Method and apparatus for protecting digital data by double re-encryption

US 8,024,810 B2
Filed: 07/03/2006
Issued: 09/20/2011
Est. Priority Date: 10/15/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

a computing system receiving data; and

the computing system encrypting the received data using a first key and a second key to produce double encrypted data, wherein a first portion of said encrypting uses the first key and is performed by a filter driver of an operating system executing on the computing system, and wherein a second portion of said encrypting uses the second key and is performed by a hardware unit of the computing system.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and an apparatus ensuring protection of digital data are provided.

In addition to re-encrypting the data using an unchangeable key, the data is double re-encrypted using a changeable key. The changeable key is used first and the unchangeable key is then used, or in another case, the unchangeable key is used first, and the changeable key is then used. In the aspect of embodiments, there is a case adopting a software, a case adopting a hardware, or a case adopting the software and the hardware in combination. The hardware using the unchangeable key developed for digital video is available. In adopting the software, encryption/decryption is performed in a region below the kernel which cannot be handled by the user to ensure the security for the program and for the key used. More concretely, encryption/decryption is performed with RTOS using a HAL and a device driver, i.e., a filter driver, a disk driver and a network driver, in an I/O manager. Either one of two filter drivers, with a file system driver between them, may be used. Further, both filter drivers may be used.

Citations

30 Claims

1. A method, comprising:
- a computing system receiving data; and
  
  the computing system encrypting the received data using a first key and a second key to produce double encrypted data, wherein a first portion of said encrypting uses the first key and is performed by a filter driver of an operating system executing on the computing system, and wherein a second portion of said encrypting uses the second key and is performed by a hardware unit of the computing system.
- View Dependent Claims (2, 3, 4, 5, 6, 20)
- - 2. The method of claim 1, wherein the first portion of said encrypting is performed prior to the second portion of said encrypting.
  - 3. The method of claim 1, wherein the second portion of said encrypting is performed prior to the first portion of said encrypting.
  - 4. The method of claim 1, further comprising:
    - the computing system transferring the double encrypted data to a particular one of a plurality of hardware devices, wherein a different encryption key is associated with each of the plurality of hardware devices, and wherein the encryption key associated with the particular hardware device is the second key.
  - 5. The method of claim 1, wherein the computing system is a set-top box.
  - 6. The method of claim 1, wherein a hardware abstract layer (HAL) of the operating system provides an interface between the operating system and the hardware unit.
  - 20. The system of claim 1, wherein the program instructions are further executable to:
    - transfer the double encrypted data to a particular one of a plurality of hardware devices, wherein a different encryption key is associated with each of the plurality of hardware devices, and wherein the encryption key associated with the particular hardware device is the second key.

7. An apparatus, comprising:
- first means for performing a first encryption operation using a first key, wherein the first encryption operation is performed by a filter driver of an operating system of the apparatus; and
  
  second means for performing a second encryption operation using a second key;
  
  wherein said first and second means are configured to collectively operate on a set of unencrypted data to produce a double encrypted version of the set of unencrypted data.
- View Dependent Claims (8, 9, 10)
- - 8. The apparatus of claim 7, wherein the first encryption operation is performed before the second encryption operation.
  - 9. The apparatus of claim 7, wherein the second encryption operation is performed before the first encryption operation.
  - 10. The apparatus of claim 7, further comprising:
    - means for transferring the double encrypted data to a particular one of a plurality of hardware devices, wherein a different encryption key is associated with each of the plurality of hardware devices, and wherein the encryption key associated with the particular hardware device is the second key.

11. An article of manufacture comprising a computer readable non-transitory storage medium having program instructions stored thereon that, in response to execution by a computing system, cause the computing system to perform operations including:
- receiving data; and
  
  encrypting the received data using a first key and a second key to produce double encrypted data, wherein a first portion of said encrypting uses the first key and is performed by a filter driver of an operating system executing on the computing system, and wherein a second portion of said encrypting uses the second key and is performed by a hardware unit of the computing system.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The article of claim 11, wherein the first portion of said encrypting is performed prior to the second portion of said encrypting.
  - 13. The article of claim 11, wherein the second portion of said encrypting is performed prior to the first portion of said encrypting.
  - 14. The article of claim 11, the operations further including:
    - transferring the double encrypted data to a particular one of a plurality of hardware devices, wherein a different encryption key is associated with each of the plurality of hardware devices, and wherein the encryption key associated with the particular device is the second key.
  - 15. The article of claim 11, wherein the computing system is a set-top box.
  - 16. The article of claim 11, wherein hardware abstract layer (HAL) of the operating system provides an interface between the operating system and the hardware unit.

17. A system, comprising:
- a processor;
  
  a hardware encryption unit;
  
  a memory storing program instructions that are executable to cause the system to;
  
  receive data;
  
  encrypt said received data by performing a first encryption operation using a first key and by performing a second encryption operation using a second key to produce double encrypted data, and wherein the first encryption operation is performed by a filter driver of an operating system executing on the system, and wherein key the second encryption operation is performed by the hardware encryption unit.
- View Dependent Claims (18, 19, 21, 22)
- - 18. The system of claim 17, wherein the first encryption operation is performed before the second encryption operation.
  - 19. The system of claim 17, wherein the second encryption operation is performed before the first encryption operation.
  - 21. The system of claim 17, wherein the system is a set-top box.
  - 22. The system of claim 17, wherein hardware abstract layer (HAL) of the operating system provides an interface between the operating system and the hardware encryption unit.

23. A computer-readable non-transitory storage medium having program instructions stored thereon that, in response to execution by a computer system, cause the computer system to perform operations comprising:
- receiving data;
  
  performing a first encryption operation on the received data using a first key, wherein the first encryption operation is performed by a filter driver of an operating system of the computer system;
  
  wherein the computer system is configured to perform a second encryption operation using a second key; and
  
  wherein the first encryption operation and the second encryption operation are performed by the computer system collectively produce a double encrypted version of the received data.
- View Dependent Claims (24)
- - 24. The computer-readable storage medium of claim 23, wherein the computer system is configured to perform the second encryption operation using a hardware encryption unit of the computer system.

25. A computer-readable non-transitory storage medium having program instructions stored thereon that, in response to execution by a computer system, cause the computer system to perform operations comprising:
- receiving data;
  
  performing a first encryption operation on the received data using a first key to produce an encrypted version of the received data, wherein the first encryption operation is performed by a hardware abstract layer (HAL) of an operating system of the computer system;
  
  sending the encrypted version of the received data via the HAL to a hardware encryption unit that is configured to perform a second encryption operation using a second key to produce a double encrypted version of the received data; and
  
  receiving the double encrypted version of the received data from the hardware encryption unit via the HAL.
- View Dependent Claims (26)
- - 26. The computer-readable storage medium of claim 25, wherein the operating system executes on a first processor of the computer system, and wherein the hardware encryption unit is configured to perform the second encryption operation using a second processor that is different from the first processor.

27. A method, comprising:
- a computing system receiving data;
  
  the computing system encrypting the received data using a first key produce encrypted data, wherein the encrypting the received data is performed by a hardware abstract layer (HAL) of an operating system of the computing system;
  
  the computing system encrypting the encrypted data using a second key to produce double encrypted data, wherein the encrypting the encrypted data is performed by a hardware unit that receives the encrypted data via the HAL and sends the double encrypted data to the computing system via the HAL.
- View Dependent Claims (28)
- - 28. The method of claim 27, wherein the operating system executes on a first processor of the computing system, and wherein the hardware unit is configured to perform the second encryption operation using a second processor that is different from the first processor.

29. A system, comprising:
- a system processor;
  
  a hardware encryption unit;
  
  a memory storing program instructions that are executable to cause the system to;
  
  receive data;
  
  performing a first encryption operation using a first key to produce an encrypted version of the received data, wherein the first encryption operation is performed by a hardware abstract layer (HAL) of an operating system executing on the system processor;
  
  sending the encrypted version of the received data via the HAL to the hardware encryption unit;
  
  performing a second encryption operation using a second key to produce double encrypted data, wherein the second encryption operation is performed by the hardware encryption unit using the encrypted version of the received data sent via the HAL; and
  
  sending the double encrypted data from the hardware encryption unit to the system processor via the HAL.
- View Dependent Claims (30)
- - 30. The system of claim 29, wherein the hardware encryption unit performs the second encryption operation using an encryption unit processor that is different from the system processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kioba Processing, LLC (IP Investments Group LLC)
Original Assignee
Intarsia Software LLC (Intellectual Ventures LLC)
Inventors
Saito, Makoto
Primary Examiner(s)
LaForgia; Christian
Assistant Examiner(s)
Baum; Ronald

Application Number

US11/480,690
Publication Number

US 20060288426A1
Time in Patent Office

1,905 Days
Field of Search

726/26
US Class Current

726/26
CPC Class Codes

G11B 20/00086   Circuits for prevention of ...

G11B 20/0021   involving encryption or dec...

G11B 20/00478   wherein contents are decryp...

G11B 20/00536   wherein encrypted content d...

H04N 2005/91364   the video signal being scra...

H04N 21/4334   Recording operations record...

H04N 21/4405   involving video stream decr...

H04N 21/4408   involving video stream encr...

H04N 5/913   for scrambling ; for copy p...

Method and apparatus for protecting digital data by double re-encryption

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for protecting digital data by double re-encryption

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links