BLACKBOX SECURITY PROVIDER PROGRAMMING SYSTEM PERMITTING MULTIPLE CUSTOMER USE AND IN FIELD CONDITIONAL ACCESS SWITCHING

US 20150113278A1
Filed: 03/01/2013
Published: 04/23/2015
Est. Priority Date: 03/02/2012
Status: Active Grant

First Claim

Patent Images

1. A method of securely providing data (D) for use by a hardware device of a receiver, comprising the steps of:

securely transmitting a secret value (SV) from a first entity to a manufacturer of the hardware device and securely and unalterably storing the secret value (SV) in a secure memory of the hardware device via a black box device disposed at a manufacturer of the hardware device;

encrypting, in the first entity, a product provisioning key (PPK) according to the SV to produce an encrypted PPK (E_SV[PPK]);

securely transmitting the encrypted PPK (E_SV[PPK]) from the first entity to the manufacturer of the hardware device and securely and unalterably storing the encrypted PPK E_SV[PPK] in a secure memory of the hardware device via the black box device disposed at the manufacturer of the hardware device;

receiving, in a second entity, a customer global key (CGK) generated by the first entity;

encrypting, in the second entity, the data (D) according to the customer global key (CGK) to produce an encrypted data (E_CGK[D]);

encrypting, in the first entity, the customer global key (CGK) according to the product provisioning key (PPK) to produce an encrypted customer global key (E_PPK[CGK]); and

transmitting the encrypted customer global key (E_PPK[CGK]) and the encrypted data (E_CGK[D]) to the hardware device after the hardware device is field distributed to a third entity;

wherein the PPK is known first entity and kept secret from the second and the third entity.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, article of manufacture, and a memory structure for securely providing data for use by a hardware device of a receiver. The method utilizes a product provisioning key (PPV) held secure from other entities that can be unlocked and used with a secret value securely and unchangeably stored in the hardware device.

91 Citations

View as Search Results

44 Claims

1. A method of securely providing data (D) for use by a hardware device of a receiver, comprising the steps of:
- securely transmitting a secret value (SV) from a first entity to a manufacturer of the hardware device and securely and unalterably storing the secret value (SV) in a secure memory of the hardware device via a black box device disposed at a manufacturer of the hardware device;
  
  encrypting, in the first entity, a product provisioning key (PPK) according to the SV to produce an encrypted PPK (E_SV[PPK]);
  
  securely transmitting the encrypted PPK (E_SV[PPK]) from the first entity to the manufacturer of the hardware device and securely and unalterably storing the encrypted PPK E_SV[PPK] in a secure memory of the hardware device via the black box device disposed at the manufacturer of the hardware device;
  
  receiving, in a second entity, a customer global key (CGK) generated by the first entity;
  
  encrypting, in the second entity, the data (D) according to the customer global key (CGK) to produce an encrypted data (E_CGK[D]);
  
  encrypting, in the first entity, the customer global key (CGK) according to the product provisioning key (PPK) to produce an encrypted customer global key (E_PPK[CGK]); and
  
  transmitting the encrypted customer global key (E_PPK[CGK]) and the encrypted data (E_CGK[D]) to the hardware device after the hardware device is field distributed to a third entity;
  
  wherein the PPK is known first entity and kept secret from the second and the third entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the data (D) comprises a key for decrypting encrypted media programs using the hardware device.
  - 3. The method of claim 1, wherein the data (D) comprises a code block including instructions for execution by the hardware device.
  - 4. The method of claim 1, wherein the method further comprises the steps of:
    - storing a public key of the first entity in the hardware device;
      
      combining, in the first entity, a second entity-unique product differentiator assigned by the first entity with a public key of the second entity;
      
      signing, in the first entity, the combination with a private key of the first entity;
      
      transmitting the signed combination and the product differentiator from the first entity to the second entity;
      
      receiving the signed combination and product differentiator from the first entity and storing the signed combination and the product differentiator in the hardware device;
      
      storing a public key of the second entity in the hardware device; and
      
      storing a hardware device boot code image signed by the private key of the second entity in the hardware device;
      
      executing the hardware device boot code, comprising the steps of;
      
      initiating a boot sequence in the hardware device;
      
      verifying the public key of the second entity using the stored signed combination, the product differentiator, and the stored public key of the first entity;
      
      verifying the boot sequence signed by the private key of the second entity using the verified public key of the second entity only if the public key is verified; and
      
