Certificate handling for digital rights management system
First Claim
1. A method for secure distribution of a public and private key pair during an initial installation process, comprisingestablishing a first key pair comprising public and private keys, associating the first key pair with a first process portion, establishing a second key pair comprising public and private keys, associating the second key pair with a second process portion, registering the public key of the first key pair with the second process portion, registering the public key of the second key pair with the first process portion, generating a third key pair comprising public and private keys, the third key pair associated with a device for reviewing protected information, generating a first certificate based at least in part on the public key of the third key pair and encrypted with at least the public key of the second key pair and the private key of the first key pair providing the first certificate to the device during the initial installation process.
11 Assignments
0 Petitions
Accused Products
Abstract
A delivery system for managing security keys uses three key pairs to establish, register, move and revoke rights in a device to view protected information. The first and second key pairs cooperate to establish a secure certificate containing a device public and private key, and the pairs of keys are manipulated to install the appropriate keys in the device and the associated authentication server without ever exposing the keys. Thereafter, in the event of a need to authorize a new device to view content associated with a prior, authorized device, the key pairs are used to revoke the rights of an old device and establish identical viewing rights in the new device.
137 Citations
5 Claims
-
1. A method for secure distribution of a public and private key pair during an initial installation process, comprising
establishing a first key pair comprising public and private keys, associating the first key pair with a first process portion, establishing a second key pair comprising public and private keys, associating the second key pair with a second process portion, registering the public key of the first key pair with the second process portion, registering the public key of the second key pair with the first process portion, generating a third key pair comprising public and private keys, the third key pair associated with a device for reviewing protected information, generating a first certificate based at least in part on the public key of the third key pair and encrypted with at least the public key of the second key pair and the private key of the first key pair providing the first certificate to the device during the initial installation process.
-
2. A method for secure distribution of a public and private key pair during an initial installation process, comprising
establishing a first key pair comprising public and private keys, associating the first key pair with a first process portion, establishing a second key pair comprising public and private keys, associating the second key pair with a second process portion, registering the public key of the first key pair with the second process portion, registering the public key of the second key pair with the first process portion, generating a third key pair comprising public and private keys, the, third key pair associated with a device for reviewing protected information, generating a first certificate based on indicia including the public key of the third key pair and encrypted with at least the public key of the second key pair and the private key of the first key pair providing the first certificate to the device, decrypting, in the device, the first certificate using the public key of the first key pair, confirming that the indicia is correct, installing the private key of the third key pair in the device, and installing the public key of the second key pair in the device during the initial installation process.
-
3. A method for transferring a secure key from a first device to a second device comprising
sending a revocation certificate to the first device, receiving a confirmation of revocation back from the first device, identifying a pair of pre-existing public and private security keys for the first device, identifying a pre-existing user certificate sequence number for the first device; - and
generating a user certificate based on the pair of pre-existing public and private keys with a higher sequence number than the pre-existing sequence number.
- and
-
4. A method for revoking rights in a device to view protected content comprising
generating in a first server a first indicia, creating a first message by encrypting the first indicia using a private key associated with the first server, creating a second message by encrypting the first message with a public key associated with the device, creating a revocation certificate by signing the second message with the private key associated with the first server, transmitting the revocation certificate to the device, authenticating, in the device, the revocation certificate, in response to a successful authentication, revoking the rights in the device; -
replying from the device to the first server with a revocation acknowledge token, authenticating the revocation acknowledge token in the first server.
-
-
5. A method for secure distribution of a public and private key pair comprising
establishing a first key pair comprising public and private keys, associating the first key pair with a first process portion, establishing a second key pair comprising public and private keys, associating the second key pair with a second process portion, registering the public key of the first key pair with the second process portion, registering the public key of the second key pair with the first process portion, generating a third key pair comprising public and private keys, the third key pair associated with a device for reviewing protected information, generating a first certificate based at least in part on the public key of the third key pair and encrypted with at least the public key of the second key pair and the private key of the first key pair providing the first certificate to the device; -
receiving the first certificate;
generating a fourth key pair comprising public and private keys, the fourth key pair associated with a user of the device;
generating a second certificate based at least in part on the private key of the fourth key pair and encrypted with at least the public key of the third key pair and the private key of the second key pair;
providing the second certificate to the device.
-
Specification