Method for secure storage and delivery of media content

US 20070043667A1
Filed: 12/30/2005
Published: 02/22/2007
Est. Priority Date: 09/08/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for distributing media titles by means of a non-volatile rewritable memory device, said device having a secure memory area and at least another memory area, said device comprising:

one or more content encryption key(s) stored in the secure memory area;

content stored in a memory area of the device, said content including media titles that have been encrypted by means of the content encryption key(s), selected portions of the media titles and/or lower quality versions of such titles being accessible without restriction, said method comprising;

receiving information regarding rights and/or rules;

storing in the secure memory area of the device the rights and/or rules, said rights and/or rules permitting access to content encryption key(s) for decrypting selected encrypted media titles stored in the device when authentication information is received by the device; and

supplying said selected portions of at least some of the media titles or lower quality versions of such titles to a host for rendering.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The memory device contains control structures that allow media content to be stored securely and distributed in a manner envisioned by the content owner, or service providers involved in the distribution. A wide variety of different avenues become available for distributing media content using such memory devices, such as where the devices contain one or more of the following: abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content. The memory device has a type of control structures that enable a service provider (who can also be the content owner) to create a secure environment for media content distribution where end users and terminals register with the service provider, and gain access to the content in a manner controlled by the service provider. The various components to be loaded (e.g. abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content) may be generated and loaded in a secure and efficient manner.

Citations

78 Claims

1. A method for distributing media titles by means of a non-volatile rewritable memory device, said device having a secure memory area and at least another memory area, said device comprising:
- one or more content encryption key(s) stored in the secure memory area;
  
  content stored in a memory area of the device, said content including media titles that have been encrypted by means of the content encryption key(s), selected portions of the media titles and/or lower quality versions of such titles being accessible without restriction, said method comprising;
  
  receiving information regarding rights and/or rules;
  
  storing in the secure memory area of the device the rights and/or rules, said rights and/or rules permitting access to content encryption key(s) for decrypting selected encrypted media titles stored in the device when authentication information is received by the device; and
  
  supplying said selected portions of at least some of the media titles or lower quality versions of such titles to a host for rendering.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising receiving the authentication information, and decrypting selected encrypted media titles stored in the device using content encryption key(s).
  - 3. The method of claim 1, further comprising encrypting the authentication information with a session key before such information is received.
  - 4. The method of claim 1, wherein the host operates the device for rendering the encrypted media titles, said method further comprising:
    - connecting the host to a server;
      
      sending purchase authorization from the host to the server;
      
      receiving at the host from the server information regarding the authentication information and the rights and/or rules; and
      
      supplying the authentication information and information regarding the rights and/or rules to the device.
  - 5. The method of claim 4, said method further comprising:
    - decrypting the selected encrypted media titles stored in the device; and
      
      sending to the host for rendering the decrypted media titles for a user.
  - 6. The method of claim 5, further comprising encrypting the decrypted selected encrypted media titles with a session key.
  - 7. The method of claim 1, said method further comprising:
    - prompting the user to purchase such media titles.
  - 8. The method of claim 1, wherein the media titles are organized into files, each file encrypted by a corresponding content encryption key, said device further comprising for each of at least some of the files an access control record that contains permissions and/or restrictions for using the corresponding content encryption key of such file, and wherein a first access control record of one of the files permits delegation of the permission to access the corresponding content encryption key to another access control record when the authentication information is presented, said method further comprising:
    - presenting said authentication information to the first access control record; and
      
      causing the first access control record to delegate its permission to access its corresponding content encryption key to a second access control record different from the first access control record.
  - 9. The method of claim 8, further comprising causing each of a plurality of access control records to delegate its permission to access its corresponding content encryption key to a second access control record different from the first and said plurality of access control records.

10. A method for distributing media titles by means of a non-volatile rewritable memory device, said device comprising:
- media files each encrypted by a corresponding content encryption key, and a control structure for each of at least some of the files, said structure containing permissions and/or restrictions for using the corresponding content encryption key of such file, and wherein a first control structure of one of the files permits delegation of the permission to access the corresponding content encryption key to another control structure when authentication information is presented, said method comprising;
  
  presenting said authentication information to the first control structure; and
  
  causing the first control structure to delegate its permission to access its corresponding content encryption key to a second control structure different from the first control structure.
- View Dependent Claims (11)
- - 11. The method of claim 10, wherein said first and second control structures comprise access control records.

12. A method for distributing media titles by means of a non-volatile rewritable memory device, said device having a secure memory area and at least another memory area, said device comprising:
- one or more content encryption keys and rights and/or rules involving encrypted content stored in the device, wherein the rights and/or rules are stored in the secure memory area;
  
  content stored in a memory area of the device, said content including media titles that have been encrypted by means of the one or more content encryption key(s), wherein the rights and/or rules specify that only selected portions of at least some of the media titles or lower quality versions of such titles are accessible without restriction or such titles can be played for only a limited number of times, said method comprising;
  
  receiving information regarding rights and/or rules to provide access to the content encryption key(s); and
  
  altering the rights and/or rules to provide access to the content encryption key(s) in response to authentication information so as to permit access to selected encrypted media titles stored in the device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, wherein a host operates the device for rendering the encrypted media titles, said method further comprising:
    - connecting the host to a service provider;
      
      sending purchase authorization from the host to the service provider; and
      
      receiving the authentication information and information from the service provider for altering the rights and/or rules in the device to provide access to the content encryption key(s).
  - 14. The method of claim 13, further comprising altering the rights and/or rules stored in the device to provide access to at least one of the one or more content encryption key(s) in response to the received information.
  - 15. The method of claim 14, said method further comprising:
    - decrypting selected encrypted media titles stored in the device; and
      
      sending to the host for rendering the decrypted media titles for a user.
  - 16. The method of claim 15, further comprising encrypting the decrypted selected encrypted media titles with a session key.
  - 17. The method of claim 12, said method further comprising:
    - playing for a user said selected portions of at least some of the media titles or lower quality versions of such titles, or such titles said limited number of times; and
      
      prompting the user to purchase such media titles.
  - 18. The method of claim 12, said method further comprising:
    - decrypting the selected encrypted media titles stored in the device by means of the one or more content encryption keys; and
      
      rendering the decrypted media titles for a user.
  - 19. The method of claim 12, further comprising encrypting the authentication information with a session key before such information is received.

20. A method for distributing media titles by means of a non-volatile rewritable memory device, said device comprising a system agent stored in the device;
- said method comprising;
  
  providing information to enable the device to be certified as genuine; and
  
  using said agent to enable a first service provider to create a first corresponding control structure in the device for controlling rights and/or rules involving access to encrypted content stored in the device.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 21. The method claim 20, further comprising using said agent to enable at least an additional service provider different from the first service provider to create an additional corresponding control structure in the device different from the first control structure.
  - 22. The method of claim 21, each of the control structures specifying rights and/or rules for access to encrypted content stored in the device, said method further comprising enabling each of the service providers to have exclusive control over the rights and/or rules specified by its corresponding control structure.
  - 23. The method of claim 22, wherein the service providers interact with the device independently of one another, so that the rights and/or rules specified by the corresponding control structure of one service provider is not accessible by another service provider.
  - 24. The method claim 20, further comprising receiving media content associated with the first service provider at the device and storing the media content at the device.
  - 25. The method of claim 20, wherein one or more application(s) operating at a host communicates with the device for rendering the encrypted media titles, said method further comprising:
    - in response to the presentation of predetermined credentials of said application(s), decrypting the encrypted media titles and supplying the decrypted media titles to the one or more application(s) for playback.
  - 26. The method of claim 25, wherein the device stores credentials and decrypts the encrypted media titles to enable them to be played only when the credentials presented are acceptable when compared to the stored credentials.
  - 27. The method of claim 20, wherein a host operates the device, said method further comprising establishing a secure channel between the device and the host which is connected to the first service provider, wherein the agent enables the first service provider to create the first control structure through the secure channel.
  - 28. The method of claim 20, wherein a host operates the device, said method further comprising:
    - authenticating the device as genuine, and the device authenticating the host as genuine; and
      
      establishing a secure connection between the device and the host.
  - 29. The method of claim 20, said device storing content encryption keys used to encrypt media content stored in the device, the first control structure specifying rights and/or rules for access to the one or more of the content encryption keys stored in the device wherein the rights and/or rules permits access to the content encryption key(s) for the decrypting the encrypted media content, said method further comprising granting access to one or more of the content encryption keys according to the rights and/or rules for decrypting the encrypted content.
  - 30. The method of claim 20, the first control structure specifying said rights and/or rules so that access to the one or more of the content encryption keys for decrypting the encrypted media content is subscription based.

31. A method for distributing media titles by means of a non-volatile rewritable memory device, said device comprising encrypted media content, content encryption keys used to encrypt said media content, and a control structure specifying rights and/or rules for access to one or more of the content encryption keys when predetermined credentials are presented to the device, comprising:
- determining whether credentials presented to the device are the predetermined credentials; and
  
  granting access to one or more of the content encryption keys according to the rights and/or rules for decrypting the encrypted content when the predetermined credentials are presented.

32. A method for distributing media titles by means of a non-volatile rewritable memory device storing media titles that can be rendered by a plurality of hosts, said device comprising:
- a first memory area for storing encrypted media titles, and a second secure memory area for storing control information that controls access to the encrypted media content, said control information including information on one or more accounts, each account associated with a set of encrypted media titles stored in the first memory area, each account having corresponding credentials;
  
  said method comprising;
  
  receiving a request and credentials from a host to access encrypted media content;
  
  checking the credentials presented by the host to against those of a particular account whose associated encrypted media titles are requested by the host; and
  
  determining whether the requested encrypted media titles should be visible and accessible; and
  
  decrypting the requested encrypted media titles and supplying the decrypted media titles to the host for rendering when credentials presented by the host match those of the particular account whose associated encrypted media titles are requested by the host.

33. A method for distributing media titles by means of a non-volatile rewritable memory device storing media titles that can be rendered by a plurality of hosts, said device comprising:
- a first memory area for storing encrypted media titles whose access being controlled by a service provider, and a second secure memory area for storing control information that controls access to the encrypted media titles stored in the first memory area, said control information including identification information for identifying the encrypted media titles as controlled by the service provider;
  
  said method comprising;
  
  checking credentials presented by a host against the identification information in the device to determine whether the encrypted media titles associated with the service provider should be accessible to such host; and
  
  decrypting the encrypted media titles associated with the service provider and supplying the decrypted media titles to the host for rendering when credentials presented by the host are checked to be in order.
- View Dependent Claims (34, 35, 36, 37)
- - 34. The method of claim 33, wherein the credentials presented by a host includes the identification information of the service provider in order for such credentials to be in order for checking.
  - 35. The method of claim 33, said encrypted media titles including a set of encrypted media titles associated with a particular account having account identification information, wherein the checking includes checking whether credentials presented by a host against the identification information of the account to determine whether media titles requested by the host should be accessible to such host;
    - and decrypting encrypted media titles requested by the host and supplying the decrypted media titles to the host for rendering when such titles are determined to be within the set and when credentials presented by the host includes the identification information of the account.
  - 36. The method of claim 35, wherein the account is associated with a family of end users, said identification information of the account including identification information for the family of end users, and wherein said checking includes checking whether credentials presented by a host includes identification information of any one of the family of end users.
  - 37. The method of claim 35, wherein the account is associated with an individual end user, said identification information of the account including identification information for the individual end user, and wherein said checking includes checking whether credentials presented by a host includes identification information of the individual end user.

38. A method for loading media content to non-volatile rewritable memory devices, comprising:
- obtaining rights objects and content encryption keys;
  
  loading said objects onto a memory area of each of a plurality of non-volatile rewritable memory devices; and
  
  subsequently loading first media content onto a memory area of each of the plurality of non-volatile rewritable memory devices, said media content encrypted by means of one or more of said content encryption keys wherein said rights objects control access to the content encryption keys.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 39. The method of claim 38, further comprising creating a secure area in a memory of each of a plurality of non-volatile rewritable memory devices, wherein said rights objects are loaded onto said secure area.
  - 40. The method of claim 38, wherein the first media content is loaded by generating a master copy of the content.
  - 41. The method of claim 40, wherein the master copy of the first media content comprises content encrypted by means of the content encryption keys.
  - 42. The method of claim 38, wherein the loading of the rights objects occurs in a secure facility.
  - 43. The method of claim 38, wherein the obtaining comprises generating content encryption keys, sending the content encryption keys to a rights issuer and receiving the rights objects from the rights issuer.
  - 44. The method of claim 38, each of the devices having a unique identification code, said devices divided into sets each including N devices, each of the sets having a set identification code and corresponding rights object for controlling access to encrypted content in the devices in such set, wherein each set identification code is derivable from the identification codes of the devices in the set, N being a positive integer, further comprising:
    - deriving the set identification code of each of the devices from its unique identification code; and
      
      loading the rights object corresponding to the derived set identification code to such device.
  - 45. The method of claim 44, wherein the identification code of each device is its serial number, and derivation of the set identification code includes dividing the serial number by a predetermined number.
  - 46. The method of claim 45, further comprising loading an unencrypted portion of said first media content to the device to allow previews without restriction.
  - 47. The method of claim 46, wherein said rights object permits limited preview of said encrypted first media content.
  - 48. The method of claim 47, said rights object permitting said first encrypted media content to be played for a limited number of times.

49. A method for controlling distribution of encrypted media content stored in a plurality of non-volatile rewritable memory devices, said device having a unique identification code, said devices divided into sets each including N devices, each of the sets having a set identification code and a corresponding rights object for controlling access to encrypted content in the devices in such set, comprising:
- deriving the set identification code of at least one of the devices from its unique identification code;
  
  from the derived set identification code, identifying the rights object for controlling access to encrypted content in the at least one device; and
  
  providing the identified rights object for loading into the at least one device.
- View Dependent Claims (50)
- - 50. The method of claim 49, wherein the identification code of each device is its serial number, and derivation of the set identification code includes dividing the serial number by a predetermined number.

51. A method for distributing media content using a non-volatile rewritable memory card, said card having a memory area, said card comprising first media content stored in the memory area of the card, said content including only selected unencrypted portions of at least some media titles or lower quality unencrypted versions of such media titles;
- said method comprising;
  
  rendering said selected unencrypted portions of at least some media titles or lower quality unencrypted versions of such media titles to a user; and
  
  sending query to the user on purchase of rights to access full length or higher quality version(s) of said at least some media titles.
- View Dependent Claims (52, 53)
- - 52. The method of claim 51, wherein said media titles contain contact information concerning purchase of rights to access encrypted full length or higher quality version(s) of said at least some media titles, said method further comprising obtaining said information from said media titles, and wherein the sending sends said information to the user as part of the query.
  - 53. The method of claim 52, further comprising receiving said encrypted full length or higher quality version(s) of said at least some media titles and enforcing the rights and/or rules with respect to said encrypted version(s) of said at least some media titles after proof of purchase is provided.

54. A method for distributing media content using a non-volatile rewritable memory card, said card having a memory area and a secure memory area, said card comprising first media content stored in the memory area of the card, said content including only selected unencrypted portions of at least some media titles or lower quality unencrypted versions of such media titles;
- said method comprising;
  
  receiving one or more content encryption key(s) and rights and/or rules involving encrypted version(s) of said at least some media titles, said version(s) encrypted by means of said one or more content encryption key(s); and
  
  storing said rights and/or rules in the secure memory area.
- View Dependent Claims (55)
- - 55. The method of claim 54, further comprising receiving said encrypted version(s) of said at least some media titles and enforcing the rights and/or rules with respect to said encrypted version(s) of said at least some media titles.

56. A method for distributing media content using a non-volatile rewritable memory card, said card having a memory area, said card comprising first media content stored in the memory area of the card, said content including only selected unencrypted portions of at least some media titles or lower quality unencrypted versions of such media titles;
- said method comprising;
  
  receiving said at least some media titles that have been encrypted by means of one or more content encryption key(s); and
  
  storing said encrypted at least some media titles in the memory area.
- View Dependent Claims (57, 58)
- - 57. The method of claim 56, further comprising:
    - receiving said one or more content encryption key(s) and rights and/or rules involving said encrypted at least some media titles, storing said rights and/or rules in the secure memory area and enforcing the rights and/or rules with respect to said encrypted at least some media titles.
  - 58. The method of claim 57, wherein the rights and/or rules permit, after proof of purchase of said at least some encrypted media titles, access to the one or more content encryption key(s), said method further comprising providing access to the one or more content encryption key(s) and decrypting said at least some encrypted media titles using such key(s) after proof of purchase of such titles is provided.

59. A method for distributing media content using a non-volatile rewritable memory card, said card having a memory area, said card comprising media content stored in the memory area of the card, said content including at least some media titles encrypted using one or more content encryption key(s);
- said method comprising;
  
  receiving said one or more content encryption key(s) and rights and/or rules involving said media content stored in the card, storing said rights and/or rules in a secure memory area of the card.
- View Dependent Claims (60)
- - 60. The method of claim 59, further comprising using said one or more content encryption key(s) to decrypt said encrypted at least some media titles according to the rights and/or rules.

61. A method for distributing media content using a non-volatile rewritable memory card, said card having a memory area, said card comprising media content stored in the memory area of the card, said content including at least some media titles;
- said method comprising;
  
  granting access to the at least some media titles within a time limit;
  
  tracking access to the at least some media titles; and
  
  compiling an access profile based on the tracked access.
- View Dependent Claims (62, 63)
- - 62. The method of claim 61, said at least some media titles encrypted using one or more content encryption key(s), said card storing rights and/or rules that provide extensions to the time limit access to the at least some media titles when said access profile is downloaded.
  - 63. The method of claim 62, said at least some media titles encrypted using one or more content encryption key(s), wherein time limited access is granted or extended by permitting access to the one or more content encryption key(s) during the time limit or extension thereof.

64. A method for distributing media content using a non-volatile rewritable memory card, said card having a memory area, said card comprising one or more content encryption key(s) and rights and/or rules involving media content to be stored in the card, said method comprising:
- receiving said media content, such content including at least some media titles encrypted using one or more content encryption key(s); and
  
  storing said media content in the memory area of the card.
- View Dependent Claims (65)
- - 65. The method of claim 64, further comprising receiving said media content multiple times, when multiple downloads are permitted by the rights and/or rules.

66. A method for backup and restoration of a rights object in a non-volatile rewritable memory device, said rights object being stored in the device in a manner so that it is accessible for read only functions when first credentials are presented to the device and so that it is accessible to be modified or erased or backup/restore when second credentials different from the first credentials are presented to the device, comprising:
- presenting the second credentials to the device;
  
  backing up said rights object; and
  
  restoring said rights object to the device so that the rights object is not accessible to be modified or erased or for backup/restore unless the second credentials are presented to the device.
- View Dependent Claims (67, 68, 69, 70)
- - 67. The method of claim 66, wherein the device permits access to said rights object for modifying or erasing said rights object when presented with the second credentials.
  - 68. The method of claim 66, wherein said rights object is encrypted, said backing up comprising:
    - decrypting said rights object;
      
      encrypting the decrypted rights object by means of a session key;
      
      decrypting said rights object using the session key; and
      
      encrypting the decrypted rights object by means of a key and storing the encrypted rights object at a backup storage region.
  - 69. The method of claim 66, said backing up comprising deleting said rights object from the device.
  - 70. The method of claim 66, said backing up comprising storing said rights object at a backup storage region, and wherein said restoring also includes deleting said rights object from the backup storage region.

