SYSTEM AND METHOD FOR EFFICIENT AND SECURE DISTRIBUTION OF DIGITAL CONTENT
First Claim
1. A computer-implemented method for processing encrypted content, the method comprising:
- receiving, in response to a request for content, master-encrypted content which has been encrypted based on a master encryption key;
obtaining a user-specific re-encryption key; and
re-encrypting the master-encrypted content by using the user-specific re-encryption key to transform the master-encrypted content to a user-specific encrypted content, which can only be decrypted by a user-specific decryption key, thereby facilitating secure distribution of user-specific content without requiring a content source to distribute user-specific encrypted content.
3 Assignments
0 Petitions
Accused Products
Abstract
One embodiment provides a system for processing encrypted content. During operation, a client computing device determines a request for content based on the identity of the user or the client computing device. Content is received which has been encrypted using a master encryption, where the master encryption key is not known to the client computing device. The client computing device generates an interest packet that includes a request for a user-specific re-encryption key, and, based on the information in the interest packet, receives a content object that includes the user-specific re-encryption key. The client computing device decrypts the master-encrypted content by: re-encrypting the master-encrypted content, using the user-specific re-encryption key to transform the master-encrypted content to a user-specific encrypted content; and decrypting the transformed user-specific encrypted content using a user-specific key. This thereby facilitates the secure distribution of user-specific content without requiring a content source to distribute user-specific encrypted content.
23 Citations
24 Claims
-
1. A computer-implemented method for processing encrypted content, the method comprising:
-
receiving, in response to a request for content, master-encrypted content which has been encrypted based on a master encryption key; obtaining a user-specific re-encryption key; and re-encrypting the master-encrypted content by using the user-specific re-encryption key to transform the master-encrypted content to a user-specific encrypted content, which can only be decrypted by a user-specific decryption key, thereby facilitating secure distribution of user-specific content without requiring a content source to distribute user-specific encrypted content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method, the method comprising:
-
receiving, in response to a request for content, master-encrypted content which has been encrypted based on a master encryption key; obtaining a user-specific re-encryption key; and re-encrypting the master-encrypted content by using the user-specific re-encryption key to transform the master-encrypted content to a user-specific encrypted content, which can only be decrypted by a user-specific decryption key, thereby facilitating secure distribution of user-specific content without requiring a content source to distribute user-specific encrypted content. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A apparatus to process encrypted content, comprising:
-
a communication mechanism to receive, in response to a request for content, master-encrypted content which has been encrypted based on a master encryption key; a re-encryption key obtaining mechanism to obtain a user-specific re-encryption key; and a re-encryption mechanism to re-encrypt the master-encrypted content by using the user-specific re-encryption key to transform the master-encrypted content to a user-specific encrypted content, which can only be decrypted by a user-specific decryption key, thereby facilitating the secure distribution of user-specific content without requiring a content source to distribute user-specific encrypted content. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
receiving a content object, based on the information in the interest packet, that includes the user-specific re-encryption key; and a decryption mechanism to decrypt the transformed user-specific encrypted content by using the user-specific decryption key.
-
-
19. The apparatus of claim 18, wherein the generated interest packet comprises one or more of:
-
a public key of the user; and a name for the content corresponding to the requested user-specific re-encryption key.
-
-
20. The apparatus of claim 18, wherein the generated interest packet comprises authentication information relating to the user.
-
21. The apparatus of claim 18, further comprising a pricing and payment mechanism to:
-
receive, by the client computing device, a content object that includes information relating to pricing, based on the information in the interest packet; and generate another interest packet that includes information relating to payment.
-
-
22. The apparatus of claim 17, wherein the re-encrypting of the master-encrypted content by the re-encryption mechanism is performed by an intermediate storage device associated with one or more of:
-
an authorized distributor; an authorized retailer; a storage device selected specifically for a particular Internet Service Provider (ISP); and any medium capable of caching the master-encrypted content and the corresponding user-specific re-encryption key.
-
-
23. The apparatus of claim 22, further comprising a sending mechanism, where an intermediate storage device sends the transformed user-specific encrypted content to a client computing device, thereby allowing the client computing device to decrypt the transformed user-specific encrypted content using the user-specific decryption key.
-
24. The apparatus of claim 17, further comprising a symmetric key mechanism, wherein the received content from the communication mechanism is encrypted using a symmetric key, and wherein the symmetric key has been encrypted using the master encryption key,
and wherein the re-encryption mechanism which transforms the received master-encrypted content is further configured to: -
re-encrypt the master-encrypted symmetric key, using the user-specific re-encryption key, to a user-specific encrypted symmetric key, decrypt the re-encrypted symmetric key using the user-specific decryption key, and decrypt the symmetric key-encrypted content using the decrypted symmetric key.
-
Specification