Technique for securely communicating and storing programming material in a trusted domain
First Claim
1. A device for receiving encrypted content from a storage unit, the device and the storage unit both being associated with a user, the encrypted content being decrypted in the device using a first cryptographic element, the device comprising:
- a first interface for receiving a first encrypted version of the first cryptographic element from the storage unit, the first encrypted version of the first cryptographic element being generated by encrypting the first cryptographic element using a second cryptographic element which is associated with the user, the first encrypted version of the first cryptographic element being provided to an apparatus remote from the device, the apparatus recovering the first cryptographic element based on at least the first encrypted version of the first cryptographic element and data representative of the user;
a second interface for receiving from the apparatus a second encrypted version of the first cryptographic element, the second encrypted version of the first cryptographic element being generated by encrypting the recovered first cryptographic element using a third cryptographic element which is associated with the device; and
a module for recovering the first cryptographic element to decrypt the encrypted content based on at least the second encrypted version of the first cryptographic element.
7 Assignments
0 Petitions
Accused Products
Abstract
A “trusted domain” is established within which content received from a communications network, e.g., a cable TV network, is protected from unauthorized copying thereof, in accordance with the invention. In an illustrative embodiment, the trusted domain includes a device associated with a user which receives content from the cable TV network. The content may be encrypted using a content key in accordance, e.g., with a 3DES encryption algorithm before it is stored in the device. In addition, a first encrypted content key version and a second encrypted content key version are generated by respectively encrypting the content key with a public key associated with the device and another public key associated with the user, in accordance with public key cryptography. The first and second encrypted content key versions are stored in association with the encrypted content in the device storage. The encrypted content can be migrated from a first device to a second device, and can be decrypted in the second device if the second device is associated with the same user, and also provided with the second encrypted content key version.
-
Citations
49 Claims
-
1. A device for receiving encrypted content from a storage unit, the device and the storage unit both being associated with a user, the encrypted content being decrypted in the device using a first cryptographic element, the device comprising:
-
a first interface for receiving a first encrypted version of the first cryptographic element from the storage unit, the first encrypted version of the first cryptographic element being generated by encrypting the first cryptographic element using a second cryptographic element which is associated with the user, the first encrypted version of the first cryptographic element being provided to an apparatus remote from the device, the apparatus recovering the first cryptographic element based on at least the first encrypted version of the first cryptographic element and data representative of the user;
a second interface for receiving from the apparatus a second encrypted version of the first cryptographic element, the second encrypted version of the first cryptographic element being generated by encrypting the recovered first cryptographic element using a third cryptographic element which is associated with the device; and
a module for recovering the first cryptographic element to decrypt the encrypted content based on at least the second encrypted version of the first cryptographic element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for securing, in a device, content which is encrypted using a content key, the system comprising:
-
a server for generating a first encrypted content key by encrypting the content key using a first cryptographic element; and
an interface for providing the first encrypted content key to the device where the encrypted content is stored in association with the first encrypted content key and a second encrypted content key which is generated by encrypting the content key using a second cryptographic element, which is associated with the device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. Apparatus for decrypting encrypted content in a device remote from the apparatus, the encrypted content in the device being decrypted using a content key, the apparatus comprising:
-
an interface for receiving from the device a first encrypted content key;
a database for searching for a first cryptographic element which is associated with a user of the device, the content key being recovered by decrypting the first encrypted content key using the first cryptographic element, a second encrypted content key being generated by encrypting the recovered content key using a second cryptographic element which is associated with the device; and
a server for providing at least the second encrypted content key to the device where the content key is recoverable based on at least the second encrypted content key. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
-
27. A method for use in a first device to which encrypted content is transported from a second device, the first device and the second device both being associated with a user, the encrypted content being decrypted in the first device using a first cryptographic element, the method comprising:
-
receiving a first encrypted version of the first cryptographic element from the second device, the first encrypted version of the first cryptographic element being generated by encrypting the first cryptographic element using a second cryptographic element which is associated with the user;
providing the first encrypted version of the first cryptographic element to an apparatus remote from the first device, the apparatus recovering the first cryptographic element based on at least the first encrypted version of the first cryptographic element and data representative of the user;
receiving from the apparatus a second encrypted version of the first cryptographic element, the second encrypted version of the first cryptographic element being generated by encrypting the recovered first cryptographic element using a third cryptographic element which is associated with the first device; and
recovering the first cryptographic element to decrypt the encrypted content based on at least the second encrypted version of the first cryptographic element. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A method for use in a system for securing, in a device, content which is encrypted using a content key, the method comprising:
-
generating a first encrypted content key by encrypting the content key using a first cryptographic element; and
providing the first encrypted content key to the device where the encrypted content is stored in association with the first encrypted content key and a second encrypted content key which is generated by encrypting the content key using a second cryptographic element, which is associated with the device. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A method for use in an apparatus for decrypting encrypted content in a device remote from the apparatus, the encrypted content in the device being decrypted using a content key, the method comprising:
-
receiving from the device a first encrypted content key;
searching a database for a first cryptographic element which is associated with a user of the device;
using the first cryptographic element to decrypt the first encrypted content key, thereby recovering the content key;
using a second cryptographic element which is associated with the device to encrypt the recovered content key, thereby generating a second encrypted content key; and
providing the second encrypted content key to the device where the content key is recoverable based on at least the second encrypted content key. - View Dependent Claims (44, 45, 46, 47, 48, 49)
-
Specification