Source authentication of download information in a conditional access system
First Claim
1. A method for authenticating a source of information in a cable television system comprising head end equipment and set top terminals, the method comprising the steps of:
- providing source information as an input to a secure hash function; and
additionally processing the source information with a public-private key pair to authenticate the source.
3 Assignments
0 Petitions
Accused Products
Abstract
A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances”, or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.
-
Citations
12 Claims
-
1. A method for authenticating a source of information in a cable television system comprising head end equipment and set top terminals, the method comprising the steps of:
-
providing source information as an input to a secure hash function; and
additionally processing the source information with a public-private key pair to authenticate the source. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, in a cable television system comprising head end equipment for providing download information, a set top terminal for receiving the download information, and a communication medium coupled therebetween, of verifying the head end equipment as a source of the download information, the method comprising the steps of:
-
at said head end equipment, providing said download information as an input to a secure hash function to generate a source authentication token;
encrypting a control word using a private key provided by a conditional access authority, wherein said private key is included in a public-private key pair; and
transmitting said source authentication token, said download information, and said control word over the communication medium;
at said set top terminal, receiving said source authentication token, said control word, and said download information;
decrypting said control word using a public key included in said public-private key pair;
providing said download information as an input into said secure hash function;
using at least a portion of an output from said secure hash function at said set top terminal as a receiver authentication token; and
comparing said source authentication token with said receiver authentication token, the download information being authentic when the two are the same.
-
-
8. A head end for providing verifiable download information, the head end comprising:
-
a data port for receiving a private key provided by a certification authority, wherein said private key is included in a public-private key pair;
a memory for storing the private key;
a processor for performing a secure hash function having as inputs said download information and a control word;
a device for creating a source authentication token from at least a portion of an output of said secure hash function;
an encryptor for encrypting said control word; and
a transmission device for transmitting said source authentication token, said control word, and said download information.
-
-
9. A set top terminal for verifying an information source, said set top terminal comprising:
-
a port for receiving a message comprising download information, a source authentication token, and a control word from said information source;
a memory for storing a public key that is included in a public-private key pair;
a decryptor coupled to said port for decrypting said control word using said public key;
a processor coupled to said decryptor for performing a secure hash function having as inputs said control word and said download information, and for creating a receiver authentication token from at least a portion of an output from said secure hash function; and
a comparator for comparing said source authentication token with said receiver authentication token, wherein the processor accepts the download information as authentic when the two are the same.
-
-
10. A cable television system for verifying the source of download information, the communication system comprising:
-
a certification authority for generating a providing public and private keys within the cable television system;
an entitlement agent for providing verifiable download information, the entitlement agent comprising;
a data port for receiving a private key provided by the certification authority, wherein said private key is included in a public-private key pair generated by the certification authority;
a memory for storing the private key;
a processor for performing a secure hash function having as inputs said download information and a control word;
a device for creating a source authentication token from at least a portion of an output of said secure hash function;
an encryptor for encrypting said control word; and
a transmission device for transmitting said source authentication token, said control word, and said download information;
a set top terminal for verifying an information source, said set top terminal comprising;
a port for receiving a message comprising said download information, said source authentication token, and said control word from said entitlement agent;
a memory for storing a public key that is included in said public-private key pair;
a decryptor coupled to said port for decrypting said control word using said public key;
a processor coupled to said decryptor for performing a secure hash function having as inputs said control word and said download information, and for creating a receiver authentication token from at least a portion of an output from said secure hash function; and
a comparator for comparing said source authentication token with said receiver authentication token, wherein the processor accepts the download information as authentic when the two are the same; and
a communication medium for coupling said certification authority, said set top terminal; and
said entitlement agent. - View Dependent Claims (11, 12)
-
Specification