Communication signals typically propagate from the source to the destination through one or more segments of transmission media. Some segments of the transmission media may not be physically secured against unauthorized access. To protect the content embedded in the transmitted signals against unauthorized access, many communication protocols, authentication and encryption/scrambling methods have been developed and used. Research and development in this field will further lead to better protocols and methods. It is understood that any of these protocols and methods can be used with the present invention.
A device is typically assigned a set of identifier information to facilitate authentication. The set of identifier information represents the device. The set of identifier information typically includes public and secret information, which can be used to prove the authenticity of its identity. When the secret information is revealed, other devices may be used to pretend to be this device. The authentication process ensures that the other party in the communication process is indeed the intended recipient.
Further, the set of identifier information may also include public and secret information for establishing a secured (encrypted/scrambled) communication channel for the protection of the transmitted content. The secret information for establishing a secured communication channel may be unique for each of the devices in the system, or be shared information. When such information is revealed, the security strength of the communication channel may degrade.
For example, a digital certificate based on public key cryptography can be used as a part of the identifier information. In public key cryptography, a pair of two complementary keys, a public key and a private key, is such that any information digitally signed using the private key can only be verified using the public key, and conversely, any information encrypted using the public key can only be decrypted using the private key. Typically, a trusted party called a certificate authority issues a digital certificate. The certificate confirms the authenticity of an identity with a digital signature of the certificate authority. The digital signature of the certificate is generated using the private key of the certificate authority. The certificate authority's public key can be used to verify the authenticity of the certificate. The information encrypted using the public key of the identity can only be decrypted using the private key of the identity. The private key associated with the identity is the secret information, which when compromised allows others in possession of the private key to decrypt the information intended for the identity. On the other hand, the private key of the identity can be used to sign information sent from the identity. The public key associated with the identity can be used to verify that the digitally signed information is from one in possession of the private key of the identity.
Diffie-Hellman is a public key agreement protocol based on the intractability of taking discrete logarithms over the integer field. The protocol uses two system parameters p and g, which are used by all the users of a system. Parameter p is a prime number; and parameter g is an integer less than p and is capable of generating a number from 1 to p−1 using a number n and the expression (gn mod p). To derive a shared secret key, two users first pick their own random private values a and b respectively. Then, the two users compute public values (ga mod p) and (gb mod p) respectively. After exchanging the public values, the two users compute a shared secret key (gab mod p) using the exchanged public values. The two users can then use the shared secret key to encrypt and decrypt messages.
Dynamic Feedback Arrangement Scrambling Technique (DFAST) is a technique for scrambling binary data. American National Standards Institute/Society of Cable Telecommunications Engineers (ANSI/SCTE) 41 2003 requires the use of DFAST. Detailed aspects of DFAST may be found in U.S. Pat. No. 4,860,353.
Many communication protocols and data encryption/scrambling schemes have been developed based on known technologies, such as digital certificates and digital signatures, Diffie-Hellman and DFAST, to provide a desirable strength of security for communication over an insecure medium. For example, ANSI/SCTE 41 2003 standard makes use of the signature verification techniques, Diffie-Hellman and DFAST to provide a Point of Deployment (POD) copy protection system. According to the ANSI/SCTE 41 2003 standard, a Point of Deployment (POD) security module provides protections for valuable contents distributed through a digital cable system (e.g., the high value movies and video programs). When authorized, a POD module removes the scrambling that is added by the conditional access scrambling system. Before delivery of the content to a host (e.g., set-top terminals, or consumer receivers, such as a digital television set, or a personal video recorder (PVR)), the POD module may re-scramble the content, such as the movies and video programs. A POD copy protection system performs: 1) host authentication through the exchange of certificates and through the use of signature verification techniques; and 2) copy protection key derivation using a Diffie-Hellman shared secret key that is computed during the host verification process. The POD module uses the copy protection key to re-scramble the content before delivery with copy control information over a secure channel of communication to the receiver. Further details about the methods and schemes to protect contents over the insecure medium between the POD and the host can be found in ANSI/SCTE 41 2003, which is hereby incorporated here by reference.
A “Man in the Middle” attack may break the security provided by public key cryptography. In a “Man in the Middle” attack, an attacker intercepts the transmission of the public key of a victim and substitutes it with the public key of the attacker. Thus, a message intended for the victim becomes encrypted with the public key of the attacker. As the “Man in the Middle”, the attacker decrypts the message using its own private key, re-encrypts it with the public key of the victim and relays the message to the victim. Thus, the attacker gains access to the message that is intended only for the victim. Communication protocols have been designed to resist “Man in the Middle” attacks. For example, ANSI/SCTE 41 2003 requires the verification of an authentication key to resist “Man in the Middle” attacks.
In general, a product may use a combination of a number of encryption/scrambling techniques and authentication techniques with a particular communication protocol to achieve a desired strength of protection against unauthorized access.
A successful product that embeds one or more security algorithms to enforce the delivery of premium content is often subject to software and hardware attack for the purpose of defeating those security protocols. In reaction to this threat, product manufacturers have traditionally worked two different paths of counter measures: —First, they have added built-in support for renewability, which means a mechanism to update the software of the device in the field with patches to the current threat; —Second, they have made their system more resistance to crypto analysis and attack. When applied to software, this means the uses of obfuscation techniques that makes the reverse analysis of the software more difficult. Today's obfuscation techniques come at the cost of increased size of software image and loss of performances. The present invention proposes an alternate solution that limits the reach of the attack by reducing the ability of the attacker to contaminate multiple devices: The invention creates a unique bundle between the security application software and unique parameters it requires to identify the device in the network.