Trust Establishment From Forward Link Only To Non-Forward Link Only Devices
First Claim
1. A method, operational on a security server, for establishing trust between an accessory device and a host device, comprising:
- receiving an accessory device identifier and a host device identifier via a first network;
generating an accessory token based on the accessory device identifier and a master key;
generating a host token using the host device identifier and the master key; and
sending the accessory token and the host token via a second network over a forward link only interface, the accessory token and the host token utilized to establish a session key between the accessory device and the host device.
1 Assignment
0 Petitions
Accused Products
Abstract
In the present system three methods are provided for establishing trust between an accessory device and a host device, without placing trust in the device/host owner, so that content protection for subscriber-based mobile broadcast services is provided. That is, a secure link may be established between the accessory device and the host device so when the accessory device receives encrypted content via a forward link only network, the accessory device may decrypt the content at the forward link only stack and then re-encrypt it or re-secure it using the master key or some other derived key based on the master key (or the session key) and then send it to the host device which can decrypt it play it back.
-
Citations
33 Claims
-
1. A method, operational on a security server, for establishing trust between an accessory device and a host device, comprising:
-
receiving an accessory device identifier and a host device identifier via a first network; generating an accessory token based on the accessory device identifier and a master key; generating a host token using the host device identifier and the master key; and sending the accessory token and the host token via a second network over a forward link only interface, the accessory token and the host token utilized to establish a session key between the accessory device and the host device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method, operational on a host device, for establishing trust with an accessory device, comprising:
-
sending an accessory device identifier and a host device identifier to a security server via a first network; receiving an accessory token and a host token from the security server, via a second network, over a forward link only interface, the accessory token and the host token utilized to establish a session key between the accessory device and the host device; decrypting a master key from the accessory token; sending the host device identifier to the accessory device; sending the accessory token to the accessory device when connecting the accessory device to the host device for a first time; deriving a session key from the master key; and receiving content from the accessory device encrypted with the session key via the first network. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A host device for establishing trust with an accessory device, the host device comprising:
-
a first communication interface for communicating with a subscriber-based service; a second communication interface for communicating with the accessory device; and a processing circuit coupled to the first and second communication interfaces, the processing circuit adapted to send an accessory device identifier and a host device identifier to a security server via a first network; receive an accessory token and a host token from the security server, via a second network, over a forward link only interface, the accessory token and the host token utilized to establish a session key between the accessory device and the host device; decrypt a master key from the accessory token; send the host device identifier to the accessory device; send the accessory token to the accessory device when connecting the accessory device to the host device for a first time; derive a session key from the master key; and receive content from the accessory device encrypted with the session key via the first network.
-
-
21. A host device for establishing trust with an accessory device, the host device comprising:
-
means for sending an accessory device identifier and a host device identifier to a security server via a first network; means for receiving an accessory token and a host token from the security server, via a second network, over a forward link only interface, the accessory token and the host token utilized to establish a session key between the accessory device and the host device; means for decrypting a master key from the accessory token; means for sending the host device identifier to the accessory device; means for sending the accessory token to the accessory device when connecting the accessory device to the host device for a first time; means for deriving a session key from the master key; and means for receiving content from the accessory device encrypted with the session key via the first network.
-
-
22. A computer-readable medium comprising instructions executable by a processor for establishing trust between an accessory device and a host device, comprising:
-
send an accessory device identifier and a host device identifier to a security server via a first network; receive an accessory token and a host token from the security server, via a second network, over a forward link only interface, the accessory token and the host token utilized to establish a session key between the accessory device and the host device; decrypt a master key from the accessory token; send the host device identifier to the accessory device; send the accessory token to the accessory device when connecting the accessory device to the host device for a first time; derive a session key from the master key; and receive content from the accessory device encrypted with the session key via the first network.
-
-
23. A method, operational on an accessory device, for establishing trust with a host device, comprising:
-
receiving a host device identifier from the host device; receiving an accessory token, corresponding to the host device identifier, from the host device when connecting the accessory device to the host device for a first time; decrypting a master key from the accessory token; deriving a session key from the master key; and transmitting content to the host device encrypted with the session key. - View Dependent Claims (24, 25, 26)
-
-
27. An accessory device for establishing trust with a host device, the accessory device comprising:
-
a first communication interface for communicating with a subscriber-based service; a second communication interface for communicating with the host device; and a processing circuit coupled to the first and second communication interfaces, the processing circuit adapted to receive a host device identifier from the host device; receive an accessory token, corresponding to the host device identifier, from the host device when connecting the accessory device to the host device for a first time; decrypt a master key from the accessory token; derive a session key from the master key; and transmit content to the host device encrypted with the session key.
-
-
28. An accessory device for establishing trust with a host device, the accessory device comprising:
-
means for receiving a host device identifier from the host device; means for receiving an accessory token, corresponding to the host device identifier, from the host device when connecting the accessory device to the host device for a first time; means for decrypting a master key from the accessory token; means for deriving a session key from the master key; and means for transmitting content to the host device encrypted with the session key.
-
-
29. A computer-readable medium comprising instructions executable by a processor for establishing trust between an accessory device and a host device, comprising:
-
receive a host device identifier from the host device; receive an accessory token, corresponding to the host device identifier, from the host device when connecting the accessory device to the host device for a first time; decrypt a master key from the accessory token; derive a session key from the master key; and transmit content to the host device encrypted with the session key.
-
-
30. An accessory device for establishing trust with a host device, the accessory device comprising:
-
a first communication interface for communicating with a subscriber-based service; a second communication interface for communicating with the host device; and a processing circuit coupled to the first and second communication interfaces, the processing circuit adapted to receive an accessory token and a host token from a security server via a second network over a forward link only interface; decrypt a master key from the accessory token; receive a host device identifier from the host device via a first network; send the host token to the accessory device, via the first network, when connecting the accessory device to the host device for a first time; derive a session key from the master key; and deliver content to the host device encrypted with the session key via the first network.
-
-
31. A host device for establishing trust with an accessory device, the host device comprising:
-
a first communication interface for communicating with a subscriber-based service; a second communication interface for communicating with the accessory device; and a processing circuit coupled to the first and second communication interfaces, the processing circuit adapted to deliver a host device identifier to the accessory device; receive a host token from the accessory device; decrypt a master key from the host token; derive a session key from the master key; and receive content from the accessory device encrypted with the session key.
-
-
32. An accessory device for establishing trust with a host device, the accessory device comprising:
-
a first communication interface for communicating with a subscriber-based service; a second communication interface for communicating with the host device; and a processing circuit coupled to the first and second communication interfaces, the processing circuit adapted to install a public key of a certificate authority in a trust agent of the accessory device; receive a certificate revocation list, the certificate revocation list is received via a forward link only interface, through software updates installed on the accessory device through direct connection of the accessory device to a personal computer or through a network line with the host device; receive a signed certificate from the host device, the signed certificate including a public key of the host device and type of the host device; validate the signed certificate using the public key of the certificate authority and confirming that the type of the host device is on an approved list; generate a master key from the signed certificate; send the master key to the host device encrypted with the public key of the host device; derive a session key from the master key; and transmit content to the host device encrypted with the session key.
-
-
33. A host device for establishing trust with an accessory device, the host device comprising:
-
a first communication interface for communicating with a subscriber-based service; a second communication interface for communicating with the accessory device; and a processing circuit coupled to the first and second communication interfaces, the processing circuit adapted to install a private key and a certificate authority on a trust agent of the host device; send a signed certificate to the accessory device; receive a master key encrypted with a public key of the host device from the accessory device; decrypt the master key the master key using the public key; revoke a trust previously established with a previous master key; derive a session key from the master key; and receive content to the host device encrypted with the session key.
-
Specification