Secure escrow and recovery of media device content keys
First Claim
Patent Images
1. A method for securing media content comprising:
- generating, with a key generator included in a first processor of a first media device, an escrow key for encrypting a plurality of content keys;
encrypting, with the first processor of the first media device, the escrow key with a public key of a key clearinghouse, wherein encrypting the escrow key with the public key of the clearinghouse further comprises appending a current time and an identifier of the first processor with the encrypted escrow key to create an escrow key package;
storing the escrow key package in a storage location outside of the first processor of the first media device;
encrypting the plurality of content keys for encrypting instances of media content with the escrow key;
encrypting an instance of media content to be stored on the memory of a first storage device of the media device with a content key;
storing the content key, encrypted with the escrow key, to the first storage device;
sending, by a second processor, a request to recover the escrow key from the key clearinghouses, the request comprising an identification of the second processor;
receiving from the key clearinghouse an escrow key recovery package comprising the escrow key encrypted with a public key of the of the second processor, wherein receiving from the escrow key recovery package comprises receiving the escrow key recovery package in response to;
identifying the escrow key package based on the identification of the first processor and the appended current time received with the request to recover the escrow key,determining by the key clearinghouse that the second processor is authorized to access the escrow key based on the identification of the second processor,decrypting, by the key clearinghouse in response to determination that the second processor is authorized to access the escrow key, the encrypted escrow key with the public key of the key clearing house,encrypting, by the key clearinghouse, the decrypted escrow key with the public key of the second processor to create the escrow key recovery package, andsending, by the key clearinghouse, the escrow key recovery package to the second processor.
4 Assignments
0 Petitions
Accused Products
Abstract
An embodiment of a method for secure escrow and recovery of media device content keys includes generating, with a first processor of a media device, an escrow key for encrypting a plurality of content keys, the content keys for encrypting instances of media content. The first processor of the media device encrypts the escrow key with a public key of a key clearinghouse. The escrow key, encrypted with the public key of the key clearinghouse, is stored in a storage location outside of the first processor of the media device.
256 Citations
17 Claims
-
1. A method for securing media content comprising:
-
generating, with a key generator included in a first processor of a first media device, an escrow key for encrypting a plurality of content keys; encrypting, with the first processor of the first media device, the escrow key with a public key of a key clearinghouse, wherein encrypting the escrow key with the public key of the clearinghouse further comprises appending a current time and an identifier of the first processor with the encrypted escrow key to create an escrow key package; storing the escrow key package in a storage location outside of the first processor of the first media device; encrypting the plurality of content keys for encrypting instances of media content with the escrow key; encrypting an instance of media content to be stored on the memory of a first storage device of the media device with a content key; storing the content key, encrypted with the escrow key, to the first storage device; sending, by a second processor, a request to recover the escrow key from the key clearinghouses, the request comprising an identification of the second processor; receiving from the key clearinghouse an escrow key recovery package comprising the escrow key encrypted with a public key of the of the second processor, wherein receiving from the escrow key recovery package comprises receiving the escrow key recovery package in response to; identifying the escrow key package based on the identification of the first processor and the appended current time received with the request to recover the escrow key, determining by the key clearinghouse that the second processor is authorized to access the escrow key based on the identification of the second processor, decrypting, by the key clearinghouse in response to determination that the second processor is authorized to access the escrow key, the encrypted escrow key with the public key of the key clearing house, encrypting, by the key clearinghouse, the decrypted escrow key with the public key of the second processor to create the escrow key recovery package, and sending, by the key clearinghouse, the escrow key recovery package to the second processor. - View Dependent Claims (2, 3, 4, 12, 13, 14)
-
-
5. A non-transitory computer-readable medium on which is stored computer executable instructions which when executed by a first processor, perform a method comprising:
-
generating an escrow key with a key generator associated with the first processor of the digital media device; encrypting the escrow key with a public key of a key clearinghouse, wherein encrypting the escrow key with the public key of the clearinghouse further comprises appending a current time and an identity of the first processor with the encrypted escrow key to create an escrow key package; storing the escrow key package, encrypted with the public key of the key clearinghouse, in a storage location outside of the first processor of the media device; encrypting a plurality of content keys for encrypting instances of media content with the escrow key; encrypting an instance of media content to be stored on a first storage device of the media device with a content key; storing the content key, encrypted with the escrow key, to the first storage device; sending, by a second processor, a request to recover the escrow key from the key clearinghouses, the request comprising an identification of the second processor; receiving from the key clearinghouse an escrow key recovery package comprising the escrow key encrypted with a public key of the of the second processor, wherein receiving from the escrow key recovery package comprises receiving the escrow key recovery package in response to; identifying the escrow key package based on the identification of the first processor and the appended current time received with the request to recover the escrow key, determining by the key clearinghouse that the second processor is authorized to access the escrow key based on the identification of the second processor, decrypting, by the key clearinghouse in response to determination that the second processor is authorized to access the escrow key, the encrypted escrow key with the public key of the key clearing house, encrypting, by the key clearinghouse, the decrypted escrow key with the public key of the second processor to create the escrow key recovery package, and sending, by the key clearinghouse, the escrow key recovery package to the second processor. - View Dependent Claims (6, 7)
-
-
8. An access control system for managing encryption keys associated with digital media device comprising:
-
a first digital media device having a first processor, the first processor configured to; generate an escrow key for encrypting a plurality of content keys for encrypting instances of media content; encrypt the escrow key with a public key of a key clearinghouse, wherein the first processor being configured to encrypt the escrow key with the public key of the clearinghouse further comprises the first processor being configured to append a current time and an identity of the first processor with the encrypted escrow key to create an escrow key package; store the escrow key package, encrypted with the public key of the key clearinghouse, in a storage location outside of the first processor of the media device; encrypt the plurality of content keys for encrypting instances of media content with the escrow key; a key clearinghouse for providing conditional access to the escrow key by a second processor, wherein the key clearinghouse is configured to; receive a request from the second processor to recover the escrow key from the key clearinghouses, the request comprising an identification of the second processor; identify the escrow key package based on the identification of the first processor and the appended current time received with the request to recover the escrow key; determine that the second processor is authorized to access the escrow key based on the identification of the second processor, decrypt, by the key clearinghouse in response to determination that the second processor is authorized to access the escrow key, the encrypted escrow key with a private key of the key clearinghouse, encrypt the decrypted escrow key with the public key of the second processor, send the escrow key encrypted with the public key of the second processor to the second processor. - View Dependent Claims (9, 10, 11, 15, 16, 17)
-
Specification