US2010017627A1PendingUtilityA1
Ensuring authenticity in a closed content distribution system
Est. expiryFeb 7, 2023(expired)· nominal 20-yr term from priority
H04L 9/3247H04L 2209/60G06F 21/602G06F 21/105H04L 9/16G06F 2212/402H04L 9/0891H04L 9/0861G06F 21/78H04L 9/0894G06F 21/107G06F 21/1011
55
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A technique for maintaining encrypted content received over a network in a secure processor without exposing a key used to decrypt the content in the clear is disclosed.
Claims
exact text as granted — not AI-modified1 . A method comprising:
receiving encrypted content at a secure processor, said secure processor having at least some secure individualized information maintained therein, said secure processor being capable of interpreting said content for presentation; receiving a license for the content at said secure processor, said license including a first decryption key for said encrypted content and information sufficient to verify that the content is authentic at said secure processor; verifying at said secure processor authenticity of the content, using the information sufficient to verify that the content is authentic; generating a second decryption key at said secure processor, in response to verifying authenticity of the content, said second decryption key being independent of said first decryption key, wherein the second decryption key is stored in secure memory and is secure against discovery outside said secure processor; re-encrypting the content at said secure processor using said second decryption key.
2 . The method of claim 1 , further comprising receiving the encrypted content in portions, where a signature is associated with each portion.
3 . The method of claim 1 , further comprising delivering physical media having information readable therefrom.
4 . The method of claim 1 , further comprising enforcing re-encrypting the content with security software before using said secure processor to interpret the content.
5 . The method of claim 1 , further comprising verifying that said content is authentic occurs before using said secure processor to interpret said content.
6 . The method of claim 1 , further comprising maintaining at least a portion of a result of said re-encrypting said content secure against discovery outside said secure processor.
7 . The method of claim 1 , further comprising decrypting said encrypted content using the first decryption key.
8 . The method of claim 1 , further comprising decrypting the re-encrypted content using the second decryption key and consuming the content.
9 . The method of claim 1 , further comprising:
storing the re-encrypted content; maintaining an association between the re-encrypted content and the second decryption key outside of the secure memory.
10 . The method of claim 1 , further comprising:
retrieving the re-encrypted content from external storage; retrieving an association between the re-encrypted content and the second decryption key; decrypting the re-encrypted content with the second decryption key.
11 . The method of claim 1 , wherein received content is determined to be the re-encrypted content, further comprising:
storing the re-encrypted content without generating a third decryption key and without re-encrypting the content again; maintaining, outside of the secure memory, an association between the second decryption key and the re-encrypted content.
12 . The method of claim 1 , further comprising disposing of content that is not determined to be authentic.
13 . A method comprising:
receiving content that has been encrypted; receiving a license for the content, said license including a first key that can be used to decrypt the encrypted content and a signature that can be used to verify the content is authentic; generating a second key; decrypting the encrypted content using the first key; re-encrypting the content, using the second key; checking authenticity of the content, using the signature in the license; if the content is authenticated:
storing the second key in secure memory for future decryption of the content;
decrypting the content using the second key;
presenting the content;
wherein the second key is not stored if the content is not authenticated.
14 . The method of claim 13 , further comprising: receiving the encrypted content in portions, where a signature is associated with each portion.
15 . The method of claim 13 , further comprising generating the second key within the secure processor; prohibiting sending of the second key outside of the secure processor.
16 . The method of claim 13 , wherein the content is first content, further comprising:
receiving second content; failing to determine the second content is authentic; disposing of the second content.
17 . The method of claim 13 , further comprising:
receiving the re-encrypted content at a later time; storing the re-encrypted content without re-encrypting the re-encrypted content; maintaining an association between the second key and the re-encrypted content outside of the secure processor.
18 . The method of claim 13 , further comprising:
retrieving the re-encrypted content from outside of the secure processor; retrieving an association between the re-encrypted content and the second key from outside of the secure processor; decrypting the re-encrypted content inside the secure processor using the second key; consuming the content within the secure processor.
19 . A method comprising:
receiving content that has been encrypted; receiving a license for the content, said license including a first key that can be used to decrypt the encrypted content and a signature that can be used to verify the content is authentic; decrypting the encrypted content using the first key; verifying authenticity of the content, using the signature; if authenticity is verified:
generating a second key at a secure processor;
re-encrypting the content using the second key at the secure processor;
maintaining the second key at the secure processor, wherein the second key is never stored in the clear, and wherein never storing a key in the clear includes storing the key only in secure memory;
decrypting the content using the second key at the secure processor;
presenting the content.
20 . The method of claim 19 , further comprising deleting the content if authenticity is not verified.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.