Method and apparatus for providing a secure system time
    1.
    发明授权
    Method and apparatus for providing a secure system time 有权
    提供安全系统时间的方法和装置

    公开(公告)号:US07929483B2

    公开(公告)日:2011-04-19

    申请号:US11026413

    申请日:2004-12-30

    IPC分类号: H04B7/212

    摘要: The present invention discloses a system and method for providing a secured system time reference to a subscriber device, e.g., a set top box or a receiver. In one embodiment, the system time reference is provided in a secure system time message that is broadcasted to a plurality of subscriber devices. Each subscriber device has a security device or software application that is capable of determining whether the received system time reference is legitimate. If the system time reference is determined to be legitimate, a local time reference is synchronized with said received system time reference.

    摘要翻译: 本发明公开了一种用于向订户设备(例如机顶盒或接收机)提供安全系统时间参考的系统和方法。 在一个实施例中,在广播到多个订户设备的安全系统时间消息中提供系统时间参考。 每个用户设备具有能够确定所接收的系统时间参考是否合法的安全设备或软件应用。 如果确定系统时间参考是合法的,则将本地时间基准与所接收的系统时间参考同步。

    Downloading of Data to Secure Devices
    4.
    发明申请
    Downloading of Data to Secure Devices 有权
    将数据下载到安全设备

    公开(公告)号:US20130129086A1

    公开(公告)日:2013-05-23

    申请号:US13302639

    申请日:2011-11-22

    IPC分类号: H04L9/00

    摘要: An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.

    摘要翻译: 可以基于与软件下载接收者(例如,安全处理器)相关联的个性化单元数据来生成加密密钥。 在一些方面,安全处理器可以基于其个性化单元数据生成解密密钥,并且可以使用生成的加密密钥在软件提供商和安全处理器之间执行软件下载。 然后,安全处理器可以解密并加载软件以供执行。 加密和解密密钥生成还可以基于指示在安全处理器处的一个或多个先前软件下载的序列号或其他数据。 使用序列号或其他数据,可以生成多个加密和/或解密密钥的序列,以支持向安全处理器的多个软件下载。

    Smart card mating protocol
    5.
    发明授权
    Smart card mating protocol 有权
    智能卡配对协议

    公开(公告)号:US07305555B2

    公开(公告)日:2007-12-04

    申请号:US10109111

    申请日:2002-03-27

    摘要: A system is described for uniquely mating components of a communication network such as a smartcard and a set-top box. When mated, the smartcard and set-top box are tied together and have a single identity. Further, the smartcard operates properly only when inserted into an authorized set-top box. Exchanges of information between both components are secured by encryption and authentication to guard against piracy of the exchanged information. The system provides the same authentication key to the set-top box and the smartcard. This key is used for authenticating communication between the set-top box and the smartcard. First, the authentication key is encrypted by a set-top box mating key. The set-top box employs this mating key to decrypt the authentication key. After it is derived, the authentication key is stored in the set-top box's memory. Further, the same authentication key is encrypted by a smartcard mating key. Thereafter, the smartcard employs the smartcard mating key to extract the authentication key. The clear authentication key is stored in the smartcard's memory as well. In this manner, the authentication key is used for securing all communication between the set-top box and the smart-card. For example, the set-top box may request control words from the smartcard. Only after authenticating the request, are the control words for decrypting digital content provided to the set-top box. If the smartcard authentication key is different from the set-top box key, the request for control words is denied.

    摘要翻译: 描述了用于唯一地匹配诸如智能卡和机顶盒之类的通信网络的组件的系统。 当配对时,智能卡和机顶盒被捆绑在一起并具有单一身份。 此外,仅当插入授权的机顶盒时,智能卡才能正常运行。 通过加密和认证来确保两个组件之间的信息交换,以防止所交换信息的盗版。 系统向机顶盒和智能卡提供相同的认证密钥。 该密钥用于认证机顶盒和智能卡之间的通信。 首先,认证密钥由机顶盒配对密钥加密。 机顶盒采用这种配对密钥来解密认证密钥。 导出后,身份验证密钥存储在机顶盒的内存中。 此外,相同的认证密钥由智能卡配对密钥加密。 此后,智能卡采用智能卡配对密钥来提取认证密钥。 清除认证密钥也存储在智能卡的存储器中。 以这种方式,认证密钥用于保护机顶盒和智能卡之间的所有通信。 例如,机顶盒可以从智能卡请求控制字。 只有在认证请求之后,才是解密提供给机顶盒的数字内容的控制字。 如果智能卡认证密钥与机顶盒密钥不同,则拒绝对控制字的请求。

    Variable security code download for an embedded processor
    6.
    发明授权
    Variable security code download for an embedded processor 有权
    用于嵌入式处理器的可变安全代码下载

    公开(公告)号:US06711684B1

    公开(公告)日:2004-03-23

    申请号:US09394765

    申请日:1999-09-13

    IPC分类号: G06F1214

    摘要: Methods and an apparatus for storing information in a processing device with flexible security are disclosed. In one embodiment, a method stores information within the processing device. The method receives a download via a first input path which includes a first breakable link and stores the download within the processing device. At some point, a key is also stored within the processing device. A ciphertext download is received via a second input path which includes a second breakable link. The ciphertext download is decrypted utilizing the key and the resulting plaintext download is stored within the processing device.

    摘要翻译: 公开了一种在具有灵活安全性的处理设备中存储信息的方法和装置。 在一个实施例中,方法将信息存储在处理设备内。 该方法经由包括第一可破坏链路的第一输入路径接收下载,并将该下载存储在处理设备内。 在某一点上,密钥也存储在处理设备内。 经由包括第二可破坏链路的第二输入路径接收密文下载。 使用密钥对密文下载进行解密,并将所得到的明文下载存储在处理设备内。

    Content delivery with segmented key list
    8.
    发明授权
    Content delivery with segmented key list 有权
    内容传递与分段密钥列表

    公开(公告)号:US08385555B2

    公开(公告)日:2013-02-26

    申请号:US12331633

    申请日:2008-12-10

    IPC分类号: H04L29/06

    摘要: A content delivery network and method employing a Downloadable Conditional Access System (“DCAS”) includes first and second personalization servers. A unit key list having unique keys is segmented into different blocks. Each block is encrypted with a separate transmission key corresponding to that block such that first and second blocks are respectively encrypted with first and second transmission keys. The encrypted blocks are communicated to the personalization servers. The first transmission key is communicated to the first personalization server without being communicated to another personalization server such that the first server can decrypt the first block using the first transmission key to access the keys of the first block. The second transmission key is communicated to the second personalization server without being communicated to another personalization server such that the second server can decrypt the second block using the second transmission key to access the keys of the second block.

    摘要翻译: 使用可下载条件访问系统(DCAS)的内容传送网络和方法包括第一和第二个性化服务器。 具有唯一密钥的单元密钥列表被分割成不同的块。 每个块用对应于该块的单独传输密钥加密,使得第一和第二块分别用第一和第二传输密钥加密。 将加密的块传送到个性化服务器。 第一传输密钥被传送到第一个性化服务器而不被传送到另一个性化服务器,使得第一服务器可以使用第一传输密钥来解密第一块以访问第一块的密钥。 第二传输密钥被传送到第二个性化服务器而不被传送到另一个性化服务器,使得第二服务器可以使用第二传输密钥来解密第二块以访问第二块的密钥。

    PRESERVATION OF ENCRYPTION
    10.
    发明申请

    公开(公告)号:US20130064362A1

    公开(公告)日:2013-03-14

    申请号:US13230872

    申请日:2011-09-13

    IPC分类号: H04L9/28

    CPC分类号: H04L9/16 H04L9/002 H04L9/0631

    摘要: An apparatus, method, system and computer-readable medium are provided for preserving an encryption of data when confronted by an attack, such as a side channel analysis (SCA) attack based on a statistical analysis. In some embodiments, hardware, software, and/or firmware associated with an encryption calculation may be exercised or accessed during a background operation when an actual or real operation is not taking place. During the background operation, dummy values for data and one or more keys may be input to the hardware. A switching between the real operation and the background operation may take place seamlessly such that measurement of a physical characteristic associated with the hardware is indistinguishable in terms of when the real and background operations are active. In this manner, the secrecy of a key used in connection with the real operation may be preserved.