BOSTON — Certicom Corp. demonstrated a highly-specialized version of a public-key infrastructure system at Embedded Systems Conference here which may solve the sticky problem of preventing and tracking “gray market” manufacturing of key-enabled systems using content management and digital rights management.

KeyInject can be used to prevent cloning in conditional-access set-top box and media products as well as for tracking manufacturing of high-value replacement parts ranging from inkjet cartridges to medical-imaging parts.

"When manufacturers outsource to small specialists they don’t directly control, you often see very sensitive public keys distributed on CDs,” said Certicom marketing director Brendan Ziolo. “The notion here is to put a small, dedicated hardware system at the manufacturing line that distributes the keys, meters their use, and provides an audit trail back to any manufacturing run that was unauthorized in any way.”

Most DRM or conditional-access systems rely on public-key authentication systems, and Certicom has made inroads into traditional Diffie-Hellman and RSA public-key systems with an encryption scheme that combines elliptic-curve cryptography with the federal Advanced Encryption Standard. The basis for emerging DRM schemes such as High-bandwidth Digital Content Protection and Content Protection for Recordable Media has been to embed unique keying algorithms in a system to control access to streaming media and the use of downloaded media files.

According to Brian Neill, a member of the technical staff at Certicom, “When there were multiple steps in the manufacturing chain, the system designers tended to either send the keys unencrypted, or the set of keys are sent encrypted on a CD. Certain employees on the manufacturing line can represent the weak link, and if the keys provided by the manufacturer end up elsewhere, the system designer can be subject to significant fines by the manager of the content.”