Technique for securely communicating and storing programming material in a trusted domain
First Claim
1. Apparatus in a network to securely transmit content to a device in the network, said apparatus comprising:
- an interface configured to enable data communication with said network;
a memory comprising a desired encrypted content file;
a processor configured to execute at least one computer program, said at least one computer program comprising a plurality of instructions which are configured to, when executed, cause said apparatus to;
receive from said device a request for a copy of said desired encrypted content file and a public key of said device, said device and said apparatus both being associated with a same subscriber of the network, said copy of said desired encrypted content file originating from said apparatus, said request for said copy comprising said public key of said device;
retrieve a first encrypted content key from said memory of said apparatus;
retrieve, from said memory of said apparatus, a private key associated with said subscriber of both said apparatus and said device;
decrypt said first encrypted content key using said private key to reveal a decrypted content key;
encrypt said decrypted content key with said public key of said device to form a second encrypted content key; and
transmit said second encrypted content key and said copy of said encrypted content file to said device.
3 Assignments
0 Petitions
Accused Products
Abstract
A “trusted domain” is established within which content received from a communications network, e.g., a cable TV network, is protected from unauthorized copying thereof, in accordance with the invention. In an illustrative embodiment, the trusted domain includes a device associated with a user which receives content from the cable TV network. The content may be encrypted using a content key in accordance, e.g., with a 3DES encryption algorithm before it is stored in the device. In addition, a first encrypted content key version and a second encrypted content key version are generated by respectively encrypting the content key with a public key associated with the device and another public key associated with the user, in accordance with public key cryptography. The first and second encrypted content key versions are stored in association with the encrypted content in the device storage. The encrypted content can be migrated from a first device to a second device, and can be decrypted in the second device in the second device is associated with the same user, and also provided with the second encrypted content key version.
428 Citations
20 Claims
-
1. Apparatus in a network to securely transmit content to a device in the network, said apparatus comprising:
-
an interface configured to enable data communication with said network; a memory comprising a desired encrypted content file; a processor configured to execute at least one computer program, said at least one computer program comprising a plurality of instructions which are configured to, when executed, cause said apparatus to; receive from said device a request for a copy of said desired encrypted content file and a public key of said device, said device and said apparatus both being associated with a same subscriber of the network, said copy of said desired encrypted content file originating from said apparatus, said request for said copy comprising said public key of said device; retrieve a first encrypted content key from said memory of said apparatus; retrieve, from said memory of said apparatus, a private key associated with said subscriber of both said apparatus and said device; decrypt said first encrypted content key using said private key to reveal a decrypted content key; encrypt said decrypted content key with said public key of said device to form a second encrypted content key; and transmit said second encrypted content key and said copy of said encrypted content file to said device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for use in an apparatus for enabling decryption of encrypted content in a device remote from said apparatus, said encrypted content in said device being decrypted using a content key, said method comprising:
-
receiving from said device a first encrypted content key, said device residing in a network in which said apparatus resides, said device and said apparatus being associated with a common user of the network; causing said apparatus to search a database on said apparatus for a first cryptographic element which is associated with said user common to both said device and said apparatus; using said first cryptographic element associated with said user common to both said device and said apparatus from said database on said apparatus to decrypt said first encrypted content key received from said device, thereby recovering said content key; using a second cryptographic element which is associated with said device to encrypt said recovered content key, thereby generating a second encrypted content key; and providing said second encrypted content key to said device where said content key is recoverable based on a third encrypted content key associated with said device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable apparatus comprising media configured to store a computer program thereon, said computer program comprising a plurality of instructions which are configured to, when executed by a processor apparatus, cause a first client device to:
-
receive, from a second client device in network data communication with the first client device, a first encrypted content key and a data structure that identifies said second client device; based at least on said data structure that identifies said second client device, cause retrieval of a database for a first cryptographic element which is associated with a user of said first client device and of said second client device; use said first cryptographic element associated with the user of said first and second client devices to decrypt said first encrypted content key, and thereby recover a content key configured to decrypt said encrypted content; use a second cryptographic element which is associated with said second client device to encrypt said recovered content key, and thereby generate a second encrypted content key; and provide said second encrypted content key to said second client device, wherein said content key is recoverable by said second client based on at least said second encrypted content key. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification