Method, system, and computer program products for identifying potentially fraudulent receivers of digital content. A receiver authenticates to an auditing service with data that should be unique to the receiver. The auditing service detects when multiple receivers attempt to authenticate with the sa
Method, system, and computer program products for identifying potentially fraudulent receivers of digital content. A receiver authenticates to an auditing service with data that should be unique to the receiver. The auditing service detects when multiple receivers attempt to authenticate with the same data, suggesting that a receiver has been cloned or duplicated. The audit service also detects when a receiver authenticates improperly, suggesting an unsuccessful and unauthorized attempt to duplicate an authorized receiver. Individual receivers may be networked together. To help protect a receiver's authentication data from tampering, at least a portion of the data may be digitally signed with a private key. The audit service may then verify the digital signature with a corresponding public key. Varying the order in which data is signed or where the data is stored from one receiver or group of receivers to another may provide an additional level of security.
대표청구항▼
What is claimed is: 1. A method of authenticating a receiver device so that potentially fraudulent receiver devices may be identified, the method comprising acts of: receiving by an audit service authentication data from a first receiver, wherein the authentication data comprises data which should
What is claimed is: 1. A method of authenticating a receiver device so that potentially fraudulent receiver devices may be identified, the method comprising acts of: receiving by an audit service authentication data from a first receiver, wherein the authentication data comprises data which should be unique to the first receiver, and comprises data from a receiver system data store, and wherein the data which should be unique to the receiver is stored in a memory that is arranged in accordance with a cyclic permutation algorithm, the system data store comprising a device birthmark, a service provider public key, and a certificate, the device birthmark being a signed hash of the system data store contents, and the certificate being a signed hash of the first receiver'serial number and public key and wherein the signed hash is signed by a private key corresponding to the service provider's public key; storing by the audit service authentication information derived from the authentication data received from the first receiver; receiving by the audit service from a second receiver, authentication data; comparing authentication information derived from the authentication data received from the second receiver with the authentication information derived from the authentication data received from the first receiver; when the authentication information derived from the authentication data received from the second receiver is the same as the authentication information derived from the authentication data received from the first receiver, determining that a receiver has been cloned or is being used for unauthorized purposes. 2. A method as recited in claim 1, wherein the data received by the audit service is encrypted. 3. A method as recited in claim 1, wherein the authentication data comprises a digital signature created by digitally signing at least a portion of the data which should be unique to the receiver with a private key, and wherein the audit service is capable of verifying the digital signature. 4. A method as recited in claim 1, wherein the data which should be unique to the receiver is stored in a memory, and wherein a storage location of at least a portion of the data varies from one group of one or more receivers to another. 5. A method as recited in claim 1, wherein the data which should be unique to the receiver and received by the audit service comprises: a hard disk encryption key, a private/public key pair, a serial number, a public key for authenticating the audit server, and a receiver certificate. 6. A method as recited in claim 1, wherein authorized receivers are receiver devices with a valid subscription to receive the at least some digital content. 7. A method as recited in claim 1, wherein the authentication data is stored in either a read only memory or a write-once memory, and wherein the method further comprises an act of retrieving the authentication data from either the read only memory or the write-once memory. 8. A method as recited in claim 1, wherein a gateway receiver is coupled to one or more local receiver devices, the method further comprising acts of: the gateway receiver receiving local receiver authentication data from each of the one or more local receiver devices, wherein the local receiver authentication data comprises data which should be unique to each of the one or more local receiver devices; storing, by the gateway receiver, a representation of the local receiver authentication data; and sending the representation of the local receiver authentication data to the audit service, whereby the audit service is able to identify the one or more local receiver devices coupled to the gateway receiver. 9. A method as recited in claim 1, further comprising an act of either (i) storing digital content on a nonvolatile storage device, or (ii) if the digital content is digital video data, then displaying the digital content on a video display device. 10. A method as recited in claim 1, wherein the digital content comprises subscription-based content that is broadcast to one or more receivers over a satellite or cable link, and wherein the authentication data is sent to the audit service over an Internet connection. 11. A method as recited in claim 1, where in the system data store is physically packaged in a manner to inhibit reverse engineering. 12. A method as recited in claim 3, wherein the order in which data is signed to create the digital signature varies from one group of one or more receivers to another. 13. A method as recited in claim 4 wherein the storage location of at least a portion of the data varies from one group of one or more receivers to another varies according to geographic market. 14. A method as recited in claim 12 wherein the order in which data is signed to create the digital signature varies from one group of one or more receivers to another varies according to geographic market. 15. A computer program product for authenticating a receiver device so that potentially fraudulent receiver devices may be identified, the computer program product comprising a computer-readable storage medium having encoded thereon machine-executable instructions which, when executed, performs: receiving by an audit service authentication data from a first receiver, wherein the authentication data comprises data which should be unique to the first receiver, and comprises data from a receiver system data store, and wherein the data which should be unique to the receiver is stored in a memory that is arranged in accordance with a cyclic permutation algorithm, the system data store comprising a device birthmark, a service provider public key, and a certificate, the device birthmark being a signed hash of the system data store contents, and the certificate being a signed hash of the first receiver'serial number and public key and wherein the signed hash is signed by a private key corresponding to the service provider's public key; storing by the audit service authentication information derived from the authentication data received from the first receiver; receiving by the audit service from a second receiver, authentication data; comparing authentication information derived from the authentication data received from the second receiver with the authentication information derived from the authentication data received from the first receiver; when the authentication information derived from the authentication data received from the second receiver is the same as the authentication information derived from the authentication data received from the first receiver, determining that a receiver has been cloned or is being used for unauthorized purposes. 16. A computer program product as recited in claim 15, wherein the data received by the audit service is encrypted. 17. A computer program product as recited in claim 15, wherein the authentication data comprises a digital signature created by digitally signing at least a portion of the data which should be unique to the receiver with a private key, and wherein the audit service is capable of verifying the digital signature. 18. A computer program product as recited in claim 15, wherein the order in which data is signed to create the digital signature varies from one group of one or more receivers to another. 19. A computer program product as recited in claim 15, wherein the data which should be unique to the receiver is stored in a memory, and wherein a storage location of a least a portion of the data varies from one group of one or more receivers to another. 20. A computer program product as recited in claim 15, wherein the data which should be unique to the receiver and received by the audit service comprises a hard disk encryption key, a private/public key pair, a serial number, a public key for authenticating the audit server, and a receiver certificate. 21. A computer program product as recited in claim 15, wherein authorized receivers are receiver devices with a valid subscription to receive the at least some digital content. 22. A computer program product as recited in claim 15, wherein the authentication data is stored in either a read only memory or a write-once memory, and wherein the method further comprises an act of retrieving the authentication data from either the read only memory or the write-once memory. 23. A computer program product as recited in claim 15, wherein a gateway receiver is coupled to one or more local receiver devices, the method further comprising acts of: the gateway receiver receiving local receiver authentication data from each of the one or more local receiver devices, wherein the local receiver authentication data comprises data which should be unique to each of the one or more local receiver devices; storing a representation of the local receiver authentication data; and sending the representation of the local receiver authentication data to the audit service, whereby the audit service is able to identify the one or more local receiver devices coupled to the gateway receiver. 24. A computer program product as recited in claim 15, the method further comprising an act of either (i) storing the digital content on a nonvolatile storage device, or (ii) displaying the digital video content on a display device. 25. A computer program product as recited in claim 15, wherein the digital content comprises subscription-based content that is broadcast to the one or more receivers over a satellite or cable link, and wherein the authentication data is sent to the audit service over an Internet connection. 26. A method of authenticating a receiver device so that potentially receiver devices may be identified, the method comprising steps for: at a gateway receiver, receiving digital content that is broadcast from at least one content source; providing access to the received digital content through the gateway receiver; establishing an encrypted communication channel with an audit service that is enabled to authenticate the gateway receiver; and authenticating to the audit service, wherein authentication permits the audit service to identify potentially fraudulent receiver devices by the audit service comparing authentication information derived from authentication data received from a second receiver with authentication information derived from authentication data having been received from a first receiver, wherein the authentication data comprises data which should be unique to each receiver, comprises data from a receiver system data store, the system data store comprising a device birthmark, a service provider public key, and a certificate, the device birthmark being a signed hash of the system data store contents, and the certificate being a signed hash of the first receiver's serial number and public key and wherein the signed hash is signed by a private key corresponding to the service provider's public key; and when the authentication information derived from the authentication data received from the second receiver is the same as the authentication information derived from the authentication data received from the first receiver, determining that a receiver has been cloned or is being used for unauthorized purposes; wherein the step for authenticating to the audit service comprises an act of sending authentication data to the audit service, the authentication data comprising a digital signature created by digitally signing at least a portion of data which should be unique to the gateway receiver with a private key, and wherein the audit service is capable of verifying the digital signature wherein the authentication data is stored in a memory with the order of use for one or more individual memory locations being scrambled by a cyclic permutation algorithm; and wherein a prime number unique to the receiver is stored in the system data store and the prime number is larger than the size of the data region to be scrambled. 27. A method as recited in claim 26, wherein the prime number is used to generate a cyclic permutation group. 28. A computer program product comprising a computer-readable storage medium having encoded thereon machine-executable instructions, for authenticating a receiver device so that potentially fraudulent receiver devices may be identified, the machine-executable instructions, when executed performing: at a gateway receiver, receiving digital content that is broadcast from at least one content source; providing access to the received digital content through the gateway receiver; establishing an encrypted communication channel with an audit service that is enabled to authenticate the gateway receiver; and authenticating to the audit service, wherein authentication permits the audit service to identify potentially fraudulent receiver devices by the audit service comparing authentication information derived from authentication data received from a second receiver with authentication information derived from authentication data having been received from a first receiver, wherein the authentication data comprises data which should be unique to each receiver, comprises data from a receiver system data store, the system data store comprising a device birthmark, a service provider public key, and a certificate, the device birthmark being a signed hash of the system data store contents, and the certificate being a signed hash of the first receiver's serial number and public key and wherein the signed hash is signed by a private key corresponding to the service provider's public key; and when the authentication information derived from the authentication data received from the second receiver is the same as the authentication information derived from the authentication data received from the first receiver, determining that a receiver has been cloned or is being used for unauthorized purposes; wherein the step for authenticating to the audit service comprises an act of sending authentication data to the audit service, the authentication data comprising a digital signature created by digitally signing at least a portion of data which should be unique to the gateway receiver with a private key, and wherein the audit service is capable of verifying the digital signature; wherein the authentication data is stored in a memory with the order of use for one or more individual memory locations being scrambled by a cyclic permutation algorithm; and wherein a prime number unique to the receiver is stored in the system data store and the prime number is larger than the size of the data to be scrambled. 29. A computer program product as recited in claim 28, wherein the prime number is used to generate a cyclic permutation group.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (25)
Rhoads Geoffrey B., Anti-piracy system for wireless telephony.
Rakib, Selim Shlomo; Quinard, Fabrice Michel Raymond; Monta, Peter Albert, Home network for receiving video-on-demand and other requested programs and services.
Wood, David L.; Weschler, Paul; Norton, Derk; Ferris, Chris; Wilson, Yvonne; Soley, William R., Log-on service providing credential level change without loss of session continuity.
Asokan,Nadarajah; Debar,Herve C.; Steiner,Michael; Waidner,Michael, Personal device, terminal, server and methods for establishing a trustworthy connection between a user and a terminal.
Akins, III, Glendon L.; Banker, Robert O.; Palgon, Michael S.; Pinder, Howard G.; Wasilewski, Anthony J., Representing entitlements to service in a conditional access system.
Puhl Larry C. ; Vogler Dean H. ; Dabbish Ezzat A., Secure wireless electronic-commerce system with digital product certificates and digital license certificates.
Ansari, Amir; Cowgill, George A.; Masina, Ramprakash; Ramayya, Jude P.; McQuarters, Alvin R.; Raissyan, Atousa; Nicholls, Leon E.; Erhart, Wesley R.; Cooper, Michael P., Activation, initialization, authentication, and authorization for a multi-services gateway device at user premises.
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Raissyan, Atousa; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R., Display inserts, overlays, and graphical user interfaces for multimedia systems.
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Raissyan, Atousa; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R., Display inserts, overlays, and graphical user interfaces for multimedia systems.
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Raissyan, Atousa; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R., Display inserts, overlays, and graphical user interfaces for multimedia systems.
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Raissyan, Atousa; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R., Display inserts, overlays, and graphical user interfaces for multimedia systems.
Catherman, Ryan Charles; Challener, David Carroll; Hoff, James Patrick, Method for securely creating an endorsement certificate in an insecure environment.
Connelly, Jeffrey A.; O'Rourke, David M.; Patenaude, Matthew M., Recipient blind cryptographic access control for publicly hosted message and data streams.
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R.; Raissyan, Atousa, System and method for providing network support services and premises gateway support infrastructure.
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R.; Raissyan, Atousa, System and method for providing network support services and premises gateway support infrastructure.
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R.; Raissyan, Atousa, System and method for providing network support services and premises gateway support infrastructure.
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R.; Raissyan, Atousa, System and method for providing network support services and premises gateway support infrastructure.
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R.; Raissyan, Atousa, System and method for providing network support services and premises gateway support infrastructure.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.