Ensuring authenticity in a closed content distribution system
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
G06F-021/10
H04L-009/32
G06F-021/78
H04L-009/08
출원번호
US-0131883
(2016-04-18)
등록번호
US-9646142
(2017-05-09)
발명자
/ 주소
Princen, John
Srinivasan, Pramila
Blythe, David
Yen, Wei
출원인 / 주소
Acer Cloud Technology Inc.
대리인 / 주소
Sheppard, Mullin, Richter & Hampton LLP
인용정보
피인용 횟수 :
0인용 특허 :
133
초록
A technique for maintaining encrypted content received over a network in a secure processor without exposing a key used to decrypt the content in the clear is disclosed.
대표청구항▼
1. A method comprising: receiving encrypted content at a secure processor in a closed content distribution system, the secure processor comprising secure memory secured against inspection and intrusion outside the secure processor, having at least some secure individualized information maintained th
1. A method comprising: receiving encrypted content at a secure processor in a closed content distribution system, the secure processor comprising secure memory secured against inspection and intrusion outside the secure processor, having at least some secure individualized information maintained therein, the secure processor being capable of interpreting the encrypted content for presentation, the secure processor maintaining executive control capable of preventing the individualized information from being disclosed outside the secure memory;receiving, at a first time, a dynamic conditional license for the encrypted content at the secure processor, the dynamic conditional license including a first decryption key for the encrypted content and information sufficient to verify that one or more signatures of chunks of data represented in decrypted content represented by the encrypted content is authentic at the secure processor, the dynamic conditional license facilitating access to the encrypted content based on dynamic modification of rights to the encrypted content at the first time, and the dynamic conditional license facilitating the access to the encrypted content after the first time and before occurrence of a specified usage condition related to usage of the encrypted content;verifying at the secure processor authenticity of the decrypted content, using the information sufficient to verify that the decrypted content is authentic, wherein verifying the authenticity of the decrypted content comprises verifying that the one or more signatures of the chunks of data represented in the decrypted content are valid;generating a second decryption key at the secure processor, in response to verifying the authenticity of the decrypted content at the secure processor, the second decryption key being independent of the first decryption key;storing the second decryption key in the secure memory of the secure processor so as to secure the second decryption key against discovery outside the secure processor;re-encrypting the decrypted content at the secure processor using the second decryption key, to provide re-encrypted content based on the re-encryption. 2. The method of claim 1, further comprising receiving the encrypted content in portions, wherein a signature is associated with each portion. 3. The method of claim 1, further comprising delivering physical media having information readable therefrom. 4. The method of claim 1, further comprising enforcing re-encrypting the content with security software before using the secure processor to interpret the content. 5. The method of claim 1, wherein verifying that the decrypted content is authentic occurs before storing the second decryption key in the secure memory. 6. The method of claim 1, further comprising maintaining at least a portion of a result of the re-encrypting the decrypted content secure against discovery outside the secure processor. 7. The method of claim 1, further comprising decrypting the encrypted content using the first decryption key. 8. The method of claim 1, further comprising decrypting the re-encrypted content using the second decryption key and consuming the re-encrypted content. 9. The method of claim 1, further comprising: storing the re-encrypted content;maintaining an association between the re-encrypted content and the second decryption key outside of the secure memory. 10. The method of claim 1, further comprising: retrieving the re-encrypted content from external storage;retrieving an association between the re-encrypted content and the second decryption key;decrypting the re-encrypted content with the second decryption key. 11. The method of claim 1, wherein received content is determined to be the re-encrypted content, further comprising: storing the re-encrypted content without generating a third decryption key and without re-encrypting the decrypted content again;maintaining, outside of the secure memory, an association between the second decryption key and the re-encrypted content. 12. The method of claim 1, further comprising disposing of at least portions of the decrypted content that are not determined to be authentic. 13. A method comprising: receiving streaming content that has been encrypted into encrypted portions;receiving, at a first time, a dynamic conditional license for the streaming content, the dynamic conditional license including a first key that can be used to decrypt one or more of the encrypted portions and a signature that can be used to verify the one or more encrypted portions are authentic, the dynamic conditional license facilitating access to the streaming content based on dynamic modification of rights to the encrypted content at the first time, and the dynamic conditional license facilitating the access to the streaming content after the first time and before occurrence of a specified usage condition related to usage of the streaming content;decrypting the one or more encrypted portions using the first key;verifying authenticity of the one or more encrypted portions at a secure processor, the secure processor comprising secure memory secured against inspection and intrusion outside the secure processor, and the secure processor maintaining executive control capable of preventing data in the secure memory from being disclosed outside the secure memory, wherein verifying authenticity of the one or more encrypted portions comprises verifying that one or more signatures of the encrypted portions are valid;generating a second key within the secure processor, in response to verifying the authenticity of the one or more encrypted portions at the secure processor;re-encrypting the one or more encrypted portions, using the second key;if the one or more encrypted portions are authenticated: storing the second key in secure memory of the secure processor without having stored the second key in memory other than the secure memory from a time the second key was generated, for future decryption of the one or more encrypted portions;decrypting the one or more encrypted portions using the second key that is stored in the secure memory;presenting the one or more encrypted portions;wherein the second key is not stored if the one or more encrypted portions are not authenticated. 14. The method of claim 13, wherein the signature is associated with each of the one or more encrypted portions. 15. The method of claim 13, further comprising prohibiting sending of the second key outside of the secure processor. 16. The method of claim 13, wherein the content is first content, further comprising: receiving second content;verifying one or more signatures of chunks of the second content for authenticity;determining chunks of the second content are not authentic;disposing of the second content. 17. The method of claim 13, further comprising: receiving the re-encrypted content at a later time;storing the re-encrypted content without re-encrypting the re-encrypted content;maintaining an association between the second key and the re-encrypted content outside of the secure processor. 18. The method of claim 13, further comprising: retrieving the re-encrypted content from outside of the secure processor;retrieving an association between the re-encrypted content and the second key from outside of the secure processor;decrypting the re-encrypted content inside the secure processor using the second key;consuming the content within the secure processor. 19. The method of claim 13, wherein the method is executed in a game device. 20. The method of claim 19, wherein the streaming content is received over a Local Area Network (LAN) coupled to the game device.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (133)
Hogan, Kenneth; Polucha, Micheal; Pham, Trieu; Vollum, Steve; Johnston, Jessee, Airborne e-mail data transfer protocol.
Knobl,Karl Heinz; Menzenbach,Christof; Eibach,Wolfgang G; Nuttall,Mark Patrick; Phippen,Robert William, Apparatus and method for establishing communication in a computer network.
Boyle John M. (Cranford NJ) Maiwald Eric S. (Southfields NY) Snow David W. (Convent Station NJ), Apparatus and method for providing multi-level security for communication among computers and terminals on a network.
Peterson, Leonard J.; Freedman, Steven J.; Partovi, Hadi; Endres, Raymond E.; D'Souza, David J.; Ellerman, Erik Castedo; Jiggins, Julian P., Client-side system for scheduling delivery of web content and locally managing the web content.
Karolak Dale W. (Ft. Wayne IN) Shirey Carl L. (Ft. Wayne IN) Steiner Wesley D. (Ft. Wayne IN) Rue Robert T. (Ft. Wayne IN), Communications management system architecture.
Acharya, Swarup; Korth, Henry F.; Poosala, Viswanath, Computer implemented method and apparatus for fulfilling a request for information content with a user-selectable version of a file containing that information content.
Hatakeyama, Takahisa; Yoshioka, Makoto; Miyazawa, Yuji, Content usage control system, content usage apparatus, computer readable recording medium with program recorded for computer to execute usage method.
Ikuta Masanao,JPX ; Kambe Tomoaki,JPX ; Takida Satoshi,JPX, Data caching apparatus, data caching method and medium recorded with data caching program in client/server distributed system.
Blatter Harold ; Horlander Thomas Edward ; Bridgewater Kevin Elliott ; Deiss Michael Scott, Decoding system and data format for processing and storing encrypted broadcast, cable or satellite video data.
Yen, Wei; Princen, John; Lo, Raymond; Srinivasan, Pramila, Delivery of license information using a short messaging system protocol in a closed content distribution system.
Downs Edgar ; Gruse George Gregory ; Hurtado Marco M. ; Lehman Christopher T. ; Milsted Kenneth Louis ; Lotspiech Jeffrey B., Electronic content delivery system.
Krajewski ; Jr. Marjan (Acton MA) Chipchak John C. (Dracut MA) Chodorow David A. (Groton MA) Trostle Jonathan T. (Lexington MA) Baldwin Peter T. (Rowley MA), Electronic information network user authentication and authorization system.
Shaw David E. ; Ardai Charles E. ; Marsh Brian D. ; Moraes Mark A. ; Rudolph Dana B. ; Mc Auliffe Jon D., Electronic mail system for displaying advertisement at local computer received from remote system while the local compu.
Traversat Bernard A. ; Saulpaugh Tom ; Schmidt Jeffrey A. ; Slaughter Gregory L. ; Tracey William J. ; Woodward Steve, Generic schema for storing configuration information on a server computer.
Asano, Tomoyuki; Osawa, Yoshitomo, Information transmission system and method, drive device and access method, information recording medium, device and method for producing recording medium.
Ishibashi,Yoshihito; Oishi,Tateo; Matsuyama,Shinako; Asano,Tomoyuki; Muto,Akihiro; Kitahara,Jun, Information transmission system, transmitter, and transmission method as well as information reception system, receiver and reception method.
Khan Raheel Ahmed ; Burleson David Brent ; Filion John Thomas ; Cheek Donald Scott, Method and apparatus for a game delivery service including flash memory and a game back-up module.
Christopher H. Stewart ; Svilen B. Pronev ; Darrell J. Starnes, Method and apparatus for efficient storage and retrieval of objects in and from an object storage device.
Lambert Mark L. ; van der Rijn Daniel J. G. ; Kemper David J. ; Verkler Jay L., Method and apparatus for storing and delivering documents on the internet.
Sanjay Agraharam ; Robert Edward Markowitz ; Kenneth H. Rosen ; David Hilton Shur ; Joel A. Winthrop, Method and apparatus to enhance a multicast information stream in a communication network.
Arnold Thomas Andrew ; Pettitt John Philip ; Rendleman ; Jr. Jesse Noel ; Lewis ; Jr. Robert Lincoln, Method and system for delivering digital products electronically.
Fields, Duane Kimbell; Gregg, Thomas Preston; Hassinger, Sebastian Daniel; Hurley, II, William Walter; Kolb, Mark Andrew; Vu, Stacy Braden, Method and system for distributing image-based content on the internet.
Spagna,Richard L.; Zhao,Ting; Geisler,Douglas R.; Mahlbacher,James C., Method and system for securing local database file of local content stored on end-user system.
Scott, Mark; Cheng, Anita; Ho, Simon; Irimescu, George; Voineag, Dorel; Wong, William; Yao, Min; Zadeh, Row J., Method, system, and computer program product for providing voice over the internet communication.
Shear, Victor H.; Van Wie, David M.; Weber, Robert P., Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Uesaka Yasushi,JPX ; Yamauchi Kazuhiko,JPX ; Kozuka Masayuki,JPX ; Higaki Nobuo,JPX ; Horiuchi Koichi,JPX ; Haruna Syusuke,JPX, Microprocessor suitable for reproducing AV data while protecting the AV data from illegal copy and image information processing system using the microprocessor.
Webber Neil F. (Hudson MA) Israel Robert K. (Westford MA) Kenley Gregory (Northborough MA) Taylor Tracy M. (Upton MA) Foster Antony W. (Framingham MA), Network file migration system.
Lin Mengjou, Process scheduling for streaming data through scheduling of disk jobs and network jobs and the relationship of the scheduling between these types of jobs.
Theriault Roger ; Lockhart Thomas Wayne,CAX ; Battin Robert D., Proxy host computer and method for accessing and retrieving information between a browser and a proxy.
Bel,Hendrik Jan; Lokhoff,Gerardus Cornelis Petrus; Breugom,Michel Ronald; Engelen,Dirk Valentinus Rene; Van De Poel,Peter, Receiving device for securely storing a content item, and playback device.
Gidron,Yoad; Holder,Ophir; Teichholtz,Haim; Reich,Benny; Gur Ari,Yaron; Schiller,Michael, Rule-based system and method for managing the provisioning of user applications on limited-resource and/or wireless devices.
Tso Michael Man-Hak ; Jing Jin ; Knauerhase Robert Conrad ; Romrell David Alfred ; Gillespie Daniel Joshua ; Bakshi Bikram Singh ; Sathyanarayan Seshardi, Scaling proxy server sending to the client a graphical user interface for establishing object encoding preferences after receiving the client's request for the object.
Vaitzblit Lev (Concord MA) Ramakrishnan Kadangode K. (Maynard MA) Tzelnic Percy (Concord MA), Scheduling and admission control policy for a continuous media server.
Doherty, Robert J.; Tierney, Peter L.; Arnaoutoglou-Andreou, Marios, System and embedded license control mechanism for the creation and distribution of digital content files and enforcement of licensed use of the digital content files.
England,Paul; DeTreville,John D.; Lampson,Butler W., System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party.
Duane Kimbell Fields ; Thomas Preston Gregg ; Sebastian Daniel Hassinger ; William Walter Hurley, System and method for cooperative client/server customization of web pages.
Pasquali Sandro, System and method for providing a dynamic advertising content window within a window based content manifestation environment provided in a browser.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
Ford, Daniel A.; Kraft, Reiner; Tewari, Gaurav, System and technique for dynamic information gathering and targeted advertising in a web based model using a live information selection and analysis tool.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of composite digital works.
LeVine,Richard B.; Lee,Andrew R.; Howard,Daniel G.; Goldman,Daniel M.; Hart, III,John J., Systems and methods for preventing unauthorized use of digital content.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter,Karl L.; Shear,Victor H.; Spahn,Francis J.; Van Wie,David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter,Karl L.; Shear,Victor H.; Spahn,Francis J.; Van Wie,David M., Systems and methods for secure transaction management and electronic rights protection.
Hall,Edwin J.; Shear,Victor H.; Tomasello,Luke S.; Van Wie,David M.; Weber,Robert P.; Worsencroft,Kim; Xu,Xuejun, Techniques for defining, using and manipulating rights management data structures.
Ginter,Karl L.; Shear,Victor H.; Spahn,Francis J.; Van Wie,David M.; Weber,Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
Nakamura Hiroki,JPX ; Kusumi Yuki,JPX ; Oashi Masahiro,JPX ; Shimoji Tatsuya,JPX, Video on demand system with a transmission schedule table in the video server including entries for client identifiers,.
Belknap William R. (San Jose CA) Henley Martha R. (Morgan Hill CA) Falcon ; Jr. Lorenzo (San Jose CA) Frayne Thomas E. (San Jose CA) Luo Mei-Lan (San Jose CA) Saxena Ashok R. (San Jose CA), Video optimized media streamer with cache management.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.