Including URL to Media Key Block in Encrypted Content Header
Original Publication Date: 2004-Sep-03
Included in the Prior Art Database: 2004-Sep-03
Content distribution is a challenging issue plaguing both businesses and consumers in today’s world. This distribution grows significantly in complexity when the content to be distributed is in encrypted form. A common challenge for any encryption technology is that once keys are compromised, there must be a methodology in place for updating the system with the newly revoked keys. The measure of any encryption technology is how gracefully it degrades, so this issue must be dealt with directly. The subject of this invention directly addresses this issue. Broadcast encryption and content protection for recordable media, which are prior art of IBM upon which this invention is based, can be described as follows. A server prepares content in this scheme in such a way that the content is encrypted with a key called the title key. This key is then itself encrypted with the MKB (Media Key Block – a key component of the CPRM technology). This layer of indirection is a useful aspect of the technology and bears heavily upon the invention. A header is generated and prepended to the encrypted content. This header contains some method for obtaining the MKB and the encrypted title key. On the client side, the client is enabled with a set of CPRM keys. Using these keys and the MKB, the client can calculate the media key, and from that, the title key that allows it to decrypt the actual content. This prior art system has substantial advantages over traditional userid/password or public-key based systems. The client never needs to identify itself; nonetheless, the server knows that that only authorized clients would be able to decrypt the content it sends. Such a system has inherent high client privacy, and may, in some applications, have substantially less administrative overhead. A remaining problem, however, is how does the MKB get to the client?