GB2382286A - Digital network authentication - Google Patents
Digital network authentication Download PDFInfo
- Publication number
- GB2382286A GB2382286A GB0226500A GB0226500A GB2382286A GB 2382286 A GB2382286 A GB 2382286A GB 0226500 A GB0226500 A GB 0226500A GB 0226500 A GB0226500 A GB 0226500A GB 2382286 A GB2382286 A GB 2382286A
- Authority
- GB
- United Kingdom
- Prior art keywords
- item
- items
- network
- new
- identification means
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 claims abstract description 15
- 230000004044 response Effects 0.000 claims description 3
- 238000000034 method Methods 0.000 description 11
- 230000001010 compromised effect Effects 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 6
- 230000008859 change Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005530 etching Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000002161 passivation Methods 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 230000036962 time dependent Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 230000003442 weekly effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/43615—Interfacing a Home Network, e.g. for connecting the client to a plurality of peripherals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/4363—Adapting the video or multiplex stream to a specific local network, e.g. a IEEE 1394 or Bluetooth® network
- H04N21/43632—Adapting the video or multiplex stream to a specific local network, e.g. a IEEE 1394 or Bluetooth® network involving a wired protocol, e.g. IEEE 1394
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/4367—Establishing a secure communication between the client and a peripheral device or smart card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N5/00—Details of television systems
- H04N5/76—Television signal recording
- H04N5/765—Interface circuits between an apparatus for recording and another apparatus
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N5/00—Details of television systems
- H04N5/76—Television signal recording
- H04N5/765—Interface circuits between an apparatus for recording and another apparatus
- H04N5/775—Interface circuits between an apparatus for recording and another apparatus between a recording apparatus and a television receiver
Abstract
Improvements to a digital network 2 and items on the network are provided. The digital network includes a number of items of electrical apparatus, each item of apparatus provided with identification means in the form of private and public encryption keys for allowing communication with other items of apparatus in the network, authentication and compatibility of the private and public encryption keys relating to an item of apparatus being required by said other items of apparatus so that communication can take place between said item and other items of apparatus. If network identification means are updated and an item of apparatus in said network is rendered invalid by said update, new private and/or public encryption keys are generated for said item of apparatus to allow said apparatus to be identifiable and operable as part of said network. The network may further use system renewability messages (SRM) to identify the compatability of items of apparatus for use in the network. The digital network may be an IEEE 1394/Firewire/iLink network and may contain items such as a digital TV (DTV) 8, DVMS 10, DVD player 6, hard disk drive 4 or broadcast data receiver (BDR) 12 such as a set-top-box (STB).
Description
<Desc/Clms Page number 1>
Improvements to Digital Apparatus Networks The invention which is the subject of this application relates to improvements to digital apparatus networks and particularly, to improvements which allow the apparatus in the networks to be controlled in a manner so as to be usable over a prolonged period of time, even if during that period of time one or a number of the items of apparatus are rendered inoperable due to a change in the system protocol.
Increasingly, items of digital apparatus such as, for example, DVD players, broadcast data receivers, television sets and the like are connected to each other via a digital network, typically using the interface known as IEEE 1394. This form of interface allows a particular protocol to be adopted whereby each of the items of digital apparatus on the network is aware of the other items of apparatus on the network and the identities of the same, thereby allowing interaction between the items of apparatus to occur.
Typically, upon adding a new item of digital apparatus to existing networked items of apparatus, each existing item will have a"certificate" (a form of identification code) which authenticates and identifies the new item and a coded key is provided for the apparatus, thereby allowing the same if the coded key is acceptable to be usable in conjunction with the existing network.
Thus, in normal operating circumstances, when an item of apparatus is to be used in conjunction with the network and other items in the network, an authentication and key exchange (AKE) protocol is followed between the connected items of apparatus before the sharing of information between the same is possible.
<Desc/Clms Page number 2>
The contents of the information can be encrypted by using a content cipher (M6 in the case of 5C encryption for IEEE1394) and a content key to encrypt the digital content.
From time to time, system renewability messages (SRMs) are provided to the network either by, for example, the insertion of a disc into a DVD player with the disc having a renewed SRM carried thereon, or alternatively, if a broadcast data receiver is provided as part of the network, by the downloading from the broadcaster of a new SRM. The, SRMs are typically generated by a digital transmission licensing authority (DTLA) and delivered to the network by a number of the following means, such as :-
Pre-recorded content source devices such as DVD players update the SRM from pre-recorded content media such as a
DVD that has the latest SRM table entered at the time the content is mastered
Items of apparatus are able to update an SRM from another compliant item of apparatus with a newer SRM so that for example, if the DVD player receives the new SRM then that
SRM information is passed to all of the items of apparatus in the network.
Items of apparatus such as a digital broadcast data receiver can receive an updated SRM from content stream data or from another compliant item of apparatus with a newer
SRM.
Items of apparatus such as digital televisions are able to update an SRM from another compliant device with a newer
SRM and other items of apparatus such as DVD recorders
<Desc/Clms Page number 3>
or DVHS recorders are also required to support the SRM for pre-recorded copyright content.
While the provision of updated SRMs is obviously desirable to keep the network up-to-date and allow the connection of potentially new devices which may be subsequently added, there is a significant problem with respect to items of apparatus which may already be connected to the network and which may be compromised by the updating of the SR ; \1. For example, if a new SRM is downloaded via one of the items of apparatus as described previously, that SRM is used to update all the SRM information on all the items of apparatus. Thus, an item of apparatus connected to the network may be included in the new version of the SRM and this means that it is no longer recognised by the other items of apparatus on the network which are not updated. Hence this item of apparatus is fully revoked from the network and can never be authenticated at the AKE stage and hence will no longer be recognised as a node in the network.
This is a significant problem with the Digital Transmission Content Protection (DTCP) specification as every renewal of an SRM can result in the revocation of compromised items of apparatus during subsequent authentication and key exchange, and subsequently the number of items of apparatus which are operational on the digital network is reduced.
Another problem which is experienced with items of apparatus which download data, such as broadcast data receivers (BDRs), regardless of whether they are provided as part of a digital network as described above or not, is that the same are susceptible to unauthorised parties gaining access to the services available via the apparatus. Such devices typically incorporate a Smart Card device with access to the services only possible
<Desc/Clms Page number 4>
when a correct and authorised Smart Card is inserted into the apparatus to complete the processing function. However,
Smart Cards are susceptible to placement in unauthorised BDRs which can still allow the same to operate properly but without the authority of the service provider. When one considers that the service providers rely on monthly subscriptions to make profits from the provision of these services, and that the Smart
Cards are only provided to those parties which pay said subscriptions, it will readily be appreciated that the unauthorised access to services by persons who do not have the authorised Smart Card, represents a loss of revenue to the service provider.
A typical Smartcard consists of a microprocessor with ROM/RA1\f EEPROM and serial input and output in a single chip that is mounted on a plastic, credit card sized, carrier. Key material is kept in the EEPROM. It is a known fact that SmartCards are routinely broken by various logical and physical attacks such as: 1) applying various voltages and temperatures during write access to the security part of the chip (known as non-invasive attacks).
2) Physical attacks by focusing UV light on the security lock cell on microcontrollers, or removing the covering plastic for microprobing experiments.
3) Other techniques include ultrasonic vibration. Laser cutter microscopes have also been successfully used to attack and subsequently remove the passivation layer prior to probing the chip.
The attacks described above are carried out by so-called "outsiders"who have little or no knowledge of the system. Such attacks are often used to break SmartCards that protect digital content on Pay TV. Other more sophisticated attacks include reverse engineering chips in a Laboratory by cleanly etching
<Desc/Clms Page number 5>
away a layer of a chip at a time and taking images of each
I successive layer. Image processing software on a PC will sharpen the image to a polygon representation to identify the features on the chip.
Another objective of the present invention is to replace theSmartCard (and the associated Card Reader) in set-top-boxes (or BDRs) and Residential Gateways, with an alternative embedded renewability mechanism.
Thus, there are a number of aims of the present invention, which aims are addressed by the invention. A first aim is to ensure that devices which may have been authorised to be used on a IEEE 1394 digital network can still be authorised for operation on the network following the update of an SRl\1 throughout the network. A further aim is to allow items which use Smart Cards, such as broadcast data receivers, to be provided in an alternative form but in a form which still allows access to the services provided by the item of apparatus, but only by those authorised to do so.
In a first aspect of the invention there is provided a digital network, said digital network including a number of items of electrical apparatus, each item of apparatus provided with identification means for allowing communication with other items of apparatus in the network, and the authentication and compatibility of identification means relating to an item of apparatus is required by said other items of apparatus is the network so that communication can take place between said item and other items of apparatus and wherein if identification means are updated for an item or items as the network and an item of apparatus in said network is rendered invalid by said update, a new identification means is generated for said item of apparatus
<Desc/Clms Page number 6>
to allow said apparatus to be identifiable and operable as part of said network.
Preferably the system for generating the new identification means is generated using an algorithm embedded in the item of apparatus, either in the hardware or software, downloaded by an operator or broadcast from a broadcaster. The algorithm, in one embodiment, can also form part of a network management system.
In one embodiment the new identification can be generated at random, such as by using a random number generator.
Preferably the identification means uses an encryption system such as public and private key encryptions. The private key encryption can be treated to as a certificate exclusive to a particular item of apparatus.
In a preferred embodiment it is a new private key encryption which is generated on identification of a new public key encryption being used by the network. Thus, if the public key identification is updated, and this is not compatible with the private key encryption used by the item of apparatus, the item of apparatus generates a new private key encryption.
Preferably key exchange between the items of apparatus in the network occurs when communication is required between the same and both public and private keys are required to be authenticated and compatible for communication between the items of apparatus to take place.
Preferably the network uses a system renewability message (SRM) to identify the compatibility of items of apparatus for use in the network. Thus, a compromised or illegal item of
<Desc/Clms Page number 7>
apparatus not listed in the updated SRM is deemed to be compatible to communicate with other items of apparatus in the network and carries on in operation. Those compromised or illegal items of apparatus that are listed in the updated SRM are deemed not to be compatible with the network and new identification means are generated in respect of those items in order for the same to operate.
The item of apparatus has means for recognising it is on an updated SRM list and, when recognised, invokes the generation
s 4 r-of new identification means.
Preferably the new identification means is generated for an item of apparatus by selection of a new private key from a list of prestored keys in the apparatus, a new public key then being generated in response to the new private key.
Alternatively, the data for use in generating new identification means is transmitted to the apparatus at pre-determined time intervals.
In one embodiment a number of designated criteria are required to be identified before the new identification means is generated. The criteria in the apparatus are typically required to be matched with a number of designated criteria transmitted to the apparatus.
Preferably if the designated criteria match, the new identification means for the item of apparatus is generated.
The designated criteria can include any or any combination of a particular time at which the updated identification means was transmitted, a code, a particular protocol for transmitting the
<Desc/Clms Page number 8>
data and/or a particular configuration of data. The service provider can designate the criteria to be matched.
In one embodiment, the method for generating new public and private keys is as follows :-
The certificate number/identification means of a compromised device is listed on the updated SRNC table. The new SRM messages are then distributed throughout the digital network. If the new SRM version is received by a compromised item of apparatus which identifies itself on the SRM table, the generation of new private and/or public keys is invoked. Thus, for example, a new private key can be selected from a list of pre-stored keys and a new public key is generated in response to the private key. This is then authenticated with respect to the updated SRM.
