Secure Content Distribution with Distributed Hardware

US 20090097642A1
Filed: 10/16/2007
Published: 04/16/2009
Est. Priority Date: 10/16/2007
Status: Active Grant

First Claim

Patent Images

1. A hardware transcryption unit capable of:

establishing one or more first secure, authenticated communication channels with a hardware or software entity or entities capable of providing encrypted entertainment content and a signed policy associated with said encrypted entertainment content and governing usage rