Method and apparatus for mutual authentication in downloadable conditional access system

US 8,621,218 B2
Filed: 12/09/2008
Issued: 12/31/2013
Est. Priority Date: 12/10/2007
Status: Active Grant

First Claim

Patent Images

1. A method for mutual authentication of a secure microprocessor (SM) in a Downloadable Conditional Access System (DCAS) comprising:

receiving at a SM session key generation information from an authentication server;

receiving at the SM a SecurityAnnounce message from the authentication server, obtaining a public key of the authentication server from the SecurityAnnounce message, and verifying the SecurityAnnounce message;

receiving at the SM a DCASDownload message from the authentication server;

deriving at the SM a first shared-session key from the session key generation information, and transmitting a ClientSignOn message for the derived first shared-session key to the authentication server;

receiving at the SM a ClientSignOnConfirm message for a second shared-session key derived from the ClientSignOn message of the authentication server; and

verifying at the SM whether the first shared-session message and the second shared-session message are identical with each other based on the ClientSignOnConfirm message so as to generate a mutual authentication result, and receiving at the SM Conditional Access System (CAS) software from a headend system based on the mutual authentication result.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a mutual authentication method and apparatus in a CAS including a headend system and DCAS host. In particular, example embodiments relate to a mutual authentication method and apparatus in DCAS, wherein the mutual authentication is performed between an authentication server of the headend system and an SM of a DCAS host, and then CAS software is downloaded to the SM. According to the example embodiments, there is provided a mutual authentication protocol between the authentication server of the headend and the SM of the DCAS host in a cable network, and also provided a mutual authentication method and apparatus in the DCAS where a substantial authentication based on a hardware, such as a smart card or a cable card, is not needed.

Citations

21 Claims

1. A method for mutual authentication of a secure microprocessor (SM) in a Downloadable Conditional Access System (DCAS) comprising:
- receiving at a SM session key generation information from an authentication server;
  
  receiving at the SM a SecurityAnnounce message from the authentication server, obtaining a public key of the authentication server from the SecurityAnnounce message, and verifying the SecurityAnnounce message;
  
  receiving at the SM a DCASDownload message from the authentication server;
  
  deriving at the SM a first shared-session key from the session key generation information, and transmitting a ClientSignOn message for the derived first shared-session key to the authentication server;
  
  receiving at the SM a ClientSignOnConfirm message for a second shared-session key derived from the ClientSignOn message of the authentication server; and
  
  verifying at the SM whether the first shared-session message and the second shared-session message are identical with each other based on the ClientSignOnConfirm message so as to generate a mutual authentication result, and receiving at the SM Conditional Access System (CAS) software from a headend system based on the mutual authentication result.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the receiving of the DCASDownload message from the authentication server comprises:
    - performing ClientSignOn for the DCASDownload message; and
      
      tranmitting a KeyRequest message to the authentication server.
  - 3. The method of claim 2, wherein the KeyRequest message comprises SM_Certificate or Key PairingID.
  - 4. The method of claim 1, wherein the SecurityAnnounce message comprises access point certificate (AP_Certificate) information or CAS software version (SM Client version).
  - 5. The method of claim 1, wherein the DCASDownload message comprises DownloadSchedule, KeyRequest_REQ, or PurchaseReport_REQ.
  - 6. The method of claim 1, wherein the deriving of the first shared-session key from the session key generation information, and the transmitting of the ClientSignOn message for the derived first shared-session key to the authentication server comprises:
    - receiving a KeyResponse message from the authentication server, the KeyResponse message including a first random value generated from an authentication authority and a seed value generated through a predetermined key generation algorithm in the authentication authority; and
      
      deriving the first shared-session key from unique information of a DCAS host, the seed value, a second random value generated from the SM, or hardware/software version.
  - 7. The method claim 6, wherein the deriving of the first shared-session key from the unique information of the DCAS host, the seed value, the second random value generated from the SM, or the hardware/software version comprises:
    - performing a hash function which takes the unique information, the second random value, the hardware/software version, or the seed value as an input value;
      
      performing a random function which takes a master key value outputted from the hash function as an input value; and
      
      selecting a certain bit of a key value outputted from the random function as the first shared-session key.
  - 8. The method of claim 7, wherein the ClientSignOn message comprises the unique information, the second random value, or the hardware/software version.
  - 9. The method of claim 1, wherein the verifying of whether the first shared-session message and the second shared-session message are identical with each other based on the ClientSignOnConfirm message so as to generate the mutual authentication result, and receiving of the CAS software from the headend system based on the mutual authentication result comprises:
    - decoding the ClientSignOnConfirm message encoded by an Initial Vector (IV) and the first shared-session key through a symmetric key encryption algorithm so as to generate a mutual authentication result, and transmitting the mutual authentication result to authentication server; and
      
      receiving a Downloadlnfo message for downloading the CAS software from the authentication server.
  - 10. The method claim 9, wherein the Downloadlnfo message comprises an IP address (DS_IP), software identification information (FN), protocol information (TM), or PurchaseReport_REQ.
  - 11. The method claim 9, wherein the verifying of whether the first shared-session message and the second shared-session message are identical with each other based on the ClientSignOnConfirm message so as to generate the mutual authentication result, and receiving of the CAS software from the head end system based on the mutual authentication result comprises:
    - performing a download of the CAS software from a download server based on the Downloadlnfo message, and transmitting a DownloadConfirm message including Download Status (DS) for the CAS software to the authentication server.
  - 12. The method claim 11, wherein the performing of the download the CAS software from the download server based on the Downloadlnfo message and the transmitting of the DownloadConfirm message including the DS message to the authentication server comprises:
    - transmitting a PurchasesReport message including PurchaseInfo to the authentication server.
  - 13. The method of claim 1, wherein the headend system transmits a Downloadlnfo message that includes an internet protocol (IP) address of a download server where the SM CAS software is stored only if the SM determines that the first shared-session key and the second shared-session key are identical.

14. A method of mutual authentication of an authentication server in a Downloadable Conditional Access System (DCAS) comprising:
- receiving session key generation information from an authentication authority to derive a first shared-session key, and transmitting the session key generation information to a secure micro-processor (SM);
  
  receiving at the SM a SecurityAnnounce message from the authentication server, obtaining a public key of the authentication server from the SecurityAnnounce messge, and verifying the SecurityAnnounce message;
  
  receiving at the SM a DCASDownload message from the authentication server;
  
  deriving the first shared-session key at the SM;
  
  receiving a ClientSignOn message for the first shared-session key derived by the SM;
  
  deriving a second shared-session key from the ClientSignOn message, and transmitting a ClientSignOnConfim message for the second shared-session key to the SM; and
  
  receiving a verification message from the SM, wherein the verification message indicates whether the first shared-session key and the second shared-session key are identical to each other.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, wherein the receiving of the session key generation information from the authentication authority to derive the shared-session key, and the transmitting of the session key generation information to the SM comprises:
    - receiving a KeyResponse message including a first random value generated from the authentication authority and a seed value generated through a predetermined key generation algorithm in the authentication authority; and
      
      transmitting the KeyResponse message to the SM.
  - 16. The method of claim 15, wherein the seed value is generated through the key generation algorithm which takes a Pre-shared Key (PSK) as an input value, the PSK being previously shared between the SM and the authentication authority.
  - 17. The method of claim 15, wherein the ClientSignOn message comprises unique information, a second random value generated from the SM, or version ofhardware/software, and the deriving of the second shared-session key from the ClientSignOn message, and transmitting of the ClientSignOnConfirm message for the second shared-session key to the SM comprises:
    - deriving the second shared-session key from the ClientSignOn message, the seed value, and the first random value; and
      
      encoding the unique information and client information through a predetermined symmetric key encryption algorithm which takes the second shared-session key and an initial vector (IV) as an input value.
  - 18. The method of claim 17, wherein the deriving of the second shared-session key from the ClientSignOn message, the seed value, and the first random value comprises:
    - performing a hash function which takes the unique information, the second random value, the hardware/software version, or the seed value as an input value;
      
      performing a random function which takes a master key value outputted from the hash function as an input value; and
      
      selecting a certain bit of a key value outputted from the random function as the second shared-session key.
  - 19. The method of claim 17, wherein the ClientSignOnConfirm message comprises the unique information, the client information, or the (initial vector) IV.

20. An apparatus for mutual authentication in a Downloadable Conditional Access System (DCAS) comprising:
- a secure micro-processor (SM) that derives a first shared-session key from session key generation information received from an authentication authority for deriving a shared-session key, and generate a ClientSignOn message for the derived first shared-session key, receives a SecurityAnnounce message from the authentication server, obtains a public key of the authentication server from the SecurityAnnounce messge, verifies the SecurityAnnounce message, and receives a DCASDownload message from the authentication authority; and
  
  a hardware server that receives the ClientSignOn message, derives a second shared-session key from the ClientSignOn message, and transmits a ClientSignOnConfirm message for the second shared-session key to the SM,wherein the SM verifies whether the first shared-session key and the second shared-session key are identical with each other so as to generate mutual authentication result, and receives conditional access system software from a headend system based on the mutual authentication result.
- View Dependent Claims (21)
- - 21. The apparatus of claim 20 wherein the SM selects a bit of a generated key value as the first shared-session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
Kwon, Eun Jung, Koo, Han Seung, Kim, Soon Choul, Jeong, Young Ho, Kim, Heejeong, Kwon, O Hyung, Lee, Soo In
Primary Examiner(s)
Hailu, Teshome

Application Number

US12/330,729
Publication Number

US 20090150672A1
Time in Patent Office

1,848 Days
Field of Search

713/170, 713/171, 713/176, 713/178, 726 1- 4, 726/27, 726/30
US Class Current

713/170
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0869   involving random numbers or...

H04L 9/321   involving a third party or ...

H04L 9/3273   for mutual authentication n...

H04N 21/26613   for generating or managing ...

H04N 7/1675   Providing digital key or au...

Method and apparatus for mutual authentication in downloadable conditional access system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for mutual authentication in downloadable conditional access system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links