1. Technical Field
The present disclosure generally relates to securing data, and more particularly, to securing data associated with a digital media device.
2. Description of the Related Art
A storage device, such as a hard drive of a digital media recording device, can be used to store media data associated with received audio and/or video content. For example, one such digital media recording device is a digital video recorder (DVR). A DVR application executed by the DVR provides user interface screens that can be used to manage the media data stored to the storage device. The DVR application can also be used to playback recorded media at a later time, while also having the ability to pause, rewind, and fast-forward through the recorded media.
The media data stored to the DVR can be encrypted in order to protect the media content from unauthorized playback. A processor, which could be a secure microprocessor, associated with the DVR can be used to protect the encryption keys that are used by transport stream encryption processors to encrypt the content. In a typical embodiment, the content is encrypted with a content key, and then the content key itself is then encrypted with the public key of the secure microprocessor. Because the content key is encrypted, it can then be stored outside of the secure microprocessor, such as on a hard drive along with the associated encrypted media content.
Upon request for playback of the media content, the associated encrypted content instance key is retrieved from the storage device and decrypted using the private key of the secure microprocessor. The media content can then be retrieved and the decrypted content key can then be used to decrypt the media data for playback.
However, because the encrypted content key is associated with the private key of a particular secure microprocessor, when a DVR and/or its secure microprocessor fails it is not be possible to access the secure microprocessor to allow decryption of the content key, and to decrypt stored content from the DVR's storage device. Thus, the DVR owner's library of recorded and encrypted media content becomes inaccessible for playback. This may be so, even though the user may be legally entitled to play the media content, e.g., after paying for that right. Additionally, tying the media content to a particular DVR introduces problems with respect to the sharing of digital media between devices. For example, in some cases, a subscriber may be authorized to view content recorded by a first DVR within the subscriber household on another, second media device (i.e. a set-top box or another DVR, among other possible media devices) within the subscriber household. However, because the encrypted media content is tied to the secure microprocessor in the first DVR used to record the media, such sharing becomes difficult.
To allow for recovery of a content key in the event that the original secure microprocessor is destroyed or missing, the content key can be encrypted with the public key of a cable head-end system. Accordingly, a DVR having a new secure microprocessor sends the encrypted content keys on a program-by-program basis to the head-end for decryption and the head-end recovers content keys by decryption with its private key. The content keys can be re-encrypted with the public key of the new secure microprocessor and sent back to the DVR.
However, there are a number of drawbacks to such a recovery scheme. For example, public key encryption and decryption are computationally expensive operations, requiring hundreds of milliseconds (or even seconds) of processor time. Because the public key encryption and decryption of content keys are performed within the secure microprocessor as an atomic operation, they can interfere with other timing-sensitive operations that the secure microprocessor is responsible for, such as conditional access (CA) decryption. This is particularly true if the secure microprocessor is decrypting electronic control messages (ECMs) for multiple streams from the multiple system operator (MSO) network. Additionally, a second problem is that recovery of the original secure microprocessor requires the cable head-end to recover content keys for each and every program on the DVR hard drive. This approach does not scale well in a system with thousands of DVR set tops, each with potentially hundreds of programs to be recovered.
Therefore, what are needed are systems and methods that can potentially address one or more of the aforementioned deficiencies.