Licensable function for securing stored data

US 10,642,962 B2
Filed: 07/28/2015
Issued: 05/05/2020
Est. Priority Date: 07/28/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for enabling a secure electronic data, the method comprising:

defining a first licensee identifier that uniquely identifies a first licensee, the first licensee identifier comprising binary data;

generating a first plurality of instructions for implementing a first cryptographic permutation function at least in part by inputting the first licensee identifier to an instruction-generating algorithm;

providing at least one of the first instructions or a first executable function compiled from source code based on the first instructions to the first licensee for execution on a first device;

defining a second licensee identifier that uniquely identifies a second licensee, the second licensee identifier comprising binary data;

generating a second plurality of instructions for implementing a second cryptographic permutation function at least in part by inputting the second licensee identifier to the instruction-generating algorithm;

providing at least one of the second instructions or a second executable function compiled from source code based on the second instructions to the second licensee for execution on a second device; and

wherein the first cryptographic permutation function is implemented by the first device and the second cryptographic permutation function is implemented by the second device to derive a cryptographic key to decrypt electronic data stored in the first device and accessed at the second device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

For securing content accessed from storage device, the storage device is associated with a licensee identifier. The licensee identifier is provided as input to an algorithm that generates, based on the identifier, a determinate set of instructions for a computer, for example, source code in a coding language, compiled binary code, or pseudo code that is capable of being translated into source code. The code, once compiled to machine-usable form, can be executed by a processor to perform a permutation operation that is unique to the licensee identifier. The output of the permutation operation can be used for protecting data provided by the storage device.

32 Citations

27 Claims

1. A computer-implemented method for enabling a secure electronic data, the method comprising:
- defining a first licensee identifier that uniquely identifies a first licensee, the first licensee identifier comprising binary data;
  
  generating a first plurality of instructions for implementing a first cryptographic permutation function at least in part by inputting the first licensee identifier to an instruction-generating algorithm;
  
  providing at least one of the first instructions or a first executable function compiled from source code based on the first instructions to the first licensee for execution on a first device;
  
  defining a second licensee identifier that uniquely identifies a second licensee, the second licensee identifier comprising binary data;
  
  generating a second plurality of instructions for implementing a second cryptographic permutation function at least in part by inputting the second licensee identifier to the instruction-generating algorithm;
  
  providing at least one of the second instructions or a second executable function compiled from source code based on the second instructions to the second licensee for execution on a second device; and
  
  wherein the first cryptographic permutation function is implemented by the first device and the second cryptographic permutation function is implemented by the second device to derive a cryptographic key to decrypt electronic data stored in the first device and accessed at the second device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein generating the plurality of instructions for implementing the first cryptographic permutation function is based on a pseudorandom byte string, wherein operation of the first cryptographic permutation function when compiled and executed by a processor of the first device is uniquely determined by the pseudorandom byte string.
  - 3. The method of claim 2, wherein the first cryptographic permutation function comprises “
    - Addition, cyclic Rotation and eXclusive or”
      
      (ARX) components.
  - 4. The method of claim 3, wherein values controlling the addition, rotation, and “
    - exclusive or”
      
      ARX components are determined based on the pseudorandom byte string that is, in turn, a pseudorandom function of the first licensee identifier.
  - 5. The method of claim 2, further comprising generating, by a string-generating algorithm, the pseudorandom byte string based on the first licensee identifier, the pseudorandom byte string being unique to the first licensee identifier.
  - 6. The method of claim 5, wherein the string-generating algorithm takes a system key and the first licensee identifier as inputs.
  - 7. The method of claim 2, further comprising recording at least one of the first licensee identifier, the first plurality of instructions, the first executable function, or the pseudorandom byte string in an electronic database, in association with identifying information for the first licensee.
  - 8. The method of claim 1, wherein the first device includes a storage device associated with the first licensee identifier, and the second device includes a player device associated with the second licensee identifier.

9. An apparatus for enabling a secure electronic data, the apparatus comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory holds instructions that when executed by the processor, cause the apparatus to perform;
  
  defining a first licensee identifier that uniquely identifies a first licensee, the first licensee identifier comprising binary data;
  
  generating a first plurality of instructions for implementing a first cryptographic permutation function at least in part by inputting the first licensee identifier to an instruction-generating algorithm;
  
  providing at least one of the first instructions or a first executable function compiled from source code based on the first instructions to the first licensee for execution on a first device;
  
  defining a second licensee identifier that uniquely identifies a second licensee, the second licensee identifier comprising binary data;
  
  generating a second plurality of instructions for implementing a second cryptographic permutation function at least in part by inputting the second licensee identifier to the instruction-generating algorithm;
  
  providing at least one of the second instructions or a second executable function compiled from source code based on the second instructions to the second licensee for execution on a second device; and
  
  wherein the first cryptographic permutation function is implemented by the first device and the second cryptographic permutation function is implemented by the second device to derive a cryptographic key to decrypt electronic data stored in the first device and accessed at the second device.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The apparatus of claim 9, wherein the first plurality of instructions for implementing the first cryptographic permutation function are based on a pseudorandom byte string, wherein operation of the first cryptographic permutation function when compiled and executed by a processor of the first device is uniquely determined by the pseudorandom byte string.
  - 11. The apparatus of claim 10, wherein the first cryptographic permutation function includes “
    - Addition, cyclic Rotation and eXclusive or”
      
      (ARX) components.
  - 12. The apparatus of claim 11, wherein values controlling the addition, rotation, and “
    - exclusive or”
      
      ARX components are determined based on the pseudorandom byte string that is, in turn, a pseudorandom function of the first licensee identifier.
  - 13. The apparatus of claim 10, wherein the pseudorandom byte string is generated by a string-generating algorithm based on the first licensee identifier, the pseudorandom byte string being unique to the first licensee identifier.
  - 14. The apparatus of claim 13, wherein a system key and the first licensee identifier are provided as inputs to the string-generating algorithm.
  - 15. The apparatus of claim 10, wherein the memory holds further instructions for recording at least one of the first licensee identifier, the first plurality of instructions, the first executable function, or the pseudorandom byte string in an electronic database, in association with identifying information for the first licensee.

16. A non-transitory computer-readable medium encoded with instructions that when executed by a processor, cause an apparatus to perform:
- defining a first licensee identifier that uniquely identifies a first licensee, the licensee identifier comprising binary data;
  
  generating a first plurality of instructions for implementing a first cryptographic permutation function at least in part by inputting the first licensee identifier to an instruction-generating algorithm;
  
  providing at least one of the first instructions or a first executable function compiled from source code based on the first instructions to the first licensee for execution on a first device;
  
  defining a second licensee identifier that uniquely identifies a second licensee, the second licensee identifier comprising binary data;
  
  generating a second plurality of instructions for implementing a second cryptographic permutation function at least in part by inputting the second licensee identifier to the instruction-generating algorithm;
  
  providing at least one of the second instructions or a second executable function compiled from source code based on the second instructions to the second licensee for execution on a second device; and
  
  wherein the first cryptographic permutation function is implemented by the first device and the second cryptographic permutation function is implemented by the second device to derive a cryptographic key to decrypt electronic data stored in the first device and accessed at the second device.

17. An apparatus for enabling a secure electronic data, the apparatus comprising:
- means for defining a first licensee identifier that uniquely identifies a first licensee, the first licensee identifier comprising binary data;
  
  means for generating a first plurality of instructions for implementing a first cryptographic permutation function at least in part by inputting the first licensee identifier to an instruction-generating algorithm;
  
  means for providing at least one of the first instructions or a first executable function compiled from source code based on the first instructions to the first licensee for execution on a first device;
  
  means for defining a second licensee identifier that uniquely identifies a second licensee, the second licensee identifier comprising binary data;
  
  means for generating a second plurality of instructions for implementing a second cryptographic permutation function at least in part by inputting the second licensee identifier to the instruction-generating algorithm;
  
  means for providing at least one of the second instructions or a second executable function compiled from source code based on the second instructions to the second licensee for execution on a second device; and
  
  wherein the first cryptographic permutation function is implemented by the first device and the second cryptographic permutation function is implemented by the second device to derive a cryptographic key to decrypt electronic data stored in the first device and accessed at the second device.

18. A computer-implemented method for protecting content, the method comprising:
- storing, by a first hardware processor, content that has been protected using a cryptographic key;
  
  transforming, by the first hardware processor, a first binary data string using a first cryptographic permutation algorithm to generate an output, the first cryptographic permutation algorithm comprising permutation operations that are defined at least in part by a first unique licensee identifier of the first hardware processor;
  
  providing the output to a second hardware processor, wherein the output is used by the second hardware processor to obtain the cryptographic key by transforming a second binary data string using a second cryptographic permutation algorithm comprising permutation operations that are defined at least in part by a second unique identifier for multiple devices including the second hardware processor; and
  
  sending the content that is protected by the cryptographic key to the second hardware processor.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18, wherein the first cryptographic permutation algorithm comprises “
    - Addition, cyclic Rotation and eXclusive or”
      
      (ARX) components.
  - 20. The method of claim 19, wherein values controlling the addition, rotation, and “
    - exclusive or”
      
      ARX components are determined based on a pseudorandom byte string that is a pseudorandom function of the first unique licensee identifier.
  - 21. The method of claim 18, further comprising storing the first cryptographic permutation algorithm in a secure memory during an initial configuration of the first hardware processor by a licensee to whom the first unique licensee identifier of the first hardware processor is assigned.

22. An apparatus for protecting content, the apparatus comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory holds instructions that when executed by the processor, cause the apparatus to perform;
  
  storing content that has been protected using a cryptographic key;
  
  transforming a first binary data string using a first cryptographic permutation algorithm to generate an output, the first cryptographic permutation algorithm comprising permutation operations that are defined at least in part by a first unique licensee identifier of the apparatus;
  
  providing the output to a second computer, wherein the output is used by the second computer to obtain the cryptographic key by transforming a second binary data string using a second cryptographic permutation algorithm comprising permutation operations that are defined at least in part by a second unique identifier for multiple devices including the second computer; and
  
  sending the content that is protected by the cryptographic key to the second computer.
- View Dependent Claims (23, 24, 25)
- - 23. The apparatus of claim 22, wherein the first cryptographic permutation algorithm comprises “
    - Addition, cyclic Rotation and eXclusive or”
      
      (ARX) components.
  - 24. The apparatus of claim 23, wherein values controlling the addition, rotation, and “
    - exclusive or”
      
      ARX components are determined based on a pseudorandom byte string that is a pseudorandom function of the first unique licensee identifier of the apparatus.
  - 25. The apparatus of claim 22, wherein the memory holds further instructions for storing the first cryptographic permutation algorithm in a secure memory during an initial configuration of the apparatus by a licensee to whom the first unique licensee identifier of the apparatus is assigned.

26. A non-transitory computer-readable medium encoded with instructions that when executed by a processor of a first computer, cause the first computer to perform:
- storing content that has been protected using a cryptographic key;
  
  transforming a first binary data string using a first cryptographic permutation algorithm to generate an output, the first cryptographic permutation algorithm comprising permutation operations that are defined at least in part by a first unique licensee identifier of the first computer;
  
  providing the output to a second computer, wherein the output is used by the second computer to obtain the cryptographic key by transforming a second binary data string using a second cryptographic permutation algorithm comprising permutation operations that are defined at least in part by a second unique identifier for multiple devices including the second computer; and
  
  sending the content that is protected by the cryptographic key to the second computer.

27. An apparatus for protecting content, the apparatus comprising:
- means for storing content that has been protected using a cryptographic key;
  
  means for transforming a first binary data string using a first cryptographic permutation algorithm to generate an output, the first cryptographic permutation algorithm comprising permutation operations that are defined at least in part by a first unique licensee identifier of the apparatus;
  
  means for providing the output to a second computer, wherein the output is used by the second computer to obtain the cryptographic key by transforming a second binary data string using a second cryptographic permutation algorithm comprising permutation operations that are defined at least in part by a second unique identifier for multiple devices including the second computer; and
  
  means for sending the content that is protected by the cryptographic key to the second computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
Western Digital Technologies Incorporated (Western Digital Corporation)
Inventors
Amaral Cid, Carlos Frederico, Dodd, Matthew Warren, Blankenbeckler, David L., Halpern, III, Joseph Edward, Harvey, Ian E., Odgers, Christopher R.
Primary Examiner(s)
Lagor, Alexander
Assistant Examiner(s)
Carey, Forrest L

Application Number

US14/811,708
Publication Number

US 20170032108A1
Time in Patent Office

1,743 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/1011   to devices

H04L 2209/603   Digital right managament [DRM]

H04L 9/06   the encryption apparatus us...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0656   Pseudorandom key sequence c...

Licensable function for securing stored data

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Licensable function for securing stored data

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links