Claims
- 1. A method of transmitting content from a content provider to a caching server which distributes said content to a viewer, said method comprising encrypting said content with a pre-encryptor application before said content is transmitted to said caching server, said pre-encryptor application using a pre-encryption subkey provided by a key storage service to perform said pre-encryption.
- 2. The method of claim 1, wherein said content provider electronically stores said content that is encrypted with said pre-encryptor application in a storage unit before said content is transmitted to said caching server.
- 3. The method of claim 1, further comprising:
sending a key request from said pre-encryptor application to said key storage service, said key request including a content identifier that is associated with said content; and comparing said content identifier with content identifiers already present in a database of said key storage service; wherein, if said content identifier does not match one of said content identifiers already present in said database of said key storage service, said key storage service generates said pre-encryption subkey, stores a copy of said pre-encryption subkey and said content identifier in said database, and sends said pre-encryption subkey to said pre-encryptor application to be used in said pre-encryption of said content.
- 4. The method of claim 3, wherein, before distributing said content to said viewer, said caching server decrypts said content that is encrypted by said pre-encryptor application using a copy of said pre-encryption subkey and then re-encrypts said content using a different subkey that is shared between said caching server and said viewer.
- 5. The method of claim 4, wherein said caching server electronically stores said content that is pre-encrypted in a storage unit before said content is decrypted and then re-encrypted and distributed to said viewer.
- 6. The method of claim 4, further comprising:
sending a key request from said caching server to said key storage service, said key request including said content identifier that is associated with said content; and comparing said content identifier with said content identifiers already present in said database of said key storage service; wherein, if said content identifier matches one of said content identifiers already present in said database of said key storage service, said key storage service sends a copy of said pre-encryption subkey that is associated with said content identifier to said caching server to be used in said decryption of said content.
- 7. The method of claim 6, wherein said caching server stores said copy of said pre-encryption subkey in a storage unit for future access and use.
- 8. The method of claim 6, wherein said content provider transmits a session rights object to said viewer, said session rights object comprising information regarding said key storage service's location.
- 9. The method of claim 1, wherein said pre-encryptor application hints said content.
- 10. The method of claim 1, wherein said content provider, said caching server, and said viewer each electronically communicate with a key distribution center to obtain tickets, said tickets comprising session keys that allow secure electronic communication between said content provider, said caching server, and said viewer.
- 11. The method of claim 10, further comprising using said session keys to encrypt said communication between said content provider, said caching server, and said viewer.
- 12. The method of claim 1, further comprising streaming said content from said caching server to said viewer.
- 13. The method of claim 1, further comprising downloading said content from said caching server to said viewer.
- 14. The method of claim 1, further comprising streaming said content from said content provider to said caching server.
- 15. The method of claim 1, further comprising downloading said content from said content provider to said caching server.
- 16. The method of claim 1, further comprising authenticating said content using a message authentication code that is appended to each unit of storage of said content.
- 17. The method of claim 4, wherein said viewer comprises multiple viewers that each share said different subkey with said caching server.
- 18. An internet protocol rights management system for managing transmission of content from a content provider to a caching server and then from said caching server to a viewer, said system comprising:
a pre-encryptor application for encrypting said content before said content is transmitted to said caching server; and a stand-alone key storage service for generating, storing, and distributing pre-encryption encryption subkeys; wherein said key storage service generates a pre-encryption subkey that is used by said pre-encryptor application to encrypt said content and by said caching server to decrypt said content after it is encrypted and transmitted to said caching server.
- 19. The system of claim 18, wherein said content provider comprises:
a server for electronically communicating with said caching server and said viewer; and a storage unit for electronically storing said content that is encrypted with said pre-encryptor application.
- 20. The system of claim 19, wherein said storage unit is a hard drive.
- 21. The system of claim 19, wherein said pre-encryptor application sends a key request to said key storage service, said key request comprising a content identifier that is associated with said content.
- 22. The system of claim 21, wherein said key storage service compares said content identifier with content identifiers already stored in a database of said key storage service.
- 23. The system of claim 22, wherein if said content identifier does not match one of said content identifiers already stored in said database of said key storage service, said key storage service generates said pre-encryption subkey, stores a copy of said pre-encryption subkey and said content identifier in said database, and sends said pre-encryption subkey to said pre-encryptor application to be used in said pre-encryption of said content.
- 24. The system of claim 18, wherein said caching server comprises a storage unit for electronically storing said content that is pre-encrypted and where said pre-encryption subkey is used to decrypt said pre-encrypted content.
- 25. The system of claim 24, wherein said caching server re-encrypts said content using a separate subkey that it shares with said viewer.
- 26. The system of claim 24, wherein storage unit is a hard drive.
- 27. The system of claim 23, wherein said caching server sends a key request to said key storage service, said key request comprising a content identifier that is associated with said content.
- 28. The system of claim 27, wherein said key storage service compares said content identifier that is sent from said caching server with content identifiers already present in a database of said key storage service.
- 29. The system of claim 28, wherein, if said content identifier sent from said caching server matches one of said content identifiers already present in said database of said key storage service, said key storage service sends a copy of said pre-encryption subkey that is associated with said content identifier to said caching server to be used in said decryption of said content.
- 30. The system of claim 29, wherein said caching server saves a copy of said pre-encryption subkey.
- 31. The system of claim 29, wherein said content provider transmits a session rights object to said viewer, said session rights object comprising information regarding said key storage service's location.
- 32. The system of claim 18, wherein said pre-encryptor application hints said content.
- 33. The system of claim 18, said system further comprising a key distribution center for generating, managing, and distributing tickets to said content provider, said caching server, and said viewer, said tickets comprising session keys that allow secure electronic communication between said content provider, said caching server, and said viewer.
- 34. The system of claim 18, wherein said management of transmission of content is effected with an electronic security broker protocol.
- 35. The system of claim 18, wherein said content comprises video on demand.
- 36. The system of claim 18, wherein said content is multimedia streaming content.
- 37. The system of claim 18, wherein said content is downloadable content.
- 38. The system of claim 18, wherein said content provider and said caching server authenticate said content using a message authentication code that is appended to each unit of storage of said content.
- 39. The system of claim 38, wherein said unit of storage is a packet.
- 40. The system of claim 38, wherein said unit of storage is a frame.
- 41. The system of claim 18, wherein said viewer comprises a host that is capable of displaying, managing, or using said content.
- 42. The system of claim 18, wherein said key storage service is located at said content provider's location.
- 43. The system of claim 18, wherein said key storage service is located on said pre-encryptor application's host.
- 44. The system of claim 18, wherein said caching server comprises multiple caching servers that are each capable of receiving content from said content provider.
- 45. The system of claim 18, wherein said viewer comprises multiple viewers that can simultaneously communicate electronically with said caching server.
- 46. A system for transmitting content from a content provider to a caching server which distributes said content to a viewer, said system comprising:
means for encrypting said content with a pre-encryptor application that uses a pre-encryption subkey before said content is transmitted to said caching server; and means for generating, storing, and distributing said pre-encryption subkey with a key storage service.
- 47. The system of claim 46, further comprising means for electronically storing said content that is encrypted with said pre-encryptor application before said content is transmitted to said caching server.
- 48. The system of claim 46, further comprising:
means for sending a key request from said pre-encryptor application to said key storage service, said key request including a content identifier that is associated with said content; and means for comparing said content identifier with content identifiers already present in a database of said key storage service; wherein, if said content identifier does not match one of said content identifiers already present in said database of said key storage service, said key storage service generates said pre-encryption subkey, stores a copy of said pre-encryption subkey and said content identifier in said database, and sends said pre-encryption subkey to said pre-encryptor application to be used in said pre-encryption of said content.
- 49. The system of claim 48, further comprising:
means for decrypting said content that is encrypted by said pre-encryptor application using a copy of said pre-encryption subkey; and means for re-encrypting said content using a different subkey that is shared between said caching server and said viewer.
- 50. The system of claim 49, further comprising means for electronically storing said content that is pre-encrypted in a storage unit in said caching server before said content is decrypted, re-encrypted, and distributed to said viewer.
- 51. The system of claim 50, further comprising:
means for sending a key request from said caching server to said key storage service, said key request including said content identifier that is associated with said content; and means for comparing said content identifier with said content identifiers already present in said database of said key storage service; wherein, if said content identifier matches one of said content identifiers already present in said database of said key storage service, said key storage service sends a copy of said pre-encryption subkey that is associated with said content identifier to said caching server to be used in said decryption of said content.
- 52. The system of claim 51, further comprising means for transmitting from said content provider to said viewer information regarding said key storage service's location.
- 53. The system of claim 46, further comprising means for hinting said content.
- 54. The system of claim 46, further comprising means for obtaining tickets from a key distribution center, said tickets comprising session keys.
- 55. The system of claim 46, further comprising means for streaming said content from said caching server to said viewer.
- 56. The system of claim 46, further comprising means for downloading said content from said caching server to said viewer.
- 57. The system of claim 46, further comprising means for authenticating said content using a message authentication code that is appended to each unit of storage of said content.
RELATED APPLICATIONS
[0001] The present application claims priority under 35 U.S.C. § 119(e) from the following previously-filed Provisional Patent Application, U.S. Application No. 60/350,687, filed Jan. 22, 2002 by Petr Peterka et al., entitled “Encryption, Authentication and Key Management for Multimedia Content Pre-Encryption,” and which is incorporated herein by reference in its entirety.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60350687 |
Jan 2002 |
US |