Methods and apparatus for protecting digital content

US 20090296938A1
Filed: 05/27/2008
Published: 12/03/2009
Est. Priority Date: 05/27/2008
Status: Active Grant

First Claim

Patent Images

1. A method for protecting digital content, the method comprising:

receiving, at a source device, a digital certificate from a presentation device;

using public key infrastructure (PKI) to determine, at the source device, whether the presentation device has been authorized by a certificate authority (CA) to receive protected content;

generating a session key at the source device;

using the session key to encrypt data; and

transmitting the encrypted data to the presentation device only if the source device determines that the presentation device has been authorized by the CA to receive protected content.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processing system to serve as a source device for protected digital content comprises a processor and control logic. When used by the processor, the control logic causes the processing system to receive a digital certificate from a presentation device. The processing system then uses public key infrastructure (PKI) to determine Whether the presentation device has been authorized by a certificate authority (CA) to receive protected content. The processing system may also generate a session key and use the session key to encrypt data. The processing system may transmit the encrypted data to the presentation device only if the presentation device has been authorized by the CA to receive protected content. Presentation devices and repeaters may perform corresponding operations, thereby allowing content to be transmitted and presented in a protected manner. Other embodiments are described and claimed.

Citations

32 Claims

1. A method for protecting digital content, the method comprising:
- receiving, at a source device, a digital certificate from a presentation device;
  
  using public key infrastructure (PKI) to determine, at the source device, whether the presentation device has been authorized by a certificate authority (CA) to receive protected content;
  
  generating a session key at the source device;
  
  using the session key to encrypt data; and
  
  transmitting the encrypted data to the presentation device only if the source device determines that the presentation device has been authorized by the CA to receive protected content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method according to claim 1, wherein the operation of using the session key to encrypt data comprises:
    - using an advanced encryption standard (AES) cipher block to generate the encrypted data, based at least in part on (a) the session key and (b) at least one constant value obtained from the CA.
  - 3. A method according to claim 1, wherein:
    - the data to be encrypted comprises video data comprising pixels within lines within frames; and
      
      the operation of using the session key to encrypt data comprises;
      
      generating primary cipher data with a first cipher module, based at least in part on the session key;
      
      using at least first, second, third, and fourth cipher blocks in a second cipher module to generate four or more instances of secondary cipher data, based at least in part on the primary cipher data from the first cipher module;
      
      encrypting four or more different pixels in the video data with the secondary cipher data from four or more different secondary cipher blocks, respectively; and
      
      mixing bits in each secondary cipher block for multiple clock ticks between times that the secondary cipher data from that secondary cipher block is used to encrypt pixels.
  - 4. A method according to claim 3, wherein the operation of generating primary cipher data in a first cipher module, based at least in part on the session key, comprises:
    - using an advanced encryption standard (AES) cipher block in the first cipher module to generate the primary cipher data.
  - 5. A method according to claim 1, wherein:
    - the data to be encrypted comprises video data to be presented in lines within frames; and
      
      the operation of using the session key to encrypt the data comprises;
      
      using an advanced encryption standard (AES) cipher block in counter mode to generate a frame key, based at least in part on (a) a counter value and (b) a first value obtained from the CA;
      
      using the AES cipher block in output feedback mode to generate a line key, based at least in part on (a) the session key and (b) a second value obtained from the CA; and
      
      generating the encrypted data, based at least in part on the frame key and the line key.
  - 6. A method according to claim 1, wherein the CA comprises an entity that has agreed to serve as root trust authority to verify that particular public keys belongs to respective entities, with each of the different entities to be identified by a unique entity identifier.
  - 7. A method according to claim 1, further comprising:
    - generating a master key at the source device;
      
      receiving a nonce from the presentation device;
      
      using the master key and the nonce from the presentation device to encrypt the session key; and
      
      transmitting the encrypted session key to the presentation device before transmitting the encrypted data to the presentation device.
  - 8. A method according to claim 1, further comprising:
    - performing a revocation check before transmitting any protected content to the presentation device.
  - 9. A method according to claim 1, wherein the operation of using PKI to determine whether the presentation device has been authorized by the CA to receive protected content comprises:
    - using a global public key in the source device to determine whether the digital certificate was signed by a private key of the CA.
  - 10. A method according to claim 1, wherein the source device determines whether the presentation device has been authorized by the CA to receive protected content without using any non-volatile, unique, secret data.
  - 11. A method according to claim 1, wherein the source device does not contain any PKI private keys.

12. A processing system to serve as a source device for protected digital content, the processing system comprising:
- a processor; and
  
  control logic which, when used by the processor, results in the processing system performing operations comprising;
  
  receiving a digital certificate from a presentation device;
  
  using public key infrastructure (PKI) to determine whether the presentation device has been authorized by a certificate authority (CA) to receive protected content;
  
  generating a session key;
  
  using the session key to encrypt data; and
  
  transmitting the encrypted data to the presentation device only if the presentation device has been authorized by the CA to receive protected content.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 13. A processing system according to claim 12, wherein the operation of using the session key to encrypt data comprises:
    - using an advanced encryption standard (AES) cipher block to generate the encrypted data, based at least in part on (a) the session key and (b) at least one constant value obtained from the CA.
  - 14. A processing system according to claim 12, wherein:
    - the data to be encrypted comprises video data comprising pixels within lines within frames; and
      
      the operation of using the session key to encrypt data comprises;
      
      generating primary cipher data with a first cipher module, based at least in part on the session key;
      
      using at least first, second, third, and fourth cipher blocks in a second cipher module to generate four or more instances of secondary cipher data, based at least in part on the primary cipher data from the first cipher module;
      
      encrypting four or more different pixels in the video data with the secondary cipher data from four or more different secondary cipher blocks, respectively; and
      
      mixing bits in each secondary cipher block for multiple clock ticks between times that the secondary cipher data from that secondary cipher block is used to encrypt pixels.
  - 15. A processing system according to claim 14, wherein the operation of generating primary cipher data in a first cipher module, based at least in part on the session key, comprises:
    - using an advanced encryption standard (AES) cipher block in the first cipher module to generate the primary cipher data.
  - 16. A processing system according to claim 12, wherein:
    - the data to be encrypted comprises video data to be presented in lines within frames; and
      
      the operation of using the session key to encrypt the data comprises;
      
      using an advanced encryption standard (AES) cipher block in counter mode to generate a frame key, based at least in part on (a) a counter value and (b) a first value obtained from the CA;
      
      using the AES cipher block in output feedback mode to generate a line key, based at least in part on (a) the session key and (b) a second value obtained from the CA; and
      
      generating the encrypted data, based at least in part on the frame key and the line key.
  - 17. A processing system according to claim 16, wherein the operation of using the AES cipher block to generate the frame key comprises:
    - mixing the first value obtained from the CA with the counter value to generate a first mixed value;
      
      mixing the second value obtained from the CA with the session key to generate a second mixed value; and
      
      using the AES cipher block to generate the frame key, based at least in part on the first mixed value and the second mixed value.
  - 18. A processing system according to claim 17, wherein the operation of using the AES cipher block to generate the line key comprises:
    - mixing the second value obtained from the CA with the session key to generate the second mixed value; and
      
      using the AES cipher block to generate the line key, based at least in part on the second mixed value.
  - 19. A processing system according to claim 18, wherein the first and second values obtained from the CA comprise licensed constants obtained under an agreement to keep the licensed constants secret.
  - 20. A processing system according to claim 12, wherein the CA comprises an entity that has agreed to serve as root trust authority to verify that particular public keys belongs to respective entities, with each of the different entities to be identified by a unique entity identifier.
  - 21. A processing system according to claim 12, wherein the operations further comprise:
    - generating a master key;
      
      receiving a nonce from the presentation device;
      
      using the master key and the nonce from the presentation device to encrypt the session key; and
      
      transmitting the encrypted session key to the presentation device before transmitting the encrypted data to the presentation device.
  - 22. A processing system according to claim 21, wherein:
    - the digital certificate comprises a public key of the presentation device; and
      
      the operations further comprise;
      
      generating an encrypted master key, based at least in part on the master key and the public key of the presentation device; and
      
      transmitting the encrypted master key to the presentation device.
  - 23. A processing system according to claim 21, wherein the operation of using the master key and the nonce from the presentation device to encrypt the session key comprises:
    - generating a mixed key, based at least in part on the master key and the nonce from the presentation device;
      
      using the mixed key as input to an advanced encryption standard (AES) cipher block; and
      
      using output from the AES cipher block to encrypt the session key.
  - 24. A processing system according to claim 12, wherein the operations further comprise:
    - performing a revocation check before transmitting any protected content to the presentation device.
  - 25. A processing system according to claim 12, wherein the processing system is operable to determine whether the presentation device has been authorized by the CA to receive protected content without using any PKI private keys.
  - 26. A processing system according to claim 12, wherein the operation of using PKI to determine whether the presentation device has been authorized by the CA to receive protected content comprises:
    - using a global public key to determine whether the digital certificate was signed by a private key of the CA.
  - 27. A processing system according to claim 26, wherein:
    - the digital certificate from the presentation device comprises a public key of the presentation device; and
      
      the digital certificate comprises a digital signature from the CA to verify the public key of the presentation device as being authorized by the CA.

28. An article of manufacture, comprising:
- a tangible, machine-accessible medium; and
  
  instructions in the machine-accessible medium, wherein the instructions, when executed by a processing system, cause the processing system to perform operations comprising;
  
  receiving a digital certificate from a presentation device;
  
  using public key infrastructure (PKI) to determine whether the presentation device has been authorized by a certificate authority (CA) to receive protected content;
  
  generating a session key;
  
  using the session key to encrypt data; and
  
  transmitting the encrypted data to the presentation device only if the presentation device has been authorized by the CA to receive protected content.
- View Dependent Claims (29, 30, 31)
- - 29. An article according to claim 28, wherein the operation of using the session key to encrypt data comprises:
    - using an advanced encryption standard (AES) cipher block to generate the encrypted data, based at least in part on (a) the session key and (b) at least one constant value obtained from the CA.
  - 30. An article according to claim 28, wherein:
    - the data to be encrypted comprises video data comprising pixels within lines within frames; and
      
      the operation of using the session key to encrypt data comprises;
      
      generating primary cipher data with a first cipher module, based at least in part on the session key;
      
      using at least first, second, third, and fourth cipher blocks in a second cipher module to generate four or more instances of secondary cipher data, based at least in part on the primary cipher data from the first cipher module;
      
      encrypting four or more different pixels in the video data with the secondary cipher data from four or more different secondary cipher blocks, respectively; and
      
      mixing bits in each secondary cipher block for multiple clock ticks between times that the secondary cipher data from that secondary cipher block is used to encrypt pixels.
  - 31. An article according to claim 28, wherein the operation of using PKI to determine whether the presentation device has been authorized by the CA to receive protected content comprises:
    - using a global public key in the source device to determine whether the digital certificate was signed by a private key of the CA.

32-77. -77. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Devanand, Priyadarsini, Graunke, Gary L.

Granted Patent

US 8,259,949 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04L 2209/12   Details relating to cryptog...

H04L 2209/603   Digital right managament [DRM]

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0631   Substitution permutation ne...

H04L 9/08   Key distribution or managem...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3263   involving certificates, e.g...

Methods and apparatus for protecting digital content

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for protecting digital content

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links