CA2373059C - Secure control of security mode - Google Patents
Secure control of security mode Download PDFInfo
- Publication number
- CA2373059C CA2373059C CA002373059A CA2373059A CA2373059C CA 2373059 C CA2373059 C CA 2373059C CA 002373059 A CA002373059 A CA 002373059A CA 2373059 A CA2373059 A CA 2373059A CA 2373059 C CA2373059 C CA 2373059C
- Authority
- CA
- Canada
- Prior art keywords
- security
- level
- decryption
- indicator
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Multimedia (AREA)
- Computer Networks & Wireless Communication (AREA)
- Storage Device Security (AREA)
- Alarm Systems (AREA)
- Fittings On The Vehicle Exterior For Carrying Loads, And Devices For Holding Or Mounting Articles (AREA)
Abstract
A system to change security levels is used to change the level of security used in a secured processing system. The system uses a status indicator to designate the security level being implemented. The security level can be upgraded to allow a higher level of security to be implemented with relative ease. However, in order to change from a higher level of security to a lower level of security, an authorization code is utilized to confirm that the change in security is authorized.
Description
SECURE CONTROL OF SECURITY MODE
BACKGROUND OF THE INVENTION
This invention relates generally to the area of cryptography. More specifically, the invention relates to cryptographically securing a change in security levels (e.g., encryption/decryption and authentication levels) used in a data transmission.
In the area of data transmission there is a need to secure messages that are transmitted so as to ensure that the messages are not compromised. One way to ensure this is by way of cryptography to encrypt a message at the transmitting end and to decrypt the received message at the receiving end. In this manner, someone who does not know the key used when the message is encrypted cannot gain access to the message content or successfully modify the message. An example of this need can be seen in systems that encrypt and protect MPEG transport streams. Conditional access messages flow from transmitters to receivers to enable users to view video and audio programs. These conditional access messages should not be compromised. In addition to encryption/decryption, authentication serves as another cryptographic measure used to secure a transmission.
In some systems, the need for security varies depending on the content of the message, as well as who has access to a transmitted signal, etc. Thus, for example, it would be useful if a message signal could be encrypted at different security levels at different points in time. This would facilitate the person transmitting a message to transmit a low level security message at one level of security and to transmit a second message having a higher need for security at a higher level of security.
Encryption algorithms often require a great deal of resources, such as memory for complicated encryption algorithm code, memory to store intermediate data produced by the cryptographic algorithm, processing power, instruction cycles, etc.
Thus, one may send a message at the lowest level of encryption that is suitable for that particular message. Consequently, there is a need to be able to send messages that vary by their level of encryption.
301 12:23AM TOWNSEND&TOWNSEND NO.547 P.5"
Client Reference No.: D2301 Implementing changes in encryption could potentially be very.
complicated. Hence, whea implementing a change to a higher level of encryption or security, it would be desirable to make such a change in a relativeIy easy manner.
While it is desirable to make a change from a low level of encryption to a high level of encryption in a relatively easy manner, one should make sure that a system is not compromised when a change is made from a high level of security to a low level of security. Namely, while an attacker who feints a change in security from low level to high level would cause the transmitter and receiver to utiIize extra processing resources, the sent message would be less likely to be compromised because it would become secured according to a more secure algarithm. However, if an attacker is able to cause a shift to a low level of security from a high level of security, the attacker has made the process of breaking the code that much easier. Therefore, there is a need for a system that allows the chaage in security levels to be a secure change.
US patent 5,878,134 discusses a secure access system for controlling access to a plurality of items. The system includes a first IC card reader adapted to receive a fiist IC card which includes first aontrol information, a second IC
card reader adapted to receive a second IC card which includes second control information, and a control integrator receiving the first control information and the second control information and allowing access to a first one of the plurality of items based, on both the first control information and the second control iuformation.
Intemational patent application publication WO 99/27654 discusses a telecommunications sytstem. Data having a higher sensitivity and data having a lower sensitivity are identified within a data set. The data having a higher sensitivity is , encrypted to produce encrypted sensitive data.
SUMMARY OF TIM IIWENTION
A method of providing varying levels of security for a data processing system comprises using the system to receive information from an outside source, retrieving an indicator from the received information that instructs the system to operate at a higher level of security, and continuing operation of the system at the high level of security until information is received by the system to indicate a change in security levels.
Similarly, an apparatus comprises an input to receive a datastream, a Security Level Status Indicator, and code to execute a security algorithm indicated by the Security Level Status Indicator.
BACKGROUND OF THE INVENTION
This invention relates generally to the area of cryptography. More specifically, the invention relates to cryptographically securing a change in security levels (e.g., encryption/decryption and authentication levels) used in a data transmission.
In the area of data transmission there is a need to secure messages that are transmitted so as to ensure that the messages are not compromised. One way to ensure this is by way of cryptography to encrypt a message at the transmitting end and to decrypt the received message at the receiving end. In this manner, someone who does not know the key used when the message is encrypted cannot gain access to the message content or successfully modify the message. An example of this need can be seen in systems that encrypt and protect MPEG transport streams. Conditional access messages flow from transmitters to receivers to enable users to view video and audio programs. These conditional access messages should not be compromised. In addition to encryption/decryption, authentication serves as another cryptographic measure used to secure a transmission.
In some systems, the need for security varies depending on the content of the message, as well as who has access to a transmitted signal, etc. Thus, for example, it would be useful if a message signal could be encrypted at different security levels at different points in time. This would facilitate the person transmitting a message to transmit a low level security message at one level of security and to transmit a second message having a higher need for security at a higher level of security.
Encryption algorithms often require a great deal of resources, such as memory for complicated encryption algorithm code, memory to store intermediate data produced by the cryptographic algorithm, processing power, instruction cycles, etc.
Thus, one may send a message at the lowest level of encryption that is suitable for that particular message. Consequently, there is a need to be able to send messages that vary by their level of encryption.
301 12:23AM TOWNSEND&TOWNSEND NO.547 P.5"
Client Reference No.: D2301 Implementing changes in encryption could potentially be very.
complicated. Hence, whea implementing a change to a higher level of encryption or security, it would be desirable to make such a change in a relativeIy easy manner.
While it is desirable to make a change from a low level of encryption to a high level of encryption in a relatively easy manner, one should make sure that a system is not compromised when a change is made from a high level of security to a low level of security. Namely, while an attacker who feints a change in security from low level to high level would cause the transmitter and receiver to utiIize extra processing resources, the sent message would be less likely to be compromised because it would become secured according to a more secure algarithm. However, if an attacker is able to cause a shift to a low level of security from a high level of security, the attacker has made the process of breaking the code that much easier. Therefore, there is a need for a system that allows the chaage in security levels to be a secure change.
US patent 5,878,134 discusses a secure access system for controlling access to a plurality of items. The system includes a first IC card reader adapted to receive a fiist IC card which includes first aontrol information, a second IC
card reader adapted to receive a second IC card which includes second control information, and a control integrator receiving the first control information and the second control information and allowing access to a first one of the plurality of items based, on both the first control information and the second control iuformation.
Intemational patent application publication WO 99/27654 discusses a telecommunications sytstem. Data having a higher sensitivity and data having a lower sensitivity are identified within a data set. The data having a higher sensitivity is , encrypted to produce encrypted sensitive data.
