Encrypting a unique cryptographic entity
First Claim
1. A client device, for enforcing digital rights management rules, the client device comprising:
- a set of processors; and
a non-transitory computer-readable storage medium comprises instructions that when executed, causes the processor to perform the steps of;
receiving a global-key (GK) encrypted unit key data (UKD), which includes a GK-encrypted unique cryptographic entity (UCE) and a GK-encrypted unit key number (UKN) from a key generation facility (KGF);
decrypting the GK-encrypted UKD using a global key (GK) to determine a decrypted UCE and a decrypted UKN;
encrypting the decrypted UKN and the decrypted UCE using a device unique key (DUK);
creating a DUK-encrypted UKN and a DUK-encrypted UCE,wherein the DUK-encrypted UKN is a different value from the GK-encrypted UKN;
forming the DUK-encrypted UCE to the DUK-encrypted UKN to form a DUK-encrypted UKD;
storing the DUK-encrypted UKD in a memory;
determining that a digital rights management (DRM) value is not equal to the GK-encrypted UKN; and
based on that determination, performing the steps of;
verifying the DUK-encrypted value was generated and stored;
decrypting the DUK-encrypted UKD; and
using the UCE as a cryptographic identity of the client device.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of encrypting a unique cryptographic entity (UCE), where a client device receives a global-key (GK-) encrypted UKD comprising a GK-encrypted UCE and a GK-encrypted unit key number (UKN). The client device verifies that the GK-encrypted UKN is the same as a pre-provisioned value and then decrypts the GK-encrypted UKD using a global key (GK). The client device then re-encrypts the decrypted UKD using a device user key (DUK) to determine a DUK-encrypted UCE and a DUK-encrypted UKN. The DUK-encrypted UKN is verified as not equal to the GK-encrypted UKN. The DUK-encrypted UKN is then appended to the DUK-encrypted UCE to form a DUK-encrypted UKD and stored in a memory.
-
Citations
19 Claims
-
1. A client device, for enforcing digital rights management rules, the client device comprising:
-
a set of processors; and a non-transitory computer-readable storage medium comprises instructions that when executed, causes the processor to perform the steps of; receiving a global-key (GK) encrypted unit key data (UKD), which includes a GK-encrypted unique cryptographic entity (UCE) and a GK-encrypted unit key number (UKN) from a key generation facility (KGF); decrypting the GK-encrypted UKD using a global key (GK) to determine a decrypted UCE and a decrypted UKN; encrypting the decrypted UKN and the decrypted UCE using a device unique key (DUK); creating a DUK-encrypted UKN and a DUK-encrypted UCE, wherein the DUK-encrypted UKN is a different value from the GK-encrypted UKN; forming the DUK-encrypted UCE to the DUK-encrypted UKN to form a DUK-encrypted UKD; storing the DUK-encrypted UKD in a memory; determining that a digital rights management (DRM) value is not equal to the GK-encrypted UKN; and based on that determination, performing the steps of; verifying the DUK-encrypted value was generated and stored; decrypting the DUK-encrypted UKD; and using the UCE as a cryptographic identity of the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18, 19)
-
-
9. A method comprising:
-
receiving a global-key (GK) encrypted unit key data (UKD), which includes a GK-encrypted unique cryptographic entity (UCE) and a GK-encrypted unit key number (UKN) from a key generation facility (KGF); decrypting the GK-encrypted UKD using a global key (GK) to determine a decrypted UCE and a decrypted UKN; encrypting, by a client device, the decrypted UKN and the decrypted UCE using a device unique key (DUK) to determine a DUK-encrypted UKN and a DUK-encrypted UCE, wherein the DUK-encrypted UKN is a different value from the GK-encrypted UKN; creating a DUK-encrypted UKN and a DUK-encrypted UCE; forming, by the client device, the DUK-encrypted UCE to the DUK-encrypted UKN to form a DUK-encrypted UKD in a memory; storing, by the client device, the DUK-encrypted UKD in a memory; determining, by the client device, that a digital rights management (DRM) value is not equal to the GK-encrypted UKN; and based on that determination, then performing the steps of; verifying, by the client device, the DUK-encrypted value was generated and stored; decrypting, by the client device, the DUK-encrypted UKD; and using, by the client device, the UCE as a cryptographic identity of the client device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium containing instructions, that when executed, causes the processor to perform the steps of:
-
receiving a global-key (GK) encrypted unit key data (UKD), which includes a GK-encrypted unique cryptographic entity (UCE) and a GK-encrypted unit key number (UKN) from a key generation facility (KGF); decrypting the GK-encrypted UKD using a global key (GK) to determine a decrypted UCE and a decrypted UKN; encrypting, by a client device, the decrypted UKN and the decrypted UCE using a device unique key (DUK); wherein the DUK-encrypted UKN is a different value from the GK-encrypted UKN; creating a DUK-encrypted UKN and a DUK-encrypted UCE; forming, by the client device, the DUK-encrypted UCE to the DUK-encrypted UKN to form a DUK-encrypted UKD in a memory; storing, by the client device, the DUK-encrypted UKD in a memory; determining, by the client device, that a digital rights management (DRM) value is not equal to the GK-encrypted UKN; and based on that determination, then performing the steps of; verifying, by the client device, the DUK-encrypted value was generated and stored; decrypting, by the client device, the DUK-encrypted UKD; and using, by the client device, the UCE as a cryptographic identity of the client device.
-
Specification