Provisioning a computing system for digital rights management

US 20090006862A1
Filed: 06/28/2007
Published: 01/01/2009
Est. Priority Date: 06/28/2007
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more computer-readable media;

computer-readable instructions on the one or more computer-readable media which, when executed;

provide a digital rights management (DRM) partition which, when created, comprises an empty operating environment that is to be provisioned with DRM software; and

wherein the DRM partition is configured to generate an attestation request to a network-accessible individualization service to initiate a provisioning process in which it receives the DRM software.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for tamper-resistant storage.

106 Citations

View as Search Results

20 Claims

1. A system comprising:
- one or more computer-readable media;
  
  computer-readable instructions on the one or more computer-readable media which, when executed;
  
  provide a digital rights management (DRM) partition which, when created, comprises an empty operating environment that is to be provisioned with DRM software; and
  
  wherein the DRM partition is configured to generate an attestation request to a network-accessible individualization service to initiate a provisioning process in which it receives the DRM software.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the DRM partition comprises an identity which is included in the attestation request.
  - 3. The system of claim 1, wherein the DRM partition is configured to, as part of the provisioning process, receive one or more encrypted keys.
  - 4. The system of claim 1, wherein the DRM partition is configured to, as part of the provisioning process, receive one or more encrypted keys and cause said one or more keys to be stored in a gated, hardware key storage.
  - 5. The system of claim 1, wherein the DRM partition is configured to, as part of the provisioning process, receive one or more encrypted keys, and wherein only a specifically identified version of the DRM partition identified in the attestation request can make use of the one or more keys.
  - 6. The system of claim 1, wherein the DRM partition is configured to receive encrypted DRM software and cause said software to be stored, in encrypted form, in a local storage.
  - 7. The system of claim 1, wherein the DRM partition is configured to receive encrypted DRM software and cause said software to be stored, in encrypted form, in a local storage, and wherein the DRM partition is configured to receive one or more encrypted keys and said encrypted DRM software via the Internet.
  - 8. The system of claim 1, wherein the instructions provide a hypervisor that is configured to provide partitioning functionality and is responsible for maintaining isolation between partitions.

9. A computer-implemented method comprising:
- contacting a remote provisioning service that is configured to provision DRM functionality to one or more computing devices;
  
  receiving, from the remote provisioning service, encrypted content that is to be used to provision the DRM functionality on a computing device that performed said act of contacting; and
  
  using said encrypted content to provision DRM functionality on said computing device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein said act of contacting is performed over the Internet.
  - 11. The method of claim 9, wherein said encrypted content comprises an encrypted private key.
  - 12. The method of claim 9, wherein said encrypted content comprises encrypted DRM software.
  - 13. The method of claim 9, wherein said encrypted content comprises an encrypted private key and encrypted DRM software.
  - 14. The method of claim 9, wherein said encrypted content comprises an encrypted private key and encrypted DRM software and further comprising storing said private key in a gated, hardware key storage.
  - 15. The method of claim 9, wherein said encrypted content comprises an encrypted private key and encrypted DRM software and further comprising storing said encrypted DRM content in a local storage.
  - 16. The method of claim 9, wherein said act of contacting is performed by a DRM partition that is managed by a hypervisor.

17. A computer implemented method comprising:
- preparing, using a DRM partition, an attestation request that identifies at least the DRM partition;
  
  sending the attestation request to an individualization service that is configured to provision DRM software to the DRM partition;
  
  receiving, from the individualization service, an encrypted private key;
  
  storing the private key in a gated, hardware key storage;
  
  receiving encrypted DRM software from the individualization service; and
  
  storing the encrypted DRM software in a local storage.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein the hardware key storage is gated by a hypervisor.
  - 19. The method of claim 17, wherein the DRM software is encrypted using a public key associated with the encrypted private key.
  - 20. The method of claim 17, wherein the act of sending and both of said acts of receiving are performed using the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Alkove, James M., Grigorovitch, Alexandre V., Barde, Sumedh N., Schnell, Patrik

Granted Patent

US 8,661,552 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/121   Restricting unauthorised ex...

G06F 21/6209   to a single file or object,...

G06F 21/74   operating in dual or compar...

Provisioning a computing system for digital rights management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Provisioning a computing system for digital rights management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links