According to a second aspect of the present invention there is provided an item of electrical apparatus for use in a digital network including a number of other items of electrical apparatus, said item of apparatus provided with identification means for allowing communication with said other items of apparatus in the network, said identification means required to be authenticated and compatible with said other items of apparatus for communication between said item and other items of apparatus to take place and wherein in the event that identification means are updated in the network and said item of apparatus is compromised and rendered inoperable by said update, a new identification means is generated for said item of apparatus to allow said apparatus to be identifiable and operable as part of said network.
According to a further aspect of the invention there is provided an item of electrical apparatus which is rendered operable when
<Desc/Clms Page number 9>
a particular authentication code is received as part of broadcast data, said item of apparatus being inoperable unless said authentication code is received, said authentication code referred to as a key which, if it matches the private key held in the apparatus, renders the apparatus operational and characterised in that at time intervals, data to allow the generation of a new private key is transmitted to the item of apparatus and thereafter, a new public key is transmitted and, said new public key is required to match the new private key to allow the item of apparatus to be operational thereafter.
Typically the generation of the new private key will take place over a period of time and will be renewed at regular intervals thereafter.
In one embodiment, for the generation of the private key, a number of designated criteria are required to match before the new private key can be generated. Thus, for example, a number of criteria can be predetermined in the item of apparatus itself and a number of other criteria are required to be provided in the data which is transmitted to the apparatus. If the criteria match then a method embedded within the item of apparatus will generate the new private key. The criteria can be any or any combination of, for example, a particular time at which the new private key data is transmitted on the updated SRM table. The new key, a code or code word which is required to be transmitted along with the other data at the designated time, a particular protocol for transmitting the data, a particular configuration of data and so on and the combination of criteria can be set by the service provider to determine a particular level of security which they wish to achieve.
The method by which the embedded algorithm generates a new private key is normally not as important as the concept. I. e. the
<Desc/Clms Page number 10>
capability of remotely invoking an embedded algorithm by whatever mechanism to replace the possibly compromised private key of the device. In practice, the technique to achieve this may well be more sophisticated than what has been outlined above. The ultimate objective is to replace the SmartCard (and the associated Card Reader) in the BDR (or Residential Gateways) with an embedded system which can be made as or more secure than the SmartCard equivalent by remotely controlling & regularly renewing by invoking the embedded algorithm/mechanism (system) to generate new & valid private keys.
This saves significant cost in terms of required hardware in the device, saves on the logistics of distributing SmartCards every time they're compromised, and reduces criminal incentive for SmartCard fraud.
Specific embodiments of the invention are now described; wherein Figure 1 illustrates a schematic diagram of a first aspect of the invention; and Figure 2 illustrates a schematic diagram of a second aspect of the invention.
Referring firstly to Figure 1, there is illustrated a network 2 of digital apparatus comprising a Hard disk Drive 4, DVD player 6, Digital Television 8, digital video device 10 and broadcast data receiver 12. Utilising an IEEE 1394 Interface the items of apparatus 4,6, 8,10, 12 can communicate with each other via the network. In practise, to ensure that an item of apparatus is authorised for use in the network, a key exchange takes place (referred to as authentication & key exchange) whereby an
<Desc/Clms Page number 11>
electronic check is undertaken to ensure that a particular item of apparatus, say the broadcast data receiver (BDR) 12 is authorised to be operable on the network. Thus the authentication and key exchange allows an item of apparatus to be identified within a network and communication between apparatus in the network to take place.
In order to ascertain whether the BDR is authorised for use in the network, reference is made to the most recent SRM which is received and held in memory of the BDR and which lists unauthorised items of apparatus for the network. If the BDR or identification means for the BDR (i. e. certificate number) is on the list the key exchange does not occur and authentication of the BDR with the network fails. As such, the BDR is not accepted as part of the network and is therefore inoperable. If on the other hand, the certificate number of the BDR is not listed on the SRM, then the BDR can successfully authenticate with other devices on the network, thereby allowing communication to take place. This process of authentication and key exchange generally only occurs when the SRM is updated, typically by providing the SRM via a DVD, direct broadcast and/or the like.
In any event an updated SRM can result in an item of apparatus connected to the network at that time no longer being authorised for use with the network if it appears on the updated SRM table. If this occurs, conventionally the item of apparatus is no longer usable as part of the network. However, in accordance with the present invention if it is detected that a device which was connected to the network is no longer usable then, rather than discard the device, a method is provided whereby a new access key set is generated for the item of apparatus which is compatible with the key sets of the other networked apparatus, thereby rendering the item operable again.
<Desc/Clms Page number 12>
This method is typically a mechanism embedded in the item of apparatus and invoked only if the apparatus identifies itself on an updated SRNI.
Figure 2 illustrates a further aspect of the present invention in which a BDR 14 is provided data processing adaptability. At least part of the processing capability is provided via a Smart
Card 16 in conventional manner. The BDR receives data via a transport stream 20 which can include at spaced time intervals primary data 22, timing data 24 and a code 26.
Conventionally, the BDR 14 becomes operable when the Smart Card 16 is inserted in the BDR, thereby allowing the viewing, if authorised, of selected services provided by the SmartCard provider.
However, in accordance with the present invention, the smart card 16 is not required and therefore can be received. Instead, as embedded mechanism 18 is broadcast with the data transport stream to the BDR at pre-determined time intervals by the broadcaster. If data in the data transport stream matches a specified key code in the BDR, the BDR becomes operable by starting use of it's private key. However, if this system was to continue over a period of time, this system alone is susceptible to fraud, so at time intervals, say every 7 days, a new public/private key pair is generated by the BDR. This is done by generating primary data 22 which allows the private key to be generated, timing data 24 which allows the time of the private key generation and change to be set and a code 26 which is required to match a code held in the BDR before the change of private key will occur.
The change is triggered by data broadcast to the BDR.
<Desc/Clms Page number 13>
If the received data is acceptable to the BDR the embedded algorithm 18 in the BDR is used to either select a new private key from a pre-stored batch of keys in memory, or generate a new private/public key. Any broadcast data to the BDR from the time of change will then incorporate the newly generated private/public key in their encryption rather than the old one, in order for the BDR to be operable. This process can then be repeated as often as required and so prevents an unauthorised user of the BDR from being able to gain access for any significant period of time.
A further mechanism for employing the embedded algorithm in the BDR when generating a new key is provided below. In order to maintain synchronisation between the BDR and the head-end, the BDR stores the reference clock/date extracted from the last received data transport stream in its non-volatile memory space (i. e. EEPROM). A process is then undertaken to correlate the stored clock/date reference with the current clock/date value in order to determine whether it needs to run the embedded algorithm (or the key selection algorithm) and, more importantly, how many time it needs to run it. For example, if the difference between the clock/date reference and the clock/date value is two weeks, and if selecting/generating new keys is normally performed on a weekly basis, then the embedded algorithm runs twice to update and synchronise itself with the head-end. This is to ensure the BDR remains in synchronisation with the head end even if the BDR has been switched off/unplugged for a duration of time.
The embedded algorithm for key selection or key generation is accurately time dependent such that the timing of when the BDR invokes the algorithm coincides substantially identically with the head end corresponding key selection/generation. Thus, in
<Desc/Clms Page number 14>
accordance with the above method, the BDR and head end can continue to interact with one another without any problem.
Claims (22)
1. A digital network, said digital network including a number of items of electrical apparatus, each item of apparatus provided with identification means for allowing communication with other items of apparatus in the network, and the authentication and compatibility of identification means relating to an item of apparatus is required by said other items of apparatus in the network so that communication can take place between said item and other items of apparatus and wherein if identification means are updated for an item or items on the network and an item of apparatus in said network is rendered invalid by said update, a new identification means is generated for said item of apparatus to allow said apparatus to be identifiable and operable as part of said network.
2. A digital network according to claim 1 wherein the new identification means is generated using an algorithm provided in the item of apparatus.
3. A digital network according to claim 1 wherein the new identification means is generated using an algorithm provided as part of a network management system.
4. A digital network according to claim 1 wherein the new identification means is generated at random.
5. A digital network according to claim 1 wherein the network uses a system renewability message (SRM) to identify the compatibility of items of apparatus for use in the network.
6. A digital network according to claim 5 wherein only those items of apparatus not listed in the SRM are deemed to be
<Desc/Clms Page number 16>
compatible to communicate with other items of apparatus in the network.
7. A digital network according to claim 5 wherein those items of apparatus listed in the SRM as not being compatible have a new identification means generated therefor.
8. A digital network according to claim 1 wherein data to allow the generation of new identification means is transmitted to the apparatus at pre-determined time intervals.
9. A digital network according to claim 1 wherein a number of designated criteria are required to be identified before the new identification means is generated.
10. A digital network according to claim 9 wherein a number of designated criteria in the item of apparatus are required to be matched with a number of designated criteria transmitted to the apparatus.
11. A digital network according to claim 10 wherein if the designated criteria match, the new identification means for the item of apparatus is generated.
12. A digital network according to claims 9 or 10 wherein the designated criteria can include any or any combination of a particular time at which the updated identification means was transmitted, a code, a particular protocol for transmitting the data and/or a particular configuration of data.
13. A digital network according to claim 11 wherein the service provider designates the criteria to be matched.
<Desc/Clms Page number 17>
14. A digital network according to claim 1 wherein the identification means includes a public and private key encryption.
15. A digital network according to claim 14 wherein key exchange between the items of apparatus in the network occurs and both public and private keys are required to be authenticated and compatible for communication between the items of apparatus to take place.
16. A digital network according to claim 14 wherein a new private key is generated for an item of apparatus if said item of apparatus is identified in a SRM.
17. A digital network according to claim 16 wherein a new private key is generated from a list of pre-stored keys in the apparatus, a new public key then being generated in response to the new private key.
18. An item of electrical apparatus for use in a digital network including a number of other items of electrical apparatus, said item of apparatus provided with identification means for allowing communication with said other items of apparatus in the network, said identification means required to be authenticated and compatible with said other items of apparatus for communication between said item and other items of apparatus to take place and wherein in the event that identification means are updated in the network and said item of apparatus is rendered invalid by said update, a new identification means is generated for said item of apparatus to allow said apparatus to be identifiable and operable as part of said network.
<Desc/Clms Page number 18>
19. An item of electrical apparatus which is rendered operable when a particular authentication code is received as part of broadcast data, said item of apparatus being inoperable unless said authentication code is received, said authentication code referred to as a key which, if it matches the private key held in the apparatus, renders the apparatus operational and characterised in that at time intervals, data to allow the generation of a new private key is transmitted to the item of apparatus and thereafter, a new public key is transmitted and, said new public key is required to match the new private key to allow the item of apparatus to be operational thereafter.
20. Apparatus according to claim 19 wherein the generation of the new private key will take place over a period of time and will be renewed at regular intervals thereafter.
21. Apparatus according to claim 19 wherein for the generation of the private key, a number of designated criteria are required to match before the new private key can be generated.
22. Apparatus according to claim 19 wherein the generation of the new key occurs in the BDR.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB0127400A GB0127400D0 (en) | 2001-11-13 | 2001-11-13 | Improvements to digital apparatus networks |
Publications (3)
| Publication Number | Publication Date |
|---|---|
| GB0226500D0 GB0226500D0 (en) | 2002-12-18 |
| GB2382286A true GB2382286A (en) | 2003-05-21 |
| GB2382286B GB2382286B (en) | 2004-09-08 |
Family
ID=9925811
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB0127400A Ceased GB0127400D0 (en) | 2001-11-13 | 2001-11-13 | Improvements to digital apparatus networks |
| GB0226500A Expired - Lifetime GB2382286B (en) | 2001-11-13 | 2002-11-14 | Improvements to digital apparatus networks |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB0127400A Ceased GB0127400D0 (en) | 2001-11-13 | 2001-11-13 | Improvements to digital apparatus networks |
Country Status (1)
| Country | Link |
|---|---|
| GB (2) | GB0127400D0 (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0485887A2 (en) * | 1990-11-16 | 1992-05-20 | General Instrument Corporation Of Delaware | Apparatus and method for upgrading terminals to maintain a secure communication network |
| US5261002A (en) * | 1992-03-13 | 1993-11-09 | Digital Equipment Corporation | Method of issuance and revocation of certificates of authenticity used in public key networks and other systems |
| WO1999007146A1 (en) * | 1997-08-01 | 1999-02-11 | Scientific-Atlanta, Inc. | Representing entitlements to service in a conditional access system |
| GB2357407A (en) * | 1999-12-17 | 2001-06-20 | Int Computers Ltd | Cryptographic key replacement using key lifetimes |
-
2001
- 2001-11-13 GB GB0127400A patent/GB0127400D0/en not_active Ceased
-
2002
- 2002-11-14 GB GB0226500A patent/GB2382286B/en not_active Expired - Lifetime
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0485887A2 (en) * | 1990-11-16 | 1992-05-20 | General Instrument Corporation Of Delaware | Apparatus and method for upgrading terminals to maintain a secure communication network |
| US5261002A (en) * | 1992-03-13 | 1993-11-09 | Digital Equipment Corporation | Method of issuance and revocation of certificates of authenticity used in public key networks and other systems |
| WO1999007146A1 (en) * | 1997-08-01 | 1999-02-11 | Scientific-Atlanta, Inc. | Representing entitlements to service in a conditional access system |
| GB2357407A (en) * | 1999-12-17 | 2001-06-20 | Int Computers Ltd | Cryptographic key replacement using key lifetimes |
Non-Patent Citations (2)
| Title |
|---|
| http://www.dtcp.com/data/wp_spec.pdf, "5C Digital Transmission Content Protection", White Paper, Revision 1.0, 14/07/1998 * |
| http://www.siimage.com/documents/SiI-WP-002-A.pdf, Silicon Image, "High-bandwidth Digital Content Protection" White Paper, February 2000 * |
Also Published As
| Publication number | Publication date |
|---|---|
| GB2382286B (en) | 2004-09-08 |
| GB0226500D0 (en) | 2002-12-18 |
| GB0127400D0 (en) | 2002-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100966970B1 (en) | Method of updating a revocation list of noncompliant keys, appliances or modules in a secure system for broadcasting content | |
| US7383438B2 (en) | System and method for secure conditional access download and reconfiguration | |
| US7725720B2 (en) | Method for generating and managing a local area network | |
| JP4633202B2 (en) | Method for providing secure communication between two devices and application of this method | |
| JP4663628B2 (en) | Data transfer protection method and apparatus | |
| EP1064788B1 (en) | Improved conditional access and content security method | |
| KR101406350B1 (en) | Method for managing consumption of digital contents within a client domain and devices implementing this method | |
| KR100867033B1 (en) | Device and method for selectively supplying access to a service encrypted using a control word, and smart card | |
| JP2004506353A (en) | Secure delivery of digital data representing multimedia content | |
| KR100936458B1 (en) | Device for processing and method for transmitting data encrypted for a first domain in a network belonging to a second domain | |
| CA2494999C (en) | Method for verifying validity of domestic digital network key | |
| EP1966707B1 (en) | Method and apparatus for storing and retrieving encrypted programming content such that it is accessible to authorized users from multiple set top boxes | |
| EP2247105A1 (en) | Method to secure access to audio/video content in a decoding unit | |
| GB2382286A (en) | Digital network authentication | |
| EP1222819B1 (en) | System and method of verifying authorization for communicating protected content | |
| CA2250833C (en) | Method for providing a secure communication between two devices and application of this method | |
| JPH11196083A (en) | Method for transferring scramble key | |
| KR20110028784A (en) | A method for processing digital contents and system thereof | |
| JP2007036380A (en) | Receiver, cas module and distribution method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PE20 | Patent expired after termination of 20 years |
Expiry date: 20221113 |