(12) United States Patent (10) Patent No.: US 8.422,684 B2 Jin Et Al

USOO8422684B2

(12) United States Patent (10) Patent No.: US 8.422,684 B2 Jin et al. (45) Date of Patent: Apr. 16, 2013

(54) SECURITY CLASSES IN A MEDIA KEY 5,345,505 A 9, 1994 Pires BLOCK 5,412,723 A 5/1995 Canetti et al. 5,592,552 A 1, 1997 Fiat (75) Inventors: Hongxia Jin, San Jose, CA (US); 2. A 8. E" al. Jeffrey Bruce Lotspiech, Henderson, 5,651,064 A 7, 1997 Newell NV (US) 5,668,873. A 9, 1997 Yamauchi 5,680,457 A 10, 1997 Bestler et al. (73) Assignee: International Business Machines (Continued) Corporation, Armonk, NY (US) FOREIGN PATENT DOCUMENTS (*) Notice: Subject to any disclaimer, the term of this WO WO99, 19822 4f1999 patent is extended or adjusted under 35 WO WOOOf 48190 8, 2000 U.S.C. 154(b) by 892 days. WO WOO1/22406 3, 2001 (21) Appl. No.: 12/192,962 OTHER PUBLICATIONS U.S. Appl.pp No. 12/131,073, filed Mayy 31, 2008, Bellwood et al. (22) Filed: Aug. 15, 2008 U.S. Appl. No. 12/131,074, filed May 31, 2008, Lotspiech. (65) Prior Publication Data (Continued) US 201O/OO4O231 A1 Feb. 18, 2010 Primary Examiner — Jung Kim Assistant Examiner — Thomas Ho (51) Int. Cl (74) Attorney, Agent, or Firm — Donald L. Wenskay; H04L 9/00 (2006.01) Moh ed Kashef (52) U.S. Cl USPC ...... 380/277; 380/45 (57) ABSTRACT (58) Field of Classification Search ...... 380/277,38O/45 According to one embodiment of the present invention, a See application file for complete search histo method for broadcast encryption with security classes in a pp p ry. media key block is provided. In one embodiment the method (56) References Cited includes receiving encrypted media of a first and a second class, where the media includes a common media key block, U.S. PATENT DOCUMENTS in a device of a first class and in a device of a second class. A 4,041,249 A 8, 1977 Matz et al. first media key is calculated from the common media key 4,634,807 A 1/1987 Chorley et al. block in the device of a first class. A first media key precursor 4,694,491 A 9, 1987 Horne et al. is calculated from the common media key block in the device 4,864,616 A 9, 1989 Pond et al. of a second class. The first media precursor may be used to 5,058,162 A 10, 1991 Santon et al. 5,065,429 A 11/1991 Lang decrypt media of a first class. The first media precursor may 5,081,677 A 1/1992 Green et al. also be used to calculate a second media key in the device of 5,177,791 A 1/1993 Yeh et al. a second class to decrypt content of a first class. 5,247,497 A 9, 1993 Cohn 5,272,752 A 12/1993 Myers et al. 14 Claims, 6 Drawing Sheets

on 162 Class A Content with Common media block Player C 108 Device Key/MKB Processor Class B Content with Common media block 110 Class C COntent with Decrypted Common Class B media Content block Decrypted Class C Content US 8,422,684 B2 Page 2

U.S. PATENT DOCUMENTS 7,380,137 B2 5/2008 Bell et al. 7,392,392 B2 6/2008 Levy 5,708.632 1, 1998 Totsuka et al. 7,502,933 B2 * 3/2009 Jakobsson et al...... 713, 172 5,734,719 3, 1998 Tsevdos et al. 7.555,129 B2 * 6/2009 Yamamoto et al...... 38O,277 5,754,648 5, 1998 Ryan et al. 7.590,238 B2 * 9/2009 Kamijoh et al...... 380.45 5,754,649 5, 1998 Hasebe et al. 2002.0003881 A1 1/2002 Reitmeier et al. 5,796,824 8, 1998 Hasebe et al. 2002fOO44320 A1 4/2002 Pfeiffer et al. 5,910,987 6, 1999 Ginter et al. 2002/0104001 A1 8/2002 Lotspiech et al. 5,949,885 9, 1999 Leighton 2002/014 1582 A1 10, 2002 Kocher et al. 6,020,833 2, 2000 Herz et al. 2003/0070.083 A1 4/2003 Nessler 6,061.451 5, 2000 Muratani et al. 2003. O169885 A1 9, 2003 Rinaldi 6,118,873 9, 2000 Lotspiech 2003/0220921 A1 1 1/2003 Fagin et al. 6,134,201 10, 2000 Sako et al. 2004.0034787 A1 2/2004 Kitani 6,209,092 3, 2001 Linnartz 2004/0098593 A1 5, 2004 Muratani 6,285,774 9, 2001 Schumann et al. 2004/O111611 A1 6/2004 Jin et al. 6,289.455 9, 2001 Kocher et al. 2004/O128259 A1 7/2004 Blakeley et al. 6,347,846 2, 2002 Nakamura 2004/O133794 A1 7/2004 Kochner et al. 6,370,272 4, 2002 Shimizu 2004/O153941 A1 8, 2004 Muratani 6,381,367 4, 2002 Ryan 2005, 0021568 A1 1/2005 Pelly 6,434,535 8, 2002 Kupka et al. 2005/OO9711.0 A1 5/2005 Nishanov et al. 6,442,108 8, 2002 Kurihara et al. 2005, 0141704 A1 6/2005 Van Der Veen 6,442,626 8, 2002 Smola et al. 2005/028361.0 A1 12/2005 Metios et al. 6,535,858 3, 2003 Blaukovitsch et al. 2006.0056695 A1 3/2006 Wu et al. 6,556,679 4, 2003 Kato et al. 2006/0085343 A1 4/2006 Lisanke et al. 6,563,937 5/2003 Wendt 2006, O136728 A1 6/2006 Gentry et al. 6,587,949 T/2003 Steinberg 2006/0239503 A1 10, 2006 Petrovic et al. 6,604,072 8, 2003 Pitman et al. 2006/028.2676 A1 12/2006 Serret-Avila et al. 6,609,116 8, 2003 Lotspiech 2007, OO67242 A1 3/2007 Lotspiech et al. 6,636,966 10, 2003 Lee et al. 2007, OO67244 A1 3/2007 Jin et al. 6,738,878 5, 2004 Ripley et al. 2007/O165853 A1 7/2007 Jin et al. 6,760.445 T/2004 Schwenk et al. 2007/0174637 A1 7/2007 Lotspiech et al. 6,760,539 T/2004 Asada et al. 6,775,779 8, 2004 England et al. OTHER PUBLICATIONS 6,802,003 10, 2004 Gross et al. 6,832,319 12, 2004 Bell et al. U.S. Appl. No. 12/131,076, filed May 31, 2008, Jin et al. 6,839,436 1/2005 Garay et al. U.S. Appl. No. 12/143,061, filed Jun. 20, 2008, Jin et al. 6,856,997 2, 2005 Lee et al. U.S. Appl. No. 12/143,658, filed Jun. 20, 2008, Jin et al. 6.857,076 2, 2005 Klein U.S. Appl. No. 12/192,962, filed Aug. 15, 2008, Jin et al. 6,888.944 5/2005 Lotspiech et al. Celik et al., "Collusion-resilient fingerprinting using random 6,901,548 5/2005 Hattori et al. prewarping.” Image Processing, 2003, ICIP 2003, Proceedings, 2003 6,912,634 6, 2005 Ripley et al. 6,947,563 9, 2005 Fagin et al. International Conference vol. 1, Sep. 14-17, 2003 pp. I-509-12, vol. 6,993, 135 1, 2006 Ishibashi ...... 38O,277 1. 6,999,947 2, 2006 Utsumi et al. Deguillaume et al., "Countermeasures for unintentional and inten 7,007,162 2, 2006 Lotspiech ...... T13/151 tional video watermarking attacks.” Conference SPIE Int. Soc. 7,010, 125 3, 2006 Lotspiech et al. Opt. Eng. (USA), Jan. 24-26, 2000, vol. 3971, p. 346-357. 7,036,024 4, 2006 Watson Fernandez-Munoz et al., “Fingerprinting schemes for the protection 7,039,803 5, 2006 Lotspiech et al. of multimedia distribution rights. Upgrade, Security in e-Com 7,046,808 5, 2006 Petrovic et al. merce, v. III, n. 6, pp. 36-40, Dec. 2002, http://www.cepis-upgrade. 7.057,993 6, 2006 Barnard et al. org/issues/2002/6/upgrade-vII-6.pdf. 7,082,537 T/2006 Muratani Hagiwara et al., “A short random fingerprinting code against a small 7,120,901 10, 2006 Ferri et al. number of pirates' Applied Algebra, Algebraic Algorithms and 7,155,591 12, 2006 Ripley et al. 7,162,646 1/2007 Wu et al. Error-Correcting Codes, 16' International Symposium, AAEECC 7,215,629 5/2007 Eppler 16. Proceedings (Lecture Notes in Computer Science vol. 3857) pp. 7,260,834 8, 2007 Carlson ...... T26/4 193-202 (Feb. 2-24, 2006). 7,283,633 10, 2007 Asano et al. Seol et al., “A Scalable fingerpriting scheme for tracing traitors/ 7,296,159 11/2007 Zhang et al. colluders in large scale contents distribution environments.” Intelli 7,305,711 12, 2007 Ellison et al...... 726/29 gent Systems Design and Applications, 2005. ISDA 2005, Proceed 7,319,752 B2 1, 2008 Asano et al. ings, 5' International Conference Sep. 8-10, 2005 pp. 228-223. 7,346,169 B2 3, 2008 Asano et al. 7,380,132 B2 5/2008 Sako et al. * cited by examiner U.S. Patent Apr. 16, 2013 Sheet 1 of 6 US 8,422,684 B2

------15 License Content provider

agency |Unified media key | block module Egypt COntent 90 Title key

Media module 50 Variant key table 45

Media player module 35

Unified broadcast encryption System U.S. Patent Apr. 16, 2013 Sheet 2 of 6 US 8,422,684 B2

U.S. Patent Apr. 16, 2013 Sheet 5 of 6 US 8,422,684 B2

164 N.

166 Receive a Common media key block in encrypted Content of a first class and in encrypted Content of a Second class in devices of a first class and of a SeCOnd Class, respectively.

168 Calculate a media key from the Common media key block in the device of a first Class.

170 Decrypt Content of a first class in the device of a first Class using the media key block.

172 Calculate a first media key precursor from the COmmon media key block in the device of a SeCOnd Class.

174 Decrypt encrypted media of a Second class using the first media key preCurSOr in the device Of a SeCOnd Class.

FIG. 5 U.S. Patent Apr. 16, 2013 Sheet 6 of 6 US 8,422,684 B2

204 2O2

PrOCeSSOr 210

Main memory 2O6 208 Display interface Display unit Communication Infrastructure 212 (BUS) Secondary memory Hard disk drive 214 218 Removable Removable Storage drive Storage unit 216 222 Removable Interface Storage unit

224 22O 226

Communicationinterface Communication path

FIG. 6 US 8,422,684 B2 1. 2 SECURITY CLASSES IN A MEDAKEY media of a first class using the first media key; and decrypting BLOCK the encrypted media of a second class using the first media key precursor. BACKGROUND According to a further embodiment of the present inven tion, a system comprises: a common media key block; a The present invention relates to content protection, and plurality of devices, each receiving the common media key more specifically, to media key blocks in broadcast encryp block, the plurality of devices including a device belonging to tion systems. a first class and a device belonging to a second class; the Broadcast encryption is an important cryptographic key device belonging to a first class including means for generat management approach, especially useful in content protec 10 ing a first media key from the common media key block, the tion systems. Two popular broadcast-encryption-based sys first media key corresponding to the first class; and the device tems are the Content Protection for Recordable Media belonging to a second class including means for calculating a first media key precursor using the common media key block, (CPRM) system from IBM, Intel, Panasonic, and Toshiba, and means for calculating a second media key from the first and the Advanced Access Content System (AACS) from Dis 15 media key precursor. ney, IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, and According to another embodiment of the present invention, Warner Bros. a computer program product for broadcast encryption com A media key block is the fundamental structure in broad prises: a computer usable medium having computer usable cast-encryption-based system. This structure is also some program code embodied therewith, the computer usable pro times called a session key block. A media key block is a data gram code comprising: computer usable program code con structure which is processed by a device using a set of device figured to: receive a common media key block in a device of keys. The result of the processing allows the device to calcu a first class and in a device of a second class; calculate a first late a media key. The media key, in turn, is used to decrypt a media key from the common media key block in the device of message. In content protection systems, these “messages' are a first class; calculate a first media key precursor from the actually content like video or music. Often in a content pro 25 common media key block in the device of a second class; and tection system, each piece of content is associated with a calculate a second media key from the first media key precur different media key block. sor in the device of a second class. In some cases, the media key block is associated with a set of devices, not a particular item of content. One such example BRIEF DESCRIPTION OF THE SEVERAL is IBM's Advanced Secure Content Cluster Technology (AS 30 VIEWS OF THE DRAWINGS CCT), in which all the content that devices can access is protected by a single media key block. This feature is useful, FIG. 1 shows a diagram of abroadcast encryption system in for example, in case where a consumer might have a library of accordance with an embodiment of the invention; entertainment content in his home, and wants that library to FIG. 2 shows a diagram of a content player of a first be freely viewed by all the devices he owns. It should be noted 35 security class in accordance with an embodiment of the that in this single media key block, it is often the case that not invention; all the content being protected is equally valuable. For FIG. 3 shows a diagram of a content player of a second example, the user might have some movies in standard defi security class in accordance with an embodiment of the nition and Some movies in high definition. From the point of invention; view of the movies creators, the high definition version is 40 FIG. 4 shows a diagram of a content player of a third more valuable, and would have more serious economic con security class in accordance with an embodiment of the sequences if the users were to make unlimited unauthorized invention; copies. Likewise, not all devices are equally privileged. There FIG.5 shows a flow chart of a broadcast encryption method is no reason, for example, why a standard definition television in accordance with an embodiment of the invention; and needs a set of keys that allows it to decrypt high-definition 45 FIG. 6 is a high level block diagram of an information video. processing system useful for implementing one embodiment of the present invention. SUMMARY DETAILED DESCRIPTION According to one embodiment of the present invention, a 50 method comprises: receiving a common media key block in a Embodiments of the invention provides a broadcast device of a first class and in a device of a second class; encryption system having a single media key block in which calculating a first media key from the common media key all devices are not equally protected and all devices are not block in the device of a first class; calculating a first media key equally privileged. In contrast, in prior single-media-key precursor from the common media key block in the device of 55 block systems, such as ASCCT, all content was equally pro a second class; and calculating a second media key from the tected, and all devices are equally privileged, by virtue of the first media key precursor in the device of a second class. fact that all devices process the same media key block and According to another embodiment of the present invention, learn the same media key. a method comprises: receiving encrypted media of a first class It may be noted that in order to provide different levels of in a device of the first class, the encrypted media of a first class 60 protection and privilege to different devices, one approach including a common media key block; receiving encrypted might be to employ multiple media key blocks, one for each media of a second class in a device of the second class, the class of content. The problem with this approach is that the encrypted media of a second class including the common devices do need a common media key block for other reasons. media key block; calculating a first media key from the com For example, a common media key block is useful to securely mon media key block in the device of a first class; calculating 65 form the cluster. A cluster might be, for example, a set of a first media key precursor from the common media key block devices connected to a private networkina consumer's home. in the device of a second class; decrypting the encrypted It is important to the content owners that all the devices in the US 8,422,684 B2 3 4 network be compliant; in other words, all devices follow the not limited to DVD players, personal computers, movie rental same rules in protected content. Therefore, it is important that boxes which are allowed to play a move for a limited period all the devices can calculate a common cryptographic key, so of time, and others. The media player module 30 further that each can verify that the others are compliant. (Non comprises a software programming code or a computer pro compliant devices would be revoked in the media key block gram product that is typically embedded within, or installed and would be unable to calculate the common key.) on the media player 40. Also, a common media key block is needed to enable the The media module 25 comprises a unified media key block devices to remain in synchronization when new media key 45 (interchangeably reference herein as MKBu 45) and a blocks revoke newly discovered circumvention devices. A variant key table 50. The unified media key block 45 com cluster contains not just a common media key block, but also 10 prises a Subset of available device keys and a data part in other data files, in particular the list of the authorized devices which each of the subset of device keys individually encrypts in the cluster. This authorization list must be cryptographi a set of media key variants. For example, the subset of device cally “signed by the common key(s) in the cluster. Obvi keys may be organized in a tree structure, Such as in the ously, if there is more than one key in use in the cluster, Subset-difference broadcast encryption scheme, although all synchronizing the signing when the new media key block is 15 broadcast encryption schemes are within the scope of this delivered is much more complicated. invention. The media module 25 comprises a software pro Thus, having multiple media key blocks, although theoreti gramming code or a computer program product that is saved cally possible, would greatly complicate the synchronization onto a media 55. process. The present invention retains a single media key The unified media key block module 15 generates one or block, with its straightforward synchronization, while still more unified media key blocks for use by a content provider allowing different classes of devices to learn different keys 60 to place on the media 55 together with an encrypted digital from the same media key block. content 65 (interchangeably referenced herein as encrypted Embodiments of the present invention accomplish this by content 65). The unified media key block module 15 com using a one-way cryptographic function to define a hierarchy prises a Software programming code or a computer program of keys. The highest security class devices initially calculate 25 product that is typically embedded within, or installed on a a media key precursor instead of a media key from their server 70 that belongs to a separate facility, for example, a processing of the media key block. Then, these devices can license agency 75. Alternatively, system 10 can be saved on a execute a previously-defined one-way function on this pre Suitable memory or storage medium Such as a diskette, a CD, cursor. The result is either the media key, or another precursor, a DVD, a hard drive, or like devices. if there are more than two security classes in the system. 30 The traitor detection module 20 identifies the device keys Likewise, executing the one-way function on that second that have been compromised by a traitor or have been pirated. precursor can produce another precursor. This chain of one The traitor detection module 20 passes the identified device way functions can be defined to any depth, allowing a single keys to the unified media key block module 15 to revoke those system to have any number of security classes. The last one identified device keys from any future unified media key way function in the chain yields the media key. The precur 35 blocks, preventing further piracy by that traitor or attacker. sors then become keys that can be used to protect content. The traitor detection module 20 comprises a software pro In the example described above, where some devices in a gramming code or computer program product that is shown, home are high-definition and some are standard-definition, for illustration purposes only, as embedded within, or the immediate precursor of the media key may be used to installed on server 70 of the license agency 75. Alternatively, protect the high definition content, and the media key itself 40 the traitor detection module 20 may be installed in a separate may be used to protect the standard definition content. facility other than the one that issues unified media key blocks Note that the high definition devices that calculate the to content providers. precursor key from the media key block are also able to The media player 40 can access a server 80 of the content calculate the media key itself by using the one-way function. provider 60 through a network 85 to obtain the encrypted Thus, they can decrypt standard definition content, and, per 45 digital content 65 and a title key 90. The title key 90 (inter haps more importantly, have a key they can use to synchronize changeably referenced herein as Kt 90) allows the media cryptographically with the standard definition devices. This is player 40 to decrypt and play the encrypted content 65 after how the present invention provides the desired synchroniza the encrypted content 65 has been recorded to media 55. The tion functionality. title key 90 is encrypted, and requires the media player 40 to Referring now to FIG. 1 there is shown an exemplary 50 correctly process the unified media key block 45 to decrypt overall environment in which a system 10, for performing and use the unified media key block 45. The content provider broadcast encryption for digital content according to the 60 may record the encrypted content 65 and the encrypted present invention may be used. In this embodiment, the title key 90 directly to the media 55 such as, for example, a CD present invention may be used in a variety of content protec or DVD. A user may then obtain the encrypted content 65 by, tion applications including but not limited to DVDs, down 55 for example, purchasing the CD. loaded content, software and others. FIG. 1 shows the system The media player 40 comprises any compliant module that 10 for performing broadcast encryption as disclosed in U.S. can verify the physical presence of a media 55 such as, for patent application Ser. No. 12/133,736 entitled “System, example, a disk. A compliant module is one that follows the Method, and Service for Performing Unified Broadcast usage rules of the media module 25that are cryptographically Encryption and Traitor Tracing for Digital Content, the con 60 bound to media 55. For example, a compliant recorder does tents of which are incorporated herein by reference. not record content encoded “do not copy”. System 10 comprises a unified media key block module 15, FIG. 1 illustrates an exemplary application of system 10 a traitor detection module 20, a media module 25, and a media referenced as “electronic sell-through’’ in which a consumer player module 30. The media player module 30 comprises a obtains the encrypted content 65 by downloading the device key set 35 that is uniquely associated with a media 65 encrypted content 65 from the content provider 60 onto a player 40. The media player 40 may comprise any one of a media 55 such as recordable