ENSURING AUTHENTICITY IN A CLOSED CONTENT DISTRIBUTION SYSTEM

US 20100017627A1
Filed: 07/21/2009
Published: 01/21/2010
Est. Priority Date: 02/07/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving encrypted content at a secure processor, said secure processor having at least some secure individualized information maintained therein, said secure processor being capable of interpreting said content for presentation;

receiving a license for the content at said secure processor, said license including a first decryption key for said encrypted content and information sufficient to verify that the content is authentic at said secure processor;

verifying at said secure processor authenticity of the content, using the information sufficient to verify that the content is authentic;

generating a second decryption key at said secure processor, in response to verifying authenticity of the content, said second decryption key being independent of said first decryption key, wherein the second decryption key is stored in secure memory and is secure against discovery outside said secure processor;

re-encrypting the content at said secure processor using said second decryption key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for maintaining encrypted content received over a network in a secure processor without exposing a key used to decrypt the content in the clear is disclosed.

148 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving encrypted content at a secure processor, said secure processor having at least some secure individualized information maintained therein, said secure processor being capable of interpreting said content for presentation;
  
  receiving a license for the content at said secure processor, said license including a first decryption key for said encrypted content and information sufficient to verify that the content is authentic at said secure processor;
  
  verifying at said secure processor authenticity of the content, using the information sufficient to verify that the content is authentic;
  
  generating a second decryption key at said secure processor, in response to verifying authenticity of the content, said second decryption key being independent of said first decryption key, wherein the second decryption key is stored in secure memory and is secure against discovery outside said secure processor;
  
  re-encrypting the content at said secure processor using said second decryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising receiving the encrypted content in portions, where a signature is associated with each portion.
  - 3. The method of claim 1, further comprising delivering physical media having information readable therefrom.
  - 4. The method of claim 1, further comprising enforcing re-encrypting the content with security software before using said secure processor to interpret the content.
  - 5. The method of claim 1, further comprising verifying that said content is authentic occurs before using said secure processor to interpret said content.
  - 6. The method of claim 1, further comprising maintaining at least a portion of a result of said re-encrypting said content secure against discovery outside said secure processor.
  - 7. The method of claim 1, further comprising decrypting said encrypted content using the first decryption key.
  - 8. The method of claim 1, further comprising decrypting the re-encrypted content using the second decryption key and consuming the content.
  - 9. The method of claim 1, further comprising:
    - storing the re-encrypted content;
      
      maintaining an association between the re-encrypted content and the second decryption key outside of the secure memory.
  - 10. The method of claim 1, further comprising:
    - retrieving the re-encrypted content from external storage;
      
      retrieving an association between the re-encrypted content and the second decryption key;
      
      decrypting the re-encrypted content with the second decryption key.
  - 11. The method of claim 1, wherein received content is determined to be the re-encrypted content, further comprising:
    - storing the re-encrypted content without generating a third decryption key and without re-encrypting the content again;
      
      maintaining, outside of the secure memory, an association between the second decryption key and the re-encrypted content.
  - 12. The method of claim 1, further comprising disposing of content that is not determined to be authentic.

13. A method comprising:
- receiving content that has been encrypted;
  
  receiving a license for the content, said license including a first key that can be used to decrypt the encrypted content and a signature that can be used to verify the content is authentic;
  
  generating a second key;
  
  decrypting the encrypted content using the first key;
  
  re-encrypting the content, using the second key;
  
  checking authenticity of the content, using the signature in the license;
  
  if the content is authenticated;
  
  storing the second key in secure memory for future decryption of the content;
  
  decrypting the content using the second key;
  
  presenting the content;
  
  wherein the second key is not stored if the content is not authenticated.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, further comprising:
    - receiving the encrypted content in portions, where a signature is associated with each portion.
  - 15. The method of claim 13, further comprising generating the second key within the secure processor;
    - prohibiting sending of the second key outside of the secure processor.
  - 16. The method of claim 13, wherein the content is first content, further comprising:
    - receiving second content;
      
      failing to determine the second content is authentic;
      
      disposing of the second content.
  - 17. The method of claim 13, further comprising:
    - receiving the re-encrypted content at a later time;
      
      storing the re-encrypted content without re-encrypting the re-encrypted content;
      
      maintaining an association between the second key and the re-encrypted content outside of the secure processor.
  - 18. The method of claim 13, further comprising:
    - retrieving the re-encrypted content from outside of the secure processor;
      
      retrieving an association between the re-encrypted content and the second key from outside of the secure processor;
      
      decrypting the re-encrypted content inside the secure processor using the second key;
      
      consuming the content within the secure processor.

19. A method comprising:
- receiving content that has been encrypted;
  
  receiving a license for the content, said license including a first key that can be used to decrypt the encrypted content and a signature that can be used to verify the content is authentic;
  
  decrypting the encrypted content using the first key;
  
  verifying authenticity of the content, using the signature;
  
  if authenticity is verified;
  
  generating a second key at a secure processor;
  
  re-encrypting the content using the second key at the secure processor;
  
  maintaining the second key at the secure processor, wherein the second key is never stored in the clear, and wherein never storing a key in the clear includes storing the key only in secure memory;
  
  decrypting the content using the second key at the secure processor;
  
  presenting the content.
- View Dependent Claims (20)
- - 20. The method of claim 19, further comprising deleting the content if authenticity is not verified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Acer Cloud Technology, Inc. (Acer, Inc.)
Original Assignee
Broadon Communications Corp. (Acer, Inc.)
Inventors
Blythe, David, Yen, Wei, Srinivasan, Pramila, Princen, John

Application Number

US12/507,050
Publication Number

US 20100017627A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/1011   to devices

G06F 21/105   Arrangements for software l...

G06F 21/107   License processing; Key pro...

G06F 21/602   Providing cryptographic fac...

G06F 21/78   to assure secure storage of...

G06F 2212/402   Encrypted data

H04L 2209/60   Digital content management,...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/16   the keys or algorithms bein...

H04L 9/3247   involving digital signatures

ENSURING AUTHENTICITY IN A CLOSED CONTENT DISTRIBUTION SYSTEM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

148 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ENSURING AUTHENTICITY IN A CLOSED CONTENT DISTRIBUTION SYSTEM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

148 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links