Blackbox security provider programming system permitting multiple customer use and in field conditional access switching

US 9,800,405 B2
Filed: 03/01/2013
Issued: 10/24/2017
Est. Priority Date: 03/02/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method of securely providing data (D) for use by a hardware device of a receiver, comprising the steps of:

securely transmitting a secret value (SV) from a first entity to a manufacturer of the hardware device and securely and unalterably storing the secret value (SV) in a secure memory of the hardware device via a black box device disposed at a manufacturer of the hardware device, wherein the black box device performs a secure transformation of SV data to unalterably store the SV in the secure memory without exposing the SV to the manufacturer of the hardware device;

encrypting, in the first entity, a product provisioning key (PPK), wherein the product provisioning key (PPK) is known to the first entity and kept secret from a second entity and a third entity, the product provisioning key (PPK) encrypted according to the SV to produce an encrypted PPK (E_SV[PPK]);

securely transmitting the encrypted PPK (E_SV[PPK]) from the first entity to the manufacturer of the hardware device and securely and unalterably storing the encrypted PPK (E_SV[PPK]) in the secure memory of the hardware device via the black box device disposed at the manufacturer of the hardware device;

receiving, in the second entity, a customer global key (CGK) generated by the first entity;

encrypting, in the second entity, the data (D) according to the customer global key (CGK) to produce an encrypted data (E_CGK[D]);

encrypting, in the first entity, the customer global key (CGK) according to the product provisioning key (PPK) to produce an encrypted customer global key (E_PPK[CGK]); and

transmitting the encrypted customer global key (E_PPK[CGK]) and the encrypted data (E_CGK[D]) to the hardware device after the hardware device is field distributed to the third entity.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, article of manufacture, and a memory structure for securely providing data for use by a hardware device of a receiver. The method utilizes a product provisioning key (PPV) held secure from other entities that can be unlocked and used with a secret value securely and unchangeably stored in the hardware device.

Citations

37 Claims

1. A method of securely providing data (D) for use by a hardware device of a receiver, comprising the steps of:
- securely transmitting a secret value (SV) from a first entity to a manufacturer of the hardware device and securely and unalterably storing the secret value (SV) in a secure memory of the hardware device via a black box device disposed at a manufacturer of the hardware device, wherein the black box device performs a secure transformation of SV data to unalterably store the SV in the secure memory without exposing the SV to the manufacturer of the hardware device;
  
  encrypting, in the first entity, a product provisioning key (PPK), wherein the product provisioning key (PPK) is known to the first entity and kept secret from a second entity and a third entity, the product provisioning key (PPK) encrypted according to the SV to produce an encrypted PPK (E_SV[PPK]);
  
  securely transmitting the encrypted PPK (E_SV[PPK]) from the first entity to the manufacturer of the hardware device and securely and unalterably storing the encrypted PPK (E_SV[PPK]) in the secure memory of the hardware device via the black box device disposed at the manufacturer of the hardware device;
  
  receiving, in the second entity, a customer global key (CGK) generated by the first entity;
  
  encrypting, in the second entity, the data (D) according to the customer global key (CGK) to produce an encrypted data (E_CGK[D]);
  
  encrypting, in the first entity, the customer global key (CGK) according to the product provisioning key (PPK) to produce an encrypted customer global key (E_PPK[CGK]); and
  
  transmitting the encrypted customer global key (E_PPK[CGK]) and the encrypted data (E_CGK[D]) to the hardware device after the hardware device is field distributed to the third entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the data (D) comprises a key for decrypting encrypted media programs using the hardware device.
  - 3. The method of claim 1, wherein the data (D) comprises a code block including instructions for execution by the hardware device.
  - 4. The method of claim 1, wherein the method further comprises the steps of:
    - storing a public key of the first entity in the hardware device;
      
      combining, in the first entity, a second entity-unique product differentiator assigned by the first entity with a public key of the second entity;
      
      signing, in the first entity, the combination with a private key of the first entity;
      
      transmitting the signed combination and the product differentiator from the first entity to the second entity;
      
      receiving the signed combination and product differentiator from the first entity and storing the signed combination and the product differentiator in the hardware device;
      
      storing a public key of the second entity in the hardware device; and
      
      storing a hardware device boot code image signed by the private key of the second entity in the hardware device;
      
      executing the hardware device boot code, comprising the steps of;
      
      initiating a boot sequence in the hardware device;
      
      verifying the public key of the second entity using the stored signed combination, the product differentiator, and the stored public key of the first entity;
      
