Secure time source operations for digital rights management

US 20090006854A1
Filed: 06/28/2007
Published: 01/01/2009
Est. Priority Date: 06/28/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

establishing communication between an open computing system and a remote secure time service, wherein the remote secure time service serves as a source for secure time values;

receiving, with the open computing system, one or more time values from the remote secure time service; and

using the one or more time values to make digital rights management (DRM) time-based decisions regarding DRM-protected content that is consumed on the open computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for robustly secure storage.

Citations

20 Claims

1. A computer-implemented method comprising:
- establishing communication between an open computing system and a remote secure time service, wherein the remote secure time service serves as a source for secure time values;
  
  receiving, with the open computing system, one or more time values from the remote secure time service; and
  
  using the one or more time values to make digital rights management (DRM) time-based decisions regarding DRM-protected content that is consumed on the open computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the act of using is performed, at least in part, by a policy enforcement module executing inside a DRM partition.
  - 3. The method of claim 1 further comprising storing the one or more time values in a hardware, tamper-resistant time source.
  - 4. The method of claim 1, wherein the act of establishing is performed via the Internet.
  - 5. The method of claim 1, wherein the act of establishing comprises generating a request that includes a value that can be used to verify that a response is received from an entity to which the request is sent.
  - 6. The method of claim 1, wherein the act of receiving is performed by receiving an authenticable package that includes a date/time value.
  - 7. The method of claim 1, wherein the act of receiving is performed by receiving an authenticatable package that includes a date/time value, and wherein the authenticatable package includes a nonce that was previously sent in a request from the open computing system.
  - 8. The method of claim 1, wherein the act of receiving is performed by receiving an authenticatable package that includes a date/time value, wherein the authenticatable package can be authenticated using a message authentication code.
  - 9. The method of claim 1 further comprising:
    - sending a request for a time value from a policy enforcement module to a local time source; and
      
      receiving, responsive to said act of sending, an authenticatable package that includes a date/time value.

10. A computer-implemented method comprising:
- generating a request for a secure time value, wherein said request is generated by a time source located on a computing device that has been remotely provisioned with digital rights management (DRM) software;
  
  sending the request, via the Internet, to a remote secure time service;
  
  receiving, from the remote time service, at least one secure time value;
  
  storing said at least one secure time value in the time source; and
  
  using the secure time value to provide a measure of time that can be used to make DRM-based decisions with regard to DRM-protected content.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, wherein the act of receiving at least one secure time value is performed by receiving an authenticable package that includes a date/time value.
  - 12. The method of claim 10, wherein the act of receiving at least one secure time value is performed by receiving an authenticable package that includes a date/time value, wherein the authenticatable package includes a nonce that was previously sent in the request.
  - 13. The method of claim 10, wherein the act of receiving at least one secure time value is performed by receiving an authenticable package that includes a date/time value, wherein the authenticable package can be authenticated using a message authentication code.
  - 14. The method of claim 10, wherein the act of receiving at least one secure time value is performed by receiving an authenticable package that includes a date/time value, wherein the authenticable package can be authenticated using a digital signature.
  - 15. The method of claim 10, wherein said acts of generating, sending, receiving and storing are performed by an open computing system.

16. A computing device comprising:
- one or more processors;
  
  one or more computer-readable media;
  
  instructions on the one or more computer-readable media which, when executed, provide one or more partitions one of which comprises a digital rights management (DRM) partition that is remotely provisionable with DRM software; and
  
  a hardware time source (212) operatively associated with the DRM partition and configured to serve as a source of secure time values, wherein the hardware time source is configured to communicate with a remote secure time service to receive secure time values that can be used to provide time measures to the DRM partition so that DRM software executing inside the DRM partition can make time-based DRM decisions.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the time source is configured to generate a request to the secure time service that includes a nonce.
  - 18. The system of claim 16, wherein the time source is configured to:
    - generate a request to the secure time service that includes a nonce, andreceive a package from the secure time service that includes a date/time value and the nonce.
  - 19. The system of claim 16, wherein the time source is configured to:
    - generate a request to the secure time service that includes a nonce, andreceive a package from the secure time service that includes a date/time value and the nonce, wherein the package is authenticable using a message authentication code.
  - 20. The system of claim 16, wherein the time source is configured to:
    - generate a request to the secure time service that includes a nonce, andreceive a package from the secure time service that includes a date/time value and the nonce, wherein the package is authenticable using a digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Alkove, James M., Grigorovitch, Alexandre V., Schnell, Patrik

Granted Patent

US 8,646,096 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/178
CPC Class Codes

G06F 21/10 Protecting distributed prog...

G06F 2221/2151 Time stamp

Secure time source operations for digital rights management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure time source operations for digital rights management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links