Cryptographic methods, apparatus and systems for storage media electronic rights management in closed and connected appliances

US 20060212370A1
Filed: 05/04/2006
Published: 09/21/2006
Est. Priority Date: 02/13/1995
Status: Abandoned Application

First Claim

Patent Images

1. An electronic appliance comprising:

a disk drive configured to read protected information from a removable storage medium;

an input for receiving user requests;

a protected processing environment communicatively coupled to the disk drive, the protected processing environment being configured to;

(a) access control information from the storage medium, the control information specifying one or more permitted or prohibited uses of the protected information;

(b) apply the control information to govern access to or other use of the protected information;

(c) use one or more decryption keys stored within the protected processing environment to decrypt one or more encrypted content decryption keys; and

(d) use the one or more content decryption keys to decrypt the protected information; and

an output for presenting the protected information to a user.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A rights management arrangement for storage media such as optical digital video disks (DVDs, also called digital versatile disks) provides adequate copy protection in a limited, inexpensive mass-produceable, low-capability platform such as a dedicated home consumer disk player and also provides enhanced, more flexible security techniques and methods when the same media are used with platforms having higher security capabilities. A control object (or set) defines plural rights management rules for instance, price for performance or rules governing redistribution. Low capability platforms may enable only a subset of the control rules such as controls on copying or marking of played material. Higher capability platforms may enable all (or different subsets) of the rules. Cryptographically strong security is provided by encrypting at least some of the information carried by the media and enabling decryption based on the control set and/or other limitations. A secure “software container” can be used to protectively encapsulate (e.g., by cryptographic techniques) various digital property content (e.g., audio, video, game, etc.) and control object (i.e., set of rules) information. A standardized container format is provided for general use on/with various mediums and platforms. In addition, a special purpose container may be provided for DVD medium and appliances (e.g., recorders, players, etc.) that contains DVD program content (digital property) and DVD medium specific rules. The techniques, systems and methods disclosed herein are capable of achieving compatibility with other protection standards, such as for example, CGMA and Matsushita data protection standards adopted for DVDs. Cooperative rights management may also be provided, where plural networked rights management arrangements collectively control a rights management event on one or more of such arrangements.

Citations

76 Claims

1. An electronic appliance comprising:
- a disk drive configured to read protected information from a removable storage medium;
  
  an input for receiving user requests;
  
  a protected processing environment communicatively coupled to the disk drive, the protected processing environment being configured to;
  
  (a) access control information from the storage medium, the control information specifying one or more permitted or prohibited uses of the protected information;
  
  (b) apply the control information to govern access to or other use of the protected information;
  
  (c) use one or more decryption keys stored within the protected processing environment to decrypt one or more encrypted content decryption keys; and
  
  (d) use the one or more content decryption keys to decrypt the protected information; and
  
  an output for presenting the protected information to a user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The electronic appliance of claim 1, in which the disk drive is further configured to retrieve the one or more encrypted content decryption keys from the removable storage medium.
  - 3. The electronic appliance of claim 1, in which the protected processing environment includes a secure processing unit comprising internal memory, the internal memory storing the one or more decryption keys.
  - 4. The electronic appliance of claim 1, in which the control information includes one or more controls selected from a group consisting of:
    - a control that prohibits copying of the protected information, a control that allows the protected information to be copied only once, and a control that allows the protected information to be copied multiple times.
  - 5. The electronic appliance of claim 1, in which the control information includes one or more controls selected from a group consisting of:
    - a control that allows a user or a class of users to play the protected information, and a control that allows a user or a class of users to extract or excerpt at least a part of the protected information
  - 6. The electronic appliance of claim 3, in which the control information includes one or more controls selected from a group consisting of:
    - a control that prohibits copying of the protected information, a control that allows the protected information to be copied only once, a control that allows the protected information to be copied multiple times, a control that allows a user or a class of users to play the protected information, and a control that allows a user or a class of users to extract or excerpt at least a part of the protected information.
  - 7. The electronic appliance of claim 1, in which the control information includes a requirement that the protected information can only be released to one or more types of devices.
  - 8. The electronic appliance of claim 7, in which the one or more types of devices includes devices that are not configured to copy the protected information.
  - 9. The electronic appliance of claim 7, in which the one or more types of devices includes devices that include a rights management component configured to enforce at least part of the control information.
  - 10. The electronic appliance of claim 1, in which the control information includes a requirement that the protected information be fingerprinted prior to release by the electronic appliance.
  - 11. The electronic appliance of claim 1, in which the control information includes a requirement that copies of the protected information be degraded in quality.

12. A method comprising:
- receiving a removable storage medium in a disk drive of an electronic appliance, the removable storage medium containing at least a protected content item and one or more controls specifying one or more permitted or prohibited uses of the protected content item;
  
  receiving, over a telecommunications network, one or more additional controls specifying one or more permitted or prohibited uses of the protected content item; and
  
  using said one or more controls and/or said one or more additional controls to govern access to or other use of the protected content item.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, further comprising receiving a request to copy the protected content item, in which the step of using said one or more controls and/or said one or more additional controls to govern access to or other use of the protected content item comprises determining that at least one control or additional control permits only a predefined number of copies of the protected content item to be made, determining that the predefined number of copies has not been made, and granting the request.
  - 14. The method of claim 13, further comprising storing an indication that the request has been granted, the indication for use in responding to further requests to copy the protected content item.
  - 15. The method of claim 12, in which at least one of the one or more controls or the one or more additional controls is selected from a group consisting of:
    - a control that prohibits copying of the protected content item, a control that allows the protected content item to be copied only once, and a control that allows the protected content item to be copied multiple times.
  - 16. The method of claim 12, in which at least one of the one or more controls or the one or more additional controls is selected from a group consisting of:
    - a control that allows a user or a class of users to play the protected content item, and a control that allows a user or a class of users to extract or excerpt at least a part of the protected content item.
  - 17. The method of claim 12, in which at least one of the one or more controls or the one or more additional controls includes a requirement that the protected content item can only be released in decrypted form to one or more types of devices.
  - 18. The method of claim 17, in which the one or more types of devices includes devices that are not configured to copy the protected content item.
  - 19. The method of claim 17, in which the one or more types of devices includes devices that are configured to apply at least part of the control information to govern access to and/or other use of the protected content item.
  - 20. The method of claim 16, further comprising:
    - receiving a request from a user to play the protected content item; and
      
      verifying a digital certificate associated with the user.

21. A DVD player comprising:
- a disk drive for accepting DVDs;
  
  a user interface for accepting input from a user of the DVD player; and
  
  a protected processing environment communicatively coupled to the disk drive and the user interface, the protected processing environment being configured to access control information from a DVD and to apply the control information to govern access to and/or other use of protected information stored on the DVD, the control information specifying one or more permitted or prohibited uses of the protected information.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 22. The DVD player of claim 21, in which the protected processing environment comprises one or more cryptographic keys for use in decrypting the protected information.
  - 23. The DVD player of claim 21, in which the protected processing environment comprises one or more cryptographic keys for use in decrypting one or more encrypted content keys stored on the DVD, the one or more content keys for use in decrypting the protected information.
  - 24. The DVD player of claim 21, in which the protected processing environment comprises a secure processing unit.
  - 25. The DVD player of claim 24, in which the secure processing unit comprises a microprocessor and memory storing one or more cryptographic keys for use in decrypting the protected information and/or decrypting one or more encrypted cryptographic keys stored on the DVD.
  - 26. The DVD player of claim 24, in which the secure processing unit comprises a microprocessor, memory storing one or more cryptographic keys, and a random number generator.
  - 27. The DVD player of claim 21, in which the control information includes one or more controls selected from a group consisting of:
    - a control that prohibits copying of the protected information, a control that allows the protected information to be copied only once, and a control that allows the protected information to be copied multiple times.
  - 28. The DVD player of claim 21, in which the control information includes one or more controls selected from a group consisting of:
    - a control that allows a user or a class of users to play the protected information, and a control that allows a user or a class of users to extract or excerpt at least a part of the protected information.
  - 29. The DVD player of claim 21, in which the control information includes a requirement that the protected information can only be sent to one or more types of devices.
  - 30. The DVD player of claim 29, in which the one or more types of devices includes devices that are not configured to copy the protected information.
  - 31. The DVD player of claim 29, in which the one or more types of devices includes devices that are configured to apply at least part of the control information to govern access to and/or other use of the protected information.

