公开(公告)号：US20110078444A1

公开(公告)日：2011-03-31

申请号：US12692266

申请日：2010-01-22

申请人： Young Ho JEONG ,  Eun Jung KWON ,  O Hyung KWON ,  Soo In LEE

发明人： Young Ho JEONG ,  Eun Jung KWON ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L9/32 ,  H04L9/08

CPC分类号： H04N21/26613 ,  H04L9/3247 ,  H04L9/3263 ,  H04L9/3273 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/126 ,  H04L2209/56 ,  H04L2209/76 ,  H04N21/4181 ,  H04N21/4623 ,  H04N21/6334 ,  H04N21/8166

摘要： Provided is a re-authentication apparatus in a Downloadable Conditional Access System (DCAS), the re-authentication apparatus includes: a receiving unit to receive a key request message from a Secure Micro (SM); a determination unit to determine whether to perform re-authentication depending on downloading of SM client image; an identification unit to identify an SM identifier using the key request message, when the re-authentication is performed as a result of the determination; an extraction unit to retrieve previous session information corresponding to the SM identifier and to extract keying information about the previous session information; and an encryption unit to control an encryption key about the SM client image to be reused, the SM client image being encrypted in a previous session based on the previous session information using the keying information.

摘要翻译： 提供了一种可下载条件接入系统（DCAS）中的重认证装置，重认证装置包括：接收单元，用于从安全微（SM）接收密钥请求消息; 确定单元，用于根据SM客户端图像的下载来确定是否执行重新认证; 当作为所述确定的结果执行所述重新认证时，使用所述密钥请求消息来识别SM标识符的识别单元; 提取单元，用于检索与所述SM标识符相对应的先前会话信息，并提取关于所述先前会话信息的密钥信息; 以及加密单元，用于基于使用所述密钥信息的先前会话信息来控制关于要再次使用的SM客户端图像的加密密钥，所述SM客户端图像在先前会话中被加密。

公开(公告)号：US20090150672A1

公开(公告)日：2009-06-11

申请号：US12330729

申请日：2008-12-09

申请人： Eun Jung KWON ,  Han Seung KOO ,  Soon Choul KIM ,  Young Ho JEONG ,  Heejeong KIM ,  O Hyung KWON ,  Soo In LEE

发明人： Eun Jung KWON ,  Han Seung KOO ,  Soon Choul KIM ,  Young Ho JEONG ,  Heejeong KIM ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L9/00 ,  H04N7/167 ,  H04K1/00

CPC分类号： H04L9/085 ,  H04L9/0869 ,  H04L9/321 ,  H04L9/3273 ,  H04L2209/56 ,  H04N7/1675 ,  H04N21/26613

摘要： Disclosed is a mutual authentication method and apparatus in a CAS including a headend system and DCAS host. In particular, example embodiments relate to a mutual authentication method and apparatus in DCAS, wherein the mutual authentication is performed between an authentication server of the headend system and an SM of a DCAS host, and then CAS software is downloaded to the SM. According to the example embodiments, there is provided a mutual authentication protocol between the authentication server of the headend and the SM of the DCAS host in a cable network, and also provided a mutual authentication method and apparatus in the DCAS where a substantial authentication based on a hardware, such as a smart card or a cable card, is not needed.

摘要翻译： 公开了一种包括前端系统和DCAS主机的CAS中的相互认证方法和装置。 特别地，示例性实施例涉及DCAS中的相互认证方法和装置，其中在头端系统的认证服务器和DCAS主机的SM之间执行相互认证，然后将CAS软件下载到SM。 根据示例性实施例，在有线网络中提供前端的认证服务器和DCAS主机的SM之间的相互认证协议，并且还提供了在DCAS中的相互认证方法和装置，其中基于 不需要诸如智能卡或有线卡的硬件。

公开(公告)号：US20090144539A1

公开(公告)日：2009-06-04

申请号：US12246663

申请日：2008-10-07

申请人： Young Ho JEONG ,  Soon Choul KIM ,  Heejeong KIM ,  Eun Jung KWON ,  Han Seung KOO ,  O Hyung KWON ,  Soo In LEE

发明人： Young Ho JEONG ,  Soon Choul KIM ,  Heejeong KIM ,  Eun Jung KWON ,  Han Seung KOO ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L9/00

CPC分类号： H04L9/321 ,  G06F21/33 ,  H04L9/083 ,  H04L9/3273 ,  H04L2209/76 ,  H04N7/1675 ,  H04N21/2541 ,  H04N21/42623 ,  H04N21/63345 ,  H04N21/8193 ,  H04N21/835

摘要： A method of operating a headend system for a downloadable conditional access service, the method including: receiving, by an Authentication Proxy (AP) server, basic authentication information from a Downloadable Conditional Access System (DCAS) host, the basic authentication information being required to authenticate the DCAS host; transmitting, by the AP server, the basic authentication information to an external trusted authority device which authenticates the DCAS host; generating, by the AP server, a session key for encrypting/decrypting a secure micro client using a session key sharing factor; obtaining, by the AP server, download-related information of the secure micro client from a DCAS Provisioning Server (DPS); and commanding, by the AP server, an Integrated Personalization System (IPS) server to download the secure micro client to the DCAS host based on the download-related information, the secure micro client being encrypted by the session key.

摘要翻译： 一种操作用于可下载条件访问服务的头端系统的方法，所述方法包括：由认证代理（AP）服务器从可下载条件访问系统（DCAS）主机接收基本认证信息，所述基本认证信息需要 验证DCAS主机; 由AP服务器将基本认证信息发送给认证DCAS主机的外部可信管理设备; 由AP服务器生成用于使用会话密钥共享因子加密/解密安全微客户端的会话密钥; 由AP服务器从DCAS配给服务器（DPS）获取安全微客户端的下载相关信息; 并且由AP服务器命令集成个性化系统（IPS）服务器，以便基于下载相关信息将安全微客户端下载到DCAS主机，安全微客户端被会话密钥加密。

公开(公告)号：US20090150669A1

公开(公告)日：2009-06-11

申请号：US12188357

申请日：2008-08-08

申请人： Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

发明人： Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L9/00

CPC分类号： H04N7/1675 ,  H04N21/2541 ,  H04N21/26606 ,  H04N21/26613 ,  H04N21/42623 ,  H04N21/63345 ,  H04N21/8193 ,  H04N21/835

摘要： An apparatus and a method for providing a downloadable conditional access service using a distribution key are provided. With regard to the apparatus for providing the downloadable conditional access service using the distribution key, a subscriber authorization system transmits a target entitlement management massage being encoded with a target distribution key to a host, and the host decodes the encoded target entitlement management message being encoded with the target distribution key included in a target secure micro client.

摘要翻译： 提供了一种使用分发密钥提供可下载条件访问服务的装置和方法。 关于使用分配密钥提供可下载条件访问服务的装置，用户授权系统将目标授权管理按照目标分发密钥发送到主机，并且主机对正被编码的编码的目标授权管理消息进行解码 目标分配密钥包括在目标安全微客户端中。

公开(公告)号：US20100235626A1

公开(公告)日：2010-09-16

申请号：US12719928

申请日：2010-03-09

申请人： Eun Jung KWON ,  Han Seung KOO ,  Soon Choul KIM ,  Heejeong KIM ,  Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

发明人： Eun Jung KWON ,  Han Seung KOO ,  Soon Choul KIM ,  Heejeong KIM ,  Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L9/32 ,  H04N7/167

CPC分类号： H04N7/1675 ,  H04L9/083 ,  H04L9/321 ,  H04L9/3273 ,  H04N21/25816 ,  H04N21/26613 ,  H04N21/4623 ,  H04N21/8193

摘要： A mutual authentication apparatus in a Downloadable Conditional Access System (DCAS) includes an announce protocol processor to authenticate SecurityAnnounce information using an Authentication Proxy (AP) and to transmit the authenticated SecurityAnnounce information to a Secure Micro (SM), a keying protocol processor to relay KeyRequest information and KeyResponse information between a Trusted Authority (TA) and the SM in response to the SecurityAnnounce information, a decryption unit to decrypt the KeyResponse information using the SM, an authentication protocol processor to determine whether a first encryption key of the KeyResponse information is identical to a second encryption key generated by the AP, and a download protocol processor to control DownloadInfo to be transmitted from the AP to the SM, the DownloadInfo permitting the SM to download SM Client Image information.

