Apparatus and method for authenticating transmitting applications in an interactive TV system
First Claim
1. Apparatus for receiving an executable application transmitted in modules including a Directory Module containing information about further modules, said Directory Module having at least an encrypted hash value over the Directory Module and an encrypted certificate appended, which certificate includes an identity of the application provider, said apparatus comprising:
- a memorya detector for detecting said transmitted modules and storing detected modules in memory;
means for separating said certificate from a detected Directory Module;
a decryptor for decrypting said certificate and said encrypted hash value;
a hash function element for hashing said detected Directory Modules to produce a further hash value;
a processor programmed for authenticating decrypted said certificate, and comparing decrypted said hash value with said further hash value, and if decrypted said hash value and said further hash value are equal and said certificate is authentic, permitting execution of said program.
2 Assignments
0 Petitions
Accused Products
Abstract
An executable interactive program is combined with audio/video data for transmission. The program is divided into modules, similar to computer files, and a Directory Module is created which links program modules. Security for the executable application is provided by attaching a signed certificate to respective Directory Modules. The integrity of respective modules is monitored by hashing respective modules and including respective hash values in the Directory Module. A hash value of the Directory Module containing the other hash values is generated, encrypted and attached to the Directory Module. At a receiver the certificate is decoded and checked for authenticity of provider. If the certificate is authentic the program may be executed but only if receiver generated hash values of respective program modules are identical to corresponding hash values contained in the Directory Module.
312 Citations
23 Claims
-
1. Apparatus for receiving an executable application transmitted in modules including a Directory Module containing information about further modules, said Directory Module having at least an encrypted hash value over the Directory Module and an encrypted certificate appended, which certificate includes an identity of the application provider, said apparatus comprising:
-
a memory a detector for detecting said transmitted modules and storing detected modules in memory; means for separating said certificate from a detected Directory Module; a decryptor for decrypting said certificate and said encrypted hash value; a hash function element for hashing said detected Directory Modules to produce a further hash value; a processor programmed for authenticating decrypted said certificate, and comparing decrypted said hash value with said further hash value, and if decrypted said hash value and said further hash value are equal and said certificate is authentic, permitting execution of said program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of processing executable applications which are transmitted as modules, in multiplexed packet format, said modules including a Directory Module containing information linking respective further application modules, said Directory Module having an encrypted certificate attached which contains information about the provider of the application, and which certificate is encrypted by a system provider'"'"'s private key, said method comprising;
-
detecting and selecting packets including a desired application, and storing payloads of respective packets as respective modules; selecting a Directory Module with encrypted certificate attached; decrypting the certificate with the system provider'"'"'s public key; Comparing information in decrypted said certificate with corresponding stored data; hashing ones of said application modules to produce module hash values; comparing said module hash values with corresponding module hash values transmitted in said Directory Module; and executing an application if corresponding produced and transmitted hash values are identical and decrypted information contained in said certificate is equivalent to said corresponding stored data. - View Dependent Claims (13, 14)
-
-
15. Apparatus for transmitting executable applications comprising;
-
a processor for generating an executable application, and forming said application into modules containing portions of said application and a Directory Module containing information linking modules in an application; a hash function element for performing one-way hash functions on modules of said application to produce corresponding hash values, and cooperating with said processor for inserting said hash values in said Directory Module; a source of an application provider'"'"'s public key and a certificate signed with a private key of a system controller and including, an application provider'"'"'s identifier, and a time stamp related to one of the time of generation and the time of expiration of the certificate; means for attaching said application provider'"'"'s public key and said certificate to said Directory Module; and a transport processor for forming a time division multiplexed signal with said modules of said application. - View Dependent Claims (16, 17, 18)
-
-
19. A method of transmitting executable applications comprising:
-
generating an executable application and segmenting it into modules; forming a Directory Module including information linking respective application modules; hashing respective-modules with a one way hash function to generate hash values for respective modules; including hash values for respective modules in said Directory Module; accessing a certificate including an application provider'"'"'s identity which certificate is encrypted with a system controller'"'"'s private key; and attaching the certificate to said Directory Module, and transmitting said application. - View Dependent Claims (20, 21, 22, 23)
-
Specification