32. An electronic appliance comprising:
- an input for receiving protected information and control information associated therewith, the control information specifying one or more permitted or prohibited uses of the protected information;
  
  a user interface for receiving user requests;
  
  a rights management component configured to;
  
  (a) access the control information;
  
  (b) apply the control information to govern access to or other use of the protected information;
  
  (c) use one or more decryption keys stored within the electronic appliance to decrypt one or more encrypted content decryption keys; and
  
  (d) use the one or more content decryption keys to decrypt the protected information; and
  
  an output for presenting the protected information to a user.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The electronic appliance of claim 32, in which the rights management component includes a secure processing unit comprising internal memory, the internal memory storing the one or more decryption keys.
  - 34. The electronic appliance of claim 32, in which the control information includes one or more controls selected from a group consisting of:
    - a control that prohibits copying of the protected information, a control that allows the protected information to be copied only once, and a control that allows the protected information to be copied multiple times.
  - 35. The electronic appliance of claim 32, in which the control information includes one or more controls selected from a group consisting of:
    - a control that allows a user or a class of users to play the protected information, and a control that allows a user or a class of users to extract or excerpt at least a part of the protected information.
  - 36. The electronic appliance of claim 32, further comprising a network interface, wherein the rights management component is further configured to process key revocation information received via the network interface.

37. A method performed by an electronic appliance, the method comprising:
- receiving protected information and control information associated therewith, the control information specifying one or more permitted or prohibited uses of the protected information;
  
  receiving a request from a user to play the protected information;
  
  securely applying the control information to determine that the request can be granted;
  
  decrypting one or more encrypted content decryption keys using one or more decryption keys stored within memory of the electronic appliance;
  
  decrypting the protected information using the one or more content decryption keys; and
  
  playing the protected information for the user.
- View Dependent Claims (38, 39, 40, 41, 42, 43)
- - 38. The method of claim 37, in which the electronic appliance includes a secure processing unit comprising internal memory, the internal memory storing the one or more decryption keys.
  - 39. The method claim 37, in which the control information includes one or more controls selected from a group consisting of:
    - a control that prohibits copying of the protected information, a control that allows the protected information to be copied only once, and a control that allows the protected information to be copied multiple times.
  - 40. The method of claim 37, in which the control information includes one or more controls selected from a group consisting of:
    - a control that allows a user or a class of users to play the protected information, and a control that allows a user or a class of users to extract or excerpt at least a part of the protected information.
  - 41. The method of claim 40, further comprising:
    - verifying a digital certificate associated with the user.
  - 42. The method of claim 37, further comprising:
    - receiving key revocation information, and using the key revocation information to revoke one or more of the decryption keys.
  - 43. The method of claim 37, further comprising:
    - receiving one or more additional decryption keys.

44. A computer-readable medium comprising a plurality of computer-readable objects, the computer readable objects including:
- encrypted digital content;
  
  control information specifying one or more permitted or prohibited uses of the digital content, the control information being securely associated with the digital content and being configured to be interpreted by tamper-resistant software and/or hardware to securely govern use of the digital content; and
  
  one or more encrypted decryption keys, the decryption keys being configured to decrypt the digital content.
- View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
- - 45. The computer-readable medium of claim 44, in which the control information includes a first set of one or more controls for use on a first class of electronic appliances, and a second set of one or more controls for use on a second class of electronic appliances.
  - 46. The computer-readable medium of claim 45, in which the first class of electronic appliances comprises electronic appliances having at least a first security capability, and the second class of electronic appliances comprises electronic appliances that do not have said at least first security capability.
  - 47. The computer-readable medium of claim 46, in which the at least first security capability comprises an enhanced capability to use rights management information.
  - 48. The computer-readable medium of claim 47, in which the enhanced capability comprises an ability to audit use of the digital content.
  - 49. The computer-readable medium of claim 45, in which the first class of electronic appliances comprises electronic appliances having at least a first technical capability, and the second class of electronic appliances comprises electronic appliances that do not have said at least first technical capability.
  - 50. The computer-readable medium of claim 49, in which the at least first technical capability comprises a network connection.
  - 51. The computer-readable medium of claim 44, in which the control information includes one or more controls selected from a group consisting of:
    - a control that prohibits copying of the digital content, a control that allows the digital content to be copied only once, and a control that allows the digital content to be copied multiple times.
  - 52. The computer-readable medium of claim 44, in which the control information includes one or more controls selected from a group consisting of:
    - a control that allows a user or a class of users to play the digital content, and a control that allows a user or a class of users to extract or excerpt at least a part of the digital content.
  - 53. The computer-readable medium of claim 44, in which the control information includes a requirement that the digital content can only be released in decrypted form to one or more types of devices.
  - 54. The computer-readable medium of claim 53, in which the one or more types of devices includes devices that are not configured to copy the digital content.
  - 55. The computer-readable medium of claim 53, in which the one or more types of devices includes devices that have a rights management component configured to enforce at least part of the control information.
  - 56. The computer-readable medium of claim 44, in which the control information includes a requirement that the digital content be fingerprinted prior to release in decrypted form by an electronic appliance.
  - 57. The computer-readable medium of claim 44, in which the control information includes a requirement that copies of the digital content be degraded in quality.
  - 58. The computer-readable medium of claim 55, in which the digital content comprises a movie.
  - 59. The computer-readable medium of claim 58, in which the computer-readable medium comprises a DVD.

60. A method comprising:
- receiving, at a first electronic appliance, a first electronic content item and a first identifier associated with the first electronic content item;
  
  receiving a request to copy or transfer the first electronic content item to a second electronic appliance;
  
  accessing the first identifier; and
  
  denying the request to copy or transfer the first electronic content item to a second electronic appliance based on said first identifier.
- View Dependent Claims (61, 62, 63, 64, 65, 66, 67, 68, 69, 70)
- - 61. The method of claim 60, in which the first identifier identifies the first electronic appliance.
  - 62. The method of claim 60, in which the first identifier identifies a third electronic appliance, the third electronic appliance having sent the first electronic content item to the first electronic appliance.
  - 63. The method of claim 60, in which the first identifier comprises a code indicating that the first electronic content item is a copy.
  - 64. The method of claim 63, in which the first electronic content item has a second identifier associated therewith.
  - 65. The method of claim 64, in which the second identifier identifies the first electronic appliance.
  - 66. The method of claim 64, in which the second identifier identifies a third electronic appliance, the third electronic appliance having sent the first electronic content item to the first electronic appliance.
  - 67. The method of claim 60, in which the first electronic content item and the first identifier are received in a tamper-resistant electronic container.
  - 68. The method of claim 60, in which the first electronic content item is received in encrypted form.
  - 69. The method of claim 60, further comprising:
    - receiving, at the first electronic appliance, a second electronic content item;
      
      receiving a request to access the second electronic content item;
      
      determining that the second electronic content item has a second identifier associated therewith; and
      
      granting the request to access the second electronic content item based at least in part on said second identifier.
  - 70. The method of claim 69, in which the second identifier identifies at least one of the first electronic appliance or an electronic appliance that sent the second electronic content item to the first electronic appliance.

71. A method comprising:
- receiving, at a first electronic appliance, an electronic content item and an identifier associated with the electronic content item, the identifier identifying a second electronic appliance authorized to play the electronic content item;
  
  receiving, at the first electronic appliance, a request to play the electronic content item;
  
  accessing the identifier; and
  
  denying the request to play the electronic content item based on said identifier.
- View Dependent Claims (72, 73)
- - 72. The method of claim 71, in which the electronic content item and the identifier are received in a secure electronic container.
  - 73. The method of claim 71, in which the electronic content item further has control information associated therewith, the control information being configured to be interpreted by tamper-resistant software and/or hardware to securely govern use of the electronic content item, and in which the control information includes one or more controls selected from a group consisting of:
    - a control that prohibits copying of the electronic content item, a control that allows the electronic content item to be copied only once, a control that allows the electronic content item to be copied multiple times, a control that allows a user or a class of users to play the electronic content item, and a control that allows a user or a class of users to extract or excerpt at least a part of the electronic content item.

74. A method comprising:
- receiving, at a first electronic appliance, an electronic content item, the electronic content item having an identifier associated therewith, the identifier identifying the first electronic appliance, the first electronic appliance being configured to check the identifier before playing the electronic content item;
  
  sending the electronic content item and the identifier from the first electronic appliance to a second electronic appliance;
  
  receiving the electronic content item and the identifier at the second electronic appliance, the second electronic appliance being configured to check the identifier before playing the electronic content item;
  
  receiving, at the second electronic appliance, a request to play the electronic content item;
  
  accessing the identifier; and
  
  denying the request to play the electronic content item at the second electronic appliance.
- View Dependent Claims (75, 76)
- - 75. The method of claim 74, in which the electronic content item and the identifier are received at the first electronic appliance in a secure electronic container.
  - 76. The method of claim 74, in which the electronic content item further has control information associated therewith, the control information being configured to be interpreted by tamper-resistant software and/or hardware to securely govern use of the electronic content item, and in which the control information includes one or more controls selected from a group consisting of:
    - a control that prohibits copying of the electronic content item, a control that allows the electronic content item to be copied only once, a control that allows the electronic content item to be copied multiple times, a control that allows a user or a class of users to play the electronic content item, and a control that allows a user or a class of users to extract or excerpt at least a part of the electronic content item.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Weber, Robert P., Sibert, W. Olin, Shear, Victor H., VanWie, David M.

Application Number

US11/429,385
Publication Number

US 20060212370A1
Time in Patent Office

Days
Field of Search
US Class Current

705/28
CPC Class Codes

G06F 21/109   by using specially-adapted ...

G06F 21/16   Program or content traceabi...

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/6209   to a single file or object,...

G06F 21/71   to assure secure computing ...

G06F 21/86   Secure or tamper-resistant ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2135   Metering

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

G06Q 10/087   Inventory or stock manageme...

G06Q 20/02   involving a neutral party, ...

G06Q 20/023   the neutral party being a c...

G06Q 20/04   Payment circuits

G06Q 20/085   involving remote charge det...

G06Q 20/10   specially adapted for elect...

G06Q 20/102   Bill distribution or payments

G06Q 20/12   specially adapted for elect...

G06Q 20/123 : Shopping for digital content

G06Q 20/1235 : with control of digital rig...

G06Q 20/14 : specially adapted for billi...

G06Q 20/24 : Credit schemes, i.e. "pay a...

G06Q 20/306 : using TV related infrastruc...

G06Q 20/308 : using the Internet of Things

G06Q 2220/16 : Copy protection or prevention

G06Q 30/0273 : Determination of fees for a...

G06Q 30/0283 : Price estimation or determi...

G06Q 30/06 : Buying, selling or leasing ...

G06Q 30/0601 : Electronic shopping [e-shop...

G06Q 30/0609 : Buyer or seller confidence ...

G06Q 40/02 : Banking, e.g. interest calc...

G06Q 40/04 : Trading; Exchange, e.g. sto...

G06Q 40/12 : Accounting

G06Q 50/184 : Intellectual property manag...

G06Q 50/188 : Electronic negotiation

G06T 1/0021 : Image watermarking

G07F 9/026 : for alarm, monitoring and a...

H04L 2209/56 : Financial cryptography, e.g...

H04L 2209/60 : Digital content management,...

H04L 2463/101 : applying security measures ...

H04L 2463/102 : applying security measure f...

H04L 2463/103 : applying security measure f...

H04L 63/02 : for separating internal fro...

H04L 63/04 : for providing a confidentia...

H04L 63/0428 : wherein the data content is...

H04L 63/0435 : wherein the sending and rec...

H04L 63/0442 : wherein the sending and rec...

H04L 63/08 : for authentication of entit...

H04L 63/0823 : using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/10 : for controlling access to d...

H04L 63/12 : Applying verification of th...

H04L 63/123 : received data contents, e.g...

H04L 63/16 : Implementing security featu...

H04L 63/168 : above the transport layer

H04L 63/20 : for managing network securi...

H04L 9/006 : involving public key infras...

H04L 9/0819 : Key transport or distributi...

H04L 9/0838 : Key agreement, i.e. key est...

H04L 9/0861 : Generation of secret inform...

H04L 9/3218 : using proof of knowledge, e...

H04L 9/3247 : involving digital signatures

H04L 9/3263 : involving certificates, e.g...

H04N 2005/91364 : the video signal being scra...

H04N 21/2347 : involving video stream encr...

H04N 21/23476 : by partially encrypting, e....

H04N 21/235 : Processing of additional da...

H04N 21/2362 : Generation or processing of...

H04N 21/2541 : Rights Management protectin...

H04N 21/2543 : Billing , e.g. for subscrip...

H04N 21/2547 : Third Party Billing, e.g. b...

H04N 21/25875 : involving end-user authenti...

H04N 21/4143 : embedded in a Personal Comp...

H04N 21/42646 : for reading from or writing...

H04N 21/4325 : by playing back content fro...

H04N 21/4345 : Extraction or processing of...

H04N 21/435 : Processing of additional da...

H04N 21/4405 : involving video stream decr...

H04N 21/44204 : Monitoring of content usage...

H04N 21/443 : OS processes, e.g. booting ...

H04N 21/4627 : Rights management associate...

H04N 21/4753 : for user identification, e....

H04N 21/6581 : Reference data, e.g. a movi...

H04N 21/8166 : involving executable data, ...

H04N 21/835 : Generation of protective da...

H04N 21/8355 : involving usage data, e.g. ...

H04N 21/83555 : using a structured language...

H04N 21/8358 : involving watermark protect...

H04N 5/913 : for scrambling ; for copy p...

H04N 7/162 : Authorising the user termin...

H04N 7/163 : by receiver means only

H04N 7/17309 : Transmission or handling of...

View All

Cryptographic methods, apparatus and systems for storage media electronic rights management in closed and connected appliances

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

76 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic methods, apparatus and systems for storage media electronic rights management in closed and connected appliances

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

76 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links