The present invention relates generally to digital content protection and more particularly to scaleable methods and apparatus for secure communication between content sources and content sinks when either or both are computationally constrained.
Computer capabilities have increased dramatically in recent years. In addition to traditional computer applications such as word processing and spreadsheet calculations, modern personal computers (PCs) are typically capable of producing and playing multimedia presentations.
Multimedia applications may include materials such as audio, video or graphic elements that are subject to copyright or contractual restrictions as to use, distribution or the like. Typically, the multimedia content is provided in digital form for use by computers or other digital consumer electronic (CE) devices.
Many content providers are reluctant to include valuable copyrighted material, e.g., full length motion pictures, for use in multimedia applications because the digital bitstream may be intercepted and copied. Unlike analog materials which degrade in quality from one copy generation to the next, digital copying is capable of producing perfect copies regardless of how many generations of copies are produced.
Recent advances in storage technology, particularly digital video discs (DVD) have created the ability to store full length motion pictures on a single small disc. However, consumers are unlikely to benefit from such advances unless content providers have a mechanism to distribute digitized versions of their valuable copyrighted material in a manner that largely eliminates unauthorized copying.
It is possible to devise strong content protection schemes for securely transferring digital content between various devices. These schemes are often computationally intensive, although modern PCs and customized hardware implementations, typically have sufficient computational resources to perform these content protection schemes in a substantially real-time manner. However, in order to meet manufacturing cost targets, CE devices are often not equipped with the computational resources needed to implement strong content protection schemes in a substantially real-time manner.
What is needed is a method and apparatus for protecting digital content from copying and/or other misuse as it is transferred between one or more computationally constrained devices over insecure communication links.
Briefly, a method of transferring content between one or more computationally constrained devices over insecure links, includes preliminarily authenticating that both a content source and a content sink are compliant devices, transferring content between compliant devices, then, in the background, concurrently with the transfer of content, perform at least a second cryptographic process.
In an embodiment, establishing a preliminary control channel includes exchanging random challenges between devices, encrypting, under a shared secret key, and hashing the exchanged random challenges, exchanging the results of the encryption and hash functions and then verifying that the appropriate results have been generated.
Other features and advantages of the present invention will be apparent from the drawing figures, and detailed description that follow.