Encrypting a unique cryptographic entity

US 8,538,890 B2
Filed: 08/28/2009
Issued: 09/17/2013
Est. Priority Date: 08/28/2008
Status: Active Grant

First Claim

Patent Images

1. A client device, for enforcing digital rights management rules, the client device comprising:

a set of processors; and

a non-transitory computer-readable storage medium comprises instructions that when executed, causes the processor to perform the steps of;

receiving a global-key (GK) encrypted unit key data (UKD), which includes a GK-encrypted unique cryptographic entity (UCE) and a GK-encrypted unit key number (UKN) from a key generation facility (KGF);

decrypting the GK-encrypted UKD using a global key (GK) to determine a decrypted UCE and a decrypted UKN;

encrypting the decrypted UKN and the decrypted UCE using a device unique key (DUK);

creating a DUK-encrypted UKN and a DUK-encrypted UCE,wherein the DUK-encrypted UKN is a different value from the GK-encrypted UKN;

forming the DUK-encrypted UCE to the DUK-encrypted UKN to form a DUK-encrypted UKD;

storing the DUK-encrypted UKD in a memory;

determining that a digital rights management (DRM) value is not equal to the GK-encrypted UKN; and

based on that determination, performing the steps of;

verifying the DUK-encrypted value was generated and stored;

decrypting the DUK-encrypted UKD; and

using the UCE as a cryptographic identity of the client device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of encrypting a unique cryptographic entity (UCE), where a client device receives a global-key (GK-) encrypted UKD comprising a GK-encrypted UCE and a GK-encrypted unit key number (UKN). The client device verifies that the GK-encrypted UKN is the same as a pre-provisioned value and then decrypts the GK-encrypted UKD using a global key (GK). The client device then re-encrypts the decrypted UKD using a device user key (DUK) to determine a DUK-encrypted UCE and a DUK-encrypted UKN. The DUK-encrypted UKN is verified as not equal to the GK-encrypted UKN. The DUK-encrypted UKN is then appended to the DUK-encrypted UCE to form a DUK-encrypted UKD and stored in a memory.

Citations

19 Claims

1. A client device, for enforcing digital rights management rules, the client device comprising:
- a set of processors; and
  
  a non-transitory computer-readable storage medium comprises instructions that when executed, causes the processor to perform the steps of;
  
  receiving a global-key (GK) encrypted unit key data (UKD), which includes a GK-encrypted unique cryptographic entity (UCE) and a GK-encrypted unit key number (UKN) from a key generation facility (KGF);
  
  decrypting the GK-encrypted UKD using a global key (GK) to determine a decrypted UCE and a decrypted UKN;
  
  encrypting the decrypted UKN and the decrypted UCE using a device unique key (DUK);
  
  creating a DUK-encrypted UKN and a DUK-encrypted UCE,wherein the DUK-encrypted UKN is a different value from the GK-encrypted UKN;
  
  forming the DUK-encrypted UCE to the DUK-encrypted UKN to form a DUK-encrypted UKD;
  
  storing the DUK-encrypted UKD in a memory;
  
  determining that a digital rights management (DRM) value is not equal to the GK-encrypted UKN; and
  
  based on that determination, performing the steps of;
  
  verifying the DUK-encrypted value was generated and stored;
  
  decrypting the DUK-encrypted UKD; and
  
  using the UCE as a cryptographic identity of the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18, 19)
- - 2. The client device according to claim 1, wherein the non-transitory computer-readable storage medium further comprises instructions that when executed causes the processor to perform the steps of:
    - rebooting the client device; and
      
      determining that the DRM value is not equal to the GK-encrypted UKN; and
      
      based on that determination performing the steps of;
      
      verifying the DUK-encrypted value was generated and stored;
      
      decrypting the DUK-encrypted UKD; and
      
      using the UCE as a cryptographic identity of the client device.
  - 3. The client device according to claim 2, wherein the non-transitory computer-readable storage medium further comprises instructions that, when executed causes the processor to perform the steps of:
    - decrypting a non-random data (NRD) using the decrypted UCE.
  - 4. The client device according to claim 1, wherein the non-transitory computer-readable storage medium further comprises instructions that, when executed causes the processor to perform the steps of:
    - receiving a GK-encrypted NRD after receipt of the GK-encrypted UKD;
      
      decrypting the GK-encrypted NRD using the GK; and
      
      re-encrypting the NRD using the decrypted UCE, after decryption of the DUK-encrypted UCE with the DUK.
  - 5. The client device according to claim 4, wherein the non-transitory computer-readable storage medium further comprises instructions that, when executed causes the processor to perform the steps of:
    - validating a signature appended to the NRD after decryption of the GK-encrypted NRD using the GK.
  - 6. The client device according to claim 1, wherein the non-transitory computer-readable storage medium further comprises instructions that, when executed causes the processor to perform the steps of:
    - decrypting the GK-encrypted UKD and using the GK;
      
      creating the decrypted UCE and the decrypted UKN; and
      
      validating a signature field.
  - 7. The client device according to claim 1, wherein the non-transitory computer-readable storage medium further comprises instructions that, when executed causes the processor to perform the steps of:
    - removing encryption from the GK-encrypted UKD before removing encryption from the GK-encrypted UKD using the GK to determine the decrypted UCE and the decrypted UKN.
  - 8. The client device according to claim 1, wherein the non-transitory computer-readable storage medium further comprises instructions that, when executed causes the processor to perform the steps of:
    - extracting a hardware service information (HSI) from the UKD.
  - 18. The client device of claim 1, wherein the non-transitory computer-readable storage medium further comprises instructions when executed causes the processor to perform the steps of:
    - determining that the DRM value is equal to the GK-encrypted UKN;
      
      determining the DUK-encrypted value was not generated and stored in the client device; and
      
      rejecting the encrypted UKD.
  - 19. The client device of claim 1, wherein the non-transitory computer-readable storage medium further comprises instructions when executed causes the processor to perform the steps of:
    - determining that either the GK-encrypted UKN or the DUK-encrypted UKN is stored in the memory, and finding that the DRM value is one of the GK-encrypted UKN or the DUK-encrypted UKN.

9. A method comprising:
- receiving a global-key (GK) encrypted unit key data (UKD), which includes a GK-encrypted unique cryptographic entity (UCE) and a GK-encrypted unit key number (UKN) from a key generation facility (KGF);
  
  decrypting the GK-encrypted UKD using a global key (GK) to determine a decrypted UCE and a decrypted UKN;
  
  encrypting, by a client device, the decrypted UKN and the decrypted UCE using a device unique key (DUK) to determine a DUK-encrypted UKN and a DUK-encrypted UCE, wherein the DUK-encrypted UKN is a different value from the GK-encrypted UKN;
  
  creating a DUK-encrypted UKN and a DUK-encrypted UCE;
  
  forming, by the client device, the DUK-encrypted UCE to the DUK-encrypted UKN to form a DUK-encrypted UKD in a memory;
  
  storing, by the client device, the DUK-encrypted UKD in a memory;
  
  determining, by the client device, that a digital rights management (DRM) value is not equal to the GK-encrypted UKN; and
  
  based on that determination, then performing the steps of;
  
  verifying, by the client device, the DUK-encrypted value was generated and stored;
  
  decrypting, by the client device, the DUK-encrypted UKD; and
  
  using, by the client device, the UCE as a cryptographic identity of the client device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising:
    - rebooting the client device; and
      
      determining that the DRM value is not equal to the GK-encrypted UKN; and
      
      based on that determination, performing;
      
      verifying the DUK-encrypted value was generated and stored;
      
      decrypting the DUK-encrypted UKD; and
      
      using the UCE as a cryptographic identity of the client device.
  - 11. The method of claim 10, further comprising decrypting, by the computing device, a non-random data (NRD) using the decrypted UCE.
  - 12. The method of claim 9, further comprising:
    - receiving a GK-encrypted NRD after receipt of the GK-encrypted UKD;
      
      decrypting the GK-encrypted NRD using the GK; and
      
      re-encrypting the NRD using the decrypted UCE, after decryption of the DUK-encrypted UCE with the DUK.
  - 13. The method of claim 12, further comprising validating a signature appended to the NRD after decryption of the GK-encrypted NRD using the GK.
  - 14. The method of claim 9, further comprising:
    - decrypting the GK-encrypted UKD using the GK;
      
      creating the decrypted UCE and the decrypted UKN; and
      
      validating a signature field.
  - 15. The method of claim 9, further comprising:
    - removing encryption from the GK-encrypted UKD before removing encryption from the GK-encrypted UKD using the GK;
      
      creating the decrypted UCE and the decrypted UKN.
  - 16. The method of claim 9, further comprising extracting a hardware service information (HSI) from the UKD.

17. A non-transitory computer-readable storage medium containing instructions, that when executed, causes the processor to perform the steps of:
- receiving a global-key (GK) encrypted unit key data (UKD), which includes a GK-encrypted unique cryptographic entity (UCE) and a GK-encrypted unit key number (UKN) from a key generation facility (KGF);
  
  decrypting the GK-encrypted UKD using a global key (GK) to determine a decrypted UCE and a decrypted UKN;
  
  encrypting, by a client device, the decrypted UKN and the decrypted UCE using a device unique key (DUK);
  
  wherein the DUK-encrypted UKN is a different value from the GK-encrypted UKN;
  
  creating a DUK-encrypted UKN and a DUK-encrypted UCE;
  
  forming, by the client device, the DUK-encrypted UCE to the DUK-encrypted UKN to form a DUK-encrypted UKD in a memory;
  
  storing, by the client device, the DUK-encrypted UKD in a memory;
  
  determining, by the client device, that a digital rights management (DRM) value is not equal to the GK-encrypted UKN; and
  
  based on that determination, then performing the steps of;
  
  verifying, by the client device, the DUK-encrypted value was generated and stored;
  
  decrypting, by the client device, the DUK-encrypted UKD; and
  
  using, by the client device, the UCE as a cryptographic identity of the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
Motorola Mobility LLC (Lenovo Group Ltd.)
Inventors
Medvinsky, Alexander
Primary Examiner(s)
Ravetti, Dante

Application Number

US12/549,468
Publication Number

US 20100058047A1
Time in Patent Office

1,481 Days
Field of Search

705/59, 705/16, 705/21, 705/70, 705/74, 380/262, 380/278, 380/279
US Class Current

705/59
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

Encrypting a unique cryptographic entity

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Encrypting a unique cryptographic entity

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links