BLACKBOX SECURITY PROVIDER PROGRAMMING SYSTEM PERMITTING MULTIPLE CUSTOMER USE AND IN FIELD CONDITIONAL ACCESS SWITCHING
First Claim
Patent Images
1. A method of securely providing data (D) for use by a hardware device of a receiver, comprising the steps of:
- securely transmitting a secret value (SV) from a first entity to a manufacturer of the hardware device and securely and unalterably storing the secret value (SV) in a secure memory of the hardware device via a black box device disposed at a manufacturer of the hardware device;
encrypting, in the first entity, a product provisioning key (PPK) according to the SV to produce an encrypted PPK (ESV[PPK]);
securely transmitting the encrypted PPK (ESV[PPK]) from the first entity to the manufacturer of the hardware device and securely and unalterably storing the encrypted PPK ESV[PPK] in a secure memory of the hardware device via the black box device disposed at the manufacturer of the hardware device;
receiving, in a second entity, a customer global key (CGK) generated by the first entity;
encrypting, in the second entity, the data (D) according to the customer global key (CGK) to produce an encrypted data (ECGK[D]);
encrypting, in the first entity, the customer global key (CGK) according to the product provisioning key (PPK) to produce an encrypted customer global key (EPPK[CGK]); and
transmitting the encrypted customer global key (EPPK[CGK]) and the encrypted data (ECGK[D]) to the hardware device after the hardware device is field distributed to a third entity;
wherein the PPK is known first entity and kept secret from the second and the third entity.
6 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus, article of manufacture, and a memory structure for securely providing data for use by a hardware device of a receiver. The method utilizes a product provisioning key (PPV) held secure from other entities that can be unlocked and used with a secret value securely and unchangeably stored in the hardware device.
91 Citations
44 Claims
-
1. A method of securely providing data (D) for use by a hardware device of a receiver, comprising the steps of:
-
securely transmitting a secret value (SV) from a first entity to a manufacturer of the hardware device and securely and unalterably storing the secret value (SV) in a secure memory of the hardware device via a black box device disposed at a manufacturer of the hardware device; encrypting, in the first entity, a product provisioning key (PPK) according to the SV to produce an encrypted PPK (ESV[PPK]); securely transmitting the encrypted PPK (ESV[PPK]) from the first entity to the manufacturer of the hardware device and securely and unalterably storing the encrypted PPK ESV[PPK] in a secure memory of the hardware device via the black box device disposed at the manufacturer of the hardware device; receiving, in a second entity, a customer global key (CGK) generated by the first entity; encrypting, in the second entity, the data (D) according to the customer global key (CGK) to produce an encrypted data (ECGK[D]); encrypting, in the first entity, the customer global key (CGK) according to the product provisioning key (PPK) to produce an encrypted customer global key (EPPK[CGK]); and transmitting the encrypted customer global key (EPPK[CGK]) and the encrypted data (ECGK[D]) to the hardware device after the hardware device is field distributed to a third entity; wherein the PPK is known first entity and kept secret from the second and the third entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for securely providing data (D) for use by a hardware device of a receiver, comprising:
-
a first entity, having; a secure transmission means, for transmitting a secret value (SV) from the first entity to a manufacturer of the hardware device; and a black box device for securely and unalterably storing the secret value (SV) in a secure memory of the hardware device via a black box device disposed at a manufacturer of the hardware device; an encryptor for encrypting, the PPK according to the SV to produce an encrypted PPK ESV[PPK]; wherein the secure transmission means further transmits the encrypted PPK ESV[PPK] from the first entity to the manufacturer of the hardware device and the black box device securely and unalterably storing the encrypted PPK ESV[PPK] in a secure memory of the hardware device via the black box device disposed at the manufacturer of the hardware device; a second entity, comprising; a means for receiving, a customer global key (CGK) generated by the first entity; an encryptor, for encrypting the data (D) according to the customer global key (CGK) to produce an encrypted data (ECGK[D]) and for encrypting the customer global key (CGK) according to a product provisioning key (PPK) to produce an encrypted customer global key (EPPK[CGK]); and means for transmitting the encrypted customer global key (EPPK[CGK]) and the encrypted data (ECGK[D]) to the hardware device after the hardware device is field distributed to a third entity; wherein the PPK is known first entity and kept secret from the second and the third entity. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A method of unlocking a hardware device, comprising the steps of:
-
transmitting a product provisioning key (PPK) encrypted according to a secret value (SV) (ESV[PPK]) from a first entity to a second entity for secure storage in a hardware device; receiving a customer validation code (CVC) from the second entity, the (CVC) computed in the hardware device from the encrypted product provisioning key ESV[PPK]; receiving an unlock request comprising the customer validation code (CVC) and a hardware unique identifier (PID) in the first entity from the second entity; computing an expected customer validation code (CVC) in the first entity from the secret value (SV) and the product provisioning key (PPK); and transmitting data unlocking the hardware device if the expected customer validation code (CVC) computed by the first entity matches the received customer validation code from the second entity. - View Dependent Claims (26, 27, 28, 29)
-
-
30. A method of unlocking a hardware device, comprising the steps of:
-
securely storing a secret value (SV) from the first entity in the hardware device using a black box provided by the first entity; securely storing a product provisioning key (PPK) encrypted with the SV from the first entity in the hardware device using a black box provided by the first entity; computing customer validation code (CVC) at least in part from the PPKSV; and providing the hardware device to a third entity. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
- 31. The method of claim 31, wherein the CVC is computed in the hardware device at least in part from the PPKSV, a customer seed from the first entity and a hardware device unique identifier (PID).
Specification