Browse Prior Art Database

Including URL to Media Key Block in Encrypted Content Header

IP.com Disclosure Number: IPCOM000030992D
Original Publication Date: 2004-Sep-03
Included in the Prior Art Database: 2004-Sep-03
Document File: 7 page(s) / 100K

Publishing Venue

IBM

Abstract

Content distribution is a challenging issue plaguing both businesses and consumers in today’s world. This distribution grows significantly in complexity when the content to be distributed is in encrypted form. A common challenge for any encryption technology is that once keys are compromised, there must be a methodology in place for updating the system with the newly revoked keys. The measure of any encryption technology is how gracefully it degrades, so this issue must be dealt with directly. The subject of this invention directly addresses this issue. Broadcast encryption and content protection for recordable media, which are prior art of IBM upon which this invention is based, can be described as follows. A server prepares content in this scheme in such a way that the content is encrypted with a key called the title key. This key is then itself encrypted with the MKB (Media Key Block – a key component of the CPRM technology). This layer of indirection is a useful aspect of the technology and bears heavily upon the invention. A header is generated and prepended to the encrypted content. This header contains some method for obtaining the MKB and the encrypted title key. On the client side, the client is enabled with a set of CPRM keys. Using these keys and the MKB, the client can calculate the media key, and from that, the title key that allows it to decrypt the actual content. This prior art system has substantial advantages over traditional userid/password or public-key based systems. The client never needs to identify itself; nonetheless, the server knows that that only authorized clients would be able to decrypt the content it sends. Such a system has inherent high client privacy, and may, in some applications, have substantially less administrative overhead. A remaining problem, however, is how does the MKB get to the client?

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 44% of the total text.

Page 1 of 7

Including URL to Media Key Block in Encrypted Content Header

The naïve way to distribute the MKB would be to include it as part of
the content header; however, the layer of encryption key indirection
is weakened when it becomes necessary to perform a significant change
to the content packaging to replace a Media Key Block. Thus, this
invention is that the MKB not be included as part of the content, but
that a URL (Uniform Resource Locator) to the MKB be included instead.

To summarize, the content is distributed with a header, which
contains a URL to the MKB. In this way the encryption of content is
not limited to a particular instance of the MKB; rather, the MKB can
be changed on the server, without changing the bulk of the content,
except for the Encrypted Title Key in the header.

Main Idea for Disclosure ARC8-2003-0010

Prepared for and/or by an IBM Attorney - IBM Confidential

Archived On 06/06/2003 10:19:01 PM

Title of disclosure (in English)

Including URL to Media Key Block in Encrypted Content Header

Main Idea

1. Background: What is the problem solved by your invention? Describe known solutions to this problem (if any). What are the drawbacks of such known solutions, or why is an additional solution required? Cite any relevant technical documents or references.

Content distribution is a challenging issue plaguing both
businesses and consumers in today's world. This distribution grows
significantly in complexity when the content to be distributed is in
encrypted form. A common challenge for any encryption technology is
that once keys are compromised, there must be a methodology in place

1

[This page contains 1 picture or other non-text object]

Page 2 of 7

for updating the system with the newly revoked keys. The measure of
any encryption technology is how gracefully it degrades, so this issue
must be dealt with directly. The subject of this invention directly addresses this issue.
Broadcast encryption and content protection for recordable media ,
which are prior art of IBM upon which this invention is based, can be
described as follows. A server prepares content in this scheme in
such a way that the content is encrypted with a key called the title
key. This key is then itself encrypted with the MKB (Media Key Block
- a key component of the CPRM technology). This layer of indirection
is a useful aspect of the technology and bears heavily upon the
invention. A header is generated and prepended to the encrypted
content. This header contains some method for obtaining the MKB and
the encrypted title key. On the client side, the client is enabled with a set of CPRM
keys. Using these keys and the MKB, the client can calculate the media
key, and from that, the title key that allows it to decrypt the actual
content. This prior art system has substantial advantages over
traditional userid/password or public-key based systems. The client
never needs to identify itself; nonetheless, the server knows that
that only authorized clients would be able to decrypt the content...