Using smartcards or other cryptographic modules for enabling connected devices to access encrypted audio and visual content
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04N-007/167
H04L-009/30
H04L-009/28
출원번호
US-0695256
(2003-10-27)
발명자
/ 주소
Kocher,Paul C.
Jaffe,Joshua M.
Jun,Benjamin C.
출원인 / 주소
Cryptography Research, Inc.
대리인 / 주소
Sonnenschein Nath &
인용정보
피인용 횟수 :
20인용 특허 :
49
초록▼
To prevent piracy, audiovisual content is encrypted prior to transmission to consumers. A low-cost, high-security cryptographic rights module (such as a smartcard) enables devices such as players/displays to decode such content. Security-critical functions may be performed by the cryptographic modul
To prevent piracy, audiovisual content is encrypted prior to transmission to consumers. A low-cost, high-security cryptographic rights module (such as a smartcard) enables devices such as players/displays to decode such content. Security-critical functions may be performed by the cryptographic module in a manner that allows security compromises to be addressed by upgrading or replacing cryptographic modules, thereby avoiding the need to replace or modify other (typically much higher-cost) components. The security module contains cryptographic keys, which it uses to process rights enablement messages (REMs) and key derivation messages (KDMs). From a REM and KDM, the security module derives key data corresponding to content, uses public key and/or symmetric cryptography to re-encrypt the derived key data for another device, and provides the re-encrypted key data to the decoding device. The decoding device then uses cryptographic values derived from the re-encrypted key data to decrypt the content.
대표청구항▼
We claim: 1. A method for using a removable cryptographic module to enable a second device to obtain secure access to encrypted compressed digital video content, comprising: (a) receiving a rights enablement datum and a key derivation datum into said removable cryptographic module, where (i) said r
We claim: 1. A method for using a removable cryptographic module to enable a second device to obtain secure access to encrypted compressed digital video content, comprising: (a) receiving a rights enablement datum and a key derivation datum into said removable cryptographic module, where (i) said rights enablement datum includes an encrypted representation of a key enabling decryption of said key derivation datum, and (ii) said key derivation datum includes an encrypted representation of a key enabling said second device to decrypt said encrypted content; (b) said cryptographic module transforming said rights enablement datum, using a key stored in said cryptographic module, to determine said key enabling decryption of said key derivation datum; (c) said cryptographic module transforming said key derivation datum, using said key enabling decryption of said key derivation datum, to determine an initial content decryption key; (d) said cryptographic module re-encrypting said initial content decryption key to produce a re-encrypted content decryption key datum, where: (i) said re-encrypted key datum enables said second device to decrypt said encrypted compressed digital video content, and (ii) said re-encrypting is secured by a public key corresponding to said second device; and (e) transmitting said re-encrypted content decryption key datum to said second device. 2. The method of claim 1 where said re-encryption includes directly encrypting said initial content decryption key using said public key. 3. The method of claim 1 further comprising: (i) said second device transforming said re-encrypted content decryption key datum to determine a key for decrypting said content; and (ii) said second device decrypting said content. 4. The method of claim 3 further comprising said second device uncompressing said decrypted content. 5. The method of claim 3 where said transforming said re-encrypted content decryption key includes: (i) decrypting said re-encrypted content decryption key to recover said initial content decryption key; (ii) computing an exclusive OR of (A) said initial content decryption key and (B) an additional secret parameter; and (iii) using a result of said exclusive OR operation as a key to decrypt said content. 6. The method of claim 5 where said removable cryptographic module is a smart card. 7. The method of claim 5 where said decrypting said re-encrypted key is performed using a RSA public key cryptosystem. 8. The method of claim 1 where said transforming said rights enablement datum includes using a symmetric block cipher to decrypt at least a portion of said rights enablement datum. 9. The method of claim 8 where said cryptographic module includes randomized hardware logic for a pseudoasymmetric transformation, and where said symmetric block cipher computation includes said randomized hardware transformation. 10. The method of claim 1 where said removable cryptographic module is a smart card. 11. A removable cryptographic device for enabling at least a second device to obtain secure access to encrypted compressed digital video content, comprising: (a) a nonvolatile memory; (b) a key stored in said nonvolatile memory; (c) cryptographic logic configured to use said stored key to transform a rights enablement datum to determine a second key, where said second key enables decryption of a key derivation datum; (d) cryptographic logic configured to use said second key to transform a key derivation datum to determine an initial content decryption key; (e) cryptographic logic configured to re-encrypt said initial content decryption key in a manner secured using a public key corresponding to said second device; and (f) an interface for communicating with said second device, configured to transmit said re-encrypted initial content decryption key to said second device. 12. The device of claim 11 configured as a smart card connectable to said second device. 13. The device of claim 12 where said second device includes: (i) an interface for receiving said encrypted compressed video content; (ii) a smart card interface for communicating with said cryptographic device, configured to receive said re-encrypted initial content decryption key; (iii) high-speed decryption logic configured to decrypt said content using a key derived from said re-encrypted initial content decryption key; and (iv) video decompression logic configured to decompress said decrypted content. 14. The device of claim 13 where said decryption logic is configured to decrypt said content using a key computed as an exclusive OR of (A) a result of decrypting said re-encrypted initial content decryption key and (B) at least one additional secret parameter. 15. A removable cryptographic module enabling an associated device to obtain secure access to encrypted compressed digital video content, comprising: (a) means for receiving a rights enablement datum and a key derivation datum into said removable cryptographic module; (b) means for transforming said rights enablement datum, using a key stored in said cryptographic module, to determine a key enabling decryption of said key derivation datum; (c) means for transforming said key derivation datum, using said key enabling decryption of said key derivation datum, to determine an initial content decryption key; (d) means for re-encrypting said initial content decryption key to produce a re-encrypted content decryption key datum, where: (i) said re-encrypted key datum enables said associated device to decrypt said encrypted compressed digital video content, and (ii) said re-encrypting is secured by a public key corresponding to said associated device; and (e) means for transmitting said re-encrypted content decryption key datum to said associated device. 16. The removable cryptographic module of claim 15 where said means for re-encrypting includes means for directly encrypting said initial content decryption key using said public key. 17. The removable cryptographic module of claim 15 further comprising: (i) means, within said associated device, for transforming said re-encrypted content decryption key datum to determine a key for decrypting said content; and (ii) means, within said associated device, for decrypting said content. 18. The removable cryptographic module of claim 15 where said means for transforming said rights enablement datum includes means for using a symmetric block cipher to decrypt at least a portion of said rights enablement datum. 19. A removable cryptographic device for enabling at least one associated device to obtain secure access to encrypted compressed digital video content, comprising: (a) nonvolatile means for storing a key; (b) means for using said stored key to transform a rights enablement datum to determine a second key, where said second key enables decryption of a key derivation datum; (c) means for using said second key to transform a key derivation datum to determine an initial content decryption key; (e) means for re-encrypting said initial content decryption key in a manner secured using a public key corresponding to said associated device; and (f) means for transmitting said re-encrypted initial content decryption key to said associated device. 20. The device of claim 19 configured as a smart card connectable to said associated device.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (49)
Timson Colin J.,GBX ; Yap Chas Hock Eng,GBX ; Kelly Sean,GBX, Apparatus and method for providing access to secured data or area.
Dorak John ; Cook Ross L. ; Gruse George G. ; Nguyen Minhtam ; Tsevdos James T. ; Waefler Susan Elizabeth, Cartridge manufacturing system for game programs.
Gammie Keith (Markham CAX) Yoneda Robert K. (Toronto CAX) Woo Arthur (Scarborough CAX) Sheldrick Wayne (Don Mills CAX), Independent external security module for a digitally upgradeable television signal decoder.
Hawe William R. (Pepperell MA) Lampson Butler W. (Cambridge MA) Gupta Amar (Northboro MA), Method and apparatus for end-to-end encryption of a data packet in a computer network.
Takashima Youichi (Kanagawaken JPX) Ishii Shinji (Kanagawaken JPX) Yamanaka Kiyoshi (Kanagawaken JPX), Method and system for digital information protection.
Handelman Doron,ILX ; Kranc Moshe,ILX ; Fink David,ILX ; Zucker Arnold,ILX ; Smith Perry,ILX ; Bar-on Gerson,ILX, Secure access system utilizing an access card having more than one embedded integrated circuit and/or plurality of secu.
Blumenthal Michael S. ; Barthel Daniel J. ; Newman Bruce ; Newman Brenda S., Secured electronic information delivery system having a three-tier structure.
Padmanabhan Gobi R. ; Zelayeta Joseph M. ; Yegnashankaran Visvamohan ; Hively James W. ; Daane John P., Semiconductor chip having identification/encryption code.
Gilhousen Klein S. (San Diego CA) Newby ; Jr. Charles F. (El Cajon CA) Moerder Karl E. (Poway CA), Signal encryption and distribution system for controlling scrambling and selective remote descrambling of television sig.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
DeStefano, Jason Michael; Mojsa, Tomasz Mariusz; Schabo Grabowski, Thomas Hunt, Method and apparatus for retrieving and combining summarized log data in a distributed log data processing system.
Bridgford, Brendan K.; Moore, Jason J.; Trimberger, Stephen M.; Edwards, Eric E., Method and integrated circuit for protecting against differential power analysis attacks.
Trimberger, Stephen M., Programmable integrated circuit and a method of enabling the detection of tampering with data provided to a programmable integrated circuit.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.