1. Field
The present invention relates generally to content protection and, more specifically, to distribution of keys to authorized receivers.
2. Description
Cryptographic techniques may be used to protect distributed content. In one system used for protecting content on digital versatile disks (DVDs), a single symmetric key is assigned to each manufacturer of DVD players. The DVD player uses the shared symmetric key embedded within the device to decrypt the content on the DVD and play it for a user. This scheme promotes anonymity because the shared key cannot be used to identify an individual user's device. However, if one of the manufacturer's devices is attacked and the shared symmetric key is compromised, the key may be communicated to others to pirate the content. To attempt to stop this activity, the manufacturer may wish to revoke authorization of the key, thereby preventing further usage of the shared key. However, revocation of the single shared key would render all of the manufacturer's devices inoperable. Thus, despite supporting anonymity, this scheme does not practically support revocation of compromised keys.
Another system uses individual symmetric keys for each device. When a key is compromised, the compromised key may be added to a revocation list. The revocation list may be communicated to the playback device so that the device may know that it's key has been revoked, and thus playback of the content may be prevented. However, when many keys are compromised over time, the revocation list of compromised keys to be sent to playback devices may become large and unmanageable. Additionally, there must be a communications path between an entity managing the revocation list and each playback device. If the number of playback devices becomes large (in the thousands or millions), then distribution of updated revocation lists becomes problematic. In addition, having an individual key for a unique device may raise privacy concerns, because the user's device is not considered to be anonymous.
A technique for distributing keys to playback devices is needed that overcomes the deficiencies of prior systems. Such a technique should permit efficient revocation of compromised keys and also promote anonymity for users and their devices. Furthermore, such a technique should be practical for “off-line” non-interactive scenarios, where no direct communications link to the playback device is available.