System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage state
First Claim
1. A method of protecting content comprising:
- receiving content at a device;
encrypting the content with a content key;
encrypting the content key with a domain key; and
storing the encrypted content key and the encrypted content.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method is disclosed for allowing content providers to protect against widespread copying of their content, while enabling them to give their customers more freedom in the way they use the content. In accordance with one embodiment, content providers identify their content as protected by watermarking the content. Consumers use compliant devices to access protected content. All of a user'"'"'s compliant devices, or all of a family'"'"'s devices, can be organized into an authorized domain. This authorized domain is used by content providers to create a logical boundary in which they can allow users increased freedom to use their content.
274 Citations
122 Claims
-
1. A method of protecting content comprising:
-
receiving content at a device;
encrypting the content with a content key;
encrypting the content key with a domain key; and
storing the encrypted content key and the encrypted content.
-
-
2. A method of protecting content comprising:
-
receiving content at a device;
encrypting the content with a content key;
encrypting the content key with a domain key; and
storing a voucher associated with the content;
wherein the voucher includes the encrypted content key and a usage state record. - View Dependent Claims (3, 4)
-
-
5. A method of protecting content comprising:
-
receiving content at a device;
receiving a usage state record associated with the content;
receiving a domain traversal flag associated with the content;
encrypting the content with a content key;
encrypting the content key with a device key if the usage state record indicates that usage is not unrestricted;
encrypting the content key with a domain key if the domain traversal flag indicates that domain traversal is forbidden; and
storing a voucher associated with the content;
wherein the voucher contains the encrypted content key, the usage state record, and the domain traversal flag. - View Dependent Claims (6)
-
-
7. A method of moving protected content within an authorized domain comprising:
-
transmitting encrypted content and a voucher associated with said encrypted content from a first device in the authorized domain to a second device in the authorized domain;
the voucher including an encrypted content key and a usage state record;
at the first device rendering any vouchers associated with said encrypted content unusable. - View Dependent Claims (8, 9, 10)
-
-
11. A method for moving protected content from a first device in one authorized domain to a target device in a different authorized domain comprising:
-
checking a voucher associated with a piece of content;
the voucher including an encrypted content key, a usage state record and a domain traversal flag;
if the usage state record allows moving, decrypting the encrypted content key with a device key; and
encrypting the decrypted content key with the public key of the target device;
replacing the original encrypted content key with the re-encrypted content key in the voucher;
transmitting encrypted content and the amended voucher to the target device; and
at the first device rendering any vouchers associated with the content unusable. - View Dependent Claims (12, 13)
-
-
14. A method of copying protected content within an authorized domain to a target device within said authorized domain comprising:
-
at a first device within the authorized domain, checking a usage state record contained in a voucher associated with a piece of encrypted content;
the voucher including a usage state record, and an encrypted content key;
if the usage state record is not unrestricted and allows copying;
decrypting the encrypted content key with a device key;
re-encrypting the decrypted content key with a public key of the target device;
updating the usage state record; and
storing the re-encrypted content key and the updated usage state record in a re-targeted voucher; and
sending the encrypted content and the re-targeted voucher to the target device. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method for copying protected content from a device in a first authorized domain to a target device in a second authorized domain comprising:
-
in a first device within the first authorized domain, checking a usage state record contained in a voucher associated with a piece of encrypted content, wherein the voucher also includes an encrypted content key;
if the usage state record or a domain traversal flag in said voucher indicates that inter-domain copying is allowed, decrypting the encrypted content key with a device key;
re-encrypting the decrypted content key with a public key from the target device;
updating the usage state;
storing the updated usage state and the re-encrypted content key in a re-targeted voucher; and
transmitting encrypted content and the re-targeted voucher to the target device. - View Dependent Claims (20, 21, 22)
-
-
23. A method of identifying protected content while maintaining backwards compatibility comprising:
-
receiving content;
checking if content is watermarked;
encrypting the content with a content key if the content is watermarked. - View Dependent Claims (24, 25, 26, 27)
-
-
28. A method of using protected content comprising:
-
decrypting an encrypted content key with a domain key;
decrypting an associated piece of content with the decrypted content key; and
rendering the decrypted content. - View Dependent Claims (29)
-
-
30. A method of protecting content comprising:
-
receiving content at a device;
receiving a content key seed at the device;
creating a content key by operating on the content key seed with a domain key;
encrypting the content with the content key;
encrypting the content key with the domain key; and
storing the encrypted content key and the encrypted content. - View Dependent Claims (31, 32, 33)
-
-
34. A method of creating a content key comprising:
operating on a content key seed with a domain key;
- View Dependent Claims (35, 36)
-
37. A method for registering an authorized device in an authorized domain comprising:
-
transmitting information about the unregistered authorized device and the authorized domain to a trust management provider;
receiving certification from the trust management provider to add said authorized device to the authorized domain as a registered device. - View Dependent Claims (38, 39)
-
-
40. A method of certifying the transfer of content out of an authorized device comprising:
-
receiving a request to transfer content from a first authorized device to a second authorized device;
contacting a trust management provider to verify the protection employed at the second authorized device;
if trust management provides authorization, transferring content. - View Dependent Claims (41)
-
-
42. A method of providing payment in a superdistribution system comprising:
-
transferring content from a first device to a second device;
the second device contacting a trust management provider to purchase usage rights for the content;
the trust management provider distributing proceeds from the purchase. - View Dependent Claims (43, 44, 45, 46)
-
-
47. A method of checking the integrity of a voucher comprising:
-
receiving the voucher at a first device from a second device;
computing a cryptographic hashing function over at least part of the voucher;
decrypting an encrypted hash value stored in the voucher with a public key of the second device;
comparing the computed hash value with the stored hash value. - View Dependent Claims (48, 49)
-
-
50. An article manufacture comprising:
a computer readable medium comprising instructions for;
receiving content at a device;
encrypting the content with a content key;
encrypting the content key with a domain key; and
storing the encrypted content key and the encrypted content.
-
51. An article of manufacture comprising:
a computer readable medium comprising instructions for;
receiving content at a device;
encrypting the content with a content key;
encrypting the content key with a domain key; and
storing a voucher associated with the content;
wherein the voucher includes the encrypted content key and a usage state record. - View Dependent Claims (52)
-
53. An article of manufacture comprising:
a computer readable medium comprising instructions for;
receiving content at a device;
receiving a usage state record associated with the content;
receiving a domain traversal flag associated with the content;
encrypting the content with a content key;
encrypting the content key with a device key if the usage state record indicates that usage is not unrestricted;
encrypting the content key with a domain key if the domain traversal flag indicates that domain traversal is forbidden; and
storing a voucher associated with the content;
wherein the voucher contains the encrypted content key, the usage state record, and the domain traversal flag. - View Dependent Claims (54)
-
55. An article of manufacture comprising:
a computer readable medium comprising instructions for;
transmitting encrypted content and a voucher associated with said encrypted content from a first device in an authorized domain to a second device in the authorized domain;
the voucher including an encrypted content key and a usage state record;
at the first device rendering any vouchers associated with said encrypted content unusable. - View Dependent Claims (56)
-
57. An article of manufacture comprising:
a computer readable medium comprising instructions for;
on a first device checking a voucher associated with a piece of content;
the voucher including an encrypted content key, a usage state record and a domain traversal flag;
if the usage state record allows moving, decrypting the encrypted content key with a device key; and
encrypting the decrypted content key with the public key of a target device;
replacing the original encrypted content key with the re-encrypted content key in the voucher;
transmitting encrypted content and the amended voucher to the target device; and
rendering any remaining vouchers associated with the content unusable. - View Dependent Claims (58)
-
59. An article of manufacture comprising:
a computer readable medium comprising instructions for;
checking a usage state record contained in a voucher associated with a piece of encrypted content;
the voucher including a usage state record, and an encrypted content key;
if the usage state record is not unrestricted and allows copying;
decrypting the encrypted content key with a device key;
re-encrypting the decrypted content key with a public key of a target device;
updating the usage state record; and
storing the re-encrypted content key and the updated usage state record in a re-targeted voucher; and
sending the encrypted content and the re-targeted voucher to the target device. - View Dependent Claims (60, 61)
-
62. An article of manufacture comprising:
a computer readable medium comprising instructions for;
checking a usage state record contained in a voucher associated with a piece of encrypted content, wherein the voucher also includes an encrypted content key;
if the usage state record or a domain traversal flag in said voucher indicates that inter-domain copying is allowed, decrypting the encrypted content key with a device key;
re-encrypting the decrypted content key with a public key from a target device;
updating the usage state;
storing the updated usage state and the re-encrypted content key in a re-targeted voucher; and
transmitting encrypted content and the re-targeted voucher to the target device. - View Dependent Claims (63, 64, 65)
-
66. An article of manufacture comprising:
a computer readable medium comprising instructions for;
receiving content;
checking if content is watermarked;
encrypting the content with a content key if the content is watermarked. - View Dependent Claims (67, 69, 70)
-
68. The article of manufacture of 67 wherein the usage information includes a usage state record and a domain traversal flag.
-
71. An article of manufacture comprising:
a computer readable medium comprising instructions for;
decrypting an encrypted content key with a domain key;
decrypting an associated piece of content with the decrypted content key; and
rendering the decrypted content. - View Dependent Claims (72)
-
73. An article of manufacture comprising:
a computer readable medium comprising instructions for;
receiving content at a device;
receiving a content key seed at the device;
creating a content key by operating on the content key seed with a domain key;
encrypting the content with the content key;
encrypting the content key with the domain key; and
storing the encrypted content key and the encrypted content. - View Dependent Claims (74, 75, 76)
-
77. An article of manufacture comprising:
a computer readable medium comprising instructions for;
operating on a content key seed with a domain key;
- View Dependent Claims (78, 79)
-
80. An article of manufacture comprising:
a computer readable medium comprising instructions for;
receiving information about an unregistered authorized device and an authorized domain;
transmitting certification from to add said authorized device to the authorized domain as a registered device. - View Dependent Claims (81)
-
82. An article of manufacture comprising:
a computer readable medium comprising instructions for;
receiving a request to transfer content from a first authorized device to a second authorized device;
contacting a trust management provider to verify the protection employed at the second authorized device;
if trust management provides authorization, transferring content.
-
83. An article of manufacture comprising:
a computer readable medium comprising instructions for;
receiving requests to purchase usage rights for a piece of content;
distributing proceeds from the purchase. - View Dependent Claims (84, 85, 86)
-
87. An article of manufacture comprising:
a computer readable medium comprising instructions for;
receiving a voucher from a second device;
computing a cryptographic hashing function over at least part of the voucher;
decrypting an encrypted hash value stored in the voucher with a public key of the second device;
comparing the computed hash value with the stored hash value. - View Dependent Claims (88, 89)
-
90. An apparatus capable of protecting content comprising:
-
means for receiving content at said appartus;
means for encrypting the content with a content key;
means for encrypting the content key with a domain key; and
means for storing the encrypted content key and the encrypted content.
-
-
91. An apparatus capable of protecting content comprising:
-
means for receiving content at said appartus;
means for encrypting the content with a content key;
means for encrypting the content key with a domain key; and
means for storing a voucher associated with the content;
wherein the voucher includes the encrypted content key and a usage state record. - View Dependent Claims (92)
-
-
93. An apparatus for protecting content comprising:
-
means for receiving content at said apparatus;
means for receiving a usage state record associated with the content;
means for receiving a domain traversal flag associated with the content;
means for encrypting the content with a content key;
means for encrypting the content key with a device key if the usage state record indicates that usage is not unrestricted;
means for encrypting the content key with a domain key if the domain traversal flag indicates that domain traversal is forbidden; and
means for storing a voucher associated with the content;
wherein the voucher contains the encrypted content key, the usage state record, and the domain traversal flag. - View Dependent Claims (94)
-
-
95. An apparatus capable of moving protected content within an authorized domain comprising:
-
means for transmitting encrypted content and a voucher associated with said encrypted content from said apparatus to a second device in the authorized domain;
the voucher including an encrypted content key and a usage state record;
means for rendering any vouchers associated with said encrypted content unusable. - View Dependent Claims (96)
-
-
97. An apparatus capable of moving protected content to a target device in a different authorized domain comprising:
-
means for checking a voucher associated with a piece of content;
the voucher including an encrypted content key, a usage state record and a domain traversal flag;
means for decrypting the encrypted content key with a device key;
means for encrypting the decrypted content key with the public key of the target device;
means for replacing the original encrypted content key with the re-encrypted content key;
means for transmitting encrypted content and the amended voucher to the target device; and
means for rendering any vouchers associated with the content unusable. - View Dependent Claims (98)
-
-
99. An apparatus for copying protected content within an authorized domain to a target device within said authorized domain comprising:
-
means for checking a usage state record contained in a voucher associated with a piece of encrypted content;
the voucher including a usage state record, and an encrypted content key;
means for decrypting the encrypted content key with a device key;
means for re-encrypting the decrypted content key with a public key of the target device;
means for updating the usage state record;
means for storing the re-encrypted content key and the updated usage state record in re-targeted voucher; and
means for sending the encrypted content and the re-targeted voucher to the target device. - View Dependent Claims (100, 101)
-
-
102. An apparatus capable of copying protected content to a target device in a second authorized domain comprising:
-
means for checking a usage state record contained in a voucher associated with a piece of encrypted content, wherein the voucher also includes an encrypted content key;
means for decrypting the encrypted content key with a device key;
means for re-encrypting the decrypted content key with a public key from the target device;
means for updating the usage state;
means for storing the updated usage state and the re-encrypted content key in a re-targeted voucher; and
means for transmitting encrypted content and the re-targeted voucher to the target device. - View Dependent Claims (103, 104, 105)
-
-
106. An apparatus capable of identifying protected content while maintaining backwards compatibility comprising:
-
means for receiving content;
means for checking if content is watermarked;
means for encrypting the content with a content key if the content is watermarked. - View Dependent Claims (107, 108, 109, 110)
-
-
111. An apparatus for using protected content comprising:
-
means for decrypting an encrypted content key with a domain key;
means for decrypting an associated piece of content with the decrypted content key; and
means for rendering the decrypted content. - View Dependent Claims (112)
-
-
113. An apparatus for protecting content comprising:
-
means for receiving content at said apparatus;
means for receiving a content key seed at the apparatus;
means for creating a content key by operating on the content key seed with a domain key;
means for encrypting the content with the content key;
means for encrypting the content key with the domain key; and
means for storing the encrypted content key and the encrypted content. - View Dependent Claims (114, 115, 116)
-
-
117. An apparatus for creating a content key comprising:
-
means for operating on a content key seed with a domain key;
means for receiving a content ID and a domain ID;
means for using the content ID to determine the content key seed;
means using the domain ID to determine the domain key. - View Dependent Claims (118)
-
-
119. An apparatus capable of registering an authorized device in an authorized domain comprising:
-
means for receiving information about the unregistered authorized device and the authorized domain to a trust management provider;
means for transmitting certification from the trust management provider to add said authorized device to the authorized domain as a registered device.
-
-
120. An apparatus capable of checking the integrity of a voucher comprising:
-
means for receiving a voucher from a second device;
means for computing a cryptographic hashing function over at least part of the voucher;
means for decrypting an encrypted hash value stored in the voucher with a public key of the second device;
means for comparing the computed hash value with the stored hash value. - View Dependent Claims (121, 122)
-
Specification