The present invention relates generally to the distribution of digital content. More particularly, the present invention relates to a system for the secure distribution of digital content such as digitized motion pictures to consumers.
Consumers commonly obtain home access to digitized content such digitized motion pictures by renting medium storing the digitized content. For example, a consumer will obtain Digital Video Discs (DVDs) that store the desired 15 digital content. The DVD provider must then warehouse a substantial number of DVDs to satisfy the varied needs of consumers.
Because of the required warehousing, a DVD provider faces substantial costs to maintain and organize their DVD inventory. It would be far more convenient for the DVD provider to simply burn the desired DVD upon an order from a consumer. The DVD provider would then merely need to stock blank discs and burn them with retrieved content from a centralized or distributed database storing the digital content. However, content providers such as studios are quite reluctant to allow their content to be stored in such a database due to piracy and other unauthorized access.
Accordingly, there is a need in the art for secure digital content distribution systems.
To address these needs, methods, non-transitory computer-readable medium, and computer devices are provided.
In accordance with one embodiment, a user selection of one or more of a plurality of content is received. The selected content is encrypted by a first encryption key that is remote and unknown to the distribution server. Payment information associated with the user selection is also received and verified. The selected content from is retrieved from a remote database.
The first encryption key corresponding to the selected content to decrypt the encrypted content corresponding to the user selection is obtained. Decryption is performed by a hardware-based engine of the distribution server that is isolated from a host processor of the distribution server. The content corresponding to the user selection is encrypted according to a second encryption key that is known to the distribution server.
This and other aspects of the invention will become more apparent from the following drawings and description.
Embodiments of the present invention and their advantages are best understood by referring to the detailed description that follows. It should be appreciated that like reference numerals are used to identify like elements illustrated in one or more of the figures.
Reference will now be made in detail to one or more embodiments of the invention. While the invention will be described with respect to these embodiments, it should be understood that the invention is not limited to any particular embodiment. On the contrary, the invention includes alternatives, modifications, and equivalents as may come within the spirit and scope of the appended claims. Furthermore, in the following description, numerous specific details are set forth to provide a thorough understanding of the invention. The invention may be practiced without some or all of these specific details. In other instances, well-known structures and principles of operation have not been described in detail to avoid obscuring the invention.
Turning now to the drawings,
In system 100, a customer selects the digital content they desire to download through a kiosk 110. However, a customer could also make their selection online through a web browser or other user interfaces. The digital content that a customer may download is stored in a database 115. This database may be physically integrated with system 100 or may be a remote database accessed through the Internet. Because a remote database will then be throttled by the bandwidth limitations that a given system 100 faces depending upon their Internet access methods (such as DSL, T1, etc.), a database integrated with system 100 will generally allow much faster downloads—a speed advantage that is particularly advantageous should the desired content be high definition video due to the large amounts of data that will need to be downloaded.
The customer terminals such as kiosks 110 couple to the database through a system server 120. Database 115 may store the digital content provided through system server 120 through a variety of storage techniques. For example, database 115 may include a plurality of hard disk drives organized according to the Trusted Computing Group (TCG) Full Disk Encryption (FDE) protocol. The hard disk drives may be organized as a Redundant Array of Independent Disks (RAID) drive or as a Network Attached Storage (NAS) device. Because RAID drives organize their data with striping across the disks, an interloper with just access to any one drive will simply have mere portions of the stored content.
The content supplied by a content provider and stored to the database is offline encrypted using, for example, a first encryption protocol such as the Advanced Encryption Standard (AES) encryption scheme. Such an offline encryption is thus not performed by system 100 but instead under the control of the content provider such that system 100 does not have access to the corresponding decryption key(s). Before storing the offline-encrypted content in database 115, system 100 performs an additional encryption such that the resulting stored content is doubly-encrypted. For example, system 100 may doubly encrypt the stored content using a second encryption protocol such as the FDE HDD and TCG protocol described further herein.
System 100 thus implements a double encryption (such as FDE and AES) using an offline first encryption protocol and a second encryption protocol. To provide heightened security, neither the FDE decryption key nor the AES key is stored in database 115. For example, the FDE key may be obtained from a Trusted Platform Module (TPM) or from a USB dongle. Managers (administrative users) for system 100 would thus authenticate themselves to gain access to the FDE-encrypted data in database 115. Database 115 would then strip the FDE encryption from the stored data. It may thus be appreciated that clear text content never exists in the database. The database may be easily updated with new content through, for example, an Internet coupling in that the content provided to system 100 is always encrypted according to a first encryption protocol such as AES. In that regard, database may be smaller than that maintained by a content provider (e.g., 20 TB of storage as compared to 500 TB for the content provider). Should an order for content be placed outside of what is maintained in database 115, the content could be downloaded into database 115 from the content provider.
To provide further heightened security, the AES key is downloaded by server 120 from a remote content key server 125 controlled by the content provider. System server 120 receives the key at an internal encryption/decryption engine such that the a host microprocessor running within system server 120 never “sees” the AES key. The embedded encryption/decryption engine may be implemented, for example, as an application specific integrated circuit (ASIC) or as a configured programmable logic device (PLD). The interaction of this engine with the “host” (e.g., a microprocessor running as the brain for system server 120) may occur according to the TCG FDE protocol as disclosed in U.S. application Ser. No. 12/025,777, filed Feb. 2, 2008, the contents of which are incorporated by reference. This protocol will be further described herein. Because a content provider may control and monitor the activity of remote content key server 125, the content provider will know how many times a given content such as a video has been downloaded and thus obtain the appropriate payment or license fee. In other words, suppose system 100 indicates that a certain video has been downloaded a certain number of times: the content provider will be able to verify the accuracy of such accounting through the corresponding key downloads from content key server 125.
From a consumer viewpoint, obtaining content from system 100 will typically be less time consuming than physically browsing through a provider's DVD inventory as is practiced at conventional video outlets. The customer would select their desired content (remotely or through kiosk 110), the AES and FDE keys retrieved so that system server 120 may decrypt the desired content retrieved from database 115, and the decrypted content (although still CSS scrambled) burned to a DVD disc by burner 105. Burner 105 may be integrated with a printer to print the jewel case holding the DVD disc with the appropriate movie cover.
If the disc is to be burned according to the CSS MPEG2 format and the video source file was not in this particular format, a video transcoding function may be performed within system server 120 to convert the source file from its native format to MPEG2 with CSS encryption. This translation may be performed by system server 120 using a desired hardware or software implementation.
The process of creating a DVD according to system 100 may be better understood with reference to the flowchart shown in
It will be appreciated that the first encryption protocol used to provide the offline encryption of the content provided to database 115 need not be AES but could be other suitable encryption protocols such as the Data Encryption Standard (DES) protocol. Similarly, the second encryption protocol need not be the TCG FDE protocol as discussed in U.S. application Ser. No. 12/12/025,777. However, because this FDE protocol provides additional security, it will be explained further as follows.
Turning now to
Given this authenticated host, a user or other entity may then authenticate itself to the engine through the authenticated communication channel. The latter entity authentication may also be denoted as a “log on” to distinguish it from the necessary host authentication. Given these two events, trust has been established between the host and the engine such that the engine will access security information in a secure provider (SP) area 310. Parts of the SP area may be encrypted as will be explained further herein. Each administrative user associates with its own user record 311 in the SP area. If there is a plurality of users, there is thus a plurality of user records in SP area 310.
During log on, the administrative user of system 100 provides a pass code, which may be variable in length or have a fixed length. A pass code may be as simple as an alphanumeric name such as “username1” or it may be more sophisticated such as a code derived from a biometric scanner. Alternatively, a pass code may be a machine-provided code as provided by the host or from devices networked with the host. The engine processes the user's pass code through a hash function such as, for example, the National Security Agency (NSA) SHA-256 hash to create a corresponding derive key (DK) 315. It will be appreciated that other types of hash functions may also be used. It may thus be seen that each user may associate (upon presentation of the appropriate pass code) with its own DK. Alternatively, all administrative users may associate with the same DK. Within each user record, certain elements such as an identification of the user are unencrypted. Thus, an administrative user of system 100 may peruse the list of available users without having performed a log on. A user, having selected the appropriate record associated with the user's name, may then log on by providing the corresponding pass code to the engine. The engine will then process the pass code to uncover the corresponding DK. Portions of each user record are encrypted according to the corresponding DK. Thus, the engine may then decrypt the encrypted portions of the user record using the DK to provide an un-encrypted user record. Because a user record is at least partially encrypted, as used herein “user record” without a qualifier such as “un-encrypted user record” refers to the partially-encrypted user record. Each user record includes an integrity check, which may also be denoted as an entity authentication code (EAC). For example, the pass code and/or also other factors in the user record may be hashed using, for example, the SHA-256 hash function to generate an EAC. This EAC is encrypted and forms part of the user record. Upon decryption of the user record, the pass code and other recovered user record entries may then be hashed and the result compared to the decrypted EAC entry. If these entries match, the user's authenticity is verified. If the integrity check matches, then the log on is completed such that the encryption/decryption engine considers the user authenticated.
As discussed earlier, the user area may be entirely encrypted according to a full disk encryption (FDE) key such as a 128-bit or 256 bit-Advanced Encryption Standard (AES) key. This FDE key is encrypted within the SP. Each user record includes a protected storage area (PSA) key that decrypts the encrypted FDE key. Each user record's PSA key is encrypted by the corresponding DK such as through 128-bit or 256-bit AES. It will be appreciated, however, that other encryption protocols may also be used. Thus, it may be seen that each user record's encrypted PSA key is unique to that record. Upon authentication of a user, the engine has access to the un-encrypted PSA key (which may be seen to be the same for all user records) so that the FDE key may be recovered by decrypting the encrypted FDE key using the PSA key. At this point, the engine may then perform “on-the-fly” protected reads to the user area as well as protected writes to the user area using the FDE key.
Note the advantages of such an entity authentication and security protocol:
An administrative user may only access the protected content in the user area if they know the pass code. The pass code is not stored in database 115 so that unless appropriate credentials are presented (a pass code received from an authenticated host), the SP area cannot be decrypted. In other words, no keys are stored in firmware with the encryption/decryption engine or the database. Users are thus protected from unauthorized accesses. Of course, such security is thus hinging on the protection of the pass code by a given user. To bolster security, an N-factor authentication procedure will be further explained herein.
Turning now to
As seen in
The above-described embodiments of the present invention are merely meant to be illustrative and not limiting. For example, although described according to conventional DVD format, system 100 may easily practice the HD-DVD or Blu-ray formats using the appropriate burner. It will thus be obvious to those skilled in the art that various changes and modifications may be made without departing from this invention in its broader aspects. For example, system 100 may be configured such that no second type of encryption is practiced. The data stored in the database would thus be only singly-encrypted. In such an embodiment, the required first key to remove the first type of encryption is still never stored in the database but instead would be remotely accessed using the content key server. Moreover, this first type of encryption need not be AES but instead could be Elliptic Curve Cryptography (ECC), Triple Data Encryption Standard (TDES), or some other suitable form of encryption. Furthermore, although described with regard to a retail store environment, system 100 is easily adapted for a manufacturing on demand (MOD) factory. In such a case, the database could substantially larger in that it would desirable to limit the database size in retail environments to minimize cost—a centralized MOD need only maintain one database whereas a retail chain would require many separate databases. The appended claims encompass all such changes and modifications as fall within the true spirit and scope of this invention.
This application is a continuation of U.S. patent application Ser. No. 15/162,965, now allowed, which is a continuation of U.S. patent application Ser. No. 14/269,121, filed on May 3, 2014, now issued as U.S. Pat. No. 9,384,484, which is a continuation of U.S. patent application Ser. No. 12/249,906, filed on Oct. 11, 2008, now issued as U.S. Pat. No. 8,762,708, the contents of all of which are incorporated herein by reference.
Number | Name | Date | Kind |
---|---|---|---|
7124436 | Okaue et al. | Oct 2006 | B2 |
7596812 | Li et al. | Sep 2009 | B2 |
20020194095 | Koren | Dec 2002 | A1 |
20030056118 | Troyansky et al. | Mar 2003 | A1 |
20040153373 | Sonq et al. | Aug 2004 | A1 |
20040215740 | Frank et al. | Oct 2004 | A1 |
20050010790 | Lanq et al. | Jan 2005 | A1 |
20050021396 | Pearch et al. | Jan 2005 | A1 |
20050021961 | Hanks et al. | Jan 2005 | A1 |
20050091491 | Lee et al. | Apr 2005 | A1 |
20060010394 | Chaudhri et al. | Jan 2006 | A1 |
20060059437 | Conklin, III | Mar 2006 | A1 |
20060161480 | Christensen | Jul 2006 | A1 |
20060173794 | Sellars et al. | Aug 2006 | A1 |
20070033393 | Ganesan et al. | Feb 2007 | A1 |
20070061724 | Slothouber et al. | Mar 2007 | A1 |
20070064936 | Kasahara | Mar 2007 | A1 |
20070162850 | Adler et al. | Jul 2007 | A1 |
20070192695 | Grotjohn et al. | Aug 2007 | A1 |
20070198432 | Pitroda | Aug 2007 | A1 |
20070265966 | Kahn et al. | Nov 2007 | A1 |
20070300236 | Hing | Dec 2007 | A1 |
20080010133 | Pyhalammi et al. | Jan 2008 | A1 |
20080010196 | Rackley, III | Jan 2008 | A1 |
20080034314 | Louch et al. | Feb 2008 | A1 |
20080059571 | Khoo | Mar 2008 | A1 |
20080083003 | Biniak et al. | Apr 2008 | A1 |
20080097871 | Williams et al. | Apr 2008 | A1 |
20080126937 | Pachet | May 2008 | A1 |
20080162722 | Cadden | Jul 2008 | A1 |
20080168367 | Chaudhri et al. | Jul 2008 | A1 |
20080195483 | Moore | Aug 2008 | A1 |
20080222232 | Allen et al. | Sep 2008 | A1 |
20090018920 | Lerman et al. | Jan 2009 | A1 |
20090097642 | Schnell et al. | Apr 2009 | A1 |
20090106551 | Boren et al. | Apr 2009 | A1 |
20100095113 | Blankenbeckler et al. | Apr 2010 | A1 |
20100125534 | Brandes et al. | May 2010 | A1 |
20100138764 | Hatambeiki et al. | Jun 2010 | A1 |
20110125594 | Brown et al. | May 2011 | A1 |
Entry |
---|
Google, search “(database or databases or list or lists or file or files) same (hashed or encoded or encrypted . . . ”), search performed Jan. 28, 2014. |
Notice of Allowance in related U.S. Appl. No. 14/269,121, dated Feb. 26, 2016, 16 pages. |
Notice of Allowance from related U.S. Appl. No. 15/162,965, dated Dec. 20, 2017, 11 pages. |
Number | Date | Country | |
---|---|---|---|
20180218467 A1 | Aug 2018 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 15162965 | May 2016 | US |
Child | 15940266 | US | |
Parent | 14269121 | May 2014 | US |
Child | 15162965 | US | |
Parent | 12249906 | Oct 2008 | US |
Child | 14269121 | US |