ENSURING AUTHENTICITY IN A CLOSED CONTENT DISTRIBUTION SYSTEM
First Claim
Patent Images
1. A method comprising:
- receiving encrypted content at a secure processor, said secure processor having at least some secure individualized information maintained therein, said secure processor being capable of interpreting said content for presentation;
receiving a license for the content at said secure processor, said license including a first decryption key for said encrypted content and information sufficient to verify that the content is authentic at said secure processor;
verifying at said secure processor authenticity of the content, using the information sufficient to verify that the content is authentic;
generating a second decryption key at said secure processor, in response to verifying authenticity of the content, said second decryption key being independent of said first decryption key, wherein the second decryption key is stored in secure memory and is secure against discovery outside said secure processor;
re-encrypting the content at said secure processor using said second decryption key.
3 Assignments
0 Petitions
Accused Products
Abstract
A technique for maintaining encrypted content received over a network in a secure processor without exposing a key used to decrypt the content in the clear is disclosed.
148 Citations
20 Claims
-
1. A method comprising:
-
receiving encrypted content at a secure processor, said secure processor having at least some secure individualized information maintained therein, said secure processor being capable of interpreting said content for presentation; receiving a license for the content at said secure processor, said license including a first decryption key for said encrypted content and information sufficient to verify that the content is authentic at said secure processor; verifying at said secure processor authenticity of the content, using the information sufficient to verify that the content is authentic; generating a second decryption key at said secure processor, in response to verifying authenticity of the content, said second decryption key being independent of said first decryption key, wherein the second decryption key is stored in secure memory and is secure against discovery outside said secure processor; re-encrypting the content at said secure processor using said second decryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method comprising:
-
receiving content that has been encrypted; receiving a license for the content, said license including a first key that can be used to decrypt the encrypted content and a signature that can be used to verify the content is authentic; generating a second key; decrypting the encrypted content using the first key; re-encrypting the content, using the second key; checking authenticity of the content, using the signature in the license; if the content is authenticated; storing the second key in secure memory for future decryption of the content; decrypting the content using the second key; presenting the content; wherein the second key is not stored if the content is not authenticated. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A method comprising:
-
receiving content that has been encrypted; receiving a license for the content, said license including a first key that can be used to decrypt the encrypted content and a signature that can be used to verify the content is authentic; decrypting the encrypted content using the first key; verifying authenticity of the content, using the signature; if authenticity is verified; generating a second key at a secure processor; re-encrypting the content using the second key at the secure processor; maintaining the second key at the secure processor, wherein the second key is never stored in the clear, and wherein never storing a key in the clear includes storing the key only in secure memory; decrypting the content using the second key at the secure processor; presenting the content. - View Dependent Claims (20)
-
Specification