Source authentication of download information in a conditional access system
First Claim
Patent Images
1. A method for authenticating a source of information in a cable television system comprising head end equipment and set top terminals, the method comprising the steps of:
- providing source information as an input to a secure hash function for producing an output, wherein said source information includes a logic segment; and
using at least a portion of said output from said secure hash function as a source authentication token.
2 Assignments
0 Petitions
Accused Products
Abstract
A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances”, or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.
161 Citations
36 Claims
-
1. A method for authenticating a source of information in a cable television system comprising head end equipment and set top terminals, the method comprising the steps of:
-
providing source information as an input to a secure hash function for producing an output, wherein said source information includes a logic segment; and
using at least a portion of said output from said secure hash function as a source authentication token. - View Dependent Claims (2, 3, 4, 5, 6, 13, 14, 15)
storing, at a receiver included in the cable television system, a public key of a public-private key pair; and
storing, at a transmitter included in the cable television system, a private key of a public-private key pair.
-
-
3. The method set forth in claim 2, wherein authentication further comprises the step of:
transmitting said source authentication token and said source information.
-
4. The method of claim 3, further comprising the step of:
encrypting said source authentication token prior to its transmission.
-
5. The method set forth in claim 4, wherein said authentication further comprises, at said receiver, the steps of:
-
receiving said source authentication token and said source information wherein said logic segment of said source information is configured for execution in said receiver;
decrypting said source authentication token using a public key of the public-private key pair, wherein said public key is stored by said receiver;
providing said source information as an input into said secure hash function for producing an output;
using at least a portion of said output from said secure hash function at said receiver as a receiver authentication token; and
comparing said source authentication token with said receiver authentication token, the information being authentic when said source authentication token and said receiver authentication are the same.
-
-
6. The method set forth in claim 5, wherein said public key comprises a certified public key provided by a certification authority.
-
13. The method of claim 3, further comprising the step of:
- encrypting said source authentication token prior to its transmission.
-
14. The method set forth in claim 13, wherein said authentication further comprises, at the receiver, the steps of:
-
receiving said source authentication token and said source information;
decrypting said source authentication token using a public key of the public-private key pair, wherein said public key is stored by the receiver;
providing said source information as an input into said secure hash function for producing an output;
using at least a portion of said output from said secure hash function at the receiver as a receiver authentication token; and
comparing said source authentication token with said receiver authentication token, the information being authentic when said source authentication token and said receiver authentication are the same.
-
-
15. The method set forth in claim 14, wherein said public key comprises a certified public key provided by a certification authority.
-
7. A method, in a cable television system comprising head end equipment for providing download information, a set top terminal for receiving the download information, and a communication medium coupled therebetween, of verifying the head end equipment as a source of the download information, the method comprising the steps of:
-
at said head end equipment, providing said download information as an input to a secure hash function to generate a source authentication token;
encrypting a control word using a private key provided by a conditional access authority, wherein said private key is included in a public-private key pair; and
transmitting said source authentication token, said download information, and said encrypted control word over the communication medium;
at said set top terminal, receiving said source authentication token, said encrypted control word, and said download information;
decrypting said encrypted control word using a public key included in said public-private key pair;
providing said download information as an input to said secure hash function for producing an output;
using at least a portion of said output from said secure hash function at said set top terminal as a receiver authentication token; and
comparing said source authentication token with said receiver authentication token, the download information being authentic when said source authentication token and said receiver authentication token are the same. - View Dependent Claims (16, 17, 18)
executing said logic segment at said receiver after said download information has been authenticated.
-
-
18. The method set forth in claim 7, wherein said download information includes a data segment for an application configured for execution at said set top terminal.
