System and method for parts-based digital rights management

US 10,002,237 B2
Filed: 07/28/2015
Issued: 06/19/2018
Est. Priority Date: 02/02/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving a content item that is encrypted with a master decryption key;

receiving a license for the content item, wherein the license comprises (a) a user identifier that identifies a user authorized to receive the content item, (b) an encrypted version of the master decryption key, wherein the encrypted version is generated using a user-specific key that is derived by applying a cryptographic hash function to the user identifier, and (c) a plurality of permissions each specific to a respective portion of the content item;

receiving a digital signature for the license;

validating the digital signature to determine that the permissions have not been modified; and

in response to validating the digital signature, providing access to the content item in accordance with the license by (a) applying the cryptographic hash function to the user identifier included in the license to generate the user-specific key, (b) decrypting the encrypted version of the master decryption key using the user-specific key, and (c) decrypting at least a portion of the content item using the master decryption key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of a system and method for parts-based digital rights management are described. Various embodiments may include a digital rights management component configured to receive content comprising a plurality of portions of content. The digital rights management component may also receive a license for the encrypted content; the license may include a plurality of permissions each specific to a respective portion of the content. Additionally, each permission may specify one or more access privileges for the respective portion of the content. The digital rights management component may receive a digital signature for the entire license. The digital rights management component may validate the digital signature to determine that the permissions have not been modified. The digital rights management component may also be configured to, in response to determining that said permissions have not been modified, provide access to content in accordance with said license including said permissions.

Citations

20 Claims

1. A computer-implemented method, comprising:
- receiving a content item that is encrypted with a master decryption key;
  
  receiving a license for the content item, wherein the license comprises (a) a user identifier that identifies a user authorized to receive the content item, (b) an encrypted version of the master decryption key, wherein the encrypted version is generated using a user-specific key that is derived by applying a cryptographic hash function to the user identifier, and (c) a plurality of permissions each specific to a respective portion of the content item;
  
  receiving a digital signature for the license;
  
  validating the digital signature to determine that the permissions have not been modified; and
  
  in response to validating the digital signature, providing access to the content item in accordance with the license by (a) applying the cryptographic hash function to the user identifier included in the license to generate the user-specific key, (b) decrypting the encrypted version of the master decryption key using the user-specific key, and (c) decrypting at least a portion of the content item using the master decryption key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein the encrypted version of the master decryption key is decrypted using the user-specific key and a symmetrical decryption function.
  - 3. The computer-implemented method of claim 1, wherein:
    - the master decryption key comprises a combination of a decryption key and a segment identifier that identifies the portion of the content item; and
      
      only the portion of the content item is decrypted using the master decryption key.
  - 4. The computer-implemented method of claim 1, wherein the license further comprises content information that identifies the content item.
  - 5. The computer-implemented method of claim 1, wherein validating the digital signature further comprises:
    - applying a hash function to the license to generate a cryptographic hash of the license;
      
      applying an asymmetrical decryption function to the digital signature using a public key, wherein applying the asymmetrical decryption function generates a decryption result; and
      
      determining whether the cryptographic hash of the license and the decryption result are equivalent.
  - 6. The computer-implemented method of claim 1, wherein validating the digital signature further comprises:
    - applying a hash function to the license to generate a cryptographic hash of the license;
      
      applying an asymmetrical decryption function to the digital signature using a public key, wherein applying the asymmetrical decryption function generates a decryption result, and wherein the public key corresponds to a private key that was previously used to generate the digital signature; and
      
      determining whether the cryptographic hash of the license and the decryption result are equivalent.

7. A computer-implemented method, comprising:
- receiving encrypted content that comprises a plurality of content segments, wherein each content segment is associated with a segment identifier;
  
  receiving a license for the encrypted content, wherein the license comprises (a) a plurality of permissions, each of which is specific to one of the content segments, and (b) a master decryption key;
  
  generating a portion-specific decryption key by performing a cryptographic hash function on a combination of the master decryption key and a particular segment identifier for a particular content segment;
  
  decrypting the particular content segment using the portion-specific decryption key; and
  
  providing access to the particular content segment in accordance with a particular permission that corresponds to the particular content segment.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The computer-implemented method of claim 7, further comprising:
    - receiving a digital signature for the license; and
      
