Data authentication with a secure environment
First Claim
Patent Images
1. A system for data authentication, comprising:
- a secure processor comprising a physically secure environment wherein, subsequent to manufacture of the secure processor, operations and calculations made within the secure environment are unobservable by other components outside of the secure processor, the secure processor configured to;
receive an encrypted control word from a headend via a first Entitlement Control Message (ECM),decrypt the encrypted control word using a second decryption key to render the control word,encrypt the control word using a first encryption key,receive usage rights data from the headend via a second ECM,encrypt the received usage rights data using the control word, andsend the received usage rights data; and
a transport processor configured to;
receive the encrypted control word that was encrypted using the first encryption key from the secure processor,decrypt the received control word using a first decryption key, wherein the first decryption key is compatible with the first encryption key,receive the encrypted usage rights data from the secure processor,decrypt the received usage rights data using the control word, andsend the decrypted usage rights data to a display device.
4 Assignments
0 Petitions
Accused Products
Abstract
Included are systems and methods for data authentication. At least one embodiment of a system includes a secure processor configured as a physically secure environment, the secure processor further configured to receive a control word from a headend, the secure processor further configured to encrypt the received control word using a first encryption key. Other embodiments of a system includes a transport processor configured to receive the encrypted control word, the transport processor further configured to decrypt the received control word using a first decryption key, wherein the first decryption key is compatible with the first encryption key.
49 Citations
15 Claims
-
1. A system for data authentication, comprising:
-
a secure processor comprising a physically secure environment wherein, subsequent to manufacture of the secure processor, operations and calculations made within the secure environment are unobservable by other components outside of the secure processor, the secure processor configured to; receive an encrypted control word from a headend via a first Entitlement Control Message (ECM), decrypt the encrypted control word using a second decryption key to render the control word, encrypt the control word using a first encryption key, receive usage rights data from the headend via a second ECM, encrypt the received usage rights data using the control word, and send the received usage rights data; and a transport processor configured to; receive the encrypted control word that was encrypted using the first encryption key from the secure processor, decrypt the received control word using a first decryption key, wherein the first decryption key is compatible with the first encryption key, receive the encrypted usage rights data from the secure processor, decrypt the received usage rights data using the control word, and send the decrypted usage rights data to a display device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for data authentication, the method comprising:
-
receiving, at a secure processor, an encrypted control word from a headend via a first Entitlement Control Message (ECM), wherein the secure processor comprises a physically secure environment wherein, subsequent to manufacture of the secure processor, operations and calculations made within the secure environment are unobservable by other components outside of the secure processor; decrypting, at the secure processor, the encrypted control word using a second decryption key to render the control word; encrypting, at the secure processor, the control word using a first encryption key; receiving, at the secure processor, usage rights data from the headend via a second ECM; encrypting, at the secure processor, the received usage rights data using the control word; sending, from the secure processor, the received usage rights data; receiving, at a transport processor, the encrypted control word that was encrypted using the first encryption key from the secure processor; decrypting, at the transport processor, the received control word using a first decryption key, wherein the first decryption key is compatible with the first encryption key; receiving, at the transport processor, the encrypted usage rights data from the secure processor; decrypting, at the transport processor, the received usage rights data using the control word; and sending, from the transport processor, the decrypted usage rights data to a display device. - View Dependent Claims (7, 8, 9, 10)
-
-
11. Computer-readable storage media that store sets of instructions which when executed on respective processors perform a method for providing data authentication, the method executed by the sets of instructions comprising:
-
receiving, at a secure processor, an encrypted control word from a headend via a first Entitlement Control Message (ECM), wherein the secure processor comprises a physically secure environment wherein, subsequent to manufacture of the secure processor, operations and calculations made within the secure environment are unobservable by other components outside of the secure processor; decrypting, at the secure processor, the encrypted control word using a second decryption key to render the control word; encrypting, at the secure processor, the control word using a first encryption key; receiving, at the secure processor, usage rights data from the headend via a second ECM; encrypting, at the secure processor, the received usage rights data using the control word; sending, from the secure processor, the received usage rights data; receiving, at a transport processor, the encrypted control word that was encrypted using the first encryption key from the secure processor; decrypting, at the transport processor, the received control word using a first decryption key, wherein the first decryption key is compatible with the first encryption key; receiving, at the transport processor, the encrypted usage rights data from the secure processor; decrypting, at the transport processor, the received usage rights data using the control word; and sending, from the transport processor, the decrypted usage rights data to a display device. - View Dependent Claims (12, 13, 14, 15)
-
Specification