METHOD AND APPARATUS OF MUTUAL AUTHENTICATION AND KEY DISTRIBUTION FOR DOWNLOADABLE CONDITIONAL ACCESS SYSTEM IN DIGITAL CABLE BROADCASTING NETWORK

US 20090144541A1
Filed: 11/19/2008
Published: 06/04/2009
Est. Priority Date: 12/03/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method of controlling a downloadable Conditional Access (CA) Secure Micro (SM) in a mutual authentication method in a digital cable broadcasting network, the method comprising:

generating, by the downloadable CA SM, a public key and a private key as one pair, using a specific algorithm;

requesting a Trusted Authority (TA) to issue an SM certificate via a secure communication channel of an Authentication Proxy (AP) Server using the generated keys;

verifying whether the SM certificate issued from the TA via the secure communication channel is forged or altered using a TA certificate included in the downloadable CA SM;

transmitting an SM authentication request message to the AP server based on the SM certificate for which the verifying is completed; and

comparing first AP server identification information and second AP server identification information included in the SM certificate issued from the TA and verifying whether the first and second AP server identification information are the same using an SM authentication response message received from the AP server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus of X.509 certificate-based mutual authentication and key distribution for a Downloadable Conditional Access System (DCAS) in a digital cable broadcasting network is provided for composing a software-based secure DCAS in various Conditional Access Systems (CASs) based on an embodiment form of Conditional Access (CA) application for CA of digital cable broadcasting.

66 Citations

View as Search Results

16 Claims

1. A method of controlling a downloadable Conditional Access (CA) Secure Micro (SM) in a mutual authentication method in a digital cable broadcasting network, the method comprising:
- generating, by the downloadable CA SM, a public key and a private key as one pair, using a specific algorithm;
  
  requesting a Trusted Authority (TA) to issue an SM certificate via a secure communication channel of an Authentication Proxy (AP) Server using the generated keys;
  
  verifying whether the SM certificate issued from the TA via the secure communication channel is forged or altered using a TA certificate included in the downloadable CA SM;
  
  transmitting an SM authentication request message to the AP server based on the SM certificate for which the verifying is completed; and
  
  comparing first AP server identification information and second AP server identification information included in the SM certificate issued from the TA and verifying whether the first and second AP server identification information are the same using an SM authentication response message received from the AP server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - downloading CA system client software from a cable network of a Multiple System Operator (MSO) network being a member of a cable broadcasting service.
  - 3. The method of claim 1, wherein the downloadable CA SM stores information including an SM Identification number (ID) issued from the TA when manufacturing the SM, the SM certificate, and the TA certificate.
  - 4. The method of claim 1, wherein the requesting appends a signature value including each of an SM ID, the generated public key, a timestamp, and the private key of the SM certificate being issued and being stored when manufacturing the SM, and requests the TA to issue the SM certificate using the SM ID, the generated public key, the timestamp, and the private key of the SM certificate.
  - 5. The method of claim 1, wherein the transmitting further includes a variable of a predetermined length for preventing a message retransmission attack and a signature value for preventing forgery or alteration of a message in addition to the SM certificate.
  - 6. The method of claim 1, wherein the specific algorithm is a Rivest Shamir Adleman (RSA) algorithm.
  - 7. The method of claim 1, wherein the downloadable CA SM is based on a certificate and is connected with a Cable Modem Termination System (CMTS) using a Hybrid Fiber Coax (HFC) network.

8. A method of controlling an AP server, the method comprising:
- generating, by the AP server, a secure communication channel with a TA;
  
  verifying validity of an SM certificate received from a downloadable CA SM, and authenticating an SM;
  
  generating a session key being a symmetric key for secure communication of a corresponding downloadable CA SM when SM authentication of the SM certificate is completed; and
  
  transmitting an SM authentication response using the generated session key.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein the verifying and authenticating verifies the validity of the SM certificate received from the downloadable CA SM, and authenticates the SM using a TA certificate stored in the AP server and Certification Revocation List (CRL) information.
  - 10. The method of claim 8, wherein the transmitting encrypts the session key and the SM certificate using a public key of the SM certificate for which authentication is completed, and transmits the SM authentication response along with a message signature.
  - 11. The method of claim 8, further comprising:
    - updating, by the AP server, newest information about CRL information with the TA regularly or irregularly.
  - 12. The method of claim 8, wherein the AP server stores information including a TA certificate and an AP server certificate of the AP server, the AP server certificate being issued from the TA.

13. A method of controlling a TA in a mutual authentication method in a digital cable broadcasting network, the method comprising:
- issuing, by the TA, an SM certificate with respect to a downloadable CA SM, and storing list information about the downloadable CA SM in a downloadable CA SM key pairing database (DB);
  
  receiving an SM certificate request message from the downloadable CA SM;
  
  searching for the downloadable CA SM key pairing DB based on the received message, and verifying validity of a requested downloadable CA SM; and
  
  issuing the SM certificate signed by a private key of a TA to the downloadable CA SM based on a result of the verifying.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein the issuing of the SM certificate signed by the private key of the TA issues the SM certificate signed by the private key of the TA and transmits the SM certificate along with the same timestamp included in the SM certificate request message, using an ID assigned to the downloadable CA SM, a public key, and information of an AP server, the information including an Internet address.
  - 15. The method of claim 13, wherein the TA stores ID information allocated for classifying each AP server and information of the AP server including an Internet address.
  - 16. The method of claim 13, wherein the list information stored by the downloadable CA SM key pairing information DB includes an ID assigned to each downloadable CA SM when manufacturing the downloadable CA SM, the SM certificate, and information about whether each certificate issued during a downloadable CA service period is valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
KWON, O Hyung, LEE, Soo In, KIM, Soon Choul

Application Number

US12/273,599
Publication Number

US 20090144541A1
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 63/123   received data contents, e.g...

H04L 9/321   involving a third party or ...

H04L 9/3268   using certificate validatio...

H04L 9/3273   for mutual authentication n...

METHOD AND APPARATUS OF MUTUAL AUTHENTICATION AND KEY DISTRIBUTION FOR DOWNLOADABLE CONDITIONAL ACCESS SYSTEM IN DIGITAL CABLE BROADCASTING NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

66 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS OF MUTUAL AUTHENTICATION AND KEY DISTRIBUTION FOR DOWNLOADABLE CONDITIONAL ACCESS SYSTEM IN DIGITAL CABLE BROADCASTING NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links