Secure escrow and recovery of media device content keys

US 9,137,480 B2
Filed: 06/30/2006
Issued: 09/15/2015
Est. Priority Date: 06/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method for securing media content comprising:

generating, with a key generator included in a first processor of a first media device, an escrow key for encrypting a plurality of content keys;

encrypting, with the first processor of the first media device, the escrow key with a public key of a key clearinghouse, wherein encrypting the escrow key with the public key of the clearinghouse further comprises appending a current time and an identifier of the first processor with the encrypted escrow key to create an escrow key package;

storing the escrow key package in a storage location outside of the first processor of the first media device;

encrypting the plurality of content keys for encrypting instances of media content with the escrow key;

encrypting an instance of media content to be stored on the memory of a first storage device of the media device with a content key;

storing the content key, encrypted with the escrow key, to the first storage device;

sending, by a second processor, a request to recover the escrow key from the key clearinghouses, the request comprising an identification of the second processor;

receiving from the key clearinghouse an escrow key recovery package comprising the escrow key encrypted with a public key of the of the second processor, wherein receiving from the escrow key recovery package comprises receiving the escrow key recovery package in response to;

identifying the escrow key package based on the identification of the first processor and the appended current time received with the request to recover the escrow key,determining by the key clearinghouse that the second processor is authorized to access the escrow key based on the identification of the second processor,decrypting, by the key clearinghouse in response to determination that the second processor is authorized to access the escrow key, the encrypted escrow key with the public key of the key clearing house,encrypting, by the key clearinghouse, the decrypted escrow key with the public key of the second processor to create the escrow key recovery package, andsending, by the key clearinghouse, the escrow key recovery package to the second processor.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment of a method for secure escrow and recovery of media device content keys includes generating, with a first processor of a media device, an escrow key for encrypting a plurality of content keys, the content keys for encrypting instances of media content. The first processor of the media device encrypts the escrow key with a public key of a key clearinghouse. The escrow key, encrypted with the public key of the key clearinghouse, is stored in a storage location outside of the first processor of the media device.

256 Citations

17 Claims

1. A method for securing media content comprising:
- generating, with a key generator included in a first processor of a first media device, an escrow key for encrypting a plurality of content keys;
  
  encrypting, with the first processor of the first media device, the escrow key with a public key of a key clearinghouse, wherein encrypting the escrow key with the public key of the clearinghouse further comprises appending a current time and an identifier of the first processor with the encrypted escrow key to create an escrow key package;
  
  storing the escrow key package in a storage location outside of the first processor of the first media device;
  
  encrypting the plurality of content keys for encrypting instances of media content with the escrow key;
  
  encrypting an instance of media content to be stored on the memory of a first storage device of the media device with a content key;
  
  storing the content key, encrypted with the escrow key, to the first storage device;
  
  sending, by a second processor, a request to recover the escrow key from the key clearinghouses, the request comprising an identification of the second processor;
  
  receiving from the key clearinghouse an escrow key recovery package comprising the escrow key encrypted with a public key of the of the second processor, wherein receiving from the escrow key recovery package comprises receiving the escrow key recovery package in response to;
  
  identifying the escrow key package based on the identification of the first processor and the appended current time received with the request to recover the escrow key,determining by the key clearinghouse that the second processor is authorized to access the escrow key based on the identification of the second processor,decrypting, by the key clearinghouse in response to determination that the second processor is authorized to access the escrow key, the encrypted escrow key with the public key of the key clearing house,encrypting, by the key clearinghouse, the decrypted escrow key with the public key of the second processor to create the escrow key recovery package, andsending, by the key clearinghouse, the escrow key recovery package to the second processor.
- View Dependent Claims (2, 3, 4, 12, 13, 14)
- - 2. The method of claim 1, further comprising:
    - retrieving the content key, encrypted with the escrow key, from the storage device;
      
      decrypting the content key, encrypted with the escrow key, with the escrow key; and
      
      decrypting the media content with the content key.
  - 3. The method of claim 1, further comprising:
    - decrypting the escrow key, encrypted with the public key of the second processor, with the private key of the second processor;
      
      decrypting the content key, encrypted with the escrow key, with the escrow key; and
      
      decrypting the instance of media content with the content key.
  - 4. The method of claim 1, wherein the first processor is a secure microprocessor.
  - 12. The method of claim 1, wherein sending the request by the second processor to recover the escrow key comprises sending the request from the second processor as a replacement for the first processor.
  - 13. The method of claim 1, wherein sending the request by the second processor to recover the escrow key comprises sending the request from the second processor connected to the first processor in a home area network.
  - 14. The method of claim 1, wherein encrypting the escrow key with the public key of the clearinghouse further comprises signing the appended encrypted escrow key with a private key associated with the first processor.

