1. Field of the Invention
The present invention relates to the implementation of broadcast encryption schemes. In particular, the present invention relates to encrypting digital content on distribution media, such as physical media and broadcast media.
2. Description of the Related Art
Broadcast encryption is a category of encryption scheme for protecting digital content from unauthorized access, reproduction, and distribution. Broadcast encryption schemes are one-way, which eliminates the requirement for low-level handshakes that tend to weaken the security of copy protection schemes. Also, by eliminating the need for two-way communications, the potentially expensive return channel on a receiver may be eliminated, lowering costs for device manufacturers and users. Though initially developed for use with the actual broadcasting of digital content, such as cable television programming, broadcast encryption schemes have been adapted for use with the encryption and decryption of content on physical media, such as DVDs and flash memory. Examples of conventional broadcast encryption schemes include Content Protection for Recordable Media (CPRM) media, Content Protection for Pre-Recorded Media (CPPM) media, and Advanced Access Content System (AACS) next-generation media.
Two main components of a broadcast encryption scheme are a key management block (KMB) and a device key (Kd) associated with the KMB. A KMB is a matrix or tree of values provided to licensed media manufacturers and broadcasters to control which devices are authorized, by virtue of a Kd included with each device, to decrypt and playback a particular selection of encrypted digital content. Protected recordable DVD discs, for example, each have a KMB stored on them in a protected area. Traditionally, the construct referred to in the singular form as a “device key” is actually a set of keys that may be assigned to a particular device. A device key assigned to a device may be applied to the associated KMB to decrypt content encrypted under the associated KMB. Conventionally, a device will either be authorized, in which case the device may apply its one device key to the one associated KMB to unlock all of the content carried on the medium it is accessing, or else the device will be unauthorized, in which case it cannot unlock any of the content.
Each device key belongs to a particular key space. A key space is a discrete set of keys generally intended for use in a specific content protection application or encryption scheme. The term “device” may be used generically to refer to a device or client application. Accordingly, each device key assigned to a device may be associated with the device itself, as in the case of a device key contained within the firmware of a game console, set top box, or medial player, or a device key may be associated with a client application independent of any device upon which the client application runs, allowing PCs, PDAs, cell phones and game consoles to implement the same encryption/decryption process in a substantively similar manner as described for physical devices. A device or application that has been assigned (or licensed) a device key is referred to as compliant or authorized, and it is assumed that the device will protect the device key and content as described by the entity that owns, governs and controls that particular key space.
Conventionally, a device assigned a device key from the same key space as the KMB used to encrypt content can apply the Kd against the KMB to attempt to derive a management key (Km). An authorized device (a device whose Kd is from the same key space and is also associated with the KMB) will derive the correct Km. An unauthorized device (a device whose Kd may be from the same key space but is not associated with the KMB) will, at best, compute an incorrect Km. Devices that are neither associated with the KMB nor belong to the same key space may not be able to compute a value for Km at all, much less the correct Km. A correctly extracted Km is used to decrypt the encrypted digital content either directly or indirectly. An example of indirect encryption (“indirection”) would be to use the Km to first decrypt a title key (Kt), and the decrypted Kt may then be used to decrypt the digital content. Multiple levels of indirections can be used before the final protected content can actually be decrypted.
The KMB may be associated with a virtually unlimited number of selected devices. For example, a single KMB may be associated with a million different device keys, each assigned to a different device, to allow the million different devices to decode the digital content encrypted under the single KMB. The KMB may be updated, as desired, to change the set of devices that are able to access encrypted content. For example, if any element of the encryption process is compromised, such as due to activity by hackers to obtain unauthorized access to secret device keys, an updated KMB may be generated for a particular title encrypted under the KMB to exclude the compromised device keys from decoding the encrypted content. Subsequent production runs of a DVD title may be manufactured with the updated KMB to exclude the now unauthorized devices from decoding the encrypted content.
Existing applications for encryption schemes have limitations, despite ongoing advances in encryption technology In particular, the ability to decrypt content is conventionally an “all or nothing” process using a single KMB. In other words, a device is either able to decode all of the content or none of the protected content residing on a DVD, a broadcast channel, or other distribution medium. An improved encryption system would therefore be desirable, to provide more selective access to encrypted content. It would be desirable if the improved encryption system included aspects of existing broadcast encryption schemes.