System and method for providing authorized access to digital content
First Claim
Patent Images
1. A method for providing authorized access to content, comprising the steps of:
- receiving a PPV access request for content from a plurality of PPV users;
responsive to the PPV access request, providing an asymmetric key pair having a public encryption key and a private encryption key to each of the plurality of PPV users;
providing a unique device unit key for each of the plurality of PPV users, wherein each of the device unit key is encrypted with the public encryption key associated with the each PPV user;
providing a first entitlement control message (ECM) for the PPV access request, the step of providing the first ECM includes, a) providing PPV access rules for the PPV access request in the first ECM;
b) providing a first message authentication code (MAC) for at least the PPV access rules in the first ECM; and
c) providing the first ECM as a group-addressed, multicast ECM to the plurality of PPV users; and
furthermore, providing a second ECM for the PPV access request, wherein the step of providing the second ECM includes, a) encrypting a first copy of a program key with the device unit key, the program key is operable for decrypting the content for the PPV access request and deriving the first MAC; and
b) providing the first copy of the program key in the second ECM.
4 Assignments
0 Petitions
Accused Products
Abstract
Described herein are embodiments that provide an approach to cryptographic key management for a digital rights management (DRM) architecture that includes multiple levels of key management for minimizing bandwidth usage while maximizing security for the DRM architecture. In one embodiment, there is provided a data structure for cryptographic key management that includes a public/private key pair and three additional layers of symmetric keys for authorizing access to a plurality of contents.
-
Citations
17 Claims
-
1. A method for providing authorized access to content, comprising the steps of:
-
receiving a PPV access request for content from a plurality of PPV users;
responsive to the PPV access request, providing an asymmetric key pair having a public encryption key and a private encryption key to each of the plurality of PPV users;
providing a unique device unit key for each of the plurality of PPV users, wherein each of the device unit key is encrypted with the public encryption key associated with the each PPV user;
providing a first entitlement control message (ECM) for the PPV access request, the step of providing the first ECM includes, a) providing PPV access rules for the PPV access request in the first ECM;
b) providing a first message authentication code (MAC) for at least the PPV access rules in the first ECM; and
c) providing the first ECM as a group-addressed, multicast ECM to the plurality of PPV users; and
furthermore,providing a second ECM for the PPV access request, wherein the step of providing the second ECM includes, a) encrypting a first copy of a program key with the device unit key, the program key is operable for decrypting the content for the PPV access request and deriving the first MAC; and
b) providing the first copy of the program key in the second ECM. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable data structure, encoded on at least one computer-readable medium (CRM) for authorizing access to content received by a device, the structure comprising:
-
a first record encoded on the at least one CRM, the first record includes a public key, a private key, and an associated digital certificate that the device use to provide public key decryption;
a second record encoded on the at least one CRM, the second record includes a device unit key unique to the device and encrypted by the public key and decrypted by the private key;
a third record encoded on the at least one CRM, the third record includes a subscription service key encrypted by the device unit key;
a fourth record encoded on the at least one CRM, the fourth record includes a pay-per-view (PPV) service key encrypted by the device unit key;
a fifth record encoded on the at least one CRM, the fifth record includes a first copy of a content decryption key encrypted with the subscription service key, the content decryption key provides decryption of a content for access through a subscription service; and
a sixth record encoded on the at least one CRM, the sixth record includes a second copy of the content decryption key encrypted with the PPV service key, the PPV content decryption key provides decryption of the content for access through a PPV service;
wherein the fifth record and sixth record are both included in a same group-addressed, multicast entitlement control message (ECM). - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer readable data structure, encoded on a computer readable medium for authorizing access to content received by a device, the structure comprising:
-
a first record encoded on the at least one CRM, the first record includes a public key, a private key, and an associated digital certificate that the device use to provide public key decryption;
a second record encoded on the at least one CRM, the second record includes a device unit key unique to the device and encrypted by the public key and decrypted by the private key;
a third record encoded on the at least one CRM, the third record includes a service key encrypted by the device unit key;
a fourth record encoded on the at least one CRM, the fourth record includes a program key that provides decryption of the content received by the device, wherein the program key is encrypted by the service key for access of the content received by the device through a subscription service, and wherein the program key is encrypted by the device unit key for access of the content received by the device through a pay-per-view (PPV) service; and
a fifth record encoded on the at least one CRM, the fifth record includes a free-preview program key that provides decryption of a free-preview content, the free-preview program key is encrypted by the device unit key.
-
Specification