CA2467907C - Method and system for providing security within multiple set-top boxes assigned for a single customer - Google Patents
Method and system for providing security within multiple set-top boxes assigned for a single customer Download PDFInfo
- Publication number
- CA2467907C CA2467907C CA2467907A CA2467907A CA2467907C CA 2467907 C CA2467907 C CA 2467907C CA 2467907 A CA2467907 A CA 2467907A CA 2467907 A CA2467907 A CA 2467907A CA 2467907 C CA2467907 C CA 2467907C
- Authority
- CA
- Canada
- Prior art keywords
- top box
- slave
- master
- response
- unit key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/43615—Interfacing a Home Network, e.g. for connecting the client to a plurality of peripherals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/4367—Establishing a secure communication between the client and a peripheral device or smart card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/442—Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
- H04N21/44227—Monitoring of local network, e.g. connection or bandwidth variations; Detecting new devices in the local network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/4508—Management of client data or end-user data
- H04N21/4532—Management of client data or end-user data involving end-user characteristics, e.g. viewer profile, preferences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/10—Adaptations for transmission by electrical cable
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/165—Centralised control of user terminal ; Registering at central
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/20—Adaptations for transmission via a GHz frequency band, e.g. via satellite
Abstract
Two or more set-top boxes are installed in a household. A communications link, preferably a physical link, is provided between or among the set-top boxes. One of the boxes is designated as a "master" box while the other box or boxes are "slaves". The slave box will use the communications link to communicate in a secured and encrypted manner with the master box. If that communication is severed, e.g., if an attempt is made to move the slave box to another household to provide unauthorized service in that household, the slave box will stop working when it can no longer communicate with the master box.
Description
TITLE
Method and System for Providing Security within Multiple Set-Top Boxes Assigned for a Single Customer TECHNICAL FIELD
[0001] The present invention relates to the fields of cable and satellite television.
More particularly, the present invention relates to the field of operating a network that includes set-top boxes to provide customers with cable or satellite television and other services. The present invention provides a means and method for securely providing multiple set-top boxes for use by a single customer while preventing the unauthorized use of a secondary set-top box by another party.
BACKGROUND
Method and System for Providing Security within Multiple Set-Top Boxes Assigned for a Single Customer TECHNICAL FIELD
[0001] The present invention relates to the fields of cable and satellite television.
More particularly, the present invention relates to the field of operating a network that includes set-top boxes to provide customers with cable or satellite television and other services. The present invention provides a means and method for securely providing multiple set-top boxes for use by a single customer while preventing the unauthorized use of a secondary set-top box by another party.
BACKGROUND
[0002] The cable and satellite television industry provides customers with the ability to view a wide variety of television programming for a fee, usually paid monthly.
Providing cable or satellite television programming is typically accomplished through a "set-top box." A set-top box is a box of electronics that is connected between the cable or satellite television system and the user's television set. The electronics in the set-top box allow the user to receive the television programming from the cable or satellite system on the connected television set. Subscribers are provided with a set-top box when registering or subscribing with the cable or satellite television provider.
Providing cable or satellite television programming is typically accomplished through a "set-top box." A set-top box is a box of electronics that is connected between the cable or satellite television system and the user's television set. The electronics in the set-top box allow the user to receive the television programming from the cable or satellite system on the connected television set. Subscribers are provided with a set-top box when registering or subscribing with the cable or satellite television provider.
[0003] Set-top boxes are also conditional access devices which may allow the display of certain cable/satellite television programs only under certain conditions. For example, a set-top box can be programmed to provide access to specific premium channels if the subscriber pays an additional fee. Access to such premium channels can be restricted through the set-top box if the subscriber has not paid the additional fees.
[0004] However, a single set-top box will typically only allow one program to be viewed at a time. Consequently, if a household would like to be able to view two different programs on two different television sets, they have generally been required to purchase a second set-top box and pay twice the monthly subscription fee.
[0005] If faced with paying a second full subscription fee, most subscribers will decide instead to get by with a single set-top box and pay only a single subscription fee.
This is true even through the subscribers would prefer to have the ability to watch multiple programs simultaneously. Thus, subscribers are actually purchasing fewer services than they really desire because the incremental cost of an additional subscription for a second set-top box is too high. Consequently, from a business model standpoint, many cable and satellite television system operators would like the ability to provide a household with a second set-top box so that multiple programming can be accessed simultaneously without having to charge two full subscription fees.
This is true even through the subscribers would prefer to have the ability to watch multiple programs simultaneously. Thus, subscribers are actually purchasing fewer services than they really desire because the incremental cost of an additional subscription for a second set-top box is too high. Consequently, from a business model standpoint, many cable and satellite television system operators would like the ability to provide a household with a second set-top box so that multiple programming can be accessed simultaneously without having to charge two full subscription fees.
[0006] However, there are dangers to the system operator if secondary set-top boxes are offered at a reduced subscription rate. This danger arises from the potential dishonesty of customers who obtain services that are not properly paid for.
For example, suppose the first set-top box within a household has a $40 per month fee and the second has a $10 per month fee. In such a case, a dishonest customer could purchase a second set-top box and give it to his or her neighbor who previously did not have the service. The result is that the provider is collecting $50 per month for service to the two households, when the provider should be collecting $80 per month for service to two separate households.
For example, suppose the first set-top box within a household has a $40 per month fee and the second has a $10 per month fee. In such a case, a dishonest customer could purchase a second set-top box and give it to his or her neighbor who previously did not have the service. The result is that the provider is collecting $50 per month for service to the two households, when the provider should be collecting $80 per month for service to two separate households.
[0007] Moreover, in the past, there have been problems with the dishonesty of the installer: the person who sets up a set-top box when a subscriber first subscribes to the service. Methods exist to prevent an installer from dishonestly giving away cable/satellite service without registering the users of the service in the single set-top box scenario.
However, if the installer is allowed to sell and set-up multiple set-top boxes in a single household, it becomes substantially more difficult to ensure that the installer is not dishonestly providing service to those who may be paying off the installer directly for such service.
However, if the installer is allowed to sell and set-up multiple set-top boxes in a single household, it becomes substantially more difficult to ensure that the installer is not dishonestly providing service to those who may be paying off the installer directly for such service.
[0008] Consequently, there is a need in the art for a secure means and method of providing multiple set-top boxes to a single subscriber without having to charge a full subscription fee for each such set-top box and while preventing secondary set-top boxes from being used to provide services to those who are not paying the appropriate fees.
SUMMARY
SUMMARY
[0009] In one aspect, the present invention provides a method of securely providing cable or satellite television services to multiple set-top boxes, said method comprising:
providing communication between a master set-top box and a slave set-top box, wherein said providing communication comprises:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box;
and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
[0009a] A secure means and method of providing multiple set-top boxes to a single subscriber without having to charge a full subscription fee for each such set-top box is disclosed herein. In the disclosed method and system, the use of a secondary set-top box to provide services to those who are not paying the appropriate fees is prevented.
Cryptographic mechanisms are used to ensure that the second set-top box is not used in an unauthorized way.
providing communication between a master set-top box and a slave set-top box, wherein said providing communication comprises:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box;
and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
[0009a] A secure means and method of providing multiple set-top boxes to a single subscriber without having to charge a full subscription fee for each such set-top box is disclosed herein. In the disclosed method and system, the use of a secondary set-top box to provide services to those who are not paying the appropriate fees is prevented.
Cryptographic mechanisms are used to ensure that the second set-top box is not used in an unauthorized way.
[0010] In one of many possible embodiments, a method of securely providing cable or satellite television services to multiple set-top boxes includes (1) providing a master set-top box; (2) providing a slave set-top box in electronic communication with the master set-top box;
(3) sending data from the slave set-top box to the master set-top box; (4) generating a response with the master set-top box based on an authentication key shared by the slave and master set-top boxes; (5) sending the response from the master set-top box to the slave set-top box; and (6) checking the response from the master set-top box with the slave set-top box.
If the response is correct, the slave set-top box continues providing the cable or satellite television services. If the response is incorrect, the slave set-top box discontinues providing the cable or satellite television services. This approach provides the benefit of allowing continued operation of the master even if the slave fails, is unplugged, or otherwise goes offline.
BRIEF DESCRIPTION OF THE DRAWINGS
(3) sending data from the slave set-top box to the master set-top box; (4) generating a response with the master set-top box based on an authentication key shared by the slave and master set-top boxes; (5) sending the response from the master set-top box to the slave set-top box; and (6) checking the response from the master set-top box with the slave set-top box.
If the response is correct, the slave set-top box continues providing the cable or satellite television services. If the response is incorrect, the slave set-top box discontinues providing the cable or satellite television services. This approach provides the benefit of allowing continued operation of the master even if the slave fails, is unplugged, or otherwise goes offline.
BRIEF DESCRIPTION OF THE DRAWINGS
[0011] The accompanying drawings illustrate embodiments of the present invention and are a part of the specification. The illustrated embodiments are merely examples of the present invention and do not limit the scope of the invention.
[0012] FIG. 1 illustrates the creation of a master/slave set-top box system according to one embodiment of the present invention.
[0013] FIG. 2 illustrates the secure communication between the master and slave set-top boxes to prevent separation of the boxes for unauthorized purposes according to one embodiment of the present invention.
3a
3a
[0014] FIG. 3 illustrates the encryption of data items used to secure communications between the master and slave set-top boxes according to one embodiment of the present invention.
[0015] FIG. 4 illustrates a Pseudo Random Number Generator according to one embodiment of the present invention.
[0016] Throughout the drawings, identical reference numbers designate similar, but not necessarily identical, elements.
DETAILED DESCRIPTION
DETAILED DESCRIPTION
[0017] The methods and systems disclosed herein assume a model of operation in which two or more set-top boxes are installed in a household. A
communications link, preferably a physical link, is provided between or among the set-top boxes.
The communications link between the set-top boxes is used in such a way that one of the boxes cannot easily be moved to an unauthorized location, such as to provide service to a second household.
communications link, preferably a physical link, is provided between or among the set-top boxes.
The communications link between the set-top boxes is used in such a way that one of the boxes cannot easily be moved to an unauthorized location, such as to provide service to a second household.
[0018] One of the boxes is designated as a "master" box while the other box or boxes are "slaves." The slave box will use the communications link to communicate regularly in a secured and encrypted manner with the master box. If that communication is severed, e.g., if an attempt is made to move the slave box to another household to provide unauthorized service in that household, the slave box is programmed to stop working when it can no longer communicate with the master box.
[0019] In our model, set-top boxes can be in one of three different states:
(i) standalone - for households that have only a single set-top, (ii) master - the main or primary of multiple set-top boxes within a household, and (iii) slave - a secondary set-top within a household in communication with a master box. Set-tops can be reconfigured from one state to another state, but preferably only by an authorized installer who obtains reconfiguration data from a customer service representative or authorized agent of the system operator. The -authorized agent may support new subscriptions and the installation of new set-top boxes, run billing software for the system and provide "reconfiguration data" to an installer who sets up the set-top boxes within the subscriber's household.
(i) standalone - for households that have only a single set-top, (ii) master - the main or primary of multiple set-top boxes within a household, and (iii) slave - a secondary set-top within a household in communication with a master box. Set-tops can be reconfigured from one state to another state, but preferably only by an authorized installer who obtains reconfiguration data from a customer service representative or authorized agent of the system operator. The -authorized agent may support new subscriptions and the installation of new set-top boxes, run billing software for the system and provide "reconfiguration data" to an installer who sets up the set-top boxes within the subscriber's household.
[0020] Upon reconfiguring a set-top, the set-top box will display a confirmation number that the installer must report to the authorized agent. The authorized agent enters the confirmation number into the billing software, and assuming the confirmation number is correct, the billing software updates the records of the subscriber's account and, from then on, charges the appropriate monthly fee. An example of this system is illustrated in FIG. 1.
[0021] As shown in FIG. 1, an authorized installer (100) is used to set up service for a new subscriber or to expand a subscriber's service to include multiple set-top boxes.
The installer (100) installs a first set-top box (104) for use with a first television set (103).
In this example, this first box (104) will be the master box. Consequently, the installer (100) contacts an authorized agent (109) working for the cable or satellite television company.
The installer (100) may contact the authorized agent (109) using a telephone (101) and local telephone network (1.08). However, the installer (100) may use any other method of communicating with the authorized agent (109), for example, a wireless phone.
The installer (100) installs a first set-top box (104) for use with a first television set (103).
In this example, this first box (104) will be the master box. Consequently, the installer (100) contacts an authorized agent (109) working for the cable or satellite television company.
The installer (100) may contact the authorized agent (109) using a telephone (101) and local telephone network (1.08). However, the installer (100) may use any other method of communicating with the authorized agent (109), for example, a wireless phone.
[0022] The authorized agent (109) will provide reconfiguration data that must be entered into the set-top box (104) in order to configure that set top (104) as a master box. A
remote control unit (102) maybe used by the installer (100) to program and configure the first and master box (104).
remote control unit (102) maybe used by the installer (100) to program and configure the first and master box (104).
[0023] The installer (100) next installs a second set-top box (107) for use with a second television set (106). Again, the installer (100) receives reconfiguration data for the second box (107) from the authorized agent (109). The installer can then configure the second box (107) as a slave box. Again, the remote control (102) may be used by the installer to program the second box (107).
[0024] The installer (100) provides the authorized agent (109) with confirmation numbers for the set-top boxes (104, 107) deployed. The authorized agent (109) can then see that the subscribing household is properly billed for the first set-top box (104) at a full subscription rate and the second set-top box (107) at a lower subscription rate. Subsequent reconfiguration of set-tops could be required, e.g. due to the failure of a master necessitating the associated slave's reconfiguration as the new master. If this occurs, the present system has the benefit of easily facilitating such reconfiguration in a manner analogous to the above.
An installer might be sent to the home to reconfigure the slave to be the new master, or the consumer maybe allowed to do so himself while on the phone with the authorized agent.
Such ease of reconfiguration is a benefit of this system.
An installer might be sent to the home to reconfigure the slave to be the new master, or the consumer maybe allowed to do so himself while on the phone with the authorized agent.
Such ease of reconfiguration is a benefit of this system.
[0025] In the present example, a physical connection (105) is made between the first (104) and second (107) set-top boxes. However, the communication link between boxes (104, 107) maybe wireless, powerline, phone line, or other local communication means. This connection (105) allows the boxes (104, 107) to communicate. If that communication is interrupted, for example, if the slave box (107) is disconnected from the master box (104) and taken to another household to provide unauthorized service at that location, the second set-top box (107) will cease to function. The behavior of disablement upon disconnection is fundamental to the security protection characteristics of this invention. Likewise, the connection means between master and slave should be local in nature, such that it is extremely inconvenient, costly, difficult or impossible to locate either device any substantial distance from the other. This connection means should limit where they can be located in keeping with the assumption that the slave is intended for use in the same household.
[0026] In this embodiment, the connection (105) between the set-top boxes (104, 107) is an RS232 cable. RS232 cables must be kept within a particular length or cannot reliably be used for electronic communication between equipment such as the set-top boxes (104, 107). Consequently, if an attempt is made to substitute a much longer RS232 cable, such that the slave box (107) could be taken to a neighboring household to provide unauthorized service for that household, the boxes (104, 107) will no longer be able to communicate reliably over the lengthened cable (105) and thus the slave box (107) will cease functioning. Benefit is seen both from the electronic reliability aspects of excessive cable length, as well as the sheer inconvenience of the connecting cable.
[0027] A basic objective of the system is to detect the disconnection or blockage of communication between the master and slave, and to disable slave operation should this occur. The basic means of achieving this is to design the slave so that it will disable itself if it does not communicate with the master regularly. In addition to crude manipulations such as disconnection, there are three main other ways by which one may attempt to defeat the system described above:
[0028] 1. The dishonest customer may attempt to simulate with a personal computer (PC) the communication between the two set-top boxes so that the set-top boxes can operate separately and independently of each other.
[0029] 2. The installer or the customer may attempt to reconfigure the set-tops without having the billing software updated, i.e. reconfiguring a slave box as an independently-operable master box.
[0030] 3. The installer or the customer may attempt to have the billing software updated without reconfiguring the set-tops.
[0031] All such methods of cheating may be minimized or eliminated through the use of cryptography. Each set-top is equipped with two cryptographic keys:
a unit key and an authentication key. The unit key is used for reconfiguration, and the authentication key is shared between a master-slave pair to verify that they have not been separated. Both keys are delivered to the set-tops in encrypted form, so that neither the installer, customer, nor authorized agent is aware of the true key values. The initial ("provisioning") keys are provided during the manufacturing process of the set-tops.
a unit key and an authentication key. The unit key is used for reconfiguration, and the authentication key is shared between a master-slave pair to verify that they have not been separated. Both keys are delivered to the set-tops in encrypted form, so that neither the installer, customer, nor authorized agent is aware of the true key values. The initial ("provisioning") keys are provided during the manufacturing process of the set-tops.
[0032] In order to prevent unauthorized reconfiguration, a set-top box cannot be reconfigured, e.g., from a slave state to a master state, unless a unit key is entered. The input key is processed through a cryptographic hash function by the set-top box which results in a value equal to a previous unit key stored in the set-top box. If the input unit key passed through the hash function does not result in the previous unit key, reconfiguration will not be allowed. Since hash functions are intentionally designed to not be invertible (i.e. to be "one way functions"), this makes it infeasible for anyone to reconfigure a box without knowing the inverse hash of the current unit key.
[0033] Consequently, the method disclosed includes generating a "hash chain"
of unit keys for each set-top. The last unit key value in this chain is indexed using a "token counter" value of zero, where the unit key for token counter value zero is calculated by passing the unit key for token counter value 1 through the hash function. Each key n in the chain leads to the previous key n+l when processed through the hash function.
This hash chain of unit keys for each set-top box may be stored within the billing software or are otherwise provided to the authorized agent. In this way, an installer cannot reconfigure a set-top box without contacting the authorized agent and obtaining the next unit key in the hash chain for input to the set-top box being reconfigured. Only the authorized agent who runs the billing software or otherwise has access to future unit keys will be able to allow reconfiguration of a set-top box. The bottom of the hash chain is supplied to each set-top box during manufacture or upon provisioning.
of unit keys for each set-top. The last unit key value in this chain is indexed using a "token counter" value of zero, where the unit key for token counter value zero is calculated by passing the unit key for token counter value 1 through the hash function. Each key n in the chain leads to the previous key n+l when processed through the hash function.
This hash chain of unit keys for each set-top box may be stored within the billing software or are otherwise provided to the authorized agent. In this way, an installer cannot reconfigure a set-top box without contacting the authorized agent and obtaining the next unit key in the hash chain for input to the set-top box being reconfigured. Only the authorized agent who runs the billing software or otherwise has access to future unit keys will be able to allow reconfiguration of a set-top box. The bottom of the hash chain is supplied to each set-top box during manufacture or upon provisioning.
[0034] Without a loss of generality, other information such as the set-top serial number or the number of times a box has been reconfigured can be required as part of the hash chain, both of which improve security. As a further precaution, in order to prevent the unit keys from being revealed to anybody (including the authorized agent and installer), new unit keys are encrypted under the previous unit keys. Thus, the actual value of the unit keys is known only within the billing software and the set-top box.
[0035] This is useful in controlling the confirmation number. The confirmation number is computed from the cryptographic hash of the new unit key. In general, the confirmation number does not need to be too large to ensure security. If the hash function outputs many bytes, the confirmation number can be restricted to some small, designated portion of it (for example, the first 2 or 4 bytes).
[0036] Whenever a set-top box is reconfigured, it is also delivered an authentication key along with the new unit key. The authentication key is also encrypted under the previous unit key, thus being known only to the set-top and the billing software.
When two set-tops are reconfigured to be a master-slave pair, they must be delivered the same authentication key. Authentication keys are generated by the billing software, and the only strict security requirement is that they must not be easily reproducible outside of the billing software and set-top. This can be done in many ways. For example, generating the values pseudo-randomly or using a hash that is a fiuction of the unit keys of the master-slave pair (or the unit key of the standalone).
When two set-tops are reconfigured to be a master-slave pair, they must be delivered the same authentication key. Authentication keys are generated by the billing software, and the only strict security requirement is that they must not be easily reproducible outside of the billing software and set-top. This can be done in many ways. For example, generating the values pseudo-randomly or using a hash that is a fiuction of the unit keys of the master-slave pair (or the unit key of the standalone).
[0037] Since a master-slave pair share the same authentication key which is unknown outside of the two set-tops and the billing software, it has the necessary cryptographic values to verify that the two set-tops are linked together. This is accomplished through a "ping" protocol. After the elapse of some fixed time interval, e.g.
15 minutes, the slave sends a pseudo-randomly generated value to the master.
The master does a cryptographic signature of the received value via a message authentication code (MAC) using the shared authentication key, and sends the result back to the slave. The slave verifies that the correct signature was obtained, including the use of the correct pseudo-randomly generated value sent, and if so, continues operation as normal. If the slave did not receive the correct response or did not receive any response within some fixed time interval, the slave repeats its request up to some fixed number of times. If it still fails to receive the correct reply, it then discontinues displaying cable/satellite television until the master gives the correct reply.
15 minutes, the slave sends a pseudo-randomly generated value to the master.
The master does a cryptographic signature of the received value via a message authentication code (MAC) using the shared authentication key, and sends the result back to the slave. The slave verifies that the correct signature was obtained, including the use of the correct pseudo-randomly generated value sent, and if so, continues operation as normal. If the slave did not receive the correct response or did not receive any response within some fixed time interval, the slave repeats its request up to some fixed number of times. If it still fails to receive the correct reply, it then discontinues displaying cable/satellite television until the master gives the correct reply.
[0038] Each set-top box is provided with an initial provisioning token (input data). The provisioning token will at least include a unit key (the bottom of the hash chain) and an authentication key. For new set-top boxes, this can be done within the factory. For legacy set-top boxes, the data will have to be entered by an installer who obtains the information from an authorized agent of the system operator who is operating, for example, a personal computer running a Windows@ billing program. Checks will be in place to prevent the installer from placing incorrect data.
[0039] The set-top boxes can operate in one of four different states:
STANDALONE, MASTER, SLAVE ONLINE, and SLAVE OFFLINE. The STANDALONE state is intended for viewers who do not use the multiple viewing capabilities that the present system can securely provide. The other states are for boxes that are part of a multiple-box system used by a particular subscriber. For these, the MASTER
state is intended for the main set-top box within a household. Any others will be slaves.
Typically, there will be only one slave (107) per master (104), but the present invention is not so restricted.
STANDALONE, MASTER, SLAVE ONLINE, and SLAVE OFFLINE. The STANDALONE state is intended for viewers who do not use the multiple viewing capabilities that the present system can securely provide. The other states are for boxes that are part of a multiple-box system used by a particular subscriber. For these, the MASTER
state is intended for the main set-top box within a household. Any others will be slaves.
Typically, there will be only one slave (107) per master (104), but the present invention is not so restricted.
[0040] A slave (107) will be in state SLAVE ONLINE if it is in communication with a master box (104), or SLAVE OFFLINE if it is not. It is imagined that the latter state will only happen if the connection (105) between the slave (107) and the master (104) is disconnected or interrupted, or if the master (104) experiences a power outage. When the slave (107) is in the SLAVE OFFLINE state, then it will no longer provide service, e.g., display cable/satellite television programming and provide related services.
[0041] The slave (107) will need to check to see that it is still in communication with the master (104) by sending a "ping" command. The master (104) is responsible for responding to the command in such a way that the slave (107) is assured that the response came from the master (104). As described above, this ping operation can occur over an RS232 cable connecting the master and slave. However, any other connection (105) can be used. For example, an L band cable connecting both boxes to a satellite antenna can be used, or an AC powerline communications technology such as Homeplug, HPNA, or a wireless home network technology such as 802.11, or Bluetooth technology. For slaves that are online, the ping will preferably happen every 15 minutes, and for slaves that are offline, the ping will happen continuously until an appropriate reply from the master is received.
[0042] At times, reconfiguration may be necessary. For instance, a slave box may need to be changed to a master box if the existing master set-top box is broken and needs to be repaired. Alternatively, a standalone box may need to be changed to a master box if a subscriber desires to add multiple-program viewing ability.
Reconfiguration will need to be done by an installer (100) who obtains a reconfiguration token (e.g., 21 bytes of data) from an authorized agent (109). Set-top boxes can only be reconfigured if the correct token is obtained. Note that it is also possible for a duly-authorized consumer to perform reconfiguration instead of an installer, to avoid the inconvenience and cost of an installer visit.
Reconfiguration will need to be done by an installer (100) who obtains a reconfiguration token (e.g., 21 bytes of data) from an authorized agent (109). Set-top boxes can only be reconfigured if the correct token is obtained. Note that it is also possible for a duly-authorized consumer to perform reconfiguration instead of an installer, to avoid the inconvenience and cost of an installer visit.
[0043] Upon a valid reconfiguration, the set-top box (e.g. 104, 107) will preferably display a 2-byte (4 hexadecimal characters) confirmation number to the installer (100) which he or she must communicate to the authorized agent (109) in order for the authorized agent to update the billing records. Each reconfiguration requires a new reconfiguration token, and reconfiguration may be limited to a maximum of times, e.g., 100 times. The reconfiguration token is similar to the provisioning token: it contains a unit key (e.g., 9 bytes) ("UK") and an authentication key (e.g., 9 bytes) ("AK"). The authentication key will be shared between the master (104) and the slave (107) as described above.
[0044] For new set-top boxes, provisioning will be performed within the factory by, for example, a personal computer on the manufacturing line. The PC will query the set-top box for its identification number (e.g., 4 bytes) ("CA ID") and use this to look up its initial provisioning token. Then the set-top box will be loaded with a 9-byte UK, a 9-byte AK which will be used to seed a Pseudo Random Number Generator ("PRNG"), and a byte value of 00 for the token counter. By default, the set-top box will preferably be in the STANDALONE state.
[0045] For legacy set-top boxes, the provisioning is necessarily done by the reconfiguration procedure. The legacy boxes need to initially have a token counter value of -1 (represented with 2 bytes) to indicate they have not been provisioned, and will be in the STANDALONE state. If the owner of the set-top box later decides to add a second box, the installer (100) will contact an authorized agent (109) to get a reconfiguration token. This reconfiguration token will actually be a provisioning token, but this fact is invisible to both installer and consumer. The initial provisioning token along with cycle information will be used to seed the PRNG for these boxes.
[0046] As shown in FIG. 2, the ping protocol is for the slave (107) to verify that it is still connected to the master (104). The slave (107) will preferably perform a ping (120) every 15 minutes when in SLAVE ONLINE state, or continuously when in SLAVE
OFFLINE state. If the ping (120) fails, the slave box (107) automatically resets its state to SLAVE OFFLINE and discontinues service, e.g., displaying cable/satellite television. If the ping (120) succeeds, the slave box (107) maintains or re-sets its state to SLAVE ONLINE
and continues to display satellite television. Note that no reconfiguration is necessary for a slave (107) to change from OFFLINE to ONLINE or vice versa. This allows the slave box (107) to address common conditions such as the loss of power to the master (104), which might appear like an insecure (i.e. relocated) condition to the slave (107).
OFFLINE state. If the ping (120) fails, the slave box (107) automatically resets its state to SLAVE OFFLINE and discontinues service, e.g., displaying cable/satellite television. If the ping (120) succeeds, the slave box (107) maintains or re-sets its state to SLAVE ONLINE
and continues to display satellite television. Note that no reconfiguration is necessary for a slave (107) to change from OFFLINE to ONLINE or vice versa. This allows the slave box (107) to address common conditions such as the loss of power to the master (104), which might appear like an insecure (i.e. relocated) condition to the slave (107).
[0047] The protocol has 3 functions: GEN PING (122), GEN RESPONSE
(123), CONF RESPONSE (124). The slave (107) runs GEN PING (122) and CONF RESPONSE (124), while the master (104) runs GEN RESPONSE (123). It is assumed that the master (104) and slave (107) share the same authentication key.
(123), CONF RESPONSE (124). The slave (107) runs GEN PING (122) and CONF RESPONSE (124), while the master (104) runs GEN RESPONSE (123). It is assumed that the master (104) and slave (107) share the same authentication key.
[0048] GEN PING: The function GEN PING (Generate Ping) (122) will preferably be executed by the slave (107) to send a ping (120) to the master (104) every 15 minutes when the slave (107) is online, or more frequently when the slave (107) is offline.
The GEN PING function (122) may work as follows:
The GEN PING function (122) may work as follows:
[0049] 1. y = MAX-NUM-ATTEMPTS (assumed to be 3).
2. Use the PRNG to get an 8-byte nonce.
3. While (y > 0) do a. Send nonce to master.
b. Wait up to x seconds for a response. If no response, then y=y - 1; continue;
c. If CONF RESPONSE(nonce, response) succeeds then state=SLAVE ONLINE; return;
d. /* CONF RESPONSE failed */ y=y - 1;
e. Wait for 1 to 2 seconds.
4. /* failed after y attempts */ state=SLAVE OFFLINE; return;
2. Use the PRNG to get an 8-byte nonce.
3. While (y > 0) do a. Send nonce to master.
b. Wait up to x seconds for a response. If no response, then y=y - 1; continue;
c. If CONF RESPONSE(nonce, response) succeeds then state=SLAVE ONLINE; return;
d. /* CONF RESPONSE failed */ y=y - 1;
e. Wait for 1 to 2 seconds.
4. /* failed after y attempts */ state=SLAVE OFFLINE; return;
[0050] GEN RESPONSE: The function GEN RESPONSE (Generate Response to Ping) (123) will be executed by the master (104) whenever it receives a ping (120). It takes as input the 8-byte pseudo-random value (or "nonce") received from the slave (107), the authentication key AK (stored on master), and Cinfo (to be specified later). The result is a ping response (121) sent to the slave (107), where said response does not retransmit the received nonce back to the slave that originally generated it. The GEN
RESPONSE
function (123) may work as follows:
RESPONSE
function (123) may work as follows:
[0051] 1. If received nonce is not 8 bytes, then return;
/* data transmission error: do nothing */
2. Compute signature = SIGN( AK, nonce, Cinfo ).
3. Send signature + Cinfo back to the slave.
/* data transmission error: do nothing */
2. Compute signature = SIGN( AK, nonce, Cinfo ).
3. Send signature + Cinfo back to the slave.
[0052] CONF RESPONSE: The function CONF RESPONSE (Confirm Response to Ping) (124) is executed when a ping response (121) is received by the slave (107). The slave (107) must confirm the reply given by the master (104) is a correct one in order to confirm that the slave (107) is connected to the master (104) and not to something else. The function (124) takes as input the original, slave-generated 8-byte nonce that it generated in GEN PING (122), the 8-byte signature sent by the master (104), the Cinfo sent by the master, and the authentication key (AK) (stored on slave). The return value is either SUCCESS or FAILURE.
[0053] 1. If Cinfo is not a valid Cinfo or if signature is not 8 bytes, then return FAILURE;
2. Compute expected-signature = SIGN( AK, nonce, Cinfo );
2. Compute expected-signature = SIGN( AK, nonce, Cinfo );
54 PCT/US02/37592 3. if expected-signature is not the same as signature, then return FAILURE;
4. return SUCCESS;
[0054] Reconfiguration will be necessary in at least the following circumstances:
(1) whenever a master needs to change to a slave or a standalone; (2) whenever a standalone needs to change to anything else; (3) whenever a slave needs to change to a master or a standalone; and (4) in the extremely unlikely event of communication failure due to the master and slave not having the same AK.
4. return SUCCESS;
[0054] Reconfiguration will be necessary in at least the following circumstances:
(1) whenever a master needs to change to a slave or a standalone; (2) whenever a standalone needs to change to anything else; (3) whenever a slave needs to change to a master or a standalone; and (4) in the extremely unlikely event of communication failure due to the master and slave not having the same AK.
[0055] The last event is extremely unlikely since checks will be in place to notice and correct nearly all input errors, including mischievous attempts at providing false data.
Any time a set-top box is reconfigured to be a slave, its master will also be reconfigured.
Likewise, any time a set-top box is reconfigured to be a master, its slave will also be reconfigured. This is because each master/slave pair is a matched set and shares the same AK, and each reconfiguration involves a new AK. If only one member of this matched set pair is reconfigured, this will result in a different AK for each device, and subsequently a failure of the Ping protocol. The failure of the Ping protocol will disable display of television, thereby serving as a conspicuous indicator that an error has occurred.
Any time a set-top box is reconfigured to be a slave, its master will also be reconfigured.
Likewise, any time a set-top box is reconfigured to be a master, its slave will also be reconfigured. This is because each master/slave pair is a matched set and shares the same AK, and each reconfiguration involves a new AK. If only one member of this matched set pair is reconfigured, this will result in a different AK for each device, and subsequently a failure of the Ping protocol. The failure of the Ping protocol will disable display of television, thereby serving as a conspicuous indicator that an error has occurred.
[0056] As explained above, the reconfiguration data will be obtained from a customer service representative (109; FIG. 1) and entered into a set-top box by a representative from the satellite or cable television company, the installer (100; FIG. 1). The reconfiguration data consists of 2 blocks of 22 and 29 decimal digits respectively, which shall be converted to a 9-byte and 12-byte block. The conversion is done by treating the values as little endian decimal integers and converting to base 256 little endian integers.
[0057] The word "endian" refers to the order in which bytes are stored in memory or transmitted across the wire. Consider the decimal number "593", the digit "5"
(five-hundred) is the most significant or "big" digit. The numbers 593 and 693 are significantly different, whereas the numbers 593 and 594 are not significantly different.
When ordering bytes in memory, the term "big-endian" refers to putting the most significant byte first, whereas "little-endian" refers to putting the least significant byte first.
(five-hundred) is the most significant or "big" digit. The numbers 593 and 693 are significantly different, whereas the numbers 593 and 594 are not significantly different.
When ordering bytes in memory, the term "big-endian" refers to putting the most significant byte first, whereas "little-endian" refers to putting the least significant byte first.
[0058] The function RECONFIGURE will take as input the address of the current UK, the address of a token counter, the address of the current AK, and the address of the state variable (i.e. MASTER, SLAVE ONLINE or OFFLINE, STANDALONE). It will get the 21 bytes of user input data and send all information into the security function LDCHK (to be described later). LDCHK will perform all error checking, state changes, AK
changes, and UK changes. The value returned by RECONFIGURE is the same as that returned by LDCHK, which is either UK-ENTRY-ERROR (The first block of the token was entered incorrectly), AK ENTRY ERROR (the second block of the token was entered incorrectly), or TOKEN-ENTRY-ERROR (the entire token needs to be reentered).
If an error is returned, the installer must reenter the erroneous values only in order to reattempt reconfiguration. Otherwise, a 2-byte confirmation number (4 hexadecimal characters) shall be computed with the function COMPUTE CONF NUMBER (described later) and displayed on the screen so that the installer can communicate the confirmation number to the authorized agent.
changes, and UK changes. The value returned by RECONFIGURE is the same as that returned by LDCHK, which is either UK-ENTRY-ERROR (The first block of the token was entered incorrectly), AK ENTRY ERROR (the second block of the token was entered incorrectly), or TOKEN-ENTRY-ERROR (the entire token needs to be reentered).
If an error is returned, the installer must reenter the erroneous values only in order to reattempt reconfiguration. Otherwise, a 2-byte confirmation number (4 hexadecimal characters) shall be computed with the function COMPUTE CONF NUMBER (described later) and displayed on the screen so that the installer can communicate the confirmation number to the authorized agent.
[0059] An application, for example a billing application, will be needed for a network operator or authorized agent to provide reconfiguration data when it is required.
This will preferably be a windows application used by an authorized agent.
Whenever an installer needs to reconfigure a set-top box with id CA ID, the installer contacts an authorized agent. The authorized agent will use the Master Slave Admin application ("Msapp") to look up reconfiguration data for set-top box CA ID and give the information to the installer. The reconfiguration data will consist of two blocks of data, the first being 22 digits and the second being 29 digits. For readability, the digits of the data will be grouped into blocks of 4. Thus, a sample data will be similar to ,the following Block 1: XX XXXX XXXX XXXX XXXX XXXX
Block 2: X XXXX XXXX XXXX XXXX XXXX XXXX XXXX
where the X's represent digits.
This will preferably be a windows application used by an authorized agent.
Whenever an installer needs to reconfigure a set-top box with id CA ID, the installer contacts an authorized agent. The authorized agent will use the Master Slave Admin application ("Msapp") to look up reconfiguration data for set-top box CA ID and give the information to the installer. The reconfiguration data will consist of two blocks of data, the first being 22 digits and the second being 29 digits. For readability, the digits of the data will be grouped into blocks of 4. Thus, a sample data will be similar to ,the following Block 1: XX XXXX XXXX XXXX XXXX XXXX
Block 2: X XXXX XXXX XXXX XXXX XXXX XXXX XXXX
where the X's represent digits.
[0060] The admin application will be responsible for keeping track of the number of times each set-top box has been reconfigured (i.e. each box's token counter) so that it can readily look up the necessary data for the current reconfiguration. It will also be able to provide earlier reconfiguration data in case of problems. For instance, if the installer is not able to reconfigure a set-top box because he made an error writing down the data required for entry through the remote control, it will be possible for him to contact an authorized agent and obtain the data again. It will also be useful for the installer to be able to access the token counter that may be needed by the authorized agent in order to facilitate debugging of unexpected problems.
[0061] A function for getting reconfiguration data (GET RECONF DATA) is the core function needed for the master-slave admin application. It takes a 9-byte array UK-TOP-OF-CHAIN which all unit keys for that box are derived from, the CA ID
of the box that requires reconfiguration, an integer j representing a token counter for the box, a variable state which represents the new state for the box, an array of 9 bytes representing a new AK, an array blockl which holds 22 characters, an array block2 which holds characters, and an array conf which holds a 2-byte confirmation number. It is important to the security of this design that the UK-TOP-OF-CHAIN values are kept in the utmost confidentiality. Integer j represents the number of times the box has been reconfigured.
of the box that requires reconfiguration, an integer j representing a token counter for the box, a variable state which represents the new state for the box, an array of 9 bytes representing a new AK, an array blockl which holds 22 characters, an array block2 which holds characters, and an array conf which holds a 2-byte confirmation number. It is important to the security of this design that the UK-TOP-OF-CHAIN values are kept in the utmost confidentiality. Integer j represents the number of times the box has been reconfigured.
[0062] The GET RECONF DATA function returns SUCCESS or error value INVALID-INDEX. Upon a SUCCESS, the reconfiguration data will be stored in blockl and block2. Under normal operation, the value j that is input will be obtained from a database stored on the local PC that keeps track of the token counter of each box. However, in case of problems, GET RECONF DATA can be used to retrieve data for smaller values of j. If both a master and a slave are being reconfigured to work together, the new AK that is input must be the same for both calls to GET RECONF DATA. This value shall be generated randomly on the personal computer. GET RECONF DATA works as follows:
1. if j>99 then return INVALID-INDEX.
2. Look up the token counter for box CA ID from database.
3. If j>token_counter then return INVALID-INDEX.
4. UK = UK-TOP-OF-CHAIN.
5. Fork= 100 to j+1 by-1 do a. UK = HASH(UK 11 CA ID It (unsigned char) k 11 (unsigned char) (k>>8), 15 ).
6. If (j =_ -1) then a. encrypted-UK = CTS_ENCRYPT9( UK, key k') where k'={kl', k2'} is f o r m e d by taking kl' as CA ID 11 0 11 0 11 0 (seven bytes total) and k2' is seven zero bytes.
7. Else a. prev_UK = HASH(UK 11 CA ID 11 (unsigned char) j 11 (unsigned char) (j>>8), 15 ).
b. encrypted UK = CTS_ENCRYPT9( UK, key k') where k'={kl', k2'} is formed by taking kl' as the first 7 bytes of prev_UK
and k2' as the last 7 bytes of prev_UK (remark: it is intentional that the keys kl' and k2' overlap).
8. Encode encrypted_UK as a 22-byte decimal integer and store in blockl. Encoding is done by treating encrypted_UK as a little endian integer base 256 and converting to a little endian integer base 10.
9. Compute a key k={kl, k2} by kl= first 7 bytes of UK and k2 = last 7 bytes of UK (remark: it is intentional that the keys kl and k2 overlap).
10. Compute encrypted-AK = CTS ENCRYPT12( state 110 110 11 AK, key k ).
11. Encode encrypted_AK as a 29-byte decimal integer and store in block2. Encoding is done the same as in step 8.
12. Compute conf to be the first 2 bytes of HASH( UK, 9 ).
13. Update the database for box CA ID by replacing the token counter with token counter+1.
14. Return SUCCESS.
1. if j>99 then return INVALID-INDEX.
2. Look up the token counter for box CA ID from database.
3. If j>token_counter then return INVALID-INDEX.
4. UK = UK-TOP-OF-CHAIN.
5. Fork= 100 to j+1 by-1 do a. UK = HASH(UK 11 CA ID It (unsigned char) k 11 (unsigned char) (k>>8), 15 ).
6. If (j =_ -1) then a. encrypted-UK = CTS_ENCRYPT9( UK, key k') where k'={kl', k2'} is f o r m e d by taking kl' as CA ID 11 0 11 0 11 0 (seven bytes total) and k2' is seven zero bytes.
7. Else a. prev_UK = HASH(UK 11 CA ID 11 (unsigned char) j 11 (unsigned char) (j>>8), 15 ).
b. encrypted UK = CTS_ENCRYPT9( UK, key k') where k'={kl', k2'} is formed by taking kl' as the first 7 bytes of prev_UK
and k2' as the last 7 bytes of prev_UK (remark: it is intentional that the keys kl' and k2' overlap).
8. Encode encrypted_UK as a 22-byte decimal integer and store in blockl. Encoding is done by treating encrypted_UK as a little endian integer base 256 and converting to a little endian integer base 10.
9. Compute a key k={kl, k2} by kl= first 7 bytes of UK and k2 = last 7 bytes of UK (remark: it is intentional that the keys kl and k2 overlap).
10. Compute encrypted-AK = CTS ENCRYPT12( state 110 110 11 AK, key k ).
11. Encode encrypted_AK as a 29-byte decimal integer and store in block2. Encoding is done the same as in step 8.
12. Compute conf to be the first 2 bytes of HASH( UK, 9 ).
13. Update the database for box CA ID by replacing the token counter with token counter+1.
14. Return SUCCESS.
[0063] The symbol "11" means concatenation. In the database, all token counters must initially have the value of -1 if they have not been provisioned, or 0 if they have been provisioned. Getting initial provisioning data from this function is equivalent to inputting the value j=-1.
[0064] Upon SUCCESS, the MSapp shall display the two tokens, and then prompt for the installer's confirmation number (2 bytes represented as 4 hexadecimal characters). When this information is entered, the MSapp will verify the data matches the configuration array computed above. If the data does match, the reconfiguration for this box shall be complete, and the MSapp may communicate this fact to the billing software. If the data does not match, the MSapp will preferably allow unlimited attempts to match the confirmation number. It may also have an "abort" option, which will allow the MSapp to process new data without updating the billing software for the current data.
[0065] Several security functions will now be discussed. The first security function, CTS ENCRYPT12, performs "ciphertext stealing" encryption of 12-byte plaintext data using a 14-byte key with two key triple DES_EDE as a subprocedure. It returns a 12-byte ciphertext. Likewise, the function CTS DECRYPT12 performs the corresponding decryption. The functions CTS ENCRYPT9 and CTS DECRYPT9 are the same as CTS ENCRYPT12 and CTS DECRYPT12 except for with 9-byte plaintexts and ciphertexts. All functions additionally require a 14-byte key.
[0066] As shown in FIG. 3, for CTS-ENCRYPT 12, the plaintext is divided into 3 words P1, P2, P3, where a word represents a 4-byte value. Then, the following steps are performed:
1. Compute 2 ciphertext words C1A, C1B = DES3k( P1 II P2 ).
2. Compute 2 ciphertext words C2A, C2B = DES3k( C1B II P3 ).
3. The output ciphertext is C 1 A II C2A II C2B.
1. Compute 2 ciphertext words C1A, C1B = DES3k( P1 II P2 ).
2. Compute 2 ciphertext words C2A, C2B = DES3k( C1B II P3 ).
3. The output ciphertext is C 1 A II C2A II C2B.
[0067] It must be emphasized that the prepended bytes representing the state and the 2 zero bytes (when the AK is encrypted) must be in word P1.
[0068] To decrypt the 12-byte ciphertext, divide it into three words: Cl, C2, C3.
Then, the following steps are performed:
1. Compute two words P1B, P3 = DES3k 1( C2 II C3 ).
2. Compute two words P1, P2 = DES3k1(Cl II P1B ).
3. The plaintext is P 111 P2 II P3.
Then, the following steps are performed:
1. Compute two words P1B, P3 = DES3k 1( C2 II C3 ).
2. Compute two words P1, P2 = DES3k1(Cl II P1B ).
3. The plaintext is P 111 P2 II P3.
[0069] The key k for the DES3 function will consists of two 7-byte values: kl, k2. DES3k applied to an 8-byte (2 word) plaintext block x works as follows:
1. Compute x1 = DESk1(x).
2. Compute x2 = DESk21( xl).
3. Compute ciphertext x3 = DESk1( x2).
1. Compute x1 = DESk1(x).
2. Compute x2 = DESk21( xl).
3. Compute ciphertext x3 = DESk1( x2).
[0070] The decryption with function for DES3k is easily derived from the encryption function.
[0071] In addition to CTS ENCRYPT12 and CTS DECRYPT12, another ciphertext stealing encryption and decryption procedure will be required for encrypting/decrypting 9-byte plaintexts/ciphertexts corresponding to unit keys. These functions will naturally be referred to as CTS ENCRYPT9 and CTS DECRYPT9.
Unfortunately, the description of CTS ENCRYPTS is not as elegant as CTS
since blocks do not fall on natural word boundaries. The steps are as follows:
1. Let Cl =DES3k( first 8 bytes of plaintext ).
2. Compute C2 = DES3k( last 7 bytes of Cl 11 last byte of plaintext ).
3. The output ciphertext is the first byte of Cl concatenated with C2.
Unfortunately, the description of CTS ENCRYPTS is not as elegant as CTS
since blocks do not fall on natural word boundaries. The steps are as follows:
1. Let Cl =DES3k( first 8 bytes of plaintext ).
2. Compute C2 = DES3k( last 7 bytes of Cl 11 last byte of plaintext ).
3. The output ciphertext is the first byte of Cl concatenated with C2.
[0072] The steps for CTS DECRYPT9 are:
1. Let P2= DES3k 1( last 8 bytes of ciphertext ).
2. Compute PI = DES3k1( first byte of ciphertext 11 first 7 bytes of P2 ).
3. The plaintext is P1 concatenated with the last byte of P2.
1. Let P2= DES3k 1( last 8 bytes of ciphertext ).
2. Compute PI = DES3k1( first byte of ciphertext 11 first 7 bytes of P2 ).
3. The plaintext is P1 concatenated with the last byte of P2.
[0073] The function LDCHK will take as input the input token (after conversion to a 21 character value), the address of the current UK, the address of a token counter, the address of the current AK, the address of the state variable (i.e. MASTER, SLAVE ONLINE
or OFFLINE, STANDALONE), and the CA ID. The value returned by LDCHK is either SUCCESS, UK-ENTRY-ERROR (The first block of the token was entered incorrectly), AK-ENTRY-ERROR (the last block of the token was entered incorrectly), or TOKEN-ENTRY-ERROR (the entire token needs to be reentered). The function operates as follows:
1. If token counter is -1 then a. Let new UK = CTS DECRYPT9( first nine bytes of token, key k' ) where k'={kl', k2' j is formed by taking kl' as CA ID 110 110 110 and k2' is all zero bytes.
2. else a. Let new UK = CTS DECRYPT9( first nine bytes of token, key k' ) where k'={kl', k2'} is formed by taking kl' as the first 7 bytes of current UK and k2' as the last 7 bytes of current UK
(remark: it is intentional that the keys kl' and k2' overlap).
b. If RATCHETT(CA ID, new UK, current-UK
, token counter) = FAILURE then return UK-ENTRY-ERROR.
3. Compute a key k={kl, k2} by kl= first 7 bytes of new UK and k2 =
last 7 bytes of new UK (remark: it is intentional that the keys kl and k2 overlap).
4. Compute new-AK = CTS DECRYPT12(last 12 bytes of token, key k).
5. If the first byte of new_AK does not represent a legal state or if the next 2 bytes are not zero then a. If token counter is -1 then return TOKEN-ENTRY-ERROR.
b. Else return AK-ENTRY-ERROR.
6. If token counter is -1 then a. PRNG INIT_CONTEXT(last nine bytes of new-AK);
7. Change current UK to be the same as new UK.
8. Change state to the value of the first byte of new AK.
9. Change the current AK to the last nine bytes of new AK.
10. Increase token counter by 1.
11. Return SUCCESS.
or OFFLINE, STANDALONE), and the CA ID. The value returned by LDCHK is either SUCCESS, UK-ENTRY-ERROR (The first block of the token was entered incorrectly), AK-ENTRY-ERROR (the last block of the token was entered incorrectly), or TOKEN-ENTRY-ERROR (the entire token needs to be reentered). The function operates as follows:
1. If token counter is -1 then a. Let new UK = CTS DECRYPT9( first nine bytes of token, key k' ) where k'={kl', k2' j is formed by taking kl' as CA ID 110 110 110 and k2' is all zero bytes.
2. else a. Let new UK = CTS DECRYPT9( first nine bytes of token, key k' ) where k'={kl', k2'} is formed by taking kl' as the first 7 bytes of current UK and k2' as the last 7 bytes of current UK
(remark: it is intentional that the keys kl' and k2' overlap).
b. If RATCHETT(CA ID, new UK, current-UK
, token counter) = FAILURE then return UK-ENTRY-ERROR.
3. Compute a key k={kl, k2} by kl= first 7 bytes of new UK and k2 =
last 7 bytes of new UK (remark: it is intentional that the keys kl and k2 overlap).
4. Compute new-AK = CTS DECRYPT12(last 12 bytes of token, key k).
5. If the first byte of new_AK does not represent a legal state or if the next 2 bytes are not zero then a. If token counter is -1 then return TOKEN-ENTRY-ERROR.
b. Else return AK-ENTRY-ERROR.
6. If token counter is -1 then a. PRNG INIT_CONTEXT(last nine bytes of new-AK);
7. Change current UK to be the same as new UK.
8. Change state to the value of the first byte of new AK.
9. Change the current AK to the last nine bytes of new AK.
10. Increase token counter by 1.
11. Return SUCCESS.
[0074] The function RATCHETT is called by LDCHK to verify the validity of the reconfiguration data. It takes as input a 4-byte CA_ID, a 9-byte newly entered UK, the 9-byte current UK, and the 2-byte token counter, and returns SUCCESS if the data is valid or FAILURE if the data is invalid.
1. If token counter > 99 then return FAILURE.
2. Compute a tag of the form HASH( new UK CA ID token counter ,15).
3. If the tag is the same as the current UK, return SUCCESS.
4. Otherwise, return FAILURE.
1. If token counter > 99 then return FAILURE.
2. Compute a tag of the form HASH( new UK CA ID token counter ,15).
3. If the tag is the same as the current UK, return SUCCESS.
4. Otherwise, return FAILURE.
[0075] The function COMPUTE CONF NUMBER computes a confirmation number which the installer will need to give to the authorized agent to prove a reconfiguration has been completed. It takes the 9-byte UK as input and outputs a 2-byte confirmation number, conf.
1. conf = the first 2 bytes of HASH( UK, 9 );
1. conf = the first 2 bytes of HASH( UK, 9 );
[0076] The SIGN function takes a 9-byte AK, an 8-byte nonce, and a 4-byte value Cinfo. It performs a cryptographic sign operation on the nonce and Cinfo using key AK. The cryptographic sign algorithm is simply HASH(AK 11 nonce 11 Cinfo).
[0077] The function HASH takes a string and the length of that string in bytes, and returns a 9-byte hash value. The hash function shall be the first 9-bytes of the SHA1 hash of the string.
[0078] FIG. 4 illustrates the master/slave set top box PRNG. The PRNG takes a fixed key (FK) that is stored in program memory, a 9-byte' whitener" string (141), and a 9-byte state which will be fed into the CTS_ENCRYPT9 function. Each iteration will output 9 bytes of pseudo random data (140a, 140b, 140c) that is formed by "exclusive or" of the PRNG state (which is stored in a context variable) with the encrypted PRNG
state and the whitener. The new PRNG state becomes the encrypted previous state. The initial PRNG
state will be provided during provisioning. The whitener string is intended to be an input string that has a random appearance and changes over time, such as encrypted content data.
state and the whitener. The new PRNG state becomes the encrypted previous state. The initial PRNG
state will be provided during provisioning. The whitener string is intended to be an input string that has a random appearance and changes over time, such as encrypted content data.
[0079] The context containing the PRNG state shall be stored in RAM and copied to memory, preferably non-volatile random access memory ("NVRAM"), every 10 iterations. If the processor should ever be reset, the copy of the context in NVRAM shall be written back to random access memory ("RAM") in order to resume operation.
[0080] The PRNG INIT CONTEXT function initializes in RAM the context of the PRNG. This operation is only intended for use during provisioning and upon a processor reset. In the latter case, the copy of the most recent context that is stored in NVRAM is sent into PRNG INIT CONTEXT.
[0081] The PRNG GET BYTES function takes the RAM context variable which holds the PRNG state, a 9-byte whitener string, and the number of PRNG
bytes that the user requests, byte_len. It returns a string of byte_len pseudorandomly generated bytes.
bytes that the user requests, byte_len. It returns a string of byte_len pseudorandomly generated bytes.
[0082] After every 10 iterations that this function is called, the PRNG
context shall be copied into NVRAM.
context shall be copied into NVRAM.
[0083] There will be certain variables within our system which must be stored in non-volatile memory (NVRAM). These include (1) the AK (9 bytes), (2) the UK (9 bytes), (3) the token counter (2 byte), a copy of the PRNG context (9 bytes); and the state (1 byte).
[0084] Although this protocol has been described using entirely symmetric key cryptography, it can easily be enhanced to include public key cryptography without changing the basic underlying ideas. For instance, the shared authentication key can be replaced with public key signatures and verified using standard PKI techniques including certificates.
[0085] Similar protocols are possible with different assumptions, including where the master sends "ping" data to the slave, and disables itself if no slave response is received. Such an alternative would cause both master and slave to disable themselves should either go offline, since both devices would have to be designed to self-disable if no secure data transmission took place. Though it is typically undesirable for both devices to disable in event of one experiencing a normal failure or power disconnect, this still may be useful in some networks.
[0086] The preceding description has been presented only to illustrate and describe the invention. It is not intended to be exhaustive or to limit the invention to any precise form disclosed. Many modifications and variations are possible in light of the above teaching. It is intended that the scope of the invention be defined by the following claims.
Claims (41)
1. A method of securely providing cable or satellite television services to multiple set-top boxes, said method comprising:
providing communication between a master set-top box and a slave set-top box, wherein said providing communication comprises:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box;
and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
providing communication between a master set-top box and a slave set-top box, wherein said providing communication comprises:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box;
and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
2. The method of claim 1, wherein said sending data is performed periodically.
3. The method of claim 1, wherein said providing communication comprises physically connecting said master and slave set-top boxes.
4. The method of claim 3, further comprising connecting said master and slave set-top boxes with RS232 cable.
5. A method of securely providing cable or satellite television services to multiple set-top boxes, said method comprising:
configuring a first set-top box as a master set-top box;
configuring a second set-top box as a slave set-top box; and providing communication between said master set-top box, wherein said slave set-top box will become non-functional if said communication is interrupted;
wherein said providing communication comprises:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box;
and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
configuring a first set-top box as a master set-top box;
configuring a second set-top box as a slave set-top box; and providing communication between said master set-top box, wherein said slave set-top box will become non-functional if said communication is interrupted;
wherein said providing communication comprises:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box;
and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
6. The method of claim 5, wherein configuring a set-top box comprises:
inputting a unit key to the set-top box;
processing said unit key through a hash function;
comparing a result of said hash function with a previous unit key; and if said result matches said previous unit key, allowing configuration of the set-top box.
inputting a unit key to the set-top box;
processing said unit key through a hash function;
comparing a result of said hash function with a previous unit key; and if said result matches said previous unit key, allowing configuration of the set-top box.
7. The method of claim 5, wherein configuring said first and second set-top boxes further comprises providing an authentication key to both said first and second set-top boxes.
8. The method of claim 7, wherein said authentication key is encrypted when input to said set-top boxes.
9. The method of claim 6, further comprising obtaining said unit key from an authorized agent of a television system operator.
10. The method of claim 6, further comprising outputting a confirmation number based on the unit key upon configuration of the set-top box.
11. The method of claim 10, further comprising reporting said confirmation number to an authorized agent of a television system operator.
12. The method of claim 11, further comprising confirming that said confirmation number is based on said unit key and, if said confirmation number is confirmed, updating a billing system based on receipt of said confirmation number.
13. A method of securely providing cable or satellite television services to multiple set-top boxes, said method comprising:
generating a hash chain of related unit keys based on a hash function;
storing an initial unit key of said hash chain in a set-top box;
allowing configuration of said set-top box only when a next unit key is input to said set-top box, said next unit key being a next unit key from said hash chain; and providing communication between a master one of said set-top boxes and a slave one of said set-top boxes, wherein said providing communication comprises:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box;
and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
generating a hash chain of related unit keys based on a hash function;
storing an initial unit key of said hash chain in a set-top box;
allowing configuration of said set-top box only when a next unit key is input to said set-top box, said next unit key being a next unit key from said hash chain; and providing communication between a master one of said set-top boxes and a slave one of said set-top boxes, wherein said providing communication comprises:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box;
and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
14. The method of claim 13, further comprising:
configuring a first set-top box as a master set-top box;
configuring a second set-top box as a slave set-top box; and providing communication between said master set-top box, wherein said slave set-top box will become non-functional if said communication is interrupted.
configuring a first set-top box as a master set-top box;
configuring a second set-top box as a slave set-top box; and providing communication between said master set-top box, wherein said slave set-top box will become non-functional if said communication is interrupted.
15. The method of claim 14, wherein configuring a set-top box comprises:
inputting a next unit key from said hash chain to the set-top box;
processing said unit key through said hash function;
comparing a result of said hash function with a previous unit key; and if said result matches said previous unit key, allowing configuration of the set-top box.
inputting a next unit key from said hash chain to the set-top box;
processing said unit key through said hash function;
comparing a result of said hash function with a previous unit key; and if said result matches said previous unit key, allowing configuration of the set-top box.
16. The method of claim 14, wherein configuring said first and second set-top boxes further comprises providing an authentication key to both said first and second set-top boxes.
17. The method of claim 13, wherein said hash chain is stored by a television system operator and said method further comprises obtaining said next unit key from an authorized agent of said television system operator.
18. The method of claim 15, further comprising outputting a confirmation number based on the unit key upon configuration of the set-top box.
19. The method of claim 18, further comprising reporting said confirmation number to an authorized agent of a television system operator.
20. The method of claim 19, further comprising confirming that said confirmation number is based on said unit key and, if said confirmation number is confirmed, updating a billing system based on receipt of said confirmation number.
21. A set-top box which can be configured as a master box or a slave box, said set-top box comprising means for communicating directly with another set-top box, wherein:
if said set-top box is configured as a slave box in communication with a master box, said set-top box will become non-functional if said communication with the master box is interrupted; and wherein:
said means for communicating performs the steps of:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box; and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
if said set-top box is configured as a slave box in communication with a master box, said set-top box will become non-functional if said communication with the master box is interrupted; and wherein:
said means for communicating performs the steps of:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box; and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
22. The set-top box of claim 21, further comprising a remote control unit for controlling configuration of said set-top box.
23. The set-top box of claim 21, wherein said means for communicating comprise a wired connection to said another set-top box.
24. The set-top box of claim 23, wherein said wired connection comprises RS232 cable.
25. The set-top box of claim 22, wherein said means for communicating comprise a wireless transceiver.
26. The set-top box of claim 21, further comprising:
means for receiving a unit key;
means for processing said unit key through a hash function;
means for comparing a result of processing said unit key through said hash function with a previous unit key; and means for permitting configuration of said set-top box only if said result matches said previous unit key.
means for receiving a unit key;
means for processing said unit key through a hash function;
means for comparing a result of processing said unit key through said hash function with a previous unit key; and means for permitting configuration of said set-top box only if said result matches said previous unit key.
27. A system for securely providing cable or satellite television services to multiple set-top boxes, said system comprising:
means for providing communication between a master set-top box and a slave set-top box; and means for rendering said slave set-top box non-functional if said communication is interrupted; wherein said means for providing communicating performs the steps of:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box;
and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
means for providing communication between a master set-top box and a slave set-top box; and means for rendering said slave set-top box non-functional if said communication is interrupted; wherein said means for providing communicating performs the steps of:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box;
and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
28. The system of claim 27, further comprising a physical connection between said master set-top box and said slave set-top box for said communication.
29. The system of claim 28, wherein said physical connection comprises an RS232 cable.
30. The system of claim 27, further comprising a wireless data link between said master set-top box and said slave set-top box for said communication.
31. The system of claim 27, wherein said means for providing communication comprise:
means for sending data from said slave set-top box to said master set-top box;
means for generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
means for sending said response from said master set-top box to said slave set-top box;
means for checking said response from said master set-top box with said slave set-top box; and, if said response is incorrect, means for rendering said slave set-top box non-functional.
means for sending data from said slave set-top box to said master set-top box;
means for generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
means for sending said response from said master set-top box to said slave set-top box;
means for checking said response from said master set-top box with said slave set-top box; and, if said response is incorrect, means for rendering said slave set-top box non-functional.
32. A system for securely providing cable or satellite television services to multiple set-top boxes, said system comprising:
means for configuring a first set-top box as a master set-top box;
means for configuring a second set-top box as a slave set-top box; and means for providing a communication between said master set-top box, wherein said slave set-top box will become non-functional if said communication is interrupted; and wherein:
said means for providing a communication performs the steps of:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box; and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
means for configuring a first set-top box as a master set-top box;
means for configuring a second set-top box as a slave set-top box; and means for providing a communication between said master set-top box, wherein said slave set-top box will become non-functional if said communication is interrupted; and wherein:
said means for providing a communication performs the steps of:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box; and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
33. The system of claim 32, wherein the means for configuring a first or second set-top box comprise:
means for inputting a unit key to the set-top box;
means for processing said unit key through a hash function;
means for comparing a result of said hash function with a previous unit key;
and if said result matches said previous unit key, means for allowing configuration of the set-top box.
means for inputting a unit key to the set-top box;
means for processing said unit key through a hash function;
means for comparing a result of said hash function with a previous unit key;
and if said result matches said previous unit key, means for allowing configuration of the set-top box.
34. The system of claim 32, wherein configuring said first and second set-top boxes comprises means for providing an authentication key to both said first and second set-top boxes.
35. The system of claim 34, further comprising means for encrypting said authentication key when input to said set-top boxes.
36. The system of claim 33, further comprising means for obtaining said unit key from an authorized agent of a television system operator.
37. The system of claim 36, further comprising means for outputting a confirmation number based on the unit key upon configuration of the set-top box.
38. The system of claim 37, further comprising means for reporting said confirmation number to an authorized agent of a television system operator.
39. The system of claim 38, further comprising means for confirming that said confirmation number is based on said unit key and, if said confirmation number is confirmed, updating a billing system based on receipt of said confirmation number.
40. A system of securely providing cable or satellite television services to multiple set-top boxes, said system comprising:
means for generating a hash chain of related unit keys based on a hash function;
means for storing an initial unit key of said hash chain in a set-top box; and means for allowing configuration of said set-top box only when a next unit key is input to said set-top box, said next unit key being a next unit key from said hash chain;
means for configuring a first set-top box as a master set-top box;
means for configuring a second set-top box as a slave set-top box; and means for providing communication between said master set-top box, wherein said slave set-top box will become non-functional if said communication is interrupted;
and wherein:
said means for providing communicating performs the steps of:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box; and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
means for generating a hash chain of related unit keys based on a hash function;
means for storing an initial unit key of said hash chain in a set-top box; and means for allowing configuration of said set-top box only when a next unit key is input to said set-top box, said next unit key being a next unit key from said hash chain;
means for configuring a first set-top box as a master set-top box;
means for configuring a second set-top box as a slave set-top box; and means for providing communication between said master set-top box, wherein said slave set-top box will become non-functional if said communication is interrupted;
and wherein:
said means for providing communicating performs the steps of:
sending data from said slave set-top box to said master set-top box;
generating a response with said master set-top box based on an authentication key shared by said slave and master set-top boxes;
sending said response from said master set-top box to said slave set-top box;
checking said response from said master set-top box with said slave set-top box; and, if said response is incorrect, rendering said slave set-top box non-functional; and rendering said slave set-top box non-functional if said communication is interrupted.
41. The system of claim 40, wherein configuring a set-top box comprises:
means for inputting a next unit key from said hash chain to the set-top box;
means for processing said unit key through said hash function;
means for comparing a result of said hash function with a previous unit key;
and if said result matches said previous unit key, means for allowing configuration of the set-top box.
means for inputting a next unit key from said hash chain to the set-top box;
means for processing said unit key through said hash function;
means for comparing a result of said hash function with a previous unit key;
and if said result matches said previous unit key, means for allowing configuration of the set-top box.
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US33238601P | 2001-11-21 | 2001-11-21 | |
| US60/332,386 | 2001-11-21 | ||
| US10/301,092 US8068610B2 (en) | 2001-11-21 | 2002-11-20 | Method and system for providing security within multiple set-top boxes assigned for a single customer |
| US10/301,092 | 2002-11-20 | ||
| PCT/US2002/037592 WO2003047254A1 (en) | 2001-11-21 | 2002-11-21 | Method and system for providing security within multiple set-top boxes assigned for a single customer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2467907A1 CA2467907A1 (en) | 2003-06-05 |
| CA2467907C true CA2467907C (en) | 2012-01-31 |
Family
ID=26972157
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2467907A Expired - Fee Related CA2467907C (en) | 2001-11-21 | 2002-11-21 | Method and system for providing security within multiple set-top boxes assigned for a single customer |
Country Status (9)
| Country | Link |
|---|---|
| US (2) | US8068610B2 (en) |
| EP (1) | EP1461948B1 (en) |
| KR (1) | KR20040073440A (en) |
| AT (1) | ATE401741T1 (en) |
| AU (1) | AU2002365336A1 (en) |
| CA (1) | CA2467907C (en) |
| DE (1) | DE60227704D1 (en) |
| MX (1) | MXPA04004722A (en) |
| WO (1) | WO2003047254A1 (en) |
Families Citing this family (64)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1334617B1 (en) | 2000-11-14 | 2015-04-01 | Cisco Technology, Inc. | Networked subscriber television distribution |
| US8127326B2 (en) | 2000-11-14 | 2012-02-28 | Claussen Paul J | Proximity detection using wireless connectivity in a communications system |
| CN100440884C (en) * | 2001-08-24 | 2008-12-03 | 汤姆森许可贸易公司 | Local digital network, methods for installing new devices and data broadcast and reception methods in such a network |
| JP3609782B2 (en) * | 2002-01-21 | 2005-01-12 | 株式会社東芝 | Copy protected signal playback device |
| EP2270700A1 (en) | 2002-07-26 | 2011-01-05 | Koninklijke Philips Electronics N.V. | Secure authenticated distance measurement |
| US7516470B2 (en) | 2002-08-02 | 2009-04-07 | Cisco Technology, Inc. | Locally-updated interactive program guide |
| US7954127B2 (en) * | 2002-09-25 | 2011-05-31 | The Directv Group, Inc. | Direct broadcast signal distribution methods |
| US7908625B2 (en) | 2002-10-02 | 2011-03-15 | Robertson Neil C | Networked multimedia system |
| US7545935B2 (en) * | 2002-10-04 | 2009-06-09 | Scientific-Atlanta, Inc. | Networked multimedia overlay system |
| US7360235B2 (en) | 2002-10-04 | 2008-04-15 | Scientific-Atlanta, Inc. | Systems and methods for operating a peripheral record/playback device in a networked multimedia system |
| US8046806B2 (en) | 2002-10-04 | 2011-10-25 | Wall William E | Multiroom point of deployment module |
| FR2848763B1 (en) * | 2002-12-12 | 2005-03-18 | Viaccess Sa | METHOD FOR DISTRIBUTING DATA AND / OR SERVICES ENCROACHED |
| US8094640B2 (en) | 2003-01-15 | 2012-01-10 | Robertson Neil C | Full duplex wideband communications system for a local coaxial network |
| US7487532B2 (en) | 2003-01-15 | 2009-02-03 | Cisco Technology, Inc. | Optimization of a full duplex wideband communications system |
| EP1480390A1 (en) * | 2003-05-23 | 2004-11-24 | Thomson Licensing S.A. | Improved device and process for collision detection in a local area network |
| KR100987432B1 (en) * | 2003-06-16 | 2010-10-13 | 엘지전자 주식회사 | Digital satellite broadcasting receiver |
| US7580523B2 (en) * | 2004-01-16 | 2009-08-25 | The Directv Group, Inc. | Distribution of video content using client to host pairing of integrated receivers/decoders |
| US7548624B2 (en) * | 2004-01-16 | 2009-06-16 | The Directv Group, Inc. | Distribution of broadcast content for remote decryption and viewing |
| EP1569452A1 (en) * | 2004-02-23 | 2005-08-31 | Nagravision S.A. | Process for managing the handling of conditional access data by at least two decoders |
| FR2866767A1 (en) * | 2004-02-23 | 2005-08-26 | Thomson | METHOD OF COMMUNICATION BETWEEN DOMESTIC APPLIANCES AND APPARATUSES IMPLEMENTING THE METHOD |
| US7502473B2 (en) * | 2004-02-25 | 2009-03-10 | Nagravision S.A. | Process for managing the handling of conditional access data by at least two decoders |
| EP1615436A1 (en) * | 2004-07-05 | 2006-01-11 | Nagracard S.A. | Method and system for conditional access data processing and apparatus for signal formating |
| US7890769B2 (en) * | 2004-08-04 | 2011-02-15 | Broadcom Corporation | System and method for secure code downloading |
| EP1628481B1 (en) * | 2004-08-11 | 2010-09-01 | Thomson Licensing | Device pairing |
| EP1626579A1 (en) * | 2004-08-11 | 2006-02-15 | Thomson Licensing | Device pairing |
| US20060041912A1 (en) * | 2004-08-19 | 2006-02-23 | Kevin Kuhns | Method and apparatus for authorizing an additional set-top device in a satellite television network |
| EP1784981A1 (en) * | 2004-08-31 | 2007-05-16 | Thomson Licensing | Configuration management for co-located network systems |
| JP4734872B2 (en) * | 2004-09-07 | 2011-07-27 | パナソニック株式会社 | Content distribution management apparatus and content distribution management method |
| DE602004013813D1 (en) | 2004-12-23 | 2008-06-26 | Research In Motion Ltd | Ping functionality for electronic devices |
| US8621525B2 (en) | 2005-04-01 | 2013-12-31 | The Directv Group, Inc. | Signal injection via power supply |
| US8024759B2 (en) | 2005-04-01 | 2011-09-20 | The Directv Group, Inc. | Backwards-compatible frequency translation module for satellite video delivery |
| US9325944B2 (en) | 2005-08-11 | 2016-04-26 | The Directv Group, Inc. | Secure delivery of program content via a removable storage medium |
| US7937732B2 (en) * | 2005-09-02 | 2011-05-03 | The Directv Group, Inc. | Network fraud prevention via registration and verification |
| US8789115B2 (en) | 2005-09-02 | 2014-07-22 | The Directv Group, Inc. | Frequency translation module discovery and configuration |
| EP1765012A1 (en) * | 2005-09-14 | 2007-03-21 | Nagravision S.A. | Method of verifying a targeted device connected to a master device |
| US7876998B2 (en) | 2005-10-05 | 2011-01-25 | Wall William E | DVD playback over multi-room by copying to HDD |
| BRPI0712582A2 (en) | 2006-06-09 | 2012-10-16 | Directv Group Inc | system for receiving satellite video signals for display on a monitor and apparatus for displaying video information |
| AR061528A1 (en) * | 2006-06-19 | 2008-09-03 | Directv Group Inc | DEDICATED TUNER FOR NETWORK ADMINISTRATION FUNCTIONS |
| US8196169B1 (en) * | 2006-09-18 | 2012-06-05 | Nvidia Corporation | Coordinate-based set top box policy enforcement system, method and computer program product |
| CN101159825B (en) * | 2006-09-27 | 2012-03-21 | 松下电器产业株式会社 | Video receiving device, video data receiving system and authentication control method thereof |
| US8719875B2 (en) * | 2006-11-06 | 2014-05-06 | The Directv Group, Inc. | Satellite television IP bitstream generator receiving unit |
| US20080120655A1 (en) * | 2006-11-22 | 2008-05-22 | The Directv Group, Inc. | Integrated satellite master antenna television unit |
| US8510790B2 (en) * | 2007-03-12 | 2013-08-13 | Hitachi Kokusai Electric Inc. | Substrate processing apparatus |
| US8189107B1 (en) | 2007-03-12 | 2012-05-29 | Nvidia Corporation | System and method for performing visual data post-processing based on information related to frequency response pre-processing |
| JP5143466B2 (en) * | 2007-04-24 | 2013-02-13 | パナソニック株式会社 | Home receiving terminal system |
| US8712318B2 (en) * | 2007-05-29 | 2014-04-29 | The Directv Group, Inc. | Integrated multi-sat LNB and frequency translation module |
| US8238813B1 (en) | 2007-08-20 | 2012-08-07 | The Directv Group, Inc. | Computationally efficient design for broadcast satellite single wire and/or direct demod interface |
| US9942618B2 (en) | 2007-10-31 | 2018-04-10 | The Directv Group, Inc. | SMATV headend using IP transport stream input and method for operating the same |
| US8528013B2 (en) * | 2007-11-20 | 2013-09-03 | General Instrument Corporation | Method and apparatus for limiting access to programming in a switched digital video system |
| US7774487B2 (en) * | 2007-12-18 | 2010-08-10 | The Directv Group, Inc. | Method and apparatus for checking the health of a connection between a supplemental service provider and a user device of a primary service provider |
| US8407733B2 (en) * | 2008-12-19 | 2013-03-26 | General Instrument Corporation | Method and apparatus for establishing individualized subscription plans in a switched digital video system |
| US20100161801A1 (en) * | 2008-12-23 | 2010-06-24 | At&T Intellectual Property I, L.P. | Multimedia processing resource with distributed settings |
| US20100242062A1 (en) * | 2009-03-23 | 2010-09-23 | At&T Intellectual Property I, Lp. | Method and apparatus for authenticating a plurality of media devices simultaneously |
| US20110099591A1 (en) * | 2009-10-28 | 2011-04-28 | Men Long | Secure wireless pairing of digital tv short-range transmitter and receiver |
| KR101612518B1 (en) * | 2009-11-26 | 2016-04-15 | 삼성전자주식회사 | Endecryptor enabling parallel processing and en/decryption method thereof |
| US8613008B2 (en) * | 2010-01-11 | 2013-12-17 | Lead Technology Capital Management, Llc | System and method for broadcasting media |
| US10007768B2 (en) * | 2009-11-27 | 2018-06-26 | Isaac Daniel Inventorship Group Llc | System and method for distributing broadcast media based on a number of viewers |
| US9693094B2 (en) * | 2009-12-09 | 2017-06-27 | Echostar Technologies L.L.C. | Media content subscription enforcement for a media content receiver |
| JP5017439B2 (en) * | 2010-09-22 | 2012-09-05 | 株式会社東芝 | Cryptographic operation device and memory system |
| KR101781640B1 (en) * | 2011-02-14 | 2017-09-25 | 엘지전자 주식회사 | Method for providing remote control service and display apparatus thereof |
| US20120284534A1 (en) * | 2011-05-04 | 2012-11-08 | Chien-Kang Yang | Memory Device and Method for Accessing the Same |
| CN102932692A (en) * | 2011-08-12 | 2013-02-13 | 华为终端有限公司 | Method and device for authenticating set-top box |
| CN104581370A (en) * | 2015-01-15 | 2015-04-29 | 成都驰通数码系统有限公司 | Host and slave control mechanism, host, slave and system |
| KR101977619B1 (en) * | 2017-11-29 | 2019-05-13 | 에스케이브로드밴드주식회사 | Service server, and control method thereof |
Family Cites Families (41)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4543606A (en) * | 1983-04-28 | 1985-09-24 | Schaer Robert H | Security device for cable television |
| DE3418505C1 (en) | 1984-05-18 | 1985-12-05 | Karlheinz 5000 Köln Liebe | Rental television system |
| US4633309A (en) * | 1985-05-06 | 1986-12-30 | Oak Industries Inc. | Cable television master/slave decoder control |
| JP3158364B2 (en) * | 1992-10-13 | 2001-04-23 | ソニー株式会社 | Electronics |
| EP2262200A3 (en) * | 1994-05-24 | 2011-01-26 | Sony Corporation | Data bus communication |
| JPH07327277A (en) | 1994-05-31 | 1995-12-12 | Sony Corp | Electronic equipment device and connector for connection |
| US6334219B1 (en) * | 1994-09-26 | 2001-12-25 | Adc Telecommunications Inc. | Channel selection for a hybrid fiber coax network |
| DE4440174C2 (en) | 1994-11-10 | 1999-12-16 | Elektronik Gmbh P Lab | TV control |
| US5878141A (en) * | 1995-08-25 | 1999-03-02 | Microsoft Corporation | Computerized purchasing system and method for mediating purchase transactions over an interactive network |
| US6545722B1 (en) * | 1998-01-09 | 2003-04-08 | Douglas G. Brown | Methods and systems for providing television related services via a networked personal computer |
| US7233948B1 (en) * | 1998-03-16 | 2007-06-19 | Intertrust Technologies Corp. | Methods and apparatus for persistent control and protection of content |
| US6738905B1 (en) * | 1998-04-15 | 2004-05-18 | Digital Video Express, L.P. | Conditional access via secure logging with simplified key management |
| US6118873A (en) * | 1998-04-24 | 2000-09-12 | International Business Machines Corporation | System for encrypting broadcast programs in the presence of compromised receiver devices |
| US6757829B1 (en) * | 1998-05-29 | 2004-06-29 | Texas Instruments Incorporated | Program debugging system for secure computing device having secure and non-secure modes |
| JO2117B1 (en) * | 1998-07-15 | 2000-05-21 | كانال + تيكنولوجيز سوسيته انونيم | method and apparatus for secure communication of information between aplurality of digital audiovisual devices |
| EP1099339B1 (en) | 1998-07-17 | 2002-10-09 | United Video Properties, Inc. | Interactive television program guide having multiple devices at one location |
| US6607136B1 (en) * | 1998-09-16 | 2003-08-19 | Beepcard Inc. | Physical presence digital authentication system |
| US6463535B1 (en) * | 1998-10-05 | 2002-10-08 | Intel Corporation | System and method for verifying the integrity and authorization of software before execution in a local platform |
| US6588017B1 (en) * | 1999-01-27 | 2003-07-01 | Diva Systems Corporation | Master and slave subscriber stations for digital video and interactive services |
| US7484234B1 (en) * | 1999-04-29 | 2009-01-27 | Tivo Inc. | Method and apparatus for controlling at least one set-top box |
| US7336785B1 (en) * | 1999-07-09 | 2008-02-26 | Koninklijke Philips Electronics N.V. | System and method for copy protecting transmitted information |
| US6957344B1 (en) * | 1999-07-09 | 2005-10-18 | Digital Video Express, L.P. | Manufacturing trusted devices |
| EP1126708A1 (en) * | 1999-08-27 | 2001-08-22 | Kabushiki Kaisha Toshiba | System for interconnecting devices through analog line |
| JP2001069475A (en) | 1999-08-27 | 2001-03-16 | Pioneer Electronic Corp | Terminal for cable television |
| US7298846B2 (en) * | 1999-12-13 | 2007-11-20 | Scientific-Atlanta, Inc. | Method of identifying multiple digital streams within a multiplexed signal |
| US7058179B1 (en) * | 2000-03-29 | 2006-06-06 | Sony Corporation | Method and system for a secure high bandwidth bus in a transceiver device |
| US20020003884A1 (en) * | 2000-05-26 | 2002-01-10 | Sprunk Eric J. | Authentication and/or authorization launch |
| US6751402B1 (en) * | 2000-06-28 | 2004-06-15 | Keen Personal Media, Inc. | Set-top box connectable to a digital video recorder via an auxiliary interface and selects between a recorded video signal received from the digital video recorder and a real-time video signal to provide video data stream to a display device |
| US7137117B2 (en) * | 2000-06-02 | 2006-11-14 | Microsoft Corporation | Dynamically variable idle time thread scheduling |
| US20020083438A1 (en) * | 2000-10-26 | 2002-06-27 | So Nicol Chung Pang | System for securely delivering encrypted content on demand with access contrl |
| US20020112175A1 (en) * | 2000-12-13 | 2002-08-15 | Makofka Douglas S. | Conditional access for functional units |
| US20020104098A1 (en) * | 2001-01-31 | 2002-08-01 | Zustak Fred J. | Subscriber class television channel with class member programming |
| US20020124266A1 (en) * | 2001-03-05 | 2002-09-05 | Robert Blanchard | Method and device for remote access of a power control system of a set-top box |
| US7987510B2 (en) * | 2001-03-28 | 2011-07-26 | Rovi Solutions Corporation | Self-protecting digital content |
| US20020194596A1 (en) * | 2001-06-18 | 2002-12-19 | Srivastava Gopal K. | Control of multiple AV-devices by a single master controller using infrared transmitted commands and bus transmitted commands |
| US20030028886A1 (en) * | 2001-08-02 | 2003-02-06 | Chein-Hsun Wang | Single subscriber multiple set top boxes linkage device |
| US7224797B2 (en) * | 2001-08-17 | 2007-05-29 | Koninklijke Philips Electronics N.V. | System and method for hybrid conditional access for receivers of encrypted transmissions |
| US6925180B2 (en) * | 2001-09-27 | 2005-08-02 | Sony Corporation | PC card recorder |
| KR100439082B1 (en) * | 2001-10-24 | 2004-07-05 | 주식회사 한단정보통신 | Driving control system among set-top-boxs and method for controlling thereof |
| US7451460B2 (en) * | 2001-11-15 | 2008-11-11 | General Instrument Corporation | Programming interface for configuring a television settop terminal |
| CA2719975C (en) * | 2008-04-04 | 2013-08-13 | Samsung Electronics Co., Ltd. | Method and apparatus for providing broadcast service using encryption key in a communication system |
-
2002
- 2002-11-20 US US10/301,092 patent/US8068610B2/en active Active
- 2002-11-21 EP EP02804043A patent/EP1461948B1/en not_active Expired - Lifetime
- 2002-11-21 AT AT02804043T patent/ATE401741T1/en not_active IP Right Cessation
- 2002-11-21 DE DE60227704T patent/DE60227704D1/en not_active Expired - Lifetime
- 2002-11-21 KR KR10-2004-7007761A patent/KR20040073440A/en not_active Application Discontinuation
- 2002-11-21 MX MXPA04004722A patent/MXPA04004722A/en active IP Right Grant
- 2002-11-21 CA CA2467907A patent/CA2467907C/en not_active Expired - Fee Related
- 2002-11-21 WO PCT/US2002/037592 patent/WO2003047254A1/en not_active Application Discontinuation
- 2002-11-21 AU AU2002365336A patent/AU2002365336A1/en not_active Abandoned
-
2011
- 2011-11-02 US US13/287,576 patent/US8973025B2/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| KR20040073440A (en) | 2004-08-19 |
| US8973025B2 (en) | 2015-03-03 |
| US8068610B2 (en) | 2011-11-29 |
| CA2467907A1 (en) | 2003-06-05 |
| EP1461948B1 (en) | 2008-07-16 |
| ATE401741T1 (en) | 2008-08-15 |
| US20120110612A1 (en) | 2012-05-03 |
| EP1461948A1 (en) | 2004-09-29 |
| AU2002365336A1 (en) | 2003-06-10 |
| MXPA04004722A (en) | 2004-07-30 |
| WO2003047254A1 (en) | 2003-06-05 |
| DE60227704D1 (en) | 2008-08-28 |
| US20030097563A1 (en) | 2003-05-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2467907C (en) | Method and system for providing security within multiple set-top boxes assigned for a single customer | |
| EP0950319B2 (en) | Preventing replay attacks on digital information distributed by network service providers | |
| US6005943A (en) | Electronic identifiers for network terminal devices | |
| US4982430A (en) | Bootstrap channel security arrangement for communication network | |
| US5671276A (en) | Method and apparatus for impulse purchasing of packaged information services | |
| US5675647A (en) | Cable TV system using passwords | |
| EP0886409B1 (en) | Information providing system | |
| US5402490A (en) | Process for improving public key authentication | |
| RU2284569C2 (en) | Method for unblocking and blocking software signs | |
| US5249230A (en) | Authentication system | |
| US5351293A (en) | System method and apparatus for authenticating an encrypted signal | |
| US4783798A (en) | Encrypting transponder | |
| CN1202669C (en) | Global conditioner access system for broadcast services | |
| MXPA04009312A (en) | Smart card mating protocol. | |
| US7472123B2 (en) | Server device, communication device, and program for managing contents usage | |
| EP1023794A1 (en) | System for detecting unauthorized account access | |
| WO2002054254A1 (en) | Information processing system | |
| JP2003530635A (en) | System and method for securely storing confidential information, and digital content distribution device and server used in the system and method | |
| US5651066A (en) | Cipher key distribution system effectively preventing illegitimate use and charging of enciphered information | |
| AU2003245925B2 (en) | Method, system and terminal for receiving content with authorized access | |
| JP3348753B2 (en) | Encryption key distribution system and method | |
| CN101057447B (en) | Method and device for re-dispatching specifically coded access objects from a server to a mobile terminal device | |
| CN116150776A (en) | Privacy sharing method and system for sharing information | |
| WO2001098875A2 (en) | Validation method and device | |
| JPH10508457A (en) | Deferred billing, broadcasting, electronic document delivery system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed |
Effective date: 20201123 |