Preventing unauthorized poaching of set top box assets
First Claim
1. A method for maintaining control over a set-top-box (STB) asset, comprising:
- authenticating, using a hardware-based authentication process, a first software application, the first software application having been generated by a first party, wherein the STB asset is operated by a second party;
once authenticated, using the first software application to authenticate a public key received with a second software application that was generated by a third party and is intended to be run on the STB asset;
once authenticated, using the public key of the third party to authenticate the second software application generated by the third party; and
confirming that the second software application is authorized to be run on the STB asset by consulting a list of authorized third parties, wherein consulting the list of authorized third parties comprise utilizing a list maintenance code signing key (LMCSK) having a unique serial number always recognized by the hardware-based authentication process, and locating the third party that generated the second software application, wherein the list of authorized third parties is itself authenticated by the first software application using the LMCSK.
9 Assignments
0 Petitions
Accused Products
Abstract
To prevent poaching of an Internet Protocol (IP) set top box (STB) asset or similar network computing device from one system operator to another, code executing in the IP STB not only authenticates downloaded software images using a public key provided in a serial-number assigned digital certificate, but also confirms that the serial number appears on a signed whitelist, or does not appear on a signed blacklist. The code executing in the STB further preferably enforces a rule that only the authority that signed the already-loaded whitelist/blacklist may replace it with a new list. Such a “sticky whitelist/blacklist” ensures that if the STB boots or resets in a new network, the existing authentication list will not be replaced by a list that is valid for a new or different network, and, as a result, that new software code images will not be authenticated.
-
Citations
23 Claims
-
1. A method for maintaining control over a set-top-box (STB) asset, comprising:
-
authenticating, using a hardware-based authentication process, a first software application, the first software application having been generated by a first party, wherein the STB asset is operated by a second party; once authenticated, using the first software application to authenticate a public key received with a second software application that was generated by a third party and is intended to be run on the STB asset; once authenticated, using the public key of the third party to authenticate the second software application generated by the third party; and confirming that the second software application is authorized to be run on the STB asset by consulting a list of authorized third parties, wherein consulting the list of authorized third parties comprise utilizing a list maintenance code signing key (LMCSK) having a unique serial number always recognized by the hardware-based authentication process, and locating the third party that generated the second software application, wherein the list of authorized third parties is itself authenticated by the first software application using the LMCSK. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method, comprising:
-
storing a first digitally signed list on an electronic device, the first digitally signed list including identification data for a plurality of software vendors authorized to load and run software on the electronic device; receiving, at the electronic device, a second digitally signed list, the second digitally signed list also including identification data for a plurality of software vendors authorized to load and run software on the electronic device, wherein the identification data comprises a list maintenance code signing key (LMCSK) having a serial number unique to the signing authority that is always recognized by a bootloader; determining that a signing authority that signed the second digitally signed list is the same as a signing authority that signed the first digitally signed list, wherein determining that the signing authority that signed the second digitally signed list is the same as the signing authority that signed the first digitally signed list comprises authorizing the LMCSK; and replacing, utilizing the bootloader, the first digitally signed list with the second digitally signed list when it is determined that a signing authority that signed the second digitally signed list is the same as a signing authority that signed the first digitally signed list. - View Dependent Claims (14, 15, 16)
-
-
17. A method comprising:
-
receiving at a set top box a signed list of serial numbers, wherein the serial numbers respectively identify authorized digital certificates, and a digital certificate includes a public key associated with a developer of a code image; storing the list of serial numbers in a memory of the set top box; receiving at the set top box a signed replacement list of serial numbers and a list maintenance code signing key (LMCSK) having a serial number unique to the signing authority that is always recognized by a bootloader; determining if a signing authority that signed the signed replacement list of serial numbers is the same as a signing authority that signed the list of serial numbers; and replacing, utilizing the bootloader, the list of serial numbers with the list of serial numbers from the signed replacement list of serial numbers when the signing authority that signed the signed replacement list of serial numbers is the same as a signing authority that signed the list of serial numbers. - View Dependent Claims (18, 19)
-
-
20. A set-top-box (STB), comprising:
-
a public key embedded in a hardware device in the STB; and software code stored and operable on the STB to authenticate, based at least in part on the public key embedded in the hardware device and a stored list of authorized software vendors and a list maintenance code signing key (LMCSK) having a serial number unique to the signing authority that is always recognized by the hardware device, a software image downloaded from a server and prepared by one of a plurality of software vendors, the software code further operable to replace the stored list of authorized software vendors only when a new list of authorized software vendors is signed by a same signing authority that signed the stored list of authorized software vendors and recognized by the LMCSK. - View Dependent Claims (21, 22, 23)
-
Specification