| 摘要 |
Through the use of a one-time-use nonce, the transfer of cryptographic data over a potentially insecure link in a two-factor content protection system is avoided. The nonce may be stored encrypted with a public key from a smart card. A random key may be used to produce a storage key, which is used to encrypt a content protection key. The random key may be stored, encrypted with a key derived from the nonce. Instead of receiving a raw content protection key over the potentially insecure link, the raw nonce is received and, once used, replaced with a new nonce. |
| 主权项 |
1. At an apparatus with a persistent memory, a method of facilitating multi-factor protection for at least some raw data stored in said persistent memory, said method comprising:
receiving a public cryptographic key from an external entity, said external entity storing a private cryptographic key corresponding to said public cryptographic key; generating a random key; generating a random nonce; generating, based on said random nonce, a derived key; encrypting, using said derived key, said random key, thereby producing an encrypted random key; storing, in said persistent memory, said encrypted random key; encrypting, using said public cryptographic key, said random nonce, thereby producing an encrypted nonce; storing, in said persistent memory, said encrypted nonce; establishing a device password for said apparatus; generating, based on said established device password and said random key, a storage key; generating a content protection key; encrypting, using said content protection key, said raw data, thereby producing encrypted data; storing, in said persistent memory in place of said raw data, said encrypted data; encrypting, using said storage key, said content protection key, thereby producing an encrypted content protection key; and storing, in said persistent memory, said encrypted content protection key. |
