WO2008110971A2 - Encryption and decryption of auxiliary data - Google Patents

Encryption and decryption of auxiliary data Download PDF

Info

Publication number
WO2008110971A2
WO2008110971A2 PCT/IB2008/050845 IB2008050845W WO2008110971A2 WO 2008110971 A2 WO2008110971 A2 WO 2008110971A2 IB 2008050845 W IB2008050845 W IB 2008050845W WO 2008110971 A2 WO2008110971 A2 WO 2008110971A2
Authority
WO
WIPO (PCT)
Prior art keywords
auxiliary data
encryption
key
subunits
data
Prior art date
Application number
PCT/IB2008/050845
Other languages
French (fr)
Other versions
WO2008110971A3 (en
Inventor
Klaus Kursawe
Timothy Kerins
Stefan Katzenbeisser
Hugues J. M. De Perthuis
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2008110971A2 publication Critical patent/WO2008110971A2/en
Publication of WO2008110971A3 publication Critical patent/WO2008110971A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/426Internal components of the client ; Characteristics thereof
    • H04N21/42607Internal components of the client ; Characteristics thereof for processing the incoming bitstream
    • H04N21/42623Internal components of the client ; Characteristics thereof for processing the incoming bitstream involving specific decryption arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/426Internal components of the client ; Characteristics thereof
    • H04N21/42692Internal components of the client ; Characteristics thereof for reading from or writing on a volatile storage medium, e.g. Random Access Memory [RAM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/435Processing of additional data, e.g. decrypting of additional data, reconstructing software from modules extracted from the transport stream
    • H04N21/4353Processing of additional data, e.g. decrypting of additional data, reconstructing software from modules extracted from the transport stream involving decryption of additional data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to encryption and decryption of auxiliary data in the memory of a computer system. The encryption and decryption utilizes a data structure of the auxiliary data. The data structure comprises at least partially independent subunits. The auxiliary data is received into a processor unit and an encryption/decryption key associated to a subunit is provided. The encrypting/decryption of the auxiliary data is performed in a process where the encryption/decryption key is changed at boundaries between subunits, so that subunits of the auxiliary data is encrypted/decrypted using associated encryption keys. Embodiments of the invention are applicable in the field of memory encryption of audio¬ visual data (AV data).

Description

Encryption and decryption of auxiliary data
FIELD OF THE INVENTION
The invention relates to encryption and decryption of auxiliary data, and in particular to the field of encryption and decryption of data in the memory of a computer system.
BACKGROUND OF THE INVENTION
In certain digital rights management (DRM) systems, content, typically in compressed form, is stored outside a secure processor only in encrypted form and only decrypted by the processor immediately prior to rendering. Typically when rendering content, such as AV content, a processor system, which is presumed to be secure, communicates with an external memory, which is assumed to be insecure. Attackers who wish to access the contents may try to "listen" to the communication path between the processor and the memory, or directly read out the content of the insecure memory. However, by storing the data in the memory in encrypted form, the system may be made secure also to such types of attacks.
It is problematic to implement high security, low latency memory encryption without the use of a potentially large amount of secure data storage. For consumer electronics (CE) the application of memory encryption is faced with the dilemma that, on one side the encryption or decryption algorithm must not add significant latency to memory access, especially on reading operations. And on the other side, all algorithms that provide a sufficient strength of encryption, e.g. the AES algorithm, require several rounds of computation, and can not be implemented efficiently enough at acceptable costs.
The published patent application US 2005/0021986 Al discloses a method and apparatus for memory encryption with reduced decryption latency. The method includes reading an encrypted data block from memory. During reading of the encrypted data block, a key stream used to encrypt the data block is regenerated according to one or more stored criteria of the encrypted data block.
The inventor of the present invention has appreciated that an improved method for memory encryption is of benefit, and has in consequence devised the present invention. SUMMARY OF THE INVENTION
The inventors of the present invention have realized that the apparent most practical solution to the problem of implement high security, low latency memory encryption, is to use a "one-time pad" style of encryption. This encryption usually computes a pseudorandom value from a secret key while the data is fetched from memory, and then applies an XOR encryption on the data. This way, the time-intensive computation - the computation of the pseudo random number value - can be done in parallel with the also time intensive access to the data in the main memory, while the actual decryption is a very fast operation. XOR-based encryption is inherently insecure if the same key is used twice.
Therefore, unless the secret key is changed very frequently, the scheme may be insecure. The changing of keys for memory encryption is a complex operation, since every item that was encrypted under the former key, needs to be re-encrypted under the new key. This may block the computation for an unacceptable long time. In general it may be seen as an object of the present invention to provide a means for high security, low latency memory encryption, which does not require re-encrypting content upon re-keying.
Preferably, the invention alleviates, mitigates or eliminates one or more of the above or other disadvantages singly or in any combination. According to a first aspect of the present invention there is provided, a method of encryption of auxiliary data, the auxiliary data having a data structure comprising at least partially independent subunits, the method comprising:
- receiving auxiliary data into a processor unit;
- providing an encryption key associated to a subunit;
- encrypting the auxiliary data using the encryption key and changing the encryption key at boundaries between subunits, so that subunits of the auxiliary data is encrypted using associated encryption keys.
The invention according to the first aspect is particularly but not exclusively advantageous for utilizing a data structure of the auxiliary data for associating encryption keys to the auxiliary data. Since the subunits are at least partially independent, it is possible to change keys at subunit boundaries and thereby avoiding re-encryption of already encrypted data. By aligning re-keying of a cipher with a break point or boundary in the auxiliary data, a secure memory encryption is thereby provided which does not add or at least diminishing latency in the system when employing memory encryption. Moreover storage requirements for the storage of data, keys and other data entities are diminished. The encryption routine is thereby made application aware. In embodiments, the awareness may be implemented by implementing into the processor units, the type of the auxiliary data and thereby the information needed to operate on the specific data structure, moreover, specific data calls, code lines and the like may also be used for use in connection of finding boundaries between the subunits.
The key may be changed at a time when the processor unit no longer uses a subunit of auxiliary data. Since the subunits are independent, once the processor no longer uses a subunit, there is no need for storing the subunit or any keys associated to it. Boundaries between subunits may thereby be defined as boundaries in time, at a point in time when the processor unit no longer uses a subunit of auxiliary data.
It may be necessary to detect by the processor when a subunit of auxiliary data is no longer used. In advantageous embodiments, the boundaries are detected by an application of the auxiliary data or derived from an action of the processor or a code executed by the processor. In an advantageous embodiment, the encryption function is based on a onetime pad encryption or a comparable technique such as cipher feedback mode or a stream cipher. The encryption function may be based on an XOR-based encryption. One-time pad style encryption and comparable techniques provide very fast operation which may offer a high security. In an advantageous embodiment, the encryption function comprises a block cipher or a combination of block ciphers, such as an AES, DES or other block ciphers, an entropy extractor, etc. The application of block cipher encryption may support random access to data, since a key associated to a specific block may be provided independently of other blocks of data. The encryption function may in addition to, as an alternative to or in combination with a block cipher comprise a stream cipher or a pseudorandom number generator.
