Technique for securely communicating and storing programming material in a trusted domain

US 10,178,072 B2
Filed: 07/02/2015
Issued: 01/08/2019
Est. Priority Date: 07/20/2004
Status: Active Grant

First Claim

Patent Images

1. Apparatus in a network to securely transmit content to a device in the network, said apparatus comprising:

an interface configured to enable data communication with said network;

a memory comprising a desired encrypted content file;

a processor configured to execute at least one computer program, said at least one computer program comprising a plurality of instructions which are configured to, when executed, cause said apparatus to;

receive from said device a request for a copy of said desired encrypted content file and a public key of said device, said device and said apparatus both being associated with a same subscriber of the network, said copy of said desired encrypted content file originating from said apparatus, said request for said copy comprising said public key of said device;

retrieve a first encrypted content key from said memory of said apparatus;

retrieve, from said memory of said apparatus, a private key associated with said subscriber of both said apparatus and said device;

decrypt said first encrypted content key using said private key to reveal a decrypted content key;

encrypt said decrypted content key with said public key of said device to form a second encrypted content key; and

transmit said second encrypted content key and said copy of said encrypted content file to said device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A “trusted domain” is established within which content received from a communications network, e.g., a cable TV network, is protected from unauthorized copying thereof, in accordance with the invention. In an illustrative embodiment, the trusted domain includes a device associated with a user which receives content from the cable TV network. The content may be encrypted using a content key in accordance, e.g., with a 3DES encryption algorithm before it is stored in the device. In addition, a first encrypted content key version and a second encrypted content key version are generated by respectively encrypting the content key with a public key associated with the device and another public key associated with the user, in accordance with public key cryptography. The first and second encrypted content key versions are stored in association with the encrypted content in the device storage. The encrypted content can be migrated from a first device to a second device, and can be decrypted in the second device in the second device is associated with the same user, and also provided with the second encrypted content key version.

428 Citations

20 Claims

1. Apparatus in a network to securely transmit content to a device in the network, said apparatus comprising:
- an interface configured to enable data communication with said network;
  
  a memory comprising a desired encrypted content file;
  
  a processor configured to execute at least one computer program, said at least one computer program comprising a plurality of instructions which are configured to, when executed, cause said apparatus to;
  
  receive from said device a request for a copy of said desired encrypted content file and a public key of said device, said device and said apparatus both being associated with a same subscriber of the network, said copy of said desired encrypted content file originating from said apparatus, said request for said copy comprising said public key of said device;
  
  retrieve a first encrypted content key from said memory of said apparatus;
  
  retrieve, from said memory of said apparatus, a private key associated with said subscriber of both said apparatus and said device;
  
  decrypt said first encrypted content key using said private key to reveal a decrypted content key;
  
  encrypt said decrypted content key with said public key of said device to form a second encrypted content key; and
  
  transmit said second encrypted content key and said copy of said encrypted content file to said device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1 wherein said network comprises a home network within a home of said subscriber.
  - 3. The apparatus of claim 1 wherein said plurality of instructions are further configured to, when executed, cause said apparatus to, in response to said request, identify said encrypted content file in said memory.
  - 4. The apparatus of claim 1 wherein said device is configured to receive said second encrypted content key, and decrypt said received second encrypted content key with a second private key associated with said device to form said decrypted content key.
  - 5. The apparatus of claim 4 wherein said decrypted content key is configured to decrypt said encrypted content file.
  - 6. The apparatus of claim 5 wherein:
    - said encrypted content file is encrypted via a symmetrical cipher technique;
      
      said decrypted content key comprises a key of said symmetrical cipher technique; and
      
      said public key and said second private key comprises a public-private key pair according to a public key encryption technique.
  - 7. The apparatus of claim 1, wherein said plurality of instructions are further configured to, when executed, cause said apparatus to:
    - enable said device to decrypt said copy of said encrypted content file using the second encrypted content key encrypted with said public key of said device; and
      
      enable said subscriber associated with said apparatus and said device to consume, via said device, said decrypted copy of said content file.

8. A method for use in an apparatus for enabling decryption of encrypted content in a device remote from said apparatus, said encrypted content in said device being decrypted using a content key, said method comprising:
- receiving from said device a first encrypted content key, said device residing in a network in which said apparatus resides, said device and said apparatus being associated with a common user of the network;
  
  causing said apparatus to search a database on said apparatus for a first cryptographic element which is associated with said user common to both said device and said apparatus;
  
  using said first cryptographic element associated with said user common to both said device and said apparatus from said database on said apparatus to decrypt said first encrypted content key received from said device, thereby recovering said content key;
  
  using a second cryptographic element which is associated with said device to encrypt said recovered content key, thereby generating a second encrypted content key; and
  
  providing said second encrypted content key to said device where said content key is recoverable based on a third encrypted content key associated with said device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising identifying said first cryptographic element based on data representative of said user of said device and said apparatus.
  - 10. The method of claim 9 wherein said data includes an identity of said user.
  - 11. The method of claim 8 wherein said content key includes a secret key in accordance with a Data Encryption Standard (DES) technique.
  - 12. The method of claim 8 wherein said first cryptographic element includes an encryption key in accordance with a public key algorithm.
  - 13. The method of claim 8 wherein said second cryptographic element includes an encryption key in accordance with a public key algorithm.
  - 14. The method of claim 8 wherein said content comprises a digitally rendered media file that is consumable via said device only after (i) said provision of said second encrypted content key to said device, and (ii) recovery of said content key.

15. A non-transitory computer-readable apparatus comprising media configured to store a computer program thereon, said computer program comprising a plurality of instructions which are configured to, when executed by a processor apparatus, cause a first client device to:
- receive, from a second client device in network data communication with the first client device, a first encrypted content key and a data structure that identifies said second client device;
  
  based at least on said data structure that identifies said second client device, cause retrieval of a database for a first cryptographic element which is associated with a user of said first client device and of said second client device;
  
  use said first cryptographic element associated with the user of said first and second client devices to decrypt said first encrypted content key, and thereby recover a content key configured to decrypt said encrypted content;
  
  use a second cryptographic element which is associated with said second client device to encrypt said recovered content key, and thereby generate a second encrypted content key; and
  
  provide said second encrypted content key to said second client device, wherein said content key is recoverable by said second client based on at least said second encrypted content key.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable apparatus of claim 15, wherein said plurality of instructions are further configured to determine that said device and said user of said device are associated with a shared subscriber account.
  - 17. The computer-readable apparatus of claim 15, wherein said plurality of instructions are further configured to identify said first cryptographic element based on data representative of said user of said first and second client devices.
  - 18. The computer-readable apparatus of claim 17 wherein said data representative of said user includes an identity of said user.
  - 19. The computer-readable apparatus of claim 15 wherein said first cryptographic element includes an encryption key in accordance with a public key algorithm.
  - 20. The computer-readable apparatus of claim 15 wherein:
    - said network data communication comprises data communication over at least a portion of a managed content distribution network; and
      
      said encrypted content comprises programming content, said programming content being configured to be viewable by said user of said first and second client devices based at least on an association of said user and said first and second client devices within a shared subscriber account of said managed content distribution network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Original Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Inventors
Helms, William, Hayashi, Michael T., Leddy, Kevin J., Christman, David A.
Primary Examiner(s)
Gergiso, Techane

Application Number

US14/790,456
Publication Number

US 20160182461A1
Time in Patent Office

1,286 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/0428   wherein the data content is...

H04L 63/045   wherein the sending and rec...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0894   Escrow, recovery or storing...

H04N 21/2347   involving video stream encr...

H04N 21/26613   for generating or managing ...

H04N 21/4405   involving video stream decr...

H04N 21/6334   for authorisation, e.g. by ...

H04N 21/63775   for uploading keys, e.g. fo...

H04N 7/1675   Providing digital key or au...

Technique for securely communicating and storing programming material in a trusted domain

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

428 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Technique for securely communicating and storing programming material in a trusted domain

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

428 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links