Encryption and data-protection for content on portable medium

US 20050114689A1
Filed: 09/20/2004
Published: 05/26/2005
Est. Priority Date: 10/23/2003
Status: Active Grant

First Claim

Patent Images

1. A method for encrypting content with copy protection for storage on a destination computer-readable medium, said method comprising:

generating a medium key to be associated with a destination computer-readable medium;

encrypting the generated medium key with one or more public keys, each of the public keys corresponding to an end user device;

encrypting the content with a content key;

encrypting the content key with the medium key;

defining a medium identifier associated with the destination computer-readable medium and associating the defined medium identifier with the encrypted content; and

storing the encrypted content, encrypted content key, encrypted medium keys, and associated medium identifier to the destination computer-readable medium, wherein comparing the defined medium identifier with the medium identifier associated with the encrypted content prior to rendering the content provides copy protection for the content.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A source generates a medium key (KM) and a media secret table including a plurality of entries, each entry including (KM) encrypted by a public key (PU-PD) of a plurality of devices, obtains the medium ID of a medium therefrom, generates a content key (KD) for a piece of content, encrypts the content with (KD) to result in (KD(content)), encrypts (KD) with (KM) to result in (KM(KD)), generates a package for the content including (KD(content)), (KM(KD)), the medium ID, and a signature based on at least the medium ID and verifiable with (KM), and copies the generated package and the media secret table to the medium. Thus, a device with the medium and a private key (PR-PD) corresponding to an entry of the media secret table can access and render the content.

121 Citations

View as Search Results

35 Claims

1. A method for encrypting content with copy protection for storage on a destination computer-readable medium, said method comprising:
- generating a medium key to be associated with a destination computer-readable medium;
  
  encrypting the generated medium key with one or more public keys, each of the public keys corresponding to an end user device;
  
  encrypting the content with a content key;
  
  encrypting the content key with the medium key;
  
  defining a medium identifier associated with the destination computer-readable medium and associating the defined medium identifier with the encrypted content; and
  
  storing the encrypted content, encrypted content key, encrypted medium keys, and associated medium identifier to the destination computer-readable medium, wherein comparing the defined medium identifier with the medium identifier associated with the encrypted content prior to rendering the content provides copy protection for the content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising receiving the plurality of public keys via a network from a licensing organization.
  - 3. The method of claim 1, further comprising receiving the content from a content provider.
  - 4. The method of claim 1, wherein generating the medium key comprises generating a random number.
  - 5. The method of claim 1, further comprising creating a media secret table for the content, said media secret table including the encrypted medium keys.
  - 6. The method of claim 5, further comprising generating a media secret table identifier and storing the generated media secret table identifier on the destination computer-readable medium, said generated media secret table identifier being associated with the content.
  - 7. The method of claim 5, further comprising storing the media secret table in a cache, and further comprising obtaining the media secret table from the cache when performing the method of claim 5 for other content.
  - 8. The method of claim 1, further comprising generating the content key.
  - 9. The method of claim 1, wherein defining the medium identifier comprises obtaining the medium identifier from the destination computer-readable medium.
  - 10. The method of claim 1, further comprising:
    - generating a message authentication code (MAC) as a function of the generated medium key; and
      
      storing the generated MAC on the destination computer-readable medium.
  - 11. The method of claim 1, further comprising:
    - generating a digital signature as a function of the medium key; and
      
      storing the generated digital signature on the destination computer-readable medium.
  - 12. The method of claim 1, further comprising receiving a request to render the content on the medium.
  - 13. The method of claim 1, wherein one or more computer-readable media have computer-executable instructions for performing the method recited in claim 1.

14. A method for decrypting copy protected content stored on a computer-readable medium for rendering by an end user device, said computer-readable medium storing a package including encrypted content, an encrypted content key, one or more medium keys each being encrypted by a public key associated with one of a plurality of end user devices, and a medium identifier, said end user device having a private key associated therewith, said method comprising:
- calculating a medium key for the end user device from the encrypted medium keys as a function of the private key;
  
  defining a medium identifier for the computer-readable medium;
  
  comparing the defined medium identifier with the medium identifier stored in the package; and
  
  if the defined medium identifier corresponds to the medium identifier stored in the package as a function of said comparing, decrypting the encrypted content key with the calculated medium key and decrypting the encrypted content with the decrypted content key.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The method of claim 14, wherein the encrypted media keys form a media secret table, and further comprising reading the media secret table from the computer-readable medium.
  - 16. The method of claim 15, wherein reading the media secret table comprises reading a media secret table identifier and identifying the media secret table on the computer-readable medium based on the read media secret table identifier.
  - 17. The method of claim 15, wherein calculating the medium key comprises:
    - obtaining the encrypted medium key associated with the end user device from the media secret table; and
      
      decrypting the obtained encrypted medium key using the private key.
  - 18. The method of claim 14, wherein the computer-readable medium further stores a message authentication code (MAC), and wherein comparing the defined medium identifier with the medium identifier stored in the package comprises verifying the MAC.
  - 19. The method of claim 18, wherein verifying the MAC comprises:
    - calculating a reference MAC as a function of the defined medium identifier and the encrypted content key; and
      
      comparing the calculated reference MAC to the MAC stored on the computer-readable medium.
  - 20. The method of claim 14, further comprising rendering the decrypted content.
  - 21. The method of claim 20, wherein the computer-readable medium further stores a set of rules, and wherein rendering the decrypted content comprises rendering the decrypted content in accordance with the set of rules.
  - 22. The method of claim 14, wherein the computer-readable medium further stores a digital signature, and further comprising verifying the digital signature as a function of the calculated medium key.
  - 23. The method of claim 14, wherein one or more computer-readable media have computer-executable instructions for performing the method recited in claim 14.

24. A system for recording content with copy protection onto a computer-readable medium, said system comprising:
- a memory area for storing content, a medium identifier associated with the computer-readable medium, and one or more public keys each corresponding to an end user device, and one or more usage rules associated with the stored content; and
  
  a processor configured to execute computer-executable instructions for;
  
  generating a medium key to be associated with the computer-readable medium;
  
  encrypting the generated medium key with each of the public keys stored in the memory area;
  
  encrypting the content stored in the memory area with a content key;
  
  encrypting the content key with the medium key; and
  
  storing the encrypted content, the encrypted content key, the encrypted medium keys, and the associated medium identifier to the computer-readable medium.
- View Dependent Claims (25, 26, 27)
- - 25. The system of claim 24, wherein the memory area and the processor are associated with a digital versatile disc recorder.
  - 26. The system of claim 24, wherein the processor is further configured for creating a media secret table for the content, said media secret table including the encrypted medium keys.
  - 27. The system of claim 24, wherein the one or more usage rules comprise a license.

28. A system for rendering copy protected content stored on a computer-readable medium by an end user device, said system comprising:
- a memory area for storing a medium identifier associated with the computer-readable medium, encrypted content, a medium identifier associated with the encrypted content, an encrypted content key, one or more medium keys each encrypted by a public key associated with one of a plurality of end user devices, and a private key associated with the end user device; and
  
  a processor configured to execute computer-executable instructions for;
  
  calculating a medium key for the end user device from the encrypted medium keys stored in the memory area as a function of the private key;
  
  comparing the medium identifier associated with the computer-readable medium with the medium identifier associated with the encrypted content; and
  
  if the medium identifier associated with the computer-readable medium corresponds to the medium identifier associated with the encrypted content as a function of said comparing, decrypting the encrypted content key with the calculated medium key and decrypting the encrypted content with the decrypted content key.
- View Dependent Claims (29, 30, 31, 32, 33)
- - 29. The system of claim 28, wherein the memory area further stores a master key list including the public keys associated with the plurality of end user devices.
  - 30. The system of claim 28, wherein the memory area further stores a digital signature;
    - said digital signature being a function of the calculated medium key.
  - 31. The system of claim 28, wherein the memory area stores the encrypted medium keys as a media secret table, and wherein the memory area further stores a media secret table identifier, said media secret table identifier specifying a location for the media secret table in the memory area.
  - 32. The system of claim 28, wherein the memory area stores the encrypted content, the encrypted content key, and the medium identifier associated with the encrypted content as one of a plurality of data structures, each of the plurality of data structures storing content encrypted according to a content key associated with the data structure.
  - 33. The system of claim 28, wherein the memory area and the processor are associated with a digital versatile disc player.

34. One or more computer-readable media having computer-executable components for providing copy protection for content, said components being executable on an end user device, said components comprising:
- an encryption component for encrypting the content by;
  
  generating a medium key to be associated with a computer-readable medium;
  
  encrypting the generated medium key with one or more public keys, each of the public keys corresponding to an end user device;
  
  creating a media secret table for the content, said media secret table including the encrypted medium keys;
  
  encrypting the content with a content key;
  
  encrypting the content key with the medium key;
  
  defining a medium identifier associated with the destination computer-readable medium and associating the defined medium identifier with the encrypted content; and
  
  storing the encrypted content, encrypted content key, media secret table, and associated medium identifier as a group on the computer-readable medium; and
  
  a decryption component for decrypting the content encrypted by the encryption component and enforcing copy protection by;
  
  calculating the medium key for the end user device from the media secret table as a function of the private key;
  
  determining a reference medium identifier for the computer-readable medium;
  
  comparing the determined reference medium identifier with the medium identifier stored in the group; and
  
  if the determined reference medium identifier corresponds to the medium identifier stored in the group as a function of said comparing, decrypting the encrypted content key with the calculated medium key and decrypting the encrypted content with the decrypted content key.
- View Dependent Claims (35)
- - 35. The computer-readable media of claim 34, wherein the decryption component further renders the decrypted content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Strom, Clifford P., McKune, Jeffrey R., LaChapelle, Kevin Leigh, Mercer, Ian Cameron, Parks, Michael Jay, Alkove, James Morris

Granted Patent

US 7,644,446 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/109   by using specially-adapted ...

H04L 2209/605   Copy protection

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

Encryption and data-protection for content on portable medium

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

121 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption and data-protection for content on portable medium

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

121 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links