摘要翻译： 可下载条件接入系统（DCAS）中的相互认证装置包括通知协议处理器，用于使用认证代理（AP）来认证安全宣告信息，并将认证的安全公告信息发送到安全微型（SM），密钥协议处理器进行中继 响应于SecurityAnnounce信息的可信管理机构（TA）和SM之间的KeyRequest信息和KeyResponse信息，使用SM解密KeyResponse信息的解密单元，用于确定KeyResponse信息的第一加密密钥是否为 与由AP产生的第二加密密钥相同，以及下载协议处理器，用于控制从AP到SM的下载信息，所述下载信息允许SM下载SM客户端映像信息。

公开(公告)号：US20100161966A1

公开(公告)日：2010-06-24

申请号：US12643054

申请日：2009-12-21

申请人： Eun Jung KWON ,  Han Seung KOO ,  Soon Choul KIM ,  Heejeong KIM ,  Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

发明人： Eun Jung KWON ,  Han Seung KOO ,  Soon Choul KIM ,  Heejeong KIM ,  Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/00

CPC分类号： H04L9/3273 ,  H04L9/083 ,  H04L9/0877 ,  H04L9/321 ,  H04L63/0442 ,  H04L63/0869 ,  H04L63/123 ,  H04L63/166 ,  H04L2209/56 ,  H04L2209/603

摘要： A mutual authentication method in a Downloadable Conditional Access System (DCAS) is provided. The mutual authentication method may receive authentication-related information about authentication between an authentication unit and a security module (SM) from a Trusted Authority (TA), generate an authentication session key using the authentication-related information, transmit the authentication session key by the authentication unit to the SM through a Cable Modem Termination System (CMTS), and control a Conditional Access System (CAS) software to be downloaded to the SM from the authentication unit, when the authentication is completed by the authentication session key.

摘要翻译： 提供了可下载条件访问系统（DCAS）中的相互认证方法。 相互认证方法可以从可信授权（TA）接收认证单元和安全模块（SM）之间的认证的认证相关信息，使用认证相关信息生成认证会话密钥，通过认证相关信息发送认证会话密钥 通过有线调制解调器终端系统（CMTS）向SM发送认证单元，并且当通过认证会话密钥完成认证时，控制从认证单元下载到SM的条件访问系统（CAS）软件。

公开(公告)号：US20100146116A1

公开(公告)日：2010-06-10

申请号：US12546851

申请日：2009-08-25

申请人： Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

发明人： Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

IPC分类号： G06F15/173

CPC分类号： G06F21/6218 ,  G06F21/33 ,  G06F2221/2151 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0884

摘要： A method of controlling a download load of a Secure Micro (SM) client in a Downloadable Conditional Access System (DCAS) is provided. The method of controlling a download load of an SM client including: analyzing version information of SMs and version information of SM clients to control the download load generated in the DCAS, the version information of the SMs and the version information of the SM clients being provided from an Authentication Proxy (AP) server, and the SM clients being installed in the SMs; determining a download policy associated with a download time of a target SM client for the SMs based on a result of the analysis; and providing the AP server with the determined download policy.

摘要翻译： 提供了一种在可下载条件访问系统（DCAS）中控制安全微服务（SM）客户端的下载负载的方法。 控制SM客户端的下载负载的方法包括：分析SM的版本信息和SM客户端的版本信息，以控制DCAS中生成的下载负载，SM的版本信息和提供的SM客户端的版本信息 来自认证代理（AP）服务器和SM中安装的SM客户端; 基于所述分析的结果，确定与所述SM的目标SM客户端的下载时间相关联的下载策略; 以及向AP服务器提供所确定的下载策略。

公开(公告)号：US20090158401A1

公开(公告)日：2009-06-18

申请号：US12327224

申请日：2008-12-03

申请人： Heejeong KIM ,  Eun Jung KWON ,  Soon Choul KIM ,  Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

发明人： Heejeong KIM ,  Eun Jung KWON ,  Soon Choul KIM ,  Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

IPC分类号： G06F21/20

CPC分类号： G06F21/6209 ,  G06F21/10 ,  G06F2221/2105 ,  G06F2221/2135 ,  H04N21/2543 ,  H04N21/25816 ,  H04N21/26606

摘要： A method and apparatus of supporting a fee-based broadcasting service in a Downloadable Conditional Access System (DCAS) is provided. A control method of a DCAS, the method including: receiving a Conditional Access (CA) image file from a Conditional Access System (CAS) server and receiving Integrated Personalization Server (IPS) access information from an IPS; providing an Authentication Proxy (AP) with information about the received CA image file; controlling the AP to provide a terminal with access information to the IPS and image installation information when the terminal joins a fee-based service based on verifying device information of the terminal; and controlling the IPS to enable the terminal to receive a CA image code of the terminal based on the access information and the image installation information.

摘要翻译： 提供了一种在可下载条件访问系统（DCAS）中支持费用广播服务的方法和装置。 一种DCAS的控制方法，所述方法包括：从条件访问系统（CAS）服务器接收条件访问（CA）图像文件，并从IPS接收集成个性化服务器（IPS）访问信息; 向认证代理（AP）提供关于所接收的CA映像文件的信息; 当终端基于验证终端的设备信息加入费用服务时，控制AP向终端提供对IPS的访问信息和图像安装信息; 以及控制IPS以使终端能够基于访问信息和图像安装信息接收终端的CA映像代码。

公开(公告)号：US20090138720A1

公开(公告)日：2009-05-28

申请号：US12191347

申请日：2008-08-14

申请人： Young Ho JEONG ,  Han Seung KOO ,  O Hyung KWON ,  Soo In LEE

发明人： Young Ho JEONG ,  Han Seung KOO ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L9/06

CPC分类号： H04N7/1675 ,  H04L9/0897 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/0884 ,  H04L63/12 ,  H04L2209/76 ,  H04N21/2541 ,  H04N21/25816 ,  H04N21/4181 ,  H04N21/8193

摘要： A method of operating a Secure Micro (SM) of a host in a Conditional Access (CA) system is provided. The method includes: receiving, by the SM, a SecurityAnnounce message including a certificate of an AP server connected with a host; determining, by the SM, whether a public key stored in a memory in advance exists, and setting a flag as a first state when the public key stored in advance exists; verifying, by the SM, a digital signature with respect to the SecurityAnnounce message using the public key stored in advance; and acquiring, by the SM, another public key of the AP server by parsing the certificate and setting the flag as a second state based on whether the flag corresponds to the first state when the SM is unable to verify the digital signature.

摘要翻译： 提供了一种在条件访问（CA）系统中操作主机的安全Micro（SM）的方法。 该方法包括：由SM接收包括与主机连接的AP服务器的证书的SecurityAnnounce消息; 通过SM确定是否存在存储在存储器中的公开密钥，并且当预先存储的公钥存在时将标志设置为第一状态; 使用预先存储的公钥，通过SM验证关于SecurityAnnounce消息的数字签名; 以及通过解析所述证书并且当所述SM不能验证所述数字签名时所述标志是否对应于所述第一状态，将所述标志设置为第二状态，由所述SM获取所述AP服务器的另一公钥。

公开(公告)号：US20100146276A1

公开(公告)日：2010-06-10

申请号：US12607218

申请日：2009-10-28

申请人： Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

发明人： Young Ho JEONG ,  O Hyung KWON ,  Soo In LEE

IPC分类号： H04L9/32

CPC分类号： H04L63/061 ,  H04L63/0428 ,  H04N21/2541 ,  H04N21/25816 ,  H04N21/26613 ,  H04N21/63775

摘要： A method of managing security-related information in a Downloadable Conditional Access System (DCAS) is provided. The method of managing security-related information in the DCAS, the method including: receiving a request for storage of identification information and security-related information from a target server, the security-related information being required to be securely maintained; transmitting a recovery key to the target server in preparation for a loss of the security-related information in the target server; receiving a request for recovery of the security-related information from the target server, when the security-related information is lost; encrypting the security-related information of the target server using the recovery key; and transmitting the encrypted security-related information to the target server.

摘要翻译： 提供了一种在可下载条件访问系统（DCAS）中管理安全相关信息的方法。 在DCAS中管理安全性相关信息的方法，所述方法包括：从目标服务器接收存储识别信息和安全相关信息的请求，所述安全相关信息需要被安全地维护; 向目标服务器发送恢复密钥，以准备丢失目标服务器中的安全相关信息; 当安全相关信息丢失时，从目标服务器接收到恢复安全相关信息的请求; 使用恢复密钥加密目标服务器的安全相关信息; 并将加密的安全相关信息发送到目标服务器。