In an advantageous embodiment each key associated to a subunit is unique. By associating a unique key, a high security may be obtained.
In advantageous embodiments, the key is based on one or more properties of the subunits. The key may be based on such properties as a storage address of the encrypted auxiliary data or a counter of a number of independent subunits. By basing the key on a property of the subunits, a correlation between a specific subunit and a key may be made, so at to facilitate random access to data. Embodiments of the invention may advantageously be applied to audio-visual data, since audio-visual formats may possess a structure having independent subunits. Moreover, applications of audio-visual content may on one hand be subjugated a DRM scheme requiring memory encryption and on the other hand, for many types of AV- equipment, there is a strong requirement of maintaining the cost low.
According to a second aspect of the present invention there is provided, a method of decryption of auxiliary data, the auxiliary data having a data structure comprising at least partially independent subunits, the method comprising:
- receiving encrypted auxiliary data into a processor unit; - proving a decryption key associated to a subunit;
- decrypting the auxiliary data using the decryption key and changing the encryption key at boundaries between subunits, so that subunits of the encrypted auxiliary data is decrypted using associated decryption keys.
The decryption may be performed after an encryption performed in accordance with the first aspect of the invention. The encryption key associated to a subunit as used in accordance with the first aspect may be applied as the decryption key associated to the same subunit.
According to a third aspect of the present invention there is provided, a system of encryption of auxiliary data. The system may be a system, such as a computer system, for implementing the method of the first aspect.
According to a fourth aspect of the present invention there is provided, a system of decryption of auxiliary data. The system may be a system, such as a computer system, for implementing the method of the second aspect.
According to fifth and sixth aspects of the present invention there are provided computer readable code arranged for causing a processor to perform the method of the first and the second aspect of the invention.
In general the various aspects of the invention may be combined and coupled in any way possible within the scope of the invention. These and other aspects, features and/or advantages of the invention will be apparent from and elucidated with reference to the embodiments described hereinafter.
BRIEF DESCRIPTION OF THE DRAWINGS
Embodiments of the invention will be described, by way of example only, with reference to the drawings, in which FIG. 1 schematically illustrates general aspects of memory encryption;
FIG. 2 illustrates an embodiment of auxiliary data having a data structure comprising partially independent subunits;
FIG. 3 schematically illustrates a flow diagram of an embodiment of the present invention;
FIG. 4 schematically illustrates an embodiment of an implementation of the present invention;
FIG. 5 schematically illustrates a flow diagram of an embodiment of the present invention; FIG. 6 schematically illustrates an encryption scheme which may be implemented in accordance with embodiments of the present invention; and
FIG. 7 schematically illustrates a decryption scheme which may be implemented in accordance with embodiments of the present invention.
DESCRIPTION OF EMBODIMENTS
FIG. 1 schematically illustrates general aspects of memory encryption. In the Figure auxiliary data, possibly in the form of audio-visual (AV) content may be communicated 13 between a processor unit 11 which is considered to be a secure environment and a record carrier, possibly in the form of memory region 12, which is a potentially insecure environment. To ensure confidentiality of the auxiliary data, the data is encrypted 15 before transferring 13 it to the memory region 12. The auxiliary data is thereby in encrypted form while stored and transferred. The encryption may be performed by the processor or by some extra logic on the memory bus. Upon usage of the data, the encrypted data is decrypted, possible by an encryption/decryption unit 15 before it is stored in e.g. an L2 cache 16 before further processing.
In an embodiment, the content may be represented as M, which consists of m blocks of n bits. The content, X1, where i = 0, ... , m-\, may be encrypted in blocks with a key k using a block cipher B. The resulting encrypted content is C1 = B(k,x).
The cipher B(k,x) may be in the form of a pseudo-random number generator (PRNG), where the output T1 of the PRNG is xored with the m blocks of the content. With a secure management of the keys, a high security may be achieved by this scheme. The implementation of the XOR gate typically does not introduce extra latency into the system, and the main computational effort may be the generation of the keys V1 using B. This may be performed in parallel or by other means so that extra latency may be avoided or at least diminished to a large extend in the data reads.
Embodiments of the present invention provide a solution the problems relating to the introduction of latency in the system when employing memory encryption/decryption. The solution is based on the realization of that for at least some types of auxiliary data there is an underlying data structure, and by making the encryption/decryption unit(s) aware of this underlying data structure, the structure may be utilized for removing or at least diminishing latency in the system when employing memory encryption/decryption, as well as decrease storage requirements for the storage of data, keys and other data entities, such as nonces. In embodiments of the present invention, encryption keys are associated to subunits, where in the encrypting the auxiliary data, the encryption keys are changed at boundaries between subunits, so that subunits of the auxiliary data is encrypted using associated encryption keys.
Embodiments of the invention are first discussed for auxiliary data in the form of audio -visual data. More specifically, embodiments are first discussed for audio-visual
(AV) data encoded used an MPEG type of encoding scheme. It is, however, to be understood that the invention is not limited to this type of auxiliary data, and any type of auxiliary data having a data structure comprising at least partially independent subunits is within the scope of the present invention FIG. 2 illustrates an embodiment of data 1 having a data structure comprising partially independent subunits 2, 3. As an example embodiment, the data represents AV- content in the MPEG format. MPEG data comprises a number of frames, the frames being grouped in sub-units referred to as Group of Pictures (GOPs) 2, 3. Three types of frames exist: I, P and B frames. Each sub-unit 2, 3 or GOP consist of a single I-frame 4, 7, 8 and one or more of either B-frames 5, P-frames 6 or both. An I-frame is encoded using only data from that frame and has no knowledge of any previous frames, whereas P and B frames are dependent on other frames. GOPs are thereby independent in the sense that in order decode a stream of images from the GOP, other GOP are not needed. However, the GOPs are depending on each other in the sense, that in order to decode a larger sequence of images, a series of GOPs is needed. Reference to independent subunits is in this embodiment to be interpreted as a reference to the fact that GOPs may be encoded or decoded independently of each other or that I-frames are self-contained in terms of encoding or decoding. This concept of independent frames followed by dependent frames is also common to other forms of AV coding. The encryption of the auxiliary data is schematically illustrated in FIG. 3 by a flow diagram in combination with FIG. 4 which is a schematic illustration of an embodiment of an implementation of the present invention. Auxiliary data is received 30, 40 into a processor unit 41. The auxiliary data may be received from an external record carrier 400, such as a CD-disk, a DVD-disk, a Blu-ray disk, a HD DVD-disk, an external memory, a memory region of the computer system of the processor, supplied via network via streaming, etc. In FIG. 4 the record carrier is illustrated as a disk. The processor unit 41 is a secure environment. The content may be received in encoded (e.g. MPEG) form and encrypted, i.e. it may be DRM protected. The DRM protection may be removed 401 in the secure processor environment before further processing. Further processing in the secure processor environment is then performed on non-encrypted but encoded data 402. However, since the data at this stage is within a secure environment, this does not pose a security risk.
While processing the data there are a number of different memory blocks. Initially, after the auxiliary data is read from the record carrier 400, the auxiliary data are usually stored in a ring buffer implemented in the general memory (i.e. insecure environment) of the record carrier of the hosting computer system. In terms of MPEG data, this buffer is often referred to as an MPEG scratch pad 403. This buffer ensures that there is always data available for the rendering engine, and compensates fluctuations in the reading speed. To ensure secure handling of the data, the auxiliary data is encrypted by the processor, which on FIG. 4 is illustrated by an encryption/decryption unit 404. For the actual processing, three buffers may be required: one for the last I-frame, one for the next P-frame and one for the current B-frame.
In the encryption unit 404, an encryption key is provided 32 and a re-key routine 33 is run to extract or receive an indication of when a boundary between subunits occurs, so the subunits of the auxiliary data may be encrypted 31 using an encryption key associated to a subunit by changing the encryption key at boundaries between subunits. The re-key routine may be implemented as a re-key engine. In an embodiment, a boundary between subunits is provided as a boundary in time, at a point in time, when the processor no longer needs a subunit any more. Since the subunits are independent in terms of rendering, once a subunit is rendered, any memory associated to that subunit may be overwritten. The key may be provided from a key repository or generated on-the-fly, embodiments of key generations is disclosed below. The encrypted and still encoded data for subunits which have not been rendered is stored in the memory by transferring 34, 405 the data to the buffer(s) 403. The decryption of the auxiliary data is illustrated on FIG. 5 by a schematic flow diagram and continued on FIG. 4.
The stored and encrypted auxiliary data may be used in connection with playback of AV-content, which before it is outputted 407 to a display unit (not shown) is rendered by a rendering engine 406.
Upon request of the rendering engine, the encrypted auxiliary data 408 is fetched from the memory region and received 50 into the processor unit 41. The encrypted auxiliary data is decrypted by the processor, which on FIG. 4 is illustrated by an encryption/decryption unit 404. In the decryption unit, a decryption key is provided 52 and a re-key routine 53 is run to extract or receive an indication of when a boundary between subunits occurs, so the subunits of the auxiliary data may be decrypted 51 using a decryption key associated to a subunit by changing the decryption key at boundaries between subunits. The decrypted and still encoded data is then transferred 54, 409 to the rendering engine 406. Different embodiment may be provided in order to make the processor aware of the underlying data structure so that different keys are used for different subunits of the auxiliary data, as well as different embodiments may be provided in order to detect when to re-key, i.e. to change the key.
In an embodiment, the processor may be made aware of the underlying data structure by storing a number of, typically randomly generated keys that correspond to the different memory blocks. In systems with a static memory layout, such as the typical CE device, this may be encoded by the encryption unit by observing the memory address lines. In embodiments, where all buffers have a size that equals to a power of 2, the key used for a particular memory block can be derived from the upper address lines, otherwise simple logic may be implemented to perform the task of selection.
