Technique for securely communicating and storing programming material in a trusted domain
First Claim
1. A method for use in a first client device of a content distribution network for decrypting encrypted content with a cryptographic element, said network comprising at least a network entity and a plurality of client devices, said method comprising:
- receiving said encrypted content at said first client device from a second client device;
receiving a first encrypted version of said cryptographic element at said first client device from said second client device, said first encrypted version of said cryptographic element being generated by encrypting said cryptographic element using a second cryptographic element associated with a common user of said first and second devices;
receiving a second encrypted version of said cryptographic element at said first device from said network entity;
deriving said cryptographic element using at least one of said first and second encrypted versions of said cryptographic element; and
decrypting said encrypted content using said cryptographic element.
6 Assignments
0 Petitions
Accused Products
Abstract
A “trusted domain” is established within which content received from a communications network, e.g., a cable TV network, is protected from unauthorized copying thereof, in accordance with the invention. In an illustrative embodiment, the trusted domain includes a device associated with a user which receives content from the cable TV network. The content may be encrypted using a content key in accordance, e.g., with a 3DES encryption algorithm before it is stored in the device. In addition, a first encrypted content key version and a second encrypted content key version are generated by respectively encrypting the content key with a public key associated with the device and another public key associated with the user, in accordance with public key cryptography. The first and second encrypted content key versions are stored in association with the encrypted content in the device storage. The encrypted content can be migrated from a first device to a second device, and can be decrypted in the second device in the second device is associated with the same user, and also provided with the second encrypted content key version.
103 Citations
19 Claims
-
1. A method for use in a first client device of a content distribution network for decrypting encrypted content with a cryptographic element, said network comprising at least a network entity and a plurality of client devices, said method comprising:
-
receiving said encrypted content at said first client device from a second client device; receiving a first encrypted version of said cryptographic element at said first client device from said second client device, said first encrypted version of said cryptographic element being generated by encrypting said cryptographic element using a second cryptographic element associated with a common user of said first and second devices; receiving a second encrypted version of said cryptographic element at said first device from said network entity; deriving said cryptographic element using at least one of said first and second encrypted versions of said cryptographic element; and decrypting said encrypted content using said cryptographic element. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. Network apparatus configured to enable decryption of encrypted content in a client premises device (CPE) remote from said network apparatus, said encrypted content in said device being decrypted using a content key, said network apparatus comprising:
-
an interface configured to receive a first encrypted content key from said CPE remote from said network apparatus; a database configured to, upon a query, determine a user of said CPE, and to supply a first cryptographic element associated with said user of said CPE; an entity configured to recover said content key via decryption of said first encrypted content key using said first cryptographic element; an apparatus configured to generate a second encrypted content key via encryption of said recovered content key using a second cryptographic element associated with said CPE; and a server configured to provide at least said second encrypted content key to said CPE, said content key recoverable based at least on said second encrypted content key. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A client device configured to decrypt encrypted content using a cryptographic element, said client device in communication with a content distribution network, said network comprising at least a network entity and a plurality of second client devices, said client device comprising:
-
a first interface configured to receive said encrypted content from one of said plurality of second client devices; a second interface configured to receive a first encrypted version of said cryptographic element from said one of said plurality of second client devices, said first encrypted version of said cryptographic element being generated via encryption of said cryptographic element using a second cryptographic element associated with a common user of said client device and said one of said plurality of second client devices; a third interface configured to receive a second encrypted version of said cryptographic element from said network entity; a processor apparatus configured to execute at least computer program, said computer program comprising a plurality of instructions which are configured to, when executed; derive said cryptographic element using at least one of said first and second encrypted versions of said cryptographic element; and decrypt said encrypted content using said cryptographic element. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification