Method and apparatus for secure key delivery for decrypting bulk digital content files at an unsecure site
First Claim
1. A method for secure key delivery for decrypting a distribution archive file containing a plurality of digital content documents at an unsecured site that receives a stream of distribution archive files from a publishing site, the method comprising:
- (a) at the publishing site, encrypting each digital content document with a key to generate encrypted document content;
(b) at the publishing site, computing for each document a document identifier that is computed from, but cannot be derived solely from, the encrypted content of that document, wherein the document identifier is computed using a text string embedded in program code in the publishing site;
(c) at the publishing site, creating a list of document identifier and decryption key pairs;
(d) at the publishing site, assembling the encrypted document content for each content document and the key pair list into a distribution archive file;
(e) at the publishing site, encrypting the distribution archive file with a scheduled key unique to that distribution archive file and placing the encrypted distribution file on the stream;
(f) at the unsecured site, selecting a distribution archive file from the stream;
(g) at the unsecured site, extracting a scheduled key from the selected distribution archive file in the stream;
(h) at the unsecured site, using the extracted scheduled key to decrypt the next subsequent distribution archive file in the stream following the selected distribution archive file;
(i) removing the encrypted document content and the key pair list from the decrypted distribution archive file and storing them at the unsecured site;
(j) selecting the distribution archive file decrypted in step (h); and
(k) repeating steps (g), (h), (i) and (j) for each distribution archive file in the stream.
3 Assignments
0 Petitions
Accused Products
Abstract
Rather than downloading each content document on demand from the publisher location to the user site, at the publisher location, each content document is encrypted and then multiple encrypted documents are assembled into a distribution archive that is itself encrypted with a scheduled key. The distribution archive is then downloaded into a content server at the user site. When the content server receives the distribution archive, it decrypts the archive file and unpacks the encrypted documents. The scheduled key used to decrypt an archive file is included with an archive file that was sent previously to the user site in accordance with the subscription service. The scheduled key to decrypt the first archive file sent to the user is sent from the publisher to the user over a communication channel different from the communication channel used to send the archive file from the publisher to the user.
-
Citations
24 Claims
-
1. A method for secure key delivery for decrypting a distribution archive file containing a plurality of digital content documents at an unsecured site that receives a stream of distribution archive files from a publishing site, the method comprising:
-
(a) at the publishing site, encrypting each digital content document with a key to generate encrypted document content; (b) at the publishing site, computing for each document a document identifier that is computed from, but cannot be derived solely from, the encrypted content of that document, wherein the document identifier is computed using a text string embedded in program code in the publishing site; (c) at the publishing site, creating a list of document identifier and decryption key pairs; (d) at the publishing site, assembling the encrypted document content for each content document and the key pair list into a distribution archive file; (e) at the publishing site, encrypting the distribution archive file with a scheduled key unique to that distribution archive file and placing the encrypted distribution file on the stream; (f) at the unsecured site, selecting a distribution archive file from the stream; (g) at the unsecured site, extracting a scheduled key from the selected distribution archive file in the stream; (h) at the unsecured site, using the extracted scheduled key to decrypt the next subsequent distribution archive file in the stream following the selected distribution archive file; (i) removing the encrypted document content and the key pair list from the decrypted distribution archive file and storing them at the unsecured site; (j) selecting the distribution archive file decrypted in step (h); and (k) repeating steps (g), (h), (i) and (j) for each distribution archive file in the stream. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus for secure key delivery for decrypting a distribution archive file containing a plurality of digital content documents at an unsecured site that receives a stream of distribution archive files from a publishing site, the apparatus comprising:
-
at the publishing site, an encryption engine that encrypts each digital content document with a key to generate encrypted document content; at the publishing site, an OID calculator that computes for each document a document identifier that is computed from, but cannot be derived solely from, the encrypted content of that document, wherein the document identifier is computed using a text string embedded in program code in the publishing site; at the publishing site, means for creating a list of document identifier and decryption key pairs; at the publishing site, means for assembling the encrypted document content for each content document and the key pair list into a distribution archive; at the publishing site, means for encrypting the distribution archive file with a scheduled key unique to that distribution archive file; at the unsecured site, a key decryptor that extracts a scheduled key from each distribution archive file in the stream; means for temporarily storing the extracted scheduled key at the unsecured site; at the unsecured site, a decryption engine that uses the stored scheduled key to decrypt the next distribution archive file in the stream following the distribution archive file from which the scheduled key was extracted; and a file system that removes the encrypted document content and the key pair list from the decrypted archive file and stores them at the unsecured site. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product for secure key delivery for decrypting a distribution archive file containing a plurality of digital content files at an unsecured site that receives a stream of distribution archive files from a publishing site, the computer program product comprising a computer usable medium having computer readable program code thereon, including:
-
program code at the publishing site, for encrypting each digital content document with a key to generate encrypted document content; program code at the publishing site, for computing for each document a document identifier that is computed from, but cannot be derived solely from, the encrypted content of that document, wherein the document identifier is computed using a text string embedded in program code in the publishing site; program code at the publishing site, for creating a list of document identifier and decryption key pairs; program code at the publishing site, for assembling the encrypted document content for each content document and the key pair list into a distribution archive file; and program code at the publishing site, for encrypting the distribution archive file with a scheduled key unique to that distribution archive file and for placing the encrypted distribution file on the stream; program code at the unsecured site for extracting a scheduled key from each distribution archive file in the stream; program code at the unsecured site for temporarily storing the extracted scheduled key; program code at the unsecured site for using the stored scheduled key to decrypt the next distribution archive file in the stream following the distribution archive file from which the scheduled key was extracted; and program code for removing the encrypted document content and the key pair list from the decrypted archive file and for storing them at the unsecured site. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification