1. Field of the Invention
The present invention relates generally to digital content protection in computer systems and more specifically to dynamically and securely distributing a private key over a network so only a specific trusted player can use the private key to access specific encrypted digital content.
2. Description of Related Art
The personal computer (PC) platform is an open and accessible computer architecture. However, the openness of the PC means that it is a fundamentally insecure computing platform. Both the hardware and software can be accessed for observation and modification. This openness allows malicious users and programs to observe and to modify executing code. For example, this insecurity has been exploited by software viruses that attack a user's PC. Software viruses infect PCs by masquerading as popular software or by attaching themselves to other programs. Such observation or modification can be performed by either a malevolent user or a malicious program. Yet, there are classes of operations that must be performed securely on the fundamentally insecure PC platform. These are applications where the basic integrity of the operation must be assumed, or at least verified, to be reliable. Examples of such operations include financial transactions and other electronic commerce, unattended access authorization, and digital content management. The recent use of the Internet as a new content delivery mechanism adds yet another dimension to the uses of PCs.
For content providers, the threat of digital piracy at the PC requires new software that is resistant to attacks by a malicious user. In this scenario, the malicious user may wish to tamper with or replace components of the software in order to gain unauthorized access to digital content or to make unauthorized reproductions. A cryptosystem based on cryptographic methods may be used to protect the content owner's rights. Content may be encrypted to provide some measure of protection, but the software accessing the encrypted content is still vulnerable to attack.
Various concepts from the field of cryptography, such as public key cryptography, digital signatures, and certificates, are discussed herein to assist the reader in understanding the present invention.
In modern cryptography, the security of the cryptographic algorithm (or cipher) is not dependent on keeping the algorithm secret, but instead on using a key that is kept secret. Public key cryptography uses two keys to perform cryptographic operations. One key is public and known to everyone while the second key is private and known only to a particular user. Depending on the cipher, there are two uses of public key cryptography. The first use is encryption where the public key can be used to send information that only a user with the corresponding private key can read. The second use is digital signatures where the public key is used to verify the digital signature while the private key is used to create the signature.
A digital signature convinces a recipient that the signer and no one else deliberately signed a document (e.g., a computer file), prevents the signer from claiming that he/she did not sign a document (non-repudiation), and prevents the document from being altered without detection. In public key algorithms such as Digital Signature Algorithm (DSA), a separate cipher is used for digital signatures that cannot be used to encipher but simply for verification. DSA was proposed by the National Institute of Standards and Technology (NIST) in August, 1991, for use in the Digital Signature Standard (DSS).
A practical consideration in using public key algorithms is that they are not efficient enough to sign large documents. Consequently, digital signature protocols use one-way hash functions to improve performance and security of the protocol. A one-way hash function, H(M), maps an arbitrary length message M to a fixed-length value h. It also has the following characteristics to make it secure: 1) given M, it is easy to compute h; 2) given h, it is hard to compute M such that H(M)=h; and 3) given M, it is hard to find M' such that H(M)=H(M'). If an attacker could do either 2) or 3), then he could undermine the digital signature protocol that uses one-way functions by either altering documents or reusing signatures.
Certificates are used to provide a tight binding between a public/private key pair and an identity. The binding must be certified by some certificate authority using a digital signature. Certificates may imply privileges like a credit card or a driver's license. For certificates to be useful, there must be at least one known trusted public key. This key is called the root key and the corresponding certificate is called the root certificate. The root key must be distributed by some trusted means like certified postal mail.
With the arrival of new classes of computer applications, such as content management, whose basic integrity must be assumed or verified, new security techniques must be developed. Generally, users need methods of authenticating the origin of software and testing the integrity of the software, all within a cryptosystem environment.
Consider the situation where an application program running on a user's PC accesses encrypted digital content on a storage medium. For example, the application could be a digital versatile disk (DVD) player and the storage medium could be a DVD. The user typically buys the DVD player software, installs it on the PC, and buys DVD content to be operated on by the DVD player. The content may include any multimedia data. The content on the DVD is encrypted by the DVD manufacturer to prevent unauthorized copies from being made by users. The user cannot simply view the DVD's content; it must be decrypted by the DVD player and the DVD player typically does not provide the capability for storing decrypted content. The key used to decrypt the DVD is typically included in the DVD player so that when the user inserts a DVD into a DVD drive, the DVD player decrypts the encrypted content and plays it in real-time for the user.
This scenario appears to provide adequate security, however, the system is open to attack. The key is able to be used with all encrypted DVDs. The DVD player software could be "hacked" and the key obtained. A rogue DVD player could then be constructed to use the recovered key to decrypt any encrypted DVD content and store it on the PC's hard drive for subsequent unauthorized copies to be made.
In response, what is required is a method which will allow the fundamentally insecure, open PC to execute software which cannot be observed or modified in order to enable trusted access to encrypted digital content. Furthermore, any key needed for decryption must be dynamically provided to the trusted software and not "pre-loaded". The key should also be dynamically generated for a specific instance of trusted software and specific encrypted content based on user input. Overcoming the deficiencies of the prior/art and fulfilling these requirements would greatly increase the protection available for digital content access systems.