Technique for securely communicating programming content

US 20060047957A1
Filed: 12/07/2004
Published: 03/02/2006
Est. Priority Date: 07/20/2004
Status: Active Grant

First Claim

Patent Images

1. A method for transferring programming content to a device, comprising:

receiving from the device a request for transfer of the programming content thereto, an extent of security of the device being indicated by an indicator assigned thereto;

in response to the request, authenticating the device to determine legitimacy of the device for receiving the programming content; and

transferring to the device the programming content and a set of rules associated with the programming content after the device is authenticated, at least some of the rules in the set being associated with the indicator and applicable to the device with respect to use of the programming content.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique is provided for securely transferring programming content from a first device in a first layer, e.g., a trusted domain, to a second device in a second layer, e.g., outside the trusted domain. When a user requests that the first device transfer protected content to the second device, the first device needs to authenticate the second device. After the second device is authenticated, the first device may transfer to the second device the protected content, together with a rights file associated therewith. The rights file specifies the rights of the second device to use the protected content, according to its security level indicative of its security. These rights may concern, e.g., the number of times that the second device may subsequently transfer the protected content to other devices, the time period within which the second device may play the protected content, etc. The higher the security level of the second device is, the more rights accorded thereto. Indeed, the second device may need to meet a minimum security level requirement in order for it to receive or keep the protected content.

Citations

88 Claims

1. A method for transferring programming content to a device, comprising:
- receiving from the device a request for transfer of the programming content thereto, an extent of security of the device being indicated by an indicator assigned thereto;
  
  in response to the request, authenticating the device to determine legitimacy of the device for receiving the programming content; and
  
  transferring to the device the programming content and a set of rules associated with the programming content after the device is authenticated, at least some of the rules in the set being associated with the indicator and applicable to the device with respect to use of the programming content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the device is authenticated by verifying data in a digital certificate provided by the device.
  - 3. The method of claim 1 wherein the programming content includes movie content.
  - 4. The method of claim 1 further comprising before the programming content is transferred to the device, determining whether the extent of the security of the device indicated by the indicator meets a certain one of the rules in the set.
  - 5. The method of claim 4 wherein the programming content is transferred after it is determined that the security of the device indicated by the indicator meets the certain rule.
  - 6. The method of claim 1 wherein one of the rules in the set concerns the number of times the device can transfer the programming content to other devices.
  - 7. The method of claim 1 wherein one of the rules in the set concerns a period within which the device can play the programming content.
  - 8. The method of claim 1 wherein one of the rules in the set specifies rights of the device to transfer the programming content to another device as a function of an extent of security of the other device.

9. A method for transferring programming content between devices, comprising:
- defining a first protective layer, devices within the first protective layer transferring programming content to one another pursuant to a first process;
  
  defining a second protective layer, a first device in the first protective layer transferring selected programming content to a second device in the second protective layer pursuant to a second process which comprises;
  
  authenticating the second device to determine legitimacy of the second device for receiving the selected programming content, the second device being assigned an indicator indicating an extent of security thereof; and
  
  transferring to the second device the selected programming content and a set of rules associated with the selected programming content after the second device is authenticated, at least some of the rules in the set being associated with the indicator and applicable to the second device with respect to use of the selected programming content.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 10. The method of claim 9 wherein the first device includes a set-top terminal for receiving the selected programming content from a broadband communications network.
  - 11. The method of claim 10 wherein the broadband communications network includes a cable network.
  - 12. The method of claim 11 wherein the set of rules is instituted by an operator of the cable network.
  - 13. The method of claim 9 wherein the set of rules is instituted by a provider of the selected programming content.
  - 14. The method of claim 9 wherein the second device is authenticated by verifying data in a digital certificate provided by the second device.
  - 15. The method of claim 9 wherein the selected programming content includes movie content.
  - 16. The method of claim 9 further comprising before the selected programming content is transferred to the device, determining whether the extent of the security of the second device indicated by the indicator meets a certain one of the rules in the set.
  - 17. The method of claim 16 wherein the programming content is transferred after it is determined that the extent of the security of the second device indicated by the indicator meets the certain rule.
  - 18. The method of claim 9 wherein one of the rules in the set concerns the number of times the second device can transfer the selected programming content to other devices.
  - 19. The method of claim 9 wherein one of the rules in the set concerns a period within which the second device can play the selected programming content.
  - 20. The method of claim 9 wherein one of the rules in the set specifies rights of the second device to transfer the selected programming content to another device as a function of an extent of security of the other device.

21. A method for use in a device for receiving protected content, comprising:
- storing an indicator indicating an extent of security of the device;
  
  sending to an apparatus a request for transferring the protected content to the device;
  
  providing to the apparatus data for validating legitimacy of the device for receiving the protected content from the apparatus; and
  
  receiving from the apparatus the protected content, and a set of rules associated with the protected content, at least some of the rules in the set being associated with the indicator and applicable to the device with respect to use of the protected content.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The method of claim 21 wherein the apparatus includes a set-top terminal for receiving the protected content from a broadband communications network.
  - 23. The method of claim 22 wherein the broadband communications network includes a cable network.
  - 24. The method of claim 23 wherein the set of rules is instituted by an operator of the cable network.
  - 25. The method of claim 21 wherein the set of rules is instituted by a provider of the protected content.
  - 26. The method of claim 21 wherein the data is contained in a digital certificate.
  - 27. The method of claim 21 wherein the protected content includes movie content.
  - 28. The method of claim 21 wherein one of the rules in the set concerns the number of times the device can transfer the selected programming content to other devices.
  - 29. The method of claim 21 wherein one of the rules in the set concerns a period within which the device can play the selected programming content.
  - 30. The method of claim 21 wherein one of the rules in the set specifies rights of the device to transfer the selected programming content to another device as a function of an extent security of the other device.

31. A method for use in a module apparatus connectable to a device having programming content, which is encrypted, stored in storage in the device, the method comprising:
- receiving a request from the device for accessing the programming content, the request including a data package stored in association with the encrypted programming content in the storage;
  
  in response to the request determining that the device is allowed to access the programming content based on information in the first data package; and
  
  providing to the device at least data concerning a cryptographic element for decrypting the encrypted programming content in the storage, thereby providing the device with access to the programming content.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. The method of claim 31 wherein the information concerns rights to access the programming content.
  - 33. The method of claim 32 wherein the rights include a right to play the programming content.
  - 34. The method of claim 32 wherein the rights include a right to record the programming content.
  - 35. The method of claim 32 wherein the cryptographic element includes an encryption key.
  - 36. The method of claim 35 wherein the data represents an encrypted version of the encryption key.
  - 37. The method of claim 35 wherein the data package contains data representing an encrypted version of the encryption key.

38. A method for use in a device connectable to a module apparatus, the device having storage therein, the method comprising:
- sending to the module apparatus a request for recording selected programming content;
  
  receiving from the module apparatus a response to the request, the response including data concerning a cryptographic element, a data package containing at least a version of the cryptographic element, and a determination that the device is allowed to record the selected programming content based at least one a security measure associated with the selected programming content;
  
  recording the selected programming content based on the determination;
  
  encrypting the recorded programming content with the cryptographic element derived from the data; and
  
  storing the encrypted programming content in association with the data package in the storage.
- View Dependent Claims (39, 40, 41, 42, 43, 44)
- - 39. The method of claim 38 wherein the cryptographic element includes an encryption key.
  - 40. The method of claim 38 wherein the data representing an encrypted version of the encryption key.
  - 41. The method of claim 38 wherein the device is allowed to record the selected programming content based also on a security level associated with the device.
  - 42. The method of claim 39 wherein the version of the cryptographic element includes an encryption version of the encryption key.
  - 43. The method of claim 38 further comprising receiving the selected programming content from a communications network.
  - 44. The method of claim 43 wherein the communications network includes a cable network.

45. An apparatus for transferring programming content to a device, comprising:
- an interface for receiving from the device a request for transfer of the programming content thereto, an extent of security of the device being indicated by an indicator assigned thereto;
  
  a mechanism responsive to the request for authenticating the device to determine legitimacy of the device for receiving the programming content; and
  
  a processor programmed to transfer to the device the programming content and a set of rules associated with the programming content after the device is authenticated, at least some of the rules in the set being associated with the indicator and applicable to the device with respect to use of the programming content.
- View Dependent Claims (46, 47, 48, 49, 50, 51, 52)
- - 46. The apparatus of claim 45 wherein the mechanism authenticates the device by verifying data in a digital certificate provided by the device.
  - 47. The apparatus of claim 45 wherein the programming content includes movie content.
  - 48. The apparatus of claim 45 wherein before the programming content is transferred to the device, whether the extent of the security of the device indicated by the indicator meets a certain one of the rules in the set is determined.
  - 49. The apparatus of claim 48 wherein the programming content is transferred after it is determined that the extent of the security of the device indicated by the indicator meets the certain rule.
  - 50. The apparatus of claim 45 wherein one of the rules in the set concerns the number of times the device can transfer the programming content to other devices.
  - 51. The apparatus of claim 45 wherein one of the rules in the set concerns a period within which the device can play the programming content.
  - 52. The apparatus of claim 45 wherein one of the rules in the set specifies rights of the device to transfer the programming content to another device as a function of an extent of security of the other device.

53. A system for transferring programming content between devices, comprising:
- devices within a first protective layer transferring programming content to one another pursuant to a first process; and
  
  a first device in the first protective layer transferring selected programming content to a second device in a second protective layer pursuant to a second process, the first device including a processor programmed to perform the second process which comprises;
  
  authenticating the second device to determine legitimacy of the second device for receiving the selected programming content, the second device being assigned an indicator indicating an extent of security thereof; and
  
  transferring to the second device the selected programming content and a set of rules associated with the selected programming content after the second device is authenticated, at least some of the rules in the set being associated with the indicator and applicable to the second device with respect to use of the selected programming content.
- View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
- - 54. The system of claim 53 wherein the first device comprises a set-top terminal for receiving the selected programming content from a broadband communications network.
  - 55. The system of claim 54 wherein the broadband communications network includes a cable network.
  - 56. The system of claim 55 wherein the set of rules is instituted by an operator of the cable network.
  - 57. The system of claim 53 wherein the set of rules is instituted by a provider of the selected programming content.
  - 58. The system of claim 53 wherein the second device is authenticated by verifying data in a digital certificate provided by the second device.
  - 59. The system of claim 53 wherein the selected programming content includes movie content.
  - 60. The system of claim 53 wherein before the selected programming content is transferred to the device, whether the extent of the security of the second device indicated by the indicator meets a certain one of the rules in the set is determined.
  - 61. The system of claim 60 wherein the programming content is transferred after it is determined that the extent of the security of the second device indicated by the indicator meets the certain rule.
  - 62. The system of claim 53 wherein one of the rules in the set concerns the number of times the second device can transfer the selected programming content to other devices.
  - 63. The system of claim 53 wherein one of the rules in the set concerns a period within which the second device can play the selected programming content.
  - 64. The system of claim 53 wherein one of the rules in the set specifies rights of the second device to transfer the selected programming content to another device as a function of an extent of security of the other device.

65. A device for receiving protected content, comprising:
- storage for storing an indicator indicating an extent of security of the device, a request being sent to an apparatus for transferring the protected content to the device;
  
  a processor programmed to provide to the apparatus data for validating legitimacy of the device for receiving the protected content from the apparatus; and
  
  an interface for receiving from the apparatus the protected content, and a set of rules associated with the protected content, at least some of the rules in the set being associated with the indicator and applicable to the device with respect to use of the protected content.
- View Dependent Claims (66, 67, 68, 69, 70)
- - 66. The device of claim 65 wherein the data is contained in a digital certificate.
  - 67. The device of claim 65 wherein the protected content includes movie content.
  - 68. The device of claim 65 wherein one of the rules in the set concerns the number of times the device can transfer the selected programming content to other devices.
  - 69. The device of claim 65 wherein one of the rules in the set concerns a period within which the device can play the selected programming content.
  - 70. The device of claim 65 wherein one of the rules in the set specifies rights of the device to transfer the selected programming content to another device as a function of an extent of security of the other device.

71. Module apparatus connectable to a device having programming content, which is encrypted, stored in storage in the device, the apparatus comprising:
- an interface for receiving a request from the device for accessing the programming content, the request including a data package stored in association with the encrypted programming content in the storage;
  
  a processor configured to determine, in response to the request, that the device is allowed to access the programming content based on information in the first data package; and
  
  a mechanism for providing to the device at least data concerning a cryptographic element for decrypting the encrypted programming content in the storage, thereby providing the device with access to the programming content.
- View Dependent Claims (72, 73, 74, 75, 76, 77, 78, 79)
- - 72. The apparatus of claim 71 wherein the information concerns rights to access the programming content.
  - 73. The apparatus of claim 72 wherein the rights include a right to play the programming content.
  - 74. The apparatus of claim 72 wherein the rights include a right to record the programming content.
  - 75. The apparatus of claim 72 wherein the cryptographic element includes an encryption key.
  - 76. The apparatus of claim 75 wherein the data represents an encrypted version of the encryption key.
  - 77. The apparatus of claim 75 wherein the data package contains data representing an encrypted version of the encryption key.
  - 78. The apparatus of claim 75 comprising a CableCARD.
  - 79. The apparatus of claim 78 wherein the CableCARD is configurable to handle a plurality of data streams containing programming content simultaneously.

80. A device connectable to a module apparatus, the device comprising:
- a processing unit configured to generate a request for recording selected programming content, the request being sent to the module apparatus;
  
  an interface for receiving from the module apparatus a response to the request, the response including data concerning a cryptographic element, a data package containing at least a version of the cryptographic element, and a determination that the device is allowed to record the selected programming content based at least one a security measure associated with the selected programming content, the selected programming content being recorded based on the determination;
  
  a mechanism for encrypting the recorded programming content with the cryptographic element derived from the data; and
  
  storage for storing the encrypted programming content in association with the data package therein.
- View Dependent Claims (81, 82, 83, 84, 85, 86, 87, 88)
- - 81. The device of claim 80 wherein the cryptographic element includes an encryption key.
  - 82. The device of claim 80 wherein the data representing an encrypted version of the encryption key.
  - 83. The device of claim 80 wherein the selected programming content is allowed to be recorded based also on a security level associated with the device.
  - 84. The device of claim 81 wherein the version of the cryptographic element includes an encryption version of the encryption key.
  - 85. The device of claim 80 wherein the selected programming content is received from a communications network.
  - 86. The device of claim 85 wherein the selected programming content is received from the communications network including a cable network.
  - 87. The device of claim 80 wherein the interface is configured for coupling the module apparatus to the device.
  - 88. The device of claim 87 wherein the interface is configured for coupling the module apparatus which includes a CableCARD to the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated), Comcast Cable Communications LLC (Comcast Corporation)
Original Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Inventors
Hayashi, Michael T., Carlucci, John B., Helms, William, Fahrny, James W.

Granted Patent

US 8,312,267 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

H04L 2209/60   Digital content management,...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3263   involving certificates, e.g...

H04N 21/2347   involving video stream encr...

H04N 21/23473   by pre-encrypting

H04N 21/2541   Rights Management protectin...

H04N 21/25816   involving client authentica...

H04N 21/26613   for generating or managing ...

H04N 21/4405   involving video stream decr...

H04N 21/4627   Rights management associate...

H04N 21/6334   for authorisation, e.g. by ...

H04N 21/63775   for uploading keys, e.g. fo...

H04N 21/6582   Data stored in the client, ...

H04N 21/8355   involving usage data, e.g. ...

H04N 7/1675   Providing digital key or au...

H04N 7/17318   Direct or substantially dir...

H04N 7/17354   in an intermediate station ...

Technique for securely communicating programming content

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

88 Claims

Specification

Solutions

Use Cases

Quick Links

Technique for securely communicating programming content

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

88 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links