Method and apparatus for building a hardware root of trust and providing protected content processing within an open computing platform

US 10,582,256 B2
Filed: 05/31/2018
Issued: 03/03/2020
Est. Priority Date: 01/05/2011
Status: Active Grant

First Claim

Patent Images

1. A client computing system comprising:

a media browser to receive a playback request of requested content from a user;

one or more processor cores, at least one of the one or more processor cores to execute a media player application,the media player application to obtain encrypted content corresponding to the requested content from a service provider server coupled to the client computing system over a network,wherein the encrypted content includes a plurality of encrypted slices and a plurality of non-encrypted headers corresponding to the plurality of encrypted slices; and

a security processor to;

provide attestation and key management operations;

provide a hardware-based root of trust between the client computing system and the service provider server;

obtain an encryption key associated with the encrypted content from the service provider server for decryption of the encrypted content; and

decrypt the encrypted content including the plurality of encrypted slices; and

a graphics engine to;

decode each of the plurality of slices to generate a corresponding plurality of decoded slices;

re-encrypt the plurality of decrypted slices to generate corresponding re-encrypted content; and

pass the re-encrypted content to a display over a protected display interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system architecture provides a hardware-based root of trust solution for supporting distribution and playback of premium digital content. In an embodiment, hardware root of trust for digital content and services is a solution where the basis of trust for security purposes is rooted in hardware and firmware mechanisms in a client computing system, rather than in software. From this root of trust, the client computing system constructs an entire media processing pipeline that is protected for content authorization and playback. In embodiments of the present invention, the security of the client computing system for content processing is not dependent on the operating system (OS), basic input/output system (BIOS), media player application, or other host software.

Citations

18 Claims

1. A client computing system comprising:
- a media browser to receive a playback request of requested content from a user;
  
  one or more processor cores, at least one of the one or more processor cores to execute a media player application,the media player application to obtain encrypted content corresponding to the requested content from a service provider server coupled to the client computing system over a network,wherein the encrypted content includes a plurality of encrypted slices and a plurality of non-encrypted headers corresponding to the plurality of encrypted slices; and
  
  a security processor to;
  
  provide attestation and key management operations;
  
  provide a hardware-based root of trust between the client computing system and the service provider server;
  
  obtain an encryption key associated with the encrypted content from the service provider server for decryption of the encrypted content; and
  
  decrypt the encrypted content including the plurality of encrypted slices; and
  
  a graphics engine to;
  
  decode each of the plurality of slices to generate a corresponding plurality of decoded slices;
  
  re-encrypt the plurality of decrypted slices to generate corresponding re-encrypted content; and
  
  pass the re-encrypted content to a display over a protected display interface.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The client computing system of claim 1, wherein the graphics engine is configured to receive the plurality of slices from the security processor over a hardware protected data path.
  - 3. The client computing system of claim 2, wherein the hardware protected data path comprises a Direct Media Interface (DMI) link.
  - 4. The client computing system of claim 1, wherein to re-encrypt each of the plurality of decrypted slices comprises to encrypt the plurality of decrypted slices with High-Bandwidth Digital Content Protection (HDCP).
  - 5. The client computing system of claim 1, wherein operation of the security processor is controlled by hardware and firmware.
  - 6. The client computing system of claim 1, wherein the protected display interface comprises a protected wireless display (WiDi) link.

7. A method comprising:
- receiving, by a media browser of a client computing system, a playback request of requested content from a user;
  
  obtaining, by a media player application executed on one or more processor cores of the client computing system, encrypted content corresponding to the requested content from a service provider server coupled to the client computing system over a network,wherein the encrypted content includes a plurality of encrypted slices and a plurality of non-encrypted headers corresponding to the plurality of encrypted slices;
  
  providing, by a security processor of the client computing system, attestation and key management operations;
  
  providing, by the security processor, a hardware-based root of trust between the client computing system and the service provider server;
  
  obtaining, by the security processor, an encryption key associated with the encrypted content from the service provider server for decryption of the encrypted content;
  
  decrypting, by the security processor, the encrypted content including the plurality of encrypted slices;
  
  decoding, by a graphics engine of the client computing system each of the plurality of slices to generate a corresponding plurality of decoded slices;
  
  re-encrypting, by the graphics engine, the plurality of decrypted slices to generate corresponding re-encrypted content; and
  
  passing, by the graphics engine, the re-encrypted content to a display over a protected display interface.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the graphics engine is configured to receive the plurality of slices from the security processor over a hardware protected data path.
  - 9. The method of claim 8, wherein the hardware protected data path comprises a Direct Media Interface (DMI) link.
  - 10. The method of claim 7, wherein re-encrypting each of the plurality of decrypted slices comprises encrypting the plurality of decrypted slices with High-Bandwidth Digital Content Protection (HDCP).
  - 11. The method of claim 7, wherein operation of the security processor is controlled by hardware and firmware.
  - 12. The method of claim 7, wherein the protected display interface comprises a protected wireless display (WiDi) link.

13. One or more non-transitory computer-readable media comprising a plurality of instructions stored thereon that, when executed, causes a client computing device to:
- receive, by a media browser of the client computing system, a playback request of requested content from a user;
  
  obtain, by a media player application executed on one or more processor cores of the client computing system, encrypted content corresponding to the requested content from a service provider server coupled to the client computing system over a network,wherein the encrypted content includes a plurality of encrypted slices and a plurality of non-encrypted headers corresponding to the plurality of encrypted slices;
  
  provide, by a security processor of the client computing system, attestation and key management operations;
  
  provide, by the security processor, a hardware-based root of trust between the client computing system and the service provider server;
  
  obtain, by the security processor, an encryption key associated with the encrypted content from the service provider server for decryption of the encrypted content;
  
  decrypt, by the security processor, the encrypted content including the plurality of encrypted slices;
  
  decode, by a graphics engine of the client computing system each of the plurality of slices to generate a corresponding plurality of decoded slices;
  
  re-encrypt, by the graphics engine, the plurality of decrypted slices to generate corresponding re-encrypted content; and
  
  pass, by the graphics engine, the re-encrypted content to a display over a protected display interface.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The one or more non-transitory computer-readable media of claim 13, wherein the graphics engine is configured to receive the plurality of slices from the security processor over a hardware protected data path.
  - 15. The one or more non-transitory computer-readable media of claim 14, wherein the hardware protected data path comprises a Direct Media Interface (DMI) link.
  - 16. The one or more non-transitory computer-readable media of claim 13, wherein to re-encrypt each of the plurality of decrypted slices comprises to encrypt the plurality of decrypted slices with High-Bandwidth Digital Content Protection (HDCP).
  - 17. The one or more non-transitory computer-readable media of claim 13, wherein operation of the security processor is controlled by hardware and firmware.
  - 18. The one or more non-transitory computer-readable media of claim 13, wherein the protected display interface comprises a protected wireless display (WiDi) link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Pendakur, Ramesh, Gintz, Walter C., Nemiroff, Daniel, Hazra, Mousumi M.
Primary Examiner(s)
Leung, Robert B

Application Number

US15/994,751
Publication Number

US 20190104338A1
Time in Patent Office

642 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/123   by using dedicated hardware...

G06F 21/72   in cryptographic circuits

H04L 9/3234   involving additional secure...

H04N 21/4181   for conditional access

H04N 21/43635   HDMI

H04N 21/4367   Establishing a secure commu...

H04N 21/4408   involving video stream encr...

H04N 21/63345   by transmitting keys key di...

Method and apparatus for building a hardware root of trust and providing protected content processing within an open computing platform

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for building a hardware root of trust and providing protected content processing within an open computing platform

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links