Blackbox security provider programming system permitting multiple customer use and in field conditional access switching
First Claim
Patent Images
1. A method of securely providing data (D) for use by a hardware device of a receiver, comprising the steps of:
- securely transmitting a secret value (SV) from a first entity to a manufacturer of the hardware device and securely and unalterably storing the secret value (SV) in a secure memory of the hardware device via a black box device disposed at a manufacturer of the hardware device, wherein the black box device performs a secure transformation of SV data to unalterably store the SV in the secure memory without exposing the SV to the manufacturer of the hardware device;
encrypting, in the first entity, a product provisioning key (PPK), wherein the product provisioning key (PPK) is known to the first entity and kept secret from a second entity and a third entity, the product provisioning key (PPK) encrypted according to the SV to produce an encrypted PPK (ESV[PPK]);
securely transmitting the encrypted PPK (ESV[PPK]) from the first entity to the manufacturer of the hardware device and securely and unalterably storing the encrypted PPK (ESV[PPK]) in the secure memory of the hardware device via the black box device disposed at the manufacturer of the hardware device;
receiving, in the second entity, a customer global key (CGK) generated by the first entity;
encrypting, in the second entity, the data (D) according to the customer global key (CGK) to produce an encrypted data (ECGK[D]);
encrypting, in the first entity, the customer global key (CGK) according to the product provisioning key (PPK) to produce an encrypted customer global key (EPPK[CGK]); and
transmitting the encrypted customer global key (EPPK[CGK]) and the encrypted data (ECGK[D]) to the hardware device after the hardware device is field distributed to the third entity.
7 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus, article of manufacture, and a memory structure for securely providing data for use by a hardware device of a receiver. The method utilizes a product provisioning key (PPV) held secure from other entities that can be unlocked and used with a secret value securely and unchangeably stored in the hardware device.
-
Citations
37 Claims
-
1. A method of securely providing data (D) for use by a hardware device of a receiver, comprising the steps of:
-
securely transmitting a secret value (SV) from a first entity to a manufacturer of the hardware device and securely and unalterably storing the secret value (SV) in a secure memory of the hardware device via a black box device disposed at a manufacturer of the hardware device, wherein the black box device performs a secure transformation of SV data to unalterably store the SV in the secure memory without exposing the SV to the manufacturer of the hardware device; encrypting, in the first entity, a product provisioning key (PPK), wherein the product provisioning key (PPK) is known to the first entity and kept secret from a second entity and a third entity, the product provisioning key (PPK) encrypted according to the SV to produce an encrypted PPK (ESV[PPK]); securely transmitting the encrypted PPK (ESV[PPK]) from the first entity to the manufacturer of the hardware device and securely and unalterably storing the encrypted PPK (ESV[PPK]) in the secure memory of the hardware device via the black box device disposed at the manufacturer of the hardware device; receiving, in the second entity, a customer global key (CGK) generated by the first entity; encrypting, in the second entity, the data (D) according to the customer global key (CGK) to produce an encrypted data (ECGK[D]); encrypting, in the first entity, the customer global key (CGK) according to the product provisioning key (PPK) to produce an encrypted customer global key (EPPK[CGK]); and transmitting the encrypted customer global key (EPPK[CGK]) and the encrypted data (ECGK[D]) to the hardware device after the hardware device is field distributed to the third entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for securely providing data (D) for use by a hardware device of a receiver, comprising:
-
a first entity, having; a secure transmission means, for transmitting a secret value (SV) from the first entity to a manufacturer of the hardware device; and a black box device disposed at a manufacturer of the hardware device, for securely and unalterably storing the secret value (SV) in a secure memory of the hardware device by performing a secure transformation of the SV data without exposing the SV to the manufacturer of the hardware device; an encryptor for encrypting a product provisioning key (PPK), the product provisioning key (PPK) known to the first entity and kept secret from a second entity and a third entity, the product provisioning key encrypted according to the SV to produce an encrypted PPK ESV[PPK]; wherein the secure transmission means further transmits the encrypted PPK ESV[PPK] from the first entity to the manufacturer of the hardware device and the black box device securely and unalterably storing the encrypted PPK ESV[PPK] in a secure memory of the hardware device via the black box device disposed at the manufacturer of the hardware device; wherein the second entity, comprises; an encryptor, for encrypting the data (D) according to a customer global key (CGK) generated by and received from the first entity to produce an encrypted data (ECGK[D]) and for encrypting the customer global key (CGK) according to a product provisioning key (PPK) to produce an encrypted customer global key (EPPK[CGK]); and means for transmitting the encrypted customer global key (EPPK[CGK]) and the encrypted data (ECGK[D]) to the hardware device after the hardware device is field distributed to a third entity. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification