摘要:
A terminal authentication apparatus and method in a Downloadable Conditional Access System (DCAS) is provided. The terminal authentication method may determine whether terminal authentication information, received from a DCAS terminal, is valid by referring to a database, may transmit DCAS image information and pairing information about the terminal authentication information to a user terminal, when the terminal authentication information is valid, and thereby may enable the DCAS terminal to set the user terminal based on the pairing information.
摘要:
A method of operating a headend system for a downloadable conditional access service, the method including: receiving, by an Authentication Proxy (AP) server, basic authentication information from a Downloadable Conditional Access System (DCAS) host, the basic authentication information being required to authenticate the DCAS host; transmitting, by the AP server, the basic authentication information to an external trusted authority device which authenticates the DCAS host; generating, by the AP server, a session key for encrypting/decrypting a secure micro client using a session key sharing factor; obtaining, by the AP server, download-related information of the secure micro client from a DCAS Provisioning Server (DPS); and commanding, by the AP server, an Integrated Personalization System (IPS) server to download the secure micro client to the DCAS host based on the download-related information, the secure micro client being encrypted by the session key.
摘要:
A mutual authentication apparatus in a Downloadable Conditional Access System (DCAS) includes an announce protocol processor to authenticate SecurityAnnounce information using an Authentication Proxy (AP) and to transmit the authenticated SecurityAnnounce information to a Secure Micro (SM), a keying protocol processor to relay KeyRequest information and KeyResponse information between a Trusted Authority (TA) and the SM in response to the SecurityAnnounce information, a decryption unit to decrypt the KeyResponse information using the SM, an authentication protocol processor to determine whether a first encryption key of the KeyResponse information is identical to a second encryption key generated by the AP, and a download protocol processor to control DownloadInfo to be transmitted from the AP to the SM, the DownloadInfo permitting the SM to download SM Client Image information.
摘要:
A mutual authentication method in a Downloadable Conditional Access System (DCAS) is provided. The mutual authentication method may receive authentication-related information about authentication between an authentication unit and a security module (SM) from a Trusted Authority (TA), generate an authentication session key using the authentication-related information, transmit the authentication session key by the authentication unit to the SM through a Cable Modem Termination System (CMTS), and control a Conditional Access System (CAS) software to be downloaded to the SM from the authentication unit, when the authentication is completed by the authentication session key.
摘要:
A method of operating a Secure Micro (SM) of a host in a Conditional Access (CA) system is provided. The method includes: receiving, by the SM, a SecurityAnnounce message including a certificate of an AP server connected with a host; determining, by the SM, whether a public key stored in a memory in advance exists, and setting a flag as a first state when the public key stored in advance exists; verifying, by the SM, a digital signature with respect to the SecurityAnnounce message using the public key stored in advance; and acquiring, by the SM, another public key of the AP server by parsing the certificate and setting the flag as a second state based on whether the flag corresponds to the first state when the SM is unable to verify the digital signature.
摘要:
A security control method in a cable network dynamic multicast session, and more particularly, a method of controlling forward secrecy and backward secrecy in a Data Over Cable Service Interface Specifications (DOCSIS) 3.0 network dynamic multicast session is provided. A security control method in a cable network dynamic multicast session, includes: maintaining a multicast group that is allocated with a first Downstream Service Identifier (DSID) and a first Security Association Identifier (SAID) and that is joined by a first cable modem and a second cable modem; receiving a LeaveMulticastSession message from the second cable modem; exchanging, corresponding to the LeaveMulticastSession message, a Dynamic Bonding Change (DBC) message for changing a multicast parameter with the second cable modem; and updating a first Traffic Encryption Key (TEK) corresponding to the first DSID with a second TEK.
摘要:
Disclosed is a downloadable conditional access system (DCAS) and an operational method thereof that distributes a part of a function of a Trusted Authority to each multiple system operator (MSO) to enable the MSO server to process authentication with respect to a secure micro (SM) chip and a transport processor (TP) chip, and thus, a normal DCAS service is possible even when there is a problem with a security, and a DCAS host terminal for rental use is effectively operated.
摘要:
Disclosed is a mutual authentication method and apparatus in a CAS including a headend system and DCAS host. In particular, example embodiments relate to a mutual authentication method and apparatus in DCAS, wherein the mutual authentication is performed between an authentication server of the headend system and an SM of a DCAS host, and then CAS software is downloaded to the SM. According to the example embodiments, there is provided a mutual authentication protocol between the authentication server of the headend and the SM of the DCAS host in a cable network, and also provided a mutual authentication method and apparatus in the DCAS where a substantial authentication based on a hardware, such as a smart card or a cable card, is not needed.
摘要:
Provided are a TEK update method using system synchronization, and an apparatus using the same. The method and apparatus according to the present invention periodically update a TEK used for traffic encryption in a DOCSIS system by using system synchronization. As described, the TEK can be updated by using system synchronization without performing a TEK update negotiation process.