US20100040231A1.Pdf
Total Page:16
File Type:pdf, Size:1020Kb
US 2010.0040231A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2010/0040231 A1 Jin et al. (43) Pub. Date: Feb. 18, 2010 (54) SECURITY CLASSES IN A MEDIA KEY Publication Classification BLOCK (51) Int. Cl. H04L 9/32 (2006.01) (75) Inventors: Hongxia Jin, San Jose, CA (US); H04L 9/08 (2006.01) Jeffrey Bruce Lotspiech, (52) U.S. Cl. ......................................... 380/255; 380/278 Henderson, NV (US) (57) ABSTRACT Correspondence Address: According to one embodiment of the present invention, a LAW OFFICE OF DONALD L WENSKAY method for broadcast encryption with security classes in a P.O. Box 7206 media key block is provided. In one embodiment the method Ranco Santa Fe, CA 92067 (US) includes receiving encrypted media of a first and a second class, where the media includes a common media key block, (73) Assignee: INTERNATIONAL BUSINESS in a device of a first class and in a device of a second class. A MACHINES CORPORATION, first media key is calculated from the common media key Armonk, NY (US) block in the device of a first class. A first media key precursor s is calculated from the common media key block in the device of a second class. The first media precursor may be used to (21) Appl. No.: 12/192,962 decrypt media of a first class. The first media precursor may also be used to calculate a second media key in the device of (22) Filed: Aug. 15, 2008 a second class to decrypt content of a first class. License Content provider agency 65 | 70 Unified media key Encrypted block module digital COrtent 90 Traitor detection module Title key Media module Variant key table Media player Unified broadcast encryption System Patent Application Publication Feb. 18, 2010 Sheet 1 of 6 US 2010/0040231 A1 ----------15 License Content provider agency |Unified media key | block module Egypt COntent 90 Title key Media module 50 Variant key table A. 5 Media player module 35 Unified broadcast encryption System Patent Application Publication Feb. 18, 2010 Sheet 2 of 6 US 2010/0040231 A1 Patent Application Publication Feb. 18, 2010 Sheet 3 of 6 US 2010/0040231 A1 819Áeld 9|| UOUUUU00 UOUUUU00 Patent Applica O US 2010/0040231 A1 Patent Application Publication Feb. 18, 2010 Sheet 5 of 6 US 2010/0040231 A1 164 Receive a COmmon media key block in encrypted 166 COntent Of a first Class and in encrypted COntent Of a SeCOnd Class in devices Of a first Class and Of a SeCOnd Class, respectively. 168 Calculate a media key from the Common media key block in the device of a first class. 170 Decrypt Content of a first class in the device of a first class using the media key block. 172 Calculate a first media key precursor from the COmmOn media key block in the device of a SeCOnd Class. 174 DeCrypt encrypted media of a Second class using the first media key preCurSOr in the device Of a SeCOnd Class. FIG. 5 Patent Application Publication Feb. 18, 2010 Sheet 6 of 6 US 2010/0040231 A1 204 2O2 PrOCeSSOr 210 Main memory 2O6 208 Display interface Display unit Communication Infrastructure 212 (BUS) Secondary memory Hard disk drive 218 214 Removable Removable Storage drive Storage unit 216 222 Removable Interface Storage unit 224 22O 226 Communicationinterface Communication path FIG. 6 US 2010/0040231 A1 Feb. 18, 2010 SECURITY CLASSES IN A MEDAKEY class; calculating a first media key precursor from the com BLOCK mon media key block in the device of a second class; decrypt ing the encrypted media of a first class using the first media BACKGROUND key; and decrypting the encrypted media of a second class using the first media key precursor. 0001. The present invention relates to content protection, 0007 According to a further embodiment of the present and more specifically, to media key blocks in broadcast invention, a system comprises: a common media key block; a encryption systems. plurality of devices, each receiving the common media key 0002 Broadcast encryption is an important cryptographic block, the plurality of devices including a device belonging to key management approach, especially useful in content pro a first class and a device belonging to a second class; the tection systems. Two popular broadcast-encryption-based device belonging to a first class including means for generat systems are the Content Protection for Recordable Media ing a first media key from the common media key block, the (CPRM) system from IBM, Intel, Panasonic, and Toshiba, first media key corresponding to the first class; and the device and the Advanced Access Content System (AACS) from Dis belonging to a second class including means for calculating a ney, IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, and first media key precursor using the common media key block, Warner Bros. and means for calculating a second media key from the first 0003. A media key block is the fundamental structure in media key precursor. broadcast-encryption-based system. This structure is also 0008 According to another embodiment of the present Sometimes called a session key block. A media key block is a invention, a computer program product for broadcast encryp data structure which is processed by a device using a set of tion comprises: a computer usable medium having computer device keys. The result of the processing allows the device to usable program code embodied therewith, the computer calculate a media key. The media key, in turn, is used to usable program code comprising: computer usable program decrypt a message. In content protection systems, these “mes code configured to: receive a common media key block in a sages are actually content like Video or music. Often in a device of a first class and in a device of a second class; content protection system, each piece of content is associated calculate a first media key from the common media key block with a different media key block. in the device of a first class; calculate a first media key pre 0004. In some cases, the media key block is associated cursor from the common media key block in the device of a with a set of devices, not a particular item of content. One second class; and calculate a second media key from the first such example is IBM's Advanced Secure Content Cluster media key precursor in the device of a second class. Technology (ASCCT), in which all the content that devices can access is protected by a single media key block. This BRIEF DESCRIPTION OF THE SEVERAL feature is useful, for example, in case where a consumer VIEWS OF THE DRAWINGS might have a library of entertainment content in his home, and wants that library to be freely viewed by all the devices he 0009 FIG. 1 shows a diagram of a broadcast encryption owns. It should be noted that in this single media key block, it system in accordance with an embodiment of the invention; is often the case that not all the content being protected is 0010 FIG. 2 shows a diagram of a content player of a first equally valuable. For example, the user might have some security class in accordance with an embodiment of the movies in standard definition and some movies in high defi invention; nition. From the point of view of the movies creators, the 0011 FIG. 3 shows a diagram of a content player of a high definition version is more valuable, and would have second security class in accordance with an embodiment of more serious economic consequences if the users were to the invention; make unlimited unauthorized copies. Likewise, not all 0012 FIG. 4 shows a diagram of a content player of a third devices are equally privileged. There is no reason, for security class in accordance with an embodiment of the example, why a standard definition television needs a set of invention; keys that allows it to decrypt high-definition video. 0013 FIG. 5 shows a flow chart of a broadcast encryption method in accordance with an embodiment of the invention; SUMMARY and 0014 FIG. 6 is a high level block diagram of an informa 0005 According to one embodiment of the present inven tion processing system useful for implementing one embodi tion, a method comprises: receiving a common media key block in a device of a first class and in a device of a second ment of the present invention. class; calculating a first media key from the common media DETAILED DESCRIPTION key block in the device of a first class; calculating a first media key precursor from the common media key block in the 00.15 Embodiments of the invention provides a broadcast device of a second class; and calculating a second media key encryption system having a single media key block in which from the first media key precursor in the device of a second all devices are not equally protected and all devices are not class. equally privileged. In contrast, in prior single-media-key 0006. According to another embodiment of the present block systems, such as ASCCT, all content was equally pro invention, a method comprises: receiving encrypted media of tected, and all devices are equally privileged, by virtue of the a first class in a device of the first class, the encrypted media fact that all devices process the same media key block and of a first class including a common media key block; receiv learn the same media key. ing encrypted media of a second class in a device of the 0016. It may be noted that in order to provide different second class, the encrypted media of a second class including levels of protection and privilege to different devices, one the common media key block; calculating a first media key approach might be to employ multiple media key blocks, one from the common media key block in the device of a first for each class of content.