WO2008118650A1 - System and method for implementing content protection in a wireless digital system - Google Patents
System and method for implementing content protection in a wireless digital system Download PDFInfo
- Publication number
- WO2008118650A1 WO2008118650A1 PCT/US2008/056889 US2008056889W WO2008118650A1 WO 2008118650 A1 WO2008118650 A1 WO 2008118650A1 US 2008056889 W US2008056889 W US 2008056889W WO 2008118650 A1 WO2008118650 A1 WO 2008118650A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- wireless
- receiver
- protected content
- transmitter
- content
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 19
- 230000007246 mechanism Effects 0.000 claims abstract description 56
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000011144 upstream manufacturing Methods 0.000 description 7
- 238000013318 key system verification Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000003245 working effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04K—SECRET COMMUNICATION; JAMMING OF COMMUNICATION
- H04K1/00—Secret communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/4363—Adapting the video stream to a specific local network, e.g. a Bluetooth® network
- H04N21/43637—Adapting the video stream to a specific local network, e.g. a Bluetooth® network involving a wireless protocol, e.g. Bluetooth, RF or wireless LAN [IEEE 802.11]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
- H04N21/4408—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0464—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
Definitions
- DVI Digital Video Interface
- HDMI High-Definition Multimedia Interface
- HDCP High-bandwidth Digital Content Protection
- HDCP is required, by standard, to be delivered over a physical link, such as an HDMI cable. Furthermore, connections between two such links require the use of a repeater that provides endpomt data encryption termination to both links, and fulfills any encryption and/or key requirements for each individual link.
- HDCP repeaters are generally described in the document "High-bandwidth Digital Content Protection System,” Revision 1.1, June 9, 2003, (hereinafter "HDCP System Standard") which is hereby incorporated by reference into the present application in its entirety.
- HDCP compliant devices are required, by standard, to have a unique key set (“DKS”), including 40 56-bit secret device keys, referred to as Device P ⁇ vate Keys, and a 40-bit identifier, referred to as the Key Selection Vector ("KSV").
- DKS unique key set
- KSV Key Selection Vector
- a transmitter (“Device A”) sends to a receiver (“Device B") a message containing the transmitter's KSV ("Aksv”) and a 64-bit pseudorandom value An.
- Device B responds with the receiver's KSV ("Bksv”) and indicates whether Device B is a repeater.
- Device A verifies that Bksv has not been revoked and that it contains 20 ones and 20 zeros.
- Ker session key
- Mo 64-bit secret value
- Ro 16-bit response value
- Device B If Device B is a repeater, the device gathers a list of downstream KSVs to report upstream. The KSVs are checked upstream to determine whether they have been revoked. The final step in authentication occurs du ⁇ ng the vertical blanking period and involves both of the devices calculating new cipher initialization values Ki, Mi, and Ri, wherein the index i represents the frame number staring with 1 for the first video frame that is encrypted.
- a system and method for providing secure content between a source and destination over a wireless link.
- the system includes a lme-based receiver for receiving protected content from a source and a lme-based transmitter for providing the protected content to a destination.
- the protected content is secure, such as by using a High-bandwidth Digital Content Protection (HDCP) mechanism.
- HDCP High-bandwidth Digital Content Protection
- the wireless transmitter establishes an encrypted wireless link with the wireless receiver according to a second encryption mechanism.
- An example of the encrypted wireless link is an Advanced Encryption Standard ("AES") data link.
- the wireless transmitter is further configured for receiving the protected content from the line-based receiver, encrypting the protected content according to the second encryption mechanism, and wirelessly transmitting the encrypted protected content.
- the wireless receiver is further configured for receiving the wirelessly transmitted protected content from the wireless transmitter and decrypting the protected content according to the second encryption mechanism.
- Fig. 1 illustrates a system for providing protectable content from a source to a destination.
- Fig. 2 is a more detailed block diagram of the system of Fig. 1 m accordance with one embodiment.
- Fig. 3 is a more detailed block diagram of the system of Fig. 1 in accordance with an alternative embodiment.
- Fig. 4 is a more detailed block diagram of the system of Fig. 1 in accordance with another alternative embodiment.
- Fig. 5 is a flow chart illustrating operation of the embodiment illustrated in Fig. 2.
- a system 10 is an example of a communications network that can benefit from one or more embodiments of the present invention.
- the system 10 includes a source 12 of data and a destination 14 of the data.
- the system 10 provides a secure content delivery mechanism for protectable subject matter from the source 12 to the destination 14.
- the data is provided over a link 16, which is further descnbed below.
- a source and destination is a compact disk (CD) player 12 providing a digital signal to an amplifier 14, with the protectable subject matter being copyright-protectable music.
- a source and destination is a satellite receiver 12 providing a digital signal to a television 14, with the protectable subject matter being copyright-protectable audio and video.
- a source and destination is a personal digital assistant 12 providing digital data to a monitor 14, with the protectable subject matter being a table of confidential data.
- Still another example of a source and destination is a computer 12 providing data to a docking station 14, with the protectable subject matter being a word-processing document.
- a source and destination is a cellular telephone 12 providing data to a network node 14, with the protectable subject matter being a confidential voice communication.
- the link 16 is illustrated as being bi-directional, but can have different characteristics, depending on the application.
- the link 16 will be descnbed as using, at least in part, an industry standard HDCP mechanism to perform content delivery and protection via upstream (towards the source) authentication.
- a second example would be a Digital Transmission Content Protection (DTCP) mechanism.
- DTCP Digital Transmission Content Protection
- the link 16 may include one or more HDMI or DVI physical cables and repeaters as is well known in the industry, and additional functionality, as discussed below.
- the link 16 includes a plurality of components, including an HDCP receiver 104, an encrypting wireless transmitter 106, a decrypting wireless receiver 108, and an HDCP transmitter 110.
- the HDCP receiver 104 and wireless transmitter 106 are connectable via an HDCP link, such as that described above.
- the wireless receiver 108 and HDCP transmitter 110 are connectable via an HDCP link.
- the wireless transmitter 106 and wireless receiver 108 are connectable via a secure wireless link 112.
- the wireless link 112 is a Certified Wireless USB Authenticated link.
- the wireless link 112 can be a WiMedia WXP Authenticated link, or other appropriate or future-developed link.
- the wireless link 112 in the present example, provides a full 128-bit Advanced Encryption Standard (AES) transfer mechanism for the data being transferred.
- the link 16 further includes an HDCP message handling mechanism 118.
- the HDCP message handling mechanism 118 is used to facilitate the necessary authentication with respect to the source 12 and the destination 14 in a manner such as that desc ⁇ bed above.
- the link 16 functions as an HDCP repeater. It implements and adheres to all of the rules of an HDCP repeater, as specified in the aforementioned HDCP System Standard. This includes following compliance rules, such as the requirement that decrypted HDCP content, in a usable form flowing between two endpomts, be reasonably secure.
- the link 16 generates a session key (Ks) during the HDCP authentication process.
- Fig. 2 provides a variety of protection components.
- upstream authentication is performed using an industry standard HDCP mechanism.
- the secure wireless link 112 is an AES link which may be implemented as follows. First, a Diffie- Hellman exchange may be used to establish a 2048-bit Diffie Hellman key. Next, a hash function may be used to produce a session key; for example, an AES Davies-Meyer hash function may be used to produce a 128-bit session key. HDCP procedures are used to authenticate the source side system. The session key produced by the hash function can thereby be used by the wireless link 112 to establish a secure communication channel. The wireless transmitter 106 will use the session key to encrypt data that is sent to the receiver 104. The receiver 104 will use the session key to decrypt the data.
- the decrypting wireless receiver 108 is integrated with the destination 14 (e.g., a computer monitor, digital television, or amplifier), thereby eliminating the need for an HDCP transmitter, such as the HDCP transmitter 110 of Fig. 2
- the destination 14 e.g., a computer monitor, digital television, or amplifier
- an HDCP transmitter such as the HDCP transmitter 110 of Fig. 2
- upstream authentication is performed using an industry standard HDCP mechanism.
- the destination device 14 must have full HDCP authentication capabilities, including keys, such that an industry standard HDCP mechanism may be used to authenticate the destination device.
- the link 16 is implemented as described above with reference to the embodiment illustrated in Fig. 1.
- the encrypting wireless transmitter 106 is integrated with the source 12 (e.g., a PDA, a satellite receiver, or a CD player), thereby eliminating the need for an HDCP receiver, such as the HDCP receiver 104 of Fig. 2.
- the source device 12 must have full HDCP authentication capabilities, including keys, such that an industry standard HDCP mechanism may be used to authenticate the device.
- Downstream authentication is performed using an industry standard HDCP mechanism.
- the link 16 is implemented as described above with reference to the embodiment illustrated in Fig. 1. Additionally, a seeded hardware functionality scan (HFS) may be performed to exercise the inner workings of the destination 14 using a portion of the Diffie Hellman key as a seed.
- HFS hardware functionality scan
- Fig. 5 is a flowchart illustrating operation of the embodiment shown in Fig 2.
- step 500 industry standard HDCP mechanisms are used to perform upstream and downstream authentication of the system 10 via the HDCP message handling mechanism 118. Additionally, the secure wireless link 112 is established, as descnbed in detail above.
- step 502 protected content encrypted in accordance with a first encryption mechanism, which in the embodiment illustrated m Fig. 2 is a standard HDCP encryption mechanism is transmitted to the receiver 104.
- the encrypted protected content is transmitted to the decrypting wireless transmitter 106, where it is further encrypted in accordance with a second encryption mechanism, such as AES.
- step 506 the encrypted protected content is transmitted via the wireless link 112 to the decrypting wireless receiver 108.
- step 508 at the decrypting wireless receiver 108, decryption is performed in accordance with the second encryption mechanism.
- the transmitter 110 receives the protected content, which is still encrypted in accordance with the first encryption mechanism, and delivers it to the destination 14.
- Each of the above-mentioned components can be implemented as computer software, electrical logic, or combinations thereof. Also, although components are shown separately in the figures, in some embodiments one or more of the components on either side of the wireless link 112 may be combined into a single integrated circuit device, or a group of devices. The present disclosure has been described relative to a preferred embodiment.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A system includes a line-based receiver for receiving protected content from a source and a line-based transmitter for providing the protected content to a destination. The protected content is secure, such as by using a High-bandwidth Digital Content Protection (HDCP) mechanism. Between the line-based transmitter and receiver is a wireless transmitter and a wireless receiver. The wireless transmitter establishes an encrypted wireless link with the wireless receiver according to a second encryption mechanism. The wireless transmitter is further configured for receiving the protected content from the line-based receiver, encrypting the protected content according to the second encryption mechanism, and wirelessly transmitting the encrypted protected content. The wireless receiver is further configured for receiving the wirelessly transmitted protected content from the wireless transmitter and decrypting the protected content according to the second encryption mechanism
Description
SYSTEM AND METHOD FOR IMPLEMENTING CONTENT PROTECTION IN A WIRELESS DIGITAL SYSTEM
BACKGROUND It is frequently desirable to provide a secure content delivery mechanism for transferring protectable subject matter from one node to another. One example of such a mechanism is the provision of digital video and/or audio over a Digital Video Interface (DVI) or High-Definition Multimedia Interface (HDMI). DVI and HDMI often use a mechanism called High-bandwidth Digital Content Protection (HDCP) to prevent the interception of the audio/video between the content source and destination. By using HDCP, data, such as copyright protectable movies and music, can be securely transmitted with a reduced likelihood of theft.
HDCP is required, by standard, to be delivered over a physical link, such as an HDMI cable. Furthermore, connections between two such links require the use of a repeater that provides endpomt data encryption termination to both links, and fulfills any encryption and/or key requirements for each individual link. HDCP repeaters are generally described in the document "High-bandwidth Digital Content Protection System," Revision 1.1, June 9, 2003, (hereinafter "HDCP System Standard") which is hereby incorporated by reference into the present application in its entirety.
HDCP compliant devices are required, by standard, to have a unique key set ("DKS"), including 40 56-bit secret device keys, referred to as Device Pπvate Keys, and a 40-bit identifier, referred to as the Key Selection Vector ("KSV"). During authentication, a transmitter ("Device A") sends to a receiver ("Device B") a message containing the transmitter's KSV ("Aksv") and a 64-bit pseudorandom value An. Device B responds with the receiver's KSV ("Bksv") and indicates whether Device B is a repeater. Device A verifies that Bksv has not been revoked and that it contains 20 ones and 20 zeros. Both devices then generate a session key ("Ks"), which is a 56-bit secret key for the HDCP cipher, a 64-bit secret value ("Mo") that is used for the next phase of authentication, and a 16-bit response value ("Ro") to indicate success of the authentication exchange
If Device B is a repeater, the device gathers a list of downstream KSVs to report upstream. The KSVs are checked upstream to determine whether they have been revoked. The final step in authentication occurs duπng the vertical blanking period and involves both of the devices calculating new cipher initialization values Ki, Mi, and Ri, wherein the index i represents the frame number staring with 1 for the first video frame that is encrypted.
A general trend towards wireless links exists. However, as stated above, some transmission mechanisms, such as HDCP, cannot be provided over a wireless link. Therefore, a need exists to provide a wireless link between two nodes in which transmission mechanisms like HDCP would otherwise be provided.
SUMMARY
A system and method is provided for providing secure content between a source and destination over a wireless link. In one embodiment, the system includes a lme-based receiver for receiving protected content from a source and a lme-based transmitter for providing the protected content to a destination. The protected content is secure, such as by using a High-bandwidth Digital Content Protection (HDCP) mechanism.
Between the line-based transmitter and receiver is a wireless transmitter and a wireless receiver. The wireless transmitter establishes an encrypted wireless link with the wireless receiver according to a second encryption mechanism. An example of the encrypted wireless link is an Advanced Encryption Standard ("AES") data link. The wireless transmitter is further configured for receiving the protected content from the line-based receiver, encrypting the protected content according to the second encryption mechanism, and wirelessly transmitting the encrypted protected content. The wireless receiver is further configured for receiving the wirelessly transmitted protected content from the wireless transmitter and decrypting the protected content according to the second encryption mechanism.
BRIEF DESCRIPTION OF THE DRAWINGS
The present disclosure is best understood from the following detailed description when read with the accompanying figures. It is emphasized that, in accordance with the standard practice in the industry, various features are not drawn to scale. In fact, the dimensions of the various features may be arbitrarily increased or reduced for clarity of discussion. Furthermore, all features may not be shown in all drawings for simplicity.
Fig. 1 illustrates a system for providing protectable content from a source to a destination. Fig. 2 is a more detailed block diagram of the system of Fig. 1 m accordance with one embodiment.
Fig. 3 is a more detailed block diagram of the system of Fig. 1 in accordance with an alternative embodiment.
Fig. 4 is a more detailed block diagram of the system of Fig. 1 in accordance with another alternative embodiment. Fig. 5 is a flow chart illustrating operation of the embodiment illustrated in Fig. 2.
DETAILED DESCRIPTION
The present invention relates generally to transmission and encryption systems. It is understood, however, that the following disclosure provides many different embodiments, or examples, for implementing different features of the invention. Specific examples of components and arrangements are descπbed below to simplify the present disclosure. These are, of course, merely examples and are not intended to be limiting.
Referring to Fig. 1, a system 10 is an example of a communications network that can benefit from one or more embodiments of the present invention. The system 10 includes a source 12 of data and a destination 14 of the data. The system 10 provides a secure content delivery mechanism for protectable subject matter from the source 12 to the destination 14. The data is provided over a link 16, which is further descnbed below.
One example of a source and destination is a compact disk (CD) player 12 providing a digital signal to an amplifier 14, with the protectable subject matter being copyright-protectable music. Another example of a source and destination is a satellite receiver 12 providing a digital signal to a television 14, with the protectable subject matter being copyright-protectable audio and video. Yet another example of a source and destination is a personal digital assistant 12 providing digital data to a monitor 14, with the protectable subject matter being a table of confidential data. Still another example of a source and destination is a computer 12 providing data to a docking station 14, with the protectable subject matter being a word-processing document. Yet another example of a source and destination is a cellular telephone 12 providing data to a network node 14, with the protectable subject matter being a confidential voice communication. The link 16 is illustrated as being bi-directional, but can have different characteristics, depending on the application.
For the sake of further example, the link 16 will be descnbed as using, at least in part, an industry standard HDCP mechanism to perform content delivery and protection via upstream (towards the source) authentication. A second example would be a Digital Transmission Content Protection (DTCP) mechanism. Continuing with the HDCP mechanism example, the link 16 may include one or more HDMI or DVI physical cables and repeaters as is well known in the industry, and additional functionality, as discussed below.
Referring now to Fig. 2, in continuation of the above-mentioned HDCP example, m one embodiment, the link 16 includes a plurality of components, including an HDCP receiver 104, an encrypting wireless transmitter 106, a decrypting wireless receiver 108, and an HDCP transmitter 110. The HDCP receiver 104 and wireless transmitter 106 are connectable via an HDCP link, such as that described above. Similarly, the wireless receiver 108 and HDCP transmitter 110 are connectable via an HDCP link. In accordance with one embodiment, the wireless transmitter 106 and wireless receiver 108 are connectable via a secure wireless link 112. In the present example, the wireless link 112 is a Certified Wireless USB Authenticated link. In an alternate embodiment, the wireless link 112 can be a WiMedia WXP Authenticated link, or other appropriate or future-developed link. The wireless link 112, in the present example, provides a full 128-bit Advanced Encryption Standard (AES) transfer mechanism for the data being transferred. The link 16 further includes an HDCP message handling mechanism 118. The HDCP message handling mechanism 118 is used to
facilitate the necessary authentication with respect to the source 12 and the destination 14 in a manner such as that descπbed above.
To the source 12 and destination 14, the link 16 functions as an HDCP repeater. It implements and adheres to all of the rules of an HDCP repeater, as specified in the aforementioned HDCP System Standard. This includes following compliance rules, such as the requirement that decrypted HDCP content, in a usable form flowing between two endpomts, be reasonably secure. As an HDCP repeater, the link 16 generates a session key (Ks) during the HDCP authentication process.
The embodiment illustrated in Fig. 2 provides a variety of protection components. For example, upstream authentication is performed using an industry standard HDCP mechanism.
Similarly, authentication of all downstream devices is performed using an industry standard HDCP mechanism and in compliance with all rules applicable to an HDCP repeater. In one embodiment, the secure wireless link 112 is an AES link which may be implemented as follows. First, a Diffie- Hellman exchange may be used to establish a 2048-bit Diffie Hellman key. Next, a hash function may be used to produce a session key; for example, an AES Davies-Meyer hash function may be used to produce a 128-bit session key. HDCP procedures are used to authenticate the source side system. The session key produced by the hash function can thereby be used by the wireless link 112 to establish a secure communication channel. The wireless transmitter 106 will use the session key to encrypt data that is sent to the receiver 104. The receiver 104 will use the session key to decrypt the data.
In another embodiment, as shown in Fig. 3, the decrypting wireless receiver 108 is integrated with the destination 14 (e.g., a computer monitor, digital television, or amplifier), thereby eliminating the need for an HDCP transmitter, such as the HDCP transmitter 110 of Fig. 2 In the embodiment shown m Fig. 3, a variety of protection mechanisms are implemented. In particular, upstream authentication is performed using an industry standard HDCP mechanism.
With regard to downstream authentication, it will be noted that in this embodiment, the destination device 14 must have full HDCP authentication capabilities, including keys, such that an industry standard HDCP mechanism may be used to authenticate the destination device. The link 16 is implemented as described above with reference to the embodiment illustrated in Fig. 1. In yet another embodiment, as shown in Fig. 4, the encrypting wireless transmitter 106 is integrated with the source 12 (e.g., a PDA, a satellite receiver, or a CD player), thereby eliminating the need for an HDCP receiver, such as the HDCP receiver 104 of Fig. 2. In the embodiment shown in Fig 4, a variety of protection mechanisms are implemented With regard to upstream authentication, it will be noted that in this embodiment, the source device 12 must have full HDCP authentication capabilities, including keys, such that an industry standard HDCP mechanism may be used to authenticate the device. Downstream authentication is performed using an industry standard HDCP mechanism. The link 16 is implemented as described above with reference to the
embodiment illustrated in Fig. 1. Additionally, a seeded hardware functionality scan (HFS) may be performed to exercise the inner workings of the destination 14 using a portion of the Diffie Hellman key as a seed.
Fig. 5 is a flowchart illustrating operation of the embodiment shown in Fig 2. In step 500, industry standard HDCP mechanisms are used to perform upstream and downstream authentication of the system 10 via the HDCP message handling mechanism 118. Additionally, the secure wireless link 112 is established, as descnbed in detail above. In step 502, protected content encrypted in accordance with a first encryption mechanism, which in the embodiment illustrated m Fig. 2 is a standard HDCP encryption mechanism is transmitted to the receiver 104. In step 504, the encrypted protected content is transmitted to the decrypting wireless transmitter 106, where it is further encrypted in accordance with a second encryption mechanism, such as AES. In step 506, the encrypted protected content is transmitted via the wireless link 112 to the decrypting wireless receiver 108. In step 508, at the decrypting wireless receiver 108, decryption is performed in accordance with the second encryption mechanism. In step 510, the transmitter 110 receives the protected content, which is still encrypted in accordance with the first encryption mechanism, and delivers it to the destination 14.
It will be recognized that similar steps are performed by the embodiments illustrated in Figs. 3 and 4. In particular, operation of the embodiment shown in Fig. 3 proceeds as illustrated in Fig. 5, except that because in the embodiment of Fig. 3 the transmitter 110 is omitted, in steps 508- 510, the protected content encrypted in accordance with the first encryption mechanism is delivered to the destination 14 directly from the decrypting wireless receiver 108. Similarly, operation of the embodiment shown in Fig. 4 proceeds as illustrated in Fig. 5, except that because in the embodiment the receiver 104 is omitted, in steps 502-504, the protected content encrypted in accordance with the first encryption mechanism is transmitted directly from the source 12 to the encrypting wireless transmitter 106.
Each of the above-mentioned components can be implemented as computer software, electrical logic, or combinations thereof. Also, although components are shown separately in the figures, in some embodiments one or more of the components on either side of the wireless link 112 may be combined into a single integrated circuit device, or a group of devices. The present disclosure has been described relative to a preferred embodiment.
Improvements or modifications that become apparent to persons of ordinary skill in the art only after reading this disclosure are deemed within the spirit and scope of the application. It is understood that several modifications, changes and substitutions are intended in the foregoing disclosure and in some instances some features of the invention will be employed without a corresponding use of other features. Accordingly, it is appropriate that the appended claims be construed broadly and in a manner consistent with the scope of the invention.
Claims
1. A system comprising a receiver for receiving protected content from a source, the received protected content being encrypted according to a first encryption mechanism; a wireless transmitter for establishing a secure encrypted wireless link with a wireless receiver according to a second encryption mechanism, wherein the wireless transmitter is further configured for receiving the protected content from the receiver, encrypting the protected content according to the second encryption mechanism, and wirelessly transmitting the encrypted protected content, the wireless receiver for establishing the secure encrypted wireless link with the wireless transmitter, the wireless receiver being further configured for receiving the wirelessly transmitted protected content from the wireless transmitter and decrypting the protected content according to the second encryption mechanism; and a transmitter for receiving the protected content from the wireless receiver and transmitting the protected content to a destination, the transmitted protected content being encrypted according to the first encryption method.
2. The system of claim 1, wherein at least one of either the receiver or the wireless transmitter is further configured to decrypt the protected content according to the first encryption mechanism, and wherein at least one of either the wireless receiver or the transmitter is further configured to encrypt the protected content according to the first encryption mechanism.
3. The system of claim 1 further comprising: a High-bandwidth Digital Content Protection (HDCP) message handling device for establishing a content-protected connection between the source and destination.
4. The system of claim 1 wherein at least one of the receiver and transmitter use line- based video transmission.
5. The system of claim 1 wherein the receiver is a High-bandwidth Digital Content
Protection ("HDCP") compliant receiver.
6 The system of claim 1 wherein the transmitter is a High-bandwidth Digital Content
Protection ("HDCP") compliant transmitter.
7. The system of claim 1 wherein the first encryption method is an HDCP encryption method.
8 The system of claim 1 wherein the second encryption method is Advanced
Encryption Standard ("AES").
9. A method for providing a secure content delivery mechanism for protectable subject matter (PSM), the method comprising: receiving the PSM encrypted according to a first encryption mechanism (PSMl) dictated by a source over a first wired link; converting the PSMl to a PSM encrypted to a second encryption mechanism (PSM2), wherein the second encryption mechanism is different from the first encryption mechanism; transmitting the PSM2 via a secure wireless link; receiving the wirelessly transmitted PSM2; converting the received PSM2 back to the PSMl; and transmitting the converted PSMl message to a destination over a second wired link.
10. The method of claim 9 wherein converting the PSMl to PSM2 includes decrypting the PSMl message to the PSM, and then encrypting the PSM according to the second encryption mechanism.
11. The method of claim 9 wherein the step of wireless transmitting the PSM2 includes: establishing a wireless link; and authenticating the wireless link.
12. The method of claim 11 wherein the step of authenticating the wireless link utilizes a session key.
13. The method of claim 9 wherein the converting the PSMl to the PSM2 and the converting the received PSM2 back to the PSMl utilizes a content key.
14. The method of claim 9 wherein the first encryption mechanism is HDCP and the second encryption mechanism is AES.
15. The method of claim 9 further comprising: performing message handling between the source and destination to establish a secure content delivery mechanism there between.
16. The method of claim 9 wherein the first wired link includes an HDCP receiver.
17. The method of claim 9 wherein the second wired link includes an HDCP transmitter.
18 A high-bandwidth digital content repeater comprising" two physical components separated by a secure, wireless encrypted link, each component including a high-bandwidth digital content endpoint connectable to a high-bandwidth digital content compliant device and a wireless endpomt connected to the secure, wireless encrypted link.
19. A receiver for receiving protected content from a wireless digital source, the protected content being formatted according to high-bandwidth digital content standard, and being encrypted according to a wireless encryption mechanism, the receiver comprising a wireless terminal for receiving a wireless signal comprising the protected content, logic for decrypting the wireless signal according to the wireless encryption mechanism, and logic for retrieving the protected content according to the high-bandwidth digital content standard, wherein the receiver is built-m to a high-bandwidth digital content destination device.
20. A transmitter for transmitting protected content to a wireless digital destination, the protected content being formatted according to high-bandwidth digital content standard, and being encrypted according to a wireless encryption mechanism, the transmitter comprising a wireless terminal for transmitting a wireless signal comprising the protected content, logic for encrypting the wireless signal according to the wireless encryption mechanism, and logic for transmitting the protected content according to the high-bandwidth digital content standard, wherein the transmitter is built-m to a high-bandwidth digital content source device.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2010501057A JP5399371B2 (en) | 2007-03-22 | 2008-03-13 | Method and system for implementing content protection in a wireless digital system |
| CN200880009392A CN101715634A (en) | 2007-03-22 | 2008-03-13 | System and method for implementing content protection in a wireless digital system |
| EP08743855.2A EP2132894A4 (en) | 2007-03-22 | 2008-03-13 | System and method for implementing content protection in a wireless digital system |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US89640507P | 2007-03-22 | 2007-03-22 | |
| US60/896,405 | 2007-03-22 | ||
| US12/046,548 US8744081B2 (en) | 2007-03-22 | 2008-03-12 | System and method for implementing content protection in a wireless digital system |
| US12/046,548 | 2008-03-12 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2008118650A1 true WO2008118650A1 (en) | 2008-10-02 |
Family
ID=39774707
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/US2008/056889 WO2008118650A1 (en) | 2007-03-22 | 2008-03-13 | System and method for implementing content protection in a wireless digital system |
Country Status (6)
| Country | Link |
|---|---|
| US (1) | US8744081B2 (en) |
| EP (1) | EP2132894A4 (en) |
| JP (1) | JP5399371B2 (en) |
| KR (1) | KR20100003730A (en) |
| CN (1) | CN101715634A (en) |
| WO (1) | WO2008118650A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011137580A1 (en) * | 2010-05-04 | 2011-11-10 | Qualcomm Incorporated | Shared circuit switched security context |
| WO2012070811A2 (en) | 2010-11-22 | 2012-05-31 | Samsung Electronics Co., Ltd. | Method and system for minimizing latencies for content protection in audio/video networks |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8253860B2 (en) * | 2008-04-07 | 2012-08-28 | Mediatek Inc. | System, method and devices for HDMI transmission using a commonly supported media format |
| US20100121966A1 (en) * | 2008-11-07 | 2010-05-13 | Kabushiki Kaisha Toshiba | Repeater and repeating method thereof |
| US8649519B2 (en) * | 2009-09-04 | 2014-02-11 | Rgb Systems, Inc. | Method and apparatus for secure distribution of digital content |
| EP2437194A1 (en) * | 2010-10-01 | 2012-04-04 | Nagravision S.A. | System and method to prevent manipulation of video data transmitted on an HDMI link. |
| CN101931784B (en) * | 2010-07-30 | 2015-07-29 | 康佳集团股份有限公司 | By the method for HDCP double secret key encrypting and decrypting recorded program |
| TWI448148B (en) * | 2010-08-27 | 2014-08-01 | Tatung Co | Method and display device for automatically examining ksv key and artificially reconditioning hdcp keys |
| KR101293370B1 (en) * | 2011-02-10 | 2013-08-05 | 주식회사 엘지씨엔에스 | System and method for servicing customized mobile content |
| US8984324B2 (en) * | 2011-02-10 | 2015-03-17 | Sony Corporation | Establishing clock speed for lengthy or non-compliant HDMI cables |
| KR101697247B1 (en) | 2011-05-24 | 2017-01-17 | 삼성전자주식회사 | Source Device for Providing Contents to Sink Device and Method for Communication thereof |
| US20120308008A1 (en) * | 2011-05-31 | 2012-12-06 | Broadcom Corporation | Wireless Transmission of Protected Content |
| JP5148765B1 (en) | 2011-09-06 | 2013-02-20 | 株式会社東芝 | Information processing apparatus and information processing method |
| CN103825871B (en) * | 2013-07-31 | 2015-05-27 | 深圳光启创新技术有限公司 | Authentication system and emission terminal, reception terminal and authority authentication method thereof |
| US9692780B2 (en) | 2014-03-31 | 2017-06-27 | At&T Intellectual Property I, L.P. | Security network buffer device |
| US9509669B2 (en) * | 2014-04-14 | 2016-11-29 | Lattice Semiconductor Corporation | Efficient routing of streams encrypted using point-to-point authentication protocol |
| US10616184B2 (en) | 2016-06-30 | 2020-04-07 | Intel Corporation | Wireless display streaming of protected content |
| JP6408180B1 (en) * | 2018-03-20 | 2018-10-17 | ヤフー株式会社 | Terminal control program, terminal device, and terminal control method |
| US20220246110A1 (en) * | 2021-02-01 | 2022-08-04 | Qualcomm Incorporated | Dpu enhancement for improved hdcp user experience |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060126845A1 (en) * | 2004-10-27 | 2006-06-15 | Meshnetworks, Inc. | System and method for providing security for a wireless network |
| US20060209884A1 (en) * | 2005-03-15 | 2006-09-21 | Macmullan Samuel J | System, method and apparatus for automatic detection and automatic connection between a generalized content source and a generalized content sink |
| US20060217063A1 (en) * | 2005-03-24 | 2006-09-28 | Honeywell International Inc | A system for secure communications |
Family Cites Families (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5592555A (en) * | 1994-04-12 | 1997-01-07 | Advanced Micro Devices, Inc. | Wireless communications privacy method and system |
| JP3729529B2 (en) | 1994-10-28 | 2005-12-21 | ソニー株式会社 | Digital signal transmission / reception system |
| US6148405A (en) * | 1997-11-10 | 2000-11-14 | Phone.Com, Inc. | Method and system for secure lightweight transactions in wireless data networks |
| ATE264033T1 (en) * | 1998-07-03 | 2004-04-15 | Nokia Corp | ESTABLISHING A SECURED SESSION CONNECTION BASED ON THE WIRELESS APPLICATION PROTOCOL |
| US6249867B1 (en) * | 1998-07-31 | 2001-06-19 | Lucent Technologies Inc. | Method for transferring sensitive information using initially unsecured communication |
| US7039392B2 (en) * | 2000-10-10 | 2006-05-02 | Freescale Semiconductor | System and method for providing device authentication in a wireless network |
| US6985591B2 (en) * | 2001-06-29 | 2006-01-10 | Intel Corporation | Method and apparatus for distributing keys for decrypting and re-encrypting publicly distributed media |
| US7386324B2 (en) * | 2002-04-17 | 2008-06-10 | Lenovo (Singapore) Pte. Ltd. | System and method for dual path terminal connection |
| US7373508B1 (en) * | 2002-06-04 | 2008-05-13 | Cisco Technology, Inc. | Wireless security system and method |
| US7336784B2 (en) * | 2002-12-20 | 2008-02-26 | Brite Smart Corporation | Multimedia decoder method and system with authentication and enhanced digital rights management (DRM) where each received signal is unique and where the missing signal is cached inside the storage memory of each receiver |
| US20040223614A1 (en) * | 2003-05-08 | 2004-11-11 | Seaman Philip Jeffrey | Secure video receiver |
| JP4352797B2 (en) | 2003-07-07 | 2009-10-28 | ソニー株式会社 | Receiving apparatus and receiving method |
| US20050135611A1 (en) * | 2003-09-19 | 2005-06-23 | Robert Hardacker | Method and system for wireless digital communication |
| US7302060B2 (en) * | 2003-11-10 | 2007-11-27 | Qualcomm Incorporated | Method and application for authentication of a wireless communication using an expiration marker |
| US7562379B2 (en) | 2003-12-22 | 2009-07-14 | Sony Corporation | Method and system for wireless digital multimedia presentation |
| JP2006128963A (en) | 2004-10-28 | 2006-05-18 | Hitachi Ltd | Digital signal processing device |
| US7719482B2 (en) | 2004-11-03 | 2010-05-18 | Sony Corporation | Method and system for processing wireless digital multimedia |
| US7555128B2 (en) * | 2004-11-03 | 2009-06-30 | Ndosa Technologies, Inc. | Systems and methods for the application of cryptosystems to the data link layer of packetized wireless networks |
| US7228154B2 (en) | 2004-11-03 | 2007-06-05 | Sony Corporation | Method and system for processing wireless digital multimedia |
| JP2006135728A (en) | 2004-11-08 | 2006-05-25 | Sumitomo Electric Ind Ltd | Communication method, communication system, and communication apparatus |
| JP2006154466A (en) | 2004-11-30 | 2006-06-15 | Sumitomo Electric Ind Ltd | Communication method, communication system and transmission device |
| US20060209892A1 (en) | 2005-03-15 | 2006-09-21 | Radiospire Networks, Inc. | System, method and apparatus for wirelessly providing a display data channel between a generalized content source and a generalized content sink |
| US20060209890A1 (en) | 2005-03-15 | 2006-09-21 | Radiospire Networks, Inc. | System, method and apparatus for placing training information within a digital media frame for wireless transmission |
| JP2007027807A (en) | 2005-07-12 | 2007-02-01 | Nippon Hoso Kyokai <Nhk> | Radio transmitter and radio receiver |
| US7904117B2 (en) | 2005-08-12 | 2011-03-08 | Sibeam | Wireless communication device using adaptive beamforming |
| US7545939B2 (en) | 2005-08-29 | 2009-06-09 | Sony Corporation | Control 3 signal synthesis |
| US20090260043A1 (en) | 2005-09-30 | 2009-10-15 | Akihiro Tatsuta | Wireless transmission system for wirelessly connecting signal source apparatus and signal sink apparatus |
| US7765599B2 (en) * | 2006-06-13 | 2010-07-27 | Intel Corporation | Multimedia transmitter, multimedia receiver, multimedia transmission system, and method for securely transmitting multimedia content over a wireless link |
-
2008
- 2008-03-12 US US12/046,548 patent/US8744081B2/en not_active Expired - Fee Related
- 2008-03-13 EP EP08743855.2A patent/EP2132894A4/en not_active Withdrawn
- 2008-03-13 KR KR1020097022118A patent/KR20100003730A/en active Search and Examination
- 2008-03-13 WO PCT/US2008/056889 patent/WO2008118650A1/en active Application Filing
- 2008-03-13 CN CN200880009392A patent/CN101715634A/en active Pending
- 2008-03-13 JP JP2010501057A patent/JP5399371B2/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060126845A1 (en) * | 2004-10-27 | 2006-06-15 | Meshnetworks, Inc. | System and method for providing security for a wireless network |
| US20060209884A1 (en) * | 2005-03-15 | 2006-09-21 | Macmullan Samuel J | System, method and apparatus for automatic detection and automatic connection between a generalized content source and a generalized content sink |
| US20060217063A1 (en) * | 2005-03-24 | 2006-09-28 | Honeywell International Inc | A system for secure communications |
Non-Patent Citations (1)
| Title |
|---|
| See also references of EP2132894A4 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011137580A1 (en) * | 2010-05-04 | 2011-11-10 | Qualcomm Incorporated | Shared circuit switched security context |
| CN102948112A (en) * | 2010-05-04 | 2013-02-27 | 高通股份有限公司 | Shared circuit switched security context |
| US10389691B2 (en) | 2010-05-04 | 2019-08-20 | Qualcomm Incorporated | Shared security context |
| WO2012070811A2 (en) | 2010-11-22 | 2012-05-31 | Samsung Electronics Co., Ltd. | Method and system for minimizing latencies for content protection in audio/video networks |
| EP2643958A4 (en) * | 2010-11-22 | 2016-06-29 | Samsung Electronics Co Ltd | Method and system for minimizing latencies for content protection in audio/video networks |
Also Published As
| Publication number | Publication date |
|---|---|
| EP2132894A1 (en) | 2009-12-16 |
| US20080232588A1 (en) | 2008-09-25 |
| CN101715634A (en) | 2010-05-26 |
| JP2010522501A (en) | 2010-07-01 |
| US8744081B2 (en) | 2014-06-03 |
| EP2132894A4 (en) | 2017-09-27 |
| KR20100003730A (en) | 2010-01-11 |
| JP5399371B2 (en) | 2014-01-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8744081B2 (en) | System and method for implementing content protection in a wireless digital system | |
| US7242766B1 (en) | Method and system for encrypting and decrypting data using an external agent | |
| JP4482266B2 (en) | Method and apparatus for managing symmetric keys in a communication network | |
| CN106165353B (en) | Efficient routing of encrypted streams using point-to-point authentication protocol | |
| US9516362B2 (en) | Devices, systems and methods for reducing switching time in a video distribution network | |
| EP2917867B1 (en) | An improved implementation of robust and secure content protection in a system-on-a-chip apparatus | |
| US8874895B2 (en) | Data transmitting apparatus, data receiving apparatus, data transmitting method, and data receiving method | |
| US7600118B2 (en) | Method and apparatus for augmenting authentication in a cryptographic system | |
| USRE46959E1 (en) | Enabling/disabling display data channel access to enable/disable high-bandwidth digital content protection | |
| CN103004219A (en) | System and method to prevent manipulation of transmitted video data | |
| US8903086B2 (en) | Enabling/disabling display data channel access to enable/disable high-bandwidth digital content protection | |
| JP2005244534A (en) | Device and method for cipher communication | |
| KR20080058485A (en) | Improved proximity detection method | |
| WO2007043002A2 (en) | Improved security system | |
| US8200973B2 (en) | Method and apparatus for encrypted authentication | |
| JP4422437B2 (en) | License information transmitting apparatus and license information receiving apparatus | |
| WO2024103597A1 (en) | Video-audio stream transmission method, apparatus and system | |
| JP5132651B2 (en) | License information transmitting apparatus and license information transmitting program | |
| JP5391315B2 (en) | License information receiving apparatus, license information receiving program, and license information receiving method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| WWE | Wipo information: entry into national phase |
Ref document number: 200880009392.0 Country of ref document: CN |
|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08743855 Country of ref document: EP Kind code of ref document: A1 |
|
| WWE | Wipo information: entry into national phase |
Ref document number: 5269/CHENP/2009 Country of ref document: IN |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| ENP | Entry into the national phase |
Ref document number: 2010501057 Country of ref document: JP Kind code of ref document: A |
|
| WWE | Wipo information: entry into national phase |
Ref document number: 2008743855 Country of ref document: EP |
|
| ENP | Entry into the national phase |
Ref document number: 20097022118 Country of ref document: KR Kind code of ref document: A |