Ensuring authenticity in a closed content distribution system
First Claim
Patent Images
1. A method executed by a secure processor of a secure player, the secure player comprising secure memory secured against access outside the secure player and insecure memory, the method comprising:
- receiving encrypted content comprising a plurality of data portions in an encrypted format;
receiving a license having a first cryptographic key and a plurality of signatures, the first cryptographic key configured to facilitate first decryption of the encrypted content, and each of the plurality of signatures configured to verify validity of at least one of the plurality of data portions, the license;
performing the first decryption of the encrypted content using the first cryptographic key;
verifying the validity of the plurality of data portions using the plurality of signatures;
generating, in response to verifying the validity, a second cryptographic key to facilitate re-encryption of the encrypted content, the second cryptographic key being independent of the first decryption key;
storing the second cryptographic key in the secure memory;
performing the re-encryption of the encrypted content using the second cryptographic key to obtain re-encrypted content;
storing the re-encrypted content in the insecure memory.
4 Assignments
0 Petitions
Accused Products
Abstract
A technique for maintaining encrypted content received over a network in a secure processor without exposing a key used to decrypt the content in the clear is disclosed.
214 Citations
20 Claims
-
1. A method executed by a secure processor of a secure player, the secure player comprising secure memory secured against access outside the secure player and insecure memory, the method comprising:
-
receiving encrypted content comprising a plurality of data portions in an encrypted format; receiving a license having a first cryptographic key and a plurality of signatures, the first cryptographic key configured to facilitate first decryption of the encrypted content, and each of the plurality of signatures configured to verify validity of at least one of the plurality of data portions, the license; performing the first decryption of the encrypted content using the first cryptographic key; verifying the validity of the plurality of data portions using the plurality of signatures; generating, in response to verifying the validity, a second cryptographic key to facilitate re-encryption of the encrypted content, the second cryptographic key being independent of the first decryption key; storing the second cryptographic key in the secure memory; performing the re-encryption of the encrypted content using the second cryptographic key to obtain re-encrypted content; storing the re-encrypted content in the insecure memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A secure player comprising:
-
secure memory; insecure memory; a secure processor coupled to the secure memory and the insecure memory, the secure processor configured to execute a computer-implemented method, the computer-implemented method comprising; receiving encrypted content comprising a plurality of data portions in an encrypted format; receiving a license having a first cryptographic key and a plurality of signatures, the first cryptographic key configured to facilitate first decryption of the encrypted content, and each of the plurality of signatures configured to verify validity of at least one of the plurality of data portions, the license; performing the first decryption of the encrypted content using the first cryptographic key; verifying the validity of the plurality of data portions using the plurality of signatures; generating, in response to verifying the validity, a second cryptographic key to facilitate re-encryption of the encrypted content, the second cryptographic key being independent of the first decryption key; storing the second cryptographic key in the secure memory; performing the re-encryption of the encrypted content using the second cryptographic key to obtain re-encrypted content; storing the re-encrypted content in the insecure memory. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification