Apparatus and method for enabling secure content decryption within a set-top box
First Claim
1. A method comprising:
- performing security authentication of a content driver by a content decryption component in order to verify an identity of the content driver as a secure content driver, wherein the content driver and the content decryption component are located within a kernel application space, wherein the kernel application space is modified for registering the secure content driver with the content decryption component in order for the secure content driver to receive security identity authentication, wherein the content decryption component is tamper-resistant;
receiving an encrypted content stream from the secure content driver;
performing integrity authentication of a run-time image of the secure content driver; and
while integrity authentication of the secure content driver is verified, streaming decrypted content to the secure content driver to enable playback of the decrypted content to a user,wherein performing integrity authentication further comprises;
decrypting the encrypted content stream received from the secure content driver;
while decrypting the received encrypted content stream, performing a hash value calculation of code segments that perform functionality of the secure content driver while loaded in memory;
selecting a stored digital signature of the run-time image of the secure content driver;
decrypting the digital signature to reveal a run-time hash value;
comparing the computed hash value with the run-time hash value of the secure content driver; and
while the calculated hash value matches the run-time hash value of the secure content driver, repeating the decryption, the performing, the selecting and the comparing until decryption of the received encrypted content stream is complete.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and method for enabling secure content decryption within a set-top box are described. The method includes performance of security authentication of a content driver by a content decryption component. Security authentication is performed in order to verify an identity of the content driver as a secure content driver. Next, the content decryption component receives an encrypted content stream from the secure content driver. Once received, the content decryption component performs integrity authentication of a run-time image of the secure content driver. Finally, while integrity authentication of the secure content driver is verified, the content decryption component streams decrypted content to the secure content driver to enable playback of the decrypted content to a user.
-
Citations
27 Claims
-
1. A method comprising:
-
performing security authentication of a content driver by a content decryption component in order to verify an identity of the content driver as a secure content driver, wherein the content driver and the content decryption component are located within a kernel application space, wherein the kernel application space is modified for registering the secure content driver with the content decryption component in order for the secure content driver to receive security identity authentication, wherein the content decryption component is tamper-resistant; receiving an encrypted content stream from the secure content driver; performing integrity authentication of a run-time image of the secure content driver; and while integrity authentication of the secure content driver is verified, streaming decrypted content to the secure content driver to enable playback of the decrypted content to a user, wherein performing integrity authentication further comprises; decrypting the encrypted content stream received from the secure content driver; while decrypting the received encrypted content stream, performing a hash value calculation of code segments that perform functionality of the secure content driver while loaded in memory; selecting a stored digital signature of the run-time image of the secure content driver; decrypting the digital signature to reveal a run-time hash value; comparing the computed hash value with the run-time hash value of the secure content driver; and while the calculated hash value matches the run-time hash value of the secure content driver, repeating the decryption, the performing, the selecting and the comparing until decryption of the received encrypted content stream is complete. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
establishing security authentication from a content decryption component, such that a content driver is verified as a secure content driver, wherein the content driver and the content decryption component are located within a kernel application space, wherein the kernel application space is modified for registering the secure content driver with the content decryption component in order for the secure content driver to receive security identity authentication, and wherein the content decryption component is tamper-resistant; when establishment of security authentication is successful, receiving access to a callback function in order to receive clear, decrypted content streams from the content decryption component; receiving a stream of encrypted content; while establishing integrity authentication of a run-time image of the secure content driver, streaming the encrypted content to the content decryption component; and when security authentication is successfully established, receiving clear, decrypted content from the content decryption component via the received callback function, wherein establishing integrity authentication further comprises; decrypting the encrypted content stream received from the secure content driver; while decrypting the received encrypted content stream, performing a hash value calculation of code segments that perform functionality of the secure content driver while loaded in memory; selecting a stored digital signature of the run-time image of the secure content driver; decrypting the digital signature to reveal a run-time hash value; comparing the computed hash value with the run-time hash value of the secure content driver; and while the calculated hash value matches the run-time hash value of the secure content driver, repeating the decryption, the performing, the selecting and the comparing until decryption of the received encrypted content stream is complete. - View Dependent Claims (7, 8, 9)
