Content security layer providing long-term renewable security

US 20080049935A1
Filed: 10/26/2007
Published: 02/28/2008
Est. Priority Date: 03/28/2001
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium comprising:

(a) encrypted digital video; and

(b) program logic for processing by an interpreter in a playback device, including;

(i) program logic configured to query said playback device to obtain the results of cryptographic computations performed by said playback device, where said cryptographic operations use one or more cryptographic key values unique to said player and not accessible by said program logic;

(ii) program logic configured to determine whether playback is authorized to proceed on said playback device by using said obtained results;

(iii) program logic configured to derive at least one video decryption key to enable playback of said video, if it is it determined that playback is authorized.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an exemplary embodiment, digital content is mastered as a combination of encrypted data and data processing operations that enable use in approved playback environments. Player devices having a processing environment compatible with the content'"'"'s data processing operations are able to decrypt and play the content. Players can also provide content with basic functions, such as loading data from media, performing network communications, determining playback environment configuration, controlling decryption/playback, and/or performing cryptographic operations using the player'"'"'s keys. These functions allow the content to implement and enforce its own security policies. If pirates compromise individual players or content titles, new content can be mastered with new security features that block the old attacks. A selective decryption capability can also be provided, enabling on-the-fly watermark insertion so that attacks can be traced back to a particular player. Features to enable migration from legacy formats are also provided.

49 Citations

View as Search Results

25 Claims

1. A computer-readable medium comprising:
- (a) encrypted digital video; and
  
  (b) program logic for processing by an interpreter in a playback device, including;
  
  (i) program logic configured to query said playback device to obtain the results of cryptographic computations performed by said playback device, where said cryptographic operations use one or more cryptographic key values unique to said player and not accessible by said program logic;
  
  (ii) program logic configured to determine whether playback is authorized to proceed on said playback device by using said obtained results;
  
  (iii) program logic configured to derive at least one video decryption key to enable playback of said video, if it is it determined that playback is authorized.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-readable medium of claim 1 where said program logic in (iii) is further configured to:
    - (A) derive said video decryption keys on authorized players, by using said cryptographic computation results; and
      
      (B) not derive said video decryption cryptographic keys on unauthorized players.
  - 3. The computer-readable medium of claim 1 further comprising program logic configured to:
    - (a) obtain from said playback device information identifying said playback device; and
      
      (b) use said identifying information to modify the playback of said video so that a third party with knowledge of how said modification is performed can identify said playback device from a copy of the playback output.
  - 4. The computer-readable medium of claim 1 further comprising:
    - (a) information identifying the manufacturer of said medium, (b) at least one characteristic identifiable by said player identifying that said medium is not consumer-recordable.
  - 5. The computer-readable medium of claim 1 further comprising a serial number uniquely identifying said medium.

6. A device for playing encrypted digital content, comprising:
- (a) an input interface usable to input said encrypted digital content and associated program logic;
  
  (b) a memory usable to store inputs read from said interface;
  
  (c) a processor usable to read data from said interface and to store data in said memory;
  
  (d) an interpreter, implemented using software executable on said processor and configured to interpret program logic read from said interface and stored in said memory;
  
  (e) a cryptographic module;
  
  (i) having access to at least one cryptographic key; and
  
  (ii) configured to perform cryptographic processing using said cryptographic key as directed by said program logic, such that said program logic can obtain the results of said cryptographic processing but cannot determine the value of said at least one key; and
  
  (e) an output interface for outputting said digital content.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 7. The device of claim 6, where said input interface is a network interface capable of receiving a transmission over the Internet.
  - 8. The device of claim 6 where said input interface is connected to a removable module comprising:
    - (i) a memory containing said encrypted digital content and associated program logic; and
      
      (ii) cryptographic computation logic usable by said program logic and necessary to decrypt said content.
  - 9. The device of claim 6 where said interpreter is configured to provide said program logic with access to information describing:
    - (i) said playback device;
      
      (ii) at least one action requested by a user of said playback device; and
      
      (iii) at least one device connected to said output interface.
  - 10. The device of claim 6 where said cryptographic subunit comprises a removable, tamper-resistant hardware module.
  - 11. The device of claim 6:
    - (i) where said encrypted digital content includes encrypted digital video distributed on an optically-readable medium; and
      
      (ii) further configured to output said digital content in a form re-encrypted to deter unauthorized access to said output.
  - 12. The device of claim 6, further comprising a decryption circuit configured to decrypt said content using cryptographic keys derived by said program logic.
  - 13. The device of claim 12, where said decryption circuit is configured to embed information received from said interpreter in the decrypted content such that third party can determine said information by analyzing a recording of said content outputted from said output interface.
  - 14. The device of claim 13 where:
    - (i) representations of a plurality of versions of a plurality of regions of said content are stored on a digital medium accessible by said input interface;
      
      (ii) each of said versions is encrypted with a unique cryptographic key;
      
      (iii) said device is capable of embedding said information by using said information to select portions of said content to output from among said plurality of versions; and
      
      (iv) said decryption circuit includes logic to synchronize decryption key changes.
  - 15. The device of claim 6 further comprising:
    - (a) an internal nonvolatile memory;
      
      (i) containing security-related data accessible by said program logic operating on said interpreter; and
      
      (ii) usable by said program logic to verify the security of said playback device; and
      
      (b) cryptographic authentication logic to validate the authenticity of updates to said security-related data.
  - 16. The device of claim 6 further comprising a visual indicator notifying a user of said playback device whether the quality of said digital content provided on said output interface has been reduced.

17. A method for playing encrypted digital video, comprising the steps of:
- (a) reading data from a medium, where said data incorporates processing instructions combined with encrypted video data;
  
  (b) using an interpreter within a player device, performing said processing instructions;
  
  (c) using a secret key accessible to said player device, cryptographically transforming said data received with said processing instructions, (d) returning the result of (c) to said processing instructions;
  
  (e) using the result of said processing instructions to decrypt said encrypted video data; and
  
  (f) outputting a representation of said decrypted video using an output interface.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method of claim 17 further comprising:
    - (a) identifying a device connected to said output interface;
      
      (b) determining that the security of said connected device is insufficient for high-quality playback, as a result of executing said processing instructions;
      
      (c) said processing instructions specifying an output quality that is lower than the best quality represented on said medium, supported by said output interface, and supported by said connected device; and
      
      (d) outputting said decrypted video at said specified output quality.
  - 19. The method of claim 17 further comprising:
    - (a) updating a protected nonvolatile memory to indicate that said digital video was played; and
      
      (b) securely reporting a result of said nonvolatile memory update to a third party to enable billing for playback.
  - 20. The method of claim 19 further comprising using a public key to verify a digital signature on at least a portion of said processing instructions prior to allowing access to said nonvolatile memory.
  - 21. The method of claim 17 where (b) includes transmitting at least one message via said output interface to a user of said player device.
  - 22. The method of claim 17 further comprising:
    - (a) analyzing information including the type of said player; and
      
      (b) based on said analysis, enabling playback of additional bonus video stored on said media.
  - 23. The method of claim 17 further comprising using a codec implemented in said processing instructions operating on said interpreter to decompress said digital video.
  - 24. The method of claim 17 further comprising:
    - (a) transmitting a value to an output device connected to said output interface; and
      
      (b) receiving a cryptographically-transformed representation of said value from said output device.

25. A device for playing encrypted digital content, comprising:
- (a) means for inputting said encrypted digital content and associated program logic from a removable digital medium;
  
  (b) means for storing program logic read from said interface;
  
  (c) means for interpreting said program logic;
  
  (d) means for performing cryptographic processing using a secret key as directed by said program logic, whereby said program logic can obtain the results of said cryptographic processing, but cannot determine the value of said secret key; and
  
  (e) means for outputting said digital content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Irdeto USA Incorporated (MultiChoice Group Ltd.)
Original Assignee
Cryptography Research, Inc. (Rambus Inc.)
Inventors
Carter, Matthew, Jun, Benjamin, Pearson, Peter, Kocher, Paul, Jaffe, Joshua

Granted Patent

US 7,756,272 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/201
CPC Class Codes

G11B 20/00086   Circuits for prevention of ...

G11B 20/00166   involving measures which re...

G11B 20/00173   wherein the origin of the c...

G11B 20/0021   involving encryption or dec...

G11B 20/00246   wherein the key is obtained...

G11B 20/00659   involving a control step wh...

G11B 20/00818   wherein the usage restricti...

G11B 20/0084   wherein the usage restricti...

G11B 20/00884   involving a watermark, i.e....

H04L 2209/603   Digital right managament [DRM]

H04L 2209/608   Watermarking

H04L 9/0891   Revocation or update of sec...

H04L 9/3247   involving digital signatures

H04N 2005/91335   the copy protection signal ...

H04N 2005/91342   the copy protection signal ...

H04N 21/26613   for generating or managing ...

H04N 21/4135   external recorder interface...

H04N 21/4181   for conditional access

H04N 21/4325   by playing back content fro...

H04N 21/4405   involving video stream decr...

H04N 21/44236 : Monitoring of piracy proces...

H04N 21/4627 : Rights management associate...

H04N 21/8355 : involving usage data, e.g. ...

H04N 21/8358 : involving watermark protect...

H04N 5/913 : for scrambling ; for copy p...

View All

Content security layer providing long-term renewable security

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Content security layer providing long-term renewable security

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links