Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
  • H04N21/443—OS processes, e.g. booting an STB, implementing a Java virtual machine in an STB or power management in an STB
  • H04N21/4435—Memory management
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
  • H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
  • H04N21/633—Control signals issued by server directed to the network components or client
  • H04N21/6332—Control signals issued by server directed to the network components or client directed to client
  • H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
  • G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F9/00—Arrangements for program control, e.g. control units
  • G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
  • G06F9/22—Microcontrol or microprogram arrangements
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
  • H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
  • H04N21/4627—Rights management associated to the content
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
  • H04N21/81—Monomedia components thereof
  • H04N21/8166—Monomedia components thereof involving executable data, e.g. software
  • H04N21/8173—End-user applications, e.g. Web browser, game

Definitions

• the invention relates to on-board software and a method for authenticating the latter, in particular in the field of digital television decoders.
• an integrity test of an on-board software is generally carried out by calculating, using an external tool, a reference signature of this software representative of it and by inserting this one in this software.
• the software calculates its own signature and compares this signature with the reference signature. If these signatures are different, the software runs software specific to a defense procedure otherwise it continues normally.
• a known solution consists in taking the principle of the integrity test and combining it with an asymmetric cryptographic algorithm: the reference signature is encrypted with a private key and the result is integrated, in the form of a certificate, into the software. During the control phase, the reference signature is decrypted with an integrated public key to the software before being compared to the reference signature.
• DVD Digital Video Broadcasting
• MHP Multimedia Home Platform
• the object of the invention is to enable the supplier to ensure that this authentication has indeed taken place and that his rights have therefore been respected by the customer.
• the present invention therefore proposes a method for authenticating software downloaded in a terminal, said method comprising a step of authentication by certificate of said software downloaded by means of software embedded in said terminal, characterized in that it comprises , in addition, a certificate authentication step, during the execution of said downloaded software, of said first embedded software by means of an authentication software module associated with said downloaded software.
• the first on-board software authenticates the downloaded software by means of an authentication library and a first certificate; the first on-board software and the authentication library form a first part of write-protected memory, the downloaded software and this first certificate form a second part of loadable memory.
• the first part also comprises a second certificate, the second part also comprises verification software, and, once the downloaded software has been authenticated, the verification software authenticates the first software by means of the authentication library and of the second. certificate.
• these two successive authentications take place on initialization.
• the second part can be downloaded.
• the invention also relates to on-board software comprising a first part of write-protected memory formed by first software and an authentication library, and a second part comprising application software and a first certificate, characterized in that the first part further comprises a second certificate, and in that the second part further comprises verification software.
• This software can be used for example in a digital television decoder, in a PC ("personal computer") type terminal, or in any other on-board device.
• Figure 1 illustrates a method of authentication of the known art.
• Figure 2 illustrates the authentication method of the invention.
• Figure 3 illustrates an example certificate.
• Figure 4 illustrates an example of a signature.
• a first software contained in a first part 10 of write-protected memory authenticates, for example in the initialization phase, a second software, which is the application software, located in a second part 11 which can be loaded using an authentication library located in the first part and a certificate 12 located in this second part 11.
• the term “certificate” having a very specific meaning (An electronic identity which is issued by a trusted third party for a person or a network entity, Each certificate being signed with the private signature key of a certification authority.) And too limiting in authentication techniques, the term “certificate” used in this description also intends to cover, more generally, the terms signature, CRC or other data necessary to verify the authenticity / integrity of software.
• the first part 10 further comprises a second certificate 13, as illustrated in FIG. 2.
• the second part 11 further comprises verification software. This verification software, once the application software has been authenticated, authenticates the first software by means of the authentication library and the second certificate.
• Such a process allows the supplier of the first software to ensure that the client who uses the application software respects his rights.
• the format of the certificate, illustrated in FIG. 3 is as follows:
• Signature (for example 128 bytes) which is the result of an RSA encryption, with a private key, of 1024 bits of the message illustrated in FIG. 4.
• the signature of 1024 bits begins with a byte at 0 to allow its RSA encryption , the rest 20 is filled randomly in a different way before each encryption.
• H_CODE_OFFSET At the offset H_CODE_OFFSET compared to the beginning of the message, there is a Hash code SHAl on 20 bytes. This H_C0DE is preceded by a CHECK_PATTERN reason whose role is to allow the distinction between a bad decryption (rank or value of public key, algorithm, inconsistent certificate) and a bad H_CODE during the integrity check.

Landscapes

• Engineering & Computer Science (AREA)
• Software Systems (AREA)
• Computer Security & Cryptography (AREA)
• Multimedia (AREA)
• Signal Processing (AREA)
• Theoretical Computer Science (AREA)
• General Engineering & Computer Science (AREA)
• Databases & Information Systems (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Computer Hardware Design (AREA)
• Computer Networks & Wireless Communication (AREA)
• Storage Device Security (AREA)
• Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
• Information Transfer Between Computers (AREA)

Priority Applications (5)

Applications Claiming Priority (2)

Publications (2)

Family

ID=32011393

Family Applications (1)

Country Status (9)

Cited By (5)

Families Citing this family (8)

Family Cites Families (6)

• 2002
  • 2002-10-04 FR FR0212325A patent/FR2845493A1/fr active Pending
• 2003
  • 2003-10-02 EP EP03780285A patent/EP1546866A2/fr not_active Withdrawn
  • 2003-10-02 KR KR1020057005479A patent/KR100973203B1/ko not_active Expired - Fee Related
  • 2003-10-02 WO PCT/FR2003/050073 patent/WO2004032328A2/fr not_active Ceased
  • 2003-10-02 JP JP2004540905A patent/JP2006501735A/ja active Pending
  • 2003-10-02 AU AU2003288370A patent/AU2003288370A1/en not_active Abandoned
  • 2003-10-02 CN CNA200380100961XA patent/CN1703668A/zh active Pending
  • 2003-10-02 US US10/529,972 patent/US7356815B2/en not_active Expired - Lifetime
  • 2003-10-02 MX MXPA05003618A patent/MXPA05003618A/es not_active Application Discontinuation

Also Published As

Similar Documents

Legal Events