Content protection key encryptor for security providers
First Claim
1. A method comprising:
- receiving at an encryption device from a control device an encryption request comprising a content protection key (CPK) to be encrypted and an identifier for a decryption device, wherein the control device is controlled by a security provider that provides secure content to the decryption device using the CPK encrypted with a device key that is securely embedded in the decryption device and also stored on the encryption device, wherein the encryption device is provided by a key provider and the device key is not divulged to the security provider in order to prevent a compromise of the device key, and wherein the secure content is secured by encrypting content using a control word that itself is encrypted by the CPK;
retrieving at the encryption device the device key based on the decryption device identifier;
encrypting the CPK with the device key using a predetermined algorithm; and
sending the encrypted CPK to the control device.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are provided to receive at an encryption device from a control device an encryption request comprising a message and an identifier for a device. The control device and the device are associated with a security provider that provides secure content to the device using the message encrypted with a device key that is securely embedded in the device and also stored on the encryption device. The encryption device is associated with a key provider and the device key is not divulged to the security provider. At the encryption device, the device key is retrieved based on the identifier. The message is encrypted with the device key using a predetermined algorithm, and the encrypted message is then sent to the control device.
13 Citations
20 Claims
-
1. A method comprising:
-
receiving at an encryption device from a control device an encryption request comprising a content protection key (CPK) to be encrypted and an identifier for a decryption device, wherein the control device is controlled by a security provider that provides secure content to the decryption device using the CPK encrypted with a device key that is securely embedded in the decryption device and also stored on the encryption device, wherein the encryption device is provided by a key provider and the device key is not divulged to the security provider in order to prevent a compromise of the device key, and wherein the secure content is secured by encrypting content using a control word that itself is encrypted by the CPK; retrieving at the encryption device the device key based on the decryption device identifier; encrypting the CPK with the device key using a predetermined algorithm; and sending the encrypted CPK to the control device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
a storage device configured to securely store device identifiers and corresponding device keys; an interface configured to communicate with a control device that is controlled by a security provider that provides secure content to a decryption device using a content protection key (CPK) encrypted with a device key that is securely embedded in the decryption device and stored on the storage device; a processor configured to; receive an encryption request from the control device comprising the CPK to be encrypted and an identifier for the decryption device, wherein the apparatus is provided by a key provider and the device key is not divulged to the security provider in order to prevent a compromise of the device key, and wherein the secure content is secured by encrypting content using a control word that itself is encrypted by the CPK; retrieve the device key from the storage device corresponding to the identifier; encrypt the CPK with the device key using a predetermined algorithm; and send the encrypted CPK to the control device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory processor readable tangible medium encoded with instructions that, when executed by a processor, cause the processor to:
-
receive at an encryption device from a control device an encryption request comprising a content protection key (CPK) to be encrypted and an identifier for a decryption device, wherein the control device is controlled by a security provider that provides secure content to the decryption device using the CPK encrypted with a device key that is securely embedded in the decryption device and also stored on the encryption device, wherein the encryption device is provided by a key provider, and the device key is not divulged to the security provider in order to prevent a compromise of the device key, and wherein the secure content is secured by encrypting content using a control word that itself is encrypted by the CPK; retrieve at the encryption device the device key based on the decryption device identifier; encrypt the CPK with the device key using a predetermined algorithm; and send the encrypted CPK to the control device. - View Dependent Claims (18, 19, 20)
-
Specification