disk in the home of the con number of devices used to play digital media, including, but Sumer. While described in terms of an “electronic sell US 8,422,684 B2 5 6 through' application, it should be clear that system 10 is 146 using a standard MKB process 148. The second media applicable as well to, for example, any application in which key precursor 146 may then be used by a decryption unit 150 authentication is important and the authenticators are to decrypt the class C content 108 and output decrypted class restricted to a subset of the participants. Furthermore, while C content 152. illustrated as providing secure encryption of content for deliv Media player 104 may also process class B content by ery to media, it should be clear that system 10 is applicable as calculating a first media key precursor 154 from the second well to, for example, any type of content delivery. Also, while media key precursor 146 using a one-way function 156. This the system 10 shown in FIG. 1 is a unified broadcast encryp first media key precursor 154 may then be used by the decryp tion system, embodiments of the invention may be used with tion unit 150 to output decrypted class B content 155. Like other types of broadcast encryption systems. 10 wise, media player 104 may also process class A content 106 FIGS. 2, 3 and 4 shows block diagrams of a plurality of by calculating a media key 158 from the first media key media players, such as media player 40 shown in FIG. 1. In precursor 154 using a one-way function 160. This media key particular, media players 100,102 and 104 are configured to 158 may then be used by the decryption unit 150 to output play different classes of media. Content of three classes are decrypted class A content 162. shown in FIGS. 2, 3 and 4. In particular, the content includes 15 FIG. 5 shows a flow chart of a process 164 for broadcast encrypted content of class A106, encrypted content of class B encryption in accordance with an embodiment of the inven 108, and encrypted content of class C 110. In accordance with tion. In process 164, a system having two security classes is an embodiment of the invention, each of the classes of content described. It will be appreciated that this process 164 may be contains a common media key block (MKB) 116. modified to handle any number of security classes by adding In this embodiment, class A content 106 requires the least additional media key precursors. In step 166 a common media amount of security, class B content 108 requires a higher level key block is received by a device of a first class and by a of security, and Class C requires the highest level of security. device of a second class, which may comprise players 100 and Media player 100 is configured to play only class A content 102 shown in FIGS. 2 and 3. The common media key block 106. Media player 102 is configured to play class A content will be received as part of digital content, which may include 106 and class B content 108. Media player 110 is configured 25 digital content of a first class and digital content of a second to play class A content 106, class B content 108 and class C class. The digital content of a first class has lower level Secu content 110. For example, Class A content may be standard rity requirements than the digital content of a second class. definition content, Class B may be high definition content, For example, the first class content may be standard television and Class C may be content requiring even higher level of broadcast video, and the second class content may be high security than high-definition content. 30 definition television broadcast video. In step 168, the device The three classes of content are received by the media of a first class calculates a media key using the common players 100,102 and 104 through a network 112, which may media key block. This media key may then be used by the comprise one or more of a variety of known ways of distrib device of a first class to decrypt encrypted content of a first uting digital content. Referring now to FIG. 2, media player class, in step 170. 100 receives encrypted class A content 106 and processes is 35 The device of a second class calculates a first media key using a device key/MKB processor 114. In particular, device precursor using the common media key block, in step 172. key/MKB processor 114 extracts the common MKB 116 This media key precursor may then be used by the second from the class A content 106 and uses its device key 118 to class device to decrypt encrypted content of a second class, in calculate a media key 120. This calculation is accomplished step 174. As described above, the second class device may using standard MKB processing 122. The details of the pro 40 also calculate a media key from the media key precursor to cessing depend on the particular MKB scheme in use in the decrypt content of a first class. system; for example, the system might be using the well It may be noted that the licensing agency 75, as shown in known “subset-difference' MKB scheme such as is used in FIG. 1, may generate media key blocks where some devices AACS. All MKB schemes are within the scope of this inven calculate media key precursors, and other devices calculate tion. The calculated media key 120 then is used by a decryp 45 the media key. This is a relatively simple thing to do because tion unit 123 to produce decrypted Class A digital content all broadcast encryption schemes work by assigning devices 125. to various overlapping Subsets. Each Subset has an associated Referring now to FIG.3, media player 102 receives class B key. The media key block is simply a list of subsets of non encrypted digital content 108 and its device key/MKB pro -revoked devices along with the encryptions of the media key cessor 124 extracts the common MKB 116. The device key/ 50 with each subset key. It is a simple matter for different subsets MKB processor 124 then uses its device key 126 and the to have encryptions of different keys instead of every one common MKB 116 to calculate a first media key precursor having an encryption of the media key. In addition, the licens 128 using standard MKB processing 130. The first media key ing agency needs to group devices in the same security class precursor 128 may then be used by a decryption unit 132 to into convenient Subsets when they assign device keys. It will decrypt the class B content 108 and output decrypted class B 55 be appreciated by those skilled in the art that the present content 134. invention works equally well for all known broadcast encryp Media player 102 also has the ability to process class A tion schemes. content 106. It does this by processing the encrypted class A Embodiments of the invention may utilize a variety of content 106 to produce the first media key precursor 128 and known one-way functions. In one embodiment, the following then uses a one-way function 136 to calculate a media key 60 well-known one-way function, based on the Advanced 138. Decryption unit 132 may then use the media key 138 to Encryption Standard (AES) cipher, is used: output decrypted class A content 140. Referring now to FIG. 4, media player 104 receives encrypted class C content 110 and its device key/MKB pro where r is the result, k is a key, d is data, AES-D is AES cessor 142 extracts the common MKB 116. The device key/ 65 decryption in electronic code book mode, and XOR is exclu MKB processor 142 then uses its device key 144 and the sive-or. This function is one-way in the following sense: from common MKB 116 to calculate a second media key precursor r, it is intractable to calculate eitherkord. In this embodiment, US 8,422,684 B2 7 8 k would be a media key precursor and d would be a constant like and conventional procedural programming languages, known to all devices. Note that d does not have to be a secret. Such as the “C” programming language or similar program It can be a published constant without hurting the security of ming languages. The program code may execute entirely on this invention. the user's computer, partly on the users computer, as a stand It will be appreciated by those skilled in the art that the alone software package, partly on the user's computer and various keys in the media key one-way chain protect the partly on a remote computer or entirely on the remote com various classes of content. However, in practice, it is rare in puter or server. In the latter scenario, the remote computer content protection systems for keys from the media key block may be connected to the user's computer through any type of to directly encrypt the content. Instead, there is often at least network, including a local area network (LAN) or a wide area one a level of indirection: the content is encrypted with a title 10 network (WAN), or the connection may be made to an exter key, and then the title key is encrypted with the key from the nal computer (for example, through the Internet using an media key block. This encrypted title key is typically stored in Internet Service Provider). a header associated with the content. Hence some embodi The present invention is described with reference to flow ments of the invention may employ this technique of using chart illustrations and/or block diagrams of methods, appa one or more levels of indirection of keys to protect the con 15 ratus (systems) and computer program products according to tent. embodiments of the invention. It will be understood that each As can be seen from the above disclosure, embodiments of block of the flowchart illustrations and/or block diagrams, the invention provide a broadcast encryption system that and combinations of blocks in the flowchart illustrations and/ employs a common media key block, while providing differ or block diagrams, can be implemented by computer program ent levels of protection for different media and different instructions. These computer program instructions may be devices. provided to a processor of a general purpose computer, spe As will be appreciated by one skilled in the art, the present cial purpose computer, or other programmable data process invention may be embodied as a system, method or computer ing apparatus to produce a machine, such that the instruc program product. Accordingly, the present invention may tions, which execute via the processor of the computer or take the form of an entirely hardware embodiment, an entirely 25 other programmable data processing apparatus, create means Software embodiment (including firmware, resident Software, for implementing the functions/acts specified in the flowchart micro-code, etc.) or an embodiment combining Software and and/or block diagram block or blocks. hardware aspects that may all generally be referred to herein These computer program instructions may also be stored in as a “circuit,” “module' or “system.” Furthermore, the a computer-readable medium that can direct a computer or present invention may take the form of a computer program 30 other programmable data processing apparatus to function in product embodied in any tangible medium of expression hav a particular manner, Such that the instructions stored in the ing computer usable program code embodied in the medium. computer-readable medium produce an article of manufac Any combination of one or more computer usable or com ture including instruction means which implement the func puter readable medium(s) may be utilized. The computer tion/act specified in the flowchart and/or block diagram block usable or computer-readable medium may be, for example 35 or blocks. but not limited to, an electronic, magnetic, optical, electro The computer program instructions may also be loaded magnetic, infrared, or semiconductor system, apparatus, onto a computer or other programmable data processing device, or propagation medium. More specific examples (a apparatus to cause a series of operational steps to be per non-exhaustive list) of the computer-readable medium would formed on the computer or other programmable apparatus to include the following: an electrical connection having one or 40 produce a computer implemented process such that the more wires, a portable computer diskette, a hard disk, a ran instructions which execute on the computer or other program dom access memory (RAM), a read-only memory (ROM), an mable apparatus provide processes for implementing the erasable programmable read-only memory (EPROM or Flash functions/acts specified in the flowchart and/or block diagram memory), an optical fiber, a portable compact disc read-only block or blocks. memory (CDROM), an optical storage device, a transmission 45 The flowchart and block diagrams in the Figures illustrate media Such as those Supporting the Internet or an intranet, or the architecture, functionality, and operation of possible a magnetic storage device. Note that the computer-usable or implementations of systems, methods and computer program computer-readable medium could even be paper or another products according to various embodiments of the present Suitable medium upon which the program is printed, as the invention. In this regard, each block in the flowchart or block program can be electronically captured, via, for instance, 50 diagrams may represent a module, segment, or portion of optical scanning of the paper or other medium, then com code, which comprises one or more executable instructions piled, interpreted, or otherwise processed in a suitable man for implementing the specified logical function(s). It should ner, if necessary, and then stored in a computer memory. In the also be noted that, in some alternative implementations, the context of this document, a computer-usable or computer functions noted in the block may occur out of the order noted readable medium may be any medium that can contain, Store, 55 in the figures. For example, two blocks shown in Succession communicate, propagate, or transport the program for use by may, in fact, be executed Substantially concurrently, or the or in connection with the instruction execution system, appa blocks may sometimes be executed in the reverse order, ratus, or device. The computer-usable medium may include a depending upon the functionality involved. It will also be propagated data signal with the computer-usable program noted that each block of the block diagrams and/or flowchart code embodied therewith, either in baseband or as part of a 60 illustration, and combinations of blocks in the block diagrams carrier wave. The computer usable program code may be and/or flowchart illustration, can be implemented by special transmitted using any appropriate medium, including but not purpose hardware-based systems that perform the specified limited to wireless, wire line, optical fiber cable, RF, etc. functions or acts, or combinations of special purpose hard Computer program code for carrying out operations of the ware and computer instructions. present invention may be written in any combination of one or 65 FIG. 6 is a high level block diagram showing an informa more programming languages, including an object oriented tion processing system useful for implementing one embodi programming language such as Java, Smalltalk, C++ or the ment of the present invention. The computer system includes US 8,422,684 B2 9 10 one or more processors. Such as processor 202. The processor From the above description, it can be seen that the present 202 is connected to a communication infrastructure 204 (e.g., invention provides a system, computer program product, and a communications bus, cross-over bar, or network). Various method for implementing the embodiments of the invention. software embodiments are described in terms of this exem References in the claims to an element in the singular is not plary computer system. After reading this description, it will intended to mean "one and only unless explicitly so stated, become apparent to a person of ordinary skill in the relevant but rather “one or more.” All structural and functional equiva art(s) how to implement the invention using other computer lents to the elements of the above-described exemplary systems and/or computer architectures. embodiment that are currently known or later come to be The computer system can include a display interface 206 known to those of ordinary skill in the art are intended to be that forwards graphics, text, and other data from the commu 10 encompassed by the present claims. No claim element herein nication infrastructure 204 (or from a frame buffer not shown) is to be construed under the provisions of 35 U.S.C. section for display on a display unit 208. The computer system also 112, sixth paragraph, unless the element is expressly recited includes a main memory 210, preferably random access using the phrase “means for or “step for.” memory (RAM), and may also include a secondary memory The terminology used herein is for the purpose of describ 212. The secondary memory 212 may include, for example, a 15 ing particular embodiments only and is not intended to be hard disk drive 214 and/or a removable storage drive 216, limiting of the invention. As used herein, the singular forms representing, for example, a floppy disk drive, a magnetic “a”, “an and “the are intended to include the plural forms as tape drive, or an optical disk drive. The removable storage well, unless the context clearly indicates otherwise. It will be drive 116 reads from and/or writes to a removable storage unit further understood that the terms “comprises” and/or “com 218 in a manner well known to those having ordinary skill in prising, when used in this specification, specify the presence the art. Removable storage unit 218 represents, for example, of stated features, integers, steps, operations, elements, and/ a floppy disk, a compact disc, a magnetic tape, or an optical or components, but do not preclude the presence or addition disk, etc. which is read by and written to by removable storage of one or more other features, integers, steps, operations, drive 216. As will be appreciated, the removable storage unit elements, components, and/or groups thereof. 218 includes a computer readable medium having stored 25 The corresponding structures, materials, acts, and equiva therein computer Software and/or data. lents of all means or step plus function elements in the claims In alternative embodiments, the secondary memory 212 below are intended to include any structure, material, or act may include other similar means for allowing computer pro for performing the function in combination with other grams or other instructions to be loaded into the computer claimed elements as specifically claimed. The description of system. Such means may include, for example, a removable 30 the present invention has been presented for purposes of storage unit 220 and an interface 222. Examples of such illustration and description, but is not intended to be exhaus means may include a program cartridge and cartridge inter tive or limited to the invention in the form disclosed. Many face (Such as that found in video game devices), a removable modifications and variations will be apparent to those of memory chip (such as an EPROM, or PROM) and associated ordinary skill in the art without departing from the scope and Socket, and other removable storage units 220 and interfaces 35 spirit of the invention. The embodiment was chosen and 222 which allow software and data to be transferred from the described in order to best explain the principles of the inven removable storage unit 220 to the computer system. tion and the practical application, and to enable others of The computer system may also include a communications ordinary skill in the art to understand the invention for various interface 224. Communications interface 224 allows software embodiments with various modifications as are suited to the and data to be transferred between the computer system and 40 particular use contemplated. external devices. Examples of communications interface 224 may include a modem, a network interface (Such as an Eth What is claimed is: ernet card), a communications port, or a PCMCIA slot and 1. A method of enforcing a hierarchy of security classes card, etc. Software and data transferred via communications defined in a common media key block, each of said classes interface 224 are in the form of signals which may be, for 45 being associated with a particular format of media content, example, electronic, electromagnetic, optical, or other signals and said media key block being commonly used by media capable of being received by communications interface 224. devices that play media content formats associated with dif These signals are provided to communications interface 224 ferent security classes, the method comprising: via a communications path (i.e., channel) 226. This commu in response to a request for a media device to decrypt an nications path 226 carries signals and may be implemented 50 encrypted media file, said media device plays media using wire or cable, fiber optics, a phone line, a cellular phone content of a highest security class of said hierarchy and link, an RF link, and/or other communications channels. security classes lower in said hierarchy than said highest In this document, the terms "computer program medium.” security class, the media file being Stored on a storage “computer usable medium, and “computer readable medium that includes said media key block and at least medium' are used to generally refer to media Such as main 55 one media file comprising media content being of a memory 210 and secondary memory 212, removable storage particular format, said device: drive 216, and a hard disk installed in hard disk drive 214. reading said media key block; Computer programs (also called computer control logic) calculating a first media key precursor by processing are stored in main memory 210 and/or secondary memory said media key block, said first precursor allows said 212. Computer programs may also be received via commu 60 device to decrypt said media file for media content nications interface 224. Such computer programs, when associated with a first security class being of a highest executed, enable the computer system to perform the features security class of said hierarchy; and of the present invention as discussed herein. In particular, the if said media file is for media content associated with a computer programs, when executed, enable the processor 202 second security class being of a second highest Secu to perform the features of the computer system. Accordingly, 65 rity class of said hierarchy: (i) calculating a media key Such computer programs represent controllers of the com by executing at least one predefined one-way function puter system. at least once on said first precursor and (ii) using said US 8,422,684 B2 11 12 media key to decrypt said media file for said media calculates a media key by executing at least one pre content associated with said second security class. defined one-way function at least once on said second 2. The method of claim 1, further comprising: precursor, and if said media file is for media content associated with a uses said media key, calculated from said second pre third security class being of a third highest security class cursor, to decrypt said media file for said media con of said hierarchy: tent associated with said third security class. calculating a second media key precursor by processing 8. The device of claim 7, further comprising: said media key block; iteratively repeating said calculates, of a media key precur calculating a media key by executing at least one pre Sor and a media key, until a media key is generated that defined one-way function at least once on said second 10 allows said device to decrypt said media file for media precursor; and content associated with a security class lower than said using said media key, calculated from said second pre third security class. cursor, to decrypt said media file for said media con 9. The device of claim 6, wherein said at least one pre tent associated with said third security class. 15 defined one-way function comprises: 3. The method of claim 2, further comprising: iteratively repeating said calculating, of a media key pre cursor and a media key, until a media key is generated where r is said first media key precursor, k is a key, d is a that allows said device to decrypt said media file for constant known by said media device, AES-D is media content associated with a security class lower than Advanced Encryption Standard (AES) decryption, and said third security class. XOR is exclusive-or. 4. The method of claim 1, wherein said media files are 10. A computer program product of enforcing a hierarchy encrypted with a title key that is encrypted with a key selected of security classes defined in a common media key block, from the group consisting of said media key, said first pre each of said classes being associated with a particular format cursor, and said second precursor. 25 of media content, and said media key block being commonly 5. The method of claim 1, wherein said at least one pre used by media devices that play media content formats asso defined one-way function comprises: ciated with different security classes, the computer program product comprising a non-transitory computer-useable Stor 30 age medium, said medium having a computer-readable pro where r is said first media key precursor, k is a key, d is a gram, wherein the program upon being processed on a com constant known by said media device, AES-D is puter causes the computer to implement the steps of: Advanced Encryption Standard (AES) decryption, and in response to a request for a media device to decrypt an XOR is exclusive-or. encrypted media file, said media device plays media 6. A media device of enforcing a hierarchy of security 35 content of a highest security class of said hierarchy and classes defined in a common media key block, each of said security classes lower in said hierarchy than said highest classes being associated with a particular format of media security class, the media file being Stored on a storage content, said media key block being commonly used by medium that includes said media key block and at least media devices that play media content formats associated one media file comprising media content being of a with different security classes, and said media device plays 40 particular format, said device: media content of a highest security class of said hierarchy and reading said media key block; security classes lower in said hierarchy than said highest calculating a first media key precursor by processing security class said device comprising: said media key block, said first precursor allows said a storage medium that includes said media key block and at device to decrypt said media file for media content least one encrypted media file comprising media content 45 being of a particular format; associated with a first security class being of a highest a processor executing a program that in response to a security class of said hierarchy; and request for said device to decrypt said media file: if said media file is for media content associated with a reads said media key block; second security class being of a second highest Secu calculates a first media key precursor by said media key 50 rity class of said hierarchy: (i) calculating a media key block, said first precursor allows said device to by executing at least one predefined one-way function decrypt said media file for media content associated at least once on said first precursor and (ii) using said with a first security class being of a highest Security media key to decrypt said media file for said media class of said hierarchy; and content associated with said second security class. if said media file is for media content associated with a 55 11. The computer program product of claim 10, further second security class being of a second highest Secu comprising: rity class of said hierarchy: (i) calculates a media key if said media file is for media content associated with a by executing at least one predefined one-way function third security class being of a third highest security class at least once on said first precursor, and (ii) uses said of said hierarchy: media key to decrypt said media file for said media 60 calculating a second media key precursor by processing content associated with said second security class. said media key block; 7. The device of claim 6, further comprising: calculating a media key by executing at least one pre if said media file is for media content associated with a defined one-way function at least once on said second third security class being of a third highest security class precursor, and of said hierarchy, said processor: 65 using said media key, calculated from said second pre calculates a second media key precursor by processing cursor, to decrypt said media file for said media con said media key block; tent associated with said third security class. US 8,422,684 B2 13 14 12. The computer program product of claim 11, further comprising: iteratively repeating said calculating, of a media key pre cursor and a media key, until a media key is generated that allows said device to decrypt said media file for media content associated with a security class lower than said third security class. 13. The computer program product of claim 12, wherein said media files are encrypted with a title key that is encrypted with a key selected from the group consisting of said media 10 key, said first precursor, and said second precursor. 14. The computer program of claim 10, wherein said at least one predefined one-way function comprises:

15 where r is said first media key precursor, k is a key, d is a constant known by said media device, AES-D is Advanced Encryption Standard (AES) decryption, and XOR is exclusive-or.

k k k k k