Method for ensuring content protection and subscription compliance

US 7,523,307 B2
Filed: 01/08/2002
Issued: 04/21/2009
Est. Priority Date: 01/26/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for securely transmitting multicast data, comprising:

encrypting at least one title T with at least title key K_T; and

encrypting the title key K_Twith at least one channel-unique key K_cuusing at least one encryption function S to render a multicast data channel encrypted as S_Kcu(K_T), S_KT(T), wherein the channel-unique key K_cuis the result of a combination of a channel key K_cand a session key K_s, wherein the session key K_sis encrypted with at least a first encryption scheme B^R_s1to render a session key block, further comprising providing at least one player with device keys K_dto activate the player and providing the player with the channel key K_cand the session key block, wherein the player can determine the session key K_sfrom the session key block using the device keys K_dfurther comprising periodically refreshing the channel key K_cto enforce subscriptions, wherein a new channel key K_c′

is encrypted with at least a second encryption scheme B^R_s2and wherein the encryption scheme B^R_s2includes;

assigning each player in a group of players respective private information I_u;

partitioning players not in a revoked set R into disjoint subsets S_i1, . . . S_imhaving associated subset keys L_i1, . . . L_im; and

encrypting the session key K_swith the subset keys L_i1, . . . L_imto render m encrypted versions of the session key K_s.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for enforcing compliance in both the copy protect domain and service subscription domain for streamed multicast data. Each content is encrypted with a title key that itself is encrypted with a channel unique key which is a hash of a session key and a channel key. A compliant player is given the channel key upon registration for a subscription service (representing subscription protection) and is also given device keys upon activation (representing copy protection) for decrypting the session key. Consequently, the channel unique key can be obtained (and, hence, the content decrypted) only by a player that is compliant with both copy protection rules and subscription rules. The channel key can be refreshed periodically as subscriptions change or expire.

24 Citations

View as Search Results

13 Claims

1. A computer-implemented method for securely transmitting multicast data, comprising:
- encrypting at least one title T with at least title key K_T; and
  
  encrypting the title key K_Twith at least one channel-unique key K_cuusing at least one encryption function S to render a multicast data channel encrypted as S_Kcu(K_T), S_KT(T), wherein the channel-unique key K_cuis the result of a combination of a channel key K_cand a session key K_s, wherein the session key K_sis encrypted with at least a first encryption scheme B^R_s1to render a session key block, further comprising providing at least one player with device keys K_dto activate the player and providing the player with the channel key K_cand the session key block, wherein the player can determine the session key K_sfrom the session key block using the device keys K_dfurther comprising periodically refreshing the channel key K_cto enforce subscriptions, wherein a new channel key K_c′
  
  is encrypted with at least a second encryption scheme B^R_s2and wherein the encryption scheme B^R_s2includes;
  
  assigning each player in a group of players respective private information I_u;
  
  partitioning players not in a revoked set R into disjoint subsets S_i1, . . . S_imhaving associated subset keys L_i1, . . . L_im; and
  
  encrypting the session key K_swith the subset keys L_i1, . . . L_imto render m encrypted versions of the session key K_s.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the combination is a hash function of a concatenation of the channel key_cand session key K_s.
  - 3. The method of claim 1, wherein at least one of the providing acts is undertaken in a point-to-point communication.
  - 4. The method of claim 1, wherein at least one of the providing acts is undertaken as part of a broadcast.
  - 5. The method of claim 1, comprising selectively updating the session key block.
  - 6. The method of claim 5, comprising updating the session key block by encrypting an updated session key with at least the encryption scheme B^R_s1.
  - 7. The method of claim 1, wherein the new channel key K_c′
    - is sent in a message that is split.
  - 8. The method of claim 1, wherein the new channel key K_c′
    - is refreshed using plural messages.
  - 9. The method of claim 1, wherein the encryption scheme B^R_s2further includes partitioning the players into groups S₁, . . . ,S_w, wherein “
    - w”
      
      is an integer, and the groups establish subtrees in a tree.
  - 10. The method of claim 9, wherein the tree includes a root and plural nodes, each node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at some node v_ithat are not in the subtree rooted at some other node v_jthat descends from v_i.
  - 11. The method of claim 10, wherein the revoked set R defines a spanning tree, and wherein the method includes:
    - initializing a cover tree T as the spanning tree;
      
      iteratively removing nodes from the cover tree T and adding nodes to a cover until the cover tree T has at most one node.
  - 12. The method of claim 10, wherein each node has at least one label possibly induced by at least one of its ancestors, and wherein each player is assigned labels from all nodes hanging from a direct path between the player and the root but not from nodes in the direct path.
  - 13. The method of claim 12, wherein labels are assigned to subsets using a pseudorandom sequence generator, and the act of decrypting includes evaluating the pseudorandom sequence generator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Lotspiech, Jeffrey Bruce, Pestoni, Florian, Naor, Dalit, Nin, Sigfredo Ismael
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Wyszynski; Aubrey H

Application Number

US10/042,652
Publication Number

US 20020104001A1
Time in Patent Office

2,660 Days
Field of Search

713/158, 713/163
US Class Current

713/163
CPC Class Codes

G11B 20/0021   involving encryption or dec...

H04L 12/18   for broadcast or conference...

H04L 2209/605   Copy protection

H04L 2209/606   Traitor tracing

H04L 63/0428   wherein the data content is...

H04L 9/0836   using tree structure or hie...

H04L 9/0891   Revocation or update of sec...

Method for ensuring content protection and subscription compliance

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for ensuring content protection and subscription compliance

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links