Method and system to store and distribute encryption keys

US 7,107,462 B2
Filed: 12/16/2002
Issued: 09/12/2006
Est. Priority Date: 06/16/2000
Status: Expired due to Term

First Claim

Patent Images

1. An automated method to provide an encryption key storage and distribution service, the method including:

receiving a product key at a service provider, the product key being received from a first content provider, the product key encrypting first content controlled by the first content provider, and the product key being encrypted with a secure device public key of a first secure device of the service provider;

within the first secure device at the service provider, decrypting the product key utilizing the secure device private key;

within the first secure device at the service provider, encrypting the product key using a storage key associated with the first secure device; and

storing the product key, encrypted using the storage key, at the service provider.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system to store and distribute encryption keys commences when a service provider receives a product key from a content provider. The service provider encrypts content controlled by the content provider with a secure device public key of a secure device of the service provider. The secure device of the service provider decrypts the product key with the secure device public key and encrypts the product key with a storage key associated with the secure device. The product key is then stored at the service provider.

Citations

30 Claims

1. An automated method to provide an encryption key storage and distribution service, the method including:
- receiving a product key at a service provider, the product key being received from a first content provider, the product key encrypting first content controlled by the first content provider, and the product key being encrypted with a secure device public key of a first secure device of the service provider;
  
  within the first secure device at the service provider, decrypting the product key utilizing the secure device private key;
  
  within the first secure device at the service provider, encrypting the product key using a storage key associated with the first secure device; and
  
  storing the product key, encrypted using the storage key, at the service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 including receiving a plurality of product keys from respective content providers of a plurality of content providers, each of the product keys encrypting content controlled by the respective content providers.
  - 3. The method of claim 2 wherein each of the plurality of product keys is generated within a second secure device of each of the respective content providers.
  - 4. The method of claim 2 including receiving rule information, pertaining to access to associated content controlled by a respective content provider, at the service provider wherein the rule information is stored at the service provider and is associated with at least one product key stored at the service provider.
  - 5. The method of claim 1 wherein the secure device public key comprises a public key of the first secure device of the service provider.
  - 6. The method of claim 2 wherein each of the plurality of product keys, encrypted with the secure device public key, is signed using a respective content provider private key.
  - 7. The method of claim 2 wherein each of the product keys is received at the service provider with an associated content provider certificate.
  - 8. The method of claim 7 wherein the service provider verifies a signature and the associated content provider certificate of each of the plurality of content providers.
  - 9. The method of claim 1 including:
    - receiving a request to access the first content at the service provider from a requestor;
      
      within the first secure device at the service provider, decrypting the product key, encrypted with the storage key;
      
      within the first secure device at the service provider, decrypting a requestor secret key, associated with the requestor;
      
      within the secure device of the service provider, encrypting the product key with the requestor secret key; and
      
      communicating the product key, encrypted with the requestor secret key, to the requestor.
  - 10. The method of claim 9 wherein the requestor decrypts the product key utilizing the requestor secret key, and the service provider distributes the product key to an end-user to enable the end-user to decrypt the first content.
  - 11. The method of claim 10 wherein the requestor decrypts the product key utilizing the requestor secret key and decrypts the first content for access by the requestor.
  - 12. The method of claim 1 including:
    - communicating the secure device public key to each of a plurality of content requestors;
      
      receiving a further key for each of the plurality of content requestors, each further key being encrypted utilizing the storage key; and
      
      storing a plurality of further keys, encrypted utilizing the storage key and associated with a respective requestor, at the service provider.
  - 13. The method of claim 12 wherein the secure device public key comprises a public key of the first secure device.
  - 14. The method of claim 12 wherein the further key comprises a private key of the content requestor.

15. A system to provide an encryption key storage and distribution service, the system including:
- a first content provider; and
  
  a service provider, coupled to the first content provider via a network, to receive a product key, the product key being received from the first content provider, the product key encrypting first content controlled by the first content provider, and the product key being encrypted with a secure device public key of a first secure device of the service provider;
  
  wherein the service provider is to, within the first secure device at the service provider, decrypt the product key utilizing the secure device private key and to encrypt the product key using a storage key associated with the first secure device; and
  
  wherein the service provider is further to store the product key, encrypted using the storage key.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The system of claim 15 wherein the service provider is to receive a plurality of product keys from respective content providers of a plurality of content providers, each of the product keys encrypting content controlled by the respective content providers.
  - 17. The system of claim 16 wherein each of the product keys of the plurality of product keys is generated within a second secure device of each of the respective content providers.
  - 18. The system of claim 16 wherein the service provider is to receive rule information, pertaining to access to associated content controlled by a respective content provider, wherein the rule information is stored at the service provider and is associated with at least one product key stored at the service provider.
  - 19. The system of claim 16 wherein each of the product keys of the plurality of product keys, encrypted with the secure device public key, is signed using a respective content provider private key.
  - 20. The system of claim 16 wherein each of the product keys of the plurality of product keys is received at the service provider with an associated content provider certificate.
  - 21. The system of claim 20 wherein the service provider is to verify a signature and the associated content provider certificate of each of the plurality of content providers.
  - 22. The system of claim 15 wherein the secure device public key comprises a public key of the first secure device of the service provider.
  - 23. The system of claim 15 wherein the service provider is to receive a request to access the first content from a requestor, and:
    - within the first secure device, to decrypt the product key encrypted with the product key with the storage key, to decrypt a requestor secret key associated with the requestor, and to encrypt the product key with the requestor secret key; and
      
      to;
      
      communicate the product key, encrypted with the requestor secret key, to the requestor.
  - 24. The system of claim 23 wherein the requestor decrypts the product key utilizing the requestor secret key, and the service provider is to distribute the product key to an end-user to enable the end-user to decrypt the first content.
  - 25. The system of claim 24 wherein the requestor decrypts the product key utilizing the requestor secret key and decrypts the first content for access by the requestor.
  - 26. The system of claim 15 wherein the service provider is to:
    - communicate the secure device public key to each of a plurality of content requestors;
      
      receive a further key for each of the plurality of requestors, the further key being encrypted utilizing the storage key; and
      
      store a plurality of further keys, encrypted utilizing the storage key and associated with a respective requestor.
  - 27. The system of claim 26 wherein the secure device public key comprises a public key of the first secure device.
  - 28. The system of claim 26 wherein the further key comprises a private key of the content requestor.

29. A system to provide an encryption key storage and distribution service, the system including:
- content provider means; and
  
  service provider means, coupled to the content provider means via a network, to receive a product key, the product key being received from the content provider means, the product key encrypting first content controlled by the content provider means, and the product key being encrypted with a secure device public key of a first secure device of the service provider means;
  
  wherein the service provider means is to, within the first secure device at the service provider means, decrypt the product key utilizing the secure device private key and to encrypt the product key using a storage key associated with the first secure device; and
  
  wherein the service provider means is further to store the product key, encrypted using the storage key.

30. A machine-readable medium storing a sequence of instructions that, when executed by a machine, cause the machine to perform an automated method to provide an encryption key storage and distribution service, the method including:
- receiving a product key at a service provider, the product key being received from a first content provider, the product key encrypting first content controlled by the first content provider, and the product key being encrypted with a secure device public key of a first secure device of the service provider;
  
  within the first secure device at the service provider, decrypting the product key utilizing the secure device private key;
  
  within the first secure device at the service provider, encrypting the product key using a storage key associated with the first secure device; and
  
  storing the product key, encrypted using the storage key, at the service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
MIH Technology Holdings BV
Original Assignee
Irdeto Access B.V. (MultiChoice Group Ltd.)
Inventors
Fransdonk, Robert W.
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US10/321,061
Publication Number

US 20030161476A1
Time in Patent Office

1,366 Days
Field of Search

713200-202, 713/150, 713/168, 713/175, 713/176, 713189-194, 380281-285, 380277-279, 705 51- 59
US Class Current

713/193
CPC Class Codes

G06Q 20/12   specially adapted for elect...

G06Q 20/123   Shopping for digital content

G06Q 20/1235   with control of digital rig...

G06Q 20/3823   combining multiple encrypti...

H04L 2463/101   applying security measures ...

H04L 63/045   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

Method and system to store and distribute encryption keys

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system to store and distribute encryption keys

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links