Method, apparatus and system for use in distributed and parallel decryption
First Claim
1. A method for use in decrypting content, comprising:
- receiving a first content key at a first system for the decryption of a first track of encrypted content;
encrypting the first content key according to a first instance key stored at the first system producing a first encrypted content key;
communicating the first encrypted content key over an externally accessible communication link to a second system;
generating the first instance key at the second system from both a master key and a first key generation indicator value, such that the first instance key is not communicated to the second system;
where the master key is recorded at the second system prior to the second system being coupled with the externally accessible communication link and prior to the second system receiving the first encrypted content key;
where the first key generation indicator value is stored at the second system prior to receiving the first encrypted content key;
wherein the generating the first instance key at the second system comprises;
the second system accessing the master key and the first key generation indicator value;
the second system receiving, from the first system, a verification value;
the second system verifying that the first key generation indicator value corresponds with the verification value;
generating, when the first key generation indicator value is verified, the first instance key at the second system as the function of both the first key generation indicator value and the master key;
altering, at the second system without further communication from the first system, the key generation indicator value when the key generation indicator value is not verified;
verifying, at the second system, the altered key generation indicator value corresponds the verification value; and
generating, when the altered key generation indicator value is verified and when the first key generation indicator value is not verified, the first instance key at the second system as a function of both the altered key generation indicator value and the master key stored at the second system;
decrypting the first encrypted content key using the generated first instance key at the second system providing a first unencrypted content key; and
decrypting the first track of encrypted content using the first unencrypted content key at the second system.
1 Assignment
0 Petitions
Accused Products
Abstract
The present embodiments advantageously provide methods and systems for use in decrypting content, and in some preferred embodiments expanding a security environment to distribute the computational processing involved in decryption. In some embodiments, a method for use in decrypting content is provided that receives a first content key at a first system for the decryption of a first track of encrypted content; encrypts the first content key according to a first instance key known at the first system; communicates the first encrypted content key over an externally accessible communication link to a second system; generates the first instance key at the second system independent of the first system; decrypts the first encrypted content key using the generated first instance key at the second system; and decrypts the first track of encrypted content using the first unencrypted content key at the second system.
23 Citations
17 Claims
-
1. A method for use in decrypting content, comprising:
-
receiving a first content key at a first system for the decryption of a first track of encrypted content; encrypting the first content key according to a first instance key stored at the first system producing a first encrypted content key; communicating the first encrypted content key over an externally accessible communication link to a second system; generating the first instance key at the second system from both a master key and a first key generation indicator value, such that the first instance key is not communicated to the second system; where the master key is recorded at the second system prior to the second system being coupled with the externally accessible communication link and prior to the second system receiving the first encrypted content key; where the first key generation indicator value is stored at the second system prior to receiving the first encrypted content key; wherein the generating the first instance key at the second system comprises; the second system accessing the master key and the first key generation indicator value; the second system receiving, from the first system, a verification value; the second system verifying that the first key generation indicator value corresponds with the verification value; generating, when the first key generation indicator value is verified, the first instance key at the second system as the function of both the first key generation indicator value and the master key; altering, at the second system without further communication from the first system, the key generation indicator value when the key generation indicator value is not verified; verifying, at the second system, the altered key generation indicator value corresponds the verification value; and generating, when the altered key generation indicator value is verified and when the first key generation indicator value is not verified, the first instance key at the second system as a function of both the altered key generation indicator value and the master key stored at the second system; decrypting the first encrypted content key using the generated first instance key at the second system providing a first unencrypted content key; and decrypting the first track of encrypted content using the first unencrypted content key at the second system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 16, 17)
-
-
8. A method for use in decrypting content, comprising:
-
receiving, at a first device coupled with a communication link, a first encrypted content key, wherein the first encrypted content key is encrypted by an external system using a first instance key;
where the first encrypted content key is received over the communication link;
the external system is external to the first device; and
where communications over the communication link are accessible by one or more additional devices;generating the first instance key within the first device such that the first instance key is not communicated to the first device, wherein the generating the first instance key comprises; accessing a master key stored within the first device, where the master key is stored within the first device prior to the first device being coupled with the communication link and prior to the first device receiving the first encrypted content key; accessing a key generation indicator value stored within the first device, where the key generation indicator value is stored within the first device prior to the first device receiving the first encrypted content key; receiving, from the external system, a verification value; verifying the key generation indicator value corresponds with the verification value; and generating, when the key generation indicator value is verified, the first instance key as a function of both the master key and the key generation indicator value; adjusting, at the first device and without further communication from the external system, the key generation indicator value when the key generation indicator value is not verified providing an adjusted key generation indicator value; verifying, at the first device, that the adjusted key generation indicator value corresponds with the verification value; and generating, when the adjusted key generation indicator value is verified, the first instance key at the first device as a function of both the adjusted key generation indicator value and the master key stored at the first device; decrypting, at the first device, the first encrypted content key using the generated first generated instance key; extracting, at the first device, a first content key through the decryption of the first encrypted content key; and decrypting, at the first device, a first track of encrypted content with the first content key. - View Dependent Claims (9)
-
-
10. A system comprising:
-
a main system coupled with a network to receive a first content key; a sub-system; a communication link coupled between the main system and sub-systems; the main system comprising a first instance key and an encryption circuit such that the encryption circuit encrypts the first content key with the first instance key to produce a first encrypted content key, and the main system communicates the first encrypted content key and further communicates a validation value to the sub-system over the communication link; and the sub-system comprises a first slot, a decryption circuit coupled with the first slot, an instance key generator coupled with the decryption circuit, a master key, and a counter that provides a first key generation indicator value, wherein the master key is stored at the sub-system prior to the main system receiving the first encryption content key; wherein the sub-system stores the first encrypted content key in the first slot; wherein the instance key generator generates, upon validating the first key generation indicator value relative to the validation value, a first generated instance key as a function of both the master key and the first key generation indicator value; wherein the counter provides an adjusted first key generation indicator value when the first key generator indicator value is not validated, and the instance key generator generates an adjusted first generated instance key as a function of both the master key and the adjusted first key generation indicator value upon validating the adjusted first key generation indicator value relative to the validation value; wherein the first generated instance key is identical to the first instance key of the main system; and wherein the decryption circuit decrypts the first encrypted content key with the first generated instance key retrieving the first content key and decrypts at least a portion of a first track of encrypted content using the first content key. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification