Method and apparatus for simultaneous decryption and re-encryption of publicly distributed content via stream ciphers

US 7,184,550 B2
Filed: 08/15/2002
Issued: 02/27/2007
Est. Priority Date: 08/15/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving encrypted streamed content encrypted with a first key;

generating a first key stream of a first stream cipher based on the first key and a second key;

generating a second key stream of a second stream cipher based on the first and second keys; and

simultaneously decrypting and re-encrypting the encrypted streamed content using a combination of the first and second key streams to produce re-encrypted streamed content encrypted with the second key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure communication from one encryption domain to another using a trusted module. In one embodiment, the invention includes receiving encrypted streamed content encrypted with a first key, generating a substitution key stream based on the first key and a second key, generating a transposition key stream based on the first and second keys, and simultaneously decrypting and re-encrypting the encrypted streamed content using a combination of the substitution and transposition streams to produce re-encrypted streamed content encrypted with the second key.

Citations

36 Claims

1. A method comprising:
- receiving encrypted streamed content encrypted with a first key;
  
  generating a first key stream of a first stream cipher based on the first key and a second key;
  
  generating a second key stream of a second stream cipher based on the first and second keys; and
  
  simultaneously decrypting and re-encrypting the encrypted streamed content using a combination of the first and second key streams to produce re-encrypted streamed content encrypted with the second key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the first key stream comprises a substitution key stream and the second key stream comprises a transposition key stream.
  - 3. The method of claim 1, wherein the first key stream comprises a transposition key stream and the second key stream comprises a substitution key stream.
  - 4. The method of claim 1, further comprising:
    - communicating the re-encrypted streamed content to a sink device.
  - 5. The method of claim 2, wherein simultaneously decrypting and re-encrypting the encrypted streamed content comprises exclusive OR-ing the encrypted streamed content with the substitution key stream to produce an intermediate stream.
  - 6. The method of claim 5, wherein simultaneously decrypting and re-encrypting the encrypted streamed content further comprises shuffling the intermediate stream according to the transposition key stream to produce the re-encrypted streamed content.
  - 7. The method of claim 1, further comprising receiving at least one of the first key and the second key over a secure authenticated channel.
  - 8. The method of claim 7, wherein receiving a key over a secure authenticated channel comprises receiving the key from a sales server.
  - 9. The method of claim 4, further comprising communicating the second key to the sink device to enable the sink device to decrypt the re-encrypted streamed content.
  - 10. The method of claim 1, wherein the encrypted streamed content is publicly available and encrypted with a public key and wherein the first key is a locally available private key.
  - 11. The method of claim 1, wherein the encrypted streamed content is a broadcast entertainment program received over a broadcast channel.
  - 12. The method of claim 1, wherein generating the first and second key streams, and simultaneous decrypting and re-encrypting using a combination of the first and second key streams, are performed within a trusted module.

13. An article comprising:
- a machine-accessible medium having stored thereon data representing sequences of instructions which, when executed by a machine, cause the machine to perform the operations ofreceiving encrypted streamed content encrypted with a first key;
  
  generating a first key stream of a first stream cipher based on the first key and a second key;
  
  generating a second key stream of a second stream cipher based on the first and second keys; and
  
  simultaneously decrypting and re-encrypting the encrypted streamed content using a combination of the first and second key streams to produce re-encrypted streamed content encrypted with the second key.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The article of claim 13, wherein the first key stream comprises a substitution key stream and the second key stream comprises a transposition key stream.
  - 15. The article of claim 13, wherein the first key stream comprises a transposition key stream and the second key stream comprises a substitution key stream.
  - 16. The article of claim 13, further comprising instructions for communicating the re-encrypted streamed content to a sink device.
  - 17. The article of claim 14, wherein instructions for simultaneously decrypting and re-encrypting the encrypted streamed content comprises instructions for exclusive OR-ing the encrypted streamed content with the substitution key stream to produce an intermediate stream.
  - 18. The article of claim 17, wherein simultaneously decrypting and re-encrypting the encrypted streamed content further comprises shuffling the intermediate stream according to the transposition key stream to produce the re-encrypted streamed content.
  - 19. The article of claim 13, further comprising instructions for receiving at least one of the first key and the second key over a secure authenticated channel.

20. An apparatus comprising:
- a content interface to receive encrypted streamed content encrypted with a first key;
  
  a computing device to generate a first key stream of a first stream cipher based on the first key and a second key, to generate a second key stream of a second stream cipher based on the first and second keys, and to simultaneously decrypt and re-encrypt the encrypted streamed content using a combination of the first and second key streams to produce re-encrypted streamed content encrypted with the second key; and
  
  a sink device interface to communicate the re-encrypted streamed content to a sink device.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 21. The apparatus of claim 20, wherein the first key stream comprises a substitution key stream and the second key stream comprises a transposition key stream.
  - 22. The apparatus of claim 20, wherein the first key stream comprises a transposition key stream and the second key stream comprises a substitution key stream.
  - 23. The apparatus of claim 20, further comprising a secure authenticated channel interface to receive at least one of the first key and the second key.
  - 24. The apparatus of claim 21, wherein the computing device generates the substitution key stream using a stream cipher.
  - 25. The apparatus of claim 20, wherein the computing device communicates the second key to the sink device to enable the sink device to decrypt the re-encrypted streamed content.
  - 26. The apparatus of claim 20, wherein the computing device includes a broadcast entertainment set-top box.
  - 27. The apparatus of claim 21, wherein the computing device comprises an exclusive-OR module to exclusive OR the encrypted streamed content with the substitution key stream to produce an intermediate stream.
  - 28. The apparatus of claim 27, wherein the computing device comprises a shuffler module to shuffle the intermediate stream according to the transposition key stream to produce the re-encrypted streamed content.
  - 29. The apparatus of claim 20, wherein the computing device comprises a trusted module to generate the key streams and to simultaneously decrypt and re-encrypt the encrypted streamed content.

30. A system comprising:
- a sales server to send a first key and a second key over at least one secure authenticated channel;
  
  an authoring module to encrypt content into encrypted content using the first key and to send the encrypted content; and
  
  a receiving device to receive the first key from the sales server, to receive the encrypted content from the authoring module, to generate a first key stream of a first stream cipher based on the first key and the second key, to generate a second key stream of a second stream cipher based on the first and second keys, and to simultaneously decrypt and re-encrypt the encrypted content using a combination of the first and second key streams to produce re-encrypted content encrypted with the second key.
- View Dependent Claims (31, 32, 33, 34, 35, 36)
- - 31. The system of claim 30, further comprising a sink device coupled to the sales server and the receiving device to receive the second key from the sales server over a secure authenticated channel, to receive the re-encrypted content from the receiving device, to decrypt the re-encrypted content using the second key, and to render the content for perception by a user.
  - 32. The system of claim 30, wherein the encrypted content is broadcast by the authoring module to the receiving device using a broadcast medium.
  - 33. The system of claim 30, wherein the receiving device comprises a trusted module to receive the first key from the sales server, to generate the first key stream based on the first key and a second key, and to generate the second key stream based on the first and second keys.
  - 34. The system of claim 33, wherein the receiving device comprises an exclusive-OR module to exclusive OR the encrypted content with the first key stream to produce an intermediate stream.
  - 35. The system of claim 34, wherein the receiving device comprises a shuffler module to shuffle the intermediate stream according to the second key stream to produce the re-encrypted content.
  - 36. The system of claim 30, wherein the receiving device comprises a trusted module to simultaneously decrypt and re-encrypt the encrypted content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Graunke, Gary L.
Primary Examiner(s)
Moise; Emmanuel L.
Assistant Examiner(s)
Popham; Jeffrey D.

Application Number

US10/222,093
Publication Number

US 20040032950A1
Time in Patent Office

1,657 Days
Field of Search

380/42, 380/277, 726/26
US Class Current

380/42
CPC Class Codes

H04L 2209/122   Hardware reduction or effic...

H04L 2209/601   Broadcast encryption

H04L 9/065   Encryption by serially and ...

H04L 9/0861   Generation of secret inform...

Method and apparatus for simultaneous decryption and re-encryption of publicly distributed content via stream ciphers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for simultaneous decryption and re-encryption of publicly distributed content via stream ciphers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links