ENCRYPTING A UNIQUE CRYPTOGRAPHIC ENTITY
First Claim
1. A client device, configured to enforce digital rights management rules, the client device comprising:
- an input/output module configured to receive, at a client a global-key (GK-) encrypted unit key data (UKD) including a GK-encrypted unique cryptographic entity (UCE) and a GK-encrypted unit key number (UKN) from a key generation facility (KGF);
a decryption module configured to decrypt the GK-encrypted UKD using a global key (GK) to determine a decrypted UCE and a decrypted UKN;
an encryption module configured to encrypt the decrypted UKN and the decrypted UCE using a device unique key (DUK) to determine a DUK-encrypted UKN and a DUK-encrypted UCE;
wherein the encryption module is configured to append the DUK-encrypted UCE to the DUK-encrypted UKN to form a DUK-encrypted UKD, and the client device is configured to store the DUK-encrypted UKD in the memory; and
a UKN verification module is configured to verify that the DUK-encrypted UKN was generated and stored in the client device by determining if a digital rights management (DRM) value is not equal to the GK-encrypted UKN, andif the DRM value is not equal to the GK-encrypted UKN, then verifying the DUK-encrypted value was generated and stored in the client device and, after the verifying, the decryption module is subsequently operable to decrypt the DUK-encrypted UKD and the client device is subsequently operable to utilize the UCE as a cryptographic identity of the device.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of encrypting a unique cryptographic entity (UCE), where a client device receives a global-key (GK-) encrypted UKD comprising a GK-encrypted UCE and a GK-encrypted unit key number (UKN). The client device verifies that the GK-encrypted UKN is the same as a pre-provisioned value and then decrypts the GK-encrypted UKD using a global key (GK). The client device then re-encrypts the decrypted UKD using a device user key (DUK) to determine a DUK-encrypted UCE and a DUK-encrypted UKN. The DUK-encrypted UKN is verified as not equal to the GK-encrypted UKN. The DUK-encrypted UKN is then appended to the DUK-encrypted UCE to form a DUK-encrypted UKD and stored in a memory.
-
Citations
20 Claims
-
1. A client device, configured to enforce digital rights management rules, the client device comprising:
-
an input/output module configured to receive, at a client a global-key (GK-) encrypted unit key data (UKD) including a GK-encrypted unique cryptographic entity (UCE) and a GK-encrypted unit key number (UKN) from a key generation facility (KGF); a decryption module configured to decrypt the GK-encrypted UKD using a global key (GK) to determine a decrypted UCE and a decrypted UKN; an encryption module configured to encrypt the decrypted UKN and the decrypted UCE using a device unique key (DUK) to determine a DUK-encrypted UKN and a DUK-encrypted UCE; wherein the encryption module is configured to append the DUK-encrypted UCE to the DUK-encrypted UKN to form a DUK-encrypted UKD, and the client device is configured to store the DUK-encrypted UKD in the memory; and a UKN verification module is configured to verify that the DUK-encrypted UKN was generated and stored in the client device by determining if a digital rights management (DRM) value is not equal to the GK-encrypted UKN, and if the DRM value is not equal to the GK-encrypted UKN, then verifying the DUK-encrypted value was generated and stored in the client device and, after the verifying, the decryption module is subsequently operable to decrypt the DUK-encrypted UKD and the client device is subsequently operable to utilize the UCE as a cryptographic identity of the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for encrypting content, said method comprising:
-
a device receiving a GK-encrypted UKD, wherein the GK-encrypted UKD includes a GK-encrypted UCE and a GK-encrypted UKN; decrypting the GK-encrypted UKD using a GK to determine a decrypted UCE and a decrypted UKN; reapplying encryption to the decrypted UCE and the decrypted UKN using a DUK to determine a DUK-encrypted UCE and a DUK-encrypted UKN; appending the device UKN to the encrypted UCE to form a DUK-encrypted UKD; storing the DUK-encrypted UKD in a memory; and verifying that the stored DUK-encrypted UKN is not equal to the GEK-encrypted UKN and if the DUK-encrypted UKN is verified as not equal to GK-encrypted UKN utilizing UCE as a cryptographic identity of the device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
19. A computer readable storage medium on which is embedded one or more computer programs, said one or more computer programs implementing a method for encrypting content, said one or more computer programs comprising a set of instructions for:
-
a device receiving a GK-encrypted UKD, wherein the GK-encrypted UKD includes a GK-encrypted UCE and a GK-encrypted UKN; verifying that the GK-encrypted UKN is same as a pre-provisioned value; if the GK-encrypted UKN is same as the pre-provisioned value, decrypting the GK-encrypted UKD using a GK to determine a decrypted UCE and a decrypted UKN; reapplying encryption to the decrypted UCE and the decrypted UKN using a DUK to determine a DUK-encrypted UCE and a DUK-encrypted UKN; verifying that the DUK-encrypted UKN is not equal to the encrypted UKN; if the DUK-encrypted UKN is not equal to the encrypted UKN, appending the device UKN to the encrypted UCE to form a DUK-encrypted UKD; and storing the DUK-encrypted UKD in a memory. - View Dependent Claims (20)
-
Specification