71. A method for controlling a rights object in a non-volatile rewritable memory device, said rights object being stored in the device in a manner so that it is accessible for read only functions when first credentials are presented to the device and so that it is accessible to be modified or erased when second credentials different from the first credentials are presented to the device, comprising:
- presenting the second credentials to the device; and
  
  modifying or erasing said rights object.
- View Dependent Claims (72, 73, 74, 75, 76)
- - 72. The method of claim 71, the device storing encrypted media content controlled by said rights object, wherein the rights object contains rules specifying how said content is to be used and/or accessed, and specifying that only n number of copies may be made of said rights object, where n is a positive integer, said method further comprising copying said rights object to a storage region so that the object copied to the storage region contains rules specifying that only (n-m) number of copies of said rights object may be further made of said copied rights object in said storage region, m being zero or a positive integer less than n.
  - 73. The method of claim 72, wherein when said rights object is copied to one or more storage regions, said rules in said rights object in the device are updated to specify that only m number of copies of said rights object may be made.
  - 74. The method of claim 72, Wherein said rights object specifies that no copies may be made from it, said method further comprising deleting such object or modifying such object to indicate that the media content controlled by such object cannot be read in order to access such content for rendering or play back after such object is copied.
  - 75. The method of claim 72, wherein said copying and updating are performed by an application having DRM capabilities.
  - 76. The method of claim 71, wherein said rights object is encrypted, said method further comprising:
    - decrypting said rights object;
      
      encrypting the decrypted rights object by means of a session key;
      
      decrypting said rights object using the session key at a storage region; and
      
      encrypting the decrypted rights object by means of a key and storing the encrypted rights object at the storage region.

77. A method for enabling distribution of media content using non-volatile rewritable memory cards, comprising:
- checking credentials of an application that is accessing a non-volatile rewritable memory card to determine whether it is authorized to do so; and
  
  providing an indication that said application is not authorized to accessing the non-volatile rewritable memory card when the credentials of the application does not meet requirements.
- View Dependent Claims (78)
- - 78. The method of claim 77, said method being performed by a computer system, said system maintaining a list of predetermined credentials of applications provided by entities, wherein said computer checks credentials of the application against the list of predetermined credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Inventors
Caillon, Pascal, Holtzman, Michael, Jogand-Coulomb, Fabrice, McAvoy, Paul, Yuan, Po, Chang, Robert, Qawami, Bahman, Sabet-Sharghi, Farshid, Vargas, Pedro, Dwyer, Patricia

Application Number

US11/322,812
Publication Number

US 20070043667A1
Time in Patent Office

Days
Field of Search
US Class Current

705/50
CPC Class Codes

G06F 21/1014   to tokens

G06F 21/78   to assure secure storage of...

G06Q 30/0603   Catalogue ordering

G11B 20/00086   Circuits for prevention of ...

G11B 20/00094   involving measures which re...

G11B 20/0021   involving encryption or dec...

G11B 20/00253   wherein the key is stored o...

G11B 20/00724   wherein a prepaid credit ba...

G11B 20/00731   involving a digital rights ...

G11B 20/00862   wherein the remote server c...

G11B 20/00985   the trial version being of ...

G11B 2220/61   wherein solid state memory ...

H04N 21/4181   for conditional access

H04N 21/4184   providing storage capabilit...

H04N 21/4405   involving video stream decr...

H04N 21/4408   involving video stream encr...

H04N 21/4627   Rights management associate...

H04N 21/8355   involving usage data, e.g. ...

H04N 7/1675   Providing digital key or au...

Method for secure storage and delivery of media content

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

78 Claims

Specification

Solutions

Use Cases

Quick Links

Method for secure storage and delivery of media content

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

78 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links