| Systems, methods, and media for adding an additional level of indirection to title key encryption -> Monitor Keywords |
|
|
  Systems, methods, and media for adding an additional level of indirection to title key encryptionRelated Patent Categories: Cryptography, Particular Algorithmic Function Encoding, Public KeyThe Patent Description & Claims data below is from USPTO Patent Application 20060126831. Brief Patent Description - Full Patent Description - Patent Application Claims
FIELD OF INVENTION [0001] The present invention is in the field of data encryption. More particularly, the present invention relates to systems, methods and media for adding an additional level of indirection to title key encryption mechanisms used for content encryption. BACKGROUND [0002] As the use of digital technology becomes more pervasive, content such as television programming, music, and movies are being increasingly delivered to consumers in digital format. Content owners, such as record labels, studios, distribution networks, and artists, desire for their content to only be used by certain users or in certain ways. Protecting the copyrights of these content owners from indiscriminate reproduction and distribution poses a considerable challenge in the digital age, as exact duplicates of the content may often be easily created and transmitted to other users. [0003] Content protection schemes for digital media attempt to protect the content enough to discourage at least casual violations of the content copyright while minimizing the cost and processing power necessary to implement the scheme and making the process as transparent to users as possible. One common type of content protection scheme is to encrypt the content with a key. A recipient of the encrypted content with a copy of the key may decrypt and access the content, while a recipient without a copy of the key (such as a third party attempting to improperly access the content) will be unable to decrypt and access the content. The content owner may also revoke a key if it believes the key has been jeopardized, reducing the ability for users to distribute keys to others (such as by posting the keys on the Internet). [0004] Broadcast encryption schemes allow digital delivery of encrypted content without requiring two-way communication between the recipient and source, eliminating the two-way communications (such as handshakes) necessary for many public distribution systems while potentially improving security. By eliminating two-way communications, the potentially expensive return channel on a receiver may be eliminated, lowering overhead and costs for device manufacturers and users. A home network, for example, that shares content among a cluster of different recording or playback devices, such as stereos, personal computers, and televisions, may use a broadcast encryption scheme to protect content in different forms of storage from unauthorized use. Some broadcast encryption schemes, such as International Business Machine Corp.'s (IBM's) eXtensible Cluster Protocol (xCP), provide for binding protected content to a dynamic cluster of networked recording and playback devices, allowing for the content to be managed under a single protection scheme independent of particular storage or transmission interfaces and protocols. Content in IBM's xCP scheme may move freely among devices in the domain but will be useless to devices outside the domain. Other examples of broadcast encryption applications include Content Protection for Recordable Media (CPRM) media, Content Protection for Pre-Recorded Media (CPPM) media, and Advanced Access Content System (AACS) next-generation media. [0005] Broadcast encryption schemes bind a piece of content to a particular entity, such as a piece of media, a server, or a user. Broadcast encryption binds the content by using a media key block (also known as a key management block KMB or session key block) that allows compliant devices to calculate a cryptographic key (the media or management key, or Km) using their internal device keys while preventing circumvention (non-compliant) devices from doing the same. Broadcast encryption does not require authentication of a device and can be implemented with symmetric encryption, allowing it to be much more efficient than public key cryptography. After calculating a media key Km by processing the media key block (MKB), the scheme uses the media key Km to bind the content to an entity (with a binding identifier IDb), resulting in the binding key (Kb). A title key (Kt) is then chosen and encrypted with the binding key Kb, resulting in an encrypted title key (EKt). The content itself may then be encrypted with the title key Kt and the encrypted content may be stored with the encrypted title key EKt. A compliant device that receives the encrypted content and the encrypted title key EKt may use the same MKB and the binding identifier IDb to decrypt the content. The compliant device first may reproduce the same binding key Kb using the MKB, the binding identifier IDb and its device keys, and then decrypts the title key Kt from the encrypted title key EKt using the binding key Kb. Once the compliant device has the title key Kt, it may decrypt the content itself. A circumvention device will not have device keys that can be used to process the MKB and thus will not be able to reproduce the binding key Kb or be able to decrypt the content. Also, if the content has been copied to a different entity with a different identifier IDb' by a non-compliant device, the compliant device with valid device keys will not be able to calculate the correct binding key Kb because the binding identifier IDb' is different than the original one. [0006] While the above broadcast encryption scheme provides an effective mechanism for providing encrypted broadcast content to a group of devices, it suffers from some disadvantages. For example, the encryption of the content depends upon the MKB and binding identifier IDb used in the process of encrypting the content, either of which may change frequently under certain circumstances. New MKB's which revoke non-compliant devices may be introduced into a system in some cases, changing the system MKB. If devices are added to or leaves a cluster, the binding identifier IDb changes (by changing the authorization table, one of its components). If either the MKB or binding identifier IDb of a particular entity change, any piece of content that is bound to this entity using a binding key Kb dependent upon them must have its title key re-encrypted using the new values so that compliant devices will still be able to access the content. If there are large amounts of content that need to be changed, re-encryption of the title keys Kt for each of them will require significant amounts of processing time. For content files that are shared over a network, there may also be remote synchronization problems. An arbitration mechanism would be required to ensure that only one device performs the re-encryption of the title keys for a particular piece of content. [0007] The problems described above are exacerbated on many network content-sharing systems with large numbers of small content files, such as home-based or consumer networks. Content is typically delivered to consumers in many small files which results in a very large number of files on a home network. For example, each song on a music album may be a separate file (and thus have a separate encrypted title key) and a user may have hundreds or thousands of songs. Consumer devices, such as stereos or video players, also typically have relatively small amounts of processing power. The combination of the large number of files to be re-encrypted and the lower capability of consumer devices results in a very inefficient and time-consuming procedure that must be performed each time binding information changes. The problems described above may also occur in Advanced Access Content Systems (AACS) and 4C Entity LLC's Content Protection System Architecture (CPSA) recordable media where several files may be stored and new MKB's may be introduced into the system. [0008] There is, therefore, a need for an effective and efficient system of encrypting content on a broadcast encryption system. There is a particular need for such a system when there are a large number of encrypted content files to be handled. SUMMARY [0009] The problems identified above are in large part addressed by systems, methods and media for adding an additional layer of indirection to title key encryption. One embodiment includes generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key. [0010] Another embodiment a method for decrypting an encrypted content file. The embodiment generally includes accessing by a cryptographic system an encrypted secret key and an encrypted title key and generating by the cryptographic system a binding key based on binding information. The embodiment may also include decrypting by the cryptographic system the encrypted secret key with the binding key to recover a secret key and decrypting the encrypted title key with the secret key to recover a title key. The embodiment also may include decrypting by the cryptographic system the encrypted content with the title key. Further embodiments may include receiving by the cryptographic system the encrypted secret key and the encrypted title key from a source. [0011] A further embodiment provides a data processing system for encrypting one or more content files. The system may generally include a reception system for receiving information from a source and a transmission system for transmitting information to a recipient. The system may also generally include a binding key system for generating a binding key from binding information and a secret key system for accessing a secret key and encrypting the secret key using the generated binding key. The system may also generally include a title key system for generating a title key and encrypting the title key with the secret key and an encryption/decryption system for encrypting the one or more content files using the title key. Further embodiments include the reception system being further adapted to receive an indication that the binding information has changed. BRIEF DESCRIPTION OF THE DRAWINGS [0012] Other objects and advantages of the invention will become apparent upon reading the following detailed description and upon reference to the accompanying drawings in which, like references may indicate similar elements: [0013] FIG. 1 depicts an environment for a content encryption system for a home network according to one embodiment; [0014] FIG. 2 depicts a cryptographic system of the content encryption system of FIG. 1 according to one embodiment; [0015] FIG. 3 depicts an example of a flow chart for encrypting content using a title key and a secret key according to one embodiment; [0016] FIG. 4 depicts an example of a flow chart for decrypting encrypted content using a title key and a secret key according to one embodiment; and [0017] FIG. 5 depicts an example of a flow chart for re-encrypting encrypted content when binding information has changed according to one embodiment. DETAILED DESCRIPTION OF EMBODIMENTS [0018] The following is a detailed description of example embodiments of the invention depicted in the accompanying drawings. The example embodiments are in such detail as to clearly communicate the invention. However, the amount of detail offered is not intended to limit the anticipated variations of embodiments; but, on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the present invention as defined by the appended claims. The detailed descriptions below are designed to make such embodiments obvious to a person of ordinary skill in the art. [0019] Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key. Continue reading... Full patent description for Systems, methods, and media for adding an additional level of indirection to title key encryption Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Systems, methods, and media for adding an additional level of indirection to title key encryption patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Systems, methods, and media for adding an additional level of indirection to title key encryption or other areas of interest. ### Previous Patent Application: Protection of electronic data Next Patent Application: M6 block cipher system and method for encoding content and authenticating a device Industry Class: Cryptography ### FreshPatents.com Support Thank you for viewing the Systems, methods, and media for adding an additional level of indirection to title key encryption patent info. IP-related news and info Results in 0.77814 seconds Other interesting Feshpatents.com categories: Electronics: Semiconductor , Audio , Illumination , Connectors , Crypto , |
||
