Host Device and Method for Super-Distribution of Content Protected with a Localized Content Encryption Key

US 20130159707A1
Filed: 12/16/2011
Published: 06/20/2013
Est. Priority Date: 12/16/2011
Status: Active Grant

First Claim

Patent Images

1. A host device comprising:

an interface through which the host device can connect to and communicate with a source storage device storing content encrypted with a content encryption key;

one or more memories storing a super-distribution key and the content encryption key; and

a controller in communication with the interface and the one or more memories, wherein the controller is operative to;

create a super-distribution token by encrypting the content encryption key with the super-distribution key; and

storing the super-distribution token and the encrypted content retrieved from the source storage device in a target storage device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a host device creates a super-distribution token by encrypting a content encryption key with a super-distribution key and stores the super-distribution token and encrypted content retrieved from a source storage device in a target storage device. In another embodiment, a host device provides a super-distribution token to a server, wherein the server is configured to generate an activation token from the super-distribution token, receive the activation token from the server, retrieve a content encryption key from the activation token, and decrypt encrypted content received from a storage device using the content encryption key retrieved from the activation token.

24 Citations

View as Search Results

44 Claims

1. A host device comprising:
- an interface through which the host device can connect to and communicate with a source storage device storing content encrypted with a content encryption key;
  
  one or more memories storing a super-distribution key and the content encryption key; and
  
  a controller in communication with the interface and the one or more memories, wherein the controller is operative to;
  
  create a super-distribution token by encrypting the content encryption key with the super-distribution key; and
  
  storing the super-distribution token and the encrypted content retrieved from the source storage device in a target storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The host device of claim 1, wherein the controller is further configured to receive data that associates the encrypted content with the super-distribution token so that when the encrypted content is copied from the source storage device, the super-distribution token is also copied.
  - 3. The host device claim 1, wherein a number of copies of the content is pre-authorized.
  - 4. The host device of claim 1, wherein the controller is further operative to receive the super-distribution key from a server.
  - 5. The host device of claim 4, wherein the controller is further operative to provide a credential to the server to prove that the host device is authorized to receive the super-distribution key.
  - 6. The host device of claim 4, wherein the server is unaware of the content encryption key when the server provides the super-distribution key to the host device.
  - 7. The host device of claim 1, wherein the controller is further operative to receive information from a server to import the super-distribution key via the host device.
  - 8. The host device of claim 1, wherein the super-distribution token further comprises additional data, and wherein both the additional data and the content encryption key are encrypted by the super-distribution key.
  - 9. The host device of claim 1, wherein the super-distribution token further comprises additional data, and wherein the super-distribution key is used to encrypt only the content encryption key and the additional data is free of such super-distribution key encryption.
  - 10. The host device of claim 9, wherein the additional data includes at least one of a reference to the super-distribution key, a content ID, a reference to the storage device, and a reference to the target storage device.
  - 11. The host device of claim 1, wherein the controller is further configured to generate the content encryption key.
  - 12. The host device of claim 1, wherein the controller is further configured to receive the content encryption key from a source external to the host device.
  - 13. The host device claim 1, wherein the super-distribution token and the encrypted content are retrieved from the source storage device and stored in a target storage device using a file manager copy command.

14. A method for super-distribution of content, the method comprising:
- performing the following in a host device storing a super-distribution key and a content encryption key, the host device being in communication with a source storage device storing content encrypted with the content encryption key;
  
  creating a super-distribution token by encrypting the content encryption key with the super-distribution key; and
  
  storing the super-distribution token and the encrypted content retrieved from the source storage device in a target storage device.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The method of claim 14 further comprising receiving data that associates the encrypted content with the super-distribution token so that when the encrypted content is copied from the source storage device, the super-distribution token is also copied.
  - 16. The method claim 14, wherein a number of copies of the content is pre-authorized.
  - 17. The method of claim 14 further comprising receiving the super-distribution key from a server.
  - 18. The method of claim 17 further comprising providing a credential to the server to prove that the storage device is authorized to receive the super-distribution key.
  - 19. The method of claim 17, wherein the server is unaware of the content encryption key when the server provides the super-distribution key to the host device.
  - 20. The method of claim 14, wherein the controller is further operative to receive information from a server to import the super-distribution key via the host device.
  - 21. The method of claim 14, wherein the super-distribution token further comprises additional data, and wherein both the additional data and the content encryption key are encrypted by the super-distribution key.
  - 22. The method of claim 14, wherein the super-distribution token further comprises additional data, and wherein the super-distribution key is used to encrypt only content encryption key and the additional data is free of such super-distribution key encryption.
  - 23. The method of claim 22, wherein the additional data includes at least one of a reference to the super-distribution key, a content ID, a reference to the storage device, and a reference to the target storage device.
  - 24. The method of claim 14 further comprising generating the content encryption key.
  - 25. The method of claim 14 further comprising receiving the content encryption key from a source external to the host device.
  - 26. The method claim 14, wherein the super-distribution token and the encrypted content are retrieved from the source storage device and stored in a target storage device using a file manager copy command.

27. A host device comprising:
- an interface through which the host device can connect to and communicate with a storage device storing content encrypted with a content encryption key;
  
  a memory storing a super-distribution token, wherein the super-distribution token comprises an encrypted version of the content encryption key; and
  
  a controller in communication with the interface and the memory, wherein the controller is operative to;
  
  provide the super-distribution token to a server, wherein the server is configured to generate an activation token from the super-distribution token, wherein the activation token contains the content encryption key;
  
  receive the activation token from the server;
  
  retrieve the content encryption key from the activation token; and
  
  decrypt the encrypted content received from the storage device using the content encryption key retrieved from the activation token.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
- - 28. The host device of claim 27, wherein the encrypted version of the content encryption key is encrypted with a super-distribution key, and wherein the server stores the super-distribution key and is configured to generate the activation token by decrypting the super-distribution token using the super-distribution key.
  - 29. The host device of claim 27, wherein, in addition to the content encryption key, the activation token contains additional data.
  - 30. The host device of claim 29, wherein the additional data includes at least one of a reference to the super-distribution key, a content ID, a reference to the storage device, and a reference to a storage device that was the source of the encrypted content.
  - 31. The host device of claim 27, wherein the activation token contains the content encryption key in clear form.
  - 32. The host device of claim 27, wherein the activation token contains the content encryption key in an encrypted form.
  - 33. The host device of claim 32, wherein the content encryption key in encrypted with a key known to the host device but unknown to the server.
  - 34. The host device of claim 32, wherein the content encryption key in encrypted with a transport encryption key known to the server, and wherein the controller is further configured to decrypt the encrypted content encryption key with the transport encryption key and then re-encrypt the content encryption key with a key unknown to the server.
  - 35. The host device of claim 27, wherein the controller is further operative to provide a credential to the server to prove that the host device is authorized to receive the authorization token.

36. A method for super-distribution of content, the method comprising:
- performing the following in a host device having an interface through which the host device can connect to and communicate with a storage device storing a content encrypted with a content encryption key, wherein the host device stores a super-distribution token comprising an encrypted version of the content encryption key;
  
  providing the super-distribution token to a server, wherein the server is configured to generate an activation token from the super-distribution token, wherein the activation token contains the content encryption key;
  
  receiving the activation token from the server;
  
  retrieving the content encryption key from the activation token; and
  
  decrypting the encrypted content retrieved from the storage device using the content encryption key retrieved from the activation token.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44)
- - 37. The method of claim 36, wherein the encrypted version of the content encryption key is encrypted with a super-distribution key, and wherein the server stores the super-distribution key and is configured to generate the activation token by decrypting the super-distribution token using the super-distribution key.
  - 38. The method of claim 36, wherein, in addition to the content encryption key, the activation token contains additional data.
  - 39. The method of claim 38, wherein the additional data includes at least one of a reference to the super-distribution key, a content ID, a reference to the storage device, and a reference to a storage device that was the source of the encrypted content.
  - 40. The method of claim 36, wherein the activation token contains the content encryption key in clear form.
  - 41. The method of claim 36, wherein the activation token contains the content encryption key in an encrypted form.
  - 42. The method of claim 41, wherein the content encryption key in encrypted with a key known to the host device but unknown to the server.
  - 43. The method of claim 41, wherein the content encryption key in encrypted with a transport encryption key known to the server, and wherein the method further comprises decrypting the encrypted content encryption key with the transport encryption key and then re-encrypting the content encryption key with a key unknown to the server.
  - 44. The method of claim 36 further comprising providing a credential to the server to prove that the host device is authorized to receive the authorization token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Inventors
Hutton, Henry R., Lin, Jason T., Halpern, Joseph E., Sela, Rotem, Jogand-Coulomb, Fabrice E.

Granted Patent

US 9,015,479 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/164
CPC Class Codes

G06F 21/10 Protecting distributed prog...

Host Device and Method for Super-Distribution of Content Protected with a Localized Content Encryption Key

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Host Device and Method for Super-Distribution of Content Protected with a Localized Content Encryption Key

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links