Downloadable security and protection methods and apparatus

US 9,923,883 B2
Filed: 04/11/2016
Issued: 03/20/2018
Est. Priority Date: 10/20/2006
Status: Active Grant

First Claim

Patent Images

1. A computerized method for securely delivering a downloadable security module to a specific computerized client device, and thereafter securely providing digitally rendered content thereto, the computerized method comprising:

providing a common software image to a plurality of computerized client devices, one of the plurality of computerized client devices comprising the specific computerized client device;

receiving credentials associated with a user account for the specific computerized client device;

causing verification of the received credentials;

responsive to successfully verifying the received credentials, delivering a device-specific software image for the specific computerized client device, the delivering of the device-specific software image comprising installing the device-specific software image via at least the common software image; and

responsive to subsequent requests for one or more digital content elements associated with the user account, delivering the one or more digital content elements to the device-specific software image executing on the specific computerized client device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user'"'"'s premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported. A network security architecture comprising an authentication proxy (AP), provisioning system (MPS), and conditional access system (CAS) is also disclosed, which can interface with a trusted authority (TA) for cryptographic element management and CPE/user device authentication.

397 Citations

20 Claims

1. A computerized method for securely delivering a downloadable security module to a specific computerized client device, and thereafter securely providing digitally rendered content thereto, the computerized method comprising:
- providing a common software image to a plurality of computerized client devices, one of the plurality of computerized client devices comprising the specific computerized client device;
  
  receiving credentials associated with a user account for the specific computerized client device;
  
  causing verification of the received credentials;
  
  responsive to successfully verifying the received credentials, delivering a device-specific software image for the specific computerized client device, the delivering of the device-specific software image comprising installing the device-specific software image via at least the common software image; and
  
  responsive to subsequent requests for one or more digital content elements associated with the user account, delivering the one or more digital content elements to the device-specific software image executing on the specific computerized client device.
- View Dependent Claims (2, 3, 4, 5, 6, 20)
- - 2. The computerized method of claim 1, wherein the delivering the one or more digital content elements comprises encoding the one or more digital content elements for use with conditional access restrictions that are enforced by the device-specific software image.
  - 3. The computerized method of claim 2, wherein the use with the conditional access restrictions comprises using the conditional access restrictions to prevent unauthorized duplication of the one or more digital content elements.
  - 4. The computerized method of claim 2, wherein the use with the conditional access restrictions comprises using the conditional access restrictions to prevent unauthorized distribution of the one or more digital content elements.
  - 5. The computerized method of claim 1, wherein the delivering of the device-specific software image comprises utilizing at least a first encryption process as part of the delivering.
  - 6. The computerized method of claim 1, wherein the delivering of the one or more digital content elements comprises utilizing at least a second encryption process distinct from the first encryption process.
  - 20. The computerized method of claim 1, further comprising personalizing the device-specific software image according to the user account, the user account identifying a second service level indicating one or more capabilities, the personalized device-specific software image configured to support the one or more capabilities;
    - wherein;
      
      the providing of the common software image to the plurality of computerized client devices comprises providing a software image to the plurality of computerized client device apparatus, the plurality of computerized client device apparatus associated with a first service level; and
      
      the one or more capabilities indicated by the second service level comprise a greater number of capabilities relative to the first service level.

7. Computerized network server apparatus configured to securely deliver a downloadable security module to a specific computerized client device, the network server apparatus comprising:
- a network interface configured to enable communication with a plurality of computerized client devices;
  
  a processor apparatus in data communication with the network interface; and
  
  a non-transitory computer readable medium in data communication with the processor apparatus and comprising one or more instructions configured to, when executed by the processor apparatus, cause the computerized network server apparatus to;
  
  receive a request for the downloadable security module from a specific computerized client device executing a common software image;
  
  responsive to the received request, verify one or more credentials associated with a user account for the specific computerized client device; and
  
  based at least on successful verification of the one or more credentials, deliver a downloadable security module for the specific computerized client device;
  
