Patents by Inventor Lawrence W. Tang
Lawrence W. Tang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11671279Abstract: The various examples are directed to establishing a secure session between a device and a server. The device and the server may establish a session key. The session key may be used for encrypting data. After authenticating the session key, the server may transmit secure session data to the device, and the device may store the secure session data. The server may transmit information for deriving, based on secure session data, the session key to a different server. The device may transmit the secure session data to the server, or to the different server, to re-establish the secure session. The different server may derive, using the information and based on the secure session data, the session key. The different server may re-establish, using the session key, the secure session.Type: GrantFiled: July 25, 2022Date of Patent: June 6, 2023Assignee: Combined Conditional Access Development And Support, LLCInventor: Lawrence W. Tang
-
Publication number: 20220360468Abstract: The various examples are directed to establishing a secure session between a device and a server. The device and the server may establish a session key. The session key may be used for encrypting data. After authenticating the session key, the server may transmit secure session data to the device, and the device may store the secure session data. The server may transmit information for deriving, based on secure session data, the session key to a different server. The device may transmit the secure session data to the server, or to the different server, to re-establish the secure session. The different server may derive, using the information and based on the secure session data, the session key. The different server may re-establish, using the session key, the secure session.Type: ApplicationFiled: July 25, 2022Publication date: November 10, 2022Inventor: Lawrence W. Tang
-
Patent number: 11418364Abstract: The various examples are directed to establishing a secure session between a device and a server. The device and the server may establish a session key. The session key may be used for encrypting data. After authenticating the session key, the server may transmit secure session data to the device, and the device may store the secure session data. The server may transmit information for deriving, based on secure session data, the session key to a different server. The device may transmit the secure session data to the server, or to the different server, to re-establish the secure session. The different server may derive, using the information and based on the secure session data, the session key. The different server may re-establish, using the session key, the secure session.Type: GrantFiled: June 7, 2017Date of Patent: August 16, 2022Assignee: Combined Conditional Access Development And Support, LLCInventor: Lawrence W. Tang
-
Patent number: 11115201Abstract: An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.Type: GrantFiled: June 19, 2014Date of Patent: September 7, 2021Assignee: Combined Conditional Access Development And Support, LLCInventors: Lawrence W. Tang, Douglas M. Petty, Michael T. Habrat
-
Publication number: 20210160088Abstract: Methods for system component pairing and authentication are described. A challenge message is transmitted to a device. A reply message is received from the device in response to the challenge message. A length of time between transmitting the challenge message and receiving the reply message is determined. The length of time between transmitting the challenge message and receiving the reply message is compared to an expected time. Whether the reply message was received from the device is determined based on the comparing the length of time to the expected time. Communication is enabled with the device based on the determining that the reply message was received from the device.Type: ApplicationFiled: February 6, 2021Publication date: May 27, 2021Inventors: Lawrence W. Tang, Douglas M. Petty
-
Patent number: 10944579Abstract: Methods for system component pairing and authentication are described. A first system component may pair with a second system component in response to receiving a unique identifier from the second system component. The first system component may store the received unique identifier and, thereafter, may authenticate that it is, in fact, communicating with the second system component. The first component may communicate a challenge message directed to the second system component and if the contents of the reply message and the time taken to receive the reply message do not correspond to expected values, the first component may determine that it may not be communicating with the intended second component and may cease communications with the second component.Type: GrantFiled: May 26, 2017Date of Patent: March 9, 2021Assignee: Combined Conditional Access Development and Support, LLCInventors: Lawrence W. Tang, Douglas M. Petty
-
Publication number: 20180357432Abstract: The various examples are directed to establishing a secure session between a device and a server. The device and the server may establish a session key. The session key may be used for encrypting data. After authenticating the session key, the server may transmit secure session data to the device, and the device may store the secure session data. The server may transmit information for deriving, based on secure session data, the session key to a different server. The device may transmit the secure session data to the server, or to the different server, to re-establish the secure session. The different server may derive, using the information and based on the secure session data, the session key. The different server may re-establish, using the session key, the secure session.Type: ApplicationFiled: June 7, 2017Publication date: December 13, 2018Inventor: Lawrence W. Tang
-
Publication number: 20180343250Abstract: Methods for system component pairing and authentication are described. A first system component may pair with a second system component in response to receiving a unique identifier from the second system component. The first system component may store the received unique identifier and, thereafter, may authenticate that it is, in fact, communicating with the second system component. The first component may communicate a challenge message directed to the second system component and if the contents of the reply message and the time taken to receive the reply message do not correspond to expected values, the first component may determine that it may not be communicating with the intended second component and may cease communications with the second component.Type: ApplicationFiled: May 26, 2017Publication date: November 29, 2018Inventors: Lawrence W. Tang, JR., Douglas M. Petty
-
Patent number: 8958550Abstract: An apparatus, method, system and computer-readable medium are provided for preserving an encryption of data when confronted by an attack, such as a side channel analysis (SCA) attack based on a statistical analysis. In some embodiments, hardware, software, and/or firmware associated with an encryption calculation may be exercised or accessed during a background operation when an actual or real operation is not taking place. During the background operation, dummy values for data and one or more keys may be input to the hardware. A switching between the real operation and the background operation may take place seamlessly such that measurement of a physical characteristic associated with the hardware is indistinguishable in terms of when the real and background operations are active. In this manner, the secrecy of a key used in connection with the real operation may be preserved.Type: GrantFiled: September 13, 2011Date of Patent: February 17, 2015Assignee: Combined Conditional Access Development & Support. LLC (CCAD)Inventors: Lawrence W. Tang, An Tonthat
-
Publication number: 20140376718Abstract: An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.Type: ApplicationFiled: June 19, 2014Publication date: December 25, 2014Inventors: Lawrence W. Tang, Douglas M. Petty, Michael T. Habrat
-
Patent number: 8792637Abstract: An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.Type: GrantFiled: November 22, 2011Date of Patent: July 29, 2014Assignee: Combined Conditional Access Development & Support, LLCInventors: Lawrence W Tang, Douglas M Petty, Michael T Habrat
-
Publication number: 20130129086Abstract: An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.Type: ApplicationFiled: November 22, 2011Publication date: May 23, 2013Applicant: COMBINED CONDITIONAL ACCESS DEVELOPMENT AND SUPPORT, LLC.Inventors: Lawrence W. Tang, Douglas M. Petty, Michael T. Habrat
-
Publication number: 20130064362Abstract: An apparatus, method, system and computer-readable medium are provided for preserving an encryption of data when confronted by an attack, such as a side channel analysis (SCA) attack based on a statistical analysis. In some embodiments, hardware, software, and/or firmware associated with an encryption calculation may be exercised or accessed during a background operation when an actual or real operation is not taking place. During the background operation, dummy values for data and one or more keys may be input to the hardware. A switching between the real operation and the background operation may take place seamlessly such that measurement of a physical characteristic associated with the hardware is indistinguishable in terms of when the real and background operations are active. In this manner, the secrecy of a key used in connection with the real operation may be preserved.Type: ApplicationFiled: September 13, 2011Publication date: March 14, 2013Applicant: COMCAST CABLE COMMUNICATIONS, LLCInventors: Lawrence W. Tang, An Tonthat
-
Patent number: 8385555Abstract: A content delivery network and method employing a Downloadable Conditional Access System (“DCAS”) includes first and second personalization servers. A unit key list having unique keys is segmented into different blocks. Each block is encrypted with a separate transmission key corresponding to that block such that first and second blocks are respectively encrypted with first and second transmission keys. The encrypted blocks are communicated to the personalization servers. The first transmission key is communicated to the first personalization server without being communicated to another personalization server such that the first server can decrypt the first block using the first transmission key to access the keys of the first block. The second transmission key is communicated to the second personalization server without being communicated to another personalization server such that the second server can decrypt the second block using the second transmission key to access the keys of the second block.Type: GrantFiled: December 10, 2008Date of Patent: February 26, 2013Assignee: Combined Conditional Access Development and Support, LLC.Inventors: Lawrence W. Tang, Eric E. Berry
-
Patent number: 8156560Abstract: The present invention discloses an apparatus and method for defining and enforcing rules of transition between two security domains, e.g., a transport domain and a persistent security domain. In turn, a border guard, e.g., a security device, is provided between these two domains that enforce rules for transition between the two security domains. This novel approach of defining a transport domain and a persistent security domain simplifies the classification of the digital content and its movement through the system. Namely, the border guard once established between the two systems can enforce DRM rules associated with how contents are moved between the two domains.Type: GrantFiled: December 30, 2004Date of Patent: April 10, 2012Assignee: General Instrument CorporationInventors: John I. Okimoto, Bridget D. Kimball, Annie O. Chen, Michael T. Habrat, Douglas M. Petty, Eric Sprunk, Lawrence W. Tang
-
Patent number: 7929483Abstract: The present invention discloses a system and method for providing a secured system time reference to a subscriber device, e.g., a set top box or a receiver. In one embodiment, the system time reference is provided in a secure system time message that is broadcasted to a plurality of subscriber devices. Each subscriber device has a security device or software application that is capable of determining whether the received system time reference is legitimate. If the system time reference is determined to be legitimate, a local time reference is synchronized with said received system time reference.Type: GrantFiled: December 30, 2004Date of Patent: April 19, 2011Assignee: General Instrument CorporationInventors: Bridget D. Kimball, Michael T. Habrat, John I. Okimoto, Douglas M. Petty, Eric J. Sprunk, Lawrence W. Tang
-
Patent number: 7764793Abstract: According to one embodiment of the invention a system is utilized to leverage the security arrangement between a first and second device to establish a secure link between the first device and a third device. One embodiment of the invention is particularly suitable for loading security data on a set top box, such as that utilized in the cable television industry.Type: GrantFiled: October 20, 2005Date of Patent: July 27, 2010Assignee: General Instrument CorporationInventors: Xin Qiu, Bridget D. Kimball, Eric J. Sprunk, Lawrence W. Tang
-
Publication number: 20100142712Abstract: A content delivery network and method employing a Downloadable Conditional Access System (“DCAS”) includes first and second personalization servers. A unit key list having unique keys is segmented into different blocks. Each block is encrypted with a separate transmission key corresponding to that block such that first and second blocks are respectively encrypted with first and second transmission keys. The encrypted blocks are communicated to the personalization servers. The first transmission key is communicated to the first personalization server without being communicated to another personalization server such that the first server can decrypt the first block using the first transmission key to access the keys of the first block. The second transmission key is communicated to the second personalization server without being communicated to another personalization server such that the second server can decrypt the second block using the second transmission key to access the keys of the second block.Type: ApplicationFiled: December 10, 2008Publication date: June 10, 2010Applicant: COMCAST CABLE HOLDINGS, LLCInventors: Lawrence W. Tang, Eric E. Berry
-
Patent number: 7305555Abstract: A system is described for uniquely mating components of a communication network such as a smartcard and a set-top box. When mated, the smartcard and set-top box are tied together and have a single identity. Further, the smartcard operates properly only when inserted into an authorized set-top box. Exchanges of information between both components are secured by encryption and authentication to guard against piracy of the exchanged information. The system provides the same authentication key to the set-top box and the smartcard. This key is used for authenticating communication between the set-top box and the smartcard. First, the authentication key is encrypted by a set-top box mating key. The set-top box employs this mating key to decrypt the authentication key. After it is derived, the authentication key is stored in the set-top box's memory. Further, the same authentication key is encrypted by a smartcard mating key.Type: GrantFiled: March 27, 2002Date of Patent: December 4, 2007Assignee: General Instrument CorporationInventors: John I. Okimoto, Eric J. Sprunk, Lawrence W. Tang, Annie On-yee Chen, Bridget Kimball, Douglas Petty
-
Patent number: 7257227Abstract: A method for forwarding messages containing cryptographic keys from a conditional access system that controls a population of set-top boxes to an encryption renewal system. The method includes storing a fictitious address of a virtual set-top box; generating a message based on the fictitious address, the message containing a cryptographic key; and forwarding the message to the fictitious address of the virtual set-top box. The encryption renewal system has information regarding the virtual set-top box, and is the recipient of the message. In addition, the encryption renewal system is for controlling access to pre-encrypted content generated by an encryption device.Type: GrantFiled: July 3, 2001Date of Patent: August 14, 2007Assignee: General Instrument CorporationInventors: Annie On-yee Chen, Lawrence W. Tang, Akiko Wakabayashi