Platform-hardened digital rights management key provisioning

US 9,436,812 B2
Filed: 03/09/2015
Issued: 09/06/2016
Est. Priority Date: 12/19/2012
Status: Active Grant

First Claim

Patent Images

1. A processor comprising:

a hardware access control unit to restrict access to the memory space of a secure enclave; and

an instruction decoder circuit to decode a first instruction, wherein the first instruction is a secure-enclave-create instruction to be executed to create the secure enclave in which to run an application to request digital rights management (DRM) provisioning information from a provisioning server, to receive a first key component from the provisioning server, to request authentication from a verification server, to generate a second key component, to provide proof of authentication to the provisioning server, to send the second key component to the provisioning server, to generate a shared secret key, to receive the DRM provisioning information from the provisioning server, to decrypt the DRM provisioning information using the shared secret key, to seal the DRM provisioning information to the secure enclave, to store the sealed DRM provisioning information in a non-volatile memory, to unseal the DRM provisioning information in the secure enclave, and to use the content from a content server without repeating the requesting of DRM provisioning information from the provisioning server, wherein the seal is to be performed using a second instruction of the processor, wherein the second instruction is a secure-enclave-seal instruction.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of an invention for platform-hardened digital rights management key provisioning are disclosed. In one embodiment, a processor includes an execution unit to execute one or more instructions to create a secure enclave in which to run an application to receive digital rights management information from a provisioning server in response to authentication of the application by a verification server.

42 Citations

View as Search Results

10 Claims

1. A processor comprising:
- a hardware access control unit to restrict access to the memory space of a secure enclave; and
  
  an instruction decoder circuit to decode a first instruction, wherein the first instruction is a secure-enclave-create instruction to be executed to create the secure enclave in which to run an application to request digital rights management (DRM) provisioning information from a provisioning server, to receive a first key component from the provisioning server, to request authentication from a verification server, to generate a second key component, to provide proof of authentication to the provisioning server, to send the second key component to the provisioning server, to generate a shared secret key, to receive the DRM provisioning information from the provisioning server, to decrypt the DRM provisioning information using the shared secret key, to seal the DRM provisioning information to the secure enclave, to store the sealed DRM provisioning information in a non-volatile memory, to unseal the DRM provisioning information in the secure enclave, and to use the content from a content server without repeating the requesting of DRM provisioning information from the provisioning server, wherein the seal is to be performed using a second instruction of the processor, wherein the second instruction is a secure-enclave-seal instruction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The processor of claim 1, wherein the digital rights management (DRM) provisioning information includes a Digital Transmission Content Protection key.
  - 3. The processor of claim 1, wherein the authentication involves an Enhanced Protection ID algorithm.
  - 4. The processor of claim 1, wherein the application in the secure enclave is also to generate an identity report.
  - 5. The processor of claim 4, wherein the application in the secure enclave is to use an Enhanced Protection ID (EPID) private key, the identity report.
  - 6. The processor of claim 5, wherein requesting authentication includes sending the signed identity report to the verification server.
  - 7. The processor of claim 6, wherein the application in the secure enclave is also to receive, from the verification server, the proof of authentication, wherein the authentication involves verifying the signed identity report.
  - 8. The processor of claim 7, wherein verifying the signed identity report uses an EPID public key corresponding to the EPID private key.

9. A system comprising:
- a non-volatile memory; and
  
  a processor including a hardware access control unit to restrict access to the memory space of a secure enclave, wherein the processor is to execute a secure-enclave-create instruction to create the secure enclave in which to run an application to request digital rights management (DRM) provisioning information from a provisioning server, to receive a first key component from the provisioning server, to request authentication from a verification server, to generate a second key component, to provide proof of authentication to the provisioning server, to send the second key component to the provisioning server, to generate a shared secret key, to receive the DRM provisioning information from the provisioning server, to decrypt the DRM provisioning information using the shared secret key, to seal the DRM provisioning information to the secure enclave, to store the sealed DRM provisioning information in the non-volatile memory, to unseal the DRM provisioning information in the secure enclave, and to use the content from a content server without repeating the requesting of DRM provisioning information from the provisioning server, wherein the seal is to be performed using a secure-enclave-seal instruction of the processor.
- View Dependent Claims (10)
- - 10. The system of claim 9 wherein the DRM provisioning information includes a Digital Transmission Content Protection key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Chhabra, Siddhartha, Lal, Reshma
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Zarrineh, Shahriar

Application Number

US14/641,986
Publication Number

US 20150178481A1
Time in Patent Office

547 Days
Field of Search

726/29
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 63/08   for authentication of entit...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/32   including means for verifyi...

Platform-hardened digital rights management key provisioning

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

Platform-hardened digital rights management key provisioning

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others