Methods and apparatus for secure distribution of program content

US 20030123670A1
Filed: 12/11/2002
Published: 07/03/2003
Est. Priority Date: 12/13/2001
Status: Active Grant

First Claim

Patent Images

1. An apparatus operable to receive an encrypted program, comprising:

a network interface operable to provide communication with a network such that (i) at least some identification information related to the apparatus may be transmitted over the network to an administrator, and (ii) an encrypted decryption key may be received over the network from the administrator in response to the at least some identification information;

a decryption device operable to decrypt the encrypted decryption key, to decrypt the encrypted program using the decryption key, and to re-encrypt the program using at least some of the identification information; and

a first storage device operable to store the identification information and the re-encrypted program.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus in accordance with the present invention are operable to carry out certain functions including: receiving an encrypted program at a processing apparatus; transmitting at least some identification information related to the processing apparatus over a network to an administrator; receiving an encrypted decryption key at the processing apparatus over the network from the administrator in response to the at least some identification information; decrypting the encrypted decryption key; decrypting the encrypted program using the decryption key; re-encrypting the program using at least some of the identification information; and storing the identification information and the re-encrypted program in a first storage device.

71 Citations

View as Search Results

88 Claims

1. An apparatus operable to receive an encrypted program, comprising:
- a network interface operable to provide communication with a network such that (i) at least some identification information related to the apparatus may be transmitted over the network to an administrator, and (ii) an encrypted decryption key may be received over the network from the administrator in response to the at least some identification information;
  
  a decryption device operable to decrypt the encrypted decryption key, to decrypt the encrypted program using the decryption key, and to re-encrypt the program using at least some of the identification information; and
  
  a first storage device operable to store the identification information and the re-encrypted program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The apparatus of claim 1, wherein:
    - the identification information includes a machine ID that is substantially unique to the apparatus; and
      
      the network interface is operable to facilitate transmission of the machine ID over the network to the administrator such that the encrypted decryption key may be received over the network from the administrator in response to the machine ID.
  - 3. The apparatus of claim 2, wherein the identification information includes a media ID that corresponds with a type of the first storage device.
  - 4. The apparatus of claim 2, wherein the network interface is further operable to facilitate the reception of an encrypted virtual ID over the network from the administrator, the virtual ID being associated with the machine ID.
  - 5. The apparatus of claim 4, wherein the decryption device is operable to decrypt the encrypted virtual ID using the machine ID, to decrypt the encrypted decryption key using the virtual ID, to decrypt the encrypted program using the decryption key, and to re-encrypt the program using the virtual ID.
  - 6. The apparatus of claim 5, wherein the first storage device is further operable to store the machine ID and the encrypted virtual ID.
  - 7. The apparatus of claim 6, wherein the decryption device is operable to decrypt the encrypted virtual ID using the machine ID, and to decrypt the re-encrypted program using the virtual ID such that the apparatus is capable of executing the program.
  - 8. The apparatus of claim 6, wherein the first storage device is removably connectable with the apparatus.
  - 9. The apparatus of claim 6, further comprising:
    - a second storage device containing the machine ID; and
      
      a processor operable to compare the machine ID stored in the first storage device with the machine ID contained in the second storage device, and to proscribe use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when they do not match.
  - 10. The apparatus of claim 9, wherein the processor is further operable to prompt a user of the apparatus to select a re-association routine when the machine ID stored in the first storage device does not match the machine ID contained in the second storage device.
  - 11. The apparatus of claim 9, wherein the network interface is further operable to facilitate:
    - the transmission of the machine ID contained in the second storage device, when it does do not match the machine ID stored in the first storage device, over the network to the administrator; and
      
      the reception of a new encrypted virtual ID over the network from the administrator, the virtual ID of the new encrypted virtual ID being associated with the machine ID contained in the second storage device.
  - 12. The apparatus of claim 11, wherein the first storage device is further operable to replace the encrypted virtual ID with the new encrypted virtual ID.
  - 13. The apparatus of claim 12, wherein the decryption device is operable to decrypt the new encrypted virtual ID using the machine ID contained in the second storage device, and to decrypt the re-encrypted program using the virtual ID such that the apparatus is capable of executing the program.
  - 14. The apparatus of claim 1, wherein the network interface is further operable to facilitate the reception of the encrypted program over the network from the administrator.
  - 15. The apparatus of claim 1, wherein the program is one of an application program and a system program.

16. An apparatus operable to receive an encrypted program, comprising:
- a storage medium interface operable to receive an encrypted first decryption key from a storage medium produced by an administrator;
  
  a network interface operable to provide communication with a network such that (i) at least some identification information related to the apparatus may be transmitted over the network to the administrator, and (ii) an encrypted second decryption key may be received over the network from the administrator in response to the at least some identification information;
  
  a decryption device operable to decrypt the encrypted second decryption key, to decrypt the encrypted first decryption key using the second decryption key, to decrypt the encrypted program using the first decryption key, and to re-encrypt the program using at least some of the identification information; and
  
  a first storage device operable to store the identification information and the re-encrypted program.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 17. The apparatus of claim 16, wherein:
    - the identification information includes a machine ID that is substantially unique to the apparatus; and
      
      the network interface is operable to facilitate transmission of the machine ID over the network to the administrator such that the encrypted second decryption key may be received over the network from the administrator in response to the machine ID.
  - 18. The apparatus of claim 17, wherein the identification information includes a media ID that corresponds with a type of the first storage device.
  - 19. The apparatus of claim 17, wherein the network interface is further operable to facilitate the reception of an encrypted virtual ID over the network from the administrator, the virtual ID being associated with the machine ID.
  - 20. The apparatus of claim 19, wherein the decryption device is operable to decrypt the encrypted virtual ID using the machine ID, to decrypt the encrypted second decryption key using the virtual ID, to decrypt the encrypted first decryption key using the second decryption key, to decrypt the encrypted program using the first decryption key, and to re-encrypt the program using the virtual ID.
  - 21. The apparatus of claim 20, wherein the first storage device is further operable to store the machine ID and the encrypted virtual ID.
  - 22. The apparatus of claim 21, wherein the decryption device is operable to decrypt the encrypted virtual ID using the machine ID, and to decrypt the re-encrypted program using the virtual ID such that the apparatus is capable of executing the program.
  - 23. The apparatus of claim 21, wherein the first storage device is removably connectable with the apparatus.
  - 24. The apparatus of claim 21, further comprising:
    - a second storage device containing the machine ID; and
      
      a processor operable to compare the machine ID stored in the first storage device with the machine ID contained in the second storage device, and to proscribe use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when they do not match.
  - 25. The apparatus of claim 24, wherein the processor is further operable to prompt a user of the apparatus to select a re-association routine when the machine ID stored in the first storage device does not match the machine ID contained in the second storage device.
  - 26. The apparatus of claim 24, wherein the network interface is further operable to facilitate:
    - the transmission of the machine ID contained in the second storage device, when it does not match the machine ID stored in the first storage device, over the network to the administrator; and
      
      the reception of a new encrypted virtual ID over the network from the administrator, the virtual ID of the new encrypted virtual ID being associated with the machine ID contained in the second storage device.
  - 27. The apparatus of claim 26, wherein the first storage device is further operable to replace the encrypted virtual ID with the new encrypted virtual ID.
  - 28. The apparatus of claim 27, wherein the decryption device is operable to decrypt the new encrypted virtual ID using the machine ID contained in the second storage device, and to decrypt the re-encrypted program using the virtual ID such that the apparatus is capable of executing the program.
  - 29. The apparatus of claim 16, wherein the network interface is further operable to facilitate the reception of the encrypted program over the network from the administrator.
  - 30. The apparatus of claim 16, wherein the program is one of an application program and a system program.

31. A method, comprising:
- receiving an encrypted program at a processing apparatus;
  
  transmitting at least some identification information related to the processing apparatus over a network to an administrator;
  
  receiving an encrypted decryption key at the processing apparatus over the network from the administrator in response to the at least some identification information;
  
  decrypting the encrypted decryption key;
  
  decrypting the encrypted program using the decryption key;
  
  re-encrypting the program using at least some of the identification information; and
  
  storing the identification information and the re-encrypted program in a first storage device.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 32. The method of claim 31, wherein:
    - the identification information includes a machine ID that is substantially unique to the processing apparatus; and
      
      the machine ID is transmitted over the network to the administrator such that the encrypted decryption key may be received over the network from the administrator in response to the machine ID.
  - 33. The method of claim 32, wherein the identification information includes a media ID that corresponds with a type of the first storage device.
  - 34. The method of claim 32, further comprising receiving an encrypted virtual ID at the processing apparatus over the network from the administrator, the virtual ID being associated with the machine ID.
  - 35. The method of claim 34, further comprising:
    - decrypting the encrypted virtual ID using the machine ID;
      
      decrypting the encrypted decryption key using the virtual ID;
      
      decrypting the encrypted program using the decryption key; and
      
      re-encrypting the program using the virtual ID.
  - 36. The method of claim 35, further comprising storing the machine ID and the encrypted virtual ID in the first storage device.
  - 37. The method of claim 36, further comprising:
    - decrypting the encrypted virtual ID using the machine ID, and decrypting the re-encrypted program using the virtual ID such that the processing apparatus is capable of executing the program.
  - 38. The method of claim 36, wherein the first storage device is removably connectable with the processing apparatus.
  - 39. The method of claim 36, wherein the processing apparatus includes a second storage device containing the machine ID, the method further comprising:
    - comparing the machine ID stored in the first storage device with the machine ID contained in the second storage device, and proscribing use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when they do not match.
  - 40. The method of claim 39, further comprising prompting a user of the processing apparatus to select a reassociation routine when the machine ID stored in the first storage device does not match the machine ID contained in the second storage device.
  - 41. The method of claim 39, further comprising:
    - transmitting the machine ID contained in the second storage device, when it does not match the machine ID stored in the first storage device, over the network to the administrator; and
      
      receiving a new encrypted virtual ID over the network from the administrator, the virtual ID of the new encrypted virtual ID being associated with the machine ID contained in the second storage device.
  - 42. The method of claim 41, further comprising:
    - replacing the encrypted virtual ID with the new encrypted virtual ID in the first storage device.
  - 43. The method of claim 42, further comprising:
    - decrypting the new encrypted virtual ID using the machine ID contained in the second storage device, and decrypting the re-encrypted program using the virtual ID such that the processing apparatus is capable of executing the program.
  - 44. The method of claim 31, further comprising receiving the encrypted program over the network from the administrator.
  - 45. The method of claim 31, wherein the program is one of an application program and a system program.

46. A method, comprising:
- receiving an encrypted program at a processing apparatus;
  
  receiving an encrypted first decryption key at the processing apparatus;
  
  transmitting at least some identification information related to the processing apparatus over a network to an administrator;
  
  receiving an encrypted second decryption key at the processing apparatus over the network from the administrator in response to the at least some identification information;
  
  decrypting the encrypted second decryption key;
  
  decrypting the encrypted first decryption key using the second decryption key;
  
  decrypting the encrypted program using the first decryption key;
  
  re-encrypting the program using at least some of the identification information; and
  
  storing the identification information and the re-encrypted program in a first storage device.
- View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
- - 47. The method of claim 46, wherein:
    - the identification information includes a machine ID that is substantially unique to the processing apparatus; and
      
      the machine ID is transmitted over the network to the administrator such that the encrypted decryption key may be received over the network from the administrator in response to the machine ID.
  - 48. The method of claim 47, wherein the identification information includes a media ID that corresponds with a type of the first storage device.
  - 49. The method of claim 47, further comprising receiving an encrypted virtual ID at the processing apparatus over the network from the administrator, the virtual ID being associated with the machine ID.
  - 50. The method of claim 49, further comprising:
    - decrypting the encrypted virtual ID using the machine ID;
      
      decrypting the encrypted second decryption key using the virtual ID;
      
      decrypting the encrypted first decryption key using the second decryption key;
      
      decrypting the encrypted program using the first decryption key; and
      
      re-encrypting the program using the virtual ID.
  - 51. The method of claim 50, further comprising storing the machine ID and the encrypted virtual ID in the first storage device.
  - 52. The method of claim 51, further comprising:
    - decrypting the encrypted virtual ID using the machine ID, and decrypting the re-encrypted program using the virtual ID such that the processing apparatus is capable of executing the program.
  - 53. The method of claim 51, wherein the first storage device is removably connectable with the processing apparatus.
  - 54. The method of claim 51, wherein the processing apparatus includes a second storage device containing the machine ID, the method further comprising:
    - comparing the machine ID stored in the first storage device with the machine ID contained in the second storage device, and proscribing use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when they do not match.
  - 55. The method of claim 54, further comprising prompting a user of the processing apparatus to select a re-association routine when the machine ID stored in the first storage device does not match the machine ID contained in the second storage device.
  - 56. The method of claim 54, further comprising:
    - transmitting the machine ID contained in the second storage device, when it does not match the machine ID stored in the first storage device, over the network to the administrator; and
      
      receiving a new encrypted virtual ID over the network from the administrator, the virtual ID of the new encrypted virtual ID being associated with the machine ID contained in the second storage device.
  - 57. The method of claim 56, further comprising:
    - replacing the encrypted virtual ID with the new encrypted virtual ID in the first storage device.
  - 58. The method of claim 57, further comprising:
    - decrypting the new encrypted virtual ID using the machine ID contained in the second storage device, and decrypting the re-encrypted program using the virtual ID such that the processing apparatus is capable of executing the program.
  - 59. The method of claim 46, further comprising receiving the encrypted program over the network from the administrator.
  - 60. The method of claim 46, wherein the program is one of an application program and a system program.

61. An apparatus, comprising:
- a network interface operable to provide communication with a network such that respective identification information, each being related to a respective processing apparatus, may be received over the network from the processing apparatus;
  
  a database operable to store respective registration information, each corresponding with a respective one of the processing apparatus and including the identification information thereof; and
  
  a data processor operable to search the database for registration information containing identification information matching any received identification information, wherein;
  
  the network interface is further operable to facilitate the transmission of an encrypted decryption key to the processing apparatus over the network in response to the received identification information, and the decryption key may be used to decrypt an encrypted program located at the processing apparatus.
- View Dependent Claims (62, 63, 64, 65, 66, 67)
- - 62. The apparatus of claim 61, wherein:
    - the identification information includes a machine ID that is substantially unique to the corresponding processing apparatus; and
      
      the data processor is operable to produce the encrypted decryption key in response to the machine ID.
  - 63. The apparatus of claim 62, wherein the identification information includes a media ID that corresponds with a type of first storage device employed by the processing apparatus to store the encrypted program.
  - 64. The apparatus of claim 63, wherein:
    - the data processor is further operable to produce a virtual ID as a function of the machine ID such that the virtual ID is associated with the machine ID, to encrypt the decryption key using the virtual ID, and to encrypt the virtual ID using the machine ID; and
      
      the network interface is further operable to facilitate the transmission of the encrypted virtual ID over the network to the processing apparatus.
  - 65. The apparatus of claim 64, wherein:
    - the processing apparatus includes a second storage device containing the machine ID;
      
      the processing apparatus is operable to request an identification re-assignment when the machine ID stored in the first storage device does not match with the machine ID contained in the second storage device;
      
      the network interface is further operable to receive the machine ID (an old machine ID) stored in the first storage device and the machine ID (a new machine ID) contained in the second storage device of the processing apparatus over the network;
      
      the data processor is further operable to (i) search the database for registration information containing the old machine ID, (ii) obtain the virtual ID of that registration information associated with the old machine ID, (iii) associate the virtual ID with the new machine ID, and (iv) encrypt the virtual ID using the new machine ID; and
      
      the network interface is further operable to facilitate the transmission of the new encrypted virtual ID over the network to the processing apparatus.
  - 66. The apparatus of claim 61, wherein the network interface is further operable to facilitate the transmission of the encrypted program over the network to the processing apparatus.
  - 67. The apparatus of claim 61, wherein the program is one of an application program and a system program.

68. A method, comprising:
- receiving respective identification information, each being related to a respective processing apparatus, over a network from the processing apparatus;
  
  storing in a database respective registration information, each corresponding with a respective one of the processing apparatus and including the identification information thereof;
  
  searching the database for registration information containing identification information matching any received identification information;
  
  transmitting an encrypted decryption key over the network to the processing apparatus in response to the received identification information, where the decryption key may be used to decrypt an encrypted program located at the processing apparatus.
- View Dependent Claims (69, 70, 71, 72, 73, 74)
- - 69. The method of claim 68, wherein:
    - the identification information includes a machine ID that is substantially unique to the corresponding processing apparatus; and
      
      the encrypted decryption key is produced and transmitted in response to the machine ID.
  - 70. The method of claim 69, wherein the identification information includes a media ID that corresponds with a type of first storage device employed by the processing method to store the encrypted program.
  - 71. The method of claim 70, further comprising:
    - producing a virtual ID as a function of the machine ID such that the virtual ID is associated with the machine ID;
      
      encrypting the decryption key using the virtual ID;
      
      encrypting the virtual ID using the machine ID; and
      
      transmitting the encrypted decryption key and the encrypted virtual ID over the network to the processing apparatus.
  - 72. The method of claim 71, wherein the processing apparatus includes a second storage device containing the machine ID (a new machine ID), and the processing apparatus is operable to request an identification re-assignment when the machine ID (an old machine ID) stored in the first storage device does not match with the new machine ID, the method further comprising:
    - receiving the old machine ID and the new machine ID;
      
      searching the database for registration information containing the old machine ID;
      
      obtaining the virtual ID of the registration information that is associated with the old machine ID;
      
      associating the virtual ID with the new machine ID;
      
      encrypting the virtual ID using the new machine ID; and
      
      transmitting the new encrypted virtual ID to the processing apparatus.
  - 73. The method of claim 68, further comprising transmitting the encrypted program over the network to the processing apparatus.
  - 74. The method of claim 68, wherein the program is one of an application program and a system program.

75. An apparatus, comprising:
- a network interface operable to provide communication with a network such that respective identification information, each being related to a respective processing apparatus, may be received over the network from the processing apparatus;
  
  a database operable to store respective registration information, each corresponding with a respective one of the processing apparatus and including the identification information thereof; and
  
  a data processor operable to search the database for registration information containing identification information matching any received identification information, wherein;
  
  the network interface is further operable to facilitate the transmission of an encrypted second decryption key to the processing apparatus over the network in response to the received identification information, and the second decryption key may be used to decrypt an encrypted first decryption key, which may be used to decrypt an encrypted program located at the processing apparatus.
- View Dependent Claims (76, 77, 78, 79, 80, 81)
- - 76. The apparatus of claim 75, wherein:
    - the identification information includes a machine ID that is substantially unique to the corresponding processing apparatus; and
      
      the data processor is operable to produce the encrypted second decryption key in response to the machine ID.
  - 77. The apparatus of claim 76, wherein the identification information includes a media ID that corresponds with a type of first storage device employed by the processing apparatus to store the encrypted program.
  - 78. The apparatus of claim 77, wherein:
    - the data processor is further operable to produce a virtual ID as a function of the machine ID such that the virtual ID is associated with the machine ID, to encrypt the second decryption key using the virtual ID, and to encrypt the virtual ID using the machine ID; and
      
      the network interface is further operable to facilitate the transmission of the encrypted virtual ID over the network to the processing apparatus.
  - 79. The apparatus of claim 78, wherein:
    - the processing apparatus includes a second storage device containing the machine ID (a new machine ID);
      
      the processing apparatus is operable to request an identification re-assignment when the machine ID (an old machine ID) stored in the first storage device does not match with the new machine ID;
      
      the network interface is further operable to receive the old machine ID and the new machine ID;
      
      the data processor is further operable to (i) search the database for registration information containing the old machine ID, (ii) obtain the virtual ID associated with the old machine ID of the registration information, (iii) associate the virtual ID with the new machine ID, and (iv) encrypt the virtual ID using the new machine ID; and
      
      the network interface is further operable to facilitate the transmission of the new encrypted virtual ID over the network to the processing apparatus.
  - 80. The apparatus of claim 75, wherein the network interface is further operable to facilitate the transmission of the encrypted program over the network to the processing apparatus.
  - 81. The apparatus of claim 75, wherein the program is one of an application program and a system program.

82. A method, comprising:
- receiving respective identification information, each being related to a respective processing apparatus, over a network from the processing apparatus;
  
  storing in a database respective registration information, each corresponding with a respective one of the processing apparatus and including the identification information thereof;
  
  searching the database for registration information containing identification information matching any received identification information;
  
  transmitting an encrypted second decryption key over the network to the processing apparatus in response to the received identification information, where the second decryption key may be used to decrypt and encrypted first decryption key, which may be used to decrypt an encrypted program located at the processing apparatus.
- View Dependent Claims (83, 84, 85, 86, 87, 88)
- - 83. The method of claim 82, wherein:
    - the identification information includes a machine ID that is substantially unique to the corresponding processing apparatus; and
      
      the encrypted second decryption key is produced and transmitted in response to the machine ID.
  - 84. The method of claim 83, wherein the identification information includes a media ID that corresponds with a type of first storage device employed by the processing method to store the encrypted program.
  - 85. The method of claim 84, further comprising:
    - producing a virtual ID as a function of the machine ID such that the virtual ID is associated with the machine ID;
      
      encrypting the second decryption key using the virtual ID;
      
      encrypting the virtual ID using the machine ID; and
      
      transmitting the encrypted second decryption key and the encrypted virtual ID over the network to the processing apparatus.
  - 86. The method of claim 85, wherein the processing apparatus includes a second storage device containing the machine ID (a new machine ID), and the processing apparatus is operable to request an identification re-assignment when the machine ID (an old machine ID) stored in the first storage device does not match with the new machine ID, the method further comprising:
    - receiving the old machine ID and the new machine ID;
      
      searching the database for registration information containing the old machine ID;
      
      obtaining the virtual ID of the registration information that is associated with the old machine ID;
      
      associating the virtual ID with the new machine ID;
      
      encrypting the virtual ID using the new machine ID; and
      
      transmitting the new encrypted virtual ID to the processing apparatus.
  - 87. The method of claim 82, further comprising transmitting the encrypted program over the network to the processing apparatus.
  - 88. The method of claim 82, wherein the program is one of an application program and a system program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Computer Entertainment Incorporated (Sony Group Corp.)
Original Assignee
Sony Computer Entertainment Incorporated (Sony Group Corp.)
Inventors
Shimada, Muneki, Kanee, Kazuhiro, Okada, Toyoshi, Kimoto, Yousuke, Komaki, Kenjiro

Granted Patent

US 7,469,345 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/281
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/121   Restricting unauthorised ex...

G06F 21/6218   to a system of files or obj...

G06F 2221/2137   Time limited access, e.g. t...

Methods and apparatus for secure distribution of program content

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

88 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for secure distribution of program content

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

88 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links