Method and system for preventing revocation denial of service attacks

US 9,461,825 B2
Filed: 05/02/2007
Issued: 10/04/2016
Est. Priority Date: 01/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for signal processing, the method comprising:

in a secure communication system in an integrated circuit;

receiving an encrypted transport stream;

decrypting said encrypted transport stream;

extracting from said decrypted transport stream, a command for revoking a secure key, wherein said secure key is encrypted;

decrypting said command for revoking said secure key utilizing a hidden key;

verifying a signature of said decrypted command for revoking said secure key; and

revoking said secure key upon successful verification of said signature.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for preventing revocation denial of service attacks are disclosed and may include receiving and decrypting a command for revoking a secure key utilizing a hidden key, and revoking the secure key upon successful verification of a signature. The command may comprise a key ID that is unique to a specific set-top box. A key corresponding to the command for revoking the secure key may be stored in a one-time programmable memory, compared to a reference, and the security key may be revoked based on the comparison. The command for revoking the secure key may be parsed from a transport stream utilizing a hardware parser. The method and system may also comprise generating a command for revoking a secure key. The command may be encrypted and signed utilizing a hidden key and may comprise a key ID that is unique to a specific set-top box.

43 Citations

View as Search Results

28 Claims

1. A method for signal processing, the method comprising:
- in a secure communication system in an integrated circuit;
  
  receiving an encrypted transport stream;
  
  decrypting said encrypted transport stream;
  
  extracting from said decrypted transport stream, a command for revoking a secure key, wherein said secure key is encrypted;
  
  decrypting said command for revoking said secure key utilizing a hidden key;
  
  verifying a signature of said decrypted command for revoking said secure key; and
  
  revoking said secure key upon successful verification of said signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein said secure key is signed.
  - 3. The method according to claim 1, wherein said command for revoking said secure key comprises a key ID that is unique to a specific set-top box.
  - 4. The method according to claim 1, wherein said secure key is encrypted using an encryption key that is unique to a specific set-top box.
  - 5. The method according to claim 1, further comprising storing a revocation key corresponding to said command for revoking said secure key in a one-time programmable memory.
  - 6. The method according to claim 5, further comprising comparing said stored revocation key with a reference.
  - 7. The method according to claim 6, further comprising revoking said secure key based on said comparison.
  - 8. The method according to claim 6, wherein said reference is stored in said one-time programmable memory.
  - 9. The method according to claim 1, further comprising parsing said command for revoking said secure key from said decrypted transport stream.
  - 10. The method according to claim 1, further comprising parsing via hardware said command for revoking said secure key from said decrypted transport stream.

11. A method for signal processing, the method comprising:
- generating a command for revoking a secure key, wherein said secure key is encrypted;
  
  encrypting said command for revoking said secure key utilizing a hidden key;
  
  signing said encrypted command for revoking said secure key;
  
  combining said signed and encrypted command with video data being transmitted to a secure communication system; and
  
  encrypting said combined video data and said signed and encrypted command.
- View Dependent Claims (12, 13, 28)
- - 12. The method according to claim 11, wherein said command for revoking said secure key comprises a key ID that is unique to a specific set-top box.
  - 13. The method according to claim 11, wherein said secure key is encrypted using an encryption key that is unique to a specific set-top box.
  - 28. The method according to claim 11, wherein said secure communication system comprises a set-top box.

14. A system for signal processing, the system comprising:
- one or more circuits for receiving an encrypted transport stream, said one or more circuits configured to;
  
  decrypt said encrypted transport stream;
  
  extract from said decrypted transport stream, a command that revokes a secure key, wherein said secure key is encrypted;
  
  decrypt said command for revoking said secure key utilizing a hidden key;
  
  verify a signature of said decrypted command for revoking said secure key; and
  
  revoke said secure key upon successful verification of said signature.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The system according to claim 14, wherein said secure key is signed.
  - 16. The system according to claim 14, wherein said command for revoking said secure key comprises a key ID that is unique to a specific set-top box.
  - 17. The system according to claim 14, wherein said secure key is encrypted using an encryption key that is unique to a specific set-top box.
  - 18. The system according to claim 14, wherein said one or more circuits are further configured to store a revocation key corresponding to said command for revoking said secure key in a one-time programmable memory.
  - 19. The system according to claim 18, wherein said one or more circuits are further configured to compare said stored revocation key with a reference.
  - 20. The system according to claim 19, wherein said one or more circuits are further configured to revoke said secure key based on said comparison.
  - 21. The system according to claim 19, wherein said reference is stored in said one-time programmable memory.
  - 22. The system according to claim 14, wherein said one or more circuits are further configured to parse said command for revoking said secure key from said decrypted transport stream.
  - 23. The system according to claim 14, wherein said one or more circuits parses via hardware, said command for revoking said secure key from said decrypted transport stream.

24. A system for signal processing, the system comprising:
- one or more circuits configured to;
  
  generate a command for revoking a secure key, wherein said secure key is encrypted;
  
  encrypt said command for revoking said secure key utilizing a hidden key;
  
  sign said encrypted command for revoking said secure key;
  
  combine said signed and encrypted command with video data being transmitted to a secure communication system; and
  
  encrypt said combined video data and said signed and encrypted command.
- View Dependent Claims (25, 26, 27)
- - 25. The system according to claim 24, wherein said command for revoking said secure key comprises a key ID that is unique to a specific set-top box.
  - 26. The system according to claim 24, wherein said secure key is encrypted using an encryption key that is unique to a specific set-top box.
  - 27. The system according to claim 24, wherein said secure communication system comprises a set-top box.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Rodgers, Stephane, Dellow, Andrew
Primary Examiner(s)
HERZOG, MADHURI R

Application Number

US11/743,533
Publication Number

US 20080086641A1
Time in Patent Office

3,443 Days
Field of Search

380200-203, 380239-242, 380/255, 380/259, 380277- 30, 380277-286, 713/168, 713176-180, 726 26- 33, 705 50- 59
US Class Current

1/1
CPC Class Codes

G06F 21/1014   to tokens

G06F 21/1076   Revocation

H04L 2209/60   Digital content management,...

H04L 2209/605   Copy protection

H04L 2463/062   applying encryption of the ...

H04L 63/0435   wherein the sending and rec...

H04L 63/123   received data contents, e.g...

H04L 63/1458   Denial of Service

H04L 9/0891   Revocation or update of sec...

H04L 9/3247   involving digital signatures

Method and system for preventing revocation denial of service attacks

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for preventing revocation denial of service attacks

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links