Ensuring authenticity in a closed content distribution system

US 10,263,774 B2
Filed: 05/07/2018
Issued: 04/16/2019
Est. Priority Date: 02/07/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method executed by a secure player comprising:

receiving encrypted content comprising a plurality of data portions in an encrypted format, the encrypted content being sent from a content server;

receiving a license package including one or more first cryptographic keys and a plurality of signatures corresponding to the plurality of data portions, the license package being sent from a license server;

performing decryption of the encrypted content using the one or more first cryptographic keys;

verifying validity of the plurality of data portions using the plurality of signatures;

after verifying the validity, generating one or more second cryptographic keys independent of the one or more first cryptographic keys, the one or more second cryptographic keys being unique to the plurality of data portions and the license package;

storing the one or more second cryptographic keys;

performing re-encryption of the encrypted content using the one or more second cryptographic keys to obtain re-encrypted content;

storing the re-encrypted content.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for maintaining encrypted content received over a network in a secure processor without exposing a key used to decrypt the content in the clear is disclosed.

Citations

20 Claims

1. A method executed by a secure player comprising:
- receiving encrypted content comprising a plurality of data portions in an encrypted format, the encrypted content being sent from a content server;
  
  receiving a license package including one or more first cryptographic keys and a plurality of signatures corresponding to the plurality of data portions, the license package being sent from a license server;
  
  performing decryption of the encrypted content using the one or more first cryptographic keys;
  
  verifying validity of the plurality of data portions using the plurality of signatures;
  
  after verifying the validity, generating one or more second cryptographic keys independent of the one or more first cryptographic keys, the one or more second cryptographic keys being unique to the plurality of data portions and the license package;
  
  storing the one or more second cryptographic keys;
  
  performing re-encryption of the encrypted content using the one or more second cryptographic keys to obtain re-encrypted content;
  
  storing the re-encrypted content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the generating the one or more second cryptographic keys comprises generating a plurality of the second cryptographic keys corresponding to the plurality of data portions, respectively, and the performing the re-encryption of the encrypted content comprises performing re-encryption of the encrypted content using the plurality of the second cryptographic keys to obtain the re-encrypted content.
  - 3. The method of claim 1, wherein the one or more second cryptographic keys are stored in secure memory.
  - 4. The method of claim 1, wherein the re-encrypted content is stored in external storage external to the secure player.
  - 5. The method of claim 1, further comprising:
    - generating a third cryptographic key independent of the one or more first cryptographic keys and the one or more second cryptographic keys;
      
      performing encryption of a list of the one or more second cryptographic keys using the third cryptographic key to construct a re-encryption key package;
      
      storing the third cryptographic key in secure memory.
  - 6. The method of claim 1, further comprising:
    - generating a third cryptographic key independent of the one or more first cryptographic keys and the one or more second cryptographic keys;
      
      performing encryption of a list of the one or more second cryptographic keys using the third cryptographic key to construct a re-encryption key package;
      
      storing the re-encryption key package in external storage external to the secure player;
      
      storing the third cryptographic key in secure memory.
  - 7. The method of claim 1, further comprising, after verifying the validity, determining whether or not re-encryption of the encrypted content has been previously performed, wherein the generating the one or more second cryptographic keys is carried out upon determining that re-encryption of the encrypted content has not been previously performed.
  - 8. The method of claim 1, wherein the license package is encrypted using a user-specific encryption key, and the method further comprises performing decryption of the license package using the user-specific encryption key.
  - 9. The method of claim 1, wherein the plurality of data portions comprises a streaming sequence of data portions and is received sequentially by the secure player.
  - 10. The method of claim 1, wherein the license package includes a plurality of licenses corresponding to the plurality of data portions, respectively, and the plurality of licenses is received separately by the secure player.

