Protection scheme for AACS keys

US 9,137,015 B2
Filed: 01/04/2008
Issued: 09/15/2015
Est. Priority Date: 01/04/2008
Status: Active Grant

First Claim

Patent Images

1. A method for protecting a software video player having Advanced Access Content System (AACS), comprising:

newly creating, by a processor, a temporary random key each time the software video player is started;

encrypting, by the processor, a fixed random key with the temporary random key to form an encrypted fixed random key;

dividing, by the processor, the encrypted fixed random key into the segments;

storing, by the processor, the segments at noncontiguous regions of a main memory of the processor;

reading, by the processor, the segments from the noncontiguous regions of the main memory;

assembling, by the processor, the segments to form the encrypted fixed random key;

decrypting, by the processor, the encrypted fixed random key with the temporary random key to form the fixed random key;

extracting, by the processor, AACS key data from a pack file;

decrypting, by the processor, the AACS key data with the fixed random key to retrieve AACS Device Keys;

generating, by the processor, an AACS Title Key using the AACS Device Key;

clearing, by the processor, the AACS Device Keys and the fixed random key from the main memory after the AACS Title Key is generated and before removal of an instance of media from which encrypted AACS content are retrieved;

decrypting, by the processor, the encrypted AACS content with the AACS Title Key to form AACS content; and

displaying the AACS content.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for protecting a software video player having Advanced Access Content System (AACS) includes reading segments of an encrypted first key from noncontiguous regions of memory, assembling the segments to form the encrypted first key, decrypting the encrypted first key with a second key to form a first key, extracting AACS key data from a pack file, decrypting the AACS key data to retrieve AACS Device Keys, generating an AACS Title Key using the AACS Device Key, clearing the AACS Device Keys and the first key from memory after the AACS Title Key is generated, decrying encrypted AACS content with the AACS Title Key to form AACS content, and displaying the AACS content.

27 Citations

26 Claims

1. A method for protecting a software video player having Advanced Access Content System (AACS), comprising:
- newly creating, by a processor, a temporary random key each time the software video player is started;
  
  encrypting, by the processor, a fixed random key with the temporary random key to form an encrypted fixed random key;
  
  dividing, by the processor, the encrypted fixed random key into the segments;
  
  storing, by the processor, the segments at noncontiguous regions of a main memory of the processor;
  
  reading, by the processor, the segments from the noncontiguous regions of the main memory;
  
  assembling, by the processor, the segments to form the encrypted fixed random key;
  
  decrypting, by the processor, the encrypted fixed random key with the temporary random key to form the fixed random key;
  
  extracting, by the processor, AACS key data from a pack file;
  
  decrypting, by the processor, the AACS key data with the fixed random key to retrieve AACS Device Keys;
  
  generating, by the processor, an AACS Title Key using the AACS Device Key;
  
  clearing, by the processor, the AACS Device Keys and the fixed random key from the main memory after the AACS Title Key is generated and before removal of an instance of media from which encrypted AACS content are retrieved;
  
  decrypting, by the processor, the encrypted AACS content with the AACS Title Key to form AACS content; and
  
  displaying the AACS content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein said reading, said assembling, said decrypting the encrypted fixed random key, said extracting, said decrypting the AACS key data, said generating, said clearing, and said decrypting the encrypted AACS content occur dynamically only when the AACS content must be displayed.
  - 3. The method of claim 1, wherein said decrypting the AACS key data further comprising retrieving AACS Host Key, the method further comprising:
    - authenticating an optical disk drive using the AACS Host Key; and
      
      reading the encrypted AACS content from the optical disk drive.
  - 4. The method of claim 1, further comprising:
    - generating a random number at a first module of the software video player;
      
      transmitting the random number from a first module to a second module of the software video player;
      
      encrypting the random number with a predefined key at the second module to form an encrypted random number;
      
      transmitting the encrypted random number from the second module to the first module;
      
      decrypting the encrypted random number with the predefined key at the first module; and
      
      verifying the random number at the first module, wherein the second module is authenticated with the first module when the random number has not changed.
  - 5. The method of claim 4, wherein the first and the second modules are selected from the group consisting of a BDMV engine, a codec engine, and an application layer.
  - 6. The method of claim 5, wherein said displaying the AACS content comprising transmitting the AACS content from the BDMV engine to the codec engine, the codec engine converting the AACS content into a video.
  - 7. The method of claim 4, further comprising:
    - creating a random number key at the first module;
      
      transmitting the random number key from the first module to the second module;
      
      encrypting AACS content with the random number key at the first module;
      
      transmitting the encrypted AACS content from the first module to the second module; and
      
      decrypting the encrypted AACS content with the random number key at the second module.
  - 8. The method of claim 1, further comprising:
    - terminating the software video player after detecting a debugger; and
      
      terminating the software video player after detecting the software video player is under a debugging condition.
  - 9. The method of claim 8, wherein said detecting a debugger comprises checking a thread information block (TIB) for flags that identify a running thread of a debugging tool.
  - 10. The method of claim 8, wherein said detecting a debugger comprises creating object handles with driver, file, and server names of the debugger, wherein the debugger is detected when said creating fails.
  - 11. The method of claim 8, wherein said detecting the software video player is under a debugging condition comprises determining if a title of a parent process of the software video player matches a title of a known program, the software video player being under the debugging condition when the title of the parent process does not match the title of the known program.
  - 12. The method of claim 1, further comprising executing junk codes to obfuscate other steps being performed by the software video player.
  - 13. The method of claim 1, further comprising:
    - after decrypting the encrypted AACS content, encrypting the AACS Title Key with a random number; and
      
      decrypting the encrypted AACS Title Key only when it is used again to decrypt the encrypted AACS content.

