1. Field of the Invention
Embodiments of the present invention generally relate to video-over-networks, e.g., video-over-Internet Protocol (IP) networks that utilize digital rights management functions for securely communicating content to network components. More specifically, the present invention relates to a method and apparatus for delivering a certificate revocation list (CRL) to a one-way client device over a broadcast one-way network.
2. Description of the Related Art
Digital content information has recently gained wide acceptance in the public. Such content includes, but is not limited to: movies, videos, music, and the like. Consequently, many consumers and businesses employ various digital media devices or systems that enable the delivery of such digital multimedia content via several different communication channels (e.g., a wireless satellite link or a wired cable connection). Similarly, the communication channel may be a telephony based connection, such as DSL and the like.
In addition to being used to deliver digital content, a communication channel may be used to distribute a certificate revocation list (CRL) to one-way client devices (e.g., a set top box (STB) that receives a broadcast and does not have an interactive connection to the infrastructure) located in a local network. Typically, a CRL is delivered over an IP network as a communication message that is distinguished from digital content information. This manner of distribution may be an inefficient use of network resources. Furthermore, two-way interactive communications are not available to all receivers, e.g., digital TV set-top boxes without a return channel. Additionally, CRLs may grow to be very large over time while a receiving client device may possess a limited amount of memory. Consequently, the memory may be quickly consumed in the attempt to handle such large CRL objects. Although an attempt to keep the CRLs small could be made, the overall effectiveness of the CRL distribution system may be compromised. For example, in an effort to minimize the size of CRLs, only Certificate Authority (CA) certificates are revoked. Therefore, when a CA certificate is revoked, all device certificates (compromised and uncompromised device certificates alike) issued by that CA are effectively invalidated.
Thus, there is a need in the art for a method and apparatus for delivering a CRL to a one-way client device to a local network.