| 摘要 |
An embodiment of a method for secure escrow and recovery of media device content keys includes generating, with a first processor of a media device, an escrow key for encrypting a plurality of content keys, the content keys for encrypting instances of media content. The first processor of the media device encrypts the escrow key with a public key of a key clearinghouse. The escrow key, encrypted with the public key of the key clearinghouse, is stored in a storage location outside of the first processor of the media device. |
| 主权项 |
1. A method for securing media content comprising:
generating, with a key generator included in a first processor of a first media device, an escrow key for encrypting a plurality of content keys; encrypting, with the first processor of the first media device, the escrow key with a public key of a key clearinghouse, wherein encrypting the escrow key with the public key of the clearinghouse further comprises appending a current time and an identifier of the first processor with the encrypted escrow key to create an escrow key package; storing the escrow key package in a storage location outside of the first processor of the first media device; encrypting the plurality of content keys for encrypting instances of media content with the escrow key; encrypting an instance of media content to be stored on the memory of a first storage device of the media device with a content key; storing the content key, encrypted with the escrow key, to the first storage device; sending, by a second processor, a request to recover the escrow key from the key clearinghouses, the request comprising an identification of the second processor; receiving from the key clearinghouse an escrow key recovery package comprising the escrow key encrypted with a public key of the of the second processor, wherein receiving from the escrow key recovery package comprises receiving the escrow key recovery package in response to:
identifying the escrow key package based on the identification of the first processor and the appended current time received with the request to recover the escrow key,determining by the key clearinghouse that the second processor is authorized to access the escrow key based on the identification of the second processor,decrypting, by the key clearinghouse in response to determination that the second processor is authorized to access the escrow key, the encrypted escrow key with the public key of the key clearing house,encrypting, by the key clearinghouse, the decrypted escrow key with the public key of the second processor to create the escrow key recovery package, andsending, by the key clearinghouse, the escrow key recovery package to the second processor. |
