Systems and methods for providing secure server key operations
First Claim
1. A method for providing abstraction for secure key operations in a digital rights management system, the method comprising:
- providing, in a digital rights management system, a key management interface that abstracts operations that include the use of key material;
providing a plurality of key management components for use in the digital rights management system, wherein each of the key management components enables the digital rights management system to perform a respective method for managing the key material, and integrating a selected key management component into the digital rights management system via the key management interface.
2 Assignments
0 Petitions
Accused Products
Abstract
A key management interface that allows for different key protection schemes to be plugged into a digital rights management system is disclosed. The interface exposes the functionality of signing data, decrypting data encrypted using a public key, and re-encrypting data encrypted using the public key exported by the interface to a different authenticated principal (i.e., a different public key). Thus, a secure interface can be provided such that the data does not enter or leave the interface in the clear. Such an interface exports private key operations of signing and decryption, and provides security and authentication for the digital asset server in licensing and publishing. During publishing, a client can encrypt asset keys such that only a specified entity can decrypt it, using a plug-in, for example, that implements the aforementioned interface. During licensing, the license issuing entity can use the interface to decrypt keys for assets and to sign licenses and rights labels such that the asset is protected and consumable by a host digital rights management platform. The interface thus provides an abstraction for key operations.
-
Citations
51 Claims
-
1. A method for providing abstraction for secure key operations in a digital rights management system, the method comprising:
-
providing, in a digital rights management system, a key management interface that abstracts operations that include the use of key material;
providing a plurality of key management components for use in the digital rights management system, wherein each of the key management components enables the digital rights management system to perform a respective method for managing the key material, and integrating a selected key management component into the digital rights management system via the key management interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for providing secure key operations, the method comprising:
-
providing a plurality of key management plug-in components for use in a digital rights management system, wherein each of the key management plug-in components enables the digital rights management system to perform a respective method for managing key material;
selecting a selected key management plug-in from the plurality of key management plug-ins; and
integrating the selected key management plug-in into the digital rights management system.
-
-
11. A method for providing secure server key operations in a system comprising a front-end server that is accessible via a global communications network and a back-end server that is coupled to the front-end server via a local communications network, the method comprising:
-
generating a public-private key pair for use in connection with performing a cryptographic operation, wherein the public-private key pair includes a private key;
storing the private key on the back-end server; and
performing the cryptographic operation on the back-end server, using the private key, in response to a request from the front-end server to perform the cryptographic operation. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system for providing secure server key operations for rights management of digital content, the system comprising:
-
a front-end server that is accessible via a global communications network; and
a back-end server that is coupled to the front-end server via a local communications network, wherein a public-private key pair is generated for use in connection with performing a cryptographic operation, the public-private key pair including a private key, and wherein the private key is stored on the back-end server and used on the back-end server to perform the cryptographic operation in response to a request from the front-end server to perform the cryptographic operation. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method for providing secure server key operations in a system comprising a front-end server that is accessible via a global communications network and a back-end server that is coupled to the front-end server via a local communications network, the method comprising:
-
generating, on the front-end server, a certificate signing public-private key pair for use in connection with signing a certificate, wherein the certificate signing public-private key pair includes a certificate signing public key and a certificate signing private key;
generating a content protection public-private key pair for use in connection with encrypting or decrypting a piece of digital content, wherein the content protection public-private key pair includes a content protection public key and a content protection private key;
storing the content protection private key on the back-end server; and
providing to a client application, a certificate chain that includes the certificate signing public key and the content protection public key. - View Dependent Claims (32, 33, 34, 35, 36, 37)
-
-
38. A method for providing secure server key operations in a system comprising a front-end server that is accessible via a global communications network and a back-end server that is coupled to the front-end server via a local communications network, the method comprising:
-
generating a content protection public-private key pair for use in connection with encrypting or decrypting a content symmetric key used to protect a piece of digital content, wherein the content protection public-private key pair includes a content protection public key and a content protection private key;
storing the content protection private key on the back-end server;
generating, on the front-end server, a certificate signing public-private key pair, wherein the certificate signing public-private key pair includes a certificate signing public key and a certificate signing private key; and
publishing the content protection public key via a root licensor certificate that is signed using the certificate signing private key. - View Dependent Claims (39, 40, 41)
-
-
42. A method for providing secure server key operations in a digital rights management system, the method comprising:
-
generating a root public-private key pair that includes a root private key and a root public key;
issuing a root licensor certificate that contains the root public key;
periodically generating a current rolling public-private key pair that includes a current rolling public key and a current rolling private key;
receiving a request from a client application to perform a digital rights management operation; and
performing the digital rights management operation using the current rolling public-private key pair. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51)
-
Specification