In an embodiment, the key is changed at a time when the processor unit no longer uses a subunit of auxiliary data. This may in an embodiment correspond to when a particular memory region is being overwritten, since once a particular memory region is being overwritten the corresponding key can safely be changed without requiring to re-key any existing memory content.
In an embodiment, the application used for handling the auxiliary data may be implemented with the functionality to issue a "re-key" command 410 when a boundary is detected by the application. In another embodiment, the encryption/decryption unit derives the presence of boundaries from an action of the processor or a code executed by the processor. For example, in a system using a ring buffer, as soon as the CPU starts to overwrite the first byte of a buffer slot, it is safe to assume that the code will overwrite the rest of the slot as well, and the corresponding key can be updated 410. This may specifically be implemented by detecting when a copy command copying the first bit from a buffer slot to a slot in the operating memory is issued.
In the rendering/decoding process, and especially for AV content it may be important that also the functionalities of fast-forward, rewind, etc. may be handled in a secure way. Thus, it may be necessary that the memory may be accessed randomly. For MPEG data, a GOP counter is typically part of the media decoding application, i.e. a counter of a number of independent subunits is available. The counter may be used in the process of providing a key. In an embodiment, a key may be generated as ki = GOP counter + k, where is a common key for the auxiliary data. Thus in this embodiment, the key ki is different for each independent GOP, the key supporting random access of the data.
In embodiments, the issue of random data access to the memory may be handled by basing the key on a storage address a} of the encrypted auxiliary data as input to the cipher function B. In order to ensure that when a specific memory address is repeatedly access the keys are not reused, nonces may be applied, e.g. by adding a nonce to the a}. A nonce may be generated by the system clock xored with a random number.
However, for frequently changed keys, nonces may not be required to ensure uniqueness of the keys, since by using the GOP counter in the key generation, keys for different GOPs will be different even if the same storage addresses are used.
FIG. 6 schematically illustrates an encryption scheme which may be implemented in accordance with embodiments of the present invention. The encryption scheme may be implemented by the encryption/decryption unit 404.
The content 60, X1, is inputted into an XOR-gate 61 which performs an n bit XOR-operation together with the output 62, rt, of a block cipher 63, B. The encrypted content 64, C1, may thereby be obtained as: C1 = X1 + T1, i = 0, ... , m-\
The block cipher may provide the output, rt, based on a given input key 65, kt, so that: T1 = BOi1) In embodiments, the block cipher may be implemented using the AES- 128 algorithm. The input key may be referred to as a seed for the block cipher. The key may in different embodiment be generated in different ways.
For each memory block, a randomly generated key may be provided and stored. This randomly generated key may be xored with a storage address, ap of the auxiliary data, it may in addition to or alternatively be xored with GOP counter, it may in addition to or alternatively be xored with a nonce.
FIG. 7 schematically illustrates a decryption scheme which may be implemented in accordance with embodiments of the present invention. The encryption scheme may be implemented by the encryption/decryption unit 404.
The encrypted content 70, C1, is inputted into an XOR-gate 71 together with the output 72, V1, of a block cipher 73, B. The decrypted content 74 may be obtained as: X1 = C1 + T1, i = 0, ... , m-\
The block cipher may provide the output, rt, based on a given input key 75 kt, so that: T1 = B(kJ
The input key is the key associated to the given subunits.
Embodiments have been described for auxiliary data in the form of audiovisual data. As an example of an alternative structure comprising at least partially independent subunits, the structure of the FIFO-buffer used to compensate disk irregularities may be exploited. In this case, a block in the buffer is obsolete as soon as any write access happens; thus re-keying may be performed when the memory unit tries to overwrite the first byte of a given block.
The invention can be implemented in any suitable form including hardware, software, firmware or any combination of these. The invention or some features of the invention can be implemented as computer software running on one or more data processors and/or digital signal processors. The elements and components of an embodiment of the invention may be physically, functionally and logically implemented in any suitable way. Indeed, the functionality may be implemented in a single unit, in a plurality of units or as part of other functional units. As such, the invention may be implemented in a single unit, or may be physically and functionally distributed between different units and processors.
Although the present invention has been described in connection with the specified embodiments, it is not intended to be limited to the specific form set forth herein. Rather, the scope of the present invention is limited only by the accompanying claims. In the claims, the term "comprising" does not exclude the presence of other elements or steps. Additionally, although individual features may be included in different claims, these may possibly be advantageously combined, and the inclusion in different claims does not imply that a combination of features is not feasible and/or advantageous. In addition, singular references do not exclude a plurality. Thus, references to "a", "an", "first", "second" etc. do not preclude a plurality. Furthermore, reference signs in the claims shall not be construed as limiting the scope.

Claims

CLAIMS:
1. Method of encryption of auxiliary data (1 , 40), the auxiliary data having a data structure comprising at least partially independent subunits (2, 3), the method comprising:
- receiving (30) auxiliary data into a processor unit (41);
- providing (32) an encryption key associated to a subunit; - encrypting (31) the auxiliary data using the encryption key and changing the encryption key at boundaries between subunits, so that subunits of the auxiliary data is encrypted using associated encryption keys.
2. The method according to claim 1, where the key is changed at a time when the processor unit no longer uses a subunit of auxiliary data.
3. The method according to claim 1, wherein the boundaries are detected by an application of the auxiliary data.
4. The method according to claim 1, wherein the boundaries are derived from an action of the processor or a code executed by the processor.
5. The method according to claim 1, wherein the encryption function is based on a one-time pad encryption, a cipher feedback mode or a stream cipher.
6. The method according to claim 1, wherein the encryption function comprises a block cipher, a stream cipher, or a pseudorandom number generator.
7. The method according to claim 1, wherein each key associated to a subunit is unique.
8. The method according to claim 1, wherein the key is based on one or more properties of the subunits.
9. The method according to claim 1, wherein the key is based on a storage address of the encrypted auxiliary data.
10. The method according to claim 1, wherein the key is based on a counter of a number of independent subunits.
11. The method according to claim 1, wherein the auxiliary data is audio-visual data.
12. Method of decryption of auxiliary data (1, 408), the auxiliary data having a data structure comprising at least partially independent subunits (2, 3), the method comprising:
- receiving (50) encrypted auxiliary data into a processor unit;
- providing (52) a decryption key associated to a subunit; - decrypting (51) the auxiliary data using the decryption key and changing the decryption key at boundaries between subunits, so that subunits of the encrypted auxiliary data is decrypted using associated decryption keys.
13. System of encryption of auxiliary data (1, 40), the auxiliary data having a data structure comprising at least partially independent subunits (2, 3), the system comprising:
- a processor unit (41) for receiving auxiliary data;
- a key unit (404) for providing an encryption key associated to a subunit;
- an encryption unit (404) for encrypting the auxiliary data using the encryption key and changing the encryption key at boundaries between subunits, so that subunits of the auxiliary data is encrypted using associated encryption keys.
14. System of decryption of auxiliary data (1, 408), the auxiliary data having a data structure comprising at least partially independent subunits (2, 3), the method comprising: - a processor unit (41) for receiving encrypted auxiliary data;
- a key unit (404) for providing a decryption key associated to a subunit;
- a decryption unit (404) for decrypting the auxiliary data using the decryption key and changing the decryption key at boundaries between subunits, so that subunits of the encrypted auxiliary data is decrypted using associated decryption keys.
15. Computer readable code arranged for causing a processor to perform the method of claim 1.
16. Computer readable code arranged for causing a processor to perform the method of claim 12.
PCT/IB2008/050845 2007-03-13 2008-03-07 Encryption and decryption of auxiliary data WO2008110971A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP07103974.7 2007-03-13
EP07103974 2007-03-13

Publications (2)

Publication Number Publication Date
WO2008110971A2 true WO2008110971A2 (en) 2008-09-18
WO2008110971A3 WO2008110971A3 (en) 2008-11-27

Family

ID=39709235

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2008/050845 WO2008110971A2 (en) 2007-03-13 2008-03-07 Encryption and decryption of auxiliary data

Country Status (1)

Country Link
WO (1) WO2008110971A2 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5757919A (en) * 1996-12-12 1998-05-26 Intel Corporation Cryptographically protected paging subsystem
US5991403A (en) * 1996-12-23 1999-11-23 Intel Corporation Recoverable cryptographic transformation on YUV data suitable for compressions
WO2005006197A2 (en) * 2003-06-25 2005-01-20 Intel Corporation An apparatus and method for memory encryption with reduced decryption latency

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5757919A (en) * 1996-12-12 1998-05-26 Intel Corporation Cryptographically protected paging subsystem
US5991403A (en) * 1996-12-23 1999-11-23 Intel Corporation Recoverable cryptographic transformation on YUV data suitable for compressions
WO2005006197A2 (en) * 2003-06-25 2005-01-20 Intel Corporation An apparatus and method for memory encryption with reduced decryption latency

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JUN YANG ET AL: "Fast secure processor for inhibiting software piracy and tampering" MICROARCHITECTURE, 2003. MICRO-36. PROCEEDINGS. 36TH ANNUAL IEEE/ACM I NTERNATIONAL SYMPOSIUM ON 3-5 DEC. 2003, PISCATAWAY, NJ, USA,IEEE, 3 December 2003 (2003-12-03), pages 351-360, XP010674237 ISBN: 978-0-7695-2043-8 *
PANG-CHICH WANG ET AL: "An AV object oriented encryption algorithm for MPEG-4 streams" MULTIMEDIA AND EXPO, 2004. ICME '04. 2004 IEEE INTERNATIONAL CONFERENC E ON TAIPEI, TAIWAN JUNE 27-30, 2004, PISCATAWAY, NJ, USA,IEEE, vol. 2, 27 June 2004 (2004-06-27), pages 971-974, XP010770983 ISBN: 978-0-7803-8603-7 *

Also Published As

Publication number Publication date
WO2008110971A3 (en) 2008-11-27

Similar Documents

Publication Publication Date Title
US9600421B2 (en) Systems and methods for low-latency encrypted storage
US7685647B2 (en) Information processing apparatus
US20060002561A1 (en) Apparatus and/or method for encryption and/or decryption for multimedia data
US20120269340A1 (en) Hierarchical encryption/decryption device and method thereof
US8571209B2 (en) Recording keys in a broadcast-encryption-based system
US8422684B2 (en) Security classes in a media key block
US20030212886A1 (en) Encryption/decryption system and encryption/decryption method
JP2005244992A (en) Instrument and method equipped with limited receiving function and copy prevention function for encryption of broadcast data
TWI431999B (en) Supporting multiple key ladders using a common private key set
US10102386B2 (en) Decrypting content protected with initialization vector manipulation
US20040141614A1 (en) Data encryption apparatus and method
JP3785642B2 (en) Encoding apparatus and decoding apparatus using encryption key included in digital watermark, and methods thereof
US6944296B1 (en) Video bit scrambling
US7433488B2 (en) Information recording medium drive device, information processing apparatus, data replay control system, data replay control method, and computer program
JP4665159B2 (en) Electronic media communication device
KR101790948B1 (en) Apparatus and method for providing drm service, apparatus and method for playing contents using drm service
JP2008278416A (en) Apparatuses, methods, and programs for data encryption processing and data decryption processing, and integrated circuit
JPH10293724A (en) Unit device, decoding unit device, ciphering unit device, ciphering system, ciphering method and decoding method
WO2008110971A2 (en) Encryption and decryption of auxiliary data
US20160164675A1 (en) Countering server-based attacks on encrypted content
JP2006220748A (en) Data processor, data recorder, data reproducing device, and data storage method
KR100734385B1 (en) Data processing apparatus, data recording apparatus, data playback apparatus, and data storage method
JPH10293725A (en) External storage device, ciphering unit device, decoding unit device, ciphering system, decoding system, ciphering method and decoding method
CN1692437A (en) Apparatus and system for data copy protection and method thereof
JP4688558B2 (en) Content management system, content management apparatus and content management method

Legal Events

Date Code Title Description
NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08719609

Country of ref document: EP

Kind code of ref document: A2