Apparatus and methods for provisioning in a download-enabled system

US 10,404,752 B2
Filed: 06/05/2017
Issued: 09/03/2019
Est. Priority Date: 01/24/2007
Status: Active Grant

First Claim

Patent Images

1. Computerized network apparatus of a network configured to provision a computerized security device of said network, said computerized network apparatus comprising:

a computerized provisioning subsystem configured to maintain;

(i) first data indicative of an identification of said computerized security device and (ii) second data indicative of a local network topological context of said computerized security device within said network;

a computerized conditional access apparatus in communication with said computerized provisioning subsystem; and

a server apparatus in communication with said computerized conditional access apparatus,wherein at least said computerized conditional access apparatus is configured to transmit at least a cryptographic key to said computerized security device, said cryptographic key configured to provide at least protection of digitally rendered data at said computerized security device, andwherein said server apparatus is configured to select at least said cryptographic key based at least in part on a communication received from said computerized security device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and methods for provisioning of customer premise equipment (CPE) equipped with a secure microprocessor to receive e.g., digital video content by entering unique identification of the CPE at one or more servers located at the headend or other location of a content-based network. In one embodiment, the CPE comprises a download-enabled (e.g., DCAS) host with embedded cable modem and embedded set-top box functionality, and the provisioning includes enabling DOCSIS functionality of the CPE, assigning an IP address to the CPE and providing the CPE with a client image for the conditional access system chosen by the network operator. In one variant, the network operator can deactivate a provisioned device while connected to the network, as well when disconnected from the network. The network operator can also add, delete or replace conditional access client image in a provisioned device.

428 Citations

16 Claims

1. Computerized network apparatus of a network configured to provision a computerized security device of said network, said computerized network apparatus comprising:
- a computerized provisioning subsystem configured to maintain;
  
  (i) first data indicative of an identification of said computerized security device and (ii) second data indicative of a local network topological context of said computerized security device within said network;
  
  a computerized conditional access apparatus in communication with said computerized provisioning subsystem; and
  
  a server apparatus in communication with said computerized conditional access apparatus,wherein at least said computerized conditional access apparatus is configured to transmit at least a cryptographic key to said computerized security device, said cryptographic key configured to provide at least protection of digitally rendered data at said computerized security device, andwherein said server apparatus is configured to select at least said cryptographic key based at least in part on a communication received from said computerized security device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computerized network apparatus of claim 1, wherein:
    - said network is managed by one or more systems operators;
      
      said second data indicative of the local network topological context identifies a first network address of said computerized conditional access apparatus and a second network address of said server apparatus associated with said computerized security device; and
      
      said communication received from said computerized security device comprises an authentication protocol that generates authentication protocol results, and wherein said computerized security device is associated with a device-specific account maintained by a first one of said one or more systems operators.
  - 3. The computerized network apparatus of claim 2, wherein the computerized network apparatus is configured such that a successful completion of said authentication protocol results in a transfer of first data associated with a device-specific image, and second data associated with a non-device-specific image.
  - 4. The computerized network apparatus of claim 3, wherein said device-specific image is specific to only said computerized security device, and said non-device-specific image is common to a plurality of computerized security devices having a common configuration and disposed within said network.
  - 5. The computerized network apparatus of claim 4, wherein said device-specific image and said non-device-specific image are configured to enable said computerized security devices to access said digitally rendered data.
  - 6. The computerized network apparatus of claim 2, wherein said computerized security device and said device-specific account are associated with a service order;
    - andwherein said computerized security device is configured to execute a Downloadable Conditional Access System (DCAS) application that communicates with said computerized conditional access apparatus to receive access rights based at least in part on said service order.
  - 7. The computerized network apparatus of claim 6, wherein said computerized security device is configured to download said DCAS application during an auto-configuration installation process that generates auto-configuration installation process results.
  - 8. The computerized network apparatus of claim 7, wherein a plurality of DCAS applications are configured to communicate with a plurality of different computerized conditional access apparatus;
    - andwherein said auto-configuration installation process results in a selection of said DCAS application and said computerized conditional access apparatus.

