ELECTRONIC RENTAL SERVICE SYSTEM AND METHOD FOR DIGITAL CONTENT
First Claim
1. A system for making digital content data available to one of a plurality of end user stations, the system comprising:
- a source comprising a processor for receiving the digital content data and for generating source encrypted data comprising at least the content data encrypted with a key of a content encryption key pair; and
share data relating to the key of the content encryption key pair;
at least the share data relating to the key of the content encryption key pair being encrypted with a first key of a second encryption key pair, which second key pair is associated with a targeted intermediate station;
a data transmission path between the source and the targeted intermediate station for forwarding the source encrypted data to the targeted intermediate station;
the targeted intermediate station comprising a processor for receiving the source encrypted data;
a portable data storage device associated with the end user station, the end user station being associated with a third encryption key pair comprising a first key and a second key;
the processor at the intermediate station being configured to be placed in data communication with the portable storage device and to generate intermediate station encrypted data by decrypting the encrypted share data relating to the key of the content encryption key pair utilizing the second key of the second key pair and encrypting resulting decrypted data utilizing a first key of the third key pair;
the portable storage device being configured to be brought into data communication with a decryption processor at the end user station;
a content encryption key reconstruction processor configured to utilize an algorithm and input data comprising at least one of said share data relating to the key of the content encryption key pair and other data, to reconstruct the content encryption key;
the decryption processor being configured to decrypt the intermediate station encrypted data utilizing the second key of the third key pair and to use the reconstructed content encryption key to decrypt the encrypted content data.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for making digital content data available to an end user station (26.1) comprises a source (12) for generating source encrypted data comprising the content data encrypted with a key (15) of a content encryption key (CEK) pair and share data relating to the CEK. The share data being encrypted with a first key of a second encryption key pair, which second key pair is associated with a targeted intermediate station 18.1. The intermediate station 18.1 comprises a processor 22.1 for receiving the source encrypted data. The processor at the intermediate station is configured to be placed in data communication with a portable storage device (PSD), which is associated with the end user station 26.1. The end user station is associated with a third encryption key pair. The processor 22.1 is configured to generate intermediate station encrypted data by decrypting the encrypted share data utilizing a key of the second key pair and encrypting resulting decrypted data utilizing a key of the third key pair. A CEK reconstruction processor is configured to utilize an algorithm and input share data to reconstruct the CEK. A decryption processor is configured to use the reconstructed CEK, to decrypt the encrypted content data.
9 Citations
15 Claims
-
1. A system for making digital content data available to one of a plurality of end user stations, the system comprising:
-
a source comprising a processor for receiving the digital content data and for generating source encrypted data comprising at least the content data encrypted with a key of a content encryption key pair; and
share data relating to the key of the content encryption key pair;at least the share data relating to the key of the content encryption key pair being encrypted with a first key of a second encryption key pair, which second key pair is associated with a targeted intermediate station; a data transmission path between the source and the targeted intermediate station for forwarding the source encrypted data to the targeted intermediate station; the targeted intermediate station comprising a processor for receiving the source encrypted data; a portable data storage device associated with the end user station, the end user station being associated with a third encryption key pair comprising a first key and a second key; the processor at the intermediate station being configured to be placed in data communication with the portable storage device and to generate intermediate station encrypted data by decrypting the encrypted share data relating to the key of the content encryption key pair utilizing the second key of the second key pair and encrypting resulting decrypted data utilizing a first key of the third key pair; the portable storage device being configured to be brought into data communication with a decryption processor at the end user station; a content encryption key reconstruction processor configured to utilize an algorithm and input data comprising at least one of said share data relating to the key of the content encryption key pair and other data, to reconstruct the content encryption key; the decryption processor being configured to decrypt the intermediate station encrypted data utilizing the second key of the third key pair and to use the reconstructed content encryption key to decrypt the encrypted content data. - View Dependent Claims (2, 3, 4, 5, 7, 15)
-
-
6. A system as claimed in claim 6 wherein the decrypted content data is played out on a monitor connected to the set-top box.
-
8. A user station device comprising a content encryption key reconstruction processor, a decryption processor and a port for receiving a portable data storage device, the data storage device storing device data comprising content data which is encrypted with a content encryption key and share data relating to the content encryption key, the content encryption key reconstruction processor being configured to utilize an algorithm and share data to reconstruct the content encryption key;
- and the decryption processor being configured to decrypt the encrypted content data utilizing the reconstructed content encryption key.
-
9. An intermediate station for a system for making digital content data available to one of a plurality of end user stations, the intermediate station comprising a processor for receiving from a source, source encrypted data comprising at least the content data encrypted with a key of a first encryption key pair and share data relating to the key of the content encryption key pair encrypted with a first key of a second encryption key pair, which second encryption key pair is associated with the intermediate station;
- the processor at the intermediate station being configured to be placed in data communication with a portable data storage device associated with the end user station, the end user station being associated with a third encryption key pair comprising a first key and a second key, the processor being configured to generate intermediate station encrypted data by decrypting the encrypted share data relating to the key of the content encryption key pair utilizing the second key of the second key pair and encrypting resulting decrypted data utilizing a first key of the third key pair.
- View Dependent Claims (10)
-
11. A method of making digital content data available to at least one user station, the method comprising the steps of:
-
at a source, generating source encrypted data by encrypting the content data with a key of a content encryption key pair;
adding share data relating to the key of the content encryption key pair; and
encrypting at least the share data relating to the key of the content encryption key pair with a first key of a second encryption key pair, the second encryption key pair being associated with an intermediate station;forwarding the source encrypted data to the intermediate station; at the intermediate station, causing intermediate station encrypted data to be generated by decrypting the encrypted share data relating to the key of the content encryption key utilizing a second key of the second encryption key pair and encrypting resulting decrypted data with a first key of a third key pair, which third key pair is associated with the user station; and causing the intermediate station encrypted data to be made available on a portable data storage device. - View Dependent Claims (12, 13, 14)
-
Specification