Validating client-receivers

US 20040237100A1
Filed: 06/22/2004
Published: 11/25/2004
Est. Priority Date: 05/24/2002
Status: Active Grant

First Claim

Patent Images

1. In a digital network having a server and a plurality of client-receivers, a validation-message embodied in a computer readable medium for validating a given client-receiver of a plurality of client-receivers with the server, the validation-message comprising:

a client-identifier associated with the given client-receiver; and

an authentication-token, wherein the authentication-token is produced by providing an input to a one-way function, wherein the input to the one-way function includes at least a portion of a validator and at least a portion of the client-identifier, wherein the validator is known to both the server and the given client-receiver.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a subscriber television system having a headend, a server, and plurality of client-receivers, the server, which is remote from the headend, is adapted to receive a validation-message from one or more client-receivers. The validation-message includes content and an authentication-token. The server validates that the sender of the validation-message is a valid client-receiver of the subscriber television system using an authentication-token and a validator that is known to both the server and to at least one of the client-receivers.

243 Citations

24 Claims

1. In a digital network having a server and a plurality of client-receivers, a validation-message embodied in a computer readable medium for validating a given client-receiver of a plurality of client-receivers with the server, the validation-message comprising:
- a client-identifier associated with the given client-receiver; and
  
  an authentication-token, wherein the authentication-token is produced by providing an input to a one-way function, wherein the input to the one-way function includes at least a portion of a validator and at least a portion of the client-identifier, wherein the validator is known to both the server and the given client-receiver.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The validation-message of claim 1, further including:
    - a second authentication-token, wherein the second authentication-token is produced by providing a second input to a second one-way function, wherein the second input to the second one-way function includes at least a portion of the client-identifier.
  - 3. The validation-message of claim 2, wherein the first input into the first one-way function includes at least a portion of the second authentication-token.
  - 4. The validation-message of claim 1, wherein the validator was securely transmitted to both the server and the given client-receiver.
  - 5. The validation-message of claim 1, wherein the client-identifier is a public-key of a private-key/public-key pair belonging to the given client-receiver.
  - 6. The validation-message of claim 1, wherein responsive to the server receiving the validation-message from the given client-receiver, the server determines whether the given client-receiver is a valid client-receiver of the digital network using at least a portion of the validation-message and at least a portion of the validator known to the server.
  - 7. The validation-message of claim 6, wherein the server generates a local-authentication-token by inputting at least a portion of the client-identifier included in the validation-message and at least a portion of the validator known to the server into a one-way function, the server compares the local-authentication-token with the authentication-token of the validation-message and, responsive to the local-authentication-token and the authentication-token of the validation-message being the same, determines the given client-receiver is a valid client-receiver of the subscriber television system.

8. In a subscriber television system having a headend, a server, which is remote from the headend, and a plurality of client-receivers, a validation-message embodied in a computer readable medium for validating a given client-receiver of a plurality of client-receivers with the server, the validation-message comprising:
- a client-identifier associated with the given client-receiver; and
  
  an authentication-token, wherein the authentication-token is produced by providing an input to a one-way function, wherein the input to the one-way function includes at least a portion of a validator and at least a portion of the client-identifier, wherein the validator is transmitted from the headend to both the server and the given client-receiver, and wherein responsive to the server receiving the validation-message, the server determines whether the given client-receiver is a valid client-receiver of the subscriber television system using at least a portion of the authentication-token and at least a portion of the validator.

9. In digital network having a server and a plurality of client-receivers, a client-receiver of the plurality of client-receivers comprising:
- a memory having a validator and a client-identifier stored therein, wherein the validator is known to multiple client-receivers of the plurality of client-receivers;
  
  a processor in communication with the memory, the processor adapted to generate an authentication-token using at least a portion of the validator and at least a portion of the client-identifier as inputs to a one-way function and adapted to include the authentication-token in a validation-message; and
  
  a transmitter in communication with the server, the transmitter adapted to transmit the validation-message.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The client-receiver of claim 9, further including:
    - an input port adapted to receive instances of services from a headend of a subscriber television system;
      
      a cryptographic device adapted to decrypt the received instances of services; and
      
      a secure-element having the processor and the memory included therein, wherein the memory is accessible to only the processor.
  - 11. The client-receiver of claim 9, wherein the validator includes system parameters.
  - 12. The client-receiver of claim 9, wherein the validator a shared-secret.
  - 13. The client-receiver of claim 12, wherein multiple client-receivers of the plurality of client-receivers know the shared-secret.
  - 14. The client-receiver of claim 9, wherein the content of the validation-message includes the client-identifier, and the client-identifier is a public-key of a private-key/public-key pair belonging to the client-receiver.
  - 15. The client-receiver of claim 14, wherein the content of the validation-message includes a second authentication-token, the second authentication-token being the output of the one-way function having at least a portion of the client-identifier as an input, and wherein at least a portion of the second authentication-token is input into the one-way function to generate the first authentication-token.
  - 16. The client-receiver of claim 9, wherein the validation-message is defined by message-content and the authentication-token and the validation-message is carried in a first message and a second message, the first message having the authentication-token included therein, and the second message having the content included therein.
  - 17. The client-receiver of claim 9, wherein the one-way function is a hash function.

18. A method of validating a client-receiver in a digital network the digital network having a headend, a plurality of client-receivers, and a server in communication with the headend and with the plurality of client-receivers, the server remote from the headend, the method implemented in the server and comprising the steps of:
- receiving a validation-message from a particular client-receiver of the plurality of client-receivers, the validation-message including a content and a first authentication-token;
  
  generating a second authentication-token, wherein the second authentication-token is the output of a one-way function having at least a portion of a validator and at least a portion of the content of the validation-message as inputs, wherein the validator is known to the particular client-receiver and other client-receivers of the plurality of client-receivers; and
  
  determining whether the particular client-receiver is a valid client-receiver of the digital network using at least the first and second authentication-tokens.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The method of claim 18, wherein the digital network is a subscriber television system, the validator is a shared-secret, and the shared-secret is implemented by the server to decrypt services of the subscriber television system.
  - 20. The method of claim 18, further including the steps of:
    - receiving from a headend a secure-message having the an encrypted validator included therein;
      
      decrypting the encrypted validator using a private-key of a private-key/public-key pair belonging to the server; and
      
      storing the decrypted validator in a memory of a secure-element, wherein the secure-element includes a processor and the memory is accessible to only the processor, and wherein the private-key of the private-key/public-key pair belonging to the server is stored in the memory.
  - 21. The method of claim 20, further including the steps of:
    - generating a local message-authenticator, wherein the local message-authenticator is output of a one-way function having at least a portion of the decrypted validator as an input;
      
      processing a processed message-authenticator included in the secure-message with a public-key of a private-key/public-key belonging to the headend to generate a reprocessed message-authenticator; and
      
      comparing the local message-authenticator and the reprocessed message-authenticator, wherein the steps of generating the authentication-token and determining whether the particular client-receiver is a valid client-receiver of the subscriber television system are done only if the local message-authenticator and the reprocessed message-authenticator are the same.
  - 22. The method of claim 18, further including the steps of:
    - generating a second authentication-token, wherein the second authentication-token is output of a one-way function having at least a portion of the content of the validation-message as an input, wherein the content of the validation-message includes a third authentication-token; and
      
      comparing the second authentication-token and the third authentication-token, wherein the steps of generating the first authentication-token and determining whether the particular client-receiver is a valid client-receiver of the subscriber television system are done only if the second authentication-token and the third authentication-token are the same.
  - 23. The method of claim 18, further including the step of:
    - responsive to determining the particular client-receiver is valid, providing the particular client-receiver with an instance of service.

24. A digital network comprising:
- a client-receiver adapted to generate a validation-message having a client-identifier and an authentication-token included therein, wherein the authentication-token is the output of a one-way function having at least a portion of a validator as an input; and
  
  a server in communication with the client-receiver having a memory and a processor, the memory having the validator stored therein, the processor adapted to receive the validation-message and adapted to determine that the client-receiver is a valid client-receiver using at least a portion of the stored validator and at least a portion of the validation-message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Scientific-Atlanta LLC (Cisco Systems, Inc.)
Inventors
Pinder, Howard G., Wasilewski, Anthony J., Mattox, Mark D.

Granted Patent

US 7,861,082 B2
Time in Patent Office

Days
Field of Search
US Class Current

725/31
CPC Class Codes

H04L 12/2803   Home automation networks

H04N 21/2347   involving video stream encr...

H04N 21/25816   involving client authentica...

H04N 21/26606   for generating or managing ...

H04N 21/4147   PVR [Personal Video Recorde...

H04N 21/42684   Client identification by a ...

H04N 21/43615   Interfacing a Home Network,...

H04N 21/43637   involving a wireless protoc...

H04N 21/4367   Establishing a secure commu...

H04N 21/4405   involving video stream decr...

H04N 21/4408   involving video stream encr...

H04N 21/4623   Processing of entitlement m...

H04N 21/472   End-user interface for requ...

H04N 21/47815   Electronic shopping payment...

H04N 21/482   End-user interface for prog...

H04N 21/63345   by transmitting keys key di...

H04N 21/8586   by using a URL processing c...

H04N 7/162   Authorising the user termin...

H04N 7/163   by receiver means only

H04N 7/1675   Providing digital key or au...

Validating client-receivers

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

243 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Validating client-receivers

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

243 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links