      executing the boot sequence only if the boot sequence is verified.
  - 5. The method of claim 4, wherein the public key of the first entity is stored in a read only memory (ROM) or one time programmable (OTP) memory of the hardware device.
  - 6. The method of claim 4, wherein the product differentiator is assigned by the first entity and is unique to the second entity.
  - 7. The method of claim 6, wherein the product differentiator is hashed with the public key of the second entity.
  - 8. The method of claim 6, wherein the product differentiator and address of the public key of the second entity are hashed with the public key of the second entity.
  - 9. The method of claim 6, wherein the product differentiator, address of the public key of the second entity and address of the product differentiator are hashed with the public key of the second entity.
  - 10. The method of claim 6, wherein the product differentiator and address of the product differentiator are hashed with the public key of the second entity.
  - 11. The method of claim 1, further comprising the steps of:
    - decrypting the encrypted customer global key (E_PPK[CGK]) according to the product provisioning key (PPK) to reproduce the customer global key in the hardware device, comprising the steps of;
      
      decrypting the encrypted PPK E_SV[PPK] according to the secret value (SV) in the hardware device disposed at a third entity to produce the product provisioning key;
      
      wherein the secret value (SV) and the product provisioning key (PPK) is held secret from the second entity; and
      
      decrypting the encrypted data (E_CGK[D]) with the reproduced customer global key to reproduce the data (D).
  - 12. The method of claim 1, wherein:
    - the first entity is a security provider;
      
      the second entity is first consumer electronics (CE) device source; and
      
      the third entity is a subscriber;
      
      wherein the security provider is independent from CE device source, the hardware manufacturer, and the subscriber.
  - 13. The method of claim 12, further comprising the steps of:
    - receiving, in a second CE device source, a second customer global key (CGK2) generated by the security provider;
      
      encrypting, in the security provider, the data (D) according to the second customer global key (CGK2) to produce an second encrypted data (E_CGK2[D]);
      
      encrypting, in the security provider, the second customer global key (CGK2) according to the product provisioning key (PPK) to produce a second encrypted customer global key (E_PPK[CGK2]); and
      
      transmitting the second encrypted customer global key (E_PPK[CGK2]) and the second encrypted data (E_CGK2[D]) to the hardware device after the hardware device is field distributed to a third entity.
  - 14. The method of claim 13, wherein the second encrypted customer global key (E_PPK[CGK2]) and the encrypted data (E_CGK2[D]) are stored in the hardware device without overwriting the encrypted customer global key (E_PPK[CGK]) and the encrypted data (E_CGK[D]).
  - 15. The method of claim 14, wherein the storage in the hardware device without overwriting enables operation of the hardware device according to security functions of both the CE device source and the second CE device source.
  - 16. The method of claim 13, wherein the second encrypted customer global key (E_CGK[CGK2]) and the encrypted data (E_CGK2[D]) are stored in the hardware device by overwriting the encrypted customer global key (E_PPK[CGK]) and the encrypted data (E_CGK[D]).
  - 17. The method of claim 16, wherein the overwriting revokes a security functionality of the CE source and enables a security functionality of the second CE source to switch the operation of the hardware device to use security functions of the second CE device source in place of security functions CE device source.
  - 18. The method of claim 13, wherein the method further comprises the steps of:
    - storing a public key of the security provider in the hardware device;
      
      combining, in the security provider, a CE source-unique product differentiator assigned by the security provider with a public key of the CE source;
      
      signing, in the security provider, the combination with a private key of the security provider;
      
      transmitting the signed combination and the product differentiator from the security provider to the CE source;
      
      receiving the signed combination and product differentiator from the security provider and storing the signed combination and the product differentiator in the hardware device;
      
      storing a public key of the CE source in the hardware device; and
      
      storing a hardware device boot code image signed by the private key of the CE source in the hardware device;
      
      executing the hardware device boot code, comprising the steps of;
      
      initiating a boot sequence in the hardware device;
      
      verifying the public key of the CE source using the stored signed combination, the product differentiator, and the stored public key of the security provider;
      
      verifying the boot sequence signed by the private key of the CE source using the verified public key of the CE source only if the public key is verified; and
      
      executing the boot sequence only if the boot sequence is verified.
  - 19. The method of claim 16, further comprising the steps of:
    - combining, in the security provider, a second CE-source-unique product differentiator assigned by the security provider with a public key of the second CE source;
      
      signing, in the security provider, the combination with a private key of the security provider;
      
      transmitting the signed combination and the product differentiator from the security provider to the second CE source;
      
      receiving the signed combination and second product differentiator associated with the second CE source from the security provider and storing the signed combination and the second product differentiator in the hardware device;
      
      storing a public key of the second CE source in the hardware device; and
      
      storing a hardware device second boot code image signed by the private key of the second CE source in the hardware device;
      
      executing the hardware device second boot code, comprising the steps of;
      
      initiating a boot sequence in the hardware device;
      
      verifying the public key of the second CE source using the stored signed combination, the second product differentiator, and the stored public key of the security provider;
      
      verifying the boot sequence signed by the private key of the second CE source using the verified public key of the second CE source only if the public key of the second CE source is verified; and
      
      executing the boot sequence only if the boot sequence is verified.

