Apparatus and methods for provisioning in a download-enabled system
First Claim
1. Network apparatus disposed substantially at a first location of a content-based network and adapted for provisioning of a security device at a second location of the network, comprising:
- a provisioning subsystem comprising both cable modem and video provisioning apparatus;
wherein said provisioning apparatus is adapted to maintain;
identifying information of said security device;
information regarding a topological context of said security device in the network; and
the software configuration of said security device.
7 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods for provisioning of customer premise equipment (CPE) equipped with a secure microprocessor to receive e.g., digital video content by entering unique identification of the CPE at one or more servers located at the headend or other location of a content-based network. In one embodiment, the CPE comprises a download-enabled (e.g., DCAS) host with embedded cable modem and embedded set-top box functionality, and the provisioning includes enabling DOCSIS functionality of the CPE, assigning an IP address to the CPE and providing the CPE with a client image for the conditional access system chosen by the network operator. In one variant, the network operator can deactivate a provisioned device while connected to the network, as well when disconnected from the network. The network operator can also add, delete or replace conditional access client image in a provisioned device.
-
Citations
45 Claims
-
1. Network apparatus disposed substantially at a first location of a content-based network and adapted for provisioning of a security device at a second location of the network, comprising:
-
a provisioning subsystem comprising both cable modem and video provisioning apparatus; wherein said provisioning apparatus is adapted to maintain; identifying information of said security device; information regarding a topological context of said security device in the network; and the software configuration of said security device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. Network apparatus disposed substantially at a first node of a content-based network and adapted for delivery of security information to a second node of said network, comprising:
-
a content provisioning apparatus; a security management apparatus in communication with said provisioning apparatus; and an authentication apparatus in communication with at least said security management apparatus; said provisioning, management, and authentication apparatus cooperating to; provision a client device coupled to said network; establish an account associated with said client device; authenticate a physically secure element of said client device; and provide at least one secure software image to said secure element, said at least one secure image enabling at least in part access to content distributed over said network. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. Network security apparatus for use with a client-side security management apparatus in operative communication with a content-based network, said client-side apparatus adapted to maintain at least a portion of a trusted domain within a client device using at least a secure element, said network security apparatus comprising:
-
a content provisioning apparatus; a conditional access apparatus in communication with said provisioning apparatus; and an authentication apparatus in communication with at least said conditional access apparatus; wherein said authentication, provisioning and conditional access apparatus are configured to cooperate to transmit to said secure element of said client device both;
(i) at least one cryptographic key, and (ii) encrypted code configured to provide at least protection of said content at said client device.
-
-
20. A method of delivering secure software over a network to a client device, comprising:
-
entering information associated with said client device within at least one of a DNCS or billing system of said network; coupling said client device to said network; establishing a network address for said client device; providing via a first entity device credentials along with a cryptographic element for said client device to a second entity; returning a client device-specific personalized software image to said first entity from said second entity; returning a common software image to said first entity from said second entity; encrypting at least the device-specific image for the specific client device based at least in part on said cryptographic element; and sending via the first entity said encrypted device-specific image and said common image. - View Dependent Claims (21, 22, 23, 24)
-
-
25. In a cable television network, a method of provisioning, for operation within said network, a client device having a security device substantially unique to said client device, the method comprising:
-
acquiring a network address for said client device; placing an authentication entity in contact with said security device; authenticating said security device to said entity; obtaining personalization information associated with said security device based at least in part on said authenticating; providing said personalization information to said security device over said network; obtaining a software image common to all of a plurality of client devices having a common configuration and disposed within the network; and processing one or more messages at said client device in order to determine conditional access privileges. - View Dependent Claims (26, 27, 28, 29, 30)
-
-
31. Network apparatus comprising:
-
a provisioning system; a common image server; and a device-specific image server; wherein said apparatus is adapted to securely obtain and deliver a device-specific software image, as well as a common software image, to at least a secure element of a target client device, said common image being applicable to all of a plurality of client devices having a common configuration and disposed within a network, and said device-specific image being specific to only said secure element of said target client device; wherein said delivery of said device-specific image and said common image is conducted pursuant to said client device being provisioned within said network by said provisioning system. - View Dependent Claims (32, 33, 34)
-
-
35. A method of doing business over a content-based network, comprising:
-
selectively configuring at least one network client device based at least in part on a service request from a subscriber associated with said at least one device, said selective configuration comprising; entering information associated with said at least one device into at least one of a billing system or digital network control system (DNCS) of said network; generating personalization data specific to said at least one client device when said at least one device is coupled into communication with said network; transmitting said data to said at least one client device; and establishing at least one security permission or policy within a secure element of said at least one client device, said at least one permission or policy enabling provision of said requested service. - View Dependent Claims (36, 37, 38)
-
-
39. Network apparatus for use in providing secure content and software downloads to a plurality of client devices within a cable television network, the apparatus comprising:
-
secure download infrastructure adapted for data communication with a trusted authority (TA); a media provisioning system in data communication with said infrastructure; a billing system in data communication with said provisioning system; and a media security system in data communication with said provisioning system. - View Dependent Claims (40)
-
-
41. For consumer premises equipment (CPE) comprising a conditional access (CA) download-enabled secure host, and modem and set-top box functionality, a method of provisioning said CPE when connected to a content-based network, comprising:
-
enabling the modem functionality of the CPE; assigning a network address to the CPE; and providing the CPE with at least one image for the conditional access host chosen by an operator of said network. - View Dependent Claims (42, 43)
-
-
44. A method of doing business over a content-based network, comprising:
-
migrating a client device having a first conditional access profile from a first location within said network to a second location within said network, said migrating comprising; downloading a second conditional access profile to said device at said second location; and provisioning said device so as to allow for operation thereof within said network at said second location. - View Dependent Claims (45)
-
Specification