PC secure video path

US 10,055,553 B2
Filed: 03/29/2016
Issued: 08/21/2018
Est. Priority Date: 03/04/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing, by a computing device connected with a security module, a secure tunnel between the computing device and the security module;

receiving, by the computing device, a user selection of a content item;

after determining that the content item is secured, sending, by the computing device;

a request for the content item,an identifier of the computing device, andan identifier of the security module;

receiving, by the computing device, from the security module, and via the secure tunnel, one or more control words;

receiving, by the computing device, an encrypted stream comprising the content item;

decrypting, by the computing device and using the one or more control words, the encrypted stream comprising the content item;

prior to the decrypting the encrypted stream, routing, by the computing device, the encrypted stream to a secure video processor of the computing device;

after the decrypting the encrypted stream, routing, by the computing device, an unencrypted version of the encrypted stream from the secure video processor to an unsecure video processor of the computing device; and

causing, by the unsecure video processor, display of the content item.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for creating a secure video content path, or a protected media content bus, within an unsecure personal computer. A portable security module, or electronic key safe, may be inserted into a personal computer that has different internal components for processing secure and unsecured content. The security module may establish a secure encrypted link with a secure video processor of the personal computer, and may use the personal computer'"'"'s network interface to request authority to receive secured content. The security module may provide content keys to the secure video processor to access secured content received over an external network.

23 Citations

View as Search Results

20 Claims

1. A method comprising:
- establishing, by a computing device connected with a security module, a secure tunnel between the computing device and the security module;
  
  receiving, by the computing device, a user selection of a content item;
  
  after determining that the content item is secured, sending, by the computing device;
  
  a request for the content item,an identifier of the computing device, andan identifier of the security module;
  
  receiving, by the computing device, from the security module, and via the secure tunnel, one or more control words;
  
  receiving, by the computing device, an encrypted stream comprising the content item;
  
  decrypting, by the computing device and using the one or more control words, the encrypted stream comprising the content item;
  
  prior to the decrypting the encrypted stream, routing, by the computing device, the encrypted stream to a secure video processor of the computing device;
  
  after the decrypting the encrypted stream, routing, by the computing device, an unencrypted version of the encrypted stream from the secure video processor to an unsecure video processor of the computing device; and
  
  causing, by the unsecure video processor, display of the content item.
- View Dependent Claims (2, 3, 4, 5, 6, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the establishing the secure tunnel is after establishing the connection between the computing device and the security module.
  - 3. The method of claim 1, further comprising:
    - sending, by the computing device and to a trusted authority computing device, a key request message comprising;
      
      the identifier of the security module, andan identifier of an authentication proxy computing device.
  - 4. The method of claim 3, further comprising:
    - after the sending the key request message, receiving, by the computing device and from the trusted authority computing device, a key response message comprising one or more private keys of the authentication proxy computing device.
  - 5. The method of claim 1, further comprising:
    - decrypting, by the computing device and using a first control word of the one or more control words, an audio portion of the encrypted stream; and
      
      decrypting, by the computing device and using a second control word of the one or more control words, a video portion of the encrypted stream, wherein the first control word is different from the second control word.
  - 6. The method of claim 1, further comprising:
    - after establishing the connection between the computing device and the security module, disabling, by the computing device, a different security module connected to the computing device.
  - 12. The method of claim 1, further comprising:
    - after the sending, receiving, by the security module and from a content source, the one or more control words.
  - 13. The method of claim 1, wherein the secure tunnel is based on a private key of the security module or a private key of the secure video processor.
  - 14. The method of claim 3, wherein the key request message is encrypted using a private key of the security module.
  - 15. The method of claim 4, further comprising:
    - encrypting, by the computing device and using the one or more private keys of the authentication proxy computing device, a client sign-on request; and
      
      sending, by the computing device and to the authentication proxy computing device, the encrypted client sign-on request.
  - 16. The method of claim 15, further comprising:
    - after the sending the encrypted client sign-on request, receiving, from the authentication proxy computing device, a sign-on confirmation message.

7. A method comprising:
- establishing, by a computing device connected with a security module, a secure tunnel between the computing device and the security module;
  
  sending, by the computing device;
  
  a request for a content item,an identifier of the computing device, andan identifier of the security module;
  
  receiving, by the computing device, from the security module, and via the secure tunnel, a first control word and a second control word different from the first control word;
  
  receiving, by the computing device, an encrypted stream comprising the content item;
  
  decrypting, by the computing device and using the first control word, an audio portion of the encrypted stream;
  
  decrypting, by the computing device and using the second control word, a video portion of the encrypted stream;
  
  prior to decrypting the audio portion and the video portion of the encrypted stream, routing, by the computing device, the encrypted stream to a secure video processor of the computing device;
  
  after decrypting the audio portion and the video portion of the encrypted stream, routing, by the computing device, an unencrypted version of the encrypted stream from the secure video processor to an unsecure video processor of the computing device; and
  
  causing, by the unsecure video processor, display of the content item.
- View Dependent Claims (8, 9, 10, 11, 17, 18, 19, 20)
- - 8. The method of claim 7, wherein the establishing the secure tunnel is after establishing the connection between the computing device and the security module.
  - 9. The method of claim 7, further comprising:
    - sending, by the computing device and to a trusted authority computing device, a key request message comprising;
      
      the identifier of the security module, andan identification of an authentication proxy computing device.
  - 10. The method of claim 9, further comprising:
    - after the sending the key request message, receiving, by the computing device and from the trusted authority computing device, a key response message comprising one or more private keys of the authentication proxy computing device.
  - 11. The method of claim 7, further comprising:
    - after establishing the connection between the computing device and the security module, disabling, by the computing device, a different security module connected to the computing device.
  - 17. The method of claim 7, further comprising:
    - after the sending, receiving, by the security module and from a content source, the first control word and the second control word.
  - 18. The method of claim 9, wherein the key request message is encrypted using a private key of the security module.
  - 19. The method of claim 10, further comprising:
    - encrypting, by the computing device and using the one or more private keys of the authentication proxy computing device, a client sign-on request; and
      
      sending, by the computing device and to the authentication proxy computing device, the encrypted client sign-on request.
  - 20. The method of claim 19, further comprising:
    - after the sending the encrypted client sign-on request, receiving, from the authentication proxy computing device, a sign-on confirmation message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Original Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Inventors
Fahrny, James W.
Primary Examiner(s)
Mehedi, Morshed

Application Number

US15/084,203
Publication Number

US 20160350517A1
Time in Patent Office

875 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/109   by using specially-adapted ...

G06F 21/606   by securing the transmissio...

H04L 63/0884   by delegation of authentica...

H04L 9/08   Key distribution or managem...

H04L 9/0827   involving distinctive inter...

H04N 21/64715   Protecting content from una...

PC secure video path

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PC secure video path

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links