  wherein the downloadable security module is configured to enable delivery of one or more digital content elements associated with the user account to the specific computerized client device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computerized network server apparatus of claim 7, wherein the downloadable security module comprises conditional access software configured specifically for the specific computerized client device.
  - 9. The computerized network server apparatus of claim 8, wherein the downloadable security module is configured to be inaccessible in an unprotected form.
  - 10. The computerized network server apparatus of claim 9, wherein the one or more digital content elements cannot be delivered to entities other than the downloadable security module.
  - 11. The computerized network server apparatus of claim 7, wherein the common software image comprises a software interface to a secure download system, and wherein the received request comprises a secure request that is independent of other applications of the specific computerized client device.
  - 12. The computerized network server apparatus of claim 11, wherein the one or more instructions are further configured to, when executed by the processor apparatus, cause the network server apparatus to transmit a response to the specific computerized client device executing a common software image, wherein the transmitted response enables authentication of the computerized network server apparatus to the specific computerized client device.

13. Computerized client device apparatus configured to securely receive a downloadable security module from a network server apparatus so as to enable receipt and rendering of secure digital content elements, the computerized client device apparatus comprising:
- a network interface configured to enable communication;
  
  a processor apparatus in data communication with the network interface; and
  
  a non-transitory computer readable medium in data communication with the processor apparatus and comprising one or more instructions which are configured to, when executed by the processor apparatus, cause the computerized client device apparatus to;
  
  execute a common software image that enables access to a secure download system provided by the network server apparatus;
  
  securely download a security module and prevent access to the downloaded security module in any unprotected form;
  
  install the downloaded security module; and
  
  render one or more of the secure digital content elements via use of at least the installed downloaded security module.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The computerized client device apparatus of claim 13, wherein the common software image comprises a software image that is provided to a plurality of computerized client device apparatus associated with a first service level, the first service level indicating one or more functions enabled at the plurality of computerized client device apparatus.
  - 15. The computerized client device apparatus of claim 14, wherein the installed downloaded security module comprises a software image based on the computerized client device apparatus being associated with second service level, the second service level indicating that the computerized client device has one or more additional functions relative to the first service level.
  - 16. The computerized client device apparatus of claim 15, wherein the installed downloaded security module is personalized in accordance with an account associated with a subscriber of a network operator'"'"'s service.
  - 17. The computerized client device apparatus of claim 16, wherein the secure download of the secure module requires verification of the account with the network operator via at least one data interface of the computerized client device apparatus.
  - 18. The computerized client device apparatus of claim 13, further comprising a display apparatus in data communication with the processor apparatus, wherein the rendered one or more secure digital content elements comprise digitally rendered video content rendered via the display apparatus.
  - 19. The computerized client device apparatus of claim 18, wherein the execution of the common software image comprises execution of a separate graphical user interface (GUI) from other applications of the computerized client device apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Original Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Inventors
Helms, William L., Carlucci, John B., Schnitzer, Jason Kazmir
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Ambaye, Samuel

Application Number

US15/096,065
Publication Number

US 20160301677A1
Time in Patent Office

708 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 8/63   Image based installation; C...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/60   Digital content management,...

H04L 2209/605   Copy protection

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/80   Wireless network architectu...

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/123   received data contents, e.g...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04N 21/2347   involving video stream encr...

H04N 21/2351   involving encryption of add...

H04N 21/2541   Rights Management protectin...

H04N 21/2543   Billing , e.g. for subscrip...

H04N 21/25816 : involving client authentica...

H04N 21/26606 : for generating or managing ...

H04N 21/26613 : for generating or managing ...

H04N 21/4353 : involving decryption of add...

H04N 21/4363 : Adapting the video stream t...

H04N 21/4405 : involving video stream decr...

H04N 21/4623 : Processing of entitlement m...

H04N 21/4627 : Rights management associate...

H04N 21/478 : Supplemental services, e.g....

H04N 21/6118 : involving cable transmissio...

H04N 21/63345 : by transmitting keys key di...

H04N 21/8166 : involving executable data, ...

H04N 21/8193 : dedicated tools, e.g. video...

H04N 7/167 : Systems rendering the telev...

H04N 7/1675 : Providing digital key or au...

View All

Downloadable security and protection methods and apparatus

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

397 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Downloadable security and protection methods and apparatus

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

397 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links