Apparatus and methods for content transfer protection

US 10,050,945 B2
Filed: 02/06/2017
Issued: 08/14/2018
Est. Priority Date: 12/10/2012
Status: Active Grant

First Claim

Patent Images

1. Computerized bridging apparatus configured to provide digitally rendered content to a computerized client device, the computerized bridging apparatus comprising:

a first data interface configured to enable data communication between the computerized apparatus and a managed content delivery network;

a second data interface configured to enable data communication with the computerized client device;

digital processor apparatus in data communication with the first data interface and the second data interface; and

storage apparatus in data communication with the digital processor apparatus, the storage apparatus comprising at least one computer program configured to, when executed on the digital processor apparatus;

receive data representative of a request from at least one of the computerized client device for the digitally rendered content;

cause generation and transmission of a data communication to the managed content delivery network via at least the first interface, the data communication configured to request at least the digitally rendered content;

receive, at the computerized bridging apparatus and from a headend entity of the managed content delivery network, (i) the digitally rendered content, and (ii) a copy of cryptographic data relating to the digitally rendered content; and

based on the received data representative of the request for the digitally rendered content;

(i) decrypt the received digitally rendered content;

(ii) re-encrypt the digitally rendered content using at least the received copy of the cryptographic data; and

(iii) provide the re-encrypted digitally rendered content to the computerized client device via at least the second interface;

wherein the cryptographic data is required by the computerized client device to de-crypt the re-encrypted digitally rendered content for playback thereof by the computerized client device; and

wherein the cryptographic data is received by the computerized client device from a network entity of the managed content delivery network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for ensuring protection of transferred content. In one embodiment, content is transferred while enabling a network operator (e.g., MSO) to control and change rights and restrictions at any time, and irrespective of subsequent transfers. This is accomplished in one implementation by providing a premises device configured to receive content in a first encryption format and encodes using a first codec, with an ability to transcrypt and/or transcode the content into an encryption format and encoding format compatible with a device which requests the content therefrom (e.g., from PowerKey/MPEG-2 content to DRM/MPEG-4 content). The premises device uses the same content key to encrypt the content as is used by the requesting device to decrypt the content.

421 Citations

23 Claims

1. Computerized bridging apparatus configured to provide digitally rendered content to a computerized client device, the computerized bridging apparatus comprising:
- a first data interface configured to enable data communication between the computerized apparatus and a managed content delivery network;
  
  a second data interface configured to enable data communication with the computerized client device;
  
  digital processor apparatus in data communication with the first data interface and the second data interface; and
  
  storage apparatus in data communication with the digital processor apparatus, the storage apparatus comprising at least one computer program configured to, when executed on the digital processor apparatus;
  
  receive data representative of a request from at least one of the computerized client device for the digitally rendered content;
  
  cause generation and transmission of a data communication to the managed content delivery network via at least the first interface, the data communication configured to request at least the digitally rendered content;
  
  receive, at the computerized bridging apparatus and from a headend entity of the managed content delivery network, (i) the digitally rendered content, and (ii) a copy of cryptographic data relating to the digitally rendered content; and
  
  based on the received data representative of the request for the digitally rendered content;
  
  (i) decrypt the received digitally rendered content;
  
  (ii) re-encrypt the digitally rendered content using at least the received copy of the cryptographic data; and
  
  (iii) provide the re-encrypted digitally rendered content to the computerized client device via at least the second interface;
  
  wherein the cryptographic data is required by the computerized client device to de-crypt the re-encrypted digitally rendered content for playback thereof by the computerized client device; and
  
  wherein the cryptographic data is received by the computerized client device from a network entity of the managed content delivery network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 21)
- - 2. The computerized bridging apparatus of claim 1, wherein the at least one computer program is further configured to, when executed on the digital processor apparatus:
    - transcode the digitally rendered content from a first encoding format to a second encoding format, the first encoding format comprising an Moving Pictures Experts Group (MPEG)-2 format, and the second encoding format comprising an MPEG-4 AVC (Advanced Video Codec) format.
  - 3. The computerized bridging apparatus of claim 1, wherein the data communication configured to at least request the digitally rendered content is further configured to cause request for at least the cryptographic data, at least a portion of the data communication generated using at least a digital rights management (DRM) client application program operative to run on the digital processor apparatus.
  - 4. The computerized bridging apparatus of claim 3, wherein the data communication configured to at least request the digitally rendered content and to cause request for at least the cryptographic data comprises:
    - (i) a first request for the digitally rendered content from a first network entity of the managed content delivery network, and (ii) a second request for the cryptographic data from a second network entity of the managed content delivery network;
      
      wherein the first network entity comprises a content server; and
      
      wherein the second network entity comprises a digital rights management (DRM) server; and
      
