摘要:
A method, a digital content consumption device, and a conditional access system are disclosed. A network interface may receive in a digital content consumption device a public key message that includes an encrypted key. A processor may decrypt the encrypted key using a secret key to produce the transmitted public key, identify a region descriptor in the public key message, and determine the secret key based on the region descriptor.
摘要:
A system is described for uniquely mating components of a communication network such as a smartcard and a set-top box. When mated, the smartcard and set-top box are tied together and have a single identity. Further, the smartcard operates properly only when inserted into an authorized set-top box. Exchanges of information between both components are secured by encryption and authentication to guard against piracy of the exchanged information. The system provides the same authentication key to the set-top box and the smartcard. This key is used for authenticating communication between the set-top box and the smartcard. First, the authentication key is encrypted by a set-top box mating key. The set-top box employs this mating key to decrypt the authentication key. After it is derived, the authentication key is stored in the set-top box's memory. Further, the same authentication key is encrypted by a smartcard mating key. Thereafter, the smartcard employs the smartcard mating key to extract the authentication key. The clear authentication key is stored in the smartcard's memory as well. In this manner, the authentication key is used for securing all communication between the set-top box and the smart-card. For example, the set-top box may request control words from the smartcard. Only after authenticating the request, are the control words for decrypting digital content provided to the set-top box. If the smartcard authentication key is different from the set-top box key, the request for control words is denied.
摘要:
The present invention discloses a system and method for providing a secured system time reference to a subscriber device, e.g., a set top box or a receiver. In one embodiment, the system time reference is provided in a secure system time message that is broadcasted to a plurality of subscriber devices. Each subscriber device has a security device or software application that is capable of determining whether the received system time reference is legitimate. If the system time reference is determined to be legitimate, a local time reference is synchronized with said received system time reference.
摘要:
A method for authorizing a computer program having a number of features for use with a product includes: receiving license data generated using a first key, the license data specifying a unique identifier associated with the product and specifying at least one feature authorized for use with the product; using a second key associated with the first key, obtaining the unique identifier from the license data; retrieving a product identifier from the product; determining whether the unique identifier corresponds to the product identifier; and based on the determination, authorizing use of the at least one feature with the product.
摘要:
An encryption renewal system for generating entitlement control messages, the system being secured by physical separation of components. The encryption renewal system has a first computing platform for performing non-secure tasks associated with one or more control messages that transmit one or more keys to a subscriber; and a second computing platform physically separate from the first computing platform containing one or more application specific integrated circuit chip for generating the one or more control messages. In addition, a method by the encryption renewal system is used to register an off-line encryption device in order to begin encrypting clear content. The method includes generating data for registering the off-line encryption device; encrypting the data with one or more cryptographic keys to form encrypted data; forwarding the encrypted data to the off-line encryption device; and retrieving the data from the encrypted data, wherein the off-line encryption device begins to encrypt clear content only after the data is retrieved.
摘要:
The present invention discloses an apparatus and method for defining and enforcing rules of transition between two security domains, e.g., a transport domain and a persistent security domain. In turn, a border guard, e.g., a security device, is provided between these two domains that enforce rules for transition between the two security domains. This novel approach of defining a transport domain and a persistent security domain simplifies the classification of the digital content and its movement through the system. Namely, the border guard once established between the two systems can enforce DRM rules associated with how contents are moved between the two domains.