Ensuring authenticity in a closed content distribution system

US 9,985,781 B2
Filed: 03/31/2017
Issued: 05/29/2018
Est. Priority Date: 02/07/2003
Status: Expired due to Term

First Claim

Patent Images

1. A method executed by a secure processor of a secure player, the secure player comprising secure memory secured against access outside the secure player and insecure memory, the method comprising:

receiving encrypted content comprising a plurality of data portions in an encrypted format;

receiving a license having a first cryptographic key and a plurality of signatures, the first cryptographic key configured to facilitate first decryption of the encrypted content, and each of the plurality of signatures configured to verify validity of at least one of the plurality of data portions, the license;

performing the first decryption of the encrypted content using the first cryptographic key;

verifying the validity of the plurality of data portions using the plurality of signatures;

generating, in response to verifying the validity, a second cryptographic key to facilitate re-encryption of the encrypted content, the second cryptographic key being independent of the first decryption key;

storing the second cryptographic key in the secure memory;

performing the re-encryption of the encrypted content using the second cryptographic key to obtain re-encrypted content;

storing the re-encrypted content in the insecure memory.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for maintaining encrypted content received over a network in a secure processor without exposing a key used to decrypt the content in the clear is disclosed.

214 Citations

20 Claims

1. A method executed by a secure processor of a secure player, the secure player comprising secure memory secured against access outside the secure player and insecure memory, the method comprising:
- receiving encrypted content comprising a plurality of data portions in an encrypted format;
  
  receiving a license having a first cryptographic key and a plurality of signatures, the first cryptographic key configured to facilitate first decryption of the encrypted content, and each of the plurality of signatures configured to verify validity of at least one of the plurality of data portions, the license;
  
  performing the first decryption of the encrypted content using the first cryptographic key;
  
  verifying the validity of the plurality of data portions using the plurality of signatures;
  
  generating, in response to verifying the validity, a second cryptographic key to facilitate re-encryption of the encrypted content, the second cryptographic key being independent of the first decryption key;
  
  storing the second cryptographic key in the secure memory;
  
  performing the re-encryption of the encrypted content using the second cryptographic key to obtain re-encrypted content;
  
  storing the re-encrypted content in the insecure memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the plurality of data portions comprises a plurality of data chunks.
  - 3. The method of claim 1, further comprising:
    - determining if verifying the validity of the plurality of data portions fails;
      
      limiting access to the plurality of data portions if verifying the validity of the plurality of data portions fails.
  - 4. The method of claim 1, wherein verifying the validity of the plurality of data portions comprises performing a run-time verification of the validity of the plurality of data portions.
  - 5. The method of claim 1, further comprising maintaining an association between the second cryptographic key and the re-encrypted content.
  - 6. The method of claim 1, further comprising:
    - maintaining association data between the second cryptographic key and the re-encrypted content;
      
      storing the association data in an external storage external to the secure player.
  - 7. The method of claim 1, wherein one or more of the first cryptographic key and the second cryptographic key is part of a cryptographic key pair used for the secure player.
  - 8. The method of claim 1, wherein the encrypted content comprises multimedia content or game content.
  - 9. The method of claim 1, wherein the encrypted content is received from a dynamic content server configured to dynamically create the encrypted content.
  - 10. The method of claim 1, wherein the content is encrypted at a content server.

11. A secure player comprising:
- secure memory;
  
  insecure memory;
  
  a secure processor coupled to the secure memory and the insecure memory, the secure processor configured to execute a computer-implemented method, the computer-implemented method comprising;
  
  receiving encrypted content comprising a plurality of data portions in an encrypted format;
  
  receiving a license having a first cryptographic key and a plurality of signatures, the first cryptographic key configured to facilitate first decryption of the encrypted content, and each of the plurality of signatures configured to verify validity of at least one of the plurality of data portions, the license;
  
  performing the first decryption of the encrypted content using the first cryptographic key;
  
  verifying the validity of the plurality of data portions using the plurality of signatures;
  
  generating, in response to verifying the validity, a second cryptographic key to facilitate re-encryption of the encrypted content, the second cryptographic key being independent of the first decryption key;
  
  storing the second cryptographic key in the secure memory;
  
  performing the re-encryption of the encrypted content using the second cryptographic key to obtain re-encrypted content;
  
  storing the re-encrypted content in the insecure memory.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The secure player of claim 11, wherein the plurality of data portions comprises a plurality of data chunks.
  - 13. The secure player of claim 11, wherein the computer-implemented method further comprises:
    - determining if verifying the validity of the plurality of data portions fails;
      
      limiting access to the plurality of data portions if verifying the validity of the plurality of data portions fails.
  - 14. The secure player of claim 11, wherein verifying the validity of the plurality of data portions comprises performing a run-time verification of the validity of the plurality of data portions.
  - 15. The secure player of claim 11, further comprising maintaining an association between the second cryptographic key and the re-encrypted content.
  - 16. The secure player of claim 11, wherein the computer-implemented method further comprises:
    - maintaining association data between the second cryptographic key and the re-encrypted content;
      
      storing the association data in an external storage external to the secure player.
  - 17. The secure player of claim 11, wherein one or more of the first cryptographic key and the second cryptographic key is part of a cryptographic key pair used for the secure player.
  - 18. The secure player of claim 11, wherein the encrypted content comprises multimedia content or game content.
  - 19. The secure player of claim 11, wherein the encrypted content is received from a dynamic content server configured to dynamically create the encrypted content.
  - 20. The secure player of claim 11, wherein the content is encrypted at a content server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Acer Cloud Technology, Inc. (Acer, Inc.)
Inventors
Princen, John, Srinivasan, Pramila, Blythe, David, Yen, Wei
Primary Examiner(s)
Williams, Jeffery

Application Number

US15/475,806
Publication Number

US 20170230176A1
Time in Patent Office

424 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/1011   to devices

G06F 21/105   Arrangements for software l...

G06F 21/107   License processing; Key pro...

G06F 21/602   Providing cryptographic fac...

G06F 21/78   to assure secure storage of...

G06F 2212/402   Encrypted data

H04L 2209/60   Digital content management,...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/16   the keys or algorithms bein...

H04L 9/3247   involving digital signatures

Ensuring authenticity in a closed content distribution system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

214 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Ensuring authenticity in a closed content distribution system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

214 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links