Method for securely distributing a conditional use private key to a trusted entity on a remote system
DC CAFCFirst Claim
1. A method of securely distributing data comprising:
- generating an asymmetric key pair having a public key and a private key;
encrypting predetermined data with the generated public key; and
building an executable tamper resistant key module identified for a selected program, the executable tamper resistant key module including the generated private key and the encrypted predetermined data.
5 Assignments
Litigations
2 Petitions
Accused Products
Abstract
Secure distribution of a private key to a user'"'"'s application program (also called a "trusted player" such as a DVD player or CD-ROM player) with conditional access based on verification of the trusted player'"'"'s integrity and authenticity is provided. Once validated, the trusted player uses the private key to decrypt encrypted digital content. The private key is dynamically generated, associated with specific digital content, and communicated in real-time from a server to the trusted player in a secure manner, thereby controlling access to encrypted digital content. The key is wrapped into an executable tamper resistant key module in which the key can only be used by the right trusted player as determined by the server based on user requests and payment. The key module plugs in to the trusted player and executes to validate the player and decrypt the content. The integrity of the trusted player is correlated to its ability to perform a cryptographic operation using an asymmetric key pair in a manner that is tamper resistant, thereby preventing an unencrypted copy of digital content to be made.
916 Citations
37 Claims
-
1. A method of securely distributing data comprising:
-
generating an asymmetric key pair having a public key and a private key; encrypting predetermined data with the generated public key; and building an executable tamper resistant key module identified for a selected program, the executable tamper resistant key module including the generated private key and the encrypted predetermined data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method of distributing a conditional use private key to a program on a remote system comprising:
-
generating an asymmetric key pair having a public key and a private key; encrypting predetermined data with the generated public key; building an executable tamper resistant key module identified for the program, the executable tamper resistant key module including the generated private key and the encrypted predetermined data; sending the executable tamper resistant key module to the remote system; executing the executable tamper resistant key module on the remote system to check the integrity and authenticity of the program, and the integrity of the tamper resistant key module; and decrypting the encrypted predetermined data with the generated private key when the program is authentic and the program'"'"'s integrity is validated and the tamper resistant key module'"'"'s integrity is validated.
-
-
20. A method of distributing a conditional use private key from a server system to a trusted player on a client system for providing authorized access to selected encrypted digital content comprising:
-
receiving a request from the trusted player for access to selected encrypted digital content on the client system; generating an asymmetric key pair having a public key and a private key; encrypting predetermined data with the generated public key; building an executable tamper resistant key module identified for the trusted player, the executable tamper resistant key module including the generated private key and the encrypted predetermined data; sending the executable tamper resistant key module to the client system; executing the executable tamper resistant key module on the client system as part of the trusted player to check the integrity and authenticity of the trusted player, and the integrity of the tamper resistant key module; and decrypting the encrypted predetermined data with the generated private key when the trusted player is authentic and the trusted player'"'"'s integrity is validated and the tamper resistant key module'"'"'s integrity is validated. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
-
27. A machine readable medium having stored therein a plurality of machine readable instructions for execution by a processing unit, the machine readable instructions for generating an asymmetric key pair having a public key and a private key;
- for encrypting predetermined data with the generated public key;
for building an executable tamper resistant key module identified for a selected program on a remote system, the executable tamper resistant key module including the generated private key and the encrypted predetermined data; and
for sending the executable tamper resistant key module to the remote system to verify the authenticity and integrity of the program operating on the remote system and decrypt the encrypted predetermined data when the program is validated.
- for encrypting predetermined data with the generated public key;
-
28. A machine readable medium having stored therein a plurality of machine readable instructions for execution by a plurality of processing units, the machine readable instructions for generating an asymmetric key pair having a public key and a private key;
- for encrypting predetermined data with the generated public key;
for building an executable tamper resistant key module identified for a program on a remote system, the executable tamper resistant key module including the generated private key and the encrypted predetermined data;
for sending the executable tamper resistant key module to a remote system, for executing the executable tamper resistant key module by a processing unit on the remote system to check the integrity and authenticity of the program, and the integrity of the tamper resistant key module; and
for decrypting the encrypted predetermined data with the generated private key when the program is authentic, the program'"'"'s integrity is validated and the tamper resistant key module is validated.
- for encrypting predetermined data with the generated public key;
-
29. An apparatus for secure distribution of data comprising:
-
a processor for executing programming instructions; and a storage medium having stored thereon a plurality of programming instructions for execution by the processor, the programming instructions generating an asymmetric key pair having a public key and a private key, encrypting predetermined data with the generated public key, and building an executable tamper resistant key module identified for a program, the executable tamper resistant key module including the generated private key and the encrypted predetermined data. - View Dependent Claims (30)
-
-
31. A system for secure distribution of data comprising:
-
a first system comprising a first processor for executing a first set of programming instructions, and a first storage medium having stored thereon the first set of programming instructions for execution by the first processor, the first set of programming instructions generating an asymmetric key pair having a public key and a private key, encrypting predetermined data with the generated public key, and building an executable tamper resistant key module, the executable tamper resistant key module including the generated private key and the encrypted predetermined data; and a second system comprising a second processor for executing a second set of programming instructions, and a second storage medium having stored thereon the second set of programming instructions for execution by the second processor, the second set of programming instructions for operating as a trusted player of digital content, for receiving the executable tamper resistant key module from the first system, for executing the executable tamper resistant key module to check the integrity and authenticity of the trusted player, and the integrity of the tamper resistant key module; and
for decrypting the encrypted predetermined data with the generated private key when the trusted player is authentic and the trusted player'"'"'s integrity is validated and the tamper resistant key module is validated. - View Dependent Claims (32, 33)
-
-
34. A method of securely distributing data encrypted by a public key of an asymmetric key pair comprising:
-
building an executable tamper resistant key module identified for a selected program resident on a remote system, the executable tamper resistant key module including a private key of the asymmetric key pair and the encrypted data; and sending the executable tamper resistant key module to the remote system.
-
-
35. A method of receiving and accessing data encrypted by a public key of an asymmetric key pair comprising:
-
receiving an executable tamper resistant key module identified for a selected program, the executable tamper resistant key module including a private key of the asymmetric key pair and the encrypted data; executing the executable tamper resistant key module to check the integrity and authenticity of the selected program and the integrity of the tamper resistant key module; and decrypting the encrypted data with the private key when the selected program is authentic, the program'"'"'s integrity is validated, and the tamper resistant key module'"'"'s integrity is validated.
-
-
36. An article comprising a machine readable medium having stored therein a plurality of machine readable instructions for execution by a processing unit, the machine readable instructions for building an executable tamper resistant key module identified for a selected program resident on a remote system, the executable tamper resistant key module including a private key of an asymmetric key pair and data encrypted by a public key of the asymmetric key pair, and for sending the executable tamper resistant key module to the remote system.
-
37. An article comprising a machine readable medium having stored therein a plurality of machine readable instructions for execution by a processing unit, the machine readable instructions for receiving an executable tamper resistant key module identified for a selected program, the executable tamper resistant key module including a private key of an asymmetric key pair and data encrypted by a public key of the asymmetric key pair, for initiating execution of the executable tamper resistant key module to check the integrity and authenticity of the selected program and the integrity of the tamper resistant key module, and for decrypting the encrypted data with the private key when the selected program is authentic, the program'"'"'s integrity is validated, and the tamper resistant key module'"'"'s integrity is validated.
Specification