SUMMARY OF TIM IIWENTION
A method of providing varying levels of security for a data processing system comprises using the system to receive information from an outside source, retrieving an indicator from the received information that instructs the system to operate at a higher level of security, and continuing operation of the system at the high level of security until information is received by the system to indicate a change in security levels.
Similarly, an apparatus comprises an input to receive a datastream, a Security Level Status Indicator, and code to execute a security algorithm indicated by the Security Level Status Indicator.
2 AMENDED SHEET
In accordance with another alternative aspect of the invention, an authorization code signals when the change in security levels is authorized. A
master key can be utilized to decrypt this authorization code so as to provide a high level of security for the authorization.
In accordance with one aspect of the invention there is provided a method of providing varying levels of security in a data processing system. The method involves receiving information from an outside source, retrieving a first indicator from the received information that instructs the system to operate at a higher level of security, receiving further information from the outside source, retrieving a separate second indicator from the further information received from the outside source, the second indicator for instructing the system to operate at a lower level of security than the higher level of security instructed by the first indicator, receiving an encrypted message that authorizes the system to operate at the lower level of security, authenticating the encrypted message, and preventing operation at the lower level of security until a decrease in security levels is indicated by the second indicator and the encrypted message; while continuing operation of the processing system at the higher level of security.
The encrypted message may include a Decreased-Security-Authorization-Code.
The Decreased-Security-Authorization-Code may authorize a decrease in encryption/decryption levels.
The Decreased-Security-Authorization-Code may authorize a decrease in authentication level.
The Decreased-Security-Authorization-Code may authorize a decrease in authentication level and a decrease in encryption/decryption levels.
The encrypted message may further include a key for use in a decryption algorithm.
The system may store a master key to decrypt messages including new decryption key values and the method may further include using the master key stored at the system to decrypt the encrypted message.
The method may further involve establishing a Security-Level-Status-Indicator at the system to indicate a level of security that is being implemented by the system.
In accordance with another alternative aspect of the invention, an authorization code signals when the change in security levels is authorized. A
master key can be utilized to decrypt this authorization code so as to provide a high level of security for the authorization.
In accordance with one aspect of the invention there is provided a method of providing varying levels of security in a data processing system. The method involves receiving information from an outside source, retrieving a first indicator from the received information that instructs the system to operate at a higher level of security, receiving further information from the outside source, retrieving a separate second indicator from the further information received from the outside source, the second indicator for instructing the system to operate at a lower level of security than the higher level of security instructed by the first indicator, receiving an encrypted message that authorizes the system to operate at the lower level of security, authenticating the encrypted message, and preventing operation at the lower level of security until a decrease in security levels is indicated by the second indicator and the encrypted message; while continuing operation of the processing system at the higher level of security.
The encrypted message may include a Decreased-Security-Authorization-Code.
The Decreased-Security-Authorization-Code may authorize a decrease in encryption/decryption levels.
The Decreased-Security-Authorization-Code may authorize a decrease in authentication level.
The Decreased-Security-Authorization-Code may authorize a decrease in authentication level and a decrease in encryption/decryption levels.
The encrypted message may further include a key for use in a decryption algorithm.
The system may store a master key to decrypt messages including new decryption key values and the method may further include using the master key stored at the system to decrypt the encrypted message.
The method may further involve establishing a Security-Level-Status-Indicator at the system to indicate a level of security that is being implemented by the system.
3 The Security-Level-Status-Indicator may indicate a level of encryption/decryption that is being implemented by the system.
The Security-Level-Status-Indicator may indicate a level of authentication that is being implemented by the system.
The Security-Level-Status-Indicator may indicate a level of authentication and a level encryption/decryption that is being implemented by the system.
The method may further involve configuring the Security-Level-Status-Indicator to indicate more than two security levels so as to allow the system to utilize more than two security levels.
The method may also involve utilizing a cable head-end as the outside source, and utilizing a set-top box in order to retrieve the first and second indicators from the information received from the cable head-end.
The system may further involve using a Key Management Message to convey the Decreased Security Authorization Code.
Delivery of the Key Management Message may be authenticated.
Delivery of the Key Management Message may be protected against a replay attack.
Delivery of the Key Management Message may be authenticated and protected against a replay attack.
A lower level of security may be a non-public Key mode. A higher level of security may be a public Key mode and, the method may further involve continuing operation of the system in the public Key mode until an encrypted predefined message is received by the system from the outside source.
The system may store a master key to decrypt messages including new decryption key values and the method may further include using the master key stored at the system to decrypt the encrypted message.
BRIEF DESCRIPTION OF THE DRAWINGS
Figures la and lb show a flowchart that illustrates the transmitting of messages from a transmitter to a receiver while allowing the security level of the transmitted messages to be changed between a less secure level and a more secure level, for example, when different levels of encryption/decryption are utilized.
3a Figure 2 shows transmitter and receiver circuits for transmitting messages and using different algorithms and keys that allow the security level of the transmissions to be altered.
DESCRIPTION OF THE SPECIFIC EMBODIMENTS
Referring now to Figures 1a and Ib, an embodiment of the invention can be seen by reference to flowchart 100. As an example, the different security levels of the invention are described with reference to encryption/decryption. However, it should be understood that other cryptographic aspects of security could be utilized in place of or in addition to encryption, e.g. authentication. In Figure la, a receiver is set up or established to decrypt at a first mode of decryption 104. The processor is electrically coupled to an internal memory such as RAM or ROM. The internal memory stores code for different decryption algorithms. Thus, at initialization, the decryption algorithm designated at initialization is available for use by the processor of the receiver. In addition to the code which implements the decryption algorithm, the processor is also loaded with decryption keys. These keys could reside or be derived in the processor itself rather than being loaded from the external memory of the receiver. This prevents the keys from being compromised by an attacker who is able to read the contents of the memory device. By establishing the key information within the processor, the key information is secured.
Once the receiver is established with the initial level of encryption, an indicator is implemented to indicate the encryption/decryption level at which the system is operating. For a two-level decryption receiver, this could be accomplished by storing a single bit in the decryption unit 106, e.g., receiver. This single bit is capable of designating a high level of decryption, e.g., "1", and a low level of decryption, e.g., "0".
3b N0.547'+ 'P.7' -16-07-2001 01 12-2 4A'1 TOWNSDND&TOWNSEND US0015870 Client Reference No, ; D2301 -This bit could be stored in local memory of the processor or in a regi.ster of the processor.
At the time of initialization, this bit is set to indicate the initial level of decryption to be implemented by the receiver. When the security level is changed, this bit can then be changed to indicate the new level of security, e.g,, level of encryption/decryption.
When multiple security levels are utilized by the system, e.g., multiple levels of encryption at a transmittex or multiple levels of decryption at a receiver, then more than one bit can be utilized to indicate the level of security.
Similarly, this multiple bit combination can be stored in the local memory or register of a processor and altered according to a change in security level. Furthermore, this indicator can be stored at both the receiver and the transmitter. In such a fashion, the pair can remain coordinated as to which level of security is being used.
Once an initial encryptionldecryption level is established in the transmitter and receiver, messages are encrypted at the initial encryption leve1110. This can take place using a processor loeated at a ttansmitter to enerypt a message or messages, such as might be cariied within an MPEG2 encoded ttansport stream, Code for implementing the encryption algorithm will be utilized by the processor to* implement the encryption algorithm using the content of a message and any necessary encryption key.
Once the message is encrypted, it is then transmitted to the receiver 112 over a communication channel.
At the receiving end of the transmission, the receiver receives the message encrypted at the initial level of encryption 116 from an outside source, e.g., the transmitter at the cable head-end. The receiver then decrypts the encrypted message utilizing the decryption code and decryption key(s) with which it was initialized 120.
This process continues with the transmitter sending encrypted messages and the receiver decrypting the messages until a ebange iu the security level is indieated.
The need for a change in security level could arise fbr a variety of reasons, For example, consider the situation of a cable company that introduces set-top boxes that operate at an initial level of security. That level of security may be acceptable for several years. However, at a later date, there may be a desire to increase the level of security. In such a situation, the cable company eould implement the change to the higher level of security. Furthermore, if problems are caused in thc cable system by the change to the higher level of security, then the cable system could temporarily switch back to the lower level of security until those problems are resolved. Then the switch to the higher level of -security could be made again. This is but one example of how the invention could be
The Security-Level-Status-Indicator may indicate a level of authentication that is being implemented by the system.
The Security-Level-Status-Indicator may indicate a level of authentication and a level encryption/decryption that is being implemented by the system.
The method may further involve configuring the Security-Level-Status-Indicator to indicate more than two security levels so as to allow the system to utilize more than two security levels.
The method may also involve utilizing a cable head-end as the outside source, and utilizing a set-top box in order to retrieve the first and second indicators from the information received from the cable head-end.
The system may further involve using a Key Management Message to convey the Decreased Security Authorization Code.
Delivery of the Key Management Message may be authenticated.
Delivery of the Key Management Message may be protected against a replay attack.
Delivery of the Key Management Message may be authenticated and protected against a replay attack.
A lower level of security may be a non-public Key mode. A higher level of security may be a public Key mode and, the method may further involve continuing operation of the system in the public Key mode until an encrypted predefined message is received by the system from the outside source.
The system may store a master key to decrypt messages including new decryption key values and the method may further include using the master key stored at the system to decrypt the encrypted message.
BRIEF DESCRIPTION OF THE DRAWINGS
Figures la and lb show a flowchart that illustrates the transmitting of messages from a transmitter to a receiver while allowing the security level of the transmitted messages to be changed between a less secure level and a more secure level, for example, when different levels of encryption/decryption are utilized.
3a Figure 2 shows transmitter and receiver circuits for transmitting messages and using different algorithms and keys that allow the security level of the transmissions to be altered.
DESCRIPTION OF THE SPECIFIC EMBODIMENTS
Referring now to Figures 1a and Ib, an embodiment of the invention can be seen by reference to flowchart 100. As an example, the different security levels of the invention are described with reference to encryption/decryption. However, it should be understood that other cryptographic aspects of security could be utilized in place of or in addition to encryption, e.g. authentication. In Figure la, a receiver is set up or established to decrypt at a first mode of decryption 104. The processor is electrically coupled to an internal memory such as RAM or ROM. The internal memory stores code for different decryption algorithms. Thus, at initialization, the decryption algorithm designated at initialization is available for use by the processor of the receiver. In addition to the code which implements the decryption algorithm, the processor is also loaded with decryption keys. These keys could reside or be derived in the processor itself rather than being loaded from the external memory of the receiver. This prevents the keys from being compromised by an attacker who is able to read the contents of the memory device. By establishing the key information within the processor, the key information is secured.
Once the receiver is established with the initial level of encryption, an indicator is implemented to indicate the encryption/decryption level at which the system is operating. For a two-level decryption receiver, this could be accomplished by storing a single bit in the decryption unit 106, e.g., receiver. This single bit is capable of designating a high level of decryption, e.g., "1", and a low level of decryption, e.g., "0".
3b N0.547'+ 'P.7' -16-07-2001 01 12-2 4A'1 TOWNSDND&TOWNSEND US0015870 Client Reference No, ; D2301 -This bit could be stored in local memory of the processor or in a regi.ster of the processor.
At the time of initialization, this bit is set to indicate the initial level of decryption to be implemented by the receiver. When the security level is changed, this bit can then be changed to indicate the new level of security, e.g,, level of encryption/decryption.
When multiple security levels are utilized by the system, e.g., multiple levels of encryption at a transmittex or multiple levels of decryption at a receiver, then more than one bit can be utilized to indicate the level of security.
Similarly, this multiple bit combination can be stored in the local memory or register of a processor and altered according to a change in security level. Furthermore, this indicator can be stored at both the receiver and the transmitter. In such a fashion, the pair can remain coordinated as to which level of security is being used.
Once an initial encryptionldecryption level is established in the transmitter and receiver, messages are encrypted at the initial encryption leve1110. This can take place using a processor loeated at a ttansmitter to enerypt a message or messages, such as might be cariied within an MPEG2 encoded ttansport stream, Code for implementing the encryption algorithm will be utilized by the processor to* implement the encryption algorithm using the content of a message and any necessary encryption key.
Once the message is encrypted, it is then transmitted to the receiver 112 over a communication channel.
At the receiving end of the transmission, the receiver receives the message encrypted at the initial level of encryption 116 from an outside source, e.g., the transmitter at the cable head-end. The receiver then decrypts the encrypted message utilizing the decryption code and decryption key(s) with which it was initialized 120.
This process continues with the transmitter sending encrypted messages and the receiver decrypting the messages until a ebange iu the security level is indieated.
The need for a change in security level could arise fbr a variety of reasons, For example, consider the situation of a cable company that introduces set-top boxes that operate at an initial level of security. That level of security may be acceptable for several years. However, at a later date, there may be a desire to increase the level of security. In such a situation, the cable company eould implement the change to the higher level of security. Furthermore, if problems are caused in thc cable system by the change to the higher level of security, then the cable system could temporarily switch back to the lower level of security until those problems are resolved. Then the switch to the higher level of -security could be made again. This is but one example of how the invention could be
4 =
AMENDED SHEET
:V',.I-~_7 . =~,.,, ,-'V
CA 02373059 2001-11-02 N0. 547 P. S- =- -16-07-2001 101 12' 2aAM TOWNSEND&TOWNSErtu US0015870 Client Reference No.: D2301 useful. It might also be desirable to use it as a way of changing security on a program by program basis or a time of day basis, as circumstances may warrant.
One way to indicate a change in encryption/decryption levels is by tranemitting an indicator that indicates the level of security being ixnplemented by the change 124. Such an indieatoris referred to as a Security Level Status Indicator (SLSI) and iredicates what level of security is being implemented. For example, it can indicate the corresponding level of encryption/decryption being implemented by the change. The SLSI can simply be a single bit that makes up part of another message or it could be a message unto itself, For example, it is envisioned that a single bit of an Entitlement Management Message (EMM) or Key Management Message (KMM) that is sent by cable operators to their individual customers could serve as the SLSI. Furthermore, the SLSI
need not be limited to a single bit. It could be longer to indicate more than two security levels, e,g., encryption/decryption levels.
The SLSI or other signal sent by the tratan3itter is then received at the receiver. 128. When the SLSI is embedded within a longer message such as an EMM or K,MM, the decryption deviee, e.g., the receiver, will need to parse out the SLSI in order to analyze whether a change in the security level has occurred. Essentially, the receiver can determine whether a new SLSI has been received by comparing the new SLSI value with the old SLSI value stored at the receiver.
If a change in the SLSI value.is detected, it is tested to determine whether it indicates a change from a low level security algorithm to a higher level security algorithm (e.g., by changing from a"0" to a"1'l 132. If this is the case, the SLSI value stored at the receiver should be updated (e.g., by changing the SLSI value in the processor to a "1 ").
Normally, a false indication of a change from a low level of encryption/dearyption to a higher levcl of encryption/decryption will not be a concern.
Such a change would simply make an attaeker's job.more difficult. So, it is unlikely that an attacker would purposely try and alter the SLSI in such a manner. Rather, it would be expected that an attacker would try and decrease the security level being used by a system in order to have a greater chance of breaking a less difficult security system.
Iience, in one mode of the invention; the eneryption/decryption level at the decryption device is increased if an increase in encryption/decryption level is indicated 174. This occurs by switching to use of the higher level of decryption code stored in the local memory of the processor in ffiw receiver. Any keys associated with the new
AMENDED SHEET
:V',.I-~_7 . =~,.,, ,-'V
CA 02373059 2001-11-02 N0. 547 P. S- =- -16-07-2001 101 12' 2aAM TOWNSEND&TOWNSErtu US0015870 Client Reference No.: D2301 useful. It might also be desirable to use it as a way of changing security on a program by program basis or a time of day basis, as circumstances may warrant.
One way to indicate a change in encryption/decryption levels is by tranemitting an indicator that indicates the level of security being ixnplemented by the change 124. Such an indieatoris referred to as a Security Level Status Indicator (SLSI) and iredicates what level of security is being implemented. For example, it can indicate the corresponding level of encryption/decryption being implemented by the change. The SLSI can simply be a single bit that makes up part of another message or it could be a message unto itself, For example, it is envisioned that a single bit of an Entitlement Management Message (EMM) or Key Management Message (KMM) that is sent by cable operators to their individual customers could serve as the SLSI. Furthermore, the SLSI
need not be limited to a single bit. It could be longer to indicate more than two security levels, e,g., encryption/decryption levels.
The SLSI or other signal sent by the tratan3itter is then received at the receiver. 128. When the SLSI is embedded within a longer message such as an EMM or K,MM, the decryption deviee, e.g., the receiver, will need to parse out the SLSI in order to analyze whether a change in the security level has occurred. Essentially, the receiver can determine whether a new SLSI has been received by comparing the new SLSI value with the old SLSI value stored at the receiver.
If a change in the SLSI value.is detected, it is tested to determine whether it indicates a change from a low level security algorithm to a higher level security algorithm (e.g., by changing from a"0" to a"1'l 132. If this is the case, the SLSI value stored at the receiver should be updated (e.g., by changing the SLSI value in the processor to a "1 ").
Normally, a false indication of a change from a low level of encryption/dearyption to a higher levcl of encryption/decryption will not be a concern.
Such a change would simply make an attaeker's job.more difficult. So, it is unlikely that an attacker would purposely try and alter the SLSI in such a manner. Rather, it would be expected that an attacker would try and decrease the security level being used by a system in order to have a greater chance of breaking a less difficult security system.
Iience, in one mode of the invention; the eneryption/decryption level at the decryption device is increased if an increase in encryption/decryption level is indicated 174. This occurs by switching to use of the higher level of decryption code stored in the local memory of the processor in ffiw receiver. Any keys associated with the new
5 AMENDED SHEET
_."~a .=l~_~ ~ =~i. o l01 12:25AM TOWNSEND&TOWNSEND N0.547 P. "-Client Reference No.: D2301 decryption level may be positioned so as to be more readily accessible, This might occur by moving the keys from local memory to a register which has a faster access time. Once the information for the new decryption level has been loaded, the receiver can receive a message encrypted at the new higher level of encryption and process it accordingly. A
user might choose to encrypt the SLSI even when an increase in security is implemented.
In such a case, the bit of the SLSI can be encrypted by the transmitter and decrypted at the receiver, Alternatively, one might want to decrease the encryption/dearyption level being used from a higher level of encryption/decryption to a lower level of encryption/decryption. In such a case, it is important to be able to verify that the instruction to change the encryption/decryption level is legitimate in order to prevent an attacker from compromising the system.
One method of downgrading the security level is by transmitting an authorization signal to the receiver to indicate the downgrade. This authorization signal shall be referred to as a Decreased Security Authorization Code (DSAC) since it is typically a coded signal that is transmitted to indicate that the security level can be reduced from a higher security level to a lower security leveL
Continuing with the example of Fig. ib, the receiver checks to see if a DSAC has been received 136. If no DSAC is received, then encryption/decryption levels are not changed 140. Furthermore, operation. continues at the present or higher level of encryption/decryption 144. However, if a DSAC is received, it is tested to detetmine its content. In one embodirqent, the DSAC is encrypted and authenticated. Hence, it will be decrypted 148 and its authentication verified. The content of the DSAC is then confirmed 152, e.g., by comparing the value of the DSAC to the SLSI value held by the receiver.
Thus, in the absence of an authorization signal, an unauthorized decrease in security level is prevented. After confiming that a change in encryption/decryption level has been indicated, the SLSI value held by the receiver is updated to reflect the change in the encryption/decryption level status.
The DSAC can be transmitted as part of a Key Management Message (KMM). A Key Management Message is used in encrypted systems to transmit new keys used by the decryption algorithms. Thus, it allows new keys to be switched at periodic intervals in the receiver to prevent attackers from compromising the system.
Consequently, when the Key Management Message is transmitted, the longest and strongest key held by the receiver is typically used to decrypt the KMM. Thus, the K.MIVI
_."~a .=l~_~ ~ =~i. o l01 12:25AM TOWNSEND&TOWNSEND N0.547 P. "-Client Reference No.: D2301 decryption level may be positioned so as to be more readily accessible, This might occur by moving the keys from local memory to a register which has a faster access time. Once the information for the new decryption level has been loaded, the receiver can receive a message encrypted at the new higher level of encryption and process it accordingly. A
user might choose to encrypt the SLSI even when an increase in security is implemented.
In such a case, the bit of the SLSI can be encrypted by the transmitter and decrypted at the receiver, Alternatively, one might want to decrease the encryption/dearyption level being used from a higher level of encryption/decryption to a lower level of encryption/decryption. In such a case, it is important to be able to verify that the instruction to change the encryption/decryption level is legitimate in order to prevent an attacker from compromising the system.
One method of downgrading the security level is by transmitting an authorization signal to the receiver to indicate the downgrade. This authorization signal shall be referred to as a Decreased Security Authorization Code (DSAC) since it is typically a coded signal that is transmitted to indicate that the security level can be reduced from a higher security level to a lower security leveL
Continuing with the example of Fig. ib, the receiver checks to see if a DSAC has been received 136. If no DSAC is received, then encryption/decryption levels are not changed 140. Furthermore, operation. continues at the present or higher level of encryption/decryption 144. However, if a DSAC is received, it is tested to detetmine its content. In one embodirqent, the DSAC is encrypted and authenticated. Hence, it will be decrypted 148 and its authentication verified. The content of the DSAC is then confirmed 152, e.g., by comparing the value of the DSAC to the SLSI value held by the receiver.
Thus, in the absence of an authorization signal, an unauthorized decrease in security level is prevented. After confiming that a change in encryption/decryption level has been indicated, the SLSI value held by the receiver is updated to reflect the change in the encryption/decryption level status.
The DSAC can be transmitted as part of a Key Management Message (KMM). A Key Management Message is used in encrypted systems to transmit new keys used by the decryption algorithms. Thus, it allows new keys to be switched at periodic intervals in the receiver to prevent attackers from compromising the system.
Consequently, when the Key Management Message is transmitted, the longest and strongest key held by the receiver is typically used to decrypt the KMM. Thus, the K.MIVI
6 AMENDED SHEET
~~ _.
1, ' , ..' 7 - I
16-07-2001 l01 12:25AM TOWNSEND&TOWNSEND NO' 547 P-W
Client Reference No.: T)2301 is considered to have a very high level of security. Therefore, it is a suitable vehicle for transporting the DSAC. In this way, the DSAC can be included as part of the KIvm and decrypted by a key of the receiver that is used to provide the highest level of security, i.e,, the master key. Therefore, it is unlikely that an attacker can change the level of security being used'by the system.
Furthermore, delivery of the DSAC may also be protected against replay attacks. That is you could not re-use a message to re-lower security. This would require that messages authoriziag a decreased security level be different. This can be implemented by providing code for algorithms which prevent replay attacks, such as those disclosed in "Applied Cryptography 2nd Edition," by Bruce Schueier, John Wiley and Sons, Inc., which is hereby incorporated by reference for all that it discloses and for alI purposes, When a DSAC signal is received and confirmed, the security level is changed and the SLSI is updated to reflect the change. The SLSI would be stored in a register of the processor or in local memory of the processor, so the changing of its value is straightforward. Any keys necessary for implementing a new decryption level should be moved or loaded into their designated locations in the processor memory or registers.
At the time of changing the encryptionldecryption level, it might also be desirable to load a new key to the receiver 154, This is facilitated if the DSAC is made part of the KMM
which is used to transport new keys.
Once the encryption level is changed, a new message can be encrypted at the second level of encryption by the transmitter 158. This message can then be transmitted to the receiver at the second level of encryption 162. The receiver would then receive the encrypted message 166 and decrypt the encrypted message utilizing the second level of decryption code stored by the receiver 170. This process can then be repeated as needed to facilitate the need for a high level of secuirity and the need for efficient processing made possible by lower levels of security in transmissions.
A system 200 for practicing an embodiment of the invention can be seen in Figure 2. Figure 2 shows a transmitter 206 and a receiver 250. For example, the transmitter could be located in a cable headend 204 and the receiver could be a set-top box located at a cable customer's home. The transmitter may be comprised of an iiitegrated circuit such as a processor 208, This circuit could include Algorithm Code #1 220, which corresponds to the algorithm used to provide the lower level of cryptography.
Similarly, it would also include Algorithm Code #2 224 which corresponds to the
~~ _.
1, ' , ..' 7 - I
16-07-2001 l01 12:25AM TOWNSEND&TOWNSEND NO' 547 P-W
Client Reference No.: T)2301 is considered to have a very high level of security. Therefore, it is a suitable vehicle for transporting the DSAC. In this way, the DSAC can be included as part of the KIvm and decrypted by a key of the receiver that is used to provide the highest level of security, i.e,, the master key. Therefore, it is unlikely that an attacker can change the level of security being used'by the system.
Furthermore, delivery of the DSAC may also be protected against replay attacks. That is you could not re-use a message to re-lower security. This would require that messages authoriziag a decreased security level be different. This can be implemented by providing code for algorithms which prevent replay attacks, such as those disclosed in "Applied Cryptography 2nd Edition," by Bruce Schueier, John Wiley and Sons, Inc., which is hereby incorporated by reference for all that it discloses and for alI purposes, When a DSAC signal is received and confirmed, the security level is changed and the SLSI is updated to reflect the change. The SLSI would be stored in a register of the processor or in local memory of the processor, so the changing of its value is straightforward. Any keys necessary for implementing a new decryption level should be moved or loaded into their designated locations in the processor memory or registers.
At the time of changing the encryptionldecryption level, it might also be desirable to load a new key to the receiver 154, This is facilitated if the DSAC is made part of the KMM
which is used to transport new keys.
Once the encryption level is changed, a new message can be encrypted at the second level of encryption by the transmitter 158. This message can then be transmitted to the receiver at the second level of encryption 162. The receiver would then receive the encrypted message 166 and decrypt the encrypted message utilizing the second level of decryption code stored by the receiver 170. This process can then be repeated as needed to facilitate the need for a high level of secuirity and the need for efficient processing made possible by lower levels of security in transmissions.
A system 200 for practicing an embodiment of the invention can be seen in Figure 2. Figure 2 shows a transmitter 206 and a receiver 250. For example, the transmitter could be located in a cable headend 204 and the receiver could be a set-top box located at a cable customer's home. The transmitter may be comprised of an iiitegrated circuit such as a processor 208, This circuit could include Algorithm Code #1 220, which corresponds to the algorithm used to provide the lower level of cryptography.
Similarly, it would also include Algorithm Code #2 224 which corresponds to the
7 AMENDED SHEET
l01 12: 25AM TOWNSEND&TOWNSEND NO.547 P.1'~
Client Reference-No.: D2301 algorithm used to provide the higher level of cryptography. The trausmitter could store in its local memory 216 a value corresponding to the Security Level Status Indicator (SLSI) 212 which indicates the level of security being used by the system.
The receiver 250 houses an integrated circuit such as security processor 254. An input 258 of the proeessor is coupled to the input signal from an outside source, e.g., the transmitter. The processor stores the code for the lower level security algorithm 282 and code for the higher level security algorithm 278 in its interaal memory. The Security Level Status Indicator (SLSI) 286 is stored in a register or local memory of the processor. When the Decreased Security Authorization Code is received, it can be stored in local memory 270 of the processor for processing, The master key 266 may be stored in a register or local memory of the processor to proteet its integrity.
Similarly, any new keys received, such as a new Triple DES key 274 should be stored in a register or local mennory of the processor as well. Figure 2 shows that the singie DES key 290 and the existing Triple DES key 262 are stored by the processor as well.
As one example, it is envisioned that the system could operate at two levels of encryption/decryption. Namely, it is envisioned that single DES
could serve as the low level of encryption while Triple DES could serve as the high level of eneryption.
However, it is also possible that additional algorithms could be used as well.
Thus, the system could operate at a variety of levels. Furthermore, it is noted that those various encryption/decryption levels could be public key or non-public key systems, for example.
While the invention has been descn'bed in regard to increasing security of a system by way of changing encryption/decryption levels, it should be understood that the invention is also appficabte to changes in the level of authentication used in a transmission system. Thus, where the invendon has been described above as a system for protecting privacy by way of encryption and decryption, it should also be understood to apply to changing, for example, digital signature requirements, as a way of changing authentication levels. Furthermore, it should be understood that changes in both encryption/dearyption and authentication levals can be accomplished with the invention.
Furthermore, where the invention has been deseribed as being accomplished by a processor executing code, it should be understood that the invention may also be aceomplished by various combinations of hardware and software, e.g, ;
individual hardware components; bardware controlled by software; a combinatiou of hardware and software; or even software alone. Thus, as one example, hardware distiact
l01 12: 25AM TOWNSEND&TOWNSEND NO.547 P.1'~
Client Reference-No.: D2301 algorithm used to provide the higher level of cryptography. The trausmitter could store in its local memory 216 a value corresponding to the Security Level Status Indicator (SLSI) 212 which indicates the level of security being used by the system.
The receiver 250 houses an integrated circuit such as security processor 254. An input 258 of the proeessor is coupled to the input signal from an outside source, e.g., the transmitter. The processor stores the code for the lower level security algorithm 282 and code for the higher level security algorithm 278 in its interaal memory. The Security Level Status Indicator (SLSI) 286 is stored in a register or local memory of the processor. When the Decreased Security Authorization Code is received, it can be stored in local memory 270 of the processor for processing, The master key 266 may be stored in a register or local memory of the processor to proteet its integrity.
Similarly, any new keys received, such as a new Triple DES key 274 should be stored in a register or local mennory of the processor as well. Figure 2 shows that the singie DES key 290 and the existing Triple DES key 262 are stored by the processor as well.
As one example, it is envisioned that the system could operate at two levels of encryption/decryption. Namely, it is envisioned that single DES
could serve as the low level of encryption while Triple DES could serve as the high level of eneryption.
However, it is also possible that additional algorithms could be used as well.
Thus, the system could operate at a variety of levels. Furthermore, it is noted that those various encryption/decryption levels could be public key or non-public key systems, for example.
While the invention has been descn'bed in regard to increasing security of a system by way of changing encryption/decryption levels, it should be understood that the invention is also appficabte to changes in the level of authentication used in a transmission system. Thus, where the invendon has been described above as a system for protecting privacy by way of encryption and decryption, it should also be understood to apply to changing, for example, digital signature requirements, as a way of changing authentication levels. Furthermore, it should be understood that changes in both encryption/dearyption and authentication levals can be accomplished with the invention.
Furthermore, where the invention has been deseribed as being accomplished by a processor executing code, it should be understood that the invention may also be aceomplished by various combinations of hardware and software, e.g, ;
individual hardware components; bardware controlled by software; a combinatiou of hardware and software; or even software alone. Thus, as one example, hardware distiact
8 AMEtNIDED SHEET
f01 12=26AM TOWNSEND&TOVJ-NSEIVD N0.547 ~ P.1'~`-"--""
Client Reference No.: b2301 from the processor could be utilized to encrypt an MPEG-2 transport stream while a processor performs other encryption duties.
In addition to embodiments where the invention is accomplished by hardware, it is also noted that these embodiments can be accomplished through the use of an article of manufacture comprised of a computer usable medium having a computer readable program code embodied therein, which causes the enablement of the functions andlor fabrication of the hardware diselosed in this specification. For example, this might be accomplished through the use of hardware description language (EDL), register traasfer laisguage (RTL), VEItILOG, VEDL, or similar programmittg tools, as one of ordinary sidll in the art would understand. Therefore, it is desired that the embodiments expressed above also be considered protected by this patent in their program code means as well.
It is also noted that many of the shuctures and acts recited herein c;an be recited as mearze for performing a function or steps for performing a function, respectively. Therefore, it should be understood that such language is entitled to cover aIl such structures or acts disclosed within this specification and their equivalents.
It is thought that the apparatnses and methods of the embodiments of the present invention and many of its attendant advantages will be understood from this specification and it will be apparent that various changes may be made in the form, construction and arrangement of the parts thereof without departing from the spirit and scope of the invention or sacrificing all of its matesial advantages, the fozm herein before described being merely exemplary embodiments thereof.
~
f01 12=26AM TOWNSEND&TOVJ-NSEIVD N0.547 ~ P.1'~`-"--""
Client Reference No.: b2301 from the processor could be utilized to encrypt an MPEG-2 transport stream while a processor performs other encryption duties.
In addition to embodiments where the invention is accomplished by hardware, it is also noted that these embodiments can be accomplished through the use of an article of manufacture comprised of a computer usable medium having a computer readable program code embodied therein, which causes the enablement of the functions andlor fabrication of the hardware diselosed in this specification. For example, this might be accomplished through the use of hardware description language (EDL), register traasfer laisguage (RTL), VEItILOG, VEDL, or similar programmittg tools, as one of ordinary sidll in the art would understand. Therefore, it is desired that the embodiments expressed above also be considered protected by this patent in their program code means as well.
It is also noted that many of the shuctures and acts recited herein c;an be recited as mearze for performing a function or steps for performing a function, respectively. Therefore, it should be understood that such language is entitled to cover aIl such structures or acts disclosed within this specification and their equivalents.
It is thought that the apparatnses and methods of the embodiments of the present invention and many of its attendant advantages will be understood from this specification and it will be apparent that various changes may be made in the form, construction and arrangement of the parts thereof without departing from the spirit and scope of the invention or sacrificing all of its matesial advantages, the fozm herein before described being merely exemplary embodiments thereof.
~
9 AMENDED SHEET
Claims (19)
PROPERTY OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS:
1. A method of providing varying levels of security in a data processing system, the method comprising:
receiving information from an outside source;
retrieving a first indicator from the received information that instructs the system to operate at a higher level of security;
receiving further information from said outside source;
retrieving a separate second indicator from said further information received from said outside source, the second indicator for instructing the system to operate at a lower level of security than the higher level of security instructed by the first indicator;
receiving an encrypted message that authorizes the system to operate at the lower level of security;
authenticating the encrypted message; and preventing operation at the lower level of security until a decrease in security levels is indicated by said second indicator and the encrypted message; while continuing operation of said processing system at the higher level of security.
receiving information from an outside source;
retrieving a first indicator from the received information that instructs the system to operate at a higher level of security;
receiving further information from said outside source;
retrieving a separate second indicator from said further information received from said outside source, the second indicator for instructing the system to operate at a lower level of security than the higher level of security instructed by the first indicator;
receiving an encrypted message that authorizes the system to operate at the lower level of security;
authenticating the encrypted message; and preventing operation at the lower level of security until a decrease in security levels is indicated by said second indicator and the encrypted message; while continuing operation of said processing system at the higher level of security.
2. The method of claim 1 wherein the encrypted message comprises a Decreased-Security-Authorization-Code.
3. The method of claim 2 wherein said Decreased-Security-Authorization-Code authorizes a decrease in encryption/decryption levels.
4. The method of claim 2 wherein said Decreased-Security-Authorization-Code authorizes a decrease in authentication level.
5. The method of claim 2 wherein said Decreased-Security-Authorization-Code authorizes a decrease in authentication level and a decrease in encryption/decryption levels.
6. The method of claim 2 wherein said encrypted message further comprises a key for use in a decryption algorithm.
7. The method of claim 6 wherein said system stores a master key to decrypt messages comprising new decryption key values and further comprising:
using said master key stored at said system to decrypt said encrypted message.
using said master key stored at said system to decrypt said encrypted message.
8. The method of claim 1 and further comprising:
establishing a Security-Level-Status-Indicator at said system to indicate a level of security that is being implemented by the system.
establishing a Security-Level-Status-Indicator at said system to indicate a level of security that is being implemented by the system.
9. The method of claim 8 wherein said Security-Level-Status-Indicator indicates a level of encryption/decryption that is being implemented by the system.
10. The method of claim 8 wherein said Security-Level-Status-Indicator indicates a level of authentication that is being implemented by the system.
11. The method of claim 8 wherein said Security-Level-Status-Indicator indicates a level of authentication and a level encryption/decryption that is being implemented by the system.
12. The method of claim 8 and further comprising:
configuring said Security-Level-Status-Indicator to indicate more than two security levels so as to allow said system to utilize more than two security levels.
configuring said Security-Level-Status-Indicator to indicate more than two security levels so as to allow said system to utilize more than two security levels.
13. The method of claim 1 and further comprising:
utilizing a cable head-end as said outside source; and utilizing a set-top box in order to retrieve the first and second indicators from the information received from the cable head-end.
utilizing a cable head-end as said outside source; and utilizing a set-top box in order to retrieve the first and second indicators from the information received from the cable head-end.
14. The method of claim 2 and further comprising using a Key Management Message to convey said Decreased Security Authorization Code.
15. The method of claim 14 wherein delivery of said Key Management Message is authenticated.
16. The method of claim 14 wherein delivery of said Key Management Message is protected against a replay attack.
17. The method of claim 14 wherein delivery of said Key Management Message is authenticated and protected against a replay attack.
18. The method of claim 1 wherein a lower level of security is non-public Key mode, wherein a higher level of security is a public Key mode, the method further comprising:
continuing operation of the system in the public Key mode until an encrypted predefined message is received by the system from the outside source.
continuing operation of the system in the public Key mode until an encrypted predefined message is received by the system from the outside source.
19. The method of claim 18 wherein said system stores a master key to decrypt messages comprising new decryption key values and further comprising:
using said master key stored at said system to decrypt said encrypted message.
using said master key stored at said system to decrypt said encrypted message.
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US13816399P | 1999-06-08 | 1999-06-08 | |
| US60/138,163 | 1999-06-08 | ||
| US09/576,516 | 2000-05-23 | ||
| US09/576,516 US7660986B1 (en) | 1999-06-08 | 2000-05-23 | Secure control of security mode |
| PCT/US2000/015870 WO2000076117A1 (en) | 1999-06-08 | 2000-06-08 | Secure control of security mode |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2373059A1 CA2373059A1 (en) | 2000-12-14 |
| CA2373059C true CA2373059C (en) | 2009-10-06 |
Family
ID=26835925
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002373059A Expired - Lifetime CA2373059C (en) | 1999-06-08 | 2000-06-08 | Secure control of security mode |
Country Status (9)
| Country | Link |
|---|---|
| US (1) | US7660986B1 (en) |
| EP (1) | EP1183818B1 (en) |
| KR (1) | KR20020060073A (en) |
| CN (1) | CN1354933A (en) |
| AT (1) | ATE319240T1 (en) |
| AU (1) | AU770370B2 (en) |
| CA (1) | CA2373059C (en) |
| DE (1) | DE60026306T2 (en) |
| WO (1) | WO2000076117A1 (en) |
Families Citing this family (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7810152B2 (en) | 2002-05-08 | 2010-10-05 | Broadcom Corporation | System and method for securely controlling access to device functions |
| US7681043B1 (en) | 2002-05-08 | 2010-03-16 | Broadcom Corporation | System and method for configuring device features via programmable memory |
| DE10301674B4 (en) * | 2002-01-21 | 2012-10-11 | Siemens Enterprise Communications Gmbh & Co. Kg | Electronic signature circulation |
| EP1414233A1 (en) * | 2002-05-08 | 2004-04-28 | Broadcom Corporation | System and method for configuring device features via programmable memory |
| JP4346326B2 (en) * | 2003-02-27 | 2009-10-21 | 富士通株式会社 | Security system, information management system, encryption support system, and computer program |
| CN100483992C (en) | 2003-05-06 | 2009-04-29 | 国际商业机器公司 | Encrypting and deencrypting method and apparatus for data flow |
| US8862866B2 (en) | 2003-07-07 | 2014-10-14 | Certicom Corp. | Method and apparatus for providing an adaptable security level in an electronic communication |
| JP4646913B2 (en) | 2003-08-12 | 2011-03-09 | リサーチ イン モーション リミテッド | System and method for indicating the strength of encryption |
| DE102004040312B4 (en) | 2003-08-19 | 2018-11-15 | Certicom Corp. | Method and device for synchronizing an adaptable security level in an electronic data transmission |
| US7607006B2 (en) * | 2004-09-23 | 2009-10-20 | International Business Machines Corporation | Method for asymmetric security |
| JP5040087B2 (en) * | 2005-09-06 | 2012-10-03 | 富士通株式会社 | Wireless communication network security setting method, security setting program, and wireless communication network system |
| JP4807562B2 (en) | 2005-11-25 | 2011-11-02 | 横河電機株式会社 | Plant control system |
| FR2898445B1 (en) * | 2006-03-08 | 2008-11-14 | Airbus France Sas | METHOD AND DEVICE FOR DETECTING INTRUSION TENTATIVES ON A COMMUNICATION LINK BETWEEN AN AIRCRAFT AND A SOL. |
| KR101519151B1 (en) * | 2006-04-13 | 2015-05-11 | 써티콤 코포레이션 | Method and apparatus for providing an adaptable security level in an electronic communication |
| FR2900008B1 (en) * | 2006-04-18 | 2008-05-30 | Airbus France Sas | METHOD AND DEVICE FOR COMMUNICATING ON A COMMUNICATION LINK BETWEEN AN AIRCRAFT AND A SOIL STATION |
| US8392983B2 (en) * | 2007-07-31 | 2013-03-05 | Viasat, Inc. | Trusted labeler |
| US8295486B2 (en) | 2007-09-28 | 2012-10-23 | Research In Motion Limited | Systems, devices, and methods for outputting alerts to indicate the use of a weak hash function |
| CN101257681B (en) * | 2008-03-26 | 2011-05-18 | 宇龙计算机通信科技(深圳)有限公司 | Private data protecting equipment, mobile terminal, private data memory and read method |
| US9087219B2 (en) | 2008-06-16 | 2015-07-21 | Infineon Technologies Ag | Circuit with a plurality of modes of operation |
| JP4743297B2 (en) * | 2009-03-16 | 2011-08-10 | コニカミノルタビジネステクノロジーズ株式会社 | Image forming apparatus, function expansion method, and user authentication system |
| EP2850555B1 (en) * | 2012-05-16 | 2022-11-30 | Nokia Technologies Oy | Method in a processor, an apparatus and a computer program product |
| DE102015001637A1 (en) | 2015-02-07 | 2016-08-25 | Gorilla Electronics GmbH | Electrical plug-in connector and electronic key and method for ownership-based authentication with switchable authentication security levels and switchable knowledge-based or property-based authentication for authenticating an action, a person or a data transmission via the connector |
| US20160248809A1 (en) * | 2015-02-20 | 2016-08-25 | Intel Corporation | Methods and apparatus to process data based on automatically detecting a security environment |
| US10686765B2 (en) | 2017-04-19 | 2020-06-16 | International Business Machines Corporation | Data access levels |
| CN111259417A (en) * | 2020-01-13 | 2020-06-09 | 奇安信科技集团股份有限公司 | File processing method and device |
| EP4044553A1 (en) * | 2021-02-15 | 2022-08-17 | Koninklijke Philips N.V. | Method and device to provide a security level for communication |
Family Cites Families (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5870474A (en) * | 1995-12-04 | 1999-02-09 | Scientific-Atlanta, Inc. | Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers |
| US3790700A (en) * | 1971-12-17 | 1974-02-05 | Hughes Aircraft Co | Catv program control system |
| US4914697A (en) | 1988-02-01 | 1990-04-03 | Motorola, Inc. | Cryptographic method and apparatus with electronically redefinable algorithm |
| US4962533A (en) * | 1989-02-17 | 1990-10-09 | Texas Instrument Incorporated | Data protection for computer systems |
| US5029207A (en) * | 1990-02-01 | 1991-07-02 | Scientific-Atlanta, Inc. | External security module for a television signal decoder |
| US5172413A (en) * | 1990-12-20 | 1992-12-15 | Sasktel | Secure hierarchial video delivery system and method |
| US5461372A (en) * | 1993-01-19 | 1995-10-24 | Honeywell Inc. | System and method for modifying security in a security system |
| IL111151A (en) * | 1994-10-03 | 1998-09-24 | News Datacom Ltd | Secure access systems |
| JPH088853A (en) * | 1994-06-24 | 1996-01-12 | Sony Corp | Scrambling device and descrambling device |
| US5602916A (en) * | 1994-10-05 | 1997-02-11 | Motorola, Inc. | Method and apparatus for preventing unauthorized monitoring of wireless data transmissions |
| EP0766471A1 (en) * | 1994-12-27 | 1997-04-02 | Kabushiki Kaisha Toshiba | Transmitter, receiver, communication processing system integrating them, and digital television broadcasting system |
| US5805674A (en) * | 1995-01-26 | 1998-09-08 | Anderson, Jr.; Victor C. | Security arrangement and method for controlling access to a protected system |
| HRP970160A2 (en) * | 1996-04-03 | 1998-02-28 | Digco B V | Method for providing a secure communication between two devices and application of this method |
| US5930361A (en) * | 1996-12-31 | 1999-07-27 | Time Warner Cable, A Division Of Time Warner Entertainment Company, L.P. | Video inversion detection apparatus and method |
| GB9719726D0 (en) | 1997-09-16 | 1998-03-18 | Simoco Int Ltd | Encryption method and apparatus |
| GB2329497B (en) * | 1997-09-19 | 2001-01-31 | Ibm | Method for controlling access to electronically provided services and system for implementing such method |
| WO1999023538A1 (en) * | 1997-10-28 | 1999-05-14 | Georgia Tech Research Corporation | Adaptive data security system and method |
| US6128735A (en) | 1997-11-25 | 2000-10-03 | Motorola, Inc. | Method and system for securely transferring a data set in a data communications system |
| US6047262A (en) * | 1998-03-02 | 2000-04-04 | Ncr Corporation | Method for providing security and enhancing efficiency during operation of a self-service checkout terminal |
| US6160903A (en) * | 1998-04-24 | 2000-12-12 | Dew Engineering And Development Limited | Method of providing secure user access |
| US6154525A (en) * | 1998-05-11 | 2000-11-28 | Detection Systems, Inc. | Security system with call forwarding activation |
| US6266754B1 (en) * | 1998-05-29 | 2001-07-24 | Texas Instruments Incorporated | Secure computing device including operating system stored in non-relocatable page of memory |
| US6324646B1 (en) * | 1998-09-11 | 2001-11-27 | International Business Machines Corporation | Method and system for securing confidential data in a computer network |
| US6530024B1 (en) * | 1998-11-20 | 2003-03-04 | Centrax Corporation | Adaptive feedback security system and method |
| US7146506B1 (en) * | 1999-05-25 | 2006-12-05 | Intel Corporation | Digital video display system |
| US20020018571A1 (en) * | 1999-08-31 | 2002-02-14 | Anderson Walter F. | Key management methods and communication protocol for secure communication systems |
-
2000
- 2000-05-23 US US09/576,516 patent/US7660986B1/en not_active Expired - Fee Related
- 2000-06-08 WO PCT/US2000/015870 patent/WO2000076117A1/en active IP Right Grant
- 2000-06-08 DE DE60026306T patent/DE60026306T2/en not_active Expired - Lifetime
- 2000-06-08 AT AT00942716T patent/ATE319240T1/en not_active IP Right Cessation
- 2000-06-08 CN CN00808676A patent/CN1354933A/en active Pending
- 2000-06-08 CA CA002373059A patent/CA2373059C/en not_active Expired - Lifetime
- 2000-06-08 EP EP00942716A patent/EP1183818B1/en not_active Expired - Lifetime
- 2000-06-08 KR KR1020017015786A patent/KR20020060073A/en active IP Right Grant
- 2000-06-08 AU AU57301/00A patent/AU770370B2/en not_active Ceased
Also Published As
| Publication number | Publication date |
|---|---|
| WO2000076117A1 (en) | 2000-12-14 |
| ATE319240T1 (en) | 2006-03-15 |
| DE60026306T2 (en) | 2006-11-23 |
| KR20020060073A (en) | 2002-07-16 |
| US7660986B1 (en) | 2010-02-09 |
| DE60026306D1 (en) | 2006-04-27 |
| EP1183818A1 (en) | 2002-03-06 |
| CN1354933A (en) | 2002-06-19 |
| CA2373059A1 (en) | 2000-12-14 |
| AU770370B2 (en) | 2004-02-19 |
| EP1183818B1 (en) | 2006-03-01 |
| AU5730100A (en) | 2000-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2373059C (en) | Secure control of security mode | |
| EP1064788B1 (en) | Improved conditional access and content security method | |
| EP1825678B1 (en) | System and method for secure conditional access download and reconfiguration | |
| EP1370084B1 (en) | System for protecting security registers and method thereof | |
| US7549056B2 (en) | System and method for processing and protecting content | |
| US20040190721A1 (en) | Renewable conditional access system | |
| JP4510281B2 (en) | System for managing access between a method and service provider for protecting audio / visual streams and a host device to which a smart card is coupled | |
| KR101329898B1 (en) | Secure system-on-chip | |
| US6550008B1 (en) | Protection of information transmitted over communications channels | |
| KR100966970B1 (en) | Method of updating a revocation list of noncompliant keys, appliances or modules in a secure system for broadcasting content | |
| US7336785B1 (en) | System and method for copy protecting transmitted information | |
| US6507907B1 (en) | Protecting information in a system | |
| US20080267399A1 (en) | Method and Apparatus for Secure Content Recording | |
| CA2384012A1 (en) | Method and apparatus for preventing piracy of digital content | |
| JP2005245010A5 (en) | ||
| TWI477133B (en) | Methods for decrypting, transmitting and receiving control words, recording medium and control word server to implement these methods | |
| EP0989478B1 (en) | System for providing encrypted data, system for decrypting encrypted data and method for providing a communication interface in such a decrypting system | |
| US10025911B2 (en) | Replay attack prevention for content streaming system | |
| US9740834B2 (en) | Usage rights information for protected content having two parts | |
| KR20030076457A (en) | Time code key module and time control system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKEX | Expiry |
Effective date: 20200608 |
|
| MKEX | Expiry |
Effective date: 20200608 |