Platform-hardened digital rights management key provisioning
First Claim
Patent Images
1. A method comprising:
- initiating a client in a secure enclave;
requesting, by the client, digital rights management (DRM) provisioning information from a provisioning server;
receiving, by the client from the provisioning server, a first key component;
requesting, by the client, authentication by a verification server;
generating, by the client, a second key component;
providing, by the client, proof of authentication to the provisioning server;
sending, by the client to the provisioning server, the second key component;
generating, by the client, a shared secret key;
receiving, by the client, the DRM provisioning information;
decrypting, by the client, the DRM provisioning information using the shared secret key;
sealing the DRM provisioning information to the secure enclave;
storing the sealed DRM provisioning information in a non-volatile memory;
unsealing the DRM provisioning information in the secure enclave; and
using, by the client, content from a content server without repeating the requesting of DRM provisioning information from the provisioning server.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of an invention for platform-hardened digital rights management key provisioning are disclosed. In one embodiment, a processor includes an execution unit to execute one or more instructions to create a secure enclave in which to run an application to receive digital rights management information from a provisioning server in response to authentication of the application by a verification server.
15 Citations
8 Claims
-
1. A method comprising:
-
initiating a client in a secure enclave; requesting, by the client, digital rights management (DRM) provisioning information from a provisioning server; receiving, by the client from the provisioning server, a first key component; requesting, by the client, authentication by a verification server; generating, by the client, a second key component; providing, by the client, proof of authentication to the provisioning server; sending, by the client to the provisioning server, the second key component; generating, by the client, a shared secret key; receiving, by the client, the DRM provisioning information; decrypting, by the client, the DRM provisioning information using the shared secret key; sealing the DRM provisioning information to the secure enclave; storing the sealed DRM provisioning information in a non-volatile memory; unsealing the DRM provisioning information in the secure enclave; and using, by the client, content from a content server without repeating the requesting of DRM provisioning information from the provisioning server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification