CONFIGURABLE ACCESS KERNAL

US 20090077362A1
Filed: 09/14/2007
Published: 03/19/2009
Est. Priority Date: 09/14/2007
Status: Active Grant

First Claim

Patent Images

1. A dynamically configurable system for providing protection of content streams comprising:

a secure processor operative to maintain a plurality of content protection clients, each content protection client having a set of functional requirements for message communication; and

a host in local communication with the secure processor, the host supporting a configurable kernel for interfacing with the secure processor, the kernel operative to send a request to the secure processor, identify at least one content protection client maintained by the secure processor based on a response to the request, send a message to at least one of the at least one identified content protection client, receive at least one parameter group request from the at least one identified content protection client, and configure message handling for the at least one identified content protection client based on the received at least one parameter group request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A highly configurable kernel supports a wide variety of content protection systems. The kernel may reside in a host that interacts with a secure processor maintaining content protection clients. After establishing communication with the secure processor, the host receives messages from content protection clients requesting rules for message handling operations to support client operations. This flexible configuration allows for dynamic reconfiguration of host and secure processor operation.

Citations

19 Claims

1. A dynamically configurable system for providing protection of content streams comprising:
- a secure processor operative to maintain a plurality of content protection clients, each content protection client having a set of functional requirements for message communication; and
  
  a host in local communication with the secure processor, the host supporting a configurable kernel for interfacing with the secure processor, the kernel operative to send a request to the secure processor, identify at least one content protection client maintained by the secure processor based on a response to the request, send a message to at least one of the at least one identified content protection client, receive at least one parameter group request from the at least one identified content protection client, and configure message handling for the at least one identified content protection client based on the received at least one parameter group request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1 wherein the host is further operative to receive a message and, if the message is destined for the at least one identified content protection client, apply operations specified in the at least one parameter group request to the received message.
  - 3. The system of claim 1 wherein the host supports a plurality of connection types, the kernel further operative to establish at least one connection of at least one connection type for each of the at least one identified content protection client.
  - 4. The system of claim 1 wherein the at least one parameter group request specifies filtering parameters for selectively filtering messages received by the host.
  - 5. The system of claim 4 wherein the host implements a plurality of queues arranged in a priority hierarchy for each of the at least one identified content protection client, the at least one parameter group request specifying into which queue messages received by the host will be placed based on the specified filter parameters.
  - 6. The system of claim 4 wherein duplicate received messages are processed based on the selective filtering.
  - 7. The system of claim 1 wherein the host implements a high priority queue for at least one content protection client and at least one lower priority queue for each of a plurality of content protection clients based on configuration information for each content protection client, the host operative to handle every message in the high priory queue for each of the at least one content protection client before handling any message in the lower priority queues.
  - 8. The system of claim 7 wherein the at least one lower priority queue for each of the plurality of content protection clients is at least two lower priority queues for each of the plurality of content protection clients, a mid priority queue and a low priority queue with priority less than the mid priority queue, the host operative to handle a plurality of messages in the mid priority queues in a round robin fashion according to a queue selection algorithm before handling messages in the low priority queues, then to handle at least one message in the low priority queues.
  - 9. The system of claim 8 wherein each of the plurality of content protection clients is assigned a status queue for holding status messages, the host operative to treat each status queue as a mid priority queue during round robin processing of the mid priority queues and to treat each status queue as a low priority queue during round robin processing of low priority queues.
  - 10. The system of claim 1 wherein the host is operative to request the secure processor to yield execution in response to a message sent to the secure processor.

11. A method for operating customer premises equipment having a secure processor maintaining a plurality of content protection clients, the method comprising:
- sending a request to the secure processor requesting information about the plurality of content protection clients;
  
  receiving, in response to the sent request, information identifying each of the plurality of content protection clients;
  
  sending a message to each of the identified content protection clients;
  
  receiving message handling instructions from at least one of the identified content protection client; and
  
  configuring message handling operations for the at least one identified content protection client based on the received message handling instructions, the message handling operations including parameters for selectively filtering received messages.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11 further comprising establishing at least one data connection for the at least one identified content protection client based on a connection identifier and a connection type specified in a message received from the at least one identified content protection client.
  - 13. The method of claim 11 further comprising placing a received message into one of a plurality of queues established for the at least one identified content protection client based on the results of the selective filtering.
  - 14. The method of claim 11 further comprising processing a duplicate received message based on the results of the selective filtering.
  - 15. The method of claim 11 further comprising:
    - establishing a hierarchical set of message queues having at least three levels of priority queues; and
      
      receiving, for each identified content protection client, a message specifying queue configuration; and
      
      assigning to each identified content protection client a queue from at least two of the at least three levels of priority based on the received message specifying queue configuration.
  - 16. The method of claim 11 further comprising:
    - establishing a first set of message queues, at least one identified client receiving messages from a member queue of the first set;
      
      establishing a second set of message queues having a lower priority than the message queues in the first set of message queues, at least one identified client receiving messages from a member queue of the second set;
      
      establishing a status message queue for each of the at least one identified client; and
      
      determining from which queue to send a next message based on a dequeuing algorithm providing priority to the first set of message queues over the second set of message queues, wherein the status message queues are considered members of both the first set of message queues and the second set of message queues.
  - 17. The method of claim 11 further comprising requesting the secure processor to yield execution in response to a message sent to the secure processor.
  - 18. The method of claim 11 further comprising parsing a received message based on the results of the selective filtering.
  - 19. The method of claim 11 further comprising:
    - receiving at a host downloaded code implementing at least one of the plurality of content protection clients;
      
      segmenting the downloaded code into a plurality of messages;
      
      sending the plurality of messages to the secure processor; and
      
      sending a request to the secure processor requesting information about the at least one content protection client implemented by the downloaded code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comcast Cable Holdings LLC (Comcast Corporation)
Original Assignee
Comcast Cable Holdings LLC (Comcast Corporation)
Inventors
Fahrny, James, Manson, Azita Miahnahri, Davoust, Nancy Louise, Lilly, Henry Clarence III, Twigger, Andrew T., Helms, William Lynn, Taylor, Kevin Norman

Granted Patent

US 7,934,083 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04N 21/443   OS processes, e.g. booting ...

H04N 21/4623   Processing of entitlement m...

CONFIGURABLE ACCESS KERNAL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

CONFIGURABLE ACCESS KERNAL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links