Platform-hardened digital rights management key provisioning
First Claim
Patent Images
1. A processor comprising:
- a hardware access control unit to restrict access to the memory space of a secure enclave; and
an instruction decoder circuit to decode a first instruction, wherein the first instruction is a secure-enclave-create instruction to be executed to create the secure enclave in which to run an application to request digital rights management (DRM) provisioning information from a provisioning server, to receive a first key component from the provisioning server, to request authentication from a verification server, to generate a second key component, to provide proof of authentication to the provisioning server, to send the second key component to the provisioning server, to generate a shared secret key, to receive the DRM provisioning information from the provisioning server, to decrypt the DRM provisioning information using the shared secret key, to seal the DRM provisioning information to the secure enclave, to store the sealed DRM provisioning information in a non-volatile memory, to unseal the DRM provisioning information in the secure enclave, and to use the content from a content server without repeating the requesting of DRM provisioning information from the provisioning server, wherein the seal is to be performed using a second instruction of the processor, wherein the second instruction is a secure-enclave-seal instruction.
0 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of an invention for platform-hardened digital rights management key provisioning are disclosed. In one embodiment, a processor includes an execution unit to execute one or more instructions to create a secure enclave in which to run an application to receive digital rights management information from a provisioning server in response to authentication of the application by a verification server.
42 Citations
10 Claims
-
1. A processor comprising:
-
a hardware access control unit to restrict access to the memory space of a secure enclave; and an instruction decoder circuit to decode a first instruction, wherein the first instruction is a secure-enclave-create instruction to be executed to create the secure enclave in which to run an application to request digital rights management (DRM) provisioning information from a provisioning server, to receive a first key component from the provisioning server, to request authentication from a verification server, to generate a second key component, to provide proof of authentication to the provisioning server, to send the second key component to the provisioning server, to generate a shared secret key, to receive the DRM provisioning information from the provisioning server, to decrypt the DRM provisioning information using the shared secret key, to seal the DRM provisioning information to the secure enclave, to store the sealed DRM provisioning information in a non-volatile memory, to unseal the DRM provisioning information in the secure enclave, and to use the content from a content server without repeating the requesting of DRM provisioning information from the provisioning server, wherein the seal is to be performed using a second instruction of the processor, wherein the second instruction is a secure-enclave-seal instruction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a non-volatile memory; and a processor including a hardware access control unit to restrict access to the memory space of a secure enclave, wherein the processor is to execute a secure-enclave-create instruction to create the secure enclave in which to run an application to request digital rights management (DRM) provisioning information from a provisioning server, to receive a first key component from the provisioning server, to request authentication from a verification server, to generate a second key component, to provide proof of authentication to the provisioning server, to send the second key component to the provisioning server, to generate a shared secret key, to receive the DRM provisioning information from the provisioning server, to decrypt the DRM provisioning information using the shared secret key, to seal the DRM provisioning information to the secure enclave, to store the sealed DRM provisioning information in the non-volatile memory, to unseal the DRM provisioning information in the secure enclave, and to use the content from a content server without repeating the requesting of DRM provisioning information from the provisioning server, wherein the seal is to be performed using a secure-enclave-seal instruction of the processor. - View Dependent Claims (10)
-
Specification