5. A non-transitory computer-readable medium on which is stored computer executable instructions which when executed by a first processor, perform a method comprising:
- generating an escrow key with a key generator associated with the first processor of the digital media device;
  
  encrypting the escrow key with a public key of a key clearinghouse, wherein encrypting the escrow key with the public key of the clearinghouse further comprises appending a current time and an identity of the first processor with the encrypted escrow key to create an escrow key package;
  
  storing the escrow key package, encrypted with the public key of the key clearinghouse, in a storage location outside of the first processor of the media device;
  
  encrypting a plurality of content keys for encrypting instances of media content with the escrow key;
  
  encrypting an instance of media content to be stored on a first storage device of the media device with a content key;
  
  storing the content key, encrypted with the escrow key, to the first storage device;
  
  sending, by a second processor, a request to recover the escrow key from the key clearinghouses, the request comprising an identification of the second processor;
  
  receiving from the key clearinghouse an escrow key recovery package comprising the escrow key encrypted with a public key of the of the second processor, wherein receiving from the escrow key recovery package comprises receiving the escrow key recovery package in response to;
  
  identifying the escrow key package based on the identification of the first processor and the appended current time received with the request to recover the escrow key,determining by the key clearinghouse that the second processor is authorized to access the escrow key based on the identification of the second processor,decrypting, by the key clearinghouse in response to determination that the second processor is authorized to access the escrow key, the encrypted escrow key with the public key of the key clearing house,encrypting, by the key clearinghouse, the decrypted escrow key with the public key of the second processor to create the escrow key recovery package, andsending, by the key clearinghouse, the escrow key recovery package to the second processor.
- View Dependent Claims (6, 7)
- - 6. The non-transitory computer-readable medium of claim 5, further comprising:
    - retrieving the content key, encrypted with the escrow key, from the storage device;
      
      decrypting the content key, encrypted with the escrow key, with the escrow key; and
      
      decrypting the media content with the content key.
  - 7. The non-transitory computer-readable medium of claim 6, further comprising:
    - decrypting the escrow key, encrypted with the public key of the second processor, with the private key of the second processor;
      
      decrypting the content key, encrypted with the escrow key, with the escrow key; and
      
      decrypting the instance of media content with the content key.

8. An access control system for managing encryption keys associated with digital media device comprising:
- a first digital media device having a first processor, the first processor configured to;
  
  generate an escrow key for encrypting a plurality of content keys for encrypting instances of media content;
  
  encrypt the escrow key with a public key of a key clearinghouse, wherein the first processor being configured to encrypt the escrow key with the public key of the clearinghouse further comprises the first processor being configured to append a current time and an identity of the first processor with the encrypted escrow key to create an escrow key package;
  
  store the escrow key package, encrypted with the public key of the key clearinghouse, in a storage location outside of the first processor of the media device;
  
  encrypt the plurality of content keys for encrypting instances of media content with the escrow key;
  
  a key clearinghouse for providing conditional access to the escrow key by a second processor, wherein the key clearinghouse is configured to;
  
  receive a request from the second processor to recover the escrow key from the key clearinghouses, the request comprising an identification of the second processor;
  
  identify the escrow key package based on the identification of the first processor and the appended current time received with the request to recover the escrow key;
  
  determine that the second processor is authorized to access the escrow key based on the identification of the second processor,decrypt, by the key clearinghouse in response to determination that the second processor is authorized to access the escrow key, the encrypted escrow key with a private key of the key clearinghouse,encrypt the decrypted escrow key with the public key of the second processor,send the escrow key encrypted with the public key of the second processor to the second processor.
- View Dependent Claims (9, 10, 11, 15, 16, 17)
- - 9. The access control system of claim 8, wherein the digital media device is further configured to:
    - retrieve the content key, encrypted with the escrow key, from the storage device;
      
      decrypt the content key, encrypted with the escrow key, with the escrow key; and
      
      decrypt the media content with the content key.
  - 10. The access control system of claim 8, wherein the second processor is associated with a second media device, the second media device configured to request a release of the escrow key associated with the first processor from the key clearinghouse.
  - 11. The access control system of claim 8, wherein the second processor is further configured to decrypt the escrow key, encrypted with the public key of the second processor, with the private key of the second processor, and decrypt the content key, encrypted with the escrow key, with the escrow key;
    - andwherein the second media device is configured to decrypt the instance of media content with the content key.
  - 15. The system of claim 8, wherein the second processor is a secure processor.
  - 16. The system of claim 8, wherein the second processor is a replacement of the first processor.
  - 17. The system of claim 8, wherein the second processor is connected to the first processor on a home area network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Schlarb, John M., Bacon, Kinney C.
Primary Examiner(s)
OBEID, MAMON A

Application Number

US11/428,367
Publication Number

US 20080005030A1
Time in Patent Office

3,364 Days
Field of Search

705/50, 705/67, 705/71, 705/51, 705/59, 380/255
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/31   User authentication

G06F 21/602   Providing cryptographic fac...

H04L 2209/60   Digital content management,...

H04L 9/0894   Escrow, recovery or storing...

H04N 2005/91364   the video signal being scra...

H04N 21/2541   Rights Management protectin...

H04N 21/26613   for generating or managing ...

H04N 21/835   Generation of protective da...

H04N 5/76   Television signal recording

H04N 5/913   for scrambling ; for copy p...

Secure escrow and recovery of media device content keys

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

256 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Secure escrow and recovery of media device content keys

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

256 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others