Methods and apparatus for secure distribution of program content
First Claim
1. An apparatus operable to receive an encryoted program, said apparatus comprising:
- a network interface operable to provide communication with a network such that (i) identification information related to the apparatus is transmitted over the network to an administrator, the identification information including a machine ID unique to the apparatus, (ii) an encrypted decryption key is received over the network from the administrator in response to the identifcation information, the encrypted decryption key being based on the machine ID, and (iii) an encrypted virtual ID is received over the network from the administrator, the virtual ID being associated with the machine ID;
a decryption device operable to decrypt the encrypted virtual ID using the machine ID, to decrypt the encrypted decryption key using the virtual ID, to decrypt the encrypted program using the decryption key, and to reencrypt the program using the virtual ID;
a first storage device operable to store the identification information and the re-encrypted program and to store the machine ID and the encrypted virtual ID;
a second storage device containing a machine ID; and
a processor operable to compare the machine ID stored in the first storage device with the machine ID contained in the second storage device, and to proscribe use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when the machine IDs do not match;
the network interface being further operable, when the machine ID contained in the second storage device does not match the machine ID stored in the first storage device, to facilitate;
the transmission of the machine ID contained in the second storage device over the network to the administrator, andthe reception of a new encrypted virtual ID over the network from the administrator if the administrator determines that the machine ID contained in the second storage device is also stored in a personalizing database, the new encrypted virtual ID having a new virtual ID associated with the machine ID contained in the second storage device.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus in accordance with the present invention are operable to carry out certain functions including: receiving an encrypted program at a processing apparatus; transmitting at least some identification information related to the processing apparatus over a network to an administrator; receiving an encrypted decryption key at the processing apparatus over the network from the administrator in response to the at least some identification information; decrypting the encrypted decryption key; decrypting the encrypted program using the decryption key; re-encrypting the program using at least some of the identification information ; and storing the identification information and the re-encrypted program in a first storage device.
-
Citations
40 Claims
-
1. An apparatus operable to receive an encryoted program, said apparatus comprising:
-
a network interface operable to provide communication with a network such that (i) identification information related to the apparatus is transmitted over the network to an administrator, the identification information including a machine ID unique to the apparatus, (ii) an encrypted decryption key is received over the network from the administrator in response to the identifcation information, the encrypted decryption key being based on the machine ID, and (iii) an encrypted virtual ID is received over the network from the administrator, the virtual ID being associated with the machine ID; a decryption device operable to decrypt the encrypted virtual ID using the machine ID, to decrypt the encrypted decryption key using the virtual ID, to decrypt the encrypted program using the decryption key, and to reencrypt the program using the virtual ID; a first storage device operable to store the identification information and the re-encrypted program and to store the machine ID and the encrypted virtual ID; a second storage device containing a machine ID; and a processor operable to compare the machine ID stored in the first storage device with the machine ID contained in the second storage device, and to proscribe use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when the machine IDs do not match; the network interface being further operable, when the machine ID contained in the second storage device does not match the machine ID stored in the first storage device, to facilitate; the transmission of the machine ID contained in the second storage device over the network to the administrator, and the reception of a new encrypted virtual ID over the network from the administrator if the administrator determines that the machine ID contained in the second storage device is also stored in a personalizing database, the new encrypted virtual ID having a new virtual ID associated with the machine ID contained in the second storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus operable to receive an encrypted program, said apparatus comprising:
-
a storage medium interface operable to receive an encrypted first decryption key from a storage medium produced by an administrator; a network interface operable to provide communication with a network such that (i) identification information related to the apparatus is transmitted over the network to the administrator, the identification information including a machine ID unique to the apparatus, (ii) an encrypted second decryption key is received over the network from the administrator in response to the identification information, the encrypted second decryption key being based on the machine ID, and (iii) an encrypted virtual ID is received over the network from the administrator, the virtual ID being associated with the machine ID; a decryption device operable to decrypt the encrypted virtual ID using the machine ID, to decrypt the encrypted second decryption key using the virtual ID, to decrypt the encrypted first decryption key using the second decryption key, to decrypt the encrypted program using the first decryption key, and to re-encrypt the program using the virtual ID; a first storage device operable to store the identification information, and the re-encrypted program, the machine ID, and the encrypted virtual ID; a second storage device operable to store a machine ID; and a processor operable to compare the machine ID stored in the first storage device with the machine ID contained in the second storage device, and to proscribe use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when the machine IDs do not match; the network interview being further operable to facilitate; the transmission of the machine ID contained in the second storage device, when it does not match the machine ID stored in the first storage device, over the network to the administrator, and the reception of a new encrypted virtual ID over the network from the administrator, the new encrypted virtual ID having a new virtual ID associated with the machine ID contained in the second storage device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method, comprising:
-
receiving an encrypted program at a processing apparatus; transmitting identification information related to the processing apparatus over a network to an administrator, the identification information including a machine ID unique to the processing apparatus; receiving an encrypted virtual ID and an encrypted decryption key at the processing apparatus over the network from the administrator in response to the identification information, the encrypted decryption key being based on the machine ID, the virtual ID being associated with the machine ID; decrypting the encrypted virtual ID using the machine ID; decrypting the encrypted decryption key using the virtual ID; decrypting the encrypted program using the decryption key; re-encrypting the program using the virtual ID; storing the identification information and the re-encrypted program in a first storage device; storing the machine ID and the encrypted virtual ID in the first storage device; storing a machine ID in a second storage device; comparing the machine ID stored in the first storage device with the machine ID contained in the second storage device and proscribing use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when the machine IDs do not match; and when the machine ID contained in the second storage device does not match the machine ID stored in the first storage device, transmitting the machine ID contained in the second storage device over the network to the administrator, and receiving a new encrypted virtual ID over the network from the administrator if the administrator determines that the machine ID contained in the second storage device is also stored in a personalizing database, the new encrypted virtual ID having a new virtual ID associated with the machine ID contained in the second storage device. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method, comprising:
-
receiving an encrypted program at a processing apparatus; receiving an encrypted first decryption key at the processing apparatus, transmitting identification information related to the processing apparatus over a network to an administrator, the identification information including a machine ID unique to the processing apparatus; receiving an encrypted virtual ID and an encrypted second decryption key at the processing apparatus over the network from the administrator in response to the identification information, the encrypted second decryption key being based on the machine ID, the virtual ID being associated with the machine ID; decrypting the encrypted virtual ID using the machine ID; decrypting the encrypted second decryption key using the virtual ID; decrypting the encrypted first decryption key using the second decryption key; decrypting the encrypted program using the first decryption key; re-encrypting the program using the virtual ID; storing the identification information and the re-encrypted program in a first storage device; storing the machine ID and the encrypted virtual ID in the first storage device; comparing the machine ID stored in the first storage device with a machine ID contained in a second storage device; proscribing use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when the machine IDs do not match; and transmitting the machine ID contained in the second storage device, when it does not match the machine ID stored in the first storage device, over the network to the administrator; and
receiving a new encrypted virtual ID over the network from the administrator, the new encrypted virtual ID having a new virtual ID associated with the machine ID contained in the second storage device. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification