Apple patent is for secure distribution of content using decryption keys
TweetFollow Us on Twitter

Apple patent is for secure distribution of content using decryption keys

For digital rights management (DRM) of e.g. digitally delivered music or video, a technique to make the decryption keys more secure is needed, according to Apple. The technique fragments a message (song or video or other) into a number of portions, and uses a different decryption key for each portion. Each of the various keys is a function of the preceding key, in one version. In another version, each key is a function of a seed value and of the particular portion of the material with which the key is associated.

Here's Apple's background and summary of the invention: "Protection of digital content transferred between computers over a network is important for many enterprises. Enterprises attempt to secure this protection by implementing some form of digital rights management (DRM) process. The DRM process often involves encrypting the piece of content (e.g. encrypting the binary form of the content) in order to restrict usage to those who have been granted a right to the content. Content in this situation involves alphanumeric material, audio material such as music, and video material. It also involves, of course, combinations thereof.

"Cryptography is the traditional method of protecting data in transit across a computer network. In its typical application, cryptography protects communications (messages) between two mutually trusting parties from thievery or hackers by attack on the data in transit. However, for many digital file transfer applications (e.g. for the transfer of audio or video content), instead the party that receives the content (i.e., the receiving party) might try to break the DRM encryption that the party that supplied the content (i.e., the distributing party) applied to the content. Thus in this case the receiver is not a trusted party per se, but the point is to protect the distributor who owns the content from its misuse by the receiving party. In addition, with the proliferation of network penetration attacks, a third party may well obtain access to the receiving party's computer and thus to the protected content.

"In many DRM systems now in use, the weakest link in security is not the encrypted data (message) but rather cryptographic key management and handling. As well known, modern cryptographic systems use keys which are strings of digital values for both encryption and decryption purposes. For instance, one of the more successful DRM systems, which distributes music online, requires that the receiving party's computer to maintain the unencrypted key for each piece of encrypted music in a 'key bag' (repository) that is itself encrypted.

"This approach has disadvantages. By encrypting the key bag instead of the keys contained in the key bag, this exposes the keys to a potential attack. Similarly to play a piece of content the receiving party's computer must decrypt the entire key bag, retrieve the key for a particular piece of content, and decrypt the content with the retrieved key.

"This approach also disadvantageously allows different devices to use different formats for their key bags. The use of different key bag formats for different devices further exposes the keys to penetration when the content is transferred between devices.

"Most current DRM systems encrypt content with a 'content key' that is applied to a bulk encryption algorithm such AES, triple DES, or RC4. These are well known encryption systems. Typically these are symmetric key systems, that is the same key is used for encryption and decryption. With this method, the entire content is encrypted with a single content key. Normally of course it is relatively easy for users to share the encrypted files in an unauthorized fashion. However without the content key, such shared files are useless. In cases where the content key is discovered, for instance by hackers or other unauthorized users, the content key is often published and made available to the public. This substantially reduces security of the system and allows unauthorized downloading and successful decryption of the content without permission, which is extremely undesirable to the owner of the content. Usually the attackers or hackers share the discovering process, in addition to the keys themselves, and as a result even more keys are discovered and published in a public database. The less experienced users who may not be able to use the discovery process can then access the database, which is often provided in a website, to see if the content key for their particular piece of content, for instance a particular piece of music or video, is published and in turn break the copy protection on material that they have obtained without paying for. This type of attack, also known as a dictionary attack, has been found to be successful.

"It is well known that an attack can discover the content key associated with each piece of content. Specifically, the content key typically remains available during play in the memory of the playback device (which is a computer or for instance digital music or video player), or even longer when the end user pauses during play. Specific DRM implementations protect against this 'pause attack' already have been implemented.

"This dictionary attack problem is becoming more harmful to owners of the distributed digital content, especially since there are only a few currently available commercially successful systems for distribution of videos and audio. Since there are only a few such systems, hackers, by focusing on the content available via those systems and publishing the content keys, have made unauthorized use of the content even easier.

"In a typical DRM system, the pieces of encrypted digital content are maintained on a central server by the content owner or operator of the service. Users then download to their computer via the Internet particular pieces of content such as a song or a video program. The downloaded material is typically downloaded in encrypted form and the content key is transmitted also, often in a separate transmission. This is done for some form of payment. The user can then play the content by decrypting it on his computer or player. This process is transparent to the user if he has purchased an unauthorized piece of digital content since the key accompanies the downloaded file and software installed on the user's computer decrypts the file. It is also possible for the user to download the digital file to a media player. Typically this second download is also performed in the encrypted state and then the decryption occurs upon playback in the player. Again this is transparent for properly purchased content. It is generally been found best if the decryption only occurs upon playback, for security reasons. Of course if the content key has been compromised as described above, that is published, anyone can access the song and transfers of the encrypted files to unauthorized users is easily accomplished and they can then apply the decryption key even though not authorized to do so.

"Therefore, the present inventors have determined that this type of so-called dictionary attack whereby keys are listed and publicly distributed to unauthorized users is a significant problem.

"In accordance with this disclosure, an improved key management system is disclosed. Instead of encrypting an entire piece of content such as a song or musical selection or video program with a single content key, a number of keys are associated with each piece of content whereby each of the keys is valid for only a portion of the content. This has some similarities to the well known block cipher technique whereby a particular message, rather than being enciphered or encrypted using a single key, instead is fragmented into a number of portions and each portion is individually encrypted. However, in typical prior block ciphers the same key is used for each block of the message. While this is satisfactory for traditional encryption approaches where typically each message is only sent once, it is not suitable for the present situation where a particular piece of content may be distributed to tens or hundreds of thousands of users with the same key. The present system is intended for use with symmetric ciphers.

"Therefore in accordance with this disclosure each piece of encrypted content when distributed is accompanied by an initial key value, which is itself not necessarily a decryption key. For purposes of decrypting the content, a first key is generated from the initial key value using a known (predetermined) function. The content for purposes of encryption (and later decryption) is fragmented into a plurality of portions or blocks. These need not be of equal length. The first key generated from the initial key value is used to decrypt the first portion or block of the message. However that key is not useful for the remaining blocks. Instead an additional key is derived (again typically by some predetermined mathematical function or other type of algorithm) for each successive key, each key being associated with one block. Thereby instead of only one key being used for decrypting the entire piece of content (message), a typical piece of content (song or video, for instance) has multiple keys.

"This makes the above-described dictionary attack very unsatisfactory since the hackers, rather than only publishing a single key or key value for each piece of content, must publish a large number of them and moreover since the length of the blocks may vary from song to song or even within one song (piece of content) even availability of the entire list of keys does not provide proper decryption, since one must also for decryption purposes know the length of each block. In one embodiment, the initial key value is used to calculate the first key and then the first key is used to generate the second key using a predetermined function and the third key is generated using the second key and the predetermined function, etc. This is useful when the content is intended to be decrypted block by block in order. Thus each key is a function of the preceding key.

"In another embodiment, the user may need random access to various portions or blocks of the piece of content and does not want to decrypt them in order. In that case, the above method is too slow since all keys must be derived in sequence. In the alternative, the initial key value is used together with a portion of the encrypted content or some other changing parameter to obtain the value of each content key associated with each block or portion. In other words, the initial key is a master key and the content information provides the derivation parameter so that each key value is a function of the initial key value and some seed value (the initial key value) derived from the particular content of each block.

"As pointed out above, the lengths of the blocks or portions of each piece of content (message) need not be uniform message-to-message or even within one message (piece of content). Instead, a particular fragmentation algorithm can be used so that the block lengths differ, further making unauthorized decryption difficult. Of course, there must be a way of communicating the method and associated parameters by which the message is fragmented into blocks to the user so that his playback device can decrypt same. In one embodiment this is accomplished by adding information to the video block related to the decryption process.

"In accordance with this disclosure contemplated is the method of decrypting the content as described above, and also the complementary method of encrypting same. Contemplated also is a method of transmitting the encrypted content and receiving the encrypted content and decrypting it. Also contemplated is a computer product, including a storage media storing computer code for carrying out the method of encrypting and separately a computer product for carrying out the method of decrypting. Also contemplated is an apparatus for decrypting previously encrypted content, including a properly programmed player or computer. Also contemplated is an apparatus for encrypting the content which typically would reside in a central server, the apparatus including the server, and including the software for carrying out the encryption."

The inventors are Augustin J. Farrugia, Fianpaolo Fasoli, Jean-Francois Riendeau and Rod Schultz. The graphic below shows a content distribution system in which the present method and apparatus would operate.

image

 
AAPL
$493.53
Apple Inc.
+0.36
GOOG
$605.06
Google Inc.
-6.40
MSFT
$30.53
Microsoft Corpora
-0.24
MacNews Search:
Community Search:
See All

Five For Friday: Week of February 10
Another week of the year down and so we look back at five of the best apps and games of the past seven days. This time round, we have a healthy dose of education and knowledge, alongside a new way to create animations and some fun with droids. | Read more »
Protoxide: Death Race Review
Protoxide: Death Race Review By Dan Lee on February 10th, 2012 Our Rating: :: APOCALYPTICUniversal App - Designed for iPhone and iPad Battle and race futuristic craft in an alternate world   | Read more »
36 Million Temple Run Players Can’t Be W...
In a tweet this morning, Natalia Luckyanova, co-founder of Imangi Studios, the developers behind runaway hit Temple Run, let it be known that their game has hit 36 million downloads. Let’s pause for effect here. 36 million iOS devices (they’re working on getting to the Android platform furiously as we go to press) have this hot game downloaded to... | Read more »
AT&T Introduces U-verse for iPad wit...
U-verse has released an app for subscribers to their TV and high-speed internet service that brings both control of their receiver, along with access to on demand video. By downloading AT&T U-verse for iPad and logging in to the user’s AT&T U-verse account, the app’s functions become available. | Read more »
Jigsaw Mansion 2 Review
Jigsaw Mansion 2 Review By Rob Rich on February 10th, 2012 Our Rating: :: TOO EASYiPhone App - Designed for the iPhone, compatible with the iPad Jigsaw Mansion 2 is bound to make plenty of puzzle fans (as in puzzle-puzzles) happy, so long as they don’t mind having their hand held all the time.   | Read more »
FREEday 2/10/2012 – “None of us are FREE...
Shooting and strategy seem to be the two key themes in this weeks FREEday. I honestly didn’t plan it that way, it just sort of happened. Although I suppose it’s not that bad. They are two incredibly popular kinds of games for iOS devices these days. Then again, just about anything that lends itself to quick bursts of playtime do quite well for... | Read more »
Doodlecast Pro Review
Doodlecast Pro Review By Lisa Caplan on February 10th, 2012 Our Rating: :: SIMPLE BRILLIANCEiPad Only App - Designed for the iPad A simple recording tool with endless possibilities.   Developer: Zinc Roe Price: $3.99 Version: 1.1 App Reviewed on: iPad 2 | Read more »
Chillingo Introduces Two New Games: Digg...
Chillingo keeps digging through the App Store, with new games frequently bubbling up, and this week, their games are about both digging and bubbles! | Read more »
Caylus Review
Caylus Review By Rob Rich on February 10th, 2012 Our Rating: :: NO SIMPLE TASKUniversal App - Designed for iPhone and iPad Caylus has all the trappings of a deep iOS board game, assuming complexity isn’t a problem.   | Read more »
Decide Where To Eat With Hngry
On Twitter, it’s a dilemma that would be referred to as a ‘first world problem’ but it is sometimes difficult to decide which restaurant to go to for a meal. So many choices are out there and when it’s a decision that has to be made between many friends, things can get tricky. Enter Hngry, an app that may lack an ‘u’ but certainly doesn’t lack... | Read more »
See All
All contents are Copyright 1984-2010 by Xplain Corporation. All rights reserved. Theme designed by Icreon.