| CPC H04L 63/0428 (2013.01) [G06F 21/10 (2013.01); G06F 21/72 (2013.01); H04L 2463/061 (2013.01); H04L 2463/101 (2013.01)] | 14 Claims |
|
1. A method performed by a first application running in a secure execution environment of a first computing system, the method comprising:
receiving a service invocation request from a second application running in an execution environment of the first computing system separate from the secure execution environment;
establishing, in response to the service invocation request, a communications channel between the first application and a second computing system, the second computing system being a different computing system than the first computing system;
obtaining a license from the second computer system, the license comprising an encrypted content decryption key, the encrypted content decryption key being encrypted using at least one derived key generated based on at least one shared secret between the first application and the second computing system, wherein the at least one shared secret is not exposed within the first computing system outside the secure execution environment;
decrypting the encrypted content decryption key included in the license to generate a decrypted content decryption key using, at least in part, the at least one shared secret;
decrypting a piece of content using the decrypted content decryption key; and
providing the second application with access to the decrypted piece of content.
|