Communication method integrated with trusted measurement and apparatus
US-2024357360-A1 · Oct 24, 2024 · US
Authenticated communication between security devices
US10003604B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10003604-B2 |
| Application number | US-201615008060-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 27, 2016 |
| Priority date | Feb 20, 2009 |
| Publication date | Jun 19, 2018 |
| Grant date | Jun 19, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Apparatuses, computer readable media, and methods establishing and maintaining trust between security devices for distributing media content are provided. Two security devices bind to establish an initial trust so that security information can be exchanged. Subsequently, trust is refreshed to verify the source of a message is valid. In an embodiment, the security devices may comprise a security processor and a system on a chip (SoC) in a downloadable conditional access system. Trust may be refreshed by a security device inserting authentication information in a message to another security device, where authentication information may assume different forms, including a digital signature (asymmetric key) or a hash message authentication code (HMAC). Trust may also be refreshed by extracting header information from the message, determining state information from at least one parameter contained in the header information, and acting on message content only when the state information is valid.
First claim
Opening claim text (preview).
We claim: 1. A method comprising: establishing, over a communication channel, an initial trust between a first computing device and a second computing device; and refreshing the initial trust by performing at least the following: receiving, by the first computing device and from a trusted authority, a first non-repeating authenticator that is unique to the first computing device and configured to be validated by the second computing device; signing, by the first computing device and using a first key associated with the first computing device, a first message, wherein the first message comprises the first non-repeating authenticator and a first header parameter; sending, by the first computing device and to the second computing device, the signed first message; receiving, by the first computing device and from the second computing device, a signed second message, wherein the signed second message comprises a second non-repeating authenticator that is unique to the second computing device and configured to be validated by the first computing device; and validating, by the first computing device, the signed second message, wherein the validating is based on: validating the second non-repeating authenticator, and using a second key associated with the second computing device. 2. The method of claim 1 , further comprising: acting on message content of the signed second message after the validating of the signed second message. 3. The method of claim 2 , further comprising: extracting header information from the signed second message; and determining the first header parameter based on a sequence rule for the first message and for subsequent messages between the first computing device and the second computing device, the first header parameter comprising a first order sequence rule. 4. The method of claim 3 , further comprising: determining a message type for the signed second message based on the first order sequence rule; and determining whether the signed second message is a same message type as the first message based on the message type. 5. The method of claim 2 , wherein the first header parameter comprises a first order sequence rule for the first message and for subsequent messages between the first computing device and the second computing device, the first message further comprises a second header parameter, the second header parameter comprising a message order sequence rule for the first message and for the subsequent messages between the first computing device and the second computing device, and the validating of the signed second message is also based on the first order sequence rule and on the message order sequence rule. 6. The method of claim 5 , wherein the first order sequence rule comprises a counter and the message order sequence rule comprises an order of header information for subsequent messages. 7. The method of claim 1 , wherein the first message is encrypted, for decryption by the second computing device, using the first key. 8. The method of claim 1 , wherein the first key comprises a private key associated with the first computing device, and the second key comprises a public key corresponding to a private key associated with the second computing device. 9. The method of claim 1 , wherein the first non-repeating authenticator is encrypted and configured to be decrypted by the second computing device. 10. A system comprising: a first computing device; and a second computing device, wherein the first computing device comprises: at least one processor; and non-transitory memory storing computer-readable instructions that, when executed by the at least one processor, cause the first computing device to: establish, over a communication channel, an initial trust with the second computing device; and refresh the initial trust by performing at least the following: receiving, from a trusted authority, a first non-repeating authenticator that is unique to the first computing device and configured to be validated by the second computing device; signing a first message using a first key, wherein the first message comprises the first non-repeating authenticator and a first header parameter; sending the signed first message to the second computing device; receiving, from the second computing device, a signed second message, wherein the signed second message comprises a second non-repeating authenticator that is unique to the second computing device and configured to be validated by the first computing device; and validating the signed second message based on: validating the second non-repeating authenticator, and using a second key associated with the second computing device. 11. The system of claim 10 , the memory further storing computer-readable instructions that, when executed by the at least one processor, cause the first computing device to: act on message content of the signed second message after the validating of the signed second message. 12. The system of claim 10 , the memory further storing computer-readable instructions that, when executed by the at least one processor, cause the first computing device to: extract header information from the signed second message; and determine the first header parameter based on a sequence rule for the first message and for subsequent messages between the first computing device and the second computing device, the first header parameter comprising a first order sequence rule. 13. The system of claim 10 , wherein the first non-repeating authenticator is encrypted and configured to be decrypted by the second computing device. 14. The system of claim 10 , wherein the first key comprises a private key associated with the first computing device, and the second key comprises a public key corresponding to a private key associated with the second computing device. 15. The system of claim 10 , wherein the first message is encrypted, for decryption by the second computing device, using the first key. 16. The system of claim 12 , the memory further storing computer-readable instructions that, when executed by the at least one processor, cause the first computing device to: determine a message type for the signed second message based on the first order sequence rule; and determine whether the signed second message is a same message type as the first message based on the message type. 17. The system of claim 10 , wherein the first header parameter comprises a first order sequence rule for the first message and for subsequent messages between the first computing device and the second computing device, the first message further comprises a second header parameter, the second header parameter comprising a message order sequence rule for the first message and for the subsequent messages between the first computing device and the second computing device, and the validating of the signed second message is also based on the first order sequence rule and on the message order sequence rule. 18. An apparatus comprising: at least one processor; and non-transitory memory storing computer-readable instructions that, when executed by the at least one processor, cause the apparatus to: establish, over a communication channel, an initial trust with a computing device; refresh the initial trust by performing the following: receiving, from a trusted authority, a first non-repeating authenticator that is unique to the apparatus and configured to be validated by the computing device; signing a first message using a first key, where the first message compri
Assignees
Inventors
Classifications
Protecting distributed programs or content, e.g. vending or licensing of copyrighted material (protection in video systems or pay television H04N7/16) {; Digital rights management [DRM]} · CPC title
dedicated tools, e.g. video decoder software or IPMP tool · CPC title
- H04L63/126Primary
the source of the received data · CPC title
Rights management {associated to the content (security in data switching network management H04L41/28; security management or policies for network security H04L63/20; access security in wireless networks H04W12/08)} · CPC title
Multiple levels of security · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10003604B2 cover?
- Apparatuses, computer readable media, and methods establishing and maintaining trust between security devices for distributing media content are provided. Two security devices bind to establish an initial trust so that security information can be exchanged. Subsequently, trust is refreshed to verify the source of a message is valid. In an embodiment, the security devices may comprise a security…
- Who is the assignee on this patent?
- Comcast Cable Comm Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/126. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 19 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).