9. A computerized security device for use within a network, said computerized security device comprising:
- a network interface configured to communicate data with said network;
  
  a processor apparatus in data communication with the network interface; and
  
  a storage apparatus in data communication with the processor apparatus and comprising a non-transitory computer-readable medium, the non-transitory computer-readable medium comprising at least one computer program stored thereon, the at least one computer program configured to, when executed on the processor apparatus, cause the computerized security device to;
  
  determine a local network topological context of said computerized security device within said network;
  
  establish a data connection with a computerized conditional access apparatus to register therewith;
  
  provide data indicative of said local network topological context of said computerized security device within said network to said computerized conditional access apparatus;
  
  receive at least a cryptographic key, said cryptographic key selected based at least in part on said data indicative of said local network topological context; and
  
  encrypt or decrypt one or more digitally rendered data elements at said computerized security device.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computerized security device of claim 9, further comprising:
    - at least one auto-configuration computer program configured to execute thereon, the at least one auto-configuration computer program configured to, when executed on the processor apparatus, cause the computerized security device to;
      
      determine whether said computerized security device has been provisioned with a Downloadable Conditional Access System (DCAS) application that enables connection to said computerized conditional access apparatus; and
      
      when said determination indicates that said computerized security device has not been provisioned with a DCAS application, request a DCAS application from a server apparatus in communication with said computerized conditional access apparatus.
  - 11. The computerized security device of claim 9, further comprising a Downloadable Conditional Access System (DCAS) host application that provides a non-device-specific image to one or more output devices of an output domain of said network;
    - andwherein said non-device-specific image enables said one or more output devices to receive a device-specific image.
  - 12. The computerized security device of claim 9, further comprising a Downloadable Conditional Access System (DCAS) host application that provides a device-specific image to one or more output devices of an output domain of said network;
    - andwherein said device-specific image enables said one or more output devices to decode and render said one or more digitally rendered data elements.
  - 13. The computerized security device of claim 9, further comprising a Downloadable Conditional Access System (DCAS) host application that selects said computerized conditional access apparatus from multiple computerized conditional access apparatus of said network.
  - 14. The computerized security device of claim 9, further comprising a Downloadable Conditional Access System (DCAS) host application that simultaneously registers with and connects to multiple computerized conditional access apparatus.
  - 15. The computerized security device of claim 9, wherein said local network topological context comprises at least a first network address of said computerized conditional access apparatus.

16. A computerized security device for use within a network, said computerized security device comprising:
- a network interface configured for data communication with said network;
  
  a processor apparatus in data communication with the network interface; and
  
  a storage apparatus in data communication with the processor apparatus and comprising a non-transitory computer-readable medium, the non-transitory computer-readable medium comprising at least one computer program stored thereon, the at least one computer program configured to, when executed on the processor apparatus, cause the computerized security device to;
  
  algorithmically evaluate a local network topological context of said computerized security device within said network and generate data relating thereto;
  
  establish a data connection with a computerized conditional access apparatus to register therewith;
  
  provide the data relating to said local network topological context to said computerized conditional access apparatus;
  
  receive at least a cryptographic key, said cryptographic key selected based at least in part on said data relating to said local network topological context;
  
  encrypt or decrypt one or more digitally rendered data elements at said computerized security device; and
  
  execute a Downloadable Conditional Access System (DCAS) host application that provides a device-specific image to one or more output devices of an output domain of said network; and
  
  wherein said device-specific image enables said one or more output devices to at least decode said one or more digitally rendered data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Original Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Inventors
Apsangi, Shrikant, Guduru, Srinivas, Schnitzer, Jason Kazimir, Markley, Jeffrey P., Carlucci, John B., Bevilacqua, John G.
Primary Examiner(s)
Alam, Mushfikh I

Application Number

US15/614,383
Publication Number

US 20170374104A1
Time in Patent Office

820 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

H04N 21/2541   Rights Management protectin...

H04N 21/4182   for identification purposes...

H04N 21/42684   Client identification by a ...

H04N 21/4623   Processing of entitlement m...

H04N 21/4627   Rights management associate...

H04N 21/4753   for user identification, e....

H04N 21/6118   involving cable transmissio...

H04N 21/63345   by transmitting keys key di...

H04N 21/8355   involving usage data, e.g. ...

H04N 7/17318   Direct or substantially dir...

Apparatus and methods for provisioning in a download-enabled system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

428 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Apparatus and methods for provisioning in a download-enabled system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

428 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others