Preventing entitlement management message (EMM) filter attacks
First Claim
1. A network device for managing access to content over a network, comprising:
- a transceiver for receiving and sending information over the network;
a processor in communication with the display and the transceiver; and
a memory in communication with the processor and for use in storing data and machine instructions that causes the processor to perform a plurality of actions, including;
sending a revocation message over the network to revoke access to the content;
if the network device fails to receive a valid acknowledgement message within a time period, then performing at least one retry attempt comprising sending another revocation message; and
if after the at least one retry attempt the network device fails to receive the valid acknowledgement message within at least another time period, performing a revocation failure action.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, apparatus, and method are directed towards preventing entitlement/rights filter attacks in a conditional access to secure content over a network. An EMM that is configured to revoke access to selected content may be sent to a user, when a content provider, or the like, determines that access to the selected content is to be revoked for that user. A server may monitor for an acknowledgment of the revocation. If, after a predetermined time, a valid acknowledgement is not received by the server, the server may send another revocation EMM and again monitor for an acknowledgement response. If, after a predetermined number of retry attempts, a valid acknowledgement is not received, the server may send an alert message, investigate for possible network or device failures, change of encryption keys such as the CW, change a service key, or the like, for future content delivery to the user.
101 Citations
26 Claims
-
1. A network device for managing access to content over a network, comprising:
-
a transceiver for receiving and sending information over the network;
a processor in communication with the display and the transceiver; and
a memory in communication with the processor and for use in storing data and machine instructions that causes the processor to perform a plurality of actions, including;
sending a revocation message over the network to revoke access to the content;
if the network device fails to receive a valid acknowledgement message within a time period, then performing at least one retry attempt comprising sending another revocation message; and
if after the at least one retry attempt the network device fails to receive the valid acknowledgement message within at least another time period, performing a revocation failure action. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system usable in managing access to content, comprising:
-
a content access component that is operative to perform actions, comprising;
sending a revocation message to revoke access to content;
if the content access component fails to receive a valid acknowledgement message within a time period, then performing at least one retry attempt comprising sending another revocation message; and
if after the at least one retry attempt the content access component fails to receive the valid acknowledgement message within at least another time period, sending a failure alert message; and
an alert component that is operative to perform actions, comprising;
receiving the failure alert message; and
in response, performing at least one revocation failure action. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method usable in managing access to content, comprising:
-
sending a revocation message to revoke access to the content by a client device;
if a valid acknowledgement message is un-received within a time period, then performing at least one retry attempt comprising sending another revocation message; and
if after the at least one retry attempt the valid acknowledgement message is un-received within at least another time period, performing a revocation failure action. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. An apparatus for managing content encryption over a network, comprising:
-
a transceiver to receive input data over the network; and
means for sending a revocation message over the network to revoke access to the content;
means for providing at least one revocation retry attempt that includes sending another revocation message, if a valid acknowledgment is un-received within a time period; and
means for performing a revocation failure action based on failure to the valid acknowledgement message within at least another time period.
-
Specification