Data owner restricted secure key distribution
First Claim
Patent Images
1. A content distribution system comprising:
- a data owner device;
a data producer device;
a data consumer device;
a content server; and
a key server;
the data owner device, operated by the data owner, is configured to issue an authentication token to the key server, wherein the authentication token includes one or more restrictions for a data consumer;
the data consumer device, operated by the data consumer, is configured to download encrypted content from the content server, wherein the content server received the encrypted content from the data producer device and not the data owner device;
the key server is configured to (1) receive, from the data producer device, encrypted data associated with at least one key and at least one initialization vector (IV) used to encrypt the content, wherein the content is owned by the data owner, (2) receive a request from the data consumer device for access to key data specific to the content, (3) perform an authentication check with the data consumer device to ensure the one or more restrictions are satisfied, and (4) download the key data to the data consumer device once the one or more restrictions are satisfied;
the data consumer device is further configured to use the key data to decrypt the encrypted content; and
wherein the one or more restrictions include an attestation requirement where a trustworthiness of a trusted execution environment (TEE) of the data consumer device is remotely attested between the key server and the data consumer device as follows;
send, by the key server, an attest X with nonce Y message to the data consumer device, wherein the X is attestation that the data consumer device has the TEE and the Y is a random nonce value, wherein a digest value of X is known by the key server;
retrieve, by the data consumer device, a digest value of X by concatenating X and Y;
sign, by the data consumer device, the digest value of X by using a private key which is only available in the TEE; and
send, by the data consumer device, the digest value of X, the nonce Y, a signature of the data consumer device, and an attestation certificate to the key server.
2 Assignments
0 Petitions
Accused Products
Abstract
A content distribution system is described herein which enables a data owner of content to set one or more restrictions on a data consumer where the one or more restrictions need to be satisfied by a data consumer device before the data consumer has access to the content. In addition, the content distribution system'"'"'s components are described herein which include a data owner device, a key server, a data consumer device, a data producer device, and a content server.
-
Citations
19 Claims
-
1. A content distribution system comprising:
-
a data owner device; a data producer device; a data consumer device; a content server; and a key server; the data owner device, operated by the data owner, is configured to issue an authentication token to the key server, wherein the authentication token includes one or more restrictions for a data consumer; the data consumer device, operated by the data consumer, is configured to download encrypted content from the content server, wherein the content server received the encrypted content from the data producer device and not the data owner device; the key server is configured to (1) receive, from the data producer device, encrypted data associated with at least one key and at least one initialization vector (IV) used to encrypt the content, wherein the content is owned by the data owner, (2) receive a request from the data consumer device for access to key data specific to the content, (3) perform an authentication check with the data consumer device to ensure the one or more restrictions are satisfied, and (4) download the key data to the data consumer device once the one or more restrictions are satisfied; the data consumer device is further configured to use the key data to decrypt the encrypted content; and wherein the one or more restrictions include an attestation requirement where a trustworthiness of a trusted execution environment (TEE) of the data consumer device is remotely attested between the key server and the data consumer device as follows; send, by the key server, an attest X with nonce Y message to the data consumer device, wherein the X is attestation that the data consumer device has the TEE and the Y is a random nonce value, wherein a digest value of X is known by the key server; retrieve, by the data consumer device, a digest value of X by concatenating X and Y; sign, by the data consumer device, the digest value of X by using a private key which is only available in the TEE; and send, by the data consumer device, the digest value of X, the nonce Y, a signature of the data consumer device, and an attestation certificate to the key server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A key server comprising:
-
a processor; and a memory that stores processor-executable instructions, wherein the processor interfaces with the memory to execute the processor-executable instructions, whereby the key server is operable to; receive, from a data owner device operated by a data owner, an authentication token which includes one or more restrictions that need to be satisfied before content is able to be decrypted by a data consumer device, wherein the content is owned by the data owner, and wherein the one or more restrictions are imposed by the data owner; receive, from the data consumer device operated by a data consumer, a request for access to key data specific to the content; perform an authentication check with the data consumer device to ensure the one or more restrictions are satisfied; download the key data to the data consumer device once the one or more restrictions are satisfied during the authentication check, wherein the key data enables decryption of the content by the data consumer device, and wherein the data owner device does not distribute the content to the data consumer device but rather a data producer device distributes the content via a content server to the data consumer device; and wherein the one or more restrictions include an attestation requirement in which the key server is operable to remotely attest a trustworthiness of a trusted execution environment (TEE) in the data consumer device as follows; send, to the data consumer device, an attest X with nonce Y message, wherein the X is attestation that the data consumer device has the TEE and the Y is a random nonce value, wherein a digest value of X is known by the key server; receive, from the data consumer device, the digest value of X, the nonce Y, a signature of the data consumer device, and an attestation certificate. - View Dependent Claims (9, 10, 11)
-
-
12. A method in a key server, the method comprising:
-
receiving, from a data owner device operated by a data owner, an authentication token which includes one or more restrictions that need to be satisfied before content is able to be decrypted by a data consumer device, wherein the content is owned by the data owner and wherein the one or more restrictions are imposed by the data owner; receiving, from the data consumer device operated by a data consumer, a request for access to key data specific to the content; performing an authentication check with the data consumer device to ensure the one or more restrictions are satisfied; downloading the key data to the data consumer device once the one or more restrictions are satisfied during the authentication check, wherein the key data enables decryption of the content by the data consumer device, and wherein the data owner device does not distribute the content to the data consumer device but rather a data producer device distributes the content via a content server to the data consumer device; and wherein the one or more restrictions include an attestation requirement in which the key server is operable to remotely attest a trustworthiness of a trusted execution environment (TEE) in the data consumer device as follows; sending, to the data consumer device, an attest X with nonce Y message, wherein the X is attestation that the data consumer device has the TEE and the Y is a random nonce value, wherein a digest value of X is known by the key server; receiving, from the data consumer device, the digest value of X, the nonce Y, a signature of the data consumer device, and an attestation certificate. - View Dependent Claims (13, 14, 15)
-
-
16. A data consumer device operated by a data consumer and configured to satisfy one or more restrictions imposed by a data owner before being allowed to decrypt encrypted content, the data consumer device comprising:
-
a processor; and a memory that stores processor-executable instructions, wherein the processor interfaces with the memory to execute the processor-executable instructions, whereby the data consumer device is operable to; download, from a content server, encrypted content, wherein the encrypted content is owned by a data owner that operates a data owner device, and wherein the content server received the encrypted content from a data producer device and not the data owner device; send, to a key server, a request for access to key data specific to the content; perform, with the key server, an authentication check to ensure the one or more restrictions are satisfied, wherein the one or more restrictions have been set by the data owner; download, from the key server, the key data once the one or more restrictions are satisfied; use the key data to decrypt the encrypted content; and wherein the one or more restrictions include an attestation requirement where the data consumer device is operable to remotely attest a trustworthiness of a trusted execution environment (TEE) in the data consumer device as follows; receive, from the key server, an attest X with nonce Y message, wherein the X is attestation that the data consumer device has the TEE and the Y is a random nonce value; retrieve a digest value of X by concatenating X and Y; sign the digest value of X by using a private key which is only available in the TEE; and send, to the key server, the digest value of X, the nonce Y, a signature of the data consumer device, and an attestation certificate. - View Dependent Claims (17)
-
-
18. A method in a data consumer device operated by a data consumer and configured to satisfy one or more restrictions imposed by a data owner before being allowed to decrypt encrypted content, the method comprising:
-
downloading, from a content server, encrypted content, wherein the encrypted content is owned by a data owner that operates a data owner device, and wherein the content server received the encrypted content from a data producer device and not the data owner device; sending, to a key server, a request for access to key data specific to the content; performing, with the key server, an authentication check to ensure the one or more restrictions are satisfied, wherein the one or more restrictions have been set by the data owner; downloading, from the key server, the key data once the one or more restrictions are satisfied; using the key data to decrypt the encrypted content; and wherein the one or more restrictions include an attestation requirement where the data consumer device is operable to remotely attest a trustworthiness of a trusted execution environment (TEE) in the data consumer device as follows; receiving, from the key server, an attest X with nonce Y message, wherein the X is attestation that the data consumer device has the TEE and the Y is a random nonce value; retrieving a digest value of X by concatenating X and Y; signing the digest value of X by using a private key which is only available in the TEE; and sending, to the key server, the digest value of X, the nonce Y, a signature of the data consumer device, and an attestation certificate. - View Dependent Claims (19)
-
Specification