公开(公告)号：US20090144539A1

公开(公告)日：2009-06-04

申请号：US12246663

申请日：2008-10-07

申请人： Young Ho JEONG ,  Soon Choul KIM ,  Heejeong KIM ,  Eun Jung KWON ,  Han Seung KOO ,  O Hyung KWON ,  Soo In LEE

发明人： Young Ho JEONG ,  Soon Choul KIM ,  Heejeong KIM ,  Eun Jung KWON ,  Han Seung KOO ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L9/00

CPC分类号： H04L9/321 ,  G06F21/33 ,  H04L9/083 ,  H04L9/3273 ,  H04L2209/76 ,  H04N7/1675 ,  H04N21/2541 ,  H04N21/42623 ,  H04N21/63345 ,  H04N21/8193 ,  H04N21/835

摘要： A method of operating a headend system for a downloadable conditional access service, the method including: receiving, by an Authentication Proxy (AP) server, basic authentication information from a Downloadable Conditional Access System (DCAS) host, the basic authentication information being required to authenticate the DCAS host; transmitting, by the AP server, the basic authentication information to an external trusted authority device which authenticates the DCAS host; generating, by the AP server, a session key for encrypting/decrypting a secure micro client using a session key sharing factor; obtaining, by the AP server, download-related information of the secure micro client from a DCAS Provisioning Server (DPS); and commanding, by the AP server, an Integrated Personalization System (IPS) server to download the secure micro client to the DCAS host based on the download-related information, the secure micro client being encrypted by the session key.

摘要翻译： 一种操作用于可下载条件访问服务的头端系统的方法，所述方法包括：由认证代理（AP）服务器从可下载条件访问系统（DCAS）主机接收基本认证信息，所述基本认证信息需要 验证DCAS主机; 由AP服务器将基本认证信息发送给认证DCAS主机的外部可信管理设备; 由AP服务器生成用于使用会话密钥共享因子加密/解密安全微客户端的会话密钥; 由AP服务器从DCAS配给服务器（DPS）获取安全微客户端的下载相关信息; 并且由AP服务器命令集成个性化系统（IPS）服务器，以便基于下载相关信息将安全微客户端下载到DCAS主机，安全微客户端被会话密钥加密。

公开(公告)号：US20090150672A1

公开(公告)日：2009-06-11

申请号：US12330729

申请日：2008-12-09

申请人： Eun Jung KWON ,  Han Seung KOO ,  Soon Choul KIM ,  Young Ho JEONG ,  Heejeong KIM ,  O Hyung KWON ,  Soo In LEE

发明人： Eun Jung KWON ,  Han Seung KOO ,  Soon Choul KIM ,  Young Ho JEONG ,  Heejeong KIM ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L9/00 ,  H04N7/167 ,  H04K1/00

CPC分类号： H04L9/085 ,  H04L9/0869 ,  H04L9/321 ,  H04L9/3273 ,  H04L2209/56 ,  H04N7/1675 ,  H04N21/26613

摘要： Disclosed is a mutual authentication method and apparatus in a CAS including a headend system and DCAS host. In particular, example embodiments relate to a mutual authentication method and apparatus in DCAS, wherein the mutual authentication is performed between an authentication server of the headend system and an SM of a DCAS host, and then CAS software is downloaded to the SM. According to the example embodiments, there is provided a mutual authentication protocol between the authentication server of the headend and the SM of the DCAS host in a cable network, and also provided a mutual authentication method and apparatus in the DCAS where a substantial authentication based on a hardware, such as a smart card or a cable card, is not needed.

摘要翻译： 公开了一种包括前端系统和DCAS主机的CAS中的相互认证方法和装置。 特别地，示例性实施例涉及DCAS中的相互认证方法和装置，其中在头端系统的认证服务器和DCAS主机的SM之间执行相互认证，然后将CAS软件下载到SM。 根据示例性实施例，在有线网络中提供前端的认证服务器和DCAS主机的SM之间的相互认证协议，并且还提供了在DCAS中的相互认证方法和装置，其中基于 不需要诸如智能卡或有线卡的硬件。

公开(公告)号：US20100235626A1

公开(公告)日：2010-09-16

申请号：US12719928

申请日：2010-03-09

申请人： Eun Jung KWON ,  Han Seung KOO ,  Soon Choul KIM ,  Heejeong KIM ,  Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

发明人： Eun Jung KWON ,  Han Seung KOO ,  Soon Choul KIM ,  Heejeong KIM ,  Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L9/32 ,  H04N7/167

CPC分类号： H04N7/1675 ,  H04L9/083 ,  H04L9/321 ,  H04L9/3273 ,  H04N21/25816 ,  H04N21/26613 ,  H04N21/4623 ,  H04N21/8193

摘要： A mutual authentication apparatus in a Downloadable Conditional Access System (DCAS) includes an announce protocol processor to authenticate SecurityAnnounce information using an Authentication Proxy (AP) and to transmit the authenticated SecurityAnnounce information to a Secure Micro (SM), a keying protocol processor to relay KeyRequest information and KeyResponse information between a Trusted Authority (TA) and the SM in response to the SecurityAnnounce information, a decryption unit to decrypt the KeyResponse information using the SM, an authentication protocol processor to determine whether a first encryption key of the KeyResponse information is identical to a second encryption key generated by the AP, and a download protocol processor to control DownloadInfo to be transmitted from the AP to the SM, the DownloadInfo permitting the SM to download SM Client Image information.

摘要翻译： 可下载条件接入系统（DCAS）中的相互认证装置包括通知协议处理器，用于使用认证代理（AP）来认证安全宣告信息，并将认证的安全公告信息发送到安全微型（SM），密钥协议处理器进行中继 响应于SecurityAnnounce信息的可信管理机构（TA）和SM之间的KeyRequest信息和KeyResponse信息，使用SM解密KeyResponse信息的解密单元，用于确定KeyResponse信息的第一加密密钥是否为 与由AP产生的第二加密密钥相同，以及下载协议处理器，用于控制从AP到SM的下载信息，所述下载信息允许SM下载SM客户端映像信息。

公开(公告)号：US20100161966A1

公开(公告)日：2010-06-24

申请号：US12643054

申请日：2009-12-21

申请人： Eun Jung KWON ,  Han Seung KOO ,  Soon Choul KIM ,  Heejeong KIM ,  Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

发明人： Eun Jung KWON ,  Han Seung KOO ,  Soon Choul KIM ,  Heejeong KIM ,  Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/00

CPC分类号： H04L9/3273 ,  H04L9/083 ,  H04L9/0877 ,  H04L9/321 ,  H04L63/0442 ,  H04L63/0869 ,  H04L63/123 ,  H04L63/166 ,  H04L2209/56 ,  H04L2209/603

摘要： A mutual authentication method in a Downloadable Conditional Access System (DCAS) is provided. The mutual authentication method may receive authentication-related information about authentication between an authentication unit and a security module (SM) from a Trusted Authority (TA), generate an authentication session key using the authentication-related information, transmit the authentication session key by the authentication unit to the SM through a Cable Modem Termination System (CMTS), and control a Conditional Access System (CAS) software to be downloaded to the SM from the authentication unit, when the authentication is completed by the authentication session key.

摘要翻译： 提供了可下载条件访问系统（DCAS）中的相互认证方法。 相互认证方法可以从可信授权（TA）接收认证单元和安全模块（SM）之间的认证的认证相关信息，使用认证相关信息生成认证会话密钥，通过认证相关信息发送认证会话密钥 通过有线调制解调器终端系统（CMTS）向SM发送认证单元，并且当通过认证会话密钥完成认证时，控制从认证单元下载到SM的条件访问系统（CAS）软件。

公开(公告)号：US20090158401A1

公开(公告)日：2009-06-18

申请号：US12327224

申请日：2008-12-03

申请人： Heejeong KIM ,  Eun Jung KWON ,  Soon Choul KIM ,  Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

发明人： Heejeong KIM ,  Eun Jung KWON ,  Soon Choul KIM ,  Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

IPC分类号： G06F21/20

CPC分类号： G06F21/6209 ,  G06F21/10 ,  G06F2221/2105 ,  G06F2221/2135 ,  H04N21/2543 ,  H04N21/25816 ,  H04N21/26606

摘要： A method and apparatus of supporting a fee-based broadcasting service in a Downloadable Conditional Access System (DCAS) is provided. A control method of a DCAS, the method including: receiving a Conditional Access (CA) image file from a Conditional Access System (CAS) server and receiving Integrated Personalization Server (IPS) access information from an IPS; providing an Authentication Proxy (AP) with information about the received CA image file; controlling the AP to provide a terminal with access information to the IPS and image installation information when the terminal joins a fee-based service based on verifying device information of the terminal; and controlling the IPS to enable the terminal to receive a CA image code of the terminal based on the access information and the image installation information.

摘要翻译： 提供了一种在可下载条件访问系统（DCAS）中支持费用广播服务的方法和装置。 一种DCAS的控制方法，所述方法包括：从条件访问系统（CAS）服务器接收条件访问（CA）图像文件，并从IPS接收集成个性化服务器（IPS）访问信息; 向认证代理（AP）提供关于所接收的CA映像文件的信息; 当终端基于验证终端的设备信息加入费用服务时，控制AP向终端提供对IPS的访问信息和图像安装信息; 以及控制IPS以使终端能够基于访问信息和图像安装信息接收终端的CA映像代码。

公开(公告)号：US20110153651A1

公开(公告)日：2011-06-23

申请号：US12898380

申请日：2010-10-05

申请人： Soon Choul KIM ,  Heejeong KIM ,  Young Ho JEONG ,  O Hyung KWON

发明人： Soon Choul KIM ,  Heejeong KIM ,  Young Ho JEONG ,  O Hyung KWON

IPC分类号： G06F15/16 ,  G06F17/30

CPC分类号： H04L41/0213

摘要： An apparatus for remotely monitoring a terminal is provided which includes an analyzer to map terminal information regarding at least one management target terminal, a collection period, a cycle setting value, or an analysis item, to group the at least one management target terminal, and to store the grouped at least one management target terminal in a form of a profile, a management processor to perform a query for a Management Information Base (MIB) object requested by the at least one management target terminal conforming with a Simple Network Management Protocol (SNMP) standard, and to transmit a value of the returned MIB object to the analyzer, and an output unit to output, from a database, at least one of the analysis item, the analysis period, the terminal information, and an output format.

摘要翻译： 提供了一种用于远程监控终端的装置，其包括分析器，用于映射关于至少一个管理目标终端的终端信息，收集周期，周期设置值或分析项目，以对至少一个管理目标终端进行分组;以及 以简档的形式存储分组的至少一个管理目标终端，管理处理器，以对符合简单网络管理协议的至少一个管理目标终端所请求的管理信息库（MIB）对象进行查询 SNMP）标准，并且将所返回的MIB对象的值传送到分析器，以及输出单元，从数据库输出分析项目，分析周期，终端信息和输出格式中的至少一个。

公开(公告)号：US20090138720A1

公开(公告)日：2009-05-28

申请号：US12191347

申请日：2008-08-14

申请人： Young Ho JEONG ,  Han Seung KOO ,  O Hyung KWON ,  Soo In LEE

发明人： Young Ho JEONG ,  Han Seung KOO ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L9/06

CPC分类号： H04N7/1675 ,  H04L9/0897 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/0884 ,  H04L63/12 ,  H04L2209/76 ,  H04N21/2541 ,  H04N21/25816 ,  H04N21/4181 ,  H04N21/8193

摘要： A method of operating a Secure Micro (SM) of a host in a Conditional Access (CA) system is provided. The method includes: receiving, by the SM, a SecurityAnnounce message including a certificate of an AP server connected with a host; determining, by the SM, whether a public key stored in a memory in advance exists, and setting a flag as a first state when the public key stored in advance exists; verifying, by the SM, a digital signature with respect to the SecurityAnnounce message using the public key stored in advance; and acquiring, by the SM, another public key of the AP server by parsing the certificate and setting the flag as a second state based on whether the flag corresponds to the first state when the SM is unable to verify the digital signature.

摘要翻译： 提供了一种在条件访问（CA）系统中操作主机的安全Micro（SM）的方法。 该方法包括：由SM接收包括与主机连接的AP服务器的证书的SecurityAnnounce消息; 通过SM确定是否存在存储在存储器中的公开密钥，并且当预先存储的公钥存在时将标志设置为第一状态; 使用预先存储的公钥，通过SM验证关于SecurityAnnounce消息的数字签名; 以及通过解析所述证书并且当所述SM不能验证所述数字签名时所述标志是否对应于所述第一状态，将所述标志设置为第二状态，由所述SM获取所述AP服务器的另一公钥。

公开(公告)号：US20110078444A1

公开(公告)日：2011-03-31

申请号：US12692266

申请日：2010-01-22

申请人： Young Ho JEONG ,  Eun Jung KWON ,  O Hyung KWON ,  Soo In LEE

发明人： Young Ho JEONG ,  Eun Jung KWON ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L9/32 ,  H04L9/08

CPC分类号： H04N21/26613 ,  H04L9/3247 ,  H04L9/3263 ,  H04L9/3273 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/126 ,  H04L2209/56 ,  H04L2209/76 ,  H04N21/4181 ,  H04N21/4623 ,  H04N21/6334 ,  H04N21/8166

摘要： Provided is a re-authentication apparatus in a Downloadable Conditional Access System (DCAS), the re-authentication apparatus includes: a receiving unit to receive a key request message from a Secure Micro (SM); a determination unit to determine whether to perform re-authentication depending on downloading of SM client image; an identification unit to identify an SM identifier using the key request message, when the re-authentication is performed as a result of the determination; an extraction unit to retrieve previous session information corresponding to the SM identifier and to extract keying information about the previous session information; and an encryption unit to control an encryption key about the SM client image to be reused, the SM client image being encrypted in a previous session based on the previous session information using the keying information.

摘要翻译： 提供了一种可下载条件接入系统（DCAS）中的重认证装置，重认证装置包括：接收单元，用于从安全微（SM）接收密钥请求消息; 确定单元，用于根据SM客户端图像的下载来确定是否执行重新认证; 当作为所述确定的结果执行所述重新认证时，使用所述密钥请求消息来识别SM标识符的识别单元; 提取单元，用于检索与所述SM标识符相对应的先前会话信息，并提取关于所述先前会话信息的密钥信息; 以及加密单元，用于基于使用所述密钥信息的先前会话信息来控制关于要再次使用的SM客户端图像的加密密钥，所述SM客户端图像在先前会话中被加密。

公开(公告)号：US20110202769A1

公开(公告)日：2011-08-18

申请号：US12944451

申请日：2010-11-11

申请人： Han Seung KOO ,  Young Ho JEONG ,  Soon Choul KIM

发明人： Han Seung KOO ,  Young Ho JEONG ,  Soon Choul KIM

IPC分类号： H04L9/00 ,  G06F21/00

CPC分类号： H04L9/321 ,  H04L9/0822 ,  H04L9/3273 ,  H04L2209/60 ,  H04N21/25816 ,  H04N21/4181 ,  H04N21/44236

摘要： A Secure Micro (SM) copy detection system includes at least one Access Point (AP) that is connected to at least one host group including at least one SM, at least one Multiple-Services Operator (MSO) that is used to manage the at least one SM and includes the at least one AP, and a host information management server that is used to perform authentication of the at least one SM and that is independently connected to the at least one MSO.

摘要翻译： 安全微（SM）复制检测系统包括至少一个接入点（AP），其至少连接到至少一个主机组，所述至少一个主机组包括至少一个SM，至少一个多业务运营商（MSO），用于管理 至少一个SM并且包括所述至少一个AP，以及主机信息管理服务器，其用于执行所述至少一个SM的认证，并且独立地连接到所述至少一个MSO。

公开(公告)号：US20090150669A1

公开(公告)日：2009-06-11

申请号：US12188357

申请日：2008-08-08

申请人： Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

发明人： Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L9/00

CPC分类号： H04N7/1675 ,  H04N21/2541 ,  H04N21/26606 ,  H04N21/26613 ,  H04N21/42623 ,  H04N21/63345 ,  H04N21/8193 ,  H04N21/835

摘要： An apparatus and a method for providing a downloadable conditional access service using a distribution key are provided. With regard to the apparatus for providing the downloadable conditional access service using the distribution key, a subscriber authorization system transmits a target entitlement management massage being encoded with a target distribution key to a host, and the host decodes the encoded target entitlement management message being encoded with the target distribution key included in a target secure micro client.

摘要翻译： 提供了一种使用分发密钥提供可下载条件访问服务的装置和方法。 关于使用分配密钥提供可下载条件访问服务的装置，用户授权系统将目标授权管理按照目标分发密钥发送到主机，并且主机对正被编码的编码的目标授权管理消息进行解码 目标分配密钥包括在目标安全微客户端中。