Method, content owner device, computer program, and computer program product for distributing content items to authorized users

US 10,289,810 B2
Filed: 02/27/2014
Issued: 05/14/2019
Est. Priority Date: 08/29/2013
Status: Active Grant

First Claim

Patent Images

1. A method for distributing content items to authorized users, the method comprising:

a content owner device (COD) obtaining a first content item;

the COD obtaining a first tag associated with the first content item;

the COD obtaining a first content key (CK1) for said first content item;

the COD encrypting the first content item using CK1, thereby producing a first encrypted content item;

the COD using at least the first tag and a key derivation function (KDF) to derive a first derived key (DK1);

the COD encrypting CK1 using DK1, thereby producing a first encrypted content key (ECK1);

the COD transmitting information to a content server, the information comprising;

the first encrypted content item and the first tag;

the COD receiving, from a communication device of a user, a first content item identifier for identifying the first content item and a keyword;

the COD, in response to receiving the first content item identifier, determining whether or not the user is authorized to obtain the first content item identified by the first content item identifier; and

the COD, in response to determining that the user is authorized to obtain the first content item, transmitting to the communication device of the user, DK1 and/or CK1.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is, among other things, a method for distributing content items to authorized users. The method comprising: a content owner device (190), COD, obtaining a first content item (196a); the COD (190) obtaining a first tag associated with the first content item (196a); the COD (190) obtaining a first content key, CK1, for said first content item (196a); the COD (190) encrypting the first content item (196a) using CK1, thereby producing a first encrypted content item; the COD (190) using at least the first tag and a key derivation function, KDF, to derive a first derived key, DK1; the COD (190) encrypting CK1 using the DK1, thereby producing a first encrypted content key, ECK1; and the COD (190) transmitting information to a content server (108), the information comprising: the first encrypted content item and the first tag.

106 Citations

18 Claims

1. A method for distributing content items to authorized users, the method comprising:
- a content owner device (COD) obtaining a first content item;
  
  the COD obtaining a first tag associated with the first content item;
  
  the COD obtaining a first content key (CK1) for said first content item;
  
  the COD encrypting the first content item using CK1, thereby producing a first encrypted content item;
  
  the COD using at least the first tag and a key derivation function (KDF) to derive a first derived key (DK1);
  
  the COD encrypting CK1 using DK1, thereby producing a first encrypted content key (ECK1);
  
  the COD transmitting information to a content server, the information comprising;
  
  the first encrypted content item and the first tag;
  
  the COD receiving, from a communication device of a user, a first content item identifier for identifying the first content item and a keyword;
  
  the COD, in response to receiving the first content item identifier, determining whether or not the user is authorized to obtain the first content item identified by the first content item identifier; and
  
  the COD, in response to determining that the user is authorized to obtain the first content item, transmitting to the communication device of the user, DK1 and/or CK1.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the COD uses at least the first tag, the KDF, and a master key to derive DK1, and wherein the first tag comprises a keyword associated with the first content item.
  - 3. The method of claim 1, wherein, in response to determining that the user is authorized to obtain the first content item, the COD i) derives DK1 using at least a master key, the KDF, and the keyword and ii) transmits DK1 to the communication device of the user after deriving DK1.
  - 4. The method of claim 1, further comprising:
    - the COD, in response to determining that the user is authorized to obtain the first content item, i) retrieving ECK1, ii) decrypting ECK1 using DK1, thereby producing CK1, and iii) transmitting to the communication device of the user, CK1.
  - 5. The method of claim 4, wherein, after retrieving ECK1 but prior to decrypting ECK1 using DK1, the COD derives DK1 using at least a master key, the KDF, and the keyword.
  - 6. The method of claim 4, further comprising:
    - the communication device transmitting to the content server, a content query;
      
      the content server, in response to the content query, transmitting to the communication device, a search result satisfying the content query, wherein the search result comprises an identifier identifying the first content item;
      
      the communication device obtaining from the content server, by downloading or streaming, the first encrypted content item;
      
      the communication device transmitting to the COD a message comprising the first tag;
      
      the communication device receiving from the COD a response message sent by the COD in response to said message, said response message comprising CK1; and
      
      the communication device using CK1 received in the response message to decrypt the first encrypted content item.
  - 7. The method of claim 1, further comprising:
    - the communication device transmitting to the content server, a content query;
      
      the content server, in response to the content query, transmitting to the communication device, a search result satisfying the content query, wherein the search result comprises an identifier identifying the first content item;
      
      the communication device obtaining from the content server, by downloading or streaming, the first encrypted content item;
      
      the communication device obtaining ECK1;
      
      the communication device transmitting to the COD, a message comprising the first tag;
      
      the communication device receiving DK1 from the COD;
      
      the communication device using DK1 to decrypt ECK1, thereby producing CK1; and
      
      the communication device using the produced CK1 to decrypt the first encrypted content item.
  - 8. The method of claim 1, further comprising:
    - the COD obtaining a second tag associated with the first content item, the second tag being different than the first tag;
      
      the COD deriving a second derived key (DK2) using at least the first content item identifier, a master key, the second tag, and the KDF, wherein DK2 is not the same as DK1; and
      
      the COD encrypting CK1 using DK2, thereby producing a second encrypted content key (ECK2), which is not the same as ECK1, wherein the information transmitted to the content server further comprises the second tag.
  - 9. The method of claim 8, further comprising:
    - the COD receiving from a second communication device, the first content item identifier and the second tag;
      
      the COD, in response to receiving the first content item identifier and the second tag, determining whether or not a user of the second communication device is authorized to obtain the first content item associated with the first content item identifier; and
      
      the COD, in response to determining that the user of the second communication device is authorized to obtain the first content item, transmitting to the communication device of the user, at least one of DK2 and CK1.

10. A content owner device (COD) for distributing content items to authorized users, the COD comprising a processor and a non-transitory computer readable medium (CRM), said CRM containing computer readable instructions executable by said processor, wherein said COD is operative to:
- obtain a first content item;
  
  obtain a first tag associated with the first content item;
  
  obtain a first content key (CK1) for said first content item;
  
  encrypt the first content item using CK1, thereby producing a first encrypted content item;
  
  use at least the first tag and a key derivation function to derive a first derived key (DK1);
  
  encrypt CK1 using DK1, thereby producing a first encrypted content key (ECK1);
  
  transmit information to a content server, the information comprising;
  
  the first encrypted content item and the first tag;
  
  receive from a communication device of a user, a first content item identifier identifying the first content item;
  
  in response to receiving the first content item identifier, determine whether or not the user is authorized to obtain the first content item identified by the first content item identifier; and
  
  in response to determining that the user is authorized to obtain the first content item, transmit to the communication device of the user, DK1 and/or CK1.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The COD of claim 10, wherein the COD is further operative to use at least the first tag, the key derivation function, and a master key to derive DK1, and wherein the first tag comprises a keyword associated with the first content item.
  - 12. The COD of claim 10, wherein the COD is further operative to:
    - in response to determining that the user is authorized to obtain the first content item, i) derive DK1 using at least a master key and the first tag and ii) transmit DK1 to the communication device of the user after deriving DK1.
  - 13. The COD of claim 10, wherein the COD is further operative to:
    - in response to determining that the user is authorized to obtain the first content item, i) retrieve ECK1, ii) decrypt ECK1 using DK1, thereby producing CK1, and iii) transmit to the communication device of the user, CK1.
  - 14. The COD of claim 13, wherein, after retrieving ECK1 but prior to decrypting ECK1 using DK1, the COD is operative to derive DK1 using at least a master key and the first tag.
  - 15. The COD of claim 10, wherein the COD is further operative to:
    - obtain a second tag associated with the first content item;
      
      derive a second derived key (DK2) using at least the first content item identifier, a master key, the second tag, and the key derivation function; and
      
      encrypt CK1 using DK2, thereby producing a second encrypted content key (ECK2), and wherein the information transmitted to the content server further comprises the second tag.
  - 16. The COD of claim 15, wherein the COD is further operative to:
    - receive from a second communication device, the first content item identifier and the second tag;
      
      determine whether or not a user of the second communication device is authorized to obtain the first content item associated with the first content item identifier, in response to receiving the first content item identifier and the second tag; and
      
      transmit to the communication device of the user, at least one of DK2 and CK1 in response to determining that the user of the second communication device is authorized to obtain the first content item.

17. A computer program product comprising a non-transitory computer readable medium storing computer readable instructions which, when run on a content owner device (COD), causes the COD to:
- obtain a first content item;
  
  obtain a first tag associated with the first content item;
  
  obtain a first content key (CK1) for said first content item;
  
  encrypt the first content item using CK1, thereby producing a first encrypted content item;
  
  use at least the first tag and a key derivation function to derive a first derived key (DK1);
  
  encrypt CK1 using DK1, thereby producing a first encrypted content key (ECK1); and
  
  transmit information to a content server, the information comprising;
  
  the first encrypted content item and the first tag, whereinthe computer readable instructions cause the COD to, in response to receiving from a communication device of a user a first content item identifier for identifying the first content item and a keyword, determine whether or not the user is authorized to obtain the first content item identified by the first content item identifier.

18. A content owner device (COD) for distributing content items to authorized users, the COD comprising:
- a transmitter;
  
  a memory; and
  
  a processor coupled to the memory and the transmitter, wherein the COD is configured to;
  
  obtain a first tag associated with a first content item;
  
  obtain a first content key (CK1) for said first content item;
  
  encrypt the first content item using CK1, thereby producing a first encrypted content item;
  
  use at least the first tag and a key derivation function to derive a first derived key (DK1);
  
  encrypt CK1 using DK1, thereby producing a first encrypted content key (ECK1);
  
  employ the transmitter to transmit information to a content server, the information comprising;
  
  the first encrypted content item and the first tag;
  
  in response to receiving from a communication device of a user, a first content item identifier for identifying the first content item and a keyword, determine whether or not the user is authorized to obtain the first content item identified by the first content item identifier; and
  
  in response to determining that the user is authorized to obtain the first content item, transmit to the communication device of the user, DK1 and/or CK1.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Arngren, Tommy, Naslund, Mats
Primary Examiner(s)
Harris, Christopher C

Application Number

US14/914,849
Publication Number

US 20160210443A1
Time in Patent Office

1,902 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/1012   to domains

G06F 21/1015   to users

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/10   for controlling access to d...

H04L 9/0822   using key encryption key

H04L 9/0861   Generation of secret inform...

Method, content owner device, computer program, and computer program product for distributing content items to authorized users

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method, content owner device, computer program, and computer program product for distributing content items to authorized users

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links