Cryptography – Video cryptography – Video electric signal modification
Reexamination Certificate
1999-02-24
2001-07-03
Swann, Tod (Department: 2132)
Cryptography
Video cryptography
Video electric signal modification
C380S211000, C380S229000, C380S231000, C380S233000, C380S234000, C380S241000, C380S242000, C705S058000, C705S059000, C705S077000, C713S165000, C713S166000, C713S167000, C713S187000, C713S191000
Reexamination Certificate
active
06256393
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to a method for providing authorization, authentication and access control of “executable code”, or, “software object”, which includes but is not limited to application code, operating systems and associated components (e.g. dynamic link libraries—DLL's), BIOS, Java Virtual Machine (JVM), Java applications and applets, etc., residing in set-top terminals.
BACKGROUND OF THE INVENTION
As digital set-top terminals (the General Instrument DCT5000+, for example), incorporate the capability to download different operating systems, DLL's, JVM's (Windows CE included), multiple system cable operators (MSO's) need a mechanism that will allow them to maintain control of the features and applications that run within these set-top terminals. More specifically, MSO's want the ability to access control services and associated usage of software objects in set-top terminals.
One known attempt to address the authenticity of code objects for the PC environment is Microsoft's “Authenticode” capability. This product enables software vendors to acquire a digital signature for published executable code. Authenticode provides a digital signature with only one signer; the code is signed with Microsoft's private key (which is not published) and is verified with Microsoft's public key, which is bundled into the Authenticode verification code in the operating system. However, while Authenticode provides digital signature protection for executable code, it does not provide any means of determining access requirements for the executable code for access control purposes (and revenue generation purposes), and it is applicable only to executable code.
A second known attempt to address control of Java applets is “Java Security” which is intended to prevent applets from inspecting or changing files on a client system and from using network connections to circumvent file protections or data privacy measures. However, as is the case with Authenticode, Java Security does not offer authentication of any software object unless it is Java based, nor does it offer the association with access requirements for access control and revenue generation purposes.
Although each of the products described above attempt to address protection and control of software object in a PC environment against unauthorized utilization by a given set-top terminal, they do not fully address the issues associated with authorization, authentication and access control, and thus, do not provide an optimal solution that meets MSO requirements.
SUMMARY OF THE INVENTION
As set-top terminals assume a computing environment for entertainment purposes by utilizing downloadable software objects such as operating systems, libraries, Java Virtual Machines, applications, applets, etc., it becomes extremely critical to protect and control the software object to guard against unauthorized utilization by a given set-top terminal. In accordance with the proposed concept, not only does the identity of each software object require authentication but also, its utilization has to be subject to MSO control via authorization permissions along with control of which set-top terminal resources a given software object may use. These measures complement those of object validation and verification and ensure that software objects that have not been authenticated are not utilized. To the extent that these measures are utilized, the set-top terminal is no longer subject to problems associated with objects that have failed to follow the security design rules, or worse yet, those which may be contaminated with a virus that is meant to cause harm to the MSO's network and associated set-top terminals.
In a particular embodiment of the invention, a method for providing authorization and access control of software object residing in digital set-top terminals creates a fingerprint (signature) for each software object, associates each fingerprint with a service tier, encodes each association and creates an association table containing the information generated by the encoding step (note, this table may consist of one or more association entries). In addition, the method sends the association table to the digital set-top terminal and also transmits a message indicating what software objects the set-top terminal may utilize, to the digital set-top terminal. Finally the proposed method provides a system routine at the digital set-top terminal that is invoked prior to commencing download of the object, once the software object has been downloaded, or optionally whenever the software object is about to be utilized (or “invoked” if it is executable code). The system routine uses the association table to validate the authenticity of the object (authenticate it) and to determine if the software object about to be utilized is associated with a corresponding service tier which the set-top has been authorized for, if not the software object download (or utilization) is not allowed. If however the software object about to be downloaded (or utilized) is associated with a service tier for which the set-top has been authorized, the object download (or utilization) is allowed. In accordance with another aspect of the invention, the software object has been verified and validated prior to the recited steps.
In accordance with still another aspect of the invention, the transmitted message further indicates which set-top terminal resources the software object or the set-top as a whole is authorized to utilize.
Yet a further advantage provided by another feature of the present invention is that if the software object about to be invoked contains the correct fingerprint and authorization rights match the authorization requirements associated with the software object, the method further determines if the use of set-top terminal resources has been authorized. In one embodiment, if a determination is made that the use of a set-top terminal resource has been requested, the method further provides a second system routine at the digital set-top terminal, and the second system routine uses the transmitted messages to determine if the software object may utilize the requested set-top terminal resource. In the case where the resource is authorized as in Impulse-authorizable resource (by associating it with an impulse tier in the message), the user is allowed to request an impulse (immediate) authorization of this resource. This prevents the subscriber (user) from having to call the MSO's Customer Service Center for such authorization.
A further advantageous feature of the invention is that if the software object about to be utilized does not contain the correct fingerprint, the software object is not executed.
REFERENCES:
patent: 4712239 (1987-12-01), Frezze et al.
patent: 5003591 (1991-03-01), Kauffman et al.
patent: 5572590 (1996-11-01), Chess
patent: 5724425 (1998-03-01), Chang et al.
patent: 5740246 (1998-04-01), Saito
patent: 5870474 (1999-02-01), Wasilewski et al.
patent: 5943422 (1999-08-01), Van Wie et al.
patent: 6061451 (2000-05-01), Mratani et al.
patent: 6069647 (2000-05-01), Sullivan et al.
patent: 0 813 133 A2 (1997-12-01), None
patent: 0 827 329 A1 (1998-03-01), None
patent: 0 848 314 A1 (1998-06-01), None
patent: WO97/25798 (1997-07-01), None
patent: WO99/07149 (1999-02-01), None
Safadi Reem
Vince Lawrence
Callahan Paul E.
General Instrument Corporation
Mayer Fortkort & Williams PC
Swann Tod
Williams Esq. Karin L.
LandOfFree
Authorization and access control of software object residing... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Authorization and access control of software object residing..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Authorization and access control of software object residing... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2436788