Patent application number | Description | Published |
20090165111 | METHOD AND APPARATUS FOR SECURE MANAGEMENT OF DEBUGGING PROCESSES WITHIN COMMUNICATION DEVICES - A method, device and system for securely managing debugging processes within a communication device, such as a set top box or other multimedia processing device. For example, a security processor (SP) within the communication device manages the lifetime (LT) of any access token issued for use in activating debugging privileges within the communication device. The security processor authenticates an issued access token and securely delivers appropriate debug authorization information to the device controller. The security processor uses its secure, internal timer to count down the lifetime and update the remaining lifetime of the issued access token during the processing of each command by the security processor. In addition to securely managing the issuance of the access token and it's remaining lifetime, the updating process reduces any impact on the normal communications within the device. The method overcomes the issue of the communication device not having a secure internal clock. | 06-25-2009 |
20090249080 | METHODS, APPARATUS AND SYSTEM FOR AUTHENTICATING A PROGRAMMABLE HARDWARE DEVICE AND FOR AUTHENTICATING COMMANDS RECEIVED IN THE PROGRAMMABLE HARDWARE DEVICE FROM A SECURE PROCESSOR - A method, device and system for authenticating a programmable hardware device, such as a programmable hardware chip, and a command received by the programmable hardware device. A secure processor or other trusted source authenticates the programmable hardware chip by verifying, with the secure processor's own verification key, a random number sent to the programmable hardware chip and encrypted using a verification key embedded within the programmable hardware chip, since the nature of the encryption is such that only the original logic function that includes the verification key can encrypt the data correctly. A command received by the programmable hardware chip is authenticated by verifying that a command authentication token received by the programmable hardware chip is generated using the correct command authentication key and consequently verifying that the command is received from the secure processor, as only the party who has the command authentication key can encrypt the data correctly. | 10-01-2009 |
20090285401 | Providing Access To Content For a Device Using an Entitlement Control Message - Providing access to content for devices is performed by providing multiple entitlement management messages (EMMs), each which including a service key, to the plurality of devices. Also, a same entitlement control message (ECM) is provided to the devices. The ECM includes an encrypted traffic key for decrypting content. Each of the devices derives an access key from the service key according to a business model level of access to the content for a user of the devices and uses the access key to decrypt the traffic key to access the content according to the business model level of access to the content for the each of the plurality of devices. | 11-19-2009 |
20100002877 | ADAPTIVE GENERATION OF A PSEUDO RANDOM NUMBER GENERATOR SEED - A seed for use in a cryptographic operation for an electronic device is determined by estimating the number of entropy data bits needed to satisfy a predetermined security strength of the cryptographic operation. The estimation is based on an entropy strength of a string of entropy data bits. Entropy strength is a measure of randomness. Furthermore, guiding a determination of the seed differently according to the estimated number of entropy data bits may be performed. | 01-07-2010 |
20100164693 | METHOD OF TARGETED DISCOVERY OF DEVICES IN A NETWORK - A targeted discovery between a first device and a second device in a network, in particular, a WHDI network, provides discovery for an identified device or a group of identified devices. The targeted discovery determines an identifier for a second device or a group of devices that the second device belongs to, and sends a device discovery message to the second device using the identifier for the second device when the second device is configured to respond to the device discovery message if the device discovery message includes the identifier for the second device. The first device receives a response to the device discovery message from the second device and can start further communication with the second device. | 07-01-2010 |
20100167656 | MULTI-MODE DEVICE REGISTRATION - A device configured to communicate with a second device may register a second device using one of multiple registration modes including a domain-registration mode, a device-registration mode, and a no-registration mode. The domain-registration mode allows the second device to register with the device and at least one other device registered with the device, the device-registration mode allows the second device to register with the device and with no other devices, and the no-registration mode does not allow any device to register with the device. The device receives a selection of one of the multiple registration modes and places the device in the selected registration mode. | 07-01-2010 |
20100169399 | PERSONAL IDENTIFICATION NUMBER (PIN) GENERATION BETWEEN TWO DEVICES IN A NETWORK - A method of generating a Personal Identification Number (PIN) between a first device and a second device in a network is provided. The method includes securely receiving information of input choices of the second device and random numbers assigned to the input choices at the first device. At the first device, the PIN is generated from the random numbers, and instructions are provided directing an entry of the input choices on the second device. At the second device, the input choices are entered. The second device is operable to generate the PIN from the input choices and the random numbers if the input choices are entered as instructed. | 07-01-2010 |
20100169646 | SECURE AND EFFICIENT DOMAIN KEY DISTRIBUTION FOR DEVICE REGISTRATION - A domain key is securely distributed from a device in an existing network to a device outside the network. Each device generates the session key on its own using the first random number, the second random number, the Personal Identification Number, and the same key generation function. The device in the existing network sends the domain key encrypted with the session key to the other device. | 07-01-2010 |
20100325654 | COMMUNICATING A DEVICE DESCRIPTOR BETWEEN TWO DEVICES WHEN REGISTERING ONTO A NETWORK - A method for registering a first device with a second device over a wireless network includes receiving a registration request from the first device and sending one or more user input choices to the first device. The user input choices each specify a user input action available though a user interface associated with the second device. A device description describing the second device is sent to the first device in a manner that allows it to be presented to the user by the first device. At least one of the user input actions are sequentially received through the user interface in response to instructions provided to the user by the first device. The first device is registered with the second device if the user input actions received by the second device correctly reflect the instructions provided to the user by the first device. | 12-23-2010 |
20110129087 | System and Method for Encrypting and Decrypting Data - A method is provided for creating an encrypted data file from a data file having a sample entry box and a media data box. The sample entry box has description information therein. The media data box includes media data therein. The method includes: receiving the data file; encrypting the media data within the media data box with an encryption key; replacing the sample entry box with an encoded box; creating a sinf box within the encoded box; creating a form a box within the sinf box; and creating an schm box within the sinf box. The schm box indicates the type of formatting of the encrypted media data. The encoded box does not include an initial counter that may be used to decrypt the encrypted media data. | 06-02-2011 |
20110158411 | REGISTERING CLIENT DEVICES WITH A REGISTRATION SERVER - In a method of registering a plurality of client devices with a device registration server for secure data communications, a unique symmetric key is generated for each of the client devices using a cryptographic function on a private key of the device registration server and a respective public key of each of the client devices, and a broadcast message containing the public key of the device registration server is sent to the client devices, in which the client devices are configured to generate a respective unique symmetric key from the public key of the device registration server and its own private key using a cryptographic function, and in which the unique symmetric key generated by each client device matches the respective unique symmetric key generated by the device registration server for the respective client device. | 06-30-2011 |
20110161645 | CONTENT SECURING SYSTEM - In a method for securing content in a system containing a security processor configured to control access to the content by a main processor, in which main processor being configured to send heartbeats to the security processor, a determination as to whether at least one heartbeat was received within a predicted time interval is made and in response to a determination that at least one heartbeat was not received with the predicted time interval, access to the content by the main processor is ceased. | 06-30-2011 |
20110161660 | TEMPORARY REGISTRATION OF DEVICES - In a method of temporarily registering a second device with a first device, in which the first device includes a temporary registration mode, the temporary registration mode in the first device is activated, a temporary registration operation in the first device is initiated from the second device, a determination as to whether the second device is authorized to register with the first device is made, and the second device is temporarily registered with the first device in response to a determination that the second device is authorized to register with the first device, in which the temporary registration requires that at least one of the second device and the first device delete information required for the temporary registration following at least one of a determination of a network connection between the first device and the second device and a powering off of at least one of the first device and the second device. | 06-30-2011 |
20120131333 | SERVICE KEY DELIVERY IN A CONDITIONAL ACCESS SYSTEM - A method is provided by which a client device obtains authorized access to content delivered over a content delivery network. The method includes receiving an entitlement management message (EMM). The EMM includes at least one cryptographic key and a device registration server certificate ID (DRSCID) identifying a currently valid device registration server (DRS) public key certificate. The DRSCID obtained from the EMM is compared to a stored DRSCID value. An entitlement control message (ECM), which includes an encrypted traffic key for decrypting content, is received. If the DRSCID obtained from the EMM is determined to match the stored DRSCID, the traffic key is decrypted with the cryptographic key or a key derived from the cryptographic key to thereby access the content. | 05-24-2012 |
20120155647 | CRYPTOGRAPHIC DEVICES & METHODS - A client device which utilizes a unit derivation key (UDK), a current unit key, a current unit key index (UKI) and a received UKI. The client device includes a processor to receive the received UKI, compare the received UKI with a current UKI, if the received UKI is not equivalent to the current UKI, utilize the UDK, the current unit key and the received UKI to derive a new unit key. A headend facility (HF) device which utilizes a current unit key and a current unit key index (UKI). A key infrastructure center (KIC) device which utilizes a derivation key. | 06-21-2012 |
20120159173 | SERVICE KEY DELIVERY SYSTEM - A Service Key Delivery (SKD) system for delivering a service keys to client devices in a communications network. The delivered service keys are operable to be used to decrypt an encrypted key operable to be used to decrypt an encrypted digital content. The SKD system includes a data input interface for receiving a distribution time frame for the keys and a listing of client device identifications. The SKD system also includes a scheduling module to partition at least part of the distribution time frame into a number of time slots in which the number may be based on a variety of factors. The scheduling module assigns the time slots in the partitioned part of the distribution time frame to the client devices based on the identifications in the listing. The SKD system also includes a message generator configured to send key delivery messages to the client devices. | 06-21-2012 |