AUTHENTICATION IN A NETWORK

FIELD OF THE INVENTION

The present invention relates to authentication in a home network environment.

BACKGROUND OF THE INVENTION

Standard authentication, as is well known in the art, is provided by, for example, a user typing a secret Personal Identification Number (PIN), to provide a proof of identity. Such authentication is generally considered insecure. Other well-known types of authentication use a secret key stored on a secure device, such as a smart card, in combination with a cryptographic signing algorithm.

The following references are believed to represent the state of the art:

U.S. Patent 5,231,668 to Kravitz;

A presentation entitled "Set-Top Boxes - Xilinx Solutions for the Broadcast Chain", describing a commercially available set top box which includes RSA capabilities. The presentation is available on the World Wide Web at: www.xilinx.com/esp/dvt/prof _. bi'dcst/collateral/settopbox.pdf;

A presentation describing smart cards using a protocol known as the EAP protocol (a widely accepted family of authentication protocols). The presentation is available on the World Wide Web at: csr.bu.edu/aswn2004/slides/Monday/Session2/pasquale.pdf; A description of a Microsoft implementation of the EAP protocol with smart cards, available on the World Wide Web at: support.microsoft.corn/?kbid=259880;

An article on the subject of multi-signatures and their security entitled "The Security of Practical Two-Party RSA Signature Schemes", by Mihir Bellare and Ravi Sandhu, available on the World Wide Web at: www.cs.ucsd.edu/users/mihir/papers/splitkey.pdf;

"Digital multisignatures", by Colin Boyd, in "Cryptography and Coding", (HJ.Beker and F.C.Piper Eds.), Oxford University Press, 1989, pp 241- 246;

"Multisignatures based on zero knowledge schemes", by Colin Boyd, in "Electronics Letters", 27, 22, October 1991, pp 2002-2004; and

"Digital Signature Standard (DSS)", a Federal Information Processing Standard Publication (FIPS-186-2), available on the World Wide Web at: csrc.nist.gov/publications/fips/fipsl86-2/fipsl86-2-changel. pdf.

The disclosures of all references mentioned above and throughout the present specification, as well as the disclosures of all references mentioned in those references, are hereby incorporated herein by reference.

SUMMARY OF THE INVENTION

The present invention, in preferred embodiments thereof, includes an authentication system including a set top box with a smart card. The authentication system is part of a home network, preferably including one or more ^• other devices. The authentication system preferably provides authentication services to the other device(s) on the home network, and to other devices located outside the home network, on the World Wide Web. The authentication system preferably provides varying levels of authentication security.

By way of a non-limiting example, the other device is an internet- connected personal computer (PC). The PC communicates with the set top box via Ethernet. The PC sends an authentication request to the set top box, to perform a cryptographic function on an input. The set top box preferably fulfills the request in combination with the smart card, comprised within the set top box.

The cryptographic function is preferably a digital signature on a result of applying a hash function to contents of a document.

The cryptographic functions mentioned above use one or more secret keys, belonging to the smart card and set top box pair. The functions also preferably require the existence of a public key infrastructure, to allow members of the public to verify the identity of the secret key owner, which is the smart card and set top box pair.

The present invention, in preferred embodiments thereof, uses set top box secrets in combination with smart card secrets. Schemes using a double secret are typically more secure than schemes using a single secret.

The present invention, in preferred embodiments thereof, typically provides a higher level of security than the security level provided by a smart card alone, or an equivalent electronic security device such as a "dongle" alone.

An increasing percentage of set top boxes deployed in homes are equipped with unique secret keys for security purposes.

The term "signing" in all its grammatical forms is used throughout the present specification and claims interchangeably with the term "authentication" and its corresponding grammatical forms.

0808

The term "secret" in all its grammatical forms is used throughout the present specification and claims interchangeably with the terms "secret token", "secret key" and "private key" in all their grammatical forms.

There is thus provided in accordance with a preferred embodiment of the present invention a set top box interacting with a smart card for providing authentication services to a device, the device being external to the set top box, the set top box and the device being operatively associated, the set top box including a smart card receptacle for receiving the smart card therein, a smart card I/O port operatively connected to the smart card receptacle, the smart card I/O port being operative to communicate with the smart card, a device I/O port to communicate with the device and receive a request from the device for an authentication service, and an authentication processor, operatively connecting the device I/O port and the smart card I/O port, the authentication processor including a receive module to receive the request for the authentication service from the device I/O port, a request module to request the smart card, via the smart card I/O port, to perform at least a first part of the authentication service, and a transfer module to transfer to the device, via the device I/O port, a result of the authentication service based on a result of the at least first part of the authentication service performed by the smart card. Further in accordance with a preferred embodiment of the present invention the authentication processor further includes an authentication module to perform a second part of the authentication service.

Still further in accordance with a preferred embodiment of the present invention the authentication module is operative to authenticate the result of the at least first part of the authentication service performed by the smart card.

Additionally in accordance with a preferred embodiment of the present invention the authentication module is operative to perform the second part of the authentication service prior to the request module requesting the smart card to perform the at least first part of the authentication service. Moreover in accordance with a preferred embodiment of the present invention the authentication module uses a secret to perform the authentication.

Further in accordance with a preferred embodiment of the present invention the authentication module authenticates using an RSA signature.

Still further in accordance with a preferred embodiment of the present invention the authentication module authenticates using an ElGamal signature.

Additionally in accordance with a preferred embodiment of the present invention the authentication module authenticates using a Fiat-Shamir signature.

There is also provided in accordance with another preferred embodiment of the present invention a system for providing authentication services to a device, the device being external to the system, the system including a smart card operative to perform authentication services, and a set top box including a device I/O port to communicate with the device and receive a request from the device for an authentication service, a smart card receptacle, for receiving the smart card therein, a smart card I/O port, operatively connected to the smart card receptacle, the smart card I/O port being operative to communicate with the smart card, and an authentication processor operatively connecting the device I/O port and the smart card I/O port, the authentication processor including a receive module to receive the request for the authentication service from the device I/O port, a request module to request the smart card, via the smart card I/O port, to perform at least a first part of the authentication service, and a transfer module to transfer to the device, via the device I/O port, a result of the authentication service based on a result of the at least first part of the authentication service performed by the smart card. . Further in accordance with a preferred embodiment of the present invention the authentication processor further includes an authentication module to perform a second part of the authentication service.

Still further in accordance witihi a preferred embodiment of the present invention the authentication module is operative to authenticate the result of the at least first part of the authentication service performed by the smart card.

Additionally in accordance with a preferred embodiment of the present invention the authentication module is operative to perform the second

part of the authentication service prior to the request module requesting the smart card to perform the at least first part of the authentication service.

Moreover in accordance with a preferred embodiment of the present invention the authentication module uses a secret to perform the authentication. Further in accordance with a preferred embodiment of the present invention the authentication module authenticates using an RSA signature.

Still further in accordance with a preferred embodiment of the present invention the authentication module authenticates using an ElGamal signature. Additionally in accordance with a preferred embodiment of the present invention the authentication module authenticates using a Fiat- Shamir signature.

There is also provided in accordance with still another preferred embodiment of the present invention, in an environment including a set top box interacting with a smart card and a device operatively associated with the set top box, the device being external to the set top box, a method for providing authentication services to the device, the method including the set top box receiving a request from the device to perform an authentication service, the set top box requesting the smart card to perform at least a first part of the authentication service, the set top box receiving from the smart card a result of the at least first part of the authentication service performed by the smart card, and the set top box transferring to the device a result of the authentication process based on the result of the at least first part of the authentication service received from the smart card. Further in accordance with a preferred embodiment of the present invention the set top box performs a second part of the authorization service.

Still further in accordance with a preferred embodiment of the present invention the smart card performs the at least first part of the authentication service, and provides the result of the performing the at least first part of the authentication request to the set top box.

Additionally in accordance with a preferred embodiment of the present invention the smart card performs the at least first part of the authentication service using a secret.

There is also provided in accordance with another preferred embodiment of the present invention a set top box interacting with a smart card for providing authentication services to a device, the device being external to the set top box, the set top box and the device being operatively associated, the set top box including a smart card receptacle for receiving the smart card therein, a smart card I/O port operatively connected to the smart card receptacle, the smart card I/O port being operative to communicate with the smart card, a device I/O port operative to communicate with the device and receive a request from the device for an authentication service, and an authentication processor, operatively connecting the device I/O port and the smart card I/O port, the authentication processor including a receive module to receive the request for the authentication service from the device I/O port, a request module to request the smart card, via the smart card I/O port, to perform a first part of the authentication service, an authentication module to perform a second part of the authentication service, and a transfer module to transfer to the device, via the device I/O port, a result of the authentication service based on a result of the first part of the authentication service performed by the smart card, and a result of the second part of the authentication service performed by the authentication module.

There is also provided in accordance with still another preferred embodiment of the present invention a system for providing authentication services to a device, the device being external to the system, the system including a smart card operative to perform authentication services, and a set top box including a device I/O port operative to communicate with the device and receive a request from the device for an authentication service, a smart card receptacle, for receiving the smart card therein, a smart card I/O port, operatively connected to the smart card receptacle, the smart card I/O port being operative to communicate with the smart card, and an authentication processor operatively connecting the device I/O port and the smart card I/O port, the authentication processor including a receive module to receive the request for the authentication service from the

device I/O port, a request module to request the smart card, via the smart card I/O port, to perform a first part of the authentication service, an authentication module to perform a second part of the authentication service, and a transfer module to transfer to the device, via the device I/O port, a result of the authentication service based on a result of the first part of the authentication service performed by the smart card, and a result of the second part of the authentication performed by the authentication module.

There is also provided in accordance with another preferred embodiment of the present invention, in an environment including a set top box interacting with a smart card and a device operatively associated with the set top box, the device being external to the set top box, a method for providing authentication services to the device, the method including the set top box receiving a request from the device to perform an authentication service, the set top box requesting the smart card to perform a first part of the authentication service, the set top box receiving from the smart card a result of the first part of the authentication service performed by the smart card, the set top box performing a second part of the authorization service, and the set top box transferring to the device a result of the authentication process based on a result of the first part of the authentication service received from the smart card, and a result of the second part of the authentication service performed by the set top box.

BRIEF DESCRIPTION OF THE DRAWINGS The present invention will be understood and appreciated more fully from the following detailed description, taken in conjunction with the drawings in which: Fig. 1 is a simplified, partly pictorial, partly functional block diagram, illustration of an authentication system constructed and operative in accordance with a preferred embodiment of the present invention;

Fig. 2 is a simplified functional block diagram illustration depicting in more detail a preferred method of operation of the system of Fig. 1; Fig. 3 is a simplified functional block diagram illustration depicting an alternative preferred method of operation of the system of Fig. 1; and

Fig. 4 is a simplified flowchart illustration of a preferred method for providing authentication by the system of Fig. 1.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

By way of introduction, in a computer environment, authentication is the process by which a first computer, computer program, or computer user, attempts to confirm that a second computer, computer program, or computer user from whom the first party has received some communication is, or is not, the claimed second party.

. Digital signing based on a private key is a typical and accepted method of authentication. Digital signing schemes which are based on modular multiplication are generally considered to be strong schemes. Examples of digital signing schemes based on modular multiplication are RSA, ElGamal, and Fiat- Shamir.

Authentication in a home environment is useful in many different situations, including but not limited to, the examples listed below.

(a) Purchasing digital content over the internet, wherein the authentication is of the identity of a purchaser. The entity seeking to verify the identity of a purchaser may be a broadcaster providing digital services, or a commercial entity using Digital Rights Management (DRM). In case of a broadcaster or a commercial entity using DRM, the authentication allows digital content to be delivered to the purchaser via a set top box, as in cases of Impulse Pay Per View and Video On Demand, and digital content is allowed to be delivered to a PC.

(b) Client identification by entities providing discounts, other promotional actions benefiting the home-network user, and targeted advertising.

(c) Security services enabling a user to access internet sites, such as, for example, and without limiting the generality of the foregoing, "cookie" certification, and user identification.

(d) Securing the use of licensed software. "Dongles" have been used for this purpose in the past, but securing by use of a smart card and a set top box has an advantage of being provided by hardware which already exists in a user's home.

(e) Authentication of a user to an Internet Service Provider. (f) Authentication of a user to a broadcaster head-end, for example, and without limiting the generality of the foregoing, during callbacks.

Reference is now made to Fig. 1 which is a simplified, partly pictorial, partly functional block diagram, illustration of an authentication system 10 constructed and operative in accordance with a preferred embodiment of the present invention. Fig. 1 depicts the system 10 in a typical example setting. The system 10 preferably includes a set top box 125 having a smart card receptacle 129 for receiving a smart card 130. The set top box 125 is typically operatively connected to, and in communication with, the smart card receptacle 129, which communicates with the smart card 130. The set top box 125 is also generally operatively connected to a home communication network 110, and to a television display 127.

A first user 100 is depicted using a device 105, the device being connected to the home network 110. The home network 110 is also connected to the World Wide Web 115. By way of a non-limiting example, the device 105 is depicted as a personal computer (PC), connected by the home network 110 both to the World Wide Web 115 and to the set top box 125. The device 105 and the set top box 125 are located, by way of a non-limiting example, in different rooms of a house.

Persons skilled in the art will appreciate that the device 105 and the set top box 125 are not necessarily located on a home network, and can be located, by way of a non-limiting example, across the World Wide Web from each other.

The set top box 125 is preferably implemented in any suitable combination of software and hardware, as is well known in the art. The set top box 125 preferably comprises suitable conventional components (not shown), as are well known in the art, as well as additional components described herein.

The set top box 125 and the television display 127 are depicted as being housed in separate housings. Persons skilled in the art will appreciate that the set top box 125 and the television display 127 can also be within a single housing. Persons skilled in the art will appreciate that the system 10 operates independently of the set top box 125 and the television display 127 being used for

other purposes, such as, by way of a non-limiting example, television signal descrambling.

The device 105, has hardware and software components enabling communication via the home network 110 to the set top box 125, and enabling request of digital signatures.

The operation of the system of Fig. 1 will now be described in more detail.

The user 100 wishes to authenticate a transaction, for example, but not limited to, payment for a software purchase and download of the purchased software from a commercial site (not shown) on the World Wide Web 115.

In order to provide authentication, the device 105 preferably sends an authentication request 120, through the home network 110, to the set top box 125. The set top box 125 receives the authentication request 120, and sends the authentication request 120 to the smart card 130. The smart card 130 performs authentication as per the authentication request 120, sending an authenticated authentication request 135 back to the set top box 125.

The set top box 125 performs an additional authentication on the authenticated authentication request 135, producing a twice-authenticated authentication request 140, and sends the twice-authenticated authentication request 140, via the home network 110, back to the device 105.

Persons skilled in the art will appreciate that the order of authentication can be different, that is, the set top box 125 can perform the first authentication, and the smart card 130 can perform the second authentication. In accordance with an alternative preferred embodiment of the present invention (not depicted in Fig. 1) the set top box 125 transfers the authenticated authentication request 135, via the home network 110, to the device 105 without performing the additional authentication request performed by the set top box 125. Reference is now made to Fig. 2, which is a simplified functional block diagram illustration depicting in more detail a preferred method of operation of the system 10 of Fig. 1.

Fig. 2 depicts the device 105, in communication with the set top box 125, which is in communication with the smart card 130.

The set top box 125 also preferably includes: a device I/O port 200 for communication between the device 105 and the set top box 125, an authentication processor 210 for processing authentication requests from the device 105, a smart card I/O port 220, for communicating between the smart card 130 and the set top box 125, and a smart card receptacle 129 for receiving the smart card 130. The authentication processor 210 is preferably operative to communicate with both the device I/O port 200 and the smart card I/O port 220. . The authentication processor 210 also preferably includes: a receive module 205, for receiving and processing authentication requests from the device I/O port 200, a request module 215, for sending authentication requests to the smart card I/O port 220, a transfer module 225, and an authentication module 230. The transfer module 225 is preferably operative to: receive and process results received from the smart card FO port 220, send authentication requests to the authentication module 230, receive results from authentication module 230, and send results to the device I/O port 200.

The operation of the system depicted in Fig. 2 will now be described. The device 105 sends the authentication request 120, via the home network 110 (Fig. 1), to the device I/O port 200 comprised in the set top box 125. The authentication request 120 may comprise many forms of digital content, including but not limited to, an arbitrary token, and a result of a hash function of a file or document. The device I/O port 200 included in the set top box 125 is a home network port.. The device I/O port 200 sends the authentication request 120 to the receive module 205 included in and operatively controlled by an authentication processor 210. The authentication processor 210 causes the receive module 205 to send the authentication request 120 to the request module 215, also included in and operatively controlled by the authentication processor 210. The authentication processor 210 causes the authentication request 120 to be sent from the request module 215 to the smart card I/O port 220.

It is appreciated that the smart card I/O port 220 is operatively connected to the smart card receptacle 129, and the smart card receptacle 129 is operative to communicate with the smart card 130. The smart card I/O port 220 sends the authentication request 120 to the smart card 130 via the smart card receptacle 129. The smart card 130 performs a first authentication as a result of the authentication request 120, producing the authenticated authentication request 135.

The smart card 130 uses a smart card secret and smart card processing capability to produce the authenticated authentication request 135. It is to be appreciated that the smart card authentication secrets can be securely set and updated by authorized entities on the World Wide Web or by a provider of digital services to the set top box.

The authentication, by way of a non-limiting example, is preferably performed by applying an RSA signature to the authentication request 120, producing the authenticated authentication request 135. It is to be appreciated that authentication can be performed by other asymmetric signature schemes which enable multiple signing, such as ElGamal and Fiat Shamir.

The smart card 130 sends the authenticated authentication request 135 back to the smart card I/O port 220, via the smart card receptacle 129. The smart card I/O port 220 then sends the authenticated authentication request 135 to the transfer module 225.

The transfer module 225 authenticates the authenticated authentication request 135, using the authentication module 230 to produce the twice-authenticated authentication request 140. The authentication module 230 preferably performs the authentication based on a secret comprised within the set top box 125. The authentication is preferably performed by applying an RSA signature to the authenticated authentication request 135. The transfer module 225 then transfers the twice-authenticated authentication request 140 to the device I/O port 200, and the device I/O port 200 sends the twice-authenticated authentication request 140 to the device 105 via the home network 110 (Fig. 1).

It is to be appreciated that, whereas the smart card 130 performed a first authentication and the authentication module 230 performed a second

.

authentication, an alternative preferred embodiment of the present invention may comprise the authentication module 230 performing the first authentication, and the smart card 130 performing the second authentication. Such an alternative preferred embodiment is described in more detail below with reference to Fig. 3. In accordance with an alternative preferred embodiment of the present invention, the authentication processor 210 causes the transfer module 225 to directly transfer the authenticated authentication request 135 to the device I/O port 200 without an authentication being performed by the authentication module 230. The device I/O port 200 then sends the authenticated authentication request 135 to the device 105 via the home network 110 (Fig. 1).

It is to be appreciated that the smart card 130 and the set top box 125 preferably comprise secrets. For security reasons, the secrets are preferably, although not necessarily, separate from secrets used for television signal descrambling. Persons skilled in the art will appreciate that new set top boxes which include a unique secret, are well known in the art. Modern set top boxes are also equipped with cryptographic hardware and software, implementing, for example, and without limiting the generality of the foregoing, hash functions, and symmetric and non-symmetric encryption. It is to be appreciated that the smart card 130 may optionally be used to store secret tokens received from external entities which request authentication. If the smart card 130 stores the secret tokens, the smart card 130 preferably allocates an area of NVEAM for storing the secret tokens. The secret tokens can be then requested and used by the external entities as a means to prove the external entities' identity to a third party.

It is to be appreciated that the smart card 130 and the set top box 125. comprise software and hardware capable of computing cryptographic functions without interrupting their central task, which is descrambling scrambled video and providing conditional access services. Smart cards with the mathematical processing power required for the cryptographic functions are commonplace.

It is to be appreciated that authentication based on applying an RSA signature, combining a smart card secret and a set top box secret without sharing them, is particularly secure. A message, to which an RSA signature is applied in turn by the smart card 130 using the smart card 130 private key and by the set top box 125 using the set top box 125 private key, is verified by a public key which combines the smart card 130 and the set top 125 box public keys.

For example, given the authentication request 140 termed "M" for purpose of abbreviation, the smart card 130 private key Sl, and the set top box 125 private key S2, the RSA-signed twice-authenticated authentication request 140 is equal to RS A _S2 (RS A ₈₁ (M)).

In order to verify the twice-authenticated authentication request 140, the RSA function is applied in reverse order, using the smart card 130 public key Pl, and the set top box 125 public key P2, as follows: RSA _P1 (RSA _P2 (RSA _S2 (RSA _S1 (M)))) = RSA _P i(RSA _sl (M)) = M. Persons skilled in the art will appreciate that a message decrypted by using the public keys of the smart card 130 and the set top box 125 is authenticated as having been signed by both the smart card 130 and the set top box 125.

A preferred embodiment of the present invention improves the security provided by the above scheme even further, by using a multi-signature authentication scheme. The multi-signature authentication scheme uses a single public key P3, equal to the modular product of Pl and P2, for authentication of the signature created by the smart card 130 and the set top box 125, as follows: RSA _P3 (RSA _S2 (RSA _S1 (M))) = RSA _P1 (RSA _P2 (RSA _S2 (RSA _S1 (M))))

Persons skilled in the art will appreciate that M is preferably modified prior to the first authentication operation by appending additional data fields to M. Of the data fields, some are constants fields, and some are randomly generated fields. The constant fields are verified by the party requesting the authentication, after the party verifies the authentication signature.

The use of the constant and the random fields contributes to the security of the signature scheme, by preventing known types of attacks on asymmetrical signature schemes.

In a preferred embodiment of the present invention, M is modified prior to the first authentication operation by concatenating the following string to M (the double pipe indicates the concatenation operation): Time Stamp || set top box ID || smart card ID || 8 Zero bytes || 8 Random bytes.

Reference is now made to Fig. 3, which is a simplified functional block diagram illustration depicting an alternative preferred method of operation of the system of Fig. 1.

Fig. 3 depicts a set top box 305 which is substantially the same as the set top box 125 of Fig. 2, except that the set top box 305 preferably includes an authentication processor 310 having the authentication module 230 disposed between the receive module 205 and the request module 215. The operation of the set top box 305 depicted in Fig. 3 is substantially the same as the operation of the set top box 125 depicted in Fig. 2, except for the following differences.

The receive module 205 sends the authentication request 120 to the authentication module 230. The authentication module 230 authenticates the authentication request 120, producing an authenticated authentication request 320.

The authentication module 230 sends the authenticated authentication request 320 to the request module 215.

The request module 215 sends the authenticated authentication request 320 to the smart card 130 via the smart card I/O port 220 and the smart card receptacle 129.

The smart card 130 performs a second authentication on the authenticated authentication request 320, producing a twice-authenticated authentication request 330.

The twice-authenticated authentication request 330 is transferred back to the device 105 similarly to the preferred method described with reference to Fig. 2, that is, the smart card 130 sends the twice-authenticated authentication

^• request 330 back to the smart card I/O port 220, the smart card I/O port sends the

twice-authenticated authentication request 330 to the transfer module 225, the transfer module 225 sends the twice-authenticated authentication request 330 to the device I/O port 200, and the device I/O port 200 sends the twice-authenticated authentication request 330 to the device 105 via the home network 110 (Fig. 1). Reference is now made to Fig. 4 which is a simplified flowchart illustration of a preferred method for providing authentication by the system of Fig. 1. The method of Fig. 4 is self-explanatory in light of the above discussion of Figs. 1 - 3.

It is appreciated that various features of the invention which are, for clarity, described in the contexts of separate embodiments may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, described in the context of a single embodiment may also be provided separately or in any suitable sub-combination.

It will be appreciated by persons skilled in the art that the present invention is not limited by what has been particularly shown and described hereinabove. Rather the scope of the invention is defined only by the claims which follow: