Method and apparatus for mutual authentication in downloadable conditional access system
First Claim
1. A method for mutual authentication of a secure microprocessor (SM) in a Downloadable Conditional Access System (DCAS) comprising:
- receiving at a SM session key generation information from an authentication server;
receiving at the SM a SecurityAnnounce message from the authentication server, obtaining a public key of the authentication server from the SecurityAnnounce message, and verifying the SecurityAnnounce message;
receiving at the SM a DCASDownload message from the authentication server;
deriving at the SM a first shared-session key from the session key generation information, and transmitting a ClientSignOn message for the derived first shared-session key to the authentication server;
receiving at the SM a ClientSignOnConfirm message for a second shared-session key derived from the ClientSignOn message of the authentication server; and
verifying at the SM whether the first shared-session message and the second shared-session message are identical with each other based on the ClientSignOnConfirm message so as to generate a mutual authentication result, and receiving at the SM Conditional Access System (CAS) software from a headend system based on the mutual authentication result.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a mutual authentication method and apparatus in a CAS including a headend system and DCAS host. In particular, example embodiments relate to a mutual authentication method and apparatus in DCAS, wherein the mutual authentication is performed between an authentication server of the headend system and an SM of a DCAS host, and then CAS software is downloaded to the SM. According to the example embodiments, there is provided a mutual authentication protocol between the authentication server of the headend and the SM of the DCAS host in a cable network, and also provided a mutual authentication method and apparatus in the DCAS where a substantial authentication based on a hardware, such as a smart card or a cable card, is not needed.
-
Citations
21 Claims
-
1. A method for mutual authentication of a secure microprocessor (SM) in a Downloadable Conditional Access System (DCAS) comprising:
-
receiving at a SM session key generation information from an authentication server; receiving at the SM a SecurityAnnounce message from the authentication server, obtaining a public key of the authentication server from the SecurityAnnounce message, and verifying the SecurityAnnounce message; receiving at the SM a DCASDownload message from the authentication server; deriving at the SM a first shared-session key from the session key generation information, and transmitting a ClientSignOn message for the derived first shared-session key to the authentication server; receiving at the SM a ClientSignOnConfirm message for a second shared-session key derived from the ClientSignOn message of the authentication server; and verifying at the SM whether the first shared-session message and the second shared-session message are identical with each other based on the ClientSignOnConfirm message so as to generate a mutual authentication result, and receiving at the SM Conditional Access System (CAS) software from a headend system based on the mutual authentication result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of mutual authentication of an authentication server in a Downloadable Conditional Access System (DCAS) comprising:
-
receiving session key generation information from an authentication authority to derive a first shared-session key, and transmitting the session key generation information to a secure micro-processor (SM); receiving at the SM a SecurityAnnounce message from the authentication server, obtaining a public key of the authentication server from the SecurityAnnounce messge, and verifying the SecurityAnnounce message; receiving at the SM a DCASDownload message from the authentication server; deriving the first shared-session key at the SM; receiving a ClientSignOn message for the first shared-session key derived by the SM; deriving a second shared-session key from the ClientSignOn message, and transmitting a ClientSignOnConfim message for the second shared-session key to the SM; and receiving a verification message from the SM, wherein the verification message indicates whether the first shared-session key and the second shared-session key are identical to each other. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. An apparatus for mutual authentication in a Downloadable Conditional Access System (DCAS) comprising:
-
a secure micro-processor (SM) that derives a first shared-session key from session key generation information received from an authentication authority for deriving a shared-session key, and generate a ClientSignOn message for the derived first shared-session key, receives a SecurityAnnounce message from the authentication server, obtains a public key of the authentication server from the SecurityAnnounce messge, verifies the SecurityAnnounce message, and receives a DCASDownload message from the authentication authority; and a hardware server that receives the ClientSignOn message, derives a second shared-session key from the ClientSignOn message, and transmits a ClientSignOnConfirm message for the second shared-session key to the SM, wherein the SM verifies whether the first shared-session key and the second shared-session key are identical with each other so as to generate mutual authentication result, and receives conditional access system software from a headend system based on the mutual authentication result. - View Dependent Claims (21)
-
Specification