      verifying the boot sequence signed by the private key of the second entity using the verified public key of the second entity only if the public key is verified; and
      
      executing the boot sequence only if the boot sequence is verified.
  - 5. The method of claim 4, wherein the public key of the first entity is stored in a read only memory (ROM) or one time programmable (OTP) memory of the hardware device.
  - 6. The method of claim 4, wherein the product differentiator is assigned by the first entity and is unique to the second entity.
  - 7. The method of claim 6, wherein the product differentiator is hashed with the public key of the second entity.
  - 8. The method of claim 6, wherein the product differentiator and address of the public key of the second entity are hashed with the public key of the second entity.
  - 9. The method of claim 6, wherein the product differentiator, address of the public key of the second entity and address of the product differentiator are hashed with the public key of the second entity.
  - 10. The method of claim 6, wherein the product differentiator and address of the product differentiator are hashed with the public key of the second entity.
  - 11. The method of claim 1, further comprising the steps of:
    - decrypting the encrypted customer global key (E_PPK[CGK]) according to the product provisioning key (PPK) to reproduce the customer global key in the hardware device, comprising the steps of;
      
      decrypting the encrypted PPK E_SV[PPK] according to the secret value (SV) in the hardware device disposed at a third entity to produce the product provisioning key;
      
      wherein the secret value (SV) and the product provisioning key (PPK) is held secret from the second entity; and
      
      decrypting the encrypted data (E_CGK[D]) with the reproduced customer global key to reproduce the data (D).
  - 12. The method of claim 1, wherein:
    - the first entity is a security provider;
      
      the second entity is first consumer electronics (CE) device source; and
      
      the third entity is a subscriber;
      
      wherein the security provider is independent from CE device source, the hardware manufacturer, and the subscriber.
  - 13. The method of claim 12, further comprising the steps of:
    - receiving, in a second CE device source, a second customer global key (CGK2) generated by the security provider;
      
      encrypting, in the security provider, the data (D) according to the second customer global key (CGK2) to produce an second encrypted data (E_CGK2[D]);
      
      encrypting, in the security provider, the second customer global key (CGK2) according to the product provisioning key (PPK) to produce a second encrypted customer global key (E_PPK[CGK2]); and
      
      transmitting the second encrypted customer global key (E_PPK[CGK2]) and the second encrypted data (E_CGK2[D]) to the hardware device after the hardware device is field distributed to a third entity.
  - 14. The method of claim 13, wherein the second encrypted customer global key (E_PPK[CGK2]) and the encrypted data (E_CGK2[D]) are stored in the hardware device without overwriting the encrypted customer global key (E_PPK[CGK]) and the encrypted data (E_CGK[D]).
  - 15. The method of claim 14, wherein the storage in the hardware device without overwriting enables operation of the hardware device according to security functions of both the CE device source and the second CE device source.
  - 16. The method of claim 13, wherein the second encrypted customer global key (E_PPK[CGK2]) and the encrypted data (E_CGK2[D]) are stored in the hardware device by overwriting the encrypted customer global key (E_PPK[CGK]) and the encrypted data (E_CGK[D]).
  - 17. The method of claim 16, wherein the overwriting revokes a security functionality of the CE source and enables a security functionality of the second CE source to switch the operation of the hardware device to use security functions of the second CE device source in place of security functions CE device source.
  - 18. The method of claim 13, wherein the method further comprises the steps of:
    - storing a public key of the security provider in the hardware device;
      
      combining, in the security provider, a CE source-unique product differentiator assigned by the security provider with a public key of the CE source;
      
      signing, in the security provider, the combination with a private key of the security provider;
      
      transmitting the signed combination and the product differentiator from the security provider to the CE source;
      
      receiving the signed combination and product differentiator from the security provider and storing the signed combination and the product differentiator in the hardware device;
      
      storing a public key of the CE source in the hardware device; and
      
      storing a hardware device boot code image signed by the private key of the CE source in the hardware device;
      
      executing the hardware device boot code, comprising the steps of;
      
      initiating a boot sequence in the hardware device;
      
      verifying the public key of the CE source using the stored signed combination, the product differentiator, and the stored public key of the security provider;
      
      verifying the boot sequence signed by the private key of the CE source using the verified public key of the CE source only if the public key is verified; and
      
      executing the boot sequence only if the boot sequence is verified.
  - 19. The method of claim 16, further comprising the steps of:
    - combining, in the security provider, a second CE-source-unique product differentiator assigned by the security provider with a public key of the second CE source;
      
      signing, in the security provider, the combination with a private key of the security provider;
      
      transmitting the signed combination and the product differentiator from the security provider to the second CE source;
      
      receiving the signed combination and second product differentiator associated with the second CE source from the security provider and storing the signed combination and the second product differentiator in the hardware device;
      
      storing a public key of the second CE source in the hardware device; and
      
      storing a hardware device second boot code image signed by the private key of the second CE source in the hardware device;
      
      executing the hardware device second boot code, comprising the steps of;
      
      initiating a boot sequence in the hardware device;
      
      verifying the public key of the second CE source using the stored signed combination, the second product differentiator, and the stored public key of the security provider;
      
      verifying the boot sequence signed by the private key of the second CE source using the verified public key of the second CE source only if the public key of the second CE source is verified; and
      
      executing the boot sequence only if the boot sequence is verified.

20. A system for securely providing data (D) for use by a hardware device of a receiver, comprising:
- a first entity, having;
  
  a secure transmission means, for transmitting a secret value (SV) from the first entity to a manufacturer of the hardware device; and
  
  a black box device disposed at a manufacturer of the hardware device, for securely and unalterably storing the secret value (SV) in a secure memory of the hardware device by performing a secure transformation of the SV data without exposing the SV to the manufacturer of the hardware device;
  
  an encryptor for encrypting a product provisioning key (PPK), the product provisioning key (PPK) known to the first entity and kept secret from a second entity and a third entity, the product provisioning key encrypted according to the SV to produce an encrypted PPK E_SV[PPK];
  
  wherein the secure transmission means further transmits the encrypted PPK E_SV[PPK] from the first entity to the manufacturer of the hardware device and the black box device securely and unalterably storing the encrypted PPK E_SV[PPK] in a secure memory of the hardware device via the black box device disposed at the manufacturer of the hardware device;
  
  wherein the second entity, comprises;
  
  an encryptor, for encrypting the data (D) according to a customer global key (CGK) generated by and received from the first entity to produce an encrypted data (E_CGK[D]) and for encrypting the customer global key (CGK) according to a product provisioning key (PPK) to produce an encrypted customer global key (E_PPK[CGK]); and
  
  means for transmitting the encrypted customer global key (E_PPK[CGK]) and the encrypted data (E_CGK[D]) to the hardware device after the hardware device is field distributed to a third entity.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 21. The system of claim 20, wherein:
    - the first entity further comprises;
      
      means for combining, a second entity-unique product differentiator assigned by the first entity with a public key of the second entity;
      
      means for signing the combination with a private key of the first entity;
      
      wherein the secure transmission means further transmits the signed combination and the product differentiator from the first entity to the second entity;
      
      the second entity further comprises;
      
      means for storing a public key of the first entity in the hardware device;
      
      means for receiving the signed combination and product differentiator from the first entity and storing the signed combination and the product differentiator in the hardware device;
      
      means for storing a public key of the second entity in the hardware device; and
      
      means for storing a hardware device boot code image signed by the private key of the second entity in the hardware device;
      
      the hardware device further comprises;
      
      a processor for executing the hardware device boot code, comprising instructions including instructions for;
      
      initiating a boot sequence in the hardware device;
      
      verifying the public key of the second entity using the stored signed combination, the product differentiator, and the stored public key of the first entity;
      
      verifying the boot sequence signed by the private key of the second entity using the verified public key of the second entity only if the public key is verified; and
      
      executing the boot sequence only if the boot sequence is verified.
  - 22. The system of claim 20,wherein the hardware device further comprises:
    - means for decrypting the encrypted customer global key (E_PPK[CGK]) according to the product provisioning key (PPK) to reproduce the customer global key in the hardware device, comprising;
      
      means for decrypting the encrypted PPK E_SV[PPK] according to the secret value (SV) in the hardware device disposed at a third entity to produce the product provisioning key;
      
      wherein the secret value (SV) and the product provisioning key (PPK) is held secret from the second entity; and
      
      means for decrypting the encrypted data (E_CGK[D]) with the reproduced customer global key to reproduce the data (D).
  - 23. The system of claim 20, wherein:
    - the first entity is a security provider;
      
      the second entity is first consumer electronics (CE) device source; and
      
      the third entity is a subscriber;
      
      wherein the security provider is independent from CE device source, the hardware manufacturer, and the subscriber.
  - 24. The system of claim 23, further comprising:
    - a second CE device source, comprising;
      
      means for receiving, a second customer global key (CGK2) generated by the security provider;
      
