Data authentication with a secure environment

US 7,715,552 B2
Filed: 07/05/2006
Issued: 05/11/2010
Est. Priority Date: 07/05/2006
Status: Active Grant

First Claim

Patent Images

1. A system for data authentication, comprising:

a secure processor comprising a physically secure environment wherein, subsequent to manufacture of the secure processor, operations and calculations made within the secure environment are unobservable by other components outside of the secure processor, the secure processor configured to;

receive an encrypted control word from a headend via a first Entitlement Control Message (ECM),decrypt the encrypted control word using a second decryption key to render the control word,encrypt the control word using a first encryption key,receive usage rights data from the headend via a second ECM,encrypt the received usage rights data using the control word, andsend the received usage rights data; and

a transport processor configured to;

receive the encrypted control word that was encrypted using the first encryption key from the secure processor,decrypt the received control word using a first decryption key, wherein the first decryption key is compatible with the first encryption key,receive the encrypted usage rights data from the secure processor,decrypt the received usage rights data using the control word, andsend the decrypted usage rights data to a display device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Included are systems and methods for data authentication. At least one embodiment of a system includes a secure processor configured as a physically secure environment, the secure processor further configured to receive a control word from a headend, the secure processor further configured to encrypt the received control word using a first encryption key. Other embodiments of a system includes a transport processor configured to receive the encrypted control word, the transport processor further configured to decrypt the received control word using a first decryption key, wherein the first decryption key is compatible with the first encryption key.

49 Citations

View as Search Results

15 Claims

1. A system for data authentication, comprising:
- a secure processor comprising a physically secure environment wherein, subsequent to manufacture of the secure processor, operations and calculations made within the secure environment are unobservable by other components outside of the secure processor, the secure processor configured to;
  
  receive an encrypted control word from a headend via a first Entitlement Control Message (ECM),decrypt the encrypted control word using a second decryption key to render the control word,encrypt the control word using a first encryption key,receive usage rights data from the headend via a second ECM,encrypt the received usage rights data using the control word, andsend the received usage rights data; and
  
  a transport processor configured to;
  
  receive the encrypted control word that was encrypted using the first encryption key from the secure processor,decrypt the received control word using a first decryption key, wherein the first decryption key is compatible with the first encryption key,receive the encrypted usage rights data from the secure processor,decrypt the received usage rights data using the control word, andsend the decrypted usage rights data to a display device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the transport processor is further configured to receive encrypted programming data from the headend, wherein the transport processor is further configured to decrypt the encrypted programming data using the decrypted control word.
  - 3. The system of claim 2, wherein the transport processor is further configured to send the decrypted programming data to the display device.
  - 4. The system of claim 1, wherein the secure processor is further configured to create at least one pattern in the usage rights data.
  - 5. The system of claim 1, wherein the transport processor and the transport processor are contained in one set top terminal.

6. A method for data authentication, the method comprising:
- receiving, at a secure processor, an encrypted control word from a headend via a first Entitlement Control Message (ECM), wherein the secure processor comprises a physically secure environment wherein, subsequent to manufacture of the secure processor, operations and calculations made within the secure environment are unobservable by other components outside of the secure processor;
  
  decrypting, at the secure processor, the encrypted control word using a second decryption key to render the control word;
  
  encrypting, at the secure processor, the control word using a first encryption key;
  
  receiving, at the secure processor, usage rights data from the headend via a second ECM;
  
  encrypting, at the secure processor, the received usage rights data using the control word;
  
  sending, from the secure processor, the received usage rights data;
  
  receiving, at a transport processor, the encrypted control word that was encrypted using the first encryption key from the secure processor;
  
  decrypting, at the transport processor, the received control word using a first decryption key, wherein the first decryption key is compatible with the first encryption key;
  
  receiving, at the transport processor, the encrypted usage rights data from the secure processor;
  
  decrypting, at the transport processor, the received usage rights data using the control word; and
  
  sending, from the transport processor, the decrypted usage rights data to a display device.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising:
    - receiving, at the transport processor, encrypted programming data from the headend; and
      
      decrypting, at the transport processor, the encrypted programming data using the decrypted control word.
  - 8. The method of claim 7, further comprising sending, from the transport processor, the decrypted programming data to the display device.
  - 9. The method of claim 6, further comprising creating, at the secure processor, at least one pattern in the usage rights data.
  - 10. The method of claim 6, wherein the transport processor and the transport processor are contained in one set top terminal.

11. Computer-readable storage media that store sets of instructions which when executed on respective processors perform a method for providing data authentication, the method executed by the sets of instructions comprising:
- receiving, at a secure processor, an encrypted control word from a headend via a first Entitlement Control Message (ECM), wherein the secure processor comprises a physically secure environment wherein, subsequent to manufacture of the secure processor, operations and calculations made within the secure environment are unobservable by other components outside of the secure processor;
  
  decrypting, at the secure processor, the encrypted control word using a second decryption key to render the control word;
  
  encrypting, at the secure processor, the control word using a first encryption key;
  
  receiving, at the secure processor, usage rights data from the headend via a second ECM;
  
  encrypting, at the secure processor, the received usage rights data using the control word;
  
  sending, from the secure processor, the received usage rights data;
  
  receiving, at a transport processor, the encrypted control word that was encrypted using the first encryption key from the secure processor;
  
  decrypting, at the transport processor, the received control word using a first decryption key, wherein the first decryption key is compatible with the first encryption key;
  
  receiving, at the transport processor, the encrypted usage rights data from the secure processor;
  
  decrypting, at the transport processor, the received usage rights data using the control word; and
  
  sending, from the transport processor, the decrypted usage rights data to a display device.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer-readable storage media of claim 11, further comprising:
    - receiving, at the transport processor, encrypted programming data from the headend; and
      
      decrypting, at the transport processor, the encrypted programming data using the decrypted control word.
  - 13. The computer-readable storage media of claim 12, further comprising sending, from the transport processor, the decrypted programming data to the display device.
  - 14. The computer-readable storage media of claim 11, further comprising creating, at the secure processor, at least one pattern in the usage rights data.
  - 15. The computer-readable storage media of claim 11, wherein the transport processor and the transport processor are contained in one set top terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Scientific-Atlanta LLC (Cisco Systems, Inc.)
Inventors
Pinder, Howard G., Sedacca, David A.
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Reza; Mohammad W

Application Number

US11/428,746
Publication Number

US 20080010469A1
Time in Patent Office

1,406 Days
Field of Search

380/28, 380/230, 380/239, 380/280
US Class Current

380/28
CPC Class Codes

H04N 21/2347   involving video stream encr...

H04N 21/2351   involving encryption of add...

H04N 21/25816   involving client authentica...

H04N 21/25875   involving end-user authenti...

H04N 21/26613   for generating or managing ...

H04N 21/4353   involving decryption of add...

H04N 21/4405   involving video stream decr...

H04N 21/4623   Processing of entitlement m...

H04N 21/4627   Rights management associate...

H04N 21/8355   involving usage data, e.g. ...

H04N 7/1675   Providing digital key or au...

Data authentication with a secure environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Data authentication with a secure environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links