Method and apparatus for providing television services using an authenticating television receiver device

US 7,783,887 B2
Filed: 12/29/2005
Issued: 08/24/2010
Est. Priority Date: 06/19/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing television service to a subscriber, comprising the steps of:

receiving descriptor data transmitted over an unsecure medium in a television receiving apparatus of said subscriber, said descriptor data including an identity public key associated with a digital protection system of said television receiving apparatus for transforming data according to a first public/private key encryption algorithm, attribute data identifying television broadcasts which the subscriber is entitled to receive, and a digital signature of said descriptor data by an entity authorizing the subscriber to receive the television broadcasts identified by said attribute data;

verifying that said identity public key and said attribute data in said descriptor data have not been altered using said digital signature;

providing source test data;

performing a first data transformation of a pair of data transformations of said source test data, said pair of data transformations producing resultant test data, said first data transformation being according to said first public/private key encryption algorithm using said identity public key;

requesting said digital protection system of said television receiving apparatus to perform a second data transformation of said pair of data transformations of said source test data, said digital protection system including(a) a processor capable of performing said second data transformation according to said first public/private key encryption algorithm; and

(b) a permanent data storage accessible only through said processor, said permanent data storage storing an identity private key for performing said second data transformation according to said first public/private key encryption algorithm;

comparing said source test data with the resultant test data to verify the identity of said digital protection system; and

using said attribute data to access one or more television channels on behalf of said subscriber depending on the results of said verifying step and said comparing step.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart chip protection system contains a unique public/private identity key pair and uses a separate public/private signature key pair. The internally stored identity private key can not be read outside the chip. An issuing entity generates a descriptor containing the identity public key, attribute data, and a digital signature of the two, using a signature private key known only to the issuer. The authenticity of the descriptor is verified by decrypting the signature using the signature public key, and comparing the result to source data. An object'"'"'s identity can be verified by requesting the smart chip to perform a data transformation using its identity private key, and performing the complement using the public key. An exemplary embodiment is a television receiver system which verifies identity of an embedded smart chip and entitlement to receive television service.

Citations

18 Claims

1. A method for providing television service to a subscriber, comprising the steps of:
- receiving descriptor data transmitted over an unsecure medium in a television receiving apparatus of said subscriber, said descriptor data including an identity public key associated with a digital protection system of said television receiving apparatus for transforming data according to a first public/private key encryption algorithm, attribute data identifying television broadcasts which the subscriber is entitled to receive, and a digital signature of said descriptor data by an entity authorizing the subscriber to receive the television broadcasts identified by said attribute data;
  
  verifying that said identity public key and said attribute data in said descriptor data have not been altered using said digital signature;
  
  providing source test data;
  
  performing a first data transformation of a pair of data transformations of said source test data, said pair of data transformations producing resultant test data, said first data transformation being according to said first public/private key encryption algorithm using said identity public key;
  
  requesting said digital protection system of said television receiving apparatus to perform a second data transformation of said pair of data transformations of said source test data, said digital protection system including(a) a processor capable of performing said second data transformation according to said first public/private key encryption algorithm; and
  
  (b) a permanent data storage accessible only through said processor, said permanent data storage storing an identity private key for performing said second data transformation according to said first public/private key encryption algorithm;
  
  comparing said source test data with the resultant test data to verify the identity of said digital protection system; and
  
  using said attribute data to access one or more television channels on behalf of said subscriber depending on the results of said verifying step and said comparing step.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method for providing television service of claim 1, wherein said attribute data comprises keys for accessing a plurality of channel signals.
  - 3. The method for providing television service of claim 2, wherein said keys for accessing a plurality of channel signals are encrypted.
  - 4. The method for providing television service of claim 1, wherein said digital signature represents an encryption of data derived from said identity public key and said attribute data, said encryption being according to a second public/private key encryption algorithm using a signature private key, said verifying step comprising:
    - decrypting said digital signature according to said second public/private key encryption algorithm using a signature public key; and
      
      comparing the decrypted digital signature to said data derived from said identity public key and said attribute data to verify said descriptor data.
  - 5. The method for providing television service of claim 1, wherein said first data transformation is an encryption of said source test data and said second data transformation is a decryption of said source test data encrypted by said first data transformation, said first data transformation being performed before said second data transformation.
  - 6. The method for providing television service of claim 1, wherein said second data transformation is an encryption of said source test data and said first data transformation is a decryption of said source test data encrypted by said second data transformation, said second data transformation being performed before said first data transformation.

7. A television receiving system, comprising:
- a digital controller controlling the operation of said television system;
  
  a television signal transmission interface coupled to said digital controller, said interface receiving televisions signals from an external source and transmitting television signals to a display apparatus;
  
  a digital protection system coupled to said digital controller, said digital protection system securely storing an identity private key, and said digital protection system performing a first data transformation according to a first public/private key encryption algorithm in response to a command from said digital controller;
  
  a data descriptor receivable via said television signal transmission interface and associated with said digital protection system, said descriptor data including an identity public key associated with said digital protection system for transforming data according to said first public/private key encryption algorithm, attribute data identifying television broadcasts which a user of said television receiving system is entitled to receive, and a digital signature of said descriptor data by an entity authorizing the user to receive the television broadcasts identified by said attribute data;
  
  wherein said digital controller;
  
  (a) directs said digital protection system to perform said first data transformation of test data;
  
  (b) performs a second data transformation of test data according to said first public/private key encryption algorithm using said identity public key;
  
  (c) compares test data before transformation with test data after said first and said second transformation,(d) verifies, using said digital signature, said identity public key and said attribute data in said data descriptor; and
  
  (e) uses said attribute data to access television channels on behalf of said user responsive to the results of steps (c) and (d).
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The television receiving system of claim 7, wherein said television signal transmission interface receives television signals from a satellite receiver.
  - 9. The television receiving system of claim 7, wherein said attribute data comprises keys for accessing a plurality of channel signals.
  - 10. The television receiving system of claim 9, wherein said keys for accessing a plurality of channel signals are encrypted.
  - 11. The television receiving system of claim 7, wherein said digital signature represents an encryption of data derived from said identity public key and said attribute data, said encryption being according to a second public/private key encryption algorithm using a signature private key, said verifying step comprising:
    - decrypting said digital signature according to said second public/private key encryption algorithm using a signature public key; and
      
      comparing the decrypted digital signature to said data derived from said identity public key and said attribute data to verify said descriptor data.
  - 12. The television receiving system of claim 7, wherein said first data transformation is an encryption of said test data and said second data transformation is a decryption of said test data encrypted by said first data transformation, said first data transformation being performed before said second data transformation.
  - 13. The television receiving system of claim 7, wherein said second data transformation is an encryption of said test data and said first data transformation is a decryption of said test data encrypted by said second data transformation, said second data transformation being performed before said first data transformation.
  - 14. The television receiving system of claim 7, wherein said digital protection system comprises:
    - (a) an external interface in communication with said digital controller;
      
      (b) an internal processor coupled to said external interface, said processor performing said first data transformation; and
      
      (c) an internal data storage storing said identity private key, said identity private key being inaccessible outside said external interface to said digital protection system.
  - 15. The television receiving system of claim 14, wherein said digital protection system is implemented on a single integrated circuit chip separate from said digital controller.

16. A program product for controlling the operation of a television receiving apparatus, said program product comprising a plurality of executable instructions tangibly recorded on a non-transitory computer-readable medium, wherein said instructions cause the television receiving apparatus to perform the steps of:
- receiving descriptor data transmitted over an unsecure medium in said television receiving apparatus, said descriptor data including an identity public key associated with a digital protection system of said television receiving apparatus for transforming data according to a first public/private key encryption algorithm, attribute data identifying television broadcasts which a subscriber is entitled to receive, and a digital signature of said descriptor data by an entity authorizing the subscriber to receive the television broadcasts identified by said attribute data;
  
  verifying that said identity public key and said attribute data in said descriptor data has have not been altered using said digital signature;
  
  performing a first data transformation of a pair of data transformations of source test data, said pair of data transformations producing resultant test data, said first data transformation being according to said first public/private key encryption algorithm using said identity public key;
  
  requesting said digital protection system of said television receiving apparatus to perform a second data transformation of said pair of data transformations of said source test data, said digital protection system including(a) a processor capable of performing said second data transformation according to a said first public/private key encryption algorithm; and
  
  (b) a permanent data storage accessible only through said processor, said permanent data storage storing an identity private key for performing said second data transformation according to said first public/private key encryption algorithm;
  
  comparing said source test data with the resultant test data to verify the identity of said digital protection system; and
  
  using said attribute data to access one or more television channels on behalf of said subscriber depending on the results of said verifying step and said comparing step.
- View Dependent Claims (17, 18)
- - 17. The program product of claim 16, wherein said attribute data comprises keys for accessing a plurality of channel signals.
  - 18. The program product of claim 16, wherein said digital signature represents an encryption of data derived from said identity public key and said attribute data, said encryption being according to a second public/private key encryption algorithm using a signature private key, said verifying step comprising:
    - decrypting said digital signature according to said second public/private key encryption algorithm using a signature public key; and
      
      comparing the decrypted digital signature to said data derived from said identity public key and said attribute data to verify said descriptor data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Lewis, David Otto, Remfert, Jeffrey Earl
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
Paliwal; Yogesh

Application Number

US11/321,602
Publication Number

US 20060107057A1
Time in Patent Office

1,699 Days
Field of Search

713/169, 713/176
US Class Current

713/176
CPC Class Codes

H04L 2209/84   Vehicles

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Method and apparatus for providing television services using an authenticating television receiver device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing television services using an authenticating television receiver device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links