Secure content distribution system
First Claim
1. A computer-implemented method for securely distributing content of a content provider by a distribution server, comprising the steps of:
- receiving, by a distribution server, a user selection of content, wherein the user selection of content is stored as encrypted content in a database accessible by a host processor of the distribution server, wherein the encrypted content is encrypted using an encryption key, and wherein the encryption key is stored in encrypted form in a protected storage area of the database and is not exposed to the host processor;
creating an authenticated communication channel over a network between a remote server and an decryption process executed by the distribution server in isolation from the host processor, the decryption process having access to the protected storage area;
receiving a protected storage area encryption key from the remote server via the authenticated communication channel; and
using the decryption process to decrypt the encryption key using a protected storage area key, decrypt a portion of the encrypted content corresponding to the user selection of content using the decrypted encryption key, and provide the decrypted portion of the content to the host processor, wherein the decrypted encryption key remains in the protected storage area isolated from the host processor.
5 Assignments
0 Petitions
Accused Products
Abstract
A user selection of one or more of a plurality of content is received. The selected content is encrypted by a first encryption key that is remote and unknown to the distribution server. Payment information associated with the user selection is also received and verified. The selected content from is retrieved from a remote database. The first encryption key corresponding to the selected content to decrypt the encrypted content corresponding to the user selection is obtained. Decryption is performed by a hardware-based engine of the distribution server that is isolated from a host processor of the distribution server. The content corresponding to the user selection is encrypted according to a second encryption key that is known to the distribution server.
40 Citations
20 Claims
-
1. A computer-implemented method for securely distributing content of a content provider by a distribution server, comprising the steps of:
-
receiving, by a distribution server, a user selection of content, wherein the user selection of content is stored as encrypted content in a database accessible by a host processor of the distribution server, wherein the encrypted content is encrypted using an encryption key, and wherein the encryption key is stored in encrypted form in a protected storage area of the database and is not exposed to the host processor; creating an authenticated communication channel over a network between a remote server and an decryption process executed by the distribution server in isolation from the host processor, the decryption process having access to the protected storage area; receiving a protected storage area encryption key from the remote server via the authenticated communication channel; and using the decryption process to decrypt the encryption key using a protected storage area key, decrypt a portion of the encrypted content corresponding to the user selection of content using the decrypted encryption key, and provide the decrypted portion of the content to the host processor, wherein the decrypted encryption key remains in the protected storage area isolated from the host processor. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A distribution server comprising:
-
a host processor implemented using at least one hardware device; and a non-transitory computer-readable medium communicatively coupled to the host processor, wherein the host processor is configured for executing instructions stored in the non-transitory computer-readable medium and thereby performing operations comprising; receiving, by a distribution server, a user selection of content, wherein the user selection of content is stored as encrypted content in a database accessible by a host processor of the distribution server, wherein the encrypted content is encrypted using an encryption key, and wherein the encryption key is stored in encrypted form in a protected storage area of the database and is not exposed to the host processor; creating an authenticated communication channel over a network between a remote server and an decryption process executed by the distribution server in isolation from the host processor, the decryption process having access to the protected storage area; receiving a protected storage area encryption key from the remote server via the authenticated communication channel; and using the decryption process to decrypt the encryption key using a protected storage area key, decrypt a portion of the encrypted content corresponding to the user selection of content using the decrypted encryption key, and provide the decrypted portion of the content to the host processor, wherein the decrypted encryption key remains in the protected storage area isolated from the host processor. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium storing instructions that, when executed by a host processor of a distribution server, wherein the host processor is implemented via a hardware device, cause the distribution server to perform a computer-implemented method for distributing content of a content provider, the method comprising:
-
receiving, by a distribution server, a user selection of content, wherein the user selection of content is stored as encrypted content in a database accessible by a host processor of the distribution server, wherein the encrypted content is encrypted using an encryption key, and wherein the encryption key is stored in encrypted form in a protected storage area of the database and is not exposed to the host processor; creating an authenticated communication channel over a network between a remote server and an decryption process executed by the distribution server in isolation from the host processor, the decryption process having access to the protected storage area; receiving a protected storage area encryption key from the remote server via the authenticated communication channel; and using the decryption process to decrypt the encryption key using a protected storage area key, decrypt a portion of the encrypted content corresponding to the user selection of content using the decrypted encryption key, and provide the decrypted portion of the content to the host processor, wherein the decrypted encryption key remains in the protected storage area isolated from the host processor. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification