Downloadable security and protection methods and apparatus
First Claim
1. A computerized method of operating a security management architecture within a content delivery network, the computerized method comprising:
- identifying a plurality of computerized client devices in data communication with the content delivery network;
receiving data representative of a request for a service from a subscriber associated with at least one of the plurality of computerized client devices; and
configuring the at least one of the plurality of computerized client devices based at least in part on the request, the configuring comprising;
generating personalization data specific to the at least one computerized client device;
transmitting the personalization data to the at least one computerized client device, wherein the transmitting of the personalization data comprises transmitting a message having a common image encryption key, the message being specifically encrypted for the at least one computerized client device, and wherein the common image encryption key enables the at least one computerized client device to decrypt a common software image, the common software image being applicable to all of the plurality of computerized client devices based on a shared hardware and software configuration of respective processor apparatus of the plurality of computerized client devices; and
establishing at least one security permission or policy within a secure element of the at least one computerized client device, the at least one security permission or policy enabling provision of the requested service to the at least one client device.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user'"'"'s premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported. A network security architecture comprising an authentication proxy (AP), provisioning system (MPS), and conditional access system (CAS) is also disclosed, which can interface with a trusted authority (TA) for cryptographic element management and CPE/user device authentication.
446 Citations
20 Claims
-
1. A computerized method of operating a security management architecture within a content delivery network, the computerized method comprising:
-
identifying a plurality of computerized client devices in data communication with the content delivery network; receiving data representative of a request for a service from a subscriber associated with at least one of the plurality of computerized client devices; and configuring the at least one of the plurality of computerized client devices based at least in part on the request, the configuring comprising; generating personalization data specific to the at least one computerized client device; transmitting the personalization data to the at least one computerized client device, wherein the transmitting of the personalization data comprises transmitting a message having a common image encryption key, the message being specifically encrypted for the at least one computerized client device, and wherein the common image encryption key enables the at least one computerized client device to decrypt a common software image, the common software image being applicable to all of the plurality of computerized client devices based on a shared hardware and software configuration of respective processor apparatus of the plurality of computerized client devices; and establishing at least one security permission or policy within a secure element of the at least one computerized client device, the at least one security permission or policy enabling provision of the requested service to the at least one client device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. Computerized network apparatus for use in providing secure digitally rendered content and software downloads to a plurality of computerized client devices within a content delivery network, the computerized network apparatus comprising:
-
secure download infrastructure adapted for data communication with a computerized trusted authority (TA); a media provisioning system in data communication with the secure download infrastructure; a billing system in data communication with the media provisioning system; a media security system in data communication with the media provisioning system; and a media services system in data communication with the media provisioning system; wherein; the media provisioning system and the media security system determine and cause application of data relating to entitlements for at least one of the plurality of computerized client devices in order to authorize provision of a least one cryptographic element and at least one secure client device software image to the at least one of the plurality of computerized client devices; the secure download infrastructure and the TA are configured to cooperate to provide the at least one cryptographic element and the at least one secure client device software image for delivery by the secure download infrastructure to the at least one of the plurality of computerized client devices based at least upon said authorization thereof; the provision of the at least one secure client device software image comprises provision of a device-specific software image within an encrypted data structure; and decryption of the encrypted data structure is required by the at least one of the plurality of computerized client devices to load a common software image. - View Dependent Claims (8, 9, 10, 11, 12, 13, 20)
-
-
14. A computerized method delivering secure software over a network to a computerized client device, the computerized method comprising:
-
providing, via a first network entity, credentials along with a public key for the computerized client device to a second network entity; receiving a device-specific software image to the first network entity from the second network entity, the device-specific software image being specific to only the computerized client device, the device-specific software image encrypted for the computerized client device based at least in part on the public key; receiving a common software image from the second network entity, the common image comprising an image applicable to all of a plurality of computerized client devices having a common configuration and disposed within the network, the plurality of computerized client devices comprising the computerized client device; and transmitting, via the first network entity, the encrypted client device-specific software image and the common software image; wherein a private key corresponding to the public key is required by the computerized client device to decrypt the encrypted client device-specific software image, and decryption of the encrypted client device-specific software image is required to decrypt the common software image. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification