 30 also performs an encapsulation function. The data is encapsulated so it can be formatted for packaging as packets.
It should be noted that the above described transmissiori system can be used for audio, video, or data transmissions. In applications involving audio and video transmissions, the encryption and decryption modules are termed as the scrambling and descrambling modules but their functions are similar. Also, as described above, the encryption keys used by the encryption module 30 and the decryption module 80 are changed once per cryptoperiod. A cryptoperiod is defined as the time period for which a specific set of encryption/decryption keys are active. As an example, a first cryptoperiod may use encryption/decryption key set A while a second cryptoperiod may use encryption/decryption key set B. Ideally, each encryption/decryption key set is different for each cryptoperiod.
Referring to Fig 2, similar components as in Fig 1 are referenced with similar reference numbers. In Fig 2 an embodiment of the invention is illustrated. In this embodiment of the invention, a packet insert module 100 inserts heart beat packets into the data stream 110.
This insertion of heart beat packets is carried out at a _ _ .!~
rate to ensure that at least one heart beat packet is inserted per cryptoperiod. Regardless of whether the data stream 110 is active or has data, the heart beat packet is inserted.
On the other end of the transmission system 5, the reception end 60 receives the data stream 110 and demodulates and decrypts it. However, a packet checking and discard module 120 checks the decrypted data stream 130 for heart beat packets. If a heart beat packet is found, the packet checking and discard module 120 discards this heart beat packet as it is not part of the regular data stream. The decrypted data stream 140, now without the heart beat packets, is then sent to the user 90. Again, in applications which require it, the user 90 may deencapsulate the data and perform other data synchronization functions.
To alert the packet checking and discard module 120 to the presence of an heart beat packet, a specific bit in the heart beat packet may be set. This will reduce the amount of time required for the packet checking and discard module 120 to check data packets --all the packet checking and discard module 120 has to do is check if a specific bit o'r bit pattern is set in the header field of'the incoming data packet. If the bit or bit pattern is set, the data packet is a heart beat packet and must be discarded. Also, to reduce the transmission overhead required by the heart beat packets, it is preferred that the heart beat packet not contain any appreciable data. A header in the heart beat packet would have the same packet identification as a legitimate data packet but does not contain any appreciable data and, as a whole, is of negligible size.
_...~1 _._...........
In the embodiments described above, different configurations can be envisioned. The data source 10 can be a video, audio, or data stream source. If the source is a data stream source, the encryption/
decryption modules would provide a secure transmission channel for the data stream between two networks. The transport medium can be a satellite link, a cable network, optical fiber or any suitable media for transmitting digital signals.
In a preferred embodiment, the reception end and the transmission end synchronize encryption/decryption keys by having the transmission end signal when a change in encryption/decryption keys is required. Thus, in the DVB application of the preferred embodiment, the transmission system uses two encryption key control bit patterns. An odd control bit pattern sent by the transmission end to the reception end notifies the reception end that the current encryption/decryption set is active. Then, when the cryptoperiod has lapsed, the transmission end sends an even control bit pattern to the reception end. This signals the reception end that a new encryption/decryption set is active. The reception end then activates the new decryption set received during the previous cryptoperiod. However, if there are no data packets in the data stream, the reception end loses track of the transmission end's transmission of the new keys -- there is no data stream to trigger a checking of the ECM channel. With the heart beat packet, there is enough traffic on the data stream for the reception end to keep checking the ECM
channel and to keep track of the keys. Without the heart beat packet, the reception end would, after it loses the synchronization and after the data stream has traffic, wait for the current cryptoperiod to end, receive a new key and wait for that new key to be activated. Only then would the reception end be able to start decrypting the data stream.
Also in a preferred embodiment, the transport packet header for a heart beat packet would have the value of 10 as the entry for the adaptation_field _ control field, indicating the absence of a payload for the heart beat packet. For this embodiment, the adaptation_field_length entry in the adaptation field would be set to 0, indicating a zero length adaptation field. However, it should be noted that other fields or portions of either the header or other parts of the data packet can be used to indicate that the packet is a heart beat packet.
The invention can be implemented in any packet based transmission system which requires the synchronization of a changing characteristic between the transmission end and the reception end. The invention finds particular usefulness in unidirectional transmission systems. In a projected application, the invention is implemented in a point-to-multipoint satellite broadcast system. In this application, the invention is implemented as part of the conditional access system that controls subscriber access to the broadcast services. The reception end would reside in a conditional access module in a receiver while the transmission end would reside in a service provider transmitter uplinking data to a satellite for downlinking to multiple receivers.
A person understanding the above-described invention may now conceive of alternative designs, using the principles described herein. All such designs which fall within the scope of the claims appended hereto are considered to be part of the present invention.
Fig. .1 is an illustration of a transmission system accordin.g to the prior art;
25 Fig. 2 illustrates a transmission system according -to an 'emboazment of the invenf'ion.
Detailed Description of the Preferred Embodiment Referring to Fig 1, a typical,digital transmission 30 system 5 is illustrated. A data source 10 feeds data to a transmission end 20. Within the transmission end 2'0, an encryption module 30 encrypts the data and sends the encrypted data to a modulator 40 for subsequent transmission via a transport medium 50 to a reception end 60. At the reception end 60, a demodulator 70 demodulates the transmitted signal and feeds it to a decryption module 80. The decryption module 80 decrypts the signal and sends the decrypted data to a user 90.
In applications requiring it, the encryption module 30 also performs an encapsulation function. The data is encapsulated so it can be formatted for packaging as packets.
It should be noted that the above described transmissiori system can be used for audio, video, or data transmissions. In applications involving audio and video transmissions, the encryption and decryption modules are termed as the scrambling and descrambling modules but their functions are similar. Also, as described above, the encryption keys used by the encryption module 30 and the decryption module 80 are changed once per cryptoperiod. A cryptoperiod is defined as the time period for which a specific set of encryption/decryption keys are active. As an example, a first cryptoperiod may use encryption/decryption key set A while a second cryptoperiod may use encryption/decryption key set B. Ideally, each encryption/decryption key set is different for each cryptoperiod.
Referring to Fig 2, similar components as in Fig 1 are referenced with similar reference numbers. In Fig 2 an embodiment of the invention is illustrated. In this embodiment of the invention, a packet insert module 100 inserts heart beat packets into the data stream 110.
This insertion of heart beat packets is carried out at a _ _ .!~
rate to ensure that at least one heart beat packet is inserted per cryptoperiod. Regardless of whether the data stream 110 is active or has data, the heart beat packet is inserted.
On the other end of the transmission system 5, the reception end 60 receives the data stream 110 and demodulates and decrypts it. However, a packet checking and discard module 120 checks the decrypted data stream 130 for heart beat packets. If a heart beat packet is found, the packet checking and discard module 120 discards this heart beat packet as it is not part of the regular data stream. The decrypted data stream 140, now without the heart beat packets, is then sent to the user 90. Again, in applications which require it, the user 90 may deencapsulate the data and perform other data synchronization functions.
To alert the packet checking and discard module 120 to the presence of an heart beat packet, a specific bit in the heart beat packet may be set. This will reduce the amount of time required for the packet checking and discard module 120 to check data packets --all the packet checking and discard module 120 has to do is check if a specific bit o'r bit pattern is set in the header field of'the incoming data packet. If the bit or bit pattern is set, the data packet is a heart beat packet and must be discarded. Also, to reduce the transmission overhead required by the heart beat packets, it is preferred that the heart beat packet not contain any appreciable data. A header in the heart beat packet would have the same packet identification as a legitimate data packet but does not contain any appreciable data and, as a whole, is of negligible size.
_...~1 _._...........
In the embodiments described above, different configurations can be envisioned. The data source 10 can be a video, audio, or data stream source. If the source is a data stream source, the encryption/
decryption modules would provide a secure transmission channel for the data stream between two networks. The transport medium can be a satellite link, a cable network, optical fiber or any suitable media for transmitting digital signals.
In a preferred embodiment, the reception end and the transmission end synchronize encryption/decryption keys by having the transmission end signal when a change in encryption/decryption keys is required. Thus, in the DVB application of the preferred embodiment, the transmission system uses two encryption key control bit patterns. An odd control bit pattern sent by the transmission end to the reception end notifies the reception end that the current encryption/decryption set is active. Then, when the cryptoperiod has lapsed, the transmission end sends an even control bit pattern to the reception end. This signals the reception end that a new encryption/decryption set is active. The reception end then activates the new decryption set received during the previous cryptoperiod. However, if there are no data packets in the data stream, the reception end loses track of the transmission end's transmission of the new keys -- there is no data stream to trigger a checking of the ECM channel. With the heart beat packet, there is enough traffic on the data stream for the reception end to keep checking the ECM
channel and to keep track of the keys. Without the heart beat packet, the reception end would, after it loses the synchronization and after the data stream has traffic, wait for the current cryptoperiod to end, receive a new key and wait for that new key to be activated. Only then would the reception end be able to start decrypting the data stream.
Also in a preferred embodiment, the transport packet header for a heart beat packet would have the value of 10 as the entry for the adaptation_field _ control field, indicating the absence of a payload for the heart beat packet. For this embodiment, the adaptation_field_length entry in the adaptation field would be set to 0, indicating a zero length adaptation field. However, it should be noted that other fields or portions of either the header or other parts of the data packet can be used to indicate that the packet is a heart beat packet.
The invention can be implemented in any packet based transmission system which requires the synchronization of a changing characteristic between the transmission end and the reception end. The invention finds particular usefulness in unidirectional transmission systems. In a projected application, the invention is implemented in a point-to-multipoint satellite broadcast system. In this application, the invention is implemented as part of the conditional access system that controls subscriber access to the broadcast services. The reception end would reside in a conditional access module in a receiver while the transmission end would reside in a service provider transmitter uplinking data to a satellite for downlinking to multiple receivers.
A person understanding the above-described invention may now conceive of alternative designs, using the principles described herein. All such designs which fall within the scope of the claims appended hereto are considered to be part of the present invention.
Claims (14)
1. A method of ensuring synchronization of encryption of a stream of data packets from a transmission end and decryption of the stream of data packets at a reception end in a digital video broadcast conditional access system (DVB-CAS), said stream being encrypted by a changing encryption key and decrypted by a changing decryption key, the method comprising.:
- inserting at least one heart beat packet in the stream per cryptoperiod, - receiving the heart beat packets at the reception end, - removing the heart beat packets from the data stream at the reception end, wherein the encryption and decryption keys are changed once per cryptoperiod.
- inserting at least one heart beat packet in the stream per cryptoperiod, - receiving the heart beat packets at the reception end, - removing the heart beat packets from the data stream at the reception end, wherein the encryption and decryption keys are changed once per cryptoperiod.
2. A method as in claim 1 wherein the heart beat packet is an empty data packet.
3. A method as in claim 1 further including detecting the heartbeat packets at the reception end.
4. A method as in claim 3 further including checking a header field of an incoming data packet to determine if said incoming data packet is a heart beat packet.
5. A method as in claim 4 wherein a presence of a specific bit pattern in the header of an incoming data packet indicates to a packet sensing means that said incoming data packet is a heart beat packet.
6. A method as in claim 4 wherein a set specific bit in the header of an incoming data packet indicates to a packet sensing means that said incoming data packet is a heart beat packet.
7. A method as in claim 1 wherein a decryption key for decrypting the encrypted data stream for a first cryptoperiod is received by the reception end during a second cryptoperiod, said second cryptoperiod immediately preceding said first cryptoperiod.
8. A system for ensuring synchronization of a stream of data packets in a digital video broadcast conditional access system (DVB-CAS), the system comprising:
at a transmission end:
- transmission means for transmitting data packets to a reception end, - packet insertion means for inserting a heart beat packet in the send stream, - encryption means for encrypting data packets prior to being transmitted to the reception end, said encryption means using an encryption key for encrypting the data packets, at the reception end:
- reception means for receiving data packets from the transmission end, - packet sensing means for detecting heart beat packets in the receive stream, - packet discarding means for discarding heart beat packets detected by the packet sensing means from the receive stream, - decryption means for decrypting data packets after being received by the reception means, said decryption means using a decryption key related to the encryption key, wherein - the packet insertion means inserts at least one heart beat packet in the send stream per cryptoperiod - the encryption means changes encryption keys once per cryptoperiod.
at a transmission end:
- transmission means for transmitting data packets to a reception end, - packet insertion means for inserting a heart beat packet in the send stream, - encryption means for encrypting data packets prior to being transmitted to the reception end, said encryption means using an encryption key for encrypting the data packets, at the reception end:
- reception means for receiving data packets from the transmission end, - packet sensing means for detecting heart beat packets in the receive stream, - packet discarding means for discarding heart beat packets detected by the packet sensing means from the receive stream, - decryption means for decrypting data packets after being received by the reception means, said decryption means using a decryption key related to the encryption key, wherein - the packet insertion means inserts at least one heart beat packet in the send stream per cryptoperiod - the encryption means changes encryption keys once per cryptoperiod.
9. A system as in claim 8 wherein said packet sensing means detects heart beat packets by checking a header field of an incoming data packet.
10. A system as in claim 9 wherein a presence of a specific bit pattern in the header of an incoming data packet indicates to the packet sensing means that said incoming data packet is a heart beat packet.
11. A system as in claim 9 wherein a set specific bit in the header of an incoming data packet indicates to the packet sensing means that said incoming data packet is a heart beat packet.
12. A system as in claim 8 wherein the transmission end determines the end of the cryptoperiod.
13. A system as in claim 12 wherein the transmission end signals an end to the crytoperiod by sending a specific control bit pattern to the reception end.
14. A system as in claim 13 wherein the reception end switches decryption keys when the reception end receives the specific control bit pattern from the transmission end.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA 2318026 CA2318026C (en) | 2000-09-11 | 2000-09-11 | Encryption synchronisation for use with data streams |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA 2318026 CA2318026C (en) | 2000-09-11 | 2000-09-11 | Encryption synchronisation for use with data streams |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2318026A1 CA2318026A1 (en) | 2002-03-11 |
| CA2318026C true CA2318026C (en) | 2007-08-28 |
Family
ID=4167088
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA 2318026 Expired - Lifetime CA2318026C (en) | 2000-09-11 | 2000-09-11 | Encryption synchronisation for use with data streams |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2318026C (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR3011998A1 (en) * | 2013-10-11 | 2015-04-17 | Marco Fratti | SYSTEM AND METHOD FOR ANONYMOUS AND SECURE COMMUNICATIONS |
-
2000
- 2000-09-11 CA CA 2318026 patent/CA2318026C/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| CA2318026A1 (en) | 2002-03-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP0411538B1 (en) | Satellite communications system operating in asynchronous mode for central-to-terminal station transmission | |
| JP4838422B2 (en) | Transmission system | |
| EP0740431B1 (en) | Method for TDMA management, central station, terminal station and network system to perform this method | |
| KR100782865B1 (en) | Data transmission controlling method and data transmission system | |
| US5963557A (en) | High capacity reservation multiple access network with multiple shared unidirectional paths | |
| US8472623B2 (en) | Content data, transmitting apparatus, receiving apparatus and decoding method | |
| JP4954622B2 (en) | Receiving apparatus and decoding method | |
| TW358277B (en) | Multiplex transmission method and system, and audio jitter absorbing method used therein | |
| TW371384B (en) | Method and apparatus for supporting TDMA operation over hybrid fiber coaxial (HFC) or other channels | |
| JPH03267846A (en) | Codec for asynchronous transmission | |
| AU8837998A (en) | Simplified data link | |
| CA2508485C (en) | Method and apparatus for encoding security status information | |
| CA2243214A1 (en) | Secure data broadcasting | |
| US7043022B1 (en) | Packet order determining method and apparatus | |
| CA2318026C (en) | Encryption synchronisation for use with data streams | |
| JP3206756B2 (en) | Two-way communication protocol | |
| ES2238978T3 (en) | METHODS AND DEVICES OF TRANSMISSION AND RECEPTION FOR A TRANSMISSION SYSTEM THAT INCLUDES INTERRELZED / DEVELOPED CONVOLUTIONARY. | |
| US7120170B2 (en) | Method and apparatus for the time synchronization in a data communication system | |
| JP2001078158A (en) | Transmitting device, multiplexing device and receiving device for cable television | |
| JPH05327694A (en) | Ciphering system in star type satellite communication network | |
| CA2425388A1 (en) | Data scrambling system for a shared transmission medium | |
| JP3844527B2 (en) | Data transmitting device, data receiving device | |
| KR0150258B1 (en) | The burst data transferring apparatus of hand operated optical communication | |
| CN1288629A (en) | Method for transferring data froma head-end to a number of receivers | |
| KR100531339B1 (en) | An apparatus for integrated descrambler of the satellite broadcast receiver |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request |