Source authentication of download information in a conditional access system
First Claim
Patent Images
1. A method for authenticating a source of information in a cable television system comprising head end equipment and set top terminals, the method comprising the steps of:
- providing source information as an input to a secure hash function; and
additionally processing the source information with a public-private key pair to authenticate the source.
3 Assignments
0 Petitions
Accused Products
Abstract
A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances”, or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.
-
Citations
12 Claims
-
1. A method for authenticating a source of information in a cable television system comprising head end equipment and set top terminals, the method comprising the steps of:
-
providing source information as an input to a secure hash function; and
additionally processing the source information with a public-private key pair to authenticate the source. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, in a cable television system comprising head end equipment for providing download information, a set top terminal for receiving the download information, and a communication medium coupled therebetween, of verifying the head end equipment as a source of the download information, the method comprising the steps of:
-
at said head end equipment, providing said download information as an input to a secure hash function to generate a source authentication token;
encrypting a control word using a private key provided by a conditional access authority, wherein said private key is included in a public-private key pair; and
transmitting said source authentication token, said download information, and said control word over the communication medium;
at said set top terminal, receiving said source authentication token, said control word, and said download information;
decrypting said control word using a public key included in said public-private key pair;
providing said download information as an input into said secure hash function;
using at least a portion of an output from said secure hash function at said set top terminal as a receiver authentication token; and
comparing said source authentication token with said receiver authentication token, the download information being authentic when the two are the same.
-
-
8. A head end for providing verifiable download information, the head end comprising:
-
a data port for receiving a private key provided by a certification authority, wherein said private key is included in a public-private key pair;
a memory for storing the private key;
a processor for performing a secure hash function having as inputs said download information and a control word;
a device for creating a source authentication token from at least a portion of an output of said secure hash function;
an encryptor for encrypting said control word; and
a transmission device for transmitting said source authentication token, said control word, and said download information.
-
-
9. A set top terminal for verifying an information source, said set top terminal comprising:
-
a port for receiving a message comprising download information, a source authentication token, and a control word from said information source;
a memory for storing a public key that is included in a public-private key pair;
a decryptor coupled to said port for decrypting said control word using said public key;
a processor coupled to said decryptor for performing a secure hash function having as inputs said control word and said download information, and for creating a receiver authentication token from at least a portion of an output from said secure hash function; and
a comparator for comparing said source authentication token with said receiver authentication token, wherein the processor accepts the download information as authentic when the two are the same.
-
-
10. A cable television system for verifying the source of download information, the communication system comprising:
-
a certification authority for generating a providing public and private keys within the cable television system;
an entitlement agent for providing verifiable download information, the entitlement agent comprising;
a data port for receiving a private key provided by the certification authority, wherein said private key is included in a public-private key pair generated by the certification authority;
a memory for storing the private key;
a processor for performing a secure hash function having as inputs said download information and a control word;
a device for creating a source authentication token from at least a portion of an output of said secure hash function;
an encryptor for encrypting said control word; and
a transmission device for transmitting said source authentication token, said control word, and said download information;
a set top terminal for verifying an information source, said set top terminal comprising;
a port for receiving a message comprising said download information, said source authentication token, and said control word from said entitlement agent;
a memory for storing a public key that is included in said public-private key pair;
a decryptor coupled to said port for decrypting said control word using said public key;
a processor coupled to said decryptor for performing a secure hash function having as inputs said control word and said download information, and for creating a receiver authentication token from at least a portion of an output from said secure hash function; and
a comparator for comparing said source authentication token with said receiver authentication token, wherein the processor accepts the download information as authentic when the two are the same; and
a communication medium for coupling said certification authority, said set top terminal; and
said entitlement agent. - View Dependent Claims (11, 12)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeTech 5 SAS
-
Original AssigneeAnthony J. Wasilewski, Glendon L. Akins III, Howard G. Pinder, Michael S. Palgon, Robert O. Banker
-
InventorsPinder, Howard G., Banker, Robert O., Wasilewski, Anthony J., Akins, Glendon L. III, Palgon, Michael S.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current380/241
-
CPC Class CodesH04J 2203/008 Support of videoH04L 2463/101 applying security measures ...H04L 63/04 for providing a confidentia...H04L 63/0428 wherein the data content is...H04L 63/0442 wherein the sending and rec...H04L 63/045 wherein the sending and rec...H04L 63/062 for key distribution, e.g. ...H04L 63/0823 using certificates cryptogr...H04L 63/12 Applying verification of th...H04L 63/123 received data contents, e.g...H04L 63/126 the source of the received ...H04N 21/2265 Server identification by a ...H04N 21/23476 by partially encrypting, e....H04N 21/26606 for generating or managing ...H04N 21/426 Internal components of the ...H04N 21/4405 involving video stream decr...H04N 21/4524 involving the geographical ...H04N 21/63345 by transmitting keys key di...H04N 7/162 Authorising the user termin...H04N 7/163 by receiver means onlyView All
