46 results about "Downloadable Conditional Access System" patented technology

Apparatuses, computer readable media, and methods establishing and maintaining trust between security devices for distributing media content are provided. Two security devices bind to establish an initial trust so that security information can be exchanged. Subsequently, trust is refreshed to verify the source of a message is valid. In an embodiment, the security devices may comprise a security processor and a system on a chip (SoC) in a downloadable conditional access system. Trust may be refreshed by a security device inserting authentication information in a message to another security device, where authentication information may assume different forms, including a digital signature (asymmetric key) or a hash message authentication code (HMAC). Trust may also be refreshed by extracting header information from the message, determining state information from at least one parameter contained in the header information, and acting on message content only when the state information is valid.

A mutual authentication method in a Downloadable Conditional Access System (DCAS) is provided. The mutual authentication method may receive authentication-related information about authentication between an authentication unit and a security module (SM) from a Trusted Authority (TA), generate an authentication session key using the authentication-related information, transmit the authentication session key by the authentication unit to the SM through a Cable Modem Termination System (CMTS), and control a Conditional Access System (CAS) software to be downloaded to the SM from the authentication unit, when the authentication is completed by the authentication session key.

A method and apparatus of X.509 certificate-based mutual authentication and key distribution for a Downloadable Conditional Access System (DCAS) in a digital cable broadcasting network is provided for composing a software-based secure DCAS in various Conditional Access Systems (CASs) based on an embodiment form of Conditional Access (CA) application for CA of digital cable broadcasting.

A multi-stream encryption apparatus and method, and a host device for multi-channel recording of a plurality of fee-based broadcasting services in a Downloadable Conditional Access System (DCAS) are provided.

In a downloadable conditional access system (DCAS), preferably all DCAS-specific code is implemented in a configurable secure (CS) processor that is in communication with the host processor. Preferably, no DCAS-specific code is executed in the host processor. The host processor delivers commands to the CS processor, which the CS processor performs to configure itself in accordance with the particular DCAS encryption scheme used by the DCAS. Once configured, the CS processor executes a DCAS software module that has been downloaded to the CS processor, which looks for the corresponding EMMs and ECMs, processes them to obtain the CW, and then uses the CW to decrypt the content stream.

Systems and methods are described for aggregating information obtained from messages between playback devices and content protection systems, including but not limited to conditional access systems, downloadable conditional access systems, and digital rights management systems, that include a unique identifier and applying user modifiable rules to the aggregated information to identify abnormal behavior associated with the unique identifier including but not limited to one or more clone playback devices utilizing the unique identifier or a rogue playback device utilizing a unique identifier. One embodiment includes a plurality of playback devices connected to a headend via a network, where the headend includes at least one content protection system, and a clone monitor configured to register playback devices based upon a unique identification supplied by each playback device, when communicating with the at least one content protection system. In addition, the clone monitor is configured to aggregate information associated with each playback device over time, where the information is obtained from messages that are transmitted between the playback device and the headend and that include a unique identifier, and the clone monitor is configured to apply rules to the aggregated information to identify at least one pattern of abnormal behavior in the aggregated information associated with a specific unique identifier.

A multi-stream processing apparatus of a set top box in a Downloadable Conditional Access System (DCAS), the apparatus including: a cable modem (CM) to allocate at least one communication channel with respect to a headend of a broadcasting company connected with a cable network; a demodulator to receive broadcasting information from the cable network using the at least one allocated communication channel and to demodulate the received broadcasting information; a security module to descramble the demodulated broadcasting information using an application downloaded from the headend of the broadcasting company; a decoder to restore the descrambled broadcasting information into an Audio / Video (A / V) signal and to transmit the A / V signal to a connected apparatus; and a software module to control the CM, the security module, the demodulator, and the decoder, and to perform routing of information.

Disclosed is a mutual authentication method and apparatus in a CAS including a headend system and DCAS host. In particular, example embodiments relate to a mutual authentication method and apparatus in DCAS, wherein the mutual authentication is performed between an authentication server of the headend system and an SM of a DCAS host, and then CAS software is downloaded to the SM. According to the example embodiments, there is provided a mutual authentication protocol between the authentication server of the headend and the SM of the DCAS host in a cable network, and also provided a mutual authentication method and apparatus in the DCAS where a substantial authentication based on a hardware, such as a smart card or a cable card, is not needed.

A method of operating a Secure Micro (SM) of a host in a Conditional Access (CA) system is provided. The method includes: receiving, by the SM, a SecurityAnnounce message including a certificate of an AP server connected with a host; determining, by the SM, whether a public key stored in a memory in advance exists, and setting a flag as a first state when the public key stored in advance exists; verifying, by the SM, a digital signature with respect to the SecurityAnnounce message using the public key stored in advance; and acquiring, by the SM, another public key of the AP server by parsing the certificate and setting the flag as a second state based on whether the flag corresponds to the first state when the SM is unable to verify the digital signature.

Provided are a method and a device for booting a host embodying a downloadable conditional access system (DCAS), wherein one of a plurality of pre-determined booting modes is decided as a booting mode of the host based on first information indicating whether a host can communicate with a broadcasting service provider and second information indicating whether a software-based security client providing information required for decrypting broadcasting data is installed to a hardware-based security module connected to the host, and the host is booted in the decided booting mode.

An apparatus and method associated with an Internet Protocol Television (IPTV) service in a mobile environment are provided. A streaming server may provide a mobile terminal with a mobile certificate and an encryption key. In response to a content request received from the mobile terminal, the streaming server may provide the mobile terminal with encrypted content and a Downloadable Conditional Access System (DCAS) code. The mobile terminal may decrypt the encrypted content using the encryption key and the DCAS code, and may play back the decrypted content.

A security processor may be embedded within a digital cable ready (DCR) digital TV (DTV) system-on-chip to performing content protection operations during digital TV signal processing. The embedded security processor may be used to perform operations that are currently performed by an external entity, such as, for an example, a CableCard. The embedded security processor maybe configured to use a conditional access function including, but not limited to, CableLabs® Downloadable Conditional Access System (DCAS) based function. The security processor may be reprogrammable to enable the system-on-chip to be reconfigured with a different function and / or to allow operation with a new cable service provider. The security processor may enable secure reprogrammability of the system-on-chip utilizing security algorithms and / or other mechanisms including use of chip-specific identification information. The SoC may be enabled to operate with a CableCard whenever the security processor may be disabled.

A set-top box identification method and system for identifying the set-top box which is currently connected to a Downloadable Conditional Access System (DCAS) based on set-top box manufacturer and / or set-top box model are provided. The set-top box identification method for the DCAS includes retrieving set-top box type information upon receipt of a set-top box information request transmitted by a DCAS headend, transmitting the set-top box information including the set-top box type information to the DCAS headend, and identifying, at the DCAS headend, the set-top box based on the set-top box information. The DCAS headend can acquire the information on the connected set-top box at any time and determine the manufacturer and model of the set-top box from the set-top box information.

A method and apparatus of supporting a fee-based broadcasting service in a Downloadable Conditional Access System (DCAS) is provided. A control method of a DCAS, the method including: receiving a Conditional Access (CA) image file from a Conditional Access System (CAS) server and receiving Integrated Personalization Server (IPS) access information from an IPS; providing an Authentication Proxy (AP) with information about the received CA image file; controlling the AP to provide a terminal with access information to the IPS and image installation information when the terminal joins a fee-based service based on verifying device information of the terminal; and controlling the IPS to enable the terminal to receive a CA image code of the terminal based on the access information and the image installation information.

Provided is a re-authentication apparatus in a Downloadable Conditional Access System (DCAS), the re-authentication apparatus includes: a receiving unit to receive a key request message from a Secure Micro (SM); a determination unit to determine whether to perform re-authentication depending on downloading of SM client image; an identification unit to identify an SM identifier using the key request message, when the re-authentication is performed as a result of the determination; an extraction unit to retrieve previous session information corresponding to the SM identifier and to extract keying information about the previous session information; and an encryption unit to control an encryption key about the SM client image to be reused, the SM client image being encrypted in a previous session based on the previous session information using the keying information.

A method of operating a headend system for a downloadable conditional access service, the method including: receiving, by an Authentication Proxy (AP) server, basic authentication information from a Downloadable Conditional Access System (DCAS) host, the basic authentication information being required to authenticate the DCAS host; transmitting, by the AP server, the basic authentication information to an external trusted authority device which authenticates the DCAS host; generating, by the AP server, a session key for encrypting / decrypting a secure micro client using a session key sharing factor; obtaining, by the AP server, download-related information of the secure micro client from a DCAS Provisioning Server (DPS); and commanding, by the AP server, an Integrated Personalization System (IPS) server to download the secure micro client to the DCAS host based on the download-related information, the secure micro client being encrypted by the session key.

A method where a Downloadable Conditional Access System Provisioning Server (DPS) detects a duplicated secure micro is provided. A method of detecting a duplicated secure micro, the method including: generating authentication time difference information associated with a value of a difference between a time when a host is finally authenticated in a first address and a time when the host is authenticated in a second address; comparing the authentication time difference information with a first reference value and a second reference value, the second reference value being less than the first reference value; and determining whether the secure micro is duplicated based on a result of the comparing.

A Downloadable Conditional Access System (DCAS) headend system and method for processing an error of Secure Micro (SM) Client Software are provided to prevent further transmission of SM Client Software where an error occurred, and to prevent unnecessary traffic due to repeat reinstallation of SM Client Software between an Authentication Proxy (AP) server and a terminal, by changing policy information regarding a transmission of SM Client Software associated with error information, when a number of terminals that transmit the error information exceeds a reference value as a result of analyzing result information regarding a reception and an installation of the SM Client Software received from a terminal corresponding to a DCAS headend system.

The embodiment of the invention discloses a method of protecting encrypted control words, a hardware security module, a main chip and a terminal. The method is applied to a downloadable conditional access system including a front end and a terminal, and the terminal comprises the main chip and the hardware security module. The method includes the following steps: receiving a hardware security module authorization management message and an encrypted control word sent from the main chip, wherein the hardware security module authorization management message includes a secret key for decrypting encrypted the control word; decrypting the encrypted the control word and obtaining a control word on the basis of the hardware security module authorization management message and a hardware security module root key stored in the hardware security module; re-encrypting the control word on the basis of a re-encryption secret key stored in the hardware security module, and obtaining a re-encrypted control word; and sending the re-encrypted control word to the main chip so that the main chip decrypts the re-encrypted control word according to a main chip authorization management message sent from the front end, and obtaining a control word. According to the embodiment of the invention, the security of the DCAS is improved by means of the hardware security module.

A terminal authentication apparatus and method in a Downloadable Conditional Access System (DCAS) is provided. The terminal authentication method may determine whether terminal authentication information, received from a DCAS terminal, is valid by referring to a database, may transmit DCAS image information and pairing information about the terminal authentication information to a user terminal, when the terminal authentication information is valid, and thereby may enable the DCAS terminal to set the user terminal based on the pairing information.

A method of supporting a mobility of a Downloadable Conditional Access System (DCAS) host is provided. The method includes: by the second authentication proxy server: performing mutual authentication with a secure micro of the host to generate a session key; requesting an integrated personalization system to download a secure micro client to the host, wherein the secure micro client is encoded using the session key; and transmitting, to a DPS, mapping information between the second authentication proxy server and the secure micro of the host, wherein, in response to receiving the mapping information, the DPS instructs a CAS server to transmit an entitlement management message to the network of the second authentication proxy server without transmitting the entitlement management message to the network of the first authentication proxy server.

An apparatus and method associated with an Internet Protocol Television (IPTV) service in a mobile environment are provided. A streaming server may provide a mobile terminal with a mobile certificate and an encryption key. In response to a content request received from the mobile terminal, the streaming server may provide the mobile terminal with encrypted content and a Downloadable Conditional Access System (DCAS) code. The mobile terminal may decrypt the encrypted content using the encryption key and the DCAS code, and may play back the decrypted content.

The present invention relates to a technology of paring a secure micro (SM) and a transport processor (TP) in a downloadable conditional access system (DCAS). More specifically, predetermined security components generated by a trusted authority which is a certificate authority are previously embedded into the SM and the TP, and pairing between the SM and the TP is performed by association of the security components with the TA. Accordingly, safe pairing can be assured and the leakage of security information from the SM by malicious hacking can be prevented.

A mutual authentication apparatus in a Downloadable Conditional Access System (DCAS) includes an announce protocol processor to authenticate SecurityAnnounce information using an Authentication Proxy (AP) and to transmit the authenticated SecurityAnnounce information to a Secure Micro (SM), a keying protocol processor to relay KeyRequest information and KeyResponse information between a Trusted Authority (TA) and the SM in response to the SecurityAnnounce information, a decryption unit to decrypt the KeyResponse information using the SM, an authentication protocol processor to determine whether a first encryption key of the KeyResponse information is identical to a second encryption key generated by the AP, and a download protocol processor to control DownloadInfo to be transmitted from the AP to the SM, the DownloadInfo permitting the SM to download SM Client Image information.