      wherein the received copy of the cryptographic data comprises at least one content key associated with DRM license data.
  - 5. The computerized bridging apparatus of claim 1, wherein the at least one computer program is further configured to, when executed:
    - determine that the digitally rendered content is received from the managed content delivery network in a format that is incompatible with the computerized client device; and
      
      based at least in part on the determination, transcode the digitally rendered content from the first format to a second format compatible with the computerized client device prior to said re-encryption.
  - 6. The computerized bridging apparatus of claim 1, wherein the digitally rendered content and the copy of cryptographic data are received from the managed content delivery network only upon authentication of the computerized bridging apparatus, the authentication based at least in part on a Media Access Control (MAC) address associated with the computerized bridging apparatus.
  - 7. The computerized bridging apparatus of claim 1, wherein the at least one computer program is further configured to, when executed on the digital processor apparatus:
    - store the received copy of the cryptographic data for use for subsequent requests for the digitally rendered content by other computerized client device associated with a subscriber account with which the computerized client device is associated, the subscriber account maintained by the managed content delivery network.
  - 21. The computerized bridging apparatus of claim 1, wherein the computerized bridging apparatus comprises Digital Video Recorder (DVR) device disposed in a premises of a user of the computerized client device.

8. A computerized method for securely providing digitally rendered content to one or more computerized client devices associated with a content delivery network, the method comprising:
- receiving, at an intermediary computerized apparatus and from the one or more computerized client devices, data representative of a request for the digitally rendered content;
  
  using at least a portion of the received data for requesting, and responsive to the requesting receiving, the digitally rendered content from a first entity of the content delivery network, the digitally rendered content received in a first encrypted format;
  
  using at least a portion of the received data for requesting, and responsive to the requesting, receiving first cryptographic data from a second entity of the content delivery network, the requesting and receiving of the first cryptographic data being conducted at least via a digital rights management (DRM) client application run on the intermediary computerized apparatus;
  
  utilizing at least second cryptographic data to decrypt the digitally rendered content in the first encrypted format;
  
  utilizing at least the first cryptographic data to re-encrypt the digitally rendered content to a second encrypted format; and
  
  providing the digitally rendered content in the second encrypted format to the one or more computerized client devices;
  
  wherein the second encrypted format necessitates the one or more computerized client devices to issue a request to the second entity, via a DRM client application configured to obtain third cryptographic data from the second entity that is the same as the first cryptographic data obtained the DRM client application run on the intermediary computerized apparatus, for the third cryptographic data in order to enable playback of the digitally rendered content at the one or more computerized client devices.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, wherein:
    - the requesting the first cryptographic data from the second entity comprises requesting a first cryptographic data structure; and
      
      the requesting the third cryptographic data from the second entity comprises requesting the first cryptographic data structure.
  - 10. The method of claim 8, wherein:
    - the requesting the first cryptographic data from the second entity comprises requesting a first cryptographic data structure; and
      
      the requesting the third cryptographic data from the second entity comprises requesting a third cryptographic data structure different in at least one respect than the first cryptographic data structure, the first cryptographic data structure comprising the first cryptographic data, the third cryptographic data structure comprising the third cryptographic data, the first and third cryptographic data being identical to each other.
  - 11. The method of claim 8, further comprising:
    - based at least in part on capability data descriptive of the one or more computerized client devices, determining that the digitally rendered content received from of the content delivery network comprises a format that is not compatible with the one or more computerized client devices;
      
      based at least on the determining, transcoding the digitally rendered content to a format compatible with the one or more computerized client devices; and
      
      storing the digitally rendered content in the format compatible with the one or more computerized client devices at a storage entity associated with the content delivery network.
  - 12. The method of claim 11, wherein:
    - the intermediary computerized apparatus comprises recording apparatus in data communication with a premises network associated with the one or more computerized client devices;
      
      the first entity comprises a content server in direct or indirect communication with the recording apparatus;
      
      the second entity comprises a DRM server; and
      
      the receiving the first cryptographic data comprises receiving at least one content key within a DRM license.
  - 13. The method of claim 12, wherein the receiving the content key within the DRM license comprises receiving from the DRM server after it has been determined at the DRM server that the recording apparatus is entitled to receive access thereto based at least in part on communication of the DRM server with one or more entitlement entities of the content delivery network.
  - 14. The method of claim 12, further comprising providing to the content server data necessary for the content server to obtain appropriate authorization of the recording apparatus to access the digitally rendered content.
  - 15. The method of claim 8, wherein the first encrypted format is in accordance with PowerKey content access standards.

16. Computer readable apparatus comprising a non-transitory storage medium, the non-transitory storage medium comprising at least one computer program having a plurality of instructions, the plurality of instructions configured to, when executed on a processing apparatus:
- utilize a Digital Rights Management (DRM) client application on either a Digital Video Recorder (DVR) apparatus or a gateway apparatus in data communication with a premises network associated with a computerized client device, the DRM client application utilizing an identical protected content access algorithm as a DRM client application utilized by the computerized client device;
  
  receive data representative of a request for digitally rendered content from the computerized client device;
  
  receive the digitally rendered content from a content server of a managed content delivery network, the digitally rendered content being encrypted according to a first access control standard;
  
  receive first content protection data from an entity of the managed content delivery network;
  
  receive second content protection data from the entity of the managed content delivery network; and
  
  based at least on determination of at least one of;
  
  (i) that a user associated with the computerized client device is authenticated to receive access to the digitally rendered content, and/or (ii) that the computerized client device is authenticated to receive access to the digitally rendered content;
  
  decrypt the digitally rendered content via use of the first content protection data;
  
  translate the digitally rendered content from a first encoding format to a second encoding format;
  
  re-encrypt, via use of the second content protection data, the digitally rendered content according to a second access control standard; and
  
  provide the re-encrypted digitally rendered content to the computerized client device;
  
  wherein both the second content protection data and the DRM client application utilized by the computerized client device are required for decryption and playback of the digitally rendered content at the computerized client device; and
  
  wherein the second content protection data is received by the computerized client device from the entity of the managed content delivery network.
- View Dependent Claims (17, 18, 19, 22)
- - 17. The computer readable apparatus of claim 16, wherein the second encoding format comprises a format compatible with capabilities of both the at least one computerized client device and at least one other client device in the premises network.
  - 18. The computer readable apparatus of claim 16, wherein the first encoding format comprises a Moving Pictures Experts Group (MPEG)-2 format, and the second encoding format comprises an MPEG-4 or H.264 format.
  - 19. The computer readable apparatus of claim 16, wherein:
    - the authentication is based at least in part on information unique to the user or the computerized client device and stored at an entity of the managed content delivery network; and
      
      the unique information and the content protection data are pre-positioned at an entity of a non-managed internetwork for subsequent requests for other digitally rendered content originated from the computerized client device.
  - 22. The computer readable apparatus of claim 16, wherein:
    - the second content protection data comprises a DRM license received from a DRM server; and
      
      the utilization of the identical protected content access algorithm enables an operator of the managed content delivery network to control or change usage rights or restrictions at any time up through playback of the digitally rendered content at the computerized client device, and irrespective of any transfer of the digital content between the computerized client device and the DVR apparatus or a gateway apparatus.

20. A computerized method of providing digital content to a computerized client device of a content delivery network irrespective of whether the computerized client device requests the digital content directly from the content delivery network or from a computerized intermediary device in data communication with the content delivery network, the method comprising:
- providing to the computerized intermediary device the digital content rendered in a first protection format;
  
  using the computerized intermediary device as a computerized proxy for a digital rights management (DRM) entity of the content delivery network, the computerized intermediary device configured for protecting the digital content, after receipt thereof from the content delivery network, in a second protection format, the second protection format comprising a format utilized by the DRM entity for content protection, the protecting the digital content comprising using a same content protection cryptographic data structure as used by the DRM entity, the protection cryptographic data structure unique to at least one of the computerized client device or a user thereof; and
  
  utilizing a same DRM algorithm executed on both the computerized client device and the computerized intermediary device for controlling and/or changing usage rights and/or restrictions at any time up through playback of the digital content on the computerized client device, and irrespective of any transfer of the digital content between the computerized client device and the computerized intermediary device;
  
  wherein the second protection format requires the computerized client device to obtain the content protection cryptographic data structure from the DRM entity of the content delivery network, the content protection cryptographic data structure being required to decrypt the digital content at the computerized client device.
- View Dependent Claims (23)
- - 23. The computerized method of claim 20, wherein the same DRM algorithm executed on both the computerized client device and the computerized intermediary device comprises a DRM algorithm executed via respective computer program applications disposed on each the computerized client device and the computerized intermediary device, the respective computer program applications having common encryption or decryption capabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Original Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Inventors
Hybertson, Eric
Primary Examiner(s)
Leung, Robert
Assistant Examiner(s)
Alata, Ayoub

Application Number

US15/425,880
Publication Number

US 20170214666A1
Time in Patent Office

554 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 63/0281   Proxies

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/06   the encryption apparatus us...

H04N 21/4402   involving reformatting oper...

H04N 21/440218   by transcoding between form...

H04N 21/4408   involving video stream encr...

H04N 21/4627   Rights management associate...

Apparatus and methods for content transfer protection

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

421 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and methods for content transfer protection

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

421 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links