SYSTEM AND METHOD FOR EFFICIENT AND SECURE DISTRIBUTION OF DIGITAL CONTENT

US 20150270957A1
Filed: 03/19/2014
Published: 09/24/2015
Est. Priority Date: 03/19/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for processing encrypted content, the method comprising:

receiving, in response to a request for content, master-encrypted content which has been encrypted based on a master encryption key;

obtaining a user-specific re-encryption key; and

re-encrypting the master-encrypted content by using the user-specific re-encryption key to transform the master-encrypted content to a user-specific encrypted content, which can only be decrypted by a user-specific decryption key, thereby facilitating secure distribution of user-specific content without requiring a content source to distribute user-specific encrypted content.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment provides a system for processing encrypted content. During operation, a client computing device determines a request for content based on the identity of the user or the client computing device. Content is received which has been encrypted using a master encryption, where the master encryption key is not known to the client computing device. The client computing device generates an interest packet that includes a request for a user-specific re-encryption key, and, based on the information in the interest packet, receives a content object that includes the user-specific re-encryption key. The client computing device decrypts the master-encrypted content by: re-encrypting the master-encrypted content, using the user-specific re-encryption key to transform the master-encrypted content to a user-specific encrypted content; and decrypting the transformed user-specific encrypted content using a user-specific key. This thereby facilitates the secure distribution of user-specific content without requiring a content source to distribute user-specific encrypted content.

23 Citations

View as Search Results

24 Claims

1. A computer-implemented method for processing encrypted content, the method comprising:
- receiving, in response to a request for content, master-encrypted content which has been encrypted based on a master encryption key;
  
  obtaining a user-specific re-encryption key; and
  
  re-encrypting the master-encrypted content by using the user-specific re-encryption key to transform the master-encrypted content to a user-specific encrypted content, which can only be decrypted by a user-specific decryption key, thereby facilitating secure distribution of user-specific content without requiring a content source to distribute user-specific encrypted content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - determining, by a client computing device, a request for content based on the identity of the user or the client computing device;
      
      generating an interest packet that includes a request for a user-specific re-encryption key;
      
      receiving a content object, based on the information in the interest packet, that includes the user-specific re-encryption key; and
      
      decrypting the transformed user-specific encrypted content by using a user-specific decryption key.
  - 3. The method of claim 2, wherein the generated interest packet comprises one or more of:
    - a public key of the user; and
      
      a name for the content corresponding to the requested user-specific re-encryption key.
  - 4. The method of claim 3, wherein the generated interest packet comprises authentication information relating to the user.
  - 5. The method of claim 2, further comprising:
    - receiving, by the client computing device, a content object that includes information relating to pricing, based on the information in the interest packet; and
      
      generating another interest packet that includes information relating to payment.
  - 6. The method of claim 1, wherein re-encrypting the master-encrypted content is performed by an intermediate storage device associated with one or more of:
    - an authorized distributor;
      
      an authorized retailer;
      
      a storage device selected specifically for a particular Internet Service Provider (ISP); and
      
      any medium capable of caching the master-encrypted content and the corresponding user-specific re-encryption key.
  - 7. The method of claim 6, further comprising:
    - sending, by an intermediate storage device, the transformed user-specific encrypted content to a client computing device, thereby allowing the client computing device to decrypt the transformed user-specific encrypted content using the user-specific decryption key.
  - 8. The method of claim 1, wherein the received content is encrypted using a symmetric key, and wherein the symmetric key has been encrypted using the master encryption key,and wherein re-encrypting the received master-encrypted content further comprises:
    - re-encrypting the master-encrypted symmetric key, using the user-specific re-encryption key, to a user-specific encrypted symmetric key,decrypting the re-encrypted symmetric key using the user-specific decryption key, anddecrypting the symmetric key-encrypted content using the decrypted symmetric key.

9. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method, the method comprising:
- receiving, in response to a request for content, master-encrypted content which has been encrypted based on a master encryption key;
  
  obtaining a user-specific re-encryption key; and
  
  re-encrypting the master-encrypted content by using the user-specific re-encryption key to transform the master-encrypted content to a user-specific encrypted content, which can only be decrypted by a user-specific decryption key, thereby facilitating secure distribution of user-specific content without requiring a content source to distribute user-specific encrypted content.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The storage medium of claim 9, further comprising:
    - determining, by a client computing device, a request for content based on the identity of the user or the client computing device;
      
      generating an interest packet that includes a request for a user-specific re-encryption key;
      
      receiving a content object, based on the information in the interest packet, that includes the user-specific re-encryption key; and
      
      decrypting the transformed user-specific encrypted content by using the user-specific decryption key.
  - 11. The storage medium of claim 10, wherein the generated interest packet comprises one or more of:
    - a public key of the user; and
      
      a name for the content corresponding to the requested user-specific re-encryption key.
  - 12. The storage medium of claim 11, wherein the generated interest packet comprises authentication information relating to the user.
  - 13. The storage medium of claim 10, further comprising:
    - receiving, by the client computing device, a content object that includes information relating to pricing, based on the information in the interest packet; and
      
      generating another interest packet that includes information relating to payment.
  - 14. The storage medium of claim 9, wherein re-encrypting the master-encrypted content is performed by an intermediate storage device associated with one or more of:
    - an authorized distributor;
      
      an authorized retailer;
      
      a storage device selected specifically for a particular Internet Service Provider (ISP); and
      
      any medium capable of caching the master-encrypted content and the corresponding user-specific re-encryption key.
  - 15. The storage medium of claim 14, further comprising:
    - sending, by an intermediate storage device, the transformed user-specific encrypted content to a client computing device, thereby allowing the client computing device to decrypt the transformed user-specific encrypted content using the user-specific decryption key.
  - 16. The storage medium of claim 9, wherein the received content is encrypted using a symmetric key, and wherein the symmetric key has been encrypted using the master encryption key,and wherein transforming the received master-encrypted content further comprises:
    - re-encrypting the master-encrypted symmetric key, using the user-specific re-encryption key, to a user-specific encrypted symmetric key,decrypting the re-encrypted symmetric key using the user-specific decryption key, anddecrypting the symmetric key-encrypted content using the decrypted symmetric key.

17. A apparatus to process encrypted content, comprising:
- a communication mechanism to receive, in response to a request for content, master-encrypted content which has been encrypted based on a master encryption key;
  
  a re-encryption key obtaining mechanism to obtain a user-specific re-encryption key; and
  
  a re-encryption mechanism to re-encrypt the master-encrypted content by using the user-specific re-encryption key to transform the master-encrypted content to a user-specific encrypted content, which can only be decrypted by a user-specific decryption key,thereby facilitating the secure distribution of user-specific content without requiring a content source to distribute user-specific encrypted content.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The apparatus of claim 17, wherein the communication mechanism further comprises determining, by a client computing device, a request for content based on the identity of the user or the client computing device,and wherein the re-encryption key obtaining mechanism further comprisesgenerating an interest packet that includes a request for a user-specific re-encryption key;
19. The apparatus of claim 18, wherein the generated interest packet comprises one or more of:
- a public key of the user; and
  
  a name for the content corresponding to the requested user-specific re-encryption key.
20. The apparatus of claim 18, wherein the generated interest packet comprises authentication information relating to the user.
21. The apparatus of claim 18, further comprising a pricing and payment mechanism to:
- receive, by the client computing device, a content object that includes information relating to pricing, based on the information in the interest packet; and
  
  generate another interest packet that includes information relating to payment.
22. The apparatus of claim 17, wherein the re-encrypting of the master-encrypted content by the re-encryption mechanism is performed by an intermediate storage device associated with one or more of:
- an authorized distributor;
  
  an authorized retailer;
  
  a storage device selected specifically for a particular Internet Service Provider (ISP); and
  
  any medium capable of caching the master-encrypted content and the corresponding user-specific re-encryption key.
23. The apparatus of claim 22, further comprising a sending mechanism, where an intermediate storage device sends the transformed user-specific encrypted content to a client computing device, thereby allowing the client computing device to decrypt the transformed user-specific encrypted content using the user-specific decryption key.
24. The apparatus of claim 17, further comprising a symmetric key mechanism, wherein the received content from the communication mechanism is encrypted using a symmetric key, and wherein the symmetric key has been encrypted using the master encryption key,and wherein the re-encryption mechanism which transforms the received master-encrypted content is further configured to:
- re-encrypt the master-encrypted symmetric key, using the user-specific re-encryption key, to a user-specific encrypted symmetric key,decrypt the re-encrypted symmetric key using the user-specific decryption key, anddecrypt the symmetric key-encrypted content using the decrypted symmetric key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Inventors
Uzun, Ersin

Granted Patent

US 9,407,432 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 63/0478   applying multiple layers of...

H04L 63/062   for key distribution, e.g. ...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/14   using a plurality of keys o...

SYSTEM AND METHOD FOR EFFICIENT AND SECURE DISTRIBUTION OF DIGITAL CONTENT

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR EFFICIENT AND SECURE DISTRIBUTION OF DIGITAL CONTENT

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links