Apparatus and methods for provisioning in a download-enabled system
First Claim
1. Network apparatus disposed substantially at a first location of a content delivery network and configured to provision a security device at a second location of said network, said apparatus comprising:
- a provisioning subsystem comprising both a cable modem and a video provisioning apparatus;
a conditional access apparatus in communication with said provisioning subsystem;
an authentication apparatus in communication with at least said conditional access apparatus; and
a personalization server (PS) apparatus in communication with said conditional access system,wherein said provisioning apparatus is configured to maintain;
identifying information of said security device;
information regarding a topological context of said security device in said network; and
said software configuration of said security device;
wherein at least said authentication apparatus and said conditional access apparatus are configured to cooperate to transmit to said security device;
(i) at least one cryptographic key, and (ii) an encrypted code configured to provide at least protection of content at said security device, andwherein said PS apparatus is configured to select said at least one cryptographic key and said encrypted code based at least in part on a communication received from said security device.
3 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods for provisioning of customer premise equipment (CPE) equipped with a secure microprocessor to receive e.g., digital video content by entering unique identification of the CPE at one or more servers located at the headend or other location of a content-based network. In one embodiment, the CPE comprises a download-enabled (e.g., DCAS) host with embedded cable modem and embedded set-top box functionality, and the provisioning includes enabling DOCSIS functionality of the CPE, assigning an IP address to the CPE and providing the CPE with a client image for the conditional access system chosen by the network operator. In one variant, the network operator can deactivate a provisioned device while connected to the network, as well when disconnected from the network. The network operator can also add, delete or replace conditional access client image in a provisioned device.
-
Citations
17 Claims
-
1. Network apparatus disposed substantially at a first location of a content delivery network and configured to provision a security device at a second location of said network, said apparatus comprising:
-
a provisioning subsystem comprising both a cable modem and a video provisioning apparatus; a conditional access apparatus in communication with said provisioning subsystem; an authentication apparatus in communication with at least said conditional access apparatus; and a personalization server (PS) apparatus in communication with said conditional access system, wherein said provisioning apparatus is configured to maintain; identifying information of said security device; information regarding a topological context of said security device in said network; and said software configuration of said security device; wherein at least said authentication apparatus and said conditional access apparatus are configured to cooperate to transmit to said security device;
(i) at least one cryptographic key, and (ii) an encrypted code configured to provide at least protection of content at said security device, andwherein said PS apparatus is configured to select said at least one cryptographic key and said encrypted code based at least in part on a communication received from said security device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 16)
-
-
8. Network apparatus disposed substantially at a first node of a content delivery network and configured to deliver security information to a second node of said network, said apparatus comprising:
-
a content provisioning apparatus; a security management apparatus in communication with said content provisioning apparatus; an authentication apparatus in communication with at least said security management apparatus; and a personalization server (PS) apparatus in communication with said security management system; wherein said content provisioning apparatus, said security management apparatus, and said authentication apparatus are configured to cooperate to; provision a client device coupled to said network; establish an account associated with said client device; authenticate a physically secure element of said client device; and provide at least one secure software image to said secure element, said at least one secure image enabling at least in part access to content distributed over said network; wherein at least said authentication apparatus and said security management apparatus are configured to cooperate to transmit to said second node said secure image, said secure image configured to manage at least one of (i) trusted domain (TD) policies or configuration, and/or (ii) digital rights management (DRM) policies or configuration, within said secure element of said client device disposed at said second node; and wherein said PS apparatus is configured to select said secure image based at least in part on a communication received from said client device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. Network security apparatus for use with a client-side security management apparatus in operative communication with a content delivery network, said client-side apparatus configured to maintain at least a portion of a trusted domain within a client device using at least a secure element, said network security apparatus comprising:
-
a content provisioning apparatus; a conditional access apparatus in communication with said content provisioning apparatus; an authentication apparatus in communication with at least said conditional access apparatus; and a personalization server (PS) apparatus in communication with said conditional access system; wherein said content provisioning apparatus is configured to maintain; identifying information of said network security apparatus; information regarding a topological context of said network security apparatus in said content delivery network; and said software configuration of said network security apparatus; wherein said authentication apparatus, said content provisioning apparatus, and said conditional access apparatus are configured to cooperate to transmit to said secure element of said client device;
(i) at least one cryptographic key, and (ii) encrypted code configured to provide at least protection of said content at said client device, andwherein said PS apparatus is configured to select said at least one cryptographic key and said encrypted code based at least in part on a communication received from said client device. - View Dependent Claims (17)
-
Specification