Cryptographic methods, apparatus and systems for storage media electronic rights management in closed and connected appliances
First Claim
1. An electronic appliance comprising:
- a disk drive configured to read protected information from a removable storage medium;
an input for receiving user requests;
a protected processing environment communicatively coupled to the disk drive, the protected processing environment being configured to;
(a) access control information from the storage medium, the control information specifying one or more permitted or prohibited uses of the protected information;
(b) apply the control information to govern access to or other use of the protected information;
(c) use one or more decryption keys stored within the protected processing environment to decrypt one or more encrypted content decryption keys; and
(d) use the one or more content decryption keys to decrypt the protected information; and
an output for presenting the protected information to a user.
0 Assignments
0 Petitions
Accused Products
Abstract
A rights management arrangement for storage media such as optical digital video disks (DVDs, also called digital versatile disks) provides adequate copy protection in a limited, inexpensive mass-produceable, low-capability platform such as a dedicated home consumer disk player and also provides enhanced, more flexible security techniques and methods when the same media are used with platforms having higher security capabilities. A control object (or set) defines plural rights management rules for instance, price for performance or rules governing redistribution. Low capability platforms may enable only a subset of the control rules such as controls on copying or marking of played material. Higher capability platforms may enable all (or different subsets) of the rules. Cryptographically strong security is provided by encrypting at least some of the information carried by the media and enabling decryption based on the control set and/or other limitations. A secure “software container” can be used to protectively encapsulate (e.g., by cryptographic techniques) various digital property content (e.g., audio, video, game, etc.) and control object (i.e., set of rules) information. A standardized container format is provided for general use on/with various mediums and platforms. In addition, a special purpose container may be provided for DVD medium and appliances (e.g., recorders, players, etc.) that contains DVD program content (digital property) and DVD medium specific rules. The techniques, systems and methods disclosed herein are capable of achieving compatibility with other protection standards, such as for example, CGMA and Matsushita data protection standards adopted for DVDs. Cooperative rights management may also be provided, where plural networked rights management arrangements collectively control a rights management event on one or more of such arrangements.
-
Citations
76 Claims
-
1. An electronic appliance comprising:
-
a disk drive configured to read protected information from a removable storage medium;
an input for receiving user requests;
a protected processing environment communicatively coupled to the disk drive, the protected processing environment being configured to;
(a) access control information from the storage medium, the control information specifying one or more permitted or prohibited uses of the protected information;
(b) apply the control information to govern access to or other use of the protected information;
(c) use one or more decryption keys stored within the protected processing environment to decrypt one or more encrypted content decryption keys; and
(d) use the one or more content decryption keys to decrypt the protected information; and
an output for presenting the protected information to a user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
receiving a removable storage medium in a disk drive of an electronic appliance, the removable storage medium containing at least a protected content item and one or more controls specifying one or more permitted or prohibited uses of the protected content item;
receiving, over a telecommunications network, one or more additional controls specifying one or more permitted or prohibited uses of the protected content item; and
using said one or more controls and/or said one or more additional controls to govern access to or other use of the protected content item. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A DVD player comprising:
-
a disk drive for accepting DVDs;
a user interface for accepting input from a user of the DVD player; and
a protected processing environment communicatively coupled to the disk drive and the user interface, the protected processing environment being configured to access control information from a DVD and to apply the control information to govern access to and/or other use of protected information stored on the DVD, the control information specifying one or more permitted or prohibited uses of the protected information. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. An electronic appliance comprising:
-
an input for receiving protected information and control information associated therewith, the control information specifying one or more permitted or prohibited uses of the protected information;
a user interface for receiving user requests;
a rights management component configured to;
(a) access the control information;
(b) apply the control information to govern access to or other use of the protected information;
(c) use one or more decryption keys stored within the electronic appliance to decrypt one or more encrypted content decryption keys; and
(d) use the one or more content decryption keys to decrypt the protected information; and
an output for presenting the protected information to a user. - View Dependent Claims (33, 34, 35, 36)
-
-
37. A method performed by an electronic appliance, the method comprising:
-
receiving protected information and control information associated therewith, the control information specifying one or more permitted or prohibited uses of the protected information;
receiving a request from a user to play the protected information;
securely applying the control information to determine that the request can be granted;
decrypting one or more encrypted content decryption keys using one or more decryption keys stored within memory of the electronic appliance;
decrypting the protected information using the one or more content decryption keys; and
playing the protected information for the user. - View Dependent Claims (38, 39, 40, 41, 42, 43)
-
-
44. A computer-readable medium comprising a plurality of computer-readable objects, the computer readable objects including:
-
encrypted digital content;
control information specifying one or more permitted or prohibited uses of the digital content, the control information being securely associated with the digital content and being configured to be interpreted by tamper-resistant software and/or hardware to securely govern use of the digital content; and
one or more encrypted decryption keys, the decryption keys being configured to decrypt the digital content. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
-
-
60. A method comprising:
-
receiving, at a first electronic appliance, a first electronic content item and a first identifier associated with the first electronic content item;
receiving a request to copy or transfer the first electronic content item to a second electronic appliance;
accessing the first identifier; and
denying the request to copy or transfer the first electronic content item to a second electronic appliance based on said first identifier. - View Dependent Claims (61, 62, 63, 64, 65, 66, 67, 68, 69, 70)
-
-
71. A method comprising:
-
receiving, at a first electronic appliance, an electronic content item and an identifier associated with the electronic content item, the identifier identifying a second electronic appliance authorized to play the electronic content item;
receiving, at the first electronic appliance, a request to play the electronic content item;
accessing the identifier; and
denying the request to play the electronic content item based on said identifier. - View Dependent Claims (72, 73)
-
-
74. A method comprising:
-
receiving, at a first electronic appliance, an electronic content item, the electronic content item having an identifier associated therewith, the identifier identifying the first electronic appliance, the first electronic appliance being configured to check the identifier before playing the electronic content item;
sending the electronic content item and the identifier from the first electronic appliance to a second electronic appliance;
receiving the electronic content item and the identifier at the second electronic appliance, the second electronic appliance being configured to check the identifier before playing the electronic content item;
receiving, at the second electronic appliance, a request to play the electronic content item;
accessing the identifier; and
denying the request to play the electronic content item at the second electronic appliance. - View Dependent Claims (75, 76)
-
Specification