Embedding keys in hardware

US 9,397,828 B1
Filed: 05/13/2014
Issued: 07/19/2016
Est. Priority Date: 05/13/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

providing, to a device provider by an adopter that is separate from the device provider, encrypted keys, each of the encrypted keys to be included by the device provider in a corresponding device provided by the device provider;

receiving, by the adopter and from a user system that includes a device provided by the device provider and that includes one of the encrypted keys, information specifying the encrypted key and that is based on a unique identifier of the device;

validating, by the adopter, the information received from the user system, and in response to validating the information;

selecting a decryption key based on the information received from the user system that is configured to decrypt the encrypted key specified by the information received from the user system; and

providing the decryption key to the user system that includes the device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for embedding keys in hardware. One of the methods includes providing, to a device provider, one or more encrypted keys, each of the encrypted keys to be included in a corresponding device provided by the device provider. A user system that includes a device that includes one of the encrypted keys receives information specifying the encrypted key. The information received from the user system is validated. A decryption key is selected based on the information received from the user system that is configured to decrypt the encrypted key specified by the information received from the user system. The decryption key is provided to the user system that includes the device.

14 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- providing, to a device provider by an adopter that is separate from the device provider, encrypted keys, each of the encrypted keys to be included by the device provider in a corresponding device provided by the device provider;
  
  receiving, by the adopter and from a user system that includes a device provided by the device provider and that includes one of the encrypted keys, information specifying the encrypted key and that is based on a unique identifier of the device;
  
  validating, by the adopter, the information received from the user system, and in response to validating the information;
  
  selecting a decryption key based on the information received from the user system that is configured to decrypt the encrypted key specified by the information received from the user system; and
  
  providing the decryption key to the user system that includes the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - providing, to the device provider, a plurality of device identifiers, wherein each device identifier is to identify a respective device and is paired with one encrypted key;
      
      and wherein;
      
      receiving information specifying the encrypted key comprises receiving a device identifier of a device included in a user system;
      
      selecting a decryption key based on the information received comprises;
      
      accessing a database of decryption keys, wherein the database comprises an index that maps a device identifier to a decryption key; and
      
      obtaining a decryption key from the database of decryption keys.
  - 3. The method of claim 1, wherein information specifying the encrypted key is a MAC address of a respective device.
  - 4. The method of claim 1, further comprising:
    - receiving, from the device provider, a plurality of device identifiers, wherein each device identifier is to identify a respective device and is paired with one encrypted key;
      
      and wherein;
      
      receiving information specifying the encrypted key comprises receiving a device identifier of a device included in a user system;
      
      selecting a decryption key based on the information received comprising;
      
      accessing a database of decryption keys, wherein the database comprises an index that maps a decryption key to a device identifier; and
      
      obtaining a decryption key from the database of decryption keys.
  - 5. The method of claim 1 further comprising:
    - providing, to the device provider, a plurality of device identifiers, wherein each device identifier is to identify a respective device and is paired with one encrypted key;
      
      and wherein;
      
      receiving information specifying the encrypted key comprises receiving a device identifier of a device included in a user system;
      
      selecting a decryption key based on the information received comprises;
      
      computing a key derivation function with the device identifier and a master key;
      
      obtaining a decryption key from the key derivation function; and
      
      providing the decryption key to the user system that includes the device.
  - 6. The method of claim 1, wherein the encrypted key is an encrypted DRM key.
  - 7. The method of claim 1, further comprising:
    - receiving account information identifying an account of a user of the user system;
      
      determining, from the received account information, that the user has a valid account; and
      
      validating the information received from the device included in the user system based in part on determining that the user has a valid account.

8. A system, comprising:
- a data store storing encrypted keys provided to a device provider by an adopter, each of the encrypted keys included, by the device provider, in a corresponding device provided by the device provider, the data store also storing information specifying the encrypted key for each device based on a unique identifier of the device;
  
  an encrypted key manager comprising instructions executable by a processing system that includes one or more computers and upon such execution cause the processing system to perform operations comprising;
  
  receiving, by the adopter and from a user system that includes a device provided by the device provider and that includes one of the encrypted keys, information specifying the encrypted key that is based on a unique hardware identifier of the device;
  
  validating the encrypted key specified by the information received from the user system, and in response to validating the encrypted key;
  
  selecting a decryption key based on the information received from the user device that is configured to decrypt the encrypted key specified by the information received from the user device; and
  
  providing the decryption key to the user system that includes the device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the instructions further comprise:
    - providing, to the device provider, a plurality of device identifiers, wherein each device identifier is to identify a respective device and is paired with one encrypted key;
      
      and wherein;
      
      receiving information specifying the encrypted key comprises receiving a device identifier of a device included in a user system;
      
      selecting a decryption key based on the information received comprises;
      
      accessing a database of decryption keys, wherein the database comprises an index that maps a device identifier to a decryption key; and
      
      obtaining a decryption key from the database of decryption keys.
  - 10. The system of claim 8, wherein information specifying the encrypted key is a MAC address of a respective device.
  - 11. The system of claim 8, wherein the operations further comprise:
    - receiving, from the device provider, a plurality of device identifiers, wherein each device identifier is to identify a respective device and is paired with one encrypted key;
      
      and wherein;
      
      receiving information specifying the encrypted key comprises receiving a device identifier of a device included in a user system;
      
      selecting a decryption key based on the information received comprising;
      
      accessing a database of decryption keys, wherein the database comprises an index that maps a decryption key to a device identifier; and
      
      obtaining a decryption key from the database of decryption keys.
  - 12. The system of claim 8, wherein the operations further comprise:
    - providing, to the device provider, a plurality of device identifiers, wherein each device identifier is to identify a respective device and is paired with one encrypted key;
      
      and wherein;
      
      receiving information specifying the encrypted key comprises receiving a device identifier of a device included in a user system;
      
      selecting a decryption key based on the information received comprises;
      
      computing a key derivation function with the device identifier and a master key;
      
      obtaining a decryption key from the key derivation function; and
      
      providing the decryption key to the user system that includes the device.
  - 13. The system of claim 8, wherein the encrypted key is an encrypted DRM key.
  - 14. The system of claim 8, wherein the operations further comprise:
    - receiving account information identifying an account of a user of the user system;
      
      determining, from the received account information, that the user has a valid account; and
      
      validating the information received from the device included in the user system based in part on determining that the user has a valid account.

15. A computer program product, encoded on one or more non-transitory computer storage media, comprising instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
- providing, to a device provider by an adopter that is separate from the device provider, encrypted keys, each of the encrypted keys to be included by the device provider in a corresponding device provided by the device provider;
  
  receiving, by the adopter and from a user system that includes a device provided by the device provider and that includes one of the encrypted keys, information specifying the encrypted key and that is based on a unique identifier of the device;
  
  validating, by the adopter, the information received from the user system, and in response to validating the information;
  
  selecting a decryption key based on the information received from the user system that is configured to decrypt the encrypted key specified by the information received from the user system; and
  
  providing the decryption key to the user system that includes the device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the instructions further comprise:
    - providing, to the device provider, a plurality of device identifiers, wherein each device identifier is to identify a respective device and is paired with one encrypted key;
      
      and wherein;
      
      receiving information specifying the encrypted key comprises receiving a device identifier of a device included in a user system;
      
      selecting a decryption key based on the information received comprises;
      
      accessing a database of decryption keys, wherein the database comprises an index that maps a device identifier to a decryption key; and
      
      obtaining a decryption key from the database of decryption keys.
  - 17. The computer program product of claim 15, wherein the operations further comprise:
    - receiving, from the device provider, a plurality of device identifiers, wherein each device identifier is to identify a respective device and is paired with one encrypted key;
      
      and wherein;
      
      receiving information specifying the encrypted key comprises receiving a device identifier of a device included in a user system;
      
      selecting a decryption key based on the information received comprising;
      
      accessing a database of decryption keys, wherein the database comprises an index that maps a decryption key to a device identifier; and
      
      obtaining a decryption key from the database of decryption keys.
  - 18. The computer program product of claim 15, wherein the operations further comprise:
    - providing, to the device provider, a plurality of device identifiers, wherein each device identifier is to identify a respective device and is paired with one encrypted key;
      
      and wherein;
      
      receiving information specifying the encrypted key comprises receiving a device identifier of a device included in a user system;
      
      selecting a decryption key based on the information received comprises;
      
      computing a key derivation function with the device identifier and a master key;
      
      obtaining a decryption key from the key derivation function; and
      
      providing the decryption key to the user system that includes the device.
  - 19. The computer program product of claim 15, wherein the encrypted key is an encrypted DRM key.
  - 20. The computer program product of claim 15, wherein the operations further comprise:
    - receiving account information identifying an account of a user of the user system;
      
      determining, from the received account information, that the user has a valid account; and
      
      validating the information received from the device included in the user system based in part on determining that the user has a valid account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Lieber, Zeev
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Sanders, Stephen

Application Number

US14/276,717
Time in Patent Office

798 Days
Field of Search

380/279
US Class Current

1/1
CPC Class Codes

G09C 1/00   Apparatus or methods whereb...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/603   Digital right managament [DRM]

H04L 9/083   involving central third par...

Embedding keys in hardware

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Embedding keys in hardware

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links