14. A non-transitory computer-readable storage medium encoded with executable instructions for execution by a processor to protect a software video player having Advanced Access Content System (AACS), the instructions comprising:
- newly creating a temporary random key each time the software video player is started;
  
  encrypting a fixed random key with the temporary random key to form an encrypted fixed random key;
  
  dividing the encrypted fixed random key into the segments;
  
  storing the segments at noncontiguous regions of a main memory of the processor;
  
  reading the segments from the noncontiguous regions of the main memory;
  
  assembling the segments to form the encrypted fixed random key;
  
  decrypting the encrypted fixed random key with the temporary random key to form the fixed random key;
  
  extracting AACS key data from a pack file;
  
  decrypting the AACS key data with the fixed random key to retrieve AACS Device Keys;
  
  generating an AACS Title Key using the AACS Device Key;
  
  clearing the AACS Device Keys and the fixed random key from the main memory after the AACS Title Key is generated and before removal of an instance of media from which encrypted AACS content are retrieved;
  
  decrypting the encrypted AACS content with the AACS Title Key to form AACS content; and
  
  displaying the AACS content.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 25, 26)
- - 15. The non-transitory computer-readable storage medium of claim 14, wherein said reading, said assembling, said decrypting the encrypted fixed random key, said extracting, said decrypting the AACS key data, said generating, said clearing, and said decrypting the encrypted AACS content occur dynamically only when the AACS content must be displayed.
  - 16. The non-transitory computer-readable storage medium of claim 14, wherein said decrypting the AACS key data further comprising retrieving AACS Host Key, the instructions further comprising:
    - authenticating an optical disk drive using the AACS Host Key; and
      
      reading the encrypted AACS content from the optical disk drive.
  - 17. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise:
    - generating a random number at a first module of the software video player;
      
      transmitting the random number from a first module to a second module of the software video player;
      
      encrypting the random number with a predefined key at the second module to form an encrypted random number;
      
      transmitting the encrypted random number from the second module to the first module;
      
      decrypting the encrypted random number with the predefined key at the first module; and
      
      verifying the random number at the first module, wherein the second module is authenticated with the first module when the random number has not changed.
  - 18. The non-transitory computer-readable storage medium of claim 17, wherein the first and the second modules are selected from the group consisting of a BDMV engine, a codec engine, and an application layer.
  - 19. The non-transitory computer-readable storage medium of claim 18, wherein said displaying the AACS content comprising transmitting the AACS content from the BDMV engine to the codec engine, the codec engine converting the AACS content into a video.
  - 20. The non-transitory computer-readable storage medium of claim 17, wherein the instructions further comprise:
    - creating a random number key at the first module;
      
      transmitting the random number key from the first module to the second module;
      
      encrypting AACS content with the random number key at the first module;
      
      transmitting the encrypted AACS content from the first module to the second module; and
      
      decrypting the encrypted AACS content with the random number key at the second module.
  - 25. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise executing junk codes to obfuscate other steps being performed by the software video player.
  - 26. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise:
    - after decrypting the encrypted AACS content, encrypting the AACS Title Key with a random number; and
      
      decrypting the encrypted AACS Title Key only when it is used again to decrypt the encrypted AACS content.

21. The non-transitory computer-readable storage medium of 14, wherein the instructions further comprise:
- terminating the software video player after detecting a debugger; and
  
  terminating the software video player after detecting the software video player is under a debugging condition.
- View Dependent Claims (22, 23, 24)
- - 22. The non-transitory computer-readable storage medium of claim 21, wherein said detecting a debugger comprises checking a thread information block (TIB) for flags that identify a running thread of a debugging tool.
  - 23. The non-transitory computer-readable storage medium of claim 21, wherein said detecting a debugger comprises creating object handles with driver, file, and server names of the debugger, wherein the debugger is detected when said creating fails.
  - 24. The non-transitory computer-readable storage medium of claim 21, wherein said detecting the software video player is under a debugging condition comprises determining if a title of a parent process of the software video player matches a title of a known program, the software video player being under the debugging condition when the title of the parent process does not match the title of the known program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ArcSoft, Inc.
Original Assignee
ArcSoft, Inc.
Inventors
Jin, Chao, Sun, Weitao
Primary Examiner(s)
Eskandarnia, Arvin
Assistant Examiner(s)
FABBRI, ANTHONY E

Application Number

US11/969,687
Publication Number

US 20100020968A1
Time in Patent Office

2,811 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 9/0891   Revocation or update of sec...

H04L 9/14   using a plurality of keys o...

H04N 2005/91364   the video signal being scra...

H04N 21/2585   Generation of a revocation ...

H04N 21/8355   involving usage data, e.g. ...

H04N 5/765   Interface circuits between ...

H04N 5/85   on discs or drums

H04N 5/913   for scrambling ; for copy p...

Protection scheme for AACS keys

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Protection scheme for AACS keys

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links