Secure storage for digital rights management

US 20090006868A1
Filed: 06/28/2007
Published: 01/01/2009
Est. Priority Date: 06/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method, implemented at least in part by a computer, comprising:

providing a computing device with digital rights management (DRM) software that has been remotely provisioned;

providing, in secure storage on the computing device, a signing key and a counter that maintains a counter value that is to be used for verification;

associating a counter value with DRM data that is to be protected;

signing, under the influence of the DRM software, the DRM data and associated counter value using the signing key, said signing providing signed DRM data and the associated counter value; and

storing signed DRM data and the associated counter value in local storage on the computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for robustly secure storage.

98 Citations

View as Search Results

20 Claims

1. A method, implemented at least in part by a computer, comprising:
- providing a computing device with digital rights management (DRM) software that has been remotely provisioned;
  
  providing, in secure storage on the computing device, a signing key and a counter that maintains a counter value that is to be used for verification;
  
  associating a counter value with DRM data that is to be protected;
  
  signing, under the influence of the DRM software, the DRM data and associated counter value using the signing key, said signing providing signed DRM data and the associated counter value; and
  
  storing signed DRM data and the associated counter value in local storage on the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising verifying that a counter value stored in the local storage matches with a counter value stored in the secure storage.
  - 3. The method of claim 1 further comprising verifying that a counter value stored in the local storage matches with a counter value stored in the secure storage, wherein the act of verifying comprises sending, by the DRM software, a nonce to the secure storage and receiving, responsive to said sending, a signed package that includes the nonce and a counter value to be verified.
  - 4. The method of claim 1 further comprising:
    - verifying that a counter value stored in the local storage matches with a counter value stored in the secure storage; and
      
      responsive to writing new DRM data, causing a change in the counter value in the secure storage and the counter value associated with the DRM data.
  - 5. The method of claim 1 further comprising:
    - reading, via the DRM software, signed DRM data and the associated counter value from the local storage;
      
      checking whether the counter value associated with the DRM data matches with a counter value stored in the secure storage; and
      
      if said counter values match, permitting DRM operations to be performed.
  - 6. The method of claim 1, wherein the signing key is a symmetric key.
  - 7. The method of claim 1, wherein the signing key is a private key of a public/private key pair.
  - 8. The method of claim 1, wherein the DRM software comprises a DRM partition.

9. A method implemented, at least in part, by a computer, comprising:
- providing a computing device with digital rights management (DRM) software that has been remotely provisioned;
  
  providing, in secure storage on the computing device, a signing key and a counter that maintains a counter value;
  
  providing a table having a counter value and multiple other values individual ones of which being associated with DRM data portions that are to be protected in local storage on the computing device;
  
  computing signatures for individual DRM data portions by using the signing key to sign a DRM data portion and its associated other value; and
  
  storing the individual DRM data portions and associated signatures in local storage on the computing device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The method of claim 9 further comprising:
    - reading, with the DRM software, a DRM data portion and its associated signature from the local storage;
      
      computing, with the DRM software, a computed signature using said data portion read by the DRM software and an associated other value stored in said table;
      
      if signatures for a DRM data portion match, permitting DRM operations to be performed.
  - 11. The method of claim 9, wherein said other values comprise sub-counter values that are individually computed when an associated data portion is written.
  - 12. The method of claim 9, wherein said other values comprise hash values that are individually computed when an associated data portion is written.
  - 13. The method of claim 9 further comprising verifying whether a counter value associated with said table matches with a counter value associated with said secure storage.
  - 14. The method of claim 9 further comprising verifying whether a counter value associated with said table matches with a counter value associated with said secure storage, wherein said verifying is performed by the DRM software.
  - 15. The method of claim 9 further comprising verifying whether a counter value associated with said table matches with a counter value associated with said secure storage, wherein said verifying is performed by the secure storage.
  - 16. The method of claim 9, wherein the signing key is a symmetric key.
  - 17. The method of claim 9, wherein the signing key is a private key of a public/private key pair.
  - 18. The method of claim 9, wherein the DRM software comprises a DRM partition.

19. A system comprising:
- one or more computer-readable media;
  
  computer-readable instructions on the one or more computer-readable media which, when executed, implement a digital rights management (DRM) partition;
  
  secure storage hardware for storing a signing key and a counter that holds counter values;
  
  local storage that holds DRM data;
  
  DRM software executable in the DRM partition, wherein the DRM software is configured to implement secure storage functionality using the local storage and the secure storage hardware,wherein the secure storage functionality is implemented by utilizing a system in which counter values stored in the secure storage are checked against counter values stored with the DRM data, and wherein when counter values match, DRM operations are permitted and when counter values do not match, DRM operations are not permitted.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein at least some of the counter values are stored in a table that includes entries associated with individual DRM data portions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Alkove, James M., Grigorovitch, Alexandre V., Schnell, Patrik

Granted Patent

US 8,689,010 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/64   Protecting data integrity, ...

G06F 21/725   operating on a secure refer...

G06F 21/74   operating in dual or compar...

G06F 21/78   to assure secure storage of...

Secure storage for digital rights management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

98 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure storage for digital rights management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links