      validating the digital signature to determine that the license has not been modified, wherein the digital signature is validated before generating the portion-specific decryption key.
  - 9. The computer-implemented method of claim 7, wherein each of the plurality of content segments is encoded using a different portion-specific decryption key.
  - 10. The computer-implemented method of claim 7, further comprising:
    - receiving a digital signature for the license; and
      
      validating the digital signature to determine that the license has not been modified, wherein the digital signature is validated before generating the portion-specific decryption key, and wherein validating the digital signature comprises;
      
      applying a hash function to the license to generate a cryptographic hash of the license;
      
      applying an asymmetrical decryption function to the digital signature using a public key, wherein applying the asymmetrical decryption function generates a decryption result; and
      
      determining whether the cryptographic hash of the license and the decryption result are equivalent.
  - 11. The computer-implemented method of claim 7, further comprising:
    - receiving a digital signature for the license; and
      
      validating the digital signature to determine that the license has not been modified, wherein the digital signature is validated before generating the portion-specific decryption key, and wherein validating the digital signature comprises;
      
      applying a hash function to the license to generate a cryptographic hash of the license;
      
      applying an asymmetrical decryption function to the digital signature using a public key, wherein applying the asymmetrical decryption function generates a decryption result, and wherein the public key corresponds to a private key that was previously used to generate the digital signature; and
      
      determining whether the cryptographic hash of the license and the decryption result are equivalent.
  - 12. The computer-implemented method of claim 7, further comprising generating the combination of the master decryption key and the particular segment identifier by concatenating the master decryption key and the particular segment identifier.
  - 13. The computer-implemented method of claim 7, wherein the license further comprises content information that identifies the encrypted content.

14. A non-transitory computer readable medium storing program instructions that are computer-executable to implement a digital rights management component that is configured to:
- receive a content item that is encrypted with a master decryption key;
  
  receive a license for the content item, wherein the license comprises (a) a user identifier that identifies a user requesting the content item, and (b) an encrypted version of the master decryption key, wherein the encrypted version is generated using a user-specific key that is derived by applying a cryptographic hash function to the user identifier;
  
  receive a digital signature for the license;
  
  validate the digital signature to determine that the license has not been modified; and
  
  in response to validating the digital signature, provide access to the content item by (a) applying the cryptographic hash function to the user identifier included in the license to generate the user-specific key, (b) decrypting the encrypted version of the master decryption key using the user-specific key, and (c) decrypting at least a portion of the content item using the master decryption key.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer readable medium of claim 14, wherein:
    - the master decryption key comprises a combination of a decryption key and a segment identifier that identifies the portion of the content item; and
      
      only the portion of the content item is decrypted using the master decryption key.
  - 16. The non-transitory computer readable medium of claim 14, wherein the encrypted version of the master decryption key is decrypted using the user-specific key and a symmetrical decryption function.
  - 17. The non-transitory computer readable medium of claim 14, wherein:
    - the license further comprises a plurality of permissions, each of which is specific to a respective portion of the content item; and
      
      the digital rights management component is further configured to provide access to the respective portions of the content item in accordance with the plurality of permissions.
  - 18. The non-transitory computer readable medium of claim 14, wherein the license further comprises content information that identifies the content item.
  - 19. The non-transitory computer readable medium of claim 14, wherein validating the digital signature further comprises:
    - applying a hash function to the license to generate a cryptographic hash of the license;
      
      applying an asymmetrical decryption function to the digital signature using a public key, wherein applying the asymmetrical decryption function generates a decryption result; and
      
      determining whether the cryptographic hash of the license and the decryption result are bitwise equivalents of each other.
  - 20. The non-transitory computer readable medium of claim 14, wherein validating the digital signature further comprises:
    - applying a hash function to the license to generate a cryptographic hash of the license;
      
      applying an asymmetrical decryption function to the digital signature using a public key, wherein applying the asymmetrical decryption function generates a decryption result, and wherein the public key corresponds to a private key that was previously used to generate the digital signature; and
      
      determining whether the cryptographic hash of the license and the decryption result are bitwise equivalents of each other.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Sorotokin, Peter, Lester, James L.
Primary Examiner(s)
Kyle, Tamara Teslovich

Application Number

US14/811,202
Publication Number

US 20150332178A1
Time in Patent Office

1,057 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06Q 10/06   Resources, workflows, human...

G06Q 2220/18   Licensing

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04N 21/4627   Rights management associate...

System and method for parts-based digital rights management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for parts-based digital rights management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links