Host device and method for super-distribution of content protected with a localized content encryption key

US 9,015,479 B2
Filed: 12/16/2011
Issued: 04/21/2015
Est. Priority Date: 12/16/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A host device comprising:

one or more memories storing a super-distribution key and a content encryption key; and

a controller in communication with the one or more memories, wherein the controller is operative to;

retrieve content from a storage device, wherein the content is encrypted with the content encryption key;

create a super-distribution token by encrypting the content encryption key with a first encryption key and then encrypting a result of that encryption with the super-distribution key, wherein the super distribution token includes a reference to the first encryption key, wherein the reference is unencrypted; and

store the super-distribution token and the encrypted content retrieved from the source storage device in a target storage device, wherein the target storage device stores a plurality of encryption keys and uses the reference in the super distribution token to select one of the plurality of encryption keys to decrypt the content encryption key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a host device creates a super-distribution token by encrypting a content encryption key with a super-distribution key and stores the super-distribution token and encrypted content retrieved from a source storage device in a target storage device. In another embodiment, a host device provides a super-distribution token to a server, wherein the server is configured to generate an activation token from the super-distribution token, receive the activation token from the server, retrieve a content encryption key from the activation token, and decrypt encrypted content received from a storage device using the content encryption key retrieved from the activation token.

23 Citations

View as Search Results

84 Claims

1. A host device comprising:
- one or more memories storing a super-distribution key and a content encryption key; and
  
  a controller in communication with the one or more memories, wherein the controller is operative to;
  
  retrieve content from a storage device, wherein the content is encrypted with the content encryption key;
  
  create a super-distribution token by encrypting the content encryption key with a first encryption key and then encrypting a result of that encryption with the super-distribution key, wherein the super distribution token includes a reference to the first encryption key, wherein the reference is unencrypted; and
  
  store the super-distribution token and the encrypted content retrieved from the source storage device in a target storage device, wherein the target storage device stores a plurality of encryption keys and uses the reference in the super distribution token to select one of the plurality of encryption keys to decrypt the content encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The host device of claim 1, wherein the controller is further configured to receive data that associates the encrypted content with the super-distribution token so that when the encrypted content is copied from the source storage device, the super-distribution token is also copied.
  - 3. The host device claim 1, wherein a number of copies of the content is pre-authorized.
  - 4. The host device of claim 1, wherein the controller is further operative to receive the super-distribution key from a server.
  - 5. The host device of claim 4, wherein the controller is further operative to provide a credential to the server to prove that the host device is authorized to receive the super-distribution key.
  - 6. The host device of claim 4, wherein the server is unaware of the content encryption key when the server provides the super-distribution key to the host device.
  - 7. The host device of claim 1, wherein the controller is further operative to receive information from a server to import the super-distribution key via the host device.
  - 8. The host device of claim 1, wherein the super-distribution token further comprises additional data, and wherein both the additional data and the content encryption key are encrypted by the super-distribution key.
  - 9. The host device of claim 1, wherein the super-distribution token further comprises additional data, and wherein the super-distribution key is used to encrypt only the content encryption key and the additional data is free of such super-distribution key encryption.
  - 10. The host device of claim 9, wherein the additional data includes at least one of a reference to the super-distribution key, a content ID, a reference to the storage device, and a reference to the target storage device.
  - 11. The host device of claim 1, wherein the controller is further configured to generate the content encryption key.
  - 12. The host device of claim 1, wherein the controller is further configured to receive the content encryption key from a source external to the host device.
  - 13. The host device claim 1, wherein the super-distribution token and the encrypted content are retrieved from the source storage device and stored in a target storage device using a file manager copy command.

14. A method for super-distribution of content, the method comprising:
- performing the following in a host device storing a super-distribution key and a content encryption key, the host device being in communication with a source storage device storing content encrypted with the content encryption key;
  
  creating a super-distribution token by encrypting the content encryption key with a first encryption key and then encrypting a result of that encryption with the super-distribution key, wherein the super distribution token includes a reference to the first encryption key, wherein the reference is unencrypted; and
  
  storing the super-distribution token and the encrypted content retrieved from the source storage device in a target storage device, wherein the target storage device stores a plurality of encryption keys and uses the reference in the super distribution token to select one of the plurality of encryption keys to decrypt the content encryption key.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The method of claim 14 further comprising receiving data that associates the encrypted content with the super-distribution token so that when the encrypted content is copied from the source storage device, the super-distribution token is also copied.
  - 16. The method claim 14, wherein a number of copies of the content is pre-authorized.
  - 17. The method of claim 14 further comprising receiving the super-distribution key from a server.
  - 18. The method of claim 17 further comprising providing a credential to the server to prove that the storage device is authorized to receive the super-distribution key.
  - 19. The method of claim 17, wherein the server is unaware of the content encryption key when the server provides the super-distribution key to the host device.
  - 20. The method of claim 14, wherein the controller is further operative to receive information from a server to import the super-distribution key via the host device.
  - 21. The method of claim 14, wherein the super-distribution token further comprises additional data, and wherein both the additional data and the content encryption key are encrypted by the super-distribution key.
  - 22. The method of claim 14, wherein the super-distribution token further comprises additional data, and wherein the super-distribution key is used to encrypt only content encryption key and the additional data is free of such super-distribution key encryption.
  - 23. The method of claim 22, wherein the additional data includes at least one of a reference to the super-distribution key, a content ID, a reference to the storage device, and a reference to the target storage device.
  - 24. The method of claim 14 further comprising generating the content encryption key.
  - 25. The method of claim 14 further comprising receiving the content encryption key from a source external to the host device.
  - 26. The method claim 14, wherein the super-distribution token and the encrypted content are retrieved from the source storage device and stored in a target storage device using a file manager copy command.

27. A host device comprising:
- a memory storing a super-distribution token and a plurality of additional encryption keys, wherein the super-distribution token comprises a content encryption key encrypted with one of the plurality of additional encryption keys and then encrypted with a super-distribution key; and
  
  a controller in communication with the memory, wherein the controller is operative to;
  
  receive the encrypted content from a storage device, wherein the encrypted content is encrypted with the content encryption key;
  
  provide the super-distribution token to a server, wherein the server is configured to generate an activation token from the super-distribution token by decrypting the super-distribution token with the super-distribution key, wherein the activation token contains the content encryption key encrypted with the one of the plurality of additional encryption keys and further contains a reference to the one of the plurality of additional encryption keys, wherein the reference is unencrypted;
  
  receive the activation token from the server;
  
  select one of the additional keys based on the reference in the activation token;
  
  decrypt the content encryption key from the activation token using the selected one of the additional keys; and
  
  decrypt the encrypted content received from the storage device using the content encryption key.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
- - 28. The host device of claim 27, wherein the encrypted version of the content encryption key is encrypted with a super-distribution key, and wherein the server stores the super-distribution key and is configured to generate the activation token by decrypting the super-distribution token using the super-distribution key.
  - 29. The host device of claim 27, wherein, in addition to the content encryption key, the activation token contains additional data.
  - 30. The host device of claim 29, wherein the additional data includes at least one of a reference to the super-distribution key, a content ID, a reference to the storage device, and a reference to a storage device that was the source of the encrypted content.
  - 31. The host device of claim 27, wherein the activation token contains the content encryption key in clear form.
  - 32. The host device of claim 27, wherein the activation token contains the content encryption key in an encrypted form.
  - 33. The host device of claim 32, wherein the content encryption key is encrypted with a key known to the host device but unknown to the server.
  - 34. The host device of claim 32, wherein the content encryption key is encrypted with a transport encryption key known to the server, and wherein the controller is further configured to decrypt the encrypted content encryption key with the transport encryption key and then re-encrypt the content encryption key with a key unknown to the server.
  - 35. The host device of claim 27, wherein the controller is further operative to provide a credential to the server to prove that the host device is authorized to receive the authorization token.

36. A method for super-distribution of content, the method comprising:
- performing the following in a host device in communication with a storage device storing content encrypted with a content encryption key, wherein the host device stores a plurality of additional encryption keys and a super-distribution token comprising the content encryption key encrypted with one of the plurality of additional encryption keys and then encrypted with a super-distribution key;
  
  providing the super-distribution token to a server, wherein the server is configured to generate an activation token from the super-distribution token by decrypting the super-distribution token with the super-distribution key, wherein the activation token contains the content encryption key encrypted with the one of the plurality of additional encryption keys and further contains a reference to the one of the plurality of additional encryption keys wherein the reference is unencrypted;
  
  receiving the activation token from the server;
  
  selecting one of the additional keys based on the reference in the activation token;
  
  decrypting the content encryption key from the activation token using the selected one of the additional keys; and
  
  decrypting the encrypted content retrieved from the storage device using the content encryption key.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44)
- - 37. The method of claim 36, wherein the encrypted version of the content encryption key is encrypted with a super-distribution key, and wherein the server stores the super-distribution key and is configured to generate the activation token by decrypting the super-distribution token using the super-distribution key.
  - 38. The method of claim 36, wherein, in addition to the content encryption key, the activation token contains additional data.
  - 39. The method of claim 38, wherein the additional data includes at least one of a reference to the super-distribution key, a content ID, a reference to the storage device, and a reference to a storage device that was the source of the encrypted content.
  - 40. The method of claim 36, wherein the activation token contains the content encryption key in clear form.
  - 41. The method of claim 36, wherein the activation token contains the content encryption key in an encrypted form.
  - 42. The method of claim 41, wherein the content encryption key is encrypted with a key known to the host device but unknown to the server.
  - 43. The method of claim 41, wherein the content encryption key is encrypted with a transport encryption key known to the server, and wherein the method further comprises decrypting the encrypted content encryption key with the transport encryption key and then re-encrypting the content encryption key with a key unknown to the server.
  - 44. The method of claim 36 further comprising providing a credential to the server to prove that the host device is authorized to receive the authorization token.

45. A storage device comprising:
- one or more memories storing a super-distribution key and a content encryption key; and
  
  a controller in communication with the one or more memories, wherein the controller is operative to;
  
  create a super-distribution token by encrypting the content encryption key with a first encryption key and then encrypting a result of that encryption with the super-distribution key, wherein the super distribution token includes a reference to the first encryption key, wherein the reference is unencrypted; and
  
  provide the super-distribution token to a host device for storage in a target storage device, wherein the target storage device stores a plurality of encryption keys and uses the reference in the super distribution token to select one of the plurality of encryption keys to decrypt the content encryption key.
- View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
- - 46. The storage device of claim 45, wherein the one or more memories further stores content encrypted with the content encryption key, and wherein the controller is further operative to receive data that associates the encrypted content with the super-distribution token so that when the encrypted content is copied from the storage device, the super-distribution token is also copied.
  - 47. The storage device of claim 45, wherein the one or more memories further stores content encrypted with the content encryption key, and wherein a number of copies of the content is pre-authorized.
  - 48. The storage device of claim 45, wherein the controller is further operative to receive the super-distribution key from a server via the host device.
  - 49. The storage device of claim 48, wherein the controller is further operative to provide a credential to the server to prove that the storage device is authorized to receive the super-distribution key.
  - 50. The storage device of claim 48, wherein the server is unaware of the content encryption key when the server provides the super-distribution key to the host device.
  - 51. The storage device of claim 45, wherein the controller is further operative to receive information from a server to import the super-distribution key via the host device.
  - 52. The storage device of claim 45, wherein the super-distribution token further comprises additional data, and wherein both the additional data and the content encryption key are encrypted by the super-distribution key.
  - 53. The storage device of claim 45, wherein the super-distribution token further comprises additional data, and wherein the super-distribution key is used to encrypt only the content encryption key and the additional data is free of such super-distribution key encryption.
  - 54. The storage device of claim 53, wherein the additional data includes at least one of a reference to the super distribution key, a content ID, a reference to the storage device, and a reference to the target storage device.
  - 55. The storage device of claim 45, wherein the controller is further operative to generate the content encryption key.
  - 56. The storage device of claim 45, wherein the controller is further operative to receive the content encryption key from a source external to the storage device.
  - 57. The storage device of claim 45, wherein the super-distribution key is dynamically generated as a result of an authentication and key exchange process between the storage device and a server.

58. A method for super-distribution of content, the method comprising:
- performing the following in a storage device in communication with a host device, wherein the storage device stores a super-distribution key and a content encryption key;
  
  creating a super-distribution token by encrypting the content encryption key with a first encryption key and then encrypting a result of that encryption with the super-distribution key, wherein the super distribution token includes a reference to the first encryption key, wherein the reference is unencrypted; and
  
  providing the encrypted content and the super-distribution token to the host device for storage in a target storage device, wherein the target storage device stores a plurality of encryption keys and uses the reference in the super distribution token to select one of the plurality of encryption keys to decrypt the content encryption key.
- View Dependent Claims (59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69)
- - 59. The method of claim 58, wherein the storage device further stores content encrypted with the content encryption key, and wherein the method further comprises receiving data that associates the encrypted content with the super-distribution token so that when the encrypted content is copied from the storage device, the super-distribution token is also copied.
  - 60. The method of claim 58, wherein the one or more memories further stores content encrypted with the content encryption key, and wherein a number of copies of the content is pre-authorized.
  - 61. The method of claim 58 further comprising receiving the super-distribution key from a server via the host device.
  - 62. The method of claim 61 further comprising providing a credential to the server to prove that the storage device is authorized to receive the super-distribution key.
  - 63. The method of claim 61, wherein the server is unaware of the content encryption key when the server provides the super-distribution key to the host device.
  - 64. The method of claim 58, wherein the controller is further operative to receive information from a server to import the super-distribution key via the host device.
  - 65. The method of claim 58, wherein the super-distribution token further comprises additional data, and wherein both the additional data and the content encryption key are encrypted by the super-distribution key.
  - 66. The method of claim 58, wherein the super-distribution token further comprises additional data, and wherein the super-distribution key is used to encrypt only content encryption key and the additional data is free of such super-distribution key encryption.
  - 67. The method of claim 66, wherein the additional data includes at least one of a reference to the super-distribution key, a content ID, a reference to the storage device, and a reference to the target storage device.
  - 68. The method of claim 58 further comprising generating the content encryption key.
  - 69. The method of claim 58 further comprising receiving the content encryption key from a source external to the storage device.

70. A storage device comprising:
- one or more memories storing content encrypted with a content encryption key, a plurality of additional encryption keys, and a super-distribution token, wherein the super-distribution token comprises the content encryption key encrypted with one of the plurality of additional encryption keys and then encrypted with a super-distribution key; and
  
  a controller in communication with the one or more memories, wherein the controller is operative to;
  
  provide the super-distribution token to a server via a host device, wherein the server is operative to generate an activation token from the super-distribution token by decrypting the super-distribution token with the super-distribution key, wherein the activation token contains the content encryption key encrypted with the one of the plurality of additional encryption keys and further contains a reference to the one of the plurality of additional encryption keys, wherein the reference is unencrypted;
  
  receive the activation token from the server via the host device;
  
  select one of the additional keys based on the reference in the activation token;
  
  decrypt the content encryption key from the activation token using the selected one of the additional keys; and
  
  decrypt the encrypted content using the content encryption key.
- View Dependent Claims (71, 72, 73, 74, 75, 76)
- - 71. The storage device of claim 70, wherein a number of copies of the content is pre-authorized.
  - 72. The storage device of claim 70, wherein the encrypted version of the content encryption key is encrypted with a super-distribution key.
  - 73. The storage device of claim 70, wherein, in addition to the content encryption key, the activation token contains additional data.
  - 74. The storage device of claim 70, wherein the additional data includes at least one of a reference to the super-distribution key, a content ID, a reference to the storage device, and a reference to a storage device that was the source of the encrypted content.
  - 75. The storage device of claim 70, wherein the activation token is encrypted with a transport encryption key known to the server, and wherein the controller is further operative to decrypt the encrypted activation token with the transport encryption key.
  - 76. The storage device of claim 70, wherein the controller is further operative to provide a credential to the server to prove that the storage device is authorized to receive the authorization token.

77. A method for super-distribution of content, the method comprising:
- performing the following in a storage device in communication with a host device, wherein the storage device stores content encrypted with a content encryption key, a plurality of additional encryption keys, and a super-distribution token, and wherein the super-distribution token comprises the content encryption key encrypted with one of the plurality of additional encryption keys and then encrypted with a super-distribution key;
  
  providing the super-distribution token to a server via the host device, wherein the server is operative to generate an activation token from the super-distribution token by decrypting the super-distribution token with the super-distribution key, and wherein the activation token contains the content encryption key encrypted with the one of the plurality of additional encryption keys and further contains a reference to the one of the plurality of additional encryption keys, wherein the reference is unencrypted;
  
  receiving the activation token from the server via the host device;
  
  selecting one of the additional keys based on the reference in the activation token;
  
  decrypting the content encryption key from the activation token using the selected one of the additional keys; and
  
  decrypting the encrypted content using the content encryption key.
- View Dependent Claims (78, 79, 80, 81, 82, 83, 84)
- - 78. The method of claim 77, wherein a number of copies of the content is pre-authorized.
  - 79. The method of claim 77, wherein the encrypted version of the content encryption key is encrypted with a super-distribution key.
  - 80. The method of claim 77, wherein, in addition to the content encryption key, the activation token contains additional data.
  - 81. The method of claim 80, wherein the additional data includes at least one of a reference to the super-distribution key, a content ID, a reference to the storage device, and a reference to a storage device that was the source of the encrypted content.
  - 82. The method of claim 77, wherein the activation token is encrypted with a transport encryption key known to the server, and wherein the method further comprises decrypting the encrypted activation token with the transport encryption key.
  - 83. The method of claim 77 further comprising providing a credential to the server to prove that the storage device is authorized to receive the authorization token.
  - 84. The method of claim 77, wherein a number of copies of the content is pre-authorized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Inventors
Jogand-Coulomb, Fabrice E., Hutton, Henry R., Lin, Jason T., Halpern, Joseph E., Sela, Rotem
Primary Examiner(s)
Chao, Michael
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US13/328,823
Publication Number

US 20130159707A1
Time in Patent Office

1,222 Days
Field of Search

713/164, 713/156, 380/277, 380/278, 380/44, 705/51, 705/59, 705/64, 705/71
US Class Current

713/164
CPC Class Codes

G06F 21/10 Protecting distributed prog...

Host device and method for super-distribution of content protected with a localized content encryption key

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

84 Claims

Specification

Solutions

Use Cases

Quick Links

Host device and method for super-distribution of content protected with a localized content encryption key

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

84 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links