1. Technical Field
This disclosure relates to security in using electronic devices and more particularly, to a method and system for managing certificates including public keys for providing copy protection.
2. Description of the Related Art
Copy protection of material which can be retrieved on consumer electronic devices is a growing concern. In one example, the content provider industry including broadcasters and movie producers desire to limit the number of pirated copies of content material. Several methods have been put forth to protect the content as it passes between consumer devices. For example, the content as it passes between a set top box and a digital television must be protected. Otherwise, a perfect digital copy of the content could be made and distributed in violation of copy protection laws.
To date, most if not all schemes for protecting the content material include at least one piece of information which is kept secret. The secret and exactly where the secret is stored is immaterial. In one kno method, the secret is a unique cryptographic key in every device which can act as a source of content. The key is used by the source device in the creation of digital signatures. The digital signature is used to verify the secure transport of information between the source and sink devices.
Once the signature arrives at the sink device, a verification process must ensue to determine if the information was tampered with in transit or an illegal source device is attempting to fool the sink device. For the sink device to verify the digital signature, the public key of the manufacturer of the sink device is used to verify a certificate containing the public key of the manufacturer of the source device. The public key of the manufacturer of the source device is used to validate a certificate containing the public key of the source device. Finally the public key of source device is used to validate the signature.
The present invention facilities the availability of certificates including various public keys. The present invention solves the problem of making sure a certificate including the public key of a new manufacturer of either a source or sink device is available on the sink device.
A system for providing copy protection between a source device and a sink device, in accordance with the present invention, includes a first device including a list of certificates. Each certificate of the list includes a signature for identifying manufacturers of second devices. A second device is included for coupling to the first device. The second device includes a list of certificates, and each certificate includes a signature for identifying manufacturers of the first devices. At least one of the first device and the second device includes means for adapting its respective certificate list to provide entry of a new signature for identifying a new manufacturer of one of the first devices and the second devices.
In alternate embodiments, the first device may include one of a pass-through device and a playback device. The second device may include one of a record device and a presentation device. The signatures may each include a public key designated for each manufacturer. The means for adapting may include means for transmitting and storing a new certificate between devices. The first device and the second device are preferably connected by a bus.
Another system for providing copy protection between a source device and a sink device, in accordance with the present invention, includes a source device including a list of certificates. Each certificate of the list provides a signature for a manufacturer of sink devices, i.e., the signature for verifying sink devices. A sink device is included for connecting to the source device. The sink device includes a list of certificates corresponding to source device manufacturers. The source and/or the sink device have a certificate omitted from the list of certificates of the other of the sink device and/or the source device. Means for adapting the source and/or the sink device to receive a new certificate are included wherein the new certificate is transmitted to the source/sink device to be added to the list of certificates thereby identifying the sink/source device to the source/sink device.
In alternate embodiments, the sink/source device may include a certificate list corresponding to manufactures of source/sink devices, and the source/sink device has a certificate omitted from the list of certificates of the sink/source device. The sink/source device may further include means for adapting the sink/source device to receive a new certificate. The new certificate is transmitted to the sink/source device to be added to the list of certificates thereby identifying the source/sink device to the sink/source device. The source device may include one of a pass-through device and a playback device, and the sink device may include one of a record device and a presentation device. The signatures may each include a public key designated for each manufacturer. The devices are preferably connected by a bus.
A method for copy protecting content transferred between a source device and a sink device according to the present invention includes the step of transmitting identifying information between the source device and the sink device. Verifying the source device and the sink device is preferably performed by determining if the source device and the sink device include the identifying information transmitted from the other of the source device and the sink device. If the step of verifying fails, new identifying information is checked against certification information in which the certification information is provided for one of a new source device and a new sink device. The new source device or the new sink device (or both) include new identifying information. The steps of transmitting and storing the new identifying information between the source device and the sink device are preferably included to provide a new certificate for enabling data exchanges between the source device and the sink device.
In other methods, the steps of transmitting and storing the new identifying information may include verifying the new identifying information with a predetermined certification source. The predetermined certification source may include a private key. The identifying information and the new identifying information may include public keys corresponding to manufacturers of the source devices and the sink devices.