-
-
10. A computer readable storage medium including program instruction that directs a computer to function in a specified manner when executed by a processor, the program instructions comprising:
-
performing security authentication of a content driver by a content decryption component in order to verify an identity of the content driver as a secure content driver, wherein the content driver and the content decryption component are located within a kernel application space, wherein the kernel application space is modified for registering the secure content driver with the content decryption component in order for the secure content driver to receive security identity authentication, and wherein the content decryption component is tamper-resistant; receiving an encrypted content stream from the secure content driver; performing integrity authentication of a run-time image of the secure content driver; and while integrity authentication of the secure content driver is verified, streaming decrypted content to the secure content driver to enable playback of the decrypted content to a user, wherein performing integrity authentication further comprises; decrypting the encrypted content stream received from the secure content driver; while decrypting the received encrypted content stream, performing a hash value calculation of code segments that perform functionality of the secure content driver while loaded in memory; selecting a stored digital signature of the run-time image of the secure content driver; decrypting the digital signature to reveal a run-time hash value; comparing the computed hash value with the run-time hash value of the secure content driver; and while the calculated hash value matches the run-time hash value of the secure content driver, repeating the decryption, the performing, the selecting and the comparing until decryption of the received encrypted content stream is complete. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer readable storage medium including program instruction that directs a computer to function in a specified manner when executed by a processor, the program instructions comprising:
-
establishing security authentication from a content decryption component, such that a content driver is verified as a secure content driver, wherein the content driver and the content decryption component are located within a kernel application space, wherein the kernel application space is modified for registering the secure content driver with the content decryption component in order for the secure content driver to receive security identity authentication, and wherein the content decryption component is tamper-resistant; when establishment of security authentication is successful, receiving access to a callback function in order to receive clear, decrypted content streams from the content decryption component; receiving a stream of encrypted content; while establishing integrity authentication of a run-time image of the secure content driver, streaming the encrypted content to the content decryption component; and when security authentication is successfully established, receiving clear, decrypted content from the content decryption component via the received callback function, wherein establishing integrity authentication further comprises; decrypting the encrypted content stream received from the secure content driver; while decrypting the received encrypted content stream performing a hash value calculation of code segments that perform functionality of the secure content driver while loaded in memory; selecting a stored digital signature of the run-time image of the secure content driver; decrypting the digital signature to reveal a run-time hash value; comparing the computed hash value with the run-time hash value of the secure content driver; and while the calculated hash value matches the run-time hash value of the secure content driver, repeating the decryption, the performing, the selecting and the comparing until decryption of the received encrypted content stream is complete. - View Dependent Claims (16, 17, 18)
-
-
19. An apparatus, comprising:
-
a processor having circuitry to execute instructions; a content play-back interface coupled to the processor, the content play-back interface to receive encrypted content, and to enable play-back of the received encrypted content to a user; and a storage device coupled to the processor, having sequences of instructions stored therein, which when executed by the processor cause the processor to; perform security authentication of a content driver by a content decryption component in order to verify an identity of the content driver as a secure content driver, wherein the content driver and the content decryption component are located within a kernel application space, wherein the kernel application space is modified for registering the secure content driver with the content decryption component in order for the secure content driver to receive security identity authentication, and wherein the content decryption component is tamper-resistant, receive an encrypted content stream from the secure content driver, perform integrity authentication of a run-time image of the secure content driver, and while integrity authentication of the secure content driver is verified, stream decrypted content to the secure content driver to enable playback of the decrypted content to a user, wherein the instruction to perform integrity authentication further comprises the processor to; decrypt the encrypted content stream received from the secure content driver, while decrypting the received encrypted content stream, perform a hash value calculation of code segments that perform functionality of the secure content driver while loaded in memory, select a stored digital signature of the run-time image of the secure content driver, decrypt the digital signature to reveal a run-time hash value, compare the computed hash value with the run-time hash value of the secure content driver, and while the calculated hash value matches the run-time hash value of the secure content driver, repeat the decryption, the performing, the selecting and the comparing until decryption of the received encrypted content stream is complete. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification