Cryptography – Key management – Key distribution
Reexamination Certificate
1998-08-05
2002-08-20
Decady, Albert (Department: 2132)
Cryptography
Key management
Key distribution
C380S283000, C380S282000, C705S051000
Reexamination Certificate
active
06438235
ABSTRACT:
TECHNICAL FIELD OF THE INVENTION
The present invention relates to protection of content stored on a bulk storage media and more particularly to a system and method for providing controlled utilization of the stored content through the use of public keys stored upon the media itself.
BACKGROUND OF THE INVENTION
Currently there are various schemes in place for providing controlled or secure access to content recorded on bulk media. However, these schemes often suffer disadvantages in requiring that the schemes themselves be kept secret in order to maintain security. Accordingly, the schemes may be implemented only by trusted parties in order to maintain the secret. Likewise, these schemes often rely on the total secrecy of cryptographic keys used by the scheme, as publication of such a key may result in loss of security for all or multiple parties using the scheme.
For example, DVD media, currently only protected for video content, utilizes a two part scheme: a cryptographic key for decrypting information recorded on the media is produced according to a predefined protocol and stored according to that protocol on a limited access portion of the media; and a cryptographic technique, also defined by the protocol, is utilized to securely pass that key to a play-back entity. Accordingly, in order to produce either a media device, i.e., media player, or media itself, there must be understanding of the whole scheme, i.e., how it works. Furthermore, there must be access to the keys, that have been predefined by this scheme, themselves. There must be a globally held secret among all of the people who produce players and all the people that produce media. Here, the security lies in keeping secret how the cryptographic keys are made and how the messages, i.e., the passing of the keys, are encrypted. If the protocol itself were revealed then all content, regardless of the particular entity which produced/recorded it, becomes compromised because, if the protocol were common knowledge, rogues could generate and/or intercept keys capable of decrypting protected content. Any compromise of the system will compromise all systems and media at the same time.
Additionally, as the media content key associated with the protected content is stored on the media itself, the above described scenario relies on all parts of the system honoring the security of the key. Therefore, an illegally designed media reader could pass the content key through to a device or entity which is not authorized to receive that key. Likewise, an illegally designed media reader could duplicate the raw data of the media, including the encrypted content and media content key stored thereon, on a second media and thus create an unauthorized copy conforming to the protocol described above. However, a media reader provided according to this scheme will prevent such unauthorized access/activity and, therefore, provide security because not all the raw data will be available. In particular the sectors where keys are hidden will not available on any consumer product because all of these products are produced under licenses providing that if the scheme is used, the device shall not allow particular operations.
Accordingly, for the system to provide protection to the content, the media decryption key stored on the media is read by a media reader, i.e., DVD disk drive, only in proper circumstances, i.e., an authorized play-back device requests the media content key according to a preestablished protocol, and thereafter, provided in encrypted form for communication to the play-back device. In this scheme, the media content key is passed after a key exchange is done such that when the key is handed from the media reader to the play-back device it is done encrypted. I.e., the play-back device would send its encryption key to the media reader, the media reader would read the media content key from the media, encrypt the media content key with the play-back device's encryption key, and pass this encrypted version of the media content key to the play-back device where it may be decrypted with the play-back device's (secretly held) decryption key for use of the media content key in accessing media content as provided by the media reader.
For example, in a host computer (here the play-back device) coupled to a DVD disk drive (the media device) via the computer's bus structure, information communicated between the computer and drive is exposed easily to rogues, or “hackers,” and probing. Therefore, the media content key is passed over this bus only when it has been obscured by a key established through a key exchange between the drive and the host computer. However, in a stand alone player, where the media reading mechanism and the video play-back device are in one box, and the connection between them is somewhat secure, then such a key exchange and/or encryption of the media content key may be omitted in favor of decrypting the data directly internally.
The way this scheme is implemented, the media reader itself, as it may access the media content key, must honor the scheme and refuse to access the content key for unauthorized purposes. Likewise, as the play-back device is provided the content key, so too must the play-back device honor the protection scheme. However, in addition to relying on the security of the individual keys, details of the operation of the above described scheme itself, such as where and in what format content keys are written and the algorithm for conducting key exchanges, are kept secret in order to avoid the unauthorized retrieval/interception of keys and, therefore, compromising the security provided. Additionally, with the current scheme if an entity is able to generate legitimate protected media, that entity is also able to make illegal copies of other media as the secrets of the scheme must necessarily been revealed to this entity in order to allow the generation of legitimate protected media.
Accordingly, the protocol for encryption of the data and the generation of keys is only revealed by license, i.e., only trusted manufacturers of content and devices which read, write, or otherwise utilize this content are provided with the secrets of the protocol, and then only under the terms of a license agreement restricting use and dissemination of this secret information. Very few people or entities are able to obtain such a license, and its attendant secrets, in order to provide content and/or devices adapted in the nature of the protocol. As such, general content providers, such as small entities or entities providing content for internal or limited use, cannot protect their work as they have no way of recording such a key to the media in a secure manner that prevents illegitimate copying/utilization of protected content while allowing legitimate generation of secure disk. Therefore, there is no process that one can publicly use to generate such keys and, therefore, there is no process for those other than the licensed entities to record protected content compatible with this scheme.
A further need exists in the art for providing access to content with alternative techniques for security such as secure passing of keys stored on the media, communication with an external authorization center, and verification of the authenticity of the media.
A need therefore exists in the art for a technique providing secure access to the content of mass media which may be utilized by a great number of individuals and entities without risk of compromising security.
SUMMARY OF THE INVENTION
These and other objects, features and technical advantages are achieved by a system and method utilizing a technique, which itself is public, where only the individual keys used thereby need remain private. In order to be available to all desiring the protection of such a system, the rules for generating keys suitable for use according to the present invention are preferably public. As the technique itself, as well as the rules for generating cryptographic keys to be utilized therewith, are public, the present invention allows for its use
De'cady Albert
Hewlett--Packard Company
Kabakoff Steve
LandOfFree
Media content protection utilizing public key cryptography does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Media content protection utilizing public key cryptography, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Media content protection utilizing public key cryptography will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2880947