Reproduction of secure keys by using distrbuted key generation data

摘要

A key security system provides for the reproduction of secure keys by using distributed key generation data and a distributed encrypted prekey. The system encrypts program key generation data (17) with a program key prekey (18) in accordance with a first encryption algorithm to produce the program key (20); processes the program key (20) to produce a keystream (25); and processes an information signal (26) with the keystream to produce a scrambled information signal (27). The program key prekey (18) is encrypted with a category key (22) in accordance with a second encryption algorithm to produce an encrypted program key prekey (23). The scrambled information signal (27) the program key generation data (17) and the encrypted program key prekey (23) are distributed to descramblers. The descrambler within the key security system decrypts the distributed encrypted program key prekey (23) with the category key (22) in accordance with the second encryption algorithm to reproduce the program key prekey (18); encrypts the distributed program key generation data (17) with the reproduced program key prekey (18) in accordance with the first encryption algorithm to reproduce the program key (20); processes the reproduced program key (20) to reproduce the keystream (25); and processes the distributed scrambled information signal (27) with the reproduced keystream (25) to descramble the distributed scrambled information signal. The key generation data includes authorization data that must be processed by the authorization processor (35) in the descrambler in order to enable the descrambler. The use of authorization data as key generation data protects the authorization data from spoofing attacks. When more data must be protected than a single operation of the encryption algorithm can support, then additional data blocks are protected by chaining the system, wherein the output from one stage forms part of the input to the next. The key generation data for the program key includes a sequence number securely associated with the category key to thereby "timelock" program key reproduction to the use of a current category key and thus prevent an attack based upon the use of an obsolete category key.