-
8. A head end for providing verifiable download information, the head end comprising:
-
a data port for receiving a private key provided by a certification authority, wherein said private key is included in a public-private key pair;
a memory for storing the private key;
a processor for performing a secure hash function having as inputs said download information and a control word, said hash function producing an output;
a device for creating a source authentication token from at least a portion of said output of said secure hash function;
an encryptor for encrypting said control word; and
a transmission device for transmitting said source authentication token, said encrypted control word, and said download information. - View Dependent Claims (19, 20)
-
-
9. A set top terminal for verifying an information source, said set top terminal comprising:
-
a port for receiving a message comprising download information, a source authentication token, and a control word from said information source;
a memory for storing a public key that is included in a public-private key pair;
a decryptor coupled to said port for decrypting said control word using said public key;
a processor coupled to said decryptor for performing a secure hash function having as inputs said decrypted control word and said download information wherein said secure hash function produces an output, and for creating a receiver authentication token from at least a portion of said output from said secure hash function; and
a comparator for comparing said source authentication token with said receiver authentication token, wherein the processor accepts the download information as authentic when said source authentication token and said receiver authentication token are the same. - View Dependent Claims (21, 22, 23, 24)
-
-
10. A cable television system for verifying the source of download information, the cable television system comprising:
-
a certification authority for generating and providing public and private keys within the cable television system;
an entitlement agent for providing verifiable download information, the entitlement agent comprising;
a data port for receiving a private key provided by the certification authority, wherein said private key is included in a public-private key pair generated by the certification authority;
a memory for storing the private key;
a processor for performing a secure hash function having as inputs said download information and a control word, said secure hash function producing an output;
a device for creating a source authentication token from at least a portion of said output of said secure hash function;
an encryptor for encrypting said control word; and
a transmission device for transmitting said source authentication token, said encrypted control word, and said download information;
a set top terminal for verifying an information source, said set top terminal comprising;
a port for receiving a message comprising said download information, said source authentication token, and said encrypted control word from said entitlement agent;
a memory for storing a public key that is included in said public-private key pair;
a decryptor coupled to said port for decrypting said encrypted control word using said public key;
a processor coupled to said decryptor for performing a secure hash function having as inputs said control word and said download information, said secure hash function producing an output, and for creating a receiver authentication token from at least a portion of said output from said secure hash function; and
a comparator for comparing said source authentication token with said receiver authentication token, wherein the processor accepts the download information as authentic when said source authentication token and said receiver authentication token are the same; and
a communication medium for coupling said certification authority, said set top terminal, and said entitlement agent. - View Dependent Claims (11, 12, 25, 26)
-
-
27. A method for providing a receiver in a cable television system with a verifiable logic segment, the method comprising:
-
including said logic segment as an input to a secure hash function for producing an output; and
using at least a portion of said output from said secure hash function as a source authentication token. - View Dependent Claims (28, 29, 30, 31, 32, 33)
storing, at said receiver, a public key of the public-private key pair; and
storing, at a transmitter included in the cable television system a private key of the public-private key pair.
-
-
29. The method set forth in claim 28, wherein authentication further comprises the step of:
transmitting said source authentication token and said logic segment.
-
30. The method of claim 29, further comprising the step of:
encrypting said source authentication token prior to its transmission.
-
31. The method set forth in claim 30, wherein said verification further comprises, at said receiver, the steps of:
-
receiving said source authentication token and said source information, wherein said logic segment of said source information is configured for execution in said receiver;
decrypting said source authentication token using a public key of the public-private key pair, wherein said public key is stored by said receiver;
including said logic segment as an input into said secure hash function for producing an output;
using at least a portion of said output from said secure hash function at said receiver as a receiver authentication token; and
comparing said source authentication token with said receiver authentication token, the information being authentic when said source authentication token and said receiver authentication token are the same.
-
-
32. The method set forth in claim 31, wherein said public key comprises a certified public key provided by a certification authority.
-
33. The method set forth in claim 31, further comprising the step:
executing said logic segment at said receiver after said download information has been authenticated.
-
34. A method for providing verifiable data from head end equipment to a receiver in a cable television system, the method comprising the steps of:
-
providing source information as an input to a secure hash function for producing an output, wherein said source information includes a data segment for an application configured for execution at the receiver; and
using at least a portion of said output from said secure hash function as a source authentication token. - View Dependent Claims (35, 36)
storing a public key of a public-private key pair at the receiver; and
storing a private key of the public-private key pair at a transmitter included in the cable television system.
-
-
36. The method set forth in claim 35, wherein authentication further comprises the steps of:
transmitting said source authentication token and said source information.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeScientific-Atlanta Incorporated (Cisco Systems, Inc.)
-
InventorsPinder, Howard G., Banker, Robert O., Wasilewski, Anthony J., Akins, Glendon L. III, Palgon, Michael S.
-
Primary Examiner(s)Peeso, Thomas R.
-
Assistant Examiner(s)JACK, TODD M
-
Application NumberUS09/488,104Time in Patent Office509 DaysField of Search380/232, 380/43, 380/285, 380/282, 380/30, 713/168, 713/153US Class Current380/210CPC Class CodesH04J 2203/008 Support of videoH04L 2463/101 applying security measures ...H04L 63/04 for providing a confidentia...H04L 63/0428 wherein the data content is...H04L 63/0442 wherein the sending and rec...H04L 63/045 wherein the sending and rec...H04L 63/062 for key distribution, e.g. ...H04L 63/0823 using certificates cryptogr...H04L 63/12 Applying verification of th...H04L 63/123 received data contents, e.g...H04L 63/126 the source of the received ...H04N 21/2265 Server identification by a ...H04N 21/23476 by partially encrypting, e....H04N 21/26606 for generating or managing ...H04N 21/426 Internal components of the ...H04N 21/4405 involving video stream decr...H04N 21/4524 involving the geographical ...H04N 21/63345 by transmitting keys key di...H04N 7/162 Authorising the user termin...H04N 7/163 by receiver means onlyView All
