Trust Establishment From Forward Link Only To Non-Forward Link Only Devices

US 20100153709A1
Filed: 12/09/2009
Published: 06/17/2010
Est. Priority Date: 12/10/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method, operational on a security server, for establishing trust between an accessory device and a host device, comprising:

receiving an accessory device identifier and a host device identifier via a first network;

generating an accessory token based on the accessory device identifier and a master key;

generating a host token using the host device identifier and the master key; and

sending the accessory token and the host token via a second network over a forward link only interface, the accessory token and the host token utilized to establish a session key between the accessory device and the host device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In the present system three methods are provided for establishing trust between an accessory device and a host device, without placing trust in the device/host owner, so that content protection for subscriber-based mobile broadcast services is provided. That is, a secure link may be established between the accessory device and the host device so when the accessory device receives encrypted content via a forward link only network, the accessory device may decrypt the content at the forward link only stack and then re-encrypt it or re-secure it using the master key or some other derived key based on the master key (or the session key) and then send it to the host device which can decrypt it play it back.

Citations

33 Claims

1. A method, operational on a security server, for establishing trust between an accessory device and a host device, comprising:
- receiving an accessory device identifier and a host device identifier via a first network;
  
  generating an accessory token based on the accessory device identifier and a master key;
  
  generating a host token using the host device identifier and the master key; and
  
  sending the accessory token and the host token via a second network over a forward link only interface, the accessory token and the host token utilized to establish a session key between the accessory device and the host device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the security server includes a key server, a host trust agent provider and an accessory trust agent provider.
  - 3. The method of claim 2, wherein the key server generates a master key and delivers the accessory device identifier and the master key to the accessory trust agent provider;
    - andwherein the accessory trust agent provider generates the accessory token using the accessory device identifier and the master key and delivers the accessory token to the key server.
  - 4. The method of claim 3, wherein the key server delivers the host device identifier and master key to the host trust agent provider.
  - 5. The method of claim 2, wherein the host trust agent provider generates the host token and delivers the host token to the key server.
  - 6. The method of claim 1, wherein the accessory device is a forward link only receiver.
  - 7. The method of claim 1, wherein the session key between the accessory device and the host device is temporary.
  - 8. The method of claim 1, wherein the accessory token and the host token are sent to the accessory device via the forward link only interface.
  - 9. The method of claim 1, wherein the key server delivers empty tokens, a command to perform a task or tokens with new master keys to revoke or renew the session key between the accessory device and the host device.
  - 10. The method of claim 9, wherein the task is to revoke the master key.
  - 11. The method of claim 1, further comprising:
    - delivering an application to the host device along with the host token, wherein the application is a user interface or a player that facilitates communications between the host device and the accessory device.
  - 12. The method of claim 1, wherein the host device sends the host device identifier encrypted to the accessory device.
  - 13. The method of claim 1, wherein the accessory device sends the host token to the host device.

14. A method, operational on a host device, for establishing trust with an accessory device, comprising:
- sending an accessory device identifier and a host device identifier to a security server via a first network;
  
  receiving an accessory token and a host token from the security server, via a second network, over a forward link only interface, the accessory token and the host token utilized to establish a session key between the accessory device and the host device;
  
  decrypting a master key from the accessory token;
  
  sending the host device identifier to the accessory device;
  
  sending the accessory token to the accessory device when connecting the accessory device to the host device for a first time;
  
  deriving a session key from the master key; and
  
  receiving content from the accessory device encrypted with the session key via the first network.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, wherein the content is real-time content.
  - 16. The method of claim 14, wherein the accessory device is a forward link only receiver.
  - 17. The method of claim 14, wherein the session key between the accessory device and the host device is temporary.
  - 18. The method of claim 14, further comprising:
    - receiving an application along with the host token, wherein the application is a user interface or a player that facilitates communications between the host device and the accessory device.
  - 19. The method of claim 14, further comprising revoking a prior trust established between the host device and the accessory device using a previous master key.

20. A host device for establishing trust with an accessory device, the host device comprising:
- a first communication interface for communicating with a subscriber-based service;
  
  a second communication interface for communicating with the accessory device; and
  
  a processing circuit coupled to the first and second communication interfaces, the processing circuit adapted tosend an accessory device identifier and a host device identifier to a security server via a first network;
  
  receive an accessory token and a host token from the security server, via a second network, over a forward link only interface, the accessory token and the host token utilized to establish a session key between the accessory device and the host device;
  
  decrypt a master key from the accessory token;
  
  send the host device identifier to the accessory device;
  
  send the accessory token to the accessory device when connecting the accessory device to the host device for a first time;
  
  derive a session key from the master key; and
  
  receive content from the accessory device encrypted with the session key via the first network.

21. A host device for establishing trust with an accessory device, the host device comprising:
- means for sending an accessory device identifier and a host device identifier to a security server via a first network;
  
  means for receiving an accessory token and a host token from the security server, via a second network, over a forward link only interface, the accessory token and the host token utilized to establish a session key between the accessory device and the host device;
  
  means for decrypting a master key from the accessory token;
  
  means for sending the host device identifier to the accessory device;
  
  means for sending the accessory token to the accessory device when connecting the accessory device to the host device for a first time;
  
  means for deriving a session key from the master key; and
  
  means for receiving content from the accessory device encrypted with the session key via the first network.

22. A computer-readable medium comprising instructions executable by a processor for establishing trust between an accessory device and a host device, comprising:
- send an accessory device identifier and a host device identifier to a security server via a first network;
  
  receive an accessory token and a host token from the security server, via a second network, over a forward link only interface, the accessory token and the host token utilized to establish a session key between the accessory device and the host device;
  
  decrypt a master key from the accessory token;
  
  send the host device identifier to the accessory device;
  
  send the accessory token to the accessory device when connecting the accessory device to the host device for a first time;
  
  derive a session key from the master key; and
  
  receive content from the accessory device encrypted with the session key via the first network.

23. A method, operational on an accessory device, for establishing trust with a host device, comprising:
- receiving a host device identifier from the host device;
  
  receiving an accessory token, corresponding to the host device identifier, from the host device when connecting the accessory device to the host device for a first time;
  
  decrypting a master key from the accessory token;
  
  deriving a session key from the master key; and
  
  transmitting content to the host device encrypted with the session key.
- View Dependent Claims (24, 25, 26)
- - 24. The method of claim 23, wherein the content is real-time content.
  - 25. The method of claim 23, wherein the accessory device is a forward link only receiver.
  - 26. The method of claim 23, wherein the session key between the accessory device and the host device is temporary.

27. An accessory device for establishing trust with a host device, the accessory device comprising:
- a first communication interface for communicating with a subscriber-based service;
  
  a second communication interface for communicating with the host device; and
  
  a processing circuit coupled to the first and second communication interfaces, the processing circuit adapted toreceive a host device identifier from the host device;
  
  receive an accessory token, corresponding to the host device identifier, from the host device when connecting the accessory device to the host device for a first time;
  
  decrypt a master key from the accessory token;
  
  derive a session key from the master key; and
  
  transmit content to the host device encrypted with the session key.

28. An accessory device for establishing trust with a host device, the accessory device comprising:
- means for receiving a host device identifier from the host device;
  
  means for receiving an accessory token, corresponding to the host device identifier, from the host device when connecting the accessory device to the host device for a first time;
  
  means for decrypting a master key from the accessory token;
  
  means for deriving a session key from the master key; and
  
  means for transmitting content to the host device encrypted with the session key.

29. A computer-readable medium comprising instructions executable by a processor for establishing trust between an accessory device and a host device, comprising:
- receive a host device identifier from the host device;
  
  receive an accessory token, corresponding to the host device identifier, from the host device when connecting the accessory device to the host device for a first time;
  
  decrypt a master key from the accessory token;
  
  derive a session key from the master key; and
  
  transmit content to the host device encrypted with the session key.

30. An accessory device for establishing trust with a host device, the accessory device comprising:
- a first communication interface for communicating with a subscriber-based service;
  
  a second communication interface for communicating with the host device; and
  
  a processing circuit coupled to the first and second communication interfaces, the processing circuit adapted toreceive an accessory token and a host token from a security server via a second network over a forward link only interface;
  
  decrypt a master key from the accessory token;
  
  receive a host device identifier from the host device via a first network;
  
  send the host token to the accessory device, via the first network, when connecting the accessory device to the host device for a first time;
  
  derive a session key from the master key; and
  
  deliver content to the host device encrypted with the session key via the first network.

31. A host device for establishing trust with an accessory device, the host device comprising:
- a first communication interface for communicating with a subscriber-based service;
  
  a second communication interface for communicating with the accessory device; and
  
  a processing circuit coupled to the first and second communication interfaces, the processing circuit adapted todeliver a host device identifier to the accessory device;
  
  receive a host token from the accessory device;
  
  decrypt a master key from the host token;
  
  derive a session key from the master key; and
  
  receive content from the accessory device encrypted with the session key.

32. An accessory device for establishing trust with a host device, the accessory device comprising:
- a first communication interface for communicating with a subscriber-based service;
  
  a second communication interface for communicating with the host device; and
  
  a processing circuit coupled to the first and second communication interfaces, the processing circuit adapted toinstall a public key of a certificate authority in a trust agent of the accessory device;
  
  receive a certificate revocation list, the certificate revocation list is received via a forward link only interface, through software updates installed on the accessory device through direct connection of the accessory device to a personal computer or through a network line with the host device;
  
  receive a signed certificate from the host device, the signed certificate including a public key of the host device and type of the host device;
  
  validate the signed certificate using the public key of the certificate authority and confirming that the type of the host device is on an approved list;
  
  generate a master key from the signed certificate;
  
  send the master key to the host device encrypted with the public key of the host device;
  
  derive a session key from the master key; and
  
  transmit content to the host device encrypted with the session key.

33. A host device for establishing trust with an accessory device, the host device comprising:
- a first communication interface for communicating with a subscriber-based service;
  
  a second communication interface for communicating with the accessory device; and
  
  a processing circuit coupled to the first and second communication interfaces, the processing circuit adapted toinstall a private key and a certificate authority on a trust agent of the host device;
  
  send a signed certificate to the accessory device;
  
  receive a master key encrypted with a public key of the host device from the accessory device;
  
  decrypt the master key the master key using the public key;
  
  revoke a trust previously established with a previous master key;
  
  derive a session key from the master key; and
  
  receive content to the host device encrypted with the session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Hughes, Patrick J., Ansari, Bijan, Thomas, Panagiotis

Application Number

US12/634,388
Publication Number

US 20100153709A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 2221/2115   Third party

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 2463/061   applying further key deriva...

H04L 2463/062   applying encryption of the ...

H04L 63/064   Hierarchical key distributi...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0866   involving user or device id...

H04L 9/0891   Revocation or update of sec...

H04N 21/2541   Rights Management protectin...

H04N 21/25816   involving client authentica...

H04N 21/63345   by transmitting keys key di...

H04N 21/6581   Reference data, e.g. a movi...

H04W 12/06   Authentication

H04W 88/04   adapted for relaying to or ...

Trust Establishment From Forward Link Only To Non-Forward Link Only Devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Trust Establishment From Forward Link Only To Non-Forward Link Only Devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links