Access control for digital content
First Claim
1. A recording system configured to apply access control processing to input data content using a set of one or more content keys and to record access-controlled data content on a computer readable storage medium, said recording system comprising:
- an encryption apparatus having encryption logic configured to encrypt portions of said input data content in dependence upon said set of content keys to generate encrypted input data content;
an access control memory device configured to store securely information from which a private key of a private key/public key pair associated with a data content recording user or user group is derivable, said encryption apparatus and said access control memory device co-operating to provide a content access control data generator configured to generate content access control data, said content access control data including at least one encrypted version of a respective subset of said set of content keys, said content access control data including content recorder access control data and default access control data, said content recorder access control data being generated in dependence upon the public key corresponding to the private key derivable from information stored on said access control memory device and said default access control data being generated in dependence upon one or more public keys of respective default public key/default private key pairs defined as default public keys in said access control memory device, said default access control data providing the same level of access to said input data content via one of said default private keys as the level of access available to said data content recording user or user group, said content access control data generator configured to always encrypt the full set of content keys using the one or more default public keys,wherein said encryption apparatus is configured to record said encrypted input data content on said computer readable storage medium together with said content recorder access control data and said default access control data.
1 Assignment
0 Petitions
Accused Products
Abstract
A recording system for applying access control processing to input data content and for recording access-controlled data content on a computer readable storage medium. The recording system includes an encryption apparatus for encrypting portions of the input data content and an access control memory device which securely stores information from which a private key of a public key/private key pair associated with a data content recording user or user group is derivable. The encryption apparatus and the access control memory device co-operate to provide access control data including content recorder access control data and default access control data. The default content access control data provides the same level of access to the input data content as the level of access available to the data content recording user/user group. A recorder is provided for recording the encrypted input data content and the content access control data on the computer readable storage medium.
73 Citations
17 Claims
-
1. A recording system configured to apply access control processing to input data content using a set of one or more content keys and to record access-controlled data content on a computer readable storage medium, said recording system comprising:
-
an encryption apparatus having encryption logic configured to encrypt portions of said input data content in dependence upon said set of content keys to generate encrypted input data content; an access control memory device configured to store securely information from which a private key of a private key/public key pair associated with a data content recording user or user group is derivable, said encryption apparatus and said access control memory device co-operating to provide a content access control data generator configured to generate content access control data, said content access control data including at least one encrypted version of a respective subset of said set of content keys, said content access control data including content recorder access control data and default access control data, said content recorder access control data being generated in dependence upon the public key corresponding to the private key derivable from information stored on said access control memory device and said default access control data being generated in dependence upon one or more public keys of respective default public key/default private key pairs defined as default public keys in said access control memory device, said default access control data providing the same level of access to said input data content via one of said default private keys as the level of access available to said data content recording user or user group, said content access control data generator configured to always encrypt the full set of content keys using the one or more default public keys, wherein said encryption apparatus is configured to record said encrypted input data content on said computer readable storage medium together with said content recorder access control data and said default access control data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A recording system configured to process input data content using a set of one or more content keys and to record access-controlled data content on a computer readable storage medium, said recording system comprising:
-
a removable access control memory device; encryption logic configured to encrypt portions of said input data content in dependence upon said set of content keys to generate encrypted input data content; an interface configured to provide a secure data connection between said encryption logic and said removable access control memory device, said access control memory device being connectable to said encryption apparatus via said interface and configured to store securely, information from which a private key of a private key/public key pair associated with a data content recording user or user group is derivable; and a content access control data generator configured to generate content access control data, said content access control data including at least one encrypted version of a respective subset of said set of content keys, said content access control data including content recorder access control data and default access control data, said content recorder access control data being generated in dependence upon the public key corresponding to the private key derivable from information stored on said access control memory device and said default access control data being generated in dependence upon one or more public keys of respective default public key/default private key pairs defined as default public keys in said access control memory device, said default access control data configured to provide the same level of access to said input data content via one of said default private keys as the level of access available to said data content recording user or user group, said content access control data generator configured to always encrypt the full set of content keys using the one or more default public keys, wherein said apparatus is configured to record said encrypted input data content on said computer readable storage medium together with said content recorder access control data and said default access control data.
-
-
16. A recording method for applying access control processing to input data content using a set of one or more content keys and recording access-controlled data content on a computer readable storage medium, said recording method comprising:
-
encrypting portions of said input data content in dependence upon said set of content keys to generate encrypted input data content; securely storing information from which a private key of a private key/public key pair associated with a data content recording user or user group is derivable; generating content access control data including at least one encrypted version of a respective subset of said set of content keys, said content access control data including content recorder access control data and default access control data, said content recorder access control data being generated in dependence upon a public key corresponding to a private key derivable from information stored on an access control memory device and said default access control data being generated in dependence upon one or more public keys of respective default public key/default private key pairs defined as default public keys in said access control memory device, said default access control data configured to provide the same level of access to said input data content via one of said default private keys as the level of access available to said data content recording user or user group, said full set of content keys always encrypted using the one or more default public keys; and recording said encrypted input data content on said computer readable storage medium together with said content recorder access control data and said default access control data.
-
-
17. A computer readable storage medium in which a program is recorded, said program executing a method comprising:
-
encrypting portions of input data content in dependence upon a set of content keys to generate encrypted input data content; securely storing information from which a private key of a private key/public key pair associated with a data content recording user or user group is derivable; generating content access control data including at least one encrypted version of a respective subset of said set of content keys, said content access control data including content recorder access control data and default access control data, said content recorder access control data being generated in dependence upon a public key corresponding to a private key derivable from information stored on an access control memory device and said default access control data being generated in dependence upon one or more public keys of respective default public key!default private key pairs defined as default public keys in said access control memory device, said default access control data configured to provide the same level of access to said input data content via one of said default private keys as the level of access available to said data content recording user or user group, said full set of content keys always using the one or more default public keys; and recording said encrypted input data content on said computer readable storage medium together with said content recorder access control data and said default access control data.
-
Specification