公开(公告)号：US11115201B2

公开(公告)日：2021-09-07

申请号：US14309291

申请日：2014-06-19

Applicant: Combined Conditional Access Development & Support, LLC

Inventor： Lawrence W. Tang ,  Douglas M. Petty ,  Michael T. Habrat

IPC: H04L9/08 ,  G06F21/10 ,  G06Q20/12 ,  G06Q20/36 ,  G06Q20/38 ,  H04L29/06 ,  H04L9/32

Abstract: An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.

公开(公告)号：US11108743B2

公开(公告)日：2021-08-31

申请号：US16446095

申请日：2019-06-19

Applicant: Combined Conditional Access Development & Support, LLC

Inventor： Madhu Penugonda ,  Lawrence Tang

IPC: H04L29/06

Abstract: Methods are disclosed for creating a virtual encryption session prior to video streaming content being requested to reduce or eliminate delay in initialization of the encryption session and content delivery to the customer. A virtual session has control word(s) (CW) and virtual entitlement control message(s) (ECM) that are devoid of content specific information. One or more virtual sessions may be stored at an edge device and may be used to encrypt the first portion of a content stream while a content-specific encryption session is being initiated.

公开(公告)号：US08792637B2

公开(公告)日：2014-07-29

申请号：US13302639

申请日：2011-11-22

Applicant: Lawrence W Tang ,  Douglas M Petty ,  Michael T Habrat

Inventor： Lawrence W Tang ,  Douglas M Petty ,  Michael T Habrat

IPC: H04L9/00 ,  H04L29/06 ,  H04L9/32 ,  G06F21/00 ,  G06F12/14 ,  H04L9/08

CPC classification number: H04L9/0861 ,  G06F21/10 ,  G06F2221/0704 ,  G06F2221/0797 ,  G06Q20/1235 ,  G06Q20/3672 ,  G06Q20/3823 ,  H04L9/0891 ,  H04L9/3236 ,  H04L63/0428 ,  H04L63/0435

Abstract: An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.

Abstract translation: 可以基于与软件下载接收者（例如，安全处理器）相关联的个性化单元数据来生成加密密钥。 在一些方面，安全处理器可以基于其个性化单元数据生成解密密钥，并且可以使用生成的加密密钥在软件提供商和安全处理器之间执行软件下载。 然后，安全处理器可以解密并加载软件以供执行。 加密和解密密钥生成还可以基于指示在安全处理器处的一个或多个先前软件下载的序列号或其他数据。 使用序列号或其他数据，可以生成多个加密和/或解密密钥的序列，以支持向安全处理器的多个软件下载。

公开(公告)号：US09473463B2

公开(公告)日：2016-10-18

申请号：US14445799

申请日：2014-07-29

Applicant: COMBINED CONDITIONAL ACCESS DEVELOPMENT AND SUPPORT, LLC

Inventor： Madhu Penugonda ,  Lawrence Tang ,  Kenneth Miller ,  Douglas Petty

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04N21/26606 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/068 ,  H04L63/0869 ,  H04L63/166 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2842 ,  H04L69/28 ,  H04N21/2347

Abstract: Methods, systems, computer-readable media, and apparatuses for providing control word and associated entitlement control message (ECM) functionalities are presented. In some embodiments, a computing device may cache concurrently a first set of control words and a first set of entitlement control messages (ECMs) associated with the first set of control words. The computing device may encrypt a transport stream with a particular control word of the first set of control words. The computing device may insert a particular ECM, of the first set of ECMs, corresponding to the particular control word into the transport stream sent to a device downstream from the computing device. In some embodiments, a computing device may reuse control words and associated ECMs.

Abstract translation: 提出了用于提供控制字和相关授权控制消息（ECM）功能的方法，系统，计算机可读介质和装置。 在一些实施例中，计算设备可以同时缓存与第一组控制字相关联的第一组控制字和第一组授权控制消息（ECM）。 计算设备可以用第一组控制字的特定控制字加密传输流。 计算设备可以将与特定控制字对应的第一组ECM的特定ECM插入发送到计算设备下游的设备的传输流中。 在一些实施例中，计算设备可以重用控制字和相关联的ECM。

公开(公告)号：US10375030B2

公开(公告)日：2019-08-06

申请号：US15192097

申请日：2016-06-24

Applicant: Combined Conditional Access Development & Support, LLC (CCAD, LLC)

Inventor： Madhu Penugonda ,  Lawrence Tang

IPC: H04L29/06

Abstract: Methods are disclosed for creating a virtual encryption session prior to video streaming content being requested to reduce or eliminate delay in initialization of the encryption session and content delivery to the customer. A virtual session has control word(s) (CW) and virtual entitlement control message(s) (ECM) that are devoid of content specific information. One or more virtual sessions may be stored at an edge device and may be used to encrypt the first portion of a content stream while a content-specific encryption session is being initiated.

公开(公告)号：US11418364B2

公开(公告)日：2022-08-16

申请号：US15615930

申请日：2017-06-07

Applicant: Combined Conditional Access Development & Support, LLC

Inventor： Lawrence W. Tang

IPC: H04L67/14 ,  H04L12/40 ,  H04L9/40 ,  H04L9/08 ,  G06F21/10 ,  H04L9/32

Abstract: The various examples are directed to establishing a secure session between a device and a server. The device and the server may establish a session key. The session key may be used for encrypting data. After authenticating the session key, the server may transmit secure session data to the device, and the device may store the secure session data. The server may transmit information for deriving, based on secure session data, the session key to a different server. The device may transmit the secure session data to the server, or to the different server, to re-establish the secure session. The different server may derive, using the information and based on the secure session data, the session key. The different server may re-establish, using the session key, the secure session.

公开(公告)号：US11418339B2

公开(公告)日：2022-08-16

申请号：US14575037

申请日：2014-12-18

Applicant: Combined Conditional Access Development & Support, LLC

Inventor： Lawrence Tang ,  An Tonthat

IPC: H04L9/28 ,  H04L9/16 ,  H04L9/06 ,  H04L9/00

Abstract: An apparatus, method, system and computer-readable medium are provided for preserving an encryption of data when confronted by an attack, such as a side channel analysis (SCA) attack based on a statistical analysis. In some embodiments, hardware, software, and/or firmware associated with an encryption calculation may be exercised or accessed during a background operation when an actual or real operation is not taking place. During the background operation, dummy values for data and one or more keys may be input to the hardware. A switching between the real operation and the background operation may take place seamlessly such that measurement of a physical characteristic associated with the hardware is indistinguishable in terms of when the real and background operations are active. In this manner, the secrecy of a key used in connection with the real operation may be preserved.

公开(公告)号：US09930390B2

公开(公告)日：2018-03-27

申请号：US15269536

申请日：2016-09-19

Applicant: Combined Conditional Access Development and Support, LLC

Inventor： Madhu Penugonda ,  Lawrence Tang ,  Kenneth Miller ,  Douglas Petty

IPC: H04L29/06 ,  H04N21/266 ,  H04L29/08 ,  H04N21/2347

CPC classification number: H04N21/26606 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/068 ,  H04L63/0869 ,  H04L63/166 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2842 ,  H04L69/28 ,  H04N21/2347

Abstract: Methods, systems, computer-readable media, and apparatuses for providing control word and associated entitlement control message (ECM) functionalities are presented. In some embodiments, a computing device may cache concurrently a first set of control words and a first set of entitlement control messages (ECMs) associated with the first set of control words. The computing device may encrypt a transport stream with a particular control word of the first set of control words. The computing device may insert a particular ECM, of the first set of ECMs, corresponding to the particular control word into the transport stream sent to a device downstream from the computing device. In some embodiments, a computing device may reuse control words and associated ECMs.

公开(公告)号：US20150104011A1

公开(公告)日：2015-04-16

申请号：US14575037

申请日：2014-12-18

Applicant: Combined Conditional Access Development & Support, LLC

Inventor： Lawrence Tang ,  An Tonthat

IPC: H04L9/16

CPC classification number: H04L9/16 ,  H04L9/002 ,  H04L9/0631

Abstract: An apparatus, method, system and computer-readable medium are provided for preserving an encryption of data when confronted by an attack, such as a side channel analysis (SCA) attack based on a statistical analysis. In some embodiments, hardware, software, and/or firmware associated with an encryption calculation may be exercised or accessed during a background operation when an actual or real operation is not taking place. During the background operation, dummy values for data and one or more keys may be input to the hardware. A switching between the real operation and the background operation may take place seamlessly such that measurement of a physical characteristic associated with the hardware is indistinguishable in terms of when the real and background operations are active. In this manner, the secrecy of a key used in connection with the real operation may be preserved.

Abstract translation: 提供了一种装置，方法，系统和计算机可读介质，用于在面对诸如基于统计分析的侧面信道分析（SCA）攻击的攻击时保持数据的加密。 在一些实施例中，当不进行实际或实际操作时，可以在背景操作期间执行或访问与加密计算相关联的硬件，软件和/或固件。 在后台操作期间，可以向硬件输入数据和一个或多个键的虚拟值。 实际操作和后台操作之间的切换可以无缝地进行，使得与硬件相关联的物理特性的测量在实际和后台操作何时有效时是不可区分的。 以这种方式，可以保持与实际操作有关的密钥的保密性。

公开(公告)号：US08958550B2

公开(公告)日：2015-02-17

申请号：US13230872

申请日：2011-09-13

Applicant: Lawrence W. Tang ,  An Tonthat

Inventor： Lawrence W. Tang ,  An Tonthat

IPC: H04L9/06 ,  H04L9/28 ,  H04L9/32 ,  H04L9/00

CPC classification number: H04L9/16 ,  H04L9/002 ,  H04L9/0631

Abstract: An apparatus, method, system and computer-readable medium are provided for preserving an encryption of data when confronted by an attack, such as a side channel analysis (SCA) attack based on a statistical analysis. In some embodiments, hardware, software, and/or firmware associated with an encryption calculation may be exercised or accessed during a background operation when an actual or real operation is not taking place. During the background operation, dummy values for data and one or more keys may be input to the hardware. A switching between the real operation and the background operation may take place seamlessly such that measurement of a physical characteristic associated with the hardware is indistinguishable in terms of when the real and background operations are active. In this manner, the secrecy of a key used in connection with the real operation may be preserved.

Abstract translation: 提供了一种装置，方法，系统和计算机可读介质，用于在面对诸如基于统计分析的侧面信道分析（SCA）攻击的攻击时保持数据的加密。 在一些实施例中，当不进行实际或实际操作时，可以在背景操作期间执行或访问与加密计算相关联的硬件，软件和/或固件。 在后台操作期间，可以向硬件输入数据和一个或多个键的虚拟值。 实际操作和后台操作之间的切换可以无缝地进行，使得与硬件相关联的物理特性的测量在实际和后台操作何时有效时是不可区分的。 以这种方式，可以保持与实际操作有关的密钥的保密性。