      means for encrypting the data (D) according to the second customer global key (CGK2) to produce an second encrypted data (E_CGK2[D]);
      
      wherein;
      
      the security provider means for encrypting further encrypts the second customer global key (CGK2) according to the product provisioning key (PPK) to produce a second encrypted customer global key (E_PPK[CGK2]); and
      
      transmits the second encrypted customer global key (E_PPK[CGK2]) and the second encrypted data (E_CGK2[D]) to the hardware device after the hardware device is field distributed to a third entity.
  - 25. The system of claim 20, wherein the data (D) comprises a key for decrypting encrypted media programs using the hardware device.
  - 26. The system of claim 20, wherein the data (D) comprises a code block including instructions for execution by the hardware device.
  - 27. The system of claim 21, wherein the public key of the first entity is stored in a read only memory (ROM) or one time programmable (OTP) memory of the hardware device.
  - 28. The system of claim 21, wherein the product differentiator is assigned by the first entity and is unique to the second entity.
  - 29. The system of claim 28, wherein the product differentiator is hashed with the public key of the second entity.
  - 30. The system of claim 28, wherein the product differentiator and address of the public key of the second entity are hashed with the public key of the second entity.
  - 31. The system of claim 28, wherein the product differentiator, address of the public key of the second entity and address of the product differentiator are hashed with the public key of the second entity.
  - 32. The system of claim 28, wherein the product differentiator and address of the product differentiator are hashed with the public key of the second entity.
  - 33. The system of claim 24, wherein the second encrypted customer global key (E_PPK[CGK2]) and the encrypted data (E_CGK2[D]) are stored in the hardware device without overwriting the encrypted customer global key (E_PPK[CGK]) and the encrypted data (E_CGK[D]).
  - 34. The system of claim 33, wherein the storage in the hardware device without overwriting enables operation of the hardware device according to security functions of both the CE device source and the second CE device source.
  - 35. The system of claim 24, wherein the second encrypted customer global key (E_PPK[CGK2]) and the encrypted data (E_CGK2[D]) are stored in the hardware device by overwriting the encrypted customer global key (E_PPK[CGK]) and the encrypted data (E_CGK[D]).
  - 36. The system of claim 35, wherein the overwriting revokes a security functionality of the CE source and enables a security functionality of the second CE source to switch the operation of the hardware device to use security functions of the second CE device source in place of security functions CE device source.
  - 37. The system of claim 24, further comprising:
    - means for storing a public key of the security provider in the hardware device;
      
      means for combining, in the security provider, a CE source-unique product differentiator assigned by the security provider with a public key of the CE source;
      
      means for signing, in the security provider, the combination with a private key of the security provider;
      
      means for transmitting the signed combination and the product differentiator from the security provider to the CE source;
      
      means for receiving the signed combination and product differentiator from the security provider and storing the signed combination and the product differentiator in the hardware device;
      
      means for storing a public key of the CE source in the hardware device; and
      
      means for storing a hardware device boot code image signed by the private key of the CE source in the hardware device;
      
      means for executing the hardware device boot code, comprising;
      
      means for initiating a boot sequence in the hardware device;
      
      means for verifying the public key of the CE source using the stored signed combination, the product differentiator, and the stored public key of the security provider;
      
      means for verifying the boot sequence signed by the private key of the CE source using the verified public key of the CE source only if the public key is verified; and
      
      means for executing the boot sequence only if the boot sequence is verified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rambus Inc.
Original Assignee
Syphermedia International, Inc. (Verimatrix SA)
Inventors
Cocchi, Ronald P., Skubiszewski, Matthew A., Gorman, Michael A., Carson, Jacob T.
Primary Examiner(s)
SHOLEMAN, ABU S

Application Number

US14/382,539
Publication Number

US 20150113278A1
Time in Patent Office

1,698 Days
Field of Search

713171, 726 1, 726 9
US Class Current
CPC Class Codes

G06F 21/575   Secure boot

G06F 21/72   in cryptographic circuits

H04L 2209/12   Details relating to cryptog...

H04L 2463/062   applying encryption of the ...

H04L 63/0435   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0853   using an additional device,...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/321   involving a third party or ...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04N 21/26613   for generating or managing ...

H04N 21/63345   by transmitting keys key di...

H04W 12/04   Key management, e.g. using ...

H04W 12/082   using revocation of authori...

H04W 12/35   Protecting application or s...

Blackbox security provider programming system permitting multiple customer use and in field conditional access switching

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Blackbox security provider programming system permitting multiple customer use and in field conditional access switching

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links