11. A secure player comprising:
- one or more processors;
  
  memory storing instructions, when executed by the one or more processors, configured to cause the one or more processors to execute a computer-implemented method, the computer-implemented method comprising;
  
  receiving encrypted content comprising a plurality of data portions in an encrypted format, the encrypted content being sent from a content server;
  
  receiving a license package including one or more first cryptographic keys and a plurality of signatures corresponding to the plurality of data portions, the license package being sent from a license server;
  
  performing decryption of the encrypted content using the one or more first cryptographic keys;
  
  verifying validity of the plurality of data portions using the plurality of signatures;
  
  after verifying the validity, generating one or more second cryptographic keys independent of the one or more first cryptographic keys, the one or more second cryptographic keys being unique to the plurality of data portions and the license package;
  
  storing the one or more second cryptographic keys;
  
  performing re-encryption of the encrypted content using the one or more second cryptographic keys to obtain re-encrypted content;
  
  storing the re-encrypted content.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The secure player of claim 11, wherein the generating the one or more second cryptographic keys comprises generating a plurality of the second cryptographic keys corresponding to the plurality of data portions, respectively, and the performing the re-encryption of the encrypted content comprises performing re-encryption of the encrypted content using the plurality of the second cryptographic keys to obtain the re-encrypted content.
  - 13. The secure player of claim 11, wherein the one or more second cryptographic keys are stored in secure memory.
  - 14. The secure player of claim 11, wherein the re-encrypted content is stored in external storage external to the secure player.
  - 15. The secure player of claim 11, wherein the computer-implemented method further comprises:
    - generating a third cryptographic key independent of the one or more first cryptographic keys and the one or more second cryptographic keys;
      
      performing encryption of a list of the one or more second cryptographic keys using the third cryptographic key to construct a re-encryption key package;
      
      storing the third cryptographic key in secure memory.
  - 16. The secure player of claim 11, wherein the computer-implemented method further comprises:
    - generating a third cryptographic key independent of the one or more first cryptographic keys and the one or more second cryptographic keys;
      
      performing encryption of a list of the one or more second cryptographic keys using the third cryptographic key to construct a re-encryption key package;
      
      storing the re-encryption key package in external storage external to the secure player;
      
      storing the third cryptographic key in secure memory.
  - 17. The secure player of claim 11, wherein the computer-implemented method further comprises, after verifying the validity, determining whether or not re-encryption of the encrypted content has been previously performed, wherein the generating the one or more second cryptographic keys is carried out upon determining that re-encryption of the encrypted content has not been previously performed.
  - 18. The secure player of claim 11, wherein the license package is encrypted using a user-specific encryption key, and the method further comprises performing decryption of the license package using the user-specific encryption key.
  - 19. The secure player of claim 11, wherein the plurality of data portions comprises a streaming sequence of data portions and is received sequentially by the secure player.

20. A secure player comprising:
- a means for receiving encrypted content comprising a plurality of data portions in an encrypted format, the encrypted content being sent from a content server;
  
  a means for receiving a license package including one or more first cryptographic keys and a plurality of signatures corresponding to the plurality of data portions, the license package being sent from a license server;
  
  a means for performing decryption of the encrypted content using the one or more first cryptographic keys;
  
  a means for verifying validity of the plurality of data portions using the plurality of signatures;
  
  a means for, after verifying the validity, generating one or more second cryptographic keys independent of the one or more first cryptographic keys, the one or more second cryptographic keys being unique to the plurality of data portions and the license package;
  
  a means for storing the one or more second cryptographic keys;
  
  a means for performing re-encryption of the encrypted content using the one or more second cryptographic keys to obtain re-encrypted content;
  
  a means for storing the re-encrypted content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Acer Cloud Technology, Inc. (Acer, Inc.)
Inventors
Princen, John, Srinivasan, Pramila, Blythe, David, Yen, Wei
Primary Examiner(s)
Williams, Jeffrey L

Application Number

US15/973,449
Publication Number

US 20180254900A1
Time in Patent Office

344 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/1011   to devices

G06F 21/105   Arrangements for software l...

G06F 21/107   License processing; Key pro...

G06F 21/602   Providing cryptographic fac...

G06F 21/78   to assure secure storage of...

G06F 2212/402   Encrypted data

H04L 2209/60   Digital content management,...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/16   the keys or algorithms bein...

H04L 9/3247   involving digital signatures

Ensuring authenticity in a closed content distribution system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Ensuring authenticity in a closed content distribution system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links