Challenge-response cable set-top-box system to securely authenticate software application program interfaces (APIs)
First Claim
1. A method for providing handshaking between a (Conditional Access System) CAS application program, middleware and a set top box to allow secure access to an Application Program Interface (API), the secure access being controlled by the CAS, the method comprising:
- submitting by middleware a request for support service from the CAS in order to facilitate access of the CAS content by a subscriber;
receiving from the CAS a challenge comprising a random number or a non-repeating numerical value that had not been previously used by the CAS;
calculating a challenge response using a function over the challenge value using the middleware, where that function is controlled by intellectual property (IP) rights and referred to here as Hook IP, and wherein the calculated output of said function is provided as a response from the middleware to the CAS; and
returning an acknowledgement from the CAS to the middleware when the response is verified indicating that the support service for accessing the API is enabled.
11 Assignments
0 Petitions
Accused Products
Abstract
A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol provided between a Conditional Access System (CAS) and Middleware running on a Set-Top-Box. The handshake is a Challenge-Response protocol that includes several steps. The CAS or the Middleware can either act as a Claimant or Verifier in Challenge-Response process. First, a Claimant sends a request to a Verifier requesting access to a function F through the API. The Verifier reacts to the request by outputting a Challenge that is sent to the Claimant The Challenge is also retained by the Verifier for use in its internal calculation to verify the Claimant'"'"'s response. The Claimant next processes the Challenge using components under a patent License Agreement, known as Hook IP, and issues a Response to the Verifier. The Verifier can then verify the Response to allow the Claimant access to the API.
-
Citations
16 Claims
-
1. A method for providing handshaking between a (Conditional Access System) CAS application program, middleware and a set top box to allow secure access to an Application Program Interface (API), the secure access being controlled by the CAS, the method comprising:
-
submitting by middleware a request for support service from the CAS in order to facilitate access of the CAS content by a subscriber; receiving from the CAS a challenge comprising a random number or a non-repeating numerical value that had not been previously used by the CAS; calculating a challenge response using a function over the challenge value using the middleware, where that function is controlled by intellectual property (IP) rights and referred to here as Hook IP, and wherein the calculated output of said function is provided as a response from the middleware to the CAS; and returning an acknowledgement from the CAS to the middleware when the response is verified indicating that the support service for accessing the API is enabled. - View Dependent Claims (2, 3, 4)
-
-
5. A method for providing handshaking between a (conditional access system) CAS application program, middleware and a set top box to allow secure access to an Application Program Interface (API), the secure access being controlled by the middleware, the method comprising:
-
by the CAS a request to the middleware to access content decryption related APIs used by the CAS; receiving from the middleware at the CAS a challenge including a random number or a non-repeating numerical value that has not been used by the middleware; calculating a function over the challenge value in the CAS, where that function is controlled by intellectual property (IP) rights and referred to here as Hook IP, and wherein the output of the calculated function is provided as a response from the CAS to the middleware; and receiving an acknowledgement at the CAS provided by the middleware when the response is verified by the middleware indicating that content decryption related APIs are enabled. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification