Systems, methods, and media for adding an additional level of indirection to title key encryption
Abstract
Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key.
Claims
exact text as granted — not AI-modified1 . A method for encrypting one or more content files, the method comprising:
generating by a cryptographic system a binding key based on binding information; encrypting by the cryptographic system a secret key with the binding key, the secret key being associated with the one or more content files; generating by the cryptographic system a title key associated with at least one content file; encrypting by the cryptographic system the title key with the secret key; and encrypting by the cryptographic system the at least one content file with the title key.
2 . The method of claim 1 , further comprising:
receiving by the cryptographic system an indication that the binding information has changed from a source; generating by the cryptographic system a new binding key based on the new changed binding information; re-encrypting by the cryptographic system the secret key with the new binding key; and updating by the cryptographic system a state of the one or more content files in response to the re-encrypted secret key.
3 . The method of claim 1 , further comprising storing by the cryptographic system one or more of the encrypted content, the encrypted title key, and the encrypted secret key.
4 . The method of claim 1 , further comprising transmitting by the cryptographic system one or more of the encrypted content, the encrypted title key, and the encrypted secret key.
5 . The method of claim 1 , further comprising updating by the cryptographic system a state of the one or more content files in response to the secret key.
6 . The method of claim 1 , wherein the generating the binding key step comprises:
wherein the binding information comprises a media key block and a binding identifier; processing by the cryptographic system the media key block using a set of device keys to produce a media key; and producing by the cryptographic system the binding key based on the media key and the binding identifier.
7 . The method of claim 1 , wherein the generating the binding key step comprises performing a Diffie-Hellman key exchange by the cryptographic system to establish a session key, wherein the established session key is used as the binding key.
8 . The method of claim 1 , wherein the generating the binding key step comprises performing a Public Key-Private Key exchange by the cryptographic system to establish a session key, wherein the established session key is used as the binding key.
9 . The method of claim 1 , wherein the one or more content files comprises one or more of an audio data file, a video data file, a media data file, a streaming media file, an application file, a text file, or a graphic file.
10 . A method for decrypting an encrypted content file, the method comprising:
accessing by a cryptographic system an encrypted secret key and an encrypted title key; generating by the cryptographic system a binding key based on binding information; decrypting by the cryptographic system the encrypted secret key with the binding key to recover a secret key; decrypting by the cryptographic system the encrypted title key with the secret key to recover a title key; and decrypting by the cryptographic system the encrypted content with the title key.
11 . The method of claim 10 , wherein the accessing step comprises receiving by the cryptographic system the encrypted secret key and the encrypted title key from a source.
12 . The method of claim 10 , wherein the generating the binding key step comprises receiving by the cryptographic system the binding information from a source.
13 . The method of claim 10 , wherein the generating the binding key step comprises:
wherein the binding information comprises a media key block and a binding identifier; processing by the cryptographic system the media key block using a set of device keys to produce a media key; and producing by the cryptographic system the binding key based on the media key and the binding identifier.
14 . The method of claim 10 , wherein the generating the binding key step comprises performing a Diffie-Hellman key exchange by the cryptographic system to establish a session key, wherein the established session key is used as the binding key.
15 . The method of claim 10 , wherein the generating the binding key step comprises performing a Public Key-Private Key exchange by the cryptographic system to establish a session key, wherein the established session key is used as the binding key.
16 . A data processing system for encrypting one or more content files, the system comprising:
a reception system, the reception system being adapted to receive information from a source; a transmission system, the transmission system being adapted to transmit information to a recipient; a binding key system, the binding key system being adapted to generate a binding key from binding information; a secret key system, the secret key system being adapted to access a secret key and to encrypt the secret key using the generated binding key; a title key system, the title key system being adapted to generate a title key and to encrypt the title key with the secret key; and an encryption/decryption system, the encryption/decryption system being adapted to encrypt the one or more content files using the title key.
17 . The system of claim 16 , wherein the reception system is further adapted to receive an indication that the binding information has changed.
18 . The system of claim 16 , wherein the binding information comprises a media key block and a binding identifier, and wherein the binding system is further adapted to process the media key block using a set of device keys to produce a media key and to produce the binding key based on the media key and the binding identifier.
19 . The method of claim 16 , wherein the binding system is further adapted to perform a two-way key exchange to establish a session key, and wherein the established session key is used as the binding key.
20 . The system of claim 16 , wherein the secret key system is further adapted to decrypt an encrypted secret key, wherein further the title key system is further adapted to decrypt the encrypted title key with the secret key, and wherein further the encryption/decryption system is further adapted to decrypt the one or more content files using the title key.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.