20. A system for securely providing data (D) for use by a hardware device of a receiver, comprising:
- a first entity, having;
  
  a secure transmission means, for transmitting a secret value (SV) from the first entity to a manufacturer of the hardware device; and
  
  a black box device for securely and unalterably storing the secret value (SV) in a secure memory of the hardware device via a black box device disposed at a manufacturer of the hardware device;
  
  an encryptor for encrypting, the PPK according to the SV to produce an encrypted PPK E_SV[PPK];
  
  wherein the secure transmission means further transmits the encrypted PPK E_SV[PPK] from the first entity to the manufacturer of the hardware device and the black box device securely and unalterably storing the encrypted PPK E_SV[PPK] in a secure memory of the hardware device via the black box device disposed at the manufacturer of the hardware device;
  
  a second entity, comprising;
  
  a means for receiving, a customer global key (CGK) generated by the first entity;
  
  an encryptor, for encrypting the data (D) according to the customer global key (CGK) to produce an encrypted data (E_CGK[D]) and for encrypting the customer global key (CGK) according to a product provisioning key (PPK) to produce an encrypted customer global key (E_PPK[CGK]); and
  
  means for transmitting the encrypted customer global key (E_PPK[CGK]) and the encrypted data (E_CGK[D]) to the hardware device after the hardware device is field distributed to a third entity;
  
  wherein the PPK is known first entity and kept secret from the second and the third entity.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The system of claim 20, wherein:
    - the first entity further comprises;
      
      means for combining, a second entity-unique product differentiator assigned by the first entity with a public key of the second entity;
      
      means for signing the combination with a private key of the first entity;
      
      wherein the secure transmission means further transmits the signed combination and the product differentiator from the first entity to the second entity;
      
      the second entity further comprises;
      
      means for storing a public key of the first entity in the hardware device;
      
      means for receiving the signed combination and product differentiator from the first entity and storing the signed combination and the product differentiator in the hardware device;
      
      means for storing a public key of the second entity in the hardware device; and
      
      means for storing a hardware device boot code image signed by the private key of the second entity in the hardware device;
      
      the hardware device further comprises;
      
      a processor for executing the hardware device boot code, comprising instructions including instructions for;
      
      initiating a boot sequence in the hardware device;
      
      verifying the public key of the second entity using the stored signed combination, the product differentiator, and the stored public key of the first entity;
      
      verifying the boot sequence signed by the private key of the second entity using the verified public key of the second entity only if the public key is verified; and
      
      executing the boot sequence only if the boot sequence is verified.
  - 22. The system of claim 20, further comprising the steps of:
    - wherein the hardware device further comprises;
      
      means for decrypting the encrypted customer global key (E_PPK[CGK]) according to the product provisioning key (PPK) to reproduce the customer global key in the hardware device, comprising;
      
      means for decrypting the encrypted PPK E_SV[PPK] according to the secret value (SV) in the hardware device disposed at a third entity to produce the product provisioning key;
      
      wherein the secret value (SV) and the product provisioning key (PPK) is held secret from the second entity; and
      
      means for decrypting the encrypted data (E_CGK[D]) with the reproduced customer global key to reproduce the data (D).
  - 23. The system of claim 20, wherein:
    - the first entity is a security provider;
      
      the second entity is first consumer electronics (CE) device source; and
      
      the third entity is a subscriber;
      
      wherein the security provider is independent from CE device source, the hardware manufacturer, and the subscriber.
  - 24. The system of claim 23, further comprising:
    - a second CE device source, comprising;
      
      means for receiving, a second customer global key (CGK2) generated by the security provider;
      
      means for encrypting the data (D) according to the second customer global key (CGK2) to produce an second encrypted data (E_CGK2[D]);
      
      wherein;
      
      the security provider means for encrypting further encrypts the second customer global key (CGK2) according to the product provisioning key (PPK) to produce a second encrypted customer global key (E_PPK[CGK2]); and
      
      transmits the second encrypted customer global key (E_PPK[CGK2]) and the second encrypted data (E_CGK2[D]) to the hardware device after the hardware device is field distributed to a third entity.

25. A method of unlocking a hardware device, comprising the steps of:
- transmitting a product provisioning key (PPK) encrypted according to a secret value (SV) (E_SV[PPK]) from a first entity to a second entity for secure storage in a hardware device;
  
  receiving a customer validation code (CVC) from the second entity, the (CVC) computed in the hardware device from the encrypted product provisioning key E_SV[PPK];
  
  receiving an unlock request comprising the customer validation code (CVC) and a hardware unique identifier (PID) in the first entity from the second entity;
  
  computing an expected customer validation code (CVC) in the first entity from the secret value (SV) and the product provisioning key (PPK); and
  
  transmitting data unlocking the hardware device if the expected customer validation code (CVC) computed by the first entity matches the received customer validation code from the second entity.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The method of claim 25, wherein the secret value (SV) is programmed in the hardware device by the first entity via a black box secure from the second entity.
  - 27. The method of claim 25, wherein:
    - the customer validation code (CVC) is computed as a combination of the encrypted product provisioning key E_SV[PPK] and a hardware unique identifier (PID); and
      
      the expected customer validation code (CVC) is computed as a combination of the encrypted product provisioning key E_SV[PPK] and a hardware unique identifier (PID).
  - 28. The method of claim 25, wherein:
    - wherein the customer validation code (CVC) is computed as a combination of the encrypted product provisioning key E_SV[PPK], a hardware unique identifier (PID), and a customer product differentiator (CPD); and
      
      wherein the expected customer validation code (CVC) is computed as a combination of the encrypted product provisioning key E_SV[PPK], a hardware unique identifier (PID), and a customer product differentiator (CPD).
  - 29. The method of claim 25, wherein:
    - the customer validation code (CVC) is computed as a combination of the encrypted product provisioning key E_SV[PPK] and a customer product differentiator (CPD); and
      
      the customer validation code (CVC) is computed as a combination of the encrypted product provisioning key E_SV[PPK] and a customer product differentiator (CPD).

30. A method of unlocking a hardware device, comprising the steps of:
- securely storing a secret value (SV) from the first entity in the hardware device using a black box provided by the first entity;
  
  securely storing a product provisioning key (PPK) encrypted with the SV from the first entity in the hardware device using a black box provided by the first entity;
  
  computing customer validation code (CVC) at least in part from the PPK_SV; and
  
  providing the hardware device to a third entity.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 35. The method of claim 30, wherein the CVC is computed in the hardware device at least in part from the PPK_SV, a customer seed from the first entity, and a hardware device and a customer product differentiator (CPD).
  - 36. The method of claim 35, wherein the combination is an EXCLUSIVE OR.
  - 37. The method of claim 35, wherein the combination is an AES.
  - 38. The method of claim 35, wherein the combination is a DES.
  - 39. The method of claim 30, wherein the CVC is computed in the hardware device at least in part from the PPK_SV, the hardware device unique identifier (PID), and the customer product differentiator (CPD).
  - 40. The method of claim 39, wherein the combination is an EXCLUSIVE OR.
  - 41. The method of claim 39, wherein the combination is an AES.
  - 42. The method of claim 39, wherein the combination is a DES.
  - 43. The method of claim 30, further comprising the steps of:
    - receiving an unlock request in the first entity from a second entity, the unlock request having the customer validation code (CVC);
      
      retrieving the CVC by the first entity;
      
      computing an expected consumer validation code (CVC) according to a hardware device unique identifier (PID) by a first entity; and
      
      transmitting data permitting hardware device to be unlocked if the expected customer validation code (CVC) matches the received customer validation code from the first entity to a second entity.
  - 44. The method of claim 43, further comprising the step of using the hardware device unique identifier (PID) to look up the CVC.

31. The method of claim 31, wherein the CVC is computed in the hardware device at least in part from the PPK_SV, a customer seed from the first entity and a hardware device unique identifier (PID).
- View Dependent Claims (32, 33, 34)
- - 32. The method of claim 31, wherein the combination is an EXCLUSIVE OR.
  - 33. The method of claim 31, wherein the combination is an AES.
  - 34. The method of claim 31, wherein the combination is an DES.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rambus Inc.
Original Assignee
Syphermedia International, Inc. (Verimatrix SA)
Inventors
Cocchi, Ronald P., Gorman, Michael A., Carson, Jacob T., Skubiszewski, Matthew A.

Granted Patent

US 9,800,405 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

G06F 21/575   Secure boot

G06F 21/72   in cryptographic circuits

H04L 2209/12   Details relating to cryptog...

H04L 2463/062   applying encryption of the ...

H04L 63/0435   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0853   using an additional device,...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/321   involving a third party or ...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04N 21/26613   for generating or managing ...

H04N 21/63345   by transmitting keys key di...

H04W 12/04   Key management, e.g. using ...

H04W 12/082   using revocation of authori...

H04W 12/35   Protecting application or s...

BLACKBOX SECURITY PROVIDER PROGRAMMING SYSTEM PERMITTING MULTIPLE CUSTOMER USE AND IN FIELD CONDITIONAL ACCESS SWITCHING

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

BLACKBOX SECURITY PROVIDER PROGRAMMING SYSTEM PERMITTING MULTIPLE CUSTOMER USE AND IN FIELD CONDITIONAL ACCESS SWITCHING

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links