DOWNLOADING OF DATA TO SECURE DEVICES

US 20140376718A1
Filed: 06/19/2014
Published: 12/25/2014
Est. Priority Date: 11/22/2011
Status: Active Grant

First Claim

Patent Images

1. (canceled)

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.

Citations

21 Claims

1. (canceled)

2. A method comprising:
- retrieving, by a secure device, personalized unit data and a sequence number stored in a memory of the secure device;
  
  generating, by the secure device, a first decryption key based on the personalized unit data and the sequence number, wherein generating the first decryption key comprises executing at least a portion of a key generation algorithm a number of times based on the sequence number; and
  
  decrypting, by the secure device, first content using the first decryption key.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10)
- - 3. The method of claim 2, further comprising:
    - after decrypting the first content using the first decryption key, changing the sequence number stored in the memory of the secure device to an updated sequence number;
      
      receiving second content;
      
      in response to receiving the second content, generating a second decryption key based on the personalized unit data and the updated sequence number, the generating comprising executing at least a portion of the key generation algorithm a number of times based on the updated sequence number, wherein the second decryption key is different than the first decryption key; and
      
      decrypting the second content using the second decryption key.
  - 4. The method of claim 3, wherein generating the first decryption key comprises generating a predetermined number (N) of decryption keys using the key generation algorithm and using the Nth generated decryption key as the first decryption key, andwherein generating the second decryption key comprises generating N−
    - 1 decryption keys using the key generation algorithm and using the Nth−
      
      1 generated decryption key as the second decryption key.
  - 5. The method of claim 2, further comprising:
    - determining that the decryption of the first content using the first decryption key was not successful;
      
      determining that the sequence number in the memory of the secure device should not be changed, based on the determination that the decryption of the first content using the first decryption key was not successful;
      
      receiving second content; and
      
      decrypting the second content using the first decryption key.
  - 6. The method of claim 2, wherein the personalized unit data is based on a serial number of the secure device.
  - 7. The method of claim 2, further comprising:
    - determining, by the secure device, that the decryption of the first content using the first decryption key was successful; and
      
      in response to determining that the decryption of the first content using the first decryption key was successful, incrementing or decrementing the sequence number stored within the memory of the secure device.
  - 8. The method of claim 2, wherein the first content corresponds to a first software code image, and wherein the method further comprises:
    - executing the first software code image at the secure device;
      
      determining, by the secure device, that the execution of the first code image was successful; and
      
      in response to determining that the execution of the first code image was successful, incrementing or decrementing the sequence number stored within the memory of the secure device.
  - 9. The method of claim 2, further comprising:
    - incrementing or decrementing the sequence number stored within the memory of the secure device, wherein the sequence number is incremented or decremented regardless of whether the decryption of the first content using the first decryption key was successful.
  - 10. The method of claim 2, wherein the personalized unit data is based on at least a type or version of software currently loaded on the secure device.

11. A method comprising:
- retrieving from a secure memory, by a computing device, first personalized unit data and a first sequence number associated with a first secure processor;
  
  generating, by the computing device, a first encryption key based on the first personalized unit data and the first sequence number, wherein generating the first encryption key comprises executing at least a portion of a key generation algorithm a number of times based on the first sequence number; and
  
  encrypting, by the computing device, a first content download using the first encryption key; and
  
  transmitting, by the computing device, the encrypted first content download to the first secure processor.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, further comprising:
    - retrieving second personalized unit data associated with a second secure processor;
      
      generating a second encryption key based on the second personalized unit data associated with the second secure processor, wherein the second encryption key is different from the first encryption key;
      
      encrypting the first content download using the second encryption key; and
      
      transmitting the first content download encrypted with the second encryption key to the second secure processor.
  - 13. The method claim 11, further comprising:
    - after transmitting the encrypted first content download to the first secure processor, changing the first sequence number to an updated first sequence number; and
      
      storing at the computing device the updated first sequence number in a memory, the updated first sequence number corresponding to the number of previous content downloads performed at the first secure processor.
  - 14. The method of claim 13, further comprising:
    - generating a second encryption key based on the personalized unit data associated with the first secure processor and the updated first sequence number, the generating comprising iteratively executing at least a portion of the key generation algorithm a number of times based on the updated first sequence number, wherein the second encryption key is different than the first encryption key;
      
      encrypting a second content download using the second encryption key; and
      
      transmitting the encrypted second content download to the first secure processor.
  - 15. The method of claim 11, further comprising:
    - storing, at the computing device, a plurality of unique personalized unit data and a plurality of content download sequence numbers, wherein each unique personalized unit data and each content download sequence number correspond to one of a plurality of secure processors associated with the computing device.
  - 16. The method of claim 11, further comprising:
    - receiving, by the computing device, a confirmation message from the first secure processor, the confirmation message indicating that the encrypted first content was successfully decrypted by the first secure processor; and
      
      in response to receiving the confirmation message indicating that the encrypted first content was successfully decrypted by the first secure processor, incrementing or decrementing the first sequence number associated with the first secure processor in a memory of the computing device.
  - 17. The method of claim 11, further comprising:
    - receiving, by the computing device, a confirmation message from the first secure processor, the confirmation message indicating that the encrypted first content was successfully executed by the first secure processor; and
      
      in response to receiving the confirmation message indicating that the encrypted first content was successfully executed by the first secure processor, incrementing or decrementing, in a memory of the computing device, the first sequence number associated with the first secure processor.
  - 18. The method of claim 11, further comprising:
    - incrementing or decrementing, in a memory of the computing device, the first sequence number associated with the first secure processor, wherein the first sequence number is incremented or decremented regardless of whether the encrypted first content was successfully decrypted or successfully executed by the first secure processor.

19. A method, comprising:
- encrypting, by a control server, a first content download for a first secure processor, wherein the encrypting is based on a first sequence number associated with the first secure processor;
  
  transmitting, by the control server, the encrypted first content download to the first secure processor;
  
  receiving, by the control server, a confirmation message indicating that the encrypted first content download was successfully executed by the first secure processor; and
  
  in response to receiving the confirmation message, updating the first sequence number corresponding to the first secure processor within a secure memory of the control server.
- View Dependent Claims (20, 21)
- - 20. The method of claim 19, wherein encrypting the first content download comprises:
    - generating a first encryption key based on the first sequence number and based on first personalized unit data associated with the first secure processor, said generating comprising executing at least a portion of a key generation algorithm a number of times based on the first sequence number; and
      
      encrypting the first content download using the first encryption key.
  - 21. The method of claim 19, wherein updating the first sequence number comprises incrementing or decrementing the first sequence number within the secure memory of the control server, in response to receiving the confirmation message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Combined Conditional Access Development & Support LLC
Original Assignee
Combined Conditional Access Development & Support LLC
Inventors
Tang, Lawrence W., Petty, Douglas M., Habrat, Michael T.

Granted Patent

US 11,115,201 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

G06F 21/1011   to devices

G06F 21/109   by using specially-adapted ...

G06Q 20/1235   with control of digital rig...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3823   combining multiple encrypti...

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

H04L 9/3236   using cryptographic hash fu...

DOWNLOADING OF DATA TO SECURE DEVICES

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

DOWNLOADING OF DATA TO SECURE DEVICES

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links