Enforcing authorized domains with domain membership vouchers

US 20050102513A1
Filed: 11/10/2003
Published: 05/12/2005
Est. Priority Date: 11/10/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method of establishing an authorized domain, the method comprising:

(a) receiving a domain establishment request from a remote device, the request including a public key of the remote device;

ad (b) sending to the remote device a domain identifier and a domain key encrypted with the public key, wherein the domain key is adapted to decrypt a content key that encrypts content authorized for consumption within the authorized domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Domain membership vouchers are transmitted to devices in response to domain membership requests and domain joining requests. These vouchers include domain identifiers and domain keys encrypted with the public keys of the requesting devices. Once received, the domain membership vouchers establish the devices as members of authorized domains. Such authorized domains allow the sharing of protected content among devices within a particular authorized domain.

195 Citations

36 Claims

1. A method of establishing an authorized domain, the method comprising:
- (a) receiving a domain establishment request from a remote device, the request including a public key of the remote device;
  
  ad (b) sending to the remote device a domain identifier and a domain key encrypted with the public key, wherein the domain key is adapted to decrypt a content key that encrypts content authorized for consumption within the authorized domain.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein step (b) comprises sending the domain identifier and the domain key in a voucher.
  - 3. The method of claim 2, wherein the voucher includes a domain membership expiration time.
  - 4. The method of claim 2, wherein the voucher includes a geographical constraint specifying a region in which content is available.
  - 5. The method of claim 1, wherein the request includes a certificate indicating that the public key belongs to a trusted device.
  - 6. The method of claim 5, further comprising determining whether the certificate is valid.

7. A method of adding a remote device to an authorized domain, the method comprising:
- (a) receiving a domain joining request including a domain identifier and a public key of the remote device; and
  
  (b) sending to the remote device a domain key encrypted with the public key, wherein the domain key is adapted to decrypt a content key that encrypts content authorized for consumption within the authorized domain.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein step (a) comprises receiving the domain joining request from the remote device.
  - 9. The method of claim 7, wherein step (a) comprises receiving the domain joining request from a second remote device currently belonging to an authorized domain specified by the domain identifier.
  - 10. The method of claim 7, wherein step (b) comprises sending the domain key in a voucher.
  - 11. The method of claim 10, wherein the voucher includes a domain membership expiration time.
  - 12. The method of claim 10, wherein the voucher includes a geographical constraint specifying a region in which content is available.
  - 13. The method of claim 7, wherein the request includes a certificate indicating that the public key belongs to a trusted device.

14. A system for establishing an authorized domain, the system comprising:
- means for receiving a domain establishment request from a remote device, the request including a public key of the remote device; and
  
  means for sending to the remote device a domain identifier and a domain key encrypted with the public key, wherein the domain key is adapted to decrypt a content key that encrypts content authorized for consumption within the authorized domain.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The system of claim 14, wherein means for sending comprises means for sending the domain identifier and the domain key in a voucher.
  - 16. The system of claim 15, wherein the voucher includes a domain membership expiration time.
  - 17. The system of claim 15, wherein the voucher includes a geographical constraint specifying a region in which content is available.
  - 18. The system of claim 14, wherein the request includes a certificate indicating that the public key belongs to a trusted device.
  - 19. The system of claim 18, further comprising means for determining whether the certificate is valid.

20. A system for adding a remote device to an authorized domain, the system comprising:
- means for receiving a domain joining request including a domain identifier and a public key of the remote device; and
  
  means for sending to the remote device a domain key encrypted with the public key, wherein the domain key is adapted to decrypt a content key that encrypts content authorized for consumption within the authorized domain.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The system of claim 20, wherein said means for receiving comprises means for receiving the domain joining request from the remote device.
  - 22. The system of claim 20, wherein said means for receiving comprises means for receiving the domain joining request from a second remote device currently belonging to an authorized domain specified by the domain identifier.
  - 23. The system of claim 20, wherein said means for sending comprises sending the domain key in a voucher.
  - 24. The system of claim 23, wherein the voucher includes a domain membership expiration time.
  - 25. The system of claim 23, wherein the voucher includes a geographical constraint specifying a region in which content is available.
  - 26. The system of claim 20, wherein the request includes a certificate indicating that the public key belongs to a trusted device.

27. A system, comprising:
- a first module adapted to assign a domain identifier and a domain encryption key for an authorized domain, wherein the domain encryption key is adapted to encrypt keys for encrypting content authorized for consumption within the authorized domain; and
  
  a second module adapted to generate a domain membership voucher, the domain membership voucher including the domain key encrypted with the public key of the remote device and the domain identifier.
- View Dependent Claims (28, 29, 30, 34, 35)
- - 28. The system of claim 27, wherein the second module is adapted to generate the domain membership voucher in response to a domain membership request received from the remote device, the domain membership request including the public key of the remote device.
  - 29. The system of claim 27, wherein the second module is adapted to generate the domain membership voucher in response to a domain joining request, the domain joining request including the public key of the remote device.
  - 30. The system of claim 27, further comprising:
    - a content database adapted to store a content item; and
      
      a module adapted to transmit to a device within an authorized domain a content key encrypted with the domain key and the content item encrypted with the content key.
  - 34. The method of claim 29, wherein step (a) comprises sending the domain joining request to the server.
  - 35. The method of claim 29, wherein step (a) comprises sending the domain joining request to a remote communications device currently in the authorized domain.

31. A method of establishing an authorized domain in a communications device, the method comprising:
- (a) sending a domain establishment request to a server, the request including a public key of the communications device; and
  
  (b) receiving from the server a domain identifier and a domain key encrypted with the public key, wherein the domain key is adapted to decrypt a content key that encrypts content authorized for consumption within the authorized domain.

32. A system for establishing an authorized domain in a communications device, the system comprising:
- means for sending a domain establishment request to a server, the request including a public key of the communications device; and
  
  means for receiving from the server a domain identifier and a domain key encrypted with the public key, wherein the domain key is adapted to decrypt a content key that encrypts content authorized for consumption within the authorized domain.

33. A method of adding a communications device to an authorized domain, the method comprising:
- (a) sending a domain joining request including a domain identifier and a public key of the communications device; and
  
  (b) receiving from a server a domain key encrypted with the public key, wherein the domain key is adapted to decrypt content authorized for consumption within the authorized domain.

36. A system for adding a communications device to an authorized domain, the system comprising:
- means for sending a domain joining request including a domain identifier and a public key of the communications device; and
  
  means for receiving from a server a domain key encrypted with the public key, wherein the domain key is adapted to decrypt a content key that encrypts content authorized for consumption within the authorized domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Alve, Jukka

Application Number

US10/703,454
Publication Number

US 20050102513A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3268   using certificate validatio...

H04N 21/2541   Rights Management protectin...

H04N 21/4627   Rights management associate...

H04N 21/63775   for uploading keys, e.g. fo...

H04N 7/162   Authorising the user termin...

H04N 7/1675   Providing digital key or au...

Enforcing authorized domains with domain membership vouchers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

195 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Enforcing authorized domains with domain membership vouchers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

195 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links