System and method for deterministic generation of a common content encryption key on distinct encryption units

摘要

Various embodiments of a system and method for deterministic generation of a common content encryption key on distinct encryption units are described. Embodiments may include, for each given content item of multiple content items that represent one or more portions of a common media object, controlling a different encryption unit of multiple distinct encryption units to i) generate a content encryption key for the given content item based on: a common base secret shared by the multiple distinct encryption units, and an identifier specific to the media object, and ii) encrypt the given content item with the respective content encryption key generated for that content item in order to generate a respective encrypted content item. Each content encryption key generated for a given content item may be equivalent to each other content encryption key such that decryption of each encrypted content item requires a common decryption key.

主权项

1. A computer-implemented method, comprising:
performing by one or more computers operations comprising:
receiving multiple content items that each represent one or more different respective portions of an instance of content, including an individual content item that comprises multiple fragments each with a respective fragment identifier;generating a content encryption key individually for each of the multiple content items including using a common base secret as a password input into a key generation function and an identifier specific to said instance of content as a cryptographic salt input into the key generation function to generate content encryption keys for respective content items of the multiple content items, the common base secret being specific to a content provider from which the multiple content items are received and for the individual content item, generating fragment encryption keys by generating a respective fragment encryption key for each of the multiple fragments using the common base secret and a respective fragment identifier;encrypting each of the multiple content items with the respective content encryption key generated for that content item in order to generate a respective encrypted content item, wherein each content encryption key generated for a given content item is equivalent to each other content encryption key such that decryption of each encrypted content item uses a common decryption key and for at least some of the multiple content items, utilizing separate encryption units to encrypt individual content items of the at least some of the multiple content items;encrypting the multiple fragments of the individual content item utilizing a respective fragment encryption key for each of the multiple fragments to generate multiple encrypted fragments for the individual content item; andproviding the common decryption key and the fragment encryption keys to enable the common decryption key and the fragment encryption keys to be used as part of a decryption process to decrypt the encrypted content items for the instance of content.