The present invention relates to content protection, and more specifically, to clusters of devices with distinct security levels.
Broadcast encryption is an important cryptographic key management approach, especially useful in content protection systems. Two popular broadcast-encryption-based systems are the Content Protection for Recordable Media (CPRM) system from IBM, Intel, Panasonic, and Toshiba, and the Advanced Access Content System (AACS) from Disney, IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, and Warner Bros.
Another example of broadcast encryption is IBM's Advanced Secure Content Cluster Technology (ASCCT), which is useful, for example, where a consumer might have a library of entertainment content in his home, and wants that library to be freely viewed by all the devices he owns. ASCCT uses broadcast encryption to build a cluster of devices to which content can be cryptographically bound to prevent unauthorized copying.
ASCCT uses broadcast encryption based on a Management Key Block (MKB) which is similar to that used by the Advanced Access Content System (AACS) to protect Blu-Ray high definition DVD discs. ASCCT devices exchange a set of messages on a network to establish a cluster of devices each of which shares the same management key block. An ASCCT device uses its set of secret Device keys to process the MKB, and thereby obtain secret keys that enable it to participate in the cluster and gain access to protected content. Both the MKB and Device keys are issued by a licensing authority which oversees the management of the broadcast encryption system.