Secure content distribution system

US 10,181,166 B2
Filed: 03/29/2018
Issued: 01/15/2019
Est. Priority Date: 10/11/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for securely distributing content of a content provider by a distribution server, comprising the steps of:

receiving, by a distribution server, a user selection of content, wherein the user selection of content is stored as encrypted content in a database accessible by a host processor of the distribution server, wherein the encrypted content is encrypted using an encryption key, and wherein the encryption key is stored in encrypted form in a protected storage area of the database and is not exposed to the host processor;

creating an authenticated communication channel over a network between a remote server and an decryption process executed by the distribution server in isolation from the host processor, the decryption process having access to the protected storage area;

receiving a protected storage area encryption key from the remote server via the authenticated communication channel; and

using the decryption process to decrypt the encryption key using a protected storage area key, decrypt a portion of the encrypted content corresponding to the user selection of content using the decrypted encryption key, and provide the decrypted portion of the content to the host processor, wherein the decrypted encryption key remains in the protected storage area isolated from the host processor.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user selection of one or more of a plurality of content is received. The selected content is encrypted by a first encryption key that is remote and unknown to the distribution server. Payment information associated with the user selection is also received and verified. The selected content from is retrieved from a remote database. The first encryption key corresponding to the selected content to decrypt the encrypted content corresponding to the user selection is obtained. Decryption is performed by a hardware-based engine of the distribution server that is isolated from a host processor of the distribution server. The content corresponding to the user selection is encrypted according to a second encryption key that is known to the distribution server.

40 Citations

20 Claims

1. A computer-implemented method for securely distributing content of a content provider by a distribution server, comprising the steps of:
- receiving, by a distribution server, a user selection of content, wherein the user selection of content is stored as encrypted content in a database accessible by a host processor of the distribution server, wherein the encrypted content is encrypted using an encryption key, and wherein the encryption key is stored in encrypted form in a protected storage area of the database and is not exposed to the host processor;
  
  creating an authenticated communication channel over a network between a remote server and an decryption process executed by the distribution server in isolation from the host processor, the decryption process having access to the protected storage area;
  
  receiving a protected storage area encryption key from the remote server via the authenticated communication channel; and
  
  using the decryption process to decrypt the encryption key using a protected storage area key, decrypt a portion of the encrypted content corresponding to the user selection of content using the decrypted encryption key, and provide the decrypted portion of the content to the host processor, wherein the decrypted encryption key remains in the protected storage area isolated from the host processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein creating an authenticated communication channel further comprises:
    - receiving a username and a password for an administrative user; and
      
      authenticating the administrative user with the remote server based on the username and password.
  - 3. The computer-implemented method of claim 1, wherein, in response to receiving the decrypted portion of the content, the host processor (i) writes the decrypted portion of the content to a storage medium or (ii) provides the decrypted portion of the content for download.
  - 4. The computer-implemented method of claim 1, wherein the database from which the distribution server retrieves the encrypted content is a remote database accessible via the network.
  - 5. The computer-implemented method of claim 1, wherein the encryption key is configured in accordance with a first protocol, wherein the method further comprises encrypting the decrypted content using an additional encryption key, and wherein the additional encryption key is known to the host processor and is configured in accordance with a second protocol distinct from the first protocol.
  - 6. The computer-implemented method of claim 5, wherein the first protocol comprises at least one of a Data Encryption Standard or an Advanced Encryption Standard and wherein the second protocol comprises at least one of a Content Scrambling System protocol or a digital rights management protocol.
  - 7. The computer-implemented method of claim 5, wherein the encryption key comprises a Data Encryption Standard key and the additional encryption key comprises an Advanced Encryption Standard key.

8. A distribution server comprising:
- a host processor implemented using at least one hardware device; and
  
  a non-transitory computer-readable medium communicatively coupled to the host processor, wherein the host processor is configured for executing instructions stored in the non-transitory computer-readable medium and thereby performing operations comprising;
  
  receiving, by a distribution server, a user selection of content, wherein the user selection of content is stored as encrypted content in a database accessible by a host processor of the distribution server, wherein the encrypted content is encrypted using an encryption key, and wherein the encryption key is stored in encrypted form in a protected storage area of the database and is not exposed to the host processor;
  
  creating an authenticated communication channel over a network between a remote server and an decryption process executed by the distribution server in isolation from the host processor, the decryption process having access to the protected storage area;
  
  receiving a protected storage area encryption key from the remote server via the authenticated communication channel; and
  
  using the decryption process to decrypt the encryption key using a protected storage area key, decrypt a portion of the encrypted content corresponding to the user selection of content using the decrypted encryption key, and provide the decrypted portion of the content to the host processor, wherein the decrypted encryption key remains in the protected storage area isolated from the host processor.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The distribution server of claim 8, wherein creating an authenticated communication channel further comprises operations for:
    - receiving a username and a password for an administrative user; and
      
      authenticating the administrative user with the remote server based on the username and password.
  - 10. The distribution server of claim 8, the operations further comprising, in response to receiving the decrypted portion of the content, (i) writing the decrypted portion of the content to a storage medium or (ii) providing the decrypted portion of the content for download.
  - 11. The distribution server of claim 8, wherein the database from which the distribution server retrieves the encrypted content is a remote database accessible via the network.
  - 12. The distribution server of claim 8, wherein the encryption key is configured in accordance with a first protocol, the operations further comprise encrypting the decrypted content using an additional encryption key, and wherein the additional encryption key is known to the host processor and is configured in accordance with a second protocol distinct from the first protocol.
  - 13. The distribution server of claim 12, wherein the first protocol comprises at least one of a Data Encryption Standard or an Advanced Encryption Standard and wherein the second protocol comprises at least one of a Content Scrambling System protocol or a digital rights management protocol.
  - 14. The distribution server of claim 12, wherein the encryption key comprises a Data Encryption Standard key and the additional encryption key comprises an Advanced Encryption Standard key.

15. A non-transitory computer readable medium storing instructions that, when executed by a host processor of a distribution server, wherein the host processor is implemented via a hardware device, cause the distribution server to perform a computer-implemented method for distributing content of a content provider, the method comprising:
- receiving, by a distribution server, a user selection of content, wherein the user selection of content is stored as encrypted content in a database accessible by a host processor of the distribution server, wherein the encrypted content is encrypted using an encryption key, and wherein the encryption key is stored in encrypted form in a protected storage area of the database and is not exposed to the host processor;
  
  creating an authenticated communication channel over a network between a remote server and an decryption process executed by the distribution server in isolation from the host processor, the decryption process having access to the protected storage area;
  
  receiving a protected storage area encryption key from the remote server via the authenticated communication channel; and
  
  using the decryption process to decrypt the encryption key using a protected storage area key, decrypt a portion of the encrypted content corresponding to the user selection of content using the decrypted encryption key, and provide the decrypted portion of the content to the host processor, wherein the decrypted encryption key remains in the protected storage area isolated from the host processor.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable medium of claim 15, wherein creating an authenticated communication channel further comprises:
    - receiving a username and a password for an administrative user; and
      
      authenticating the administrative user with the remote server based on the username and password.
  - 17. The non-transitory computer readable medium of claim 15, wherein, in response to receiving the decrypted portion of the content, the host processor (i) writes the decrypted portion of the content to a storage medium or (ii) provides the decrypted portion of the content for download.
  - 18. The non-transitory computer readable medium of claim 15, wherein the database from which the distribution server retrieves the encrypted content is a remote database accessible via the network.
  - 19. The non-transitory computer readable medium of claim 15, wherein the encryption key is configured in accordance with a first protocol, wherein the method further comprises encrypting the decrypted content using an additional encryption key, and wherein the additional encryption key is known to the host processor and is configured in accordance with a second protocol distinct from the first protocol.
  - 20. The non-transitory computer readable medium of claim 19, wherein the first protocol comprises at least one of a Data Encryption Standard or an Advanced Encryption Standard and wherein the second protocol comprises at least one of a Content Scrambling System protocol or a digital rights management protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Blankenbeckler, David L., Almon, Jr., William
Primary Examiner(s)
Getachew, Abiy

Application Number

US15/940,266
Publication Number

US 20180218467A1
Time in Patent Office

292 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06Q 20/3829   involving key management

G06Q 2220/16   Copy protection or prevention

G06Q 50/184   Intellectual property manag...

G11B 20/00086   Circuits for prevention of ...

G11B 20/0021   involving encryption or dec...

G11B 20/00224   wherein the key is obtained...

G11B 20/00253   wherein the key is stored o...

G11B 20/00449   content scrambling system [...

G11B 20/00862   wherein the remote server c...

G11B 20/00869   wherein the remote server c...

G11B 20/10   Digital recording or reprod...

G11B 2220/2541   Blu-ray discs; Blue laser D...

G11B 2220/2562   DVDs [digital versatile dis...

G11B 2220/2579   HD-DVDs [high definition DV...

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 63/0464   using hop-by-hop encryption...

H04L 9/06   the encryption apparatus us...

H04L 9/0625   with splitting of the data ...

H04L 9/0631 : Substitution permutation ne...

H04L 9/0822 : using key encryption key

H04L 9/083 : involving central third par...

H04L 9/32 : including means for verifyi...

View All

Secure content distribution system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Secure content distribution system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others