| 发明名称 |
Authenticated Communication Between Security Devices |
| 摘要 |
Apparatuses, computer readable media, and methods establishing and maintaining trust between security devices for distributing media content are provided. Two security devices bind to establish an initial trust so that security information can be exchanged. Subsequently, trust is refreshed to verify the source of a message is valid. In an embodiment, the security devices may comprise a security processor and a system on a chip (SoC) in a downloadable conditional access system. Trust may be refreshed by a security device inserting authentication information in a message to another security device, where authentication information may assume different forms, including a digital signature (asymmetric key) or a hash message authentication code (HMAC). Trust may also be refreshed by extracting header information from the message, determining state information from at least one parameter contained in the header information, and acting on message content only when the state information is valid. |
| 申请公布号 |
US2016323294(A1) |
申请公布日期 |
2016.11.03 |
| 申请号 |
US201615008060 |
申请日期 |
2016.01.27 |
| 申请人 |
Comcast Cable Communications, LLC |
发明人 |
Fahrny James;Davoust Nancy |
| 分类号 |
H04L29/06;H04L9/32;H04N21/443;H04N21/4627;H04N21/4367;H04N21/81;G06F21/10;H04N21/254 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
refreshing an initial trust between a first computing device and a second computing device to maintain trust between the first computing device and the second computing device by the first computing device performing at least the following:
receiving, from a trusted authority, an encrypted device-specific non-repeating authenticator associated with the second computing device, wherein the encrypted device-specific non-repeating authenticator is encrypted for decryption by the second computing device;signing a first message with a first key, the first message comprising the encrypted device-specific non-repeating authenticator, a first header parameter comprising a first order sequence rule for the first message and for subsequent messages between the first computing device and the second computing device, and a second header parameter comprising a message order sequence rule for the first message and for the subsequent messages between the first computing device and the second computing device;sending the first message to the second computing device via a secure communication channel between the first computing device and the second computing device; andvalidating a second message from the second computing device based on the first order sequence rule, the message order sequence rule, and a second key. |
| 地址 |
Philadelphia PA US |
