Media content protection utilizing public key cryptography
First Claim
1. A method for preventing unauthorized utilization of content, said method comprising the steps of:
- establishing a plurality of compliant devices ones of which are storage devices and other ones of which are use devices, wherein ones of said plurality of compliant devices meet different levels of compliant operation and all of said plurality of compliant devices meet a minimum operational level of protecting a cryptographic key associated with protected content, and wherein each compliant device of said plurality of compliant devices includes at least one element of the set consisting of a public cryptographic key and an electronic certificate;
selecting a first cryptographic key to be associated with said content;
encrypting said content using said first cryptographic key;
selecting content use information from a set of pre-established content use information to proscribe use of said content;
protecting said selected content use information from unauthorized alteration;
identifying ones of said plurality of compliant devices for which utilization of said content is to be authorized to thereby establish an authorized compliant device set, wherein said authorized compliant device set includes only compliant devices of said plurality of compliant devices meeting a desired threshold standard of operation;
establishing acceptable compliant device information, wherein said acceptable compliant device information includes at least one element of the set consisting of said public cryptographic key and said electronic certificate for each compliant device of said authorized compliant device set;
associating said first cryptographic key, said protected content use information and said acceptable compliant device information with said encrypted content; and
storing said first cryptographic key in a secure storage area of a storage device of said authorized compliant device set.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing protection of content which may be transmitted over unsecure channels, including storage and transmission in bulk media, transmission over a network such as the Internet, transmission between components of an open system, and broadcast transmitted, to compliant storage devices and/or compliant use devices is disclosed. The technique for providing protection from unauthorized utilization of the content so stored is provided publicly in order to allow for those utilizing a conforming media device to master or generate content protected according to the present invention. According to a preferred embodiment, public key cryptography is utilized to identify compliant devices and to transmit cryptographic keys protecting content data. In the preferred embodiment content is protected using private key cryptography to optimize system performance.
673 Citations
32 Claims
-
1. A method for preventing unauthorized utilization of content, said method comprising the steps of:
-
establishing a plurality of compliant devices ones of which are storage devices and other ones of which are use devices, wherein ones of said plurality of compliant devices meet different levels of compliant operation and all of said plurality of compliant devices meet a minimum operational level of protecting a cryptographic key associated with protected content, and wherein each compliant device of said plurality of compliant devices includes at least one element of the set consisting of a public cryptographic key and an electronic certificate;
selecting a first cryptographic key to be associated with said content;
encrypting said content using said first cryptographic key;
selecting content use information from a set of pre-established content use information to proscribe use of said content;
protecting said selected content use information from unauthorized alteration;
identifying ones of said plurality of compliant devices for which utilization of said content is to be authorized to thereby establish an authorized compliant device set, wherein said authorized compliant device set includes only compliant devices of said plurality of compliant devices meeting a desired threshold standard of operation;
establishing acceptable compliant device information, wherein said acceptable compliant device information includes at least one element of the set consisting of said public cryptographic key and said electronic certificate for each compliant device of said authorized compliant device set;
associating said first cryptographic key, said protected content use information and said acceptable compliant device information with said encrypted content; and
storing said first cryptographic key in a secure storage area of a storage device of said authorized compliant device set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
encrypting said selected content use information using said first cryptographic key.
-
-
3. The method of claim 1, wherein the step of protecting said selected content use information comprises the step of:
creating a protected hash of said selected content use information.
-
4. The method of claim 1, wherein said minimum operational level of protecting a cryptographic key associated with protected content requires said compliant device to never communicate a cryptographic key associated with protected content in unencrypted form external to said compliant device.
-
5. The method of claim 1, wherein said step of establishing compliant device information comprises the step of:
listing public cryptographic keys of devices meeting a particular standard of operation.
-
6. The method of claim 1, wherein said step of establishing compliant device information comprises the step of:
listing the electronic certificates of certificate authorities trusted to determine devices meet said particular standard of operation.
-
7. The method of claim 1, wherein said step of establishing compliant device information comprises the steps of:
-
listing public cryptographic keys of devices meeting a particular standard of operation; and
listing the electronic certificates of certificate authorities trusted to determine devices meet said particular standard of operation.
-
-
8. The method of claim 1, wherein said step of identifying ones of said plurality of compliant devices to establish an authorized compliant device set comprises the step of:
identifying compliant devices including a particular implementation, wherein said particular implementation is selected from the group consisting of a hardware implementation, a software implementation, a high security implementation, a low security implementation, an audio device implementation, a video device implementation, and a banking device implementation.
-
9. The method of claim 1, wherein said step of identifying ones of said plurality of compliant devices to establish an authorized compliant device set comprises the step of:
identifying an electronic certificate associated with a particular trusted certification authority.
-
10. The method of claim 1, further comprising the step of:
cloning at least a secure portion of a compliant device of said plurality of compliant devices, wherein a cloned at least a secure portion of said compliant device provides operational abilities with respect to protected content coextensive with that of said at least a secure portion of said compliant device cloned.
-
11. The method of claim 10, wherein said cloning step renders said at least a secure portion of said compliant device cloned inoperable for further use with said protected content.
-
12. The method of claim 10, wherein said cloning step produces a backup copy of said at least a secure portion of said complaint device cloned.
-
13. A system for protecting content, said system comprising:
-
a set of content use rules wherein portions of said content use rules are selectable to be associated with protected content in order to define authorized uses thereof;
a protected form of said content, wherein said protected form of said content includes an encryption of said content, a content key associated with said encryption of said content, an identification of devices authorized for use with said content, and a subset of said content use information defining authorized use of said content;
a plurality of devices providing compliant operation according to said system, wherein said compliant operation according to said system at least proscribes the use and communication of said content key associated with said protected content, and wherein said plurality of compliant devices comprise;
a use device having a secure storage area associated therewith, wherein said use device includes a public/secret cryptographic key set, wherein a secret key of said public/secret cryptographic key set is stored in said secure storage area; and
a storage device storing said identification of devices authorized for use with said content, wherein said storage device operates under control of an instruction set and has a secure storage area associated therewith, wherein said content key is stored in said secure storage area and is passable to said use device under control of said instruction set only if said use device is identifiable with said identification of devices authorized for use with said content. - View Dependent Claims (14, 15, 16, 17, 18)
a decryption engine for asymmetric decryption of messages protected using said public/secret cryptographic key set; and
a decryption engine for symmetric decryption of said content using said content key.
-
-
16. The system of claim 13, wherein said storage device further comprises:
encryption engine for asymmetric encryption of said content key using said public/secret cryptographic key set.
-
17. The system of claim 13, wherein said secure storage area associated with said use device is disposed in a security device including a memory, a processor, and an instruction set incarcerated in a tamper resistant housing removably coupled to a remainder of said use device.
-
18. The system of claim 13, wherein said secure storage area associated with said storage device is disposed in a security device including a memory, a processor, and an instruction set incarcerated in a tamper resistant housing removably coupled to a remainder of said storage device.
-
19. A method for protecting electronic content, said method comprising the steps of:
-
providing a compliant first device having a secure storage area associated therewith;
providing a compliant second device having a secure storage area associated therewith;
providing a content cryptographic key;
encrypting said content using said content cryptographic key;
storing said content cryptographic key in said secure storage area of said compliant first device;
identifying particular rules of a plurality of rules to establish authorized uses of said content;
preventing unauthorized alteration of said identified rules;
identifying devices of a plurality of devices authorized for use with said content to thereby provide identified device information;
preventing unauthorized alteration of said identified device information;
providing a device public/secret cryptographic key set;
storing a device secret key of said device public/secret cryptographic key set in said secure storage area of said compliant second device;
establishing communication between said compliant first device and said compliant second device to thereby provide a communication link;
comparing, at said compliant first device, information with respect to said compliant second device to said identified device information;
determining if said compliant second device is authorized for use with said content at least in part from information derived from said comparing step; and
if said compliant second device is determined to be authorized for use with said content at said determining step, performing the steps of;
encrypting, at said compliant first device, said content cryptographic key using a public key of said device public/secret cryptographic key set;
communicating said encrypted content cryptographic key from said compliant first device to said compliant second device;
decrypting, at said compliant second device, said encrypted content cryptographic key using said secret key stored in said compliant second device'"'"'s secure storage area; and
storing said content cryptographic key in said compliant second device'"'"'s secure storage area, wherein said stored content cryptographic key is identified with said content by said compliant second device. - View Dependent Claims (20, 21, 22, 23)
identifying an implementation of devices considered to provide an acceptable level of operational compliance;
identifying a certificate authority considered to provide an acceptable level of determination of operational compliance of devices;
identifying an electronic certificate associated with a group of devices considered to provide an acceptable level of operational compliance; and
identifying a public key associated with a group of devices considered to provide an acceptable level of operational compliance.
-
-
23. The method of claim 19, wherein at least one of said steps of preventing unauthorized alteration of said identified rules and preventing unauthorized alteration of said identified device information comprises the step of:
providing said one of said identified rules and said identified device information in clear text and associating a protection code therewith, wherein said protection code is relied upon to detect alteration of said clear text information.
-
24. A method for protecting electronic content comprising:
-
providing a compliant device having a secure storage area with at least a device secret key of a device public/secret cryptographic key set stored therein;
encrypting said content using a content cryptographic key;
identifying devices of a plurality of devices authorized for use with said content to thereby provide identified device information;
determining if said compliant device is authorized for use with said content at least in part through reference to said identified device information; and
if said compliant device is determined to be authorized for use with said content at said determining step, performing the steps of;
.decrypting said encrypted content cryptographic key using said secret key stored in said compliant device'"'"'s secure storage area; and
storing said content cryptographic key in said compliant device'"'"'s secure storage area, wherein said stored content cryptographic key is identified with said content by said compliant device. - View Dependent Claims (25, 26, 27, 28)
establishing rules for authorized uses of said content, wherein use of said content cryptographic key stored in said compliant device'"'"'s secure storage area to decrypt said encrypted content is in accordance with said rules for authorized uses of said content.
-
-
26. The method of claim 24, further comprising:
comparing, at a second compliant device, information with respect to said compliant device to said identified device information.
-
27. The method of claim 26, wherein said step of comparing utilizes a public key corresponding to said secret key stored in said compliant device'"'"'s secure storage area provided to said second compliant device from said compliant device via a communication link therebetween.
-
28. The method of claim 26, wherein said step of comparing utilizes an electronic certificate provided to said second compliant device from said compliant device via a communication link therebetween.
-
29. A system for protecting content comprising:
-
a plurality of devices providing compliant operation which at least proscribes the use and communication of a content key associated with a protected content, and wherein said plurality of compliant devices comprise;
a use device having a secure storage area associated therewith, wherein said use device includes a public/secret cryptographic key set, wherein a secret key of said public/secret cryptographic key set is stored in said secure storage area; and
a storage device storing identification of compliant devices authorized for use with said content, wherein said storage device has a secure storage area associated therewith storing said content key which is passable to said use device only if said use device is identifiable with said identification of devices authorized for use with said content. - View Dependent Claims (30, 31, 32)
a set of content use rules wherein portions of said content use rules are selectable to be associated with protected content in order to define authorized uses thereof, wherein use of protected content by said use device is in accordance with portions of said content use rules associated therewith.
-
-
31. The system of claim 29, wherein said protected content comprises:
an encryption of said content, a content key associated with said encryption of said content, an identification of devices authorized for use with said content, and a subset of said content use information defining authorized use of said content.
-
32. The system of claim 29, wherein said secure storage area associated with said use device is disposed in a security device including a memory, a processor, and an instruction set incarcerated in a tamper resistant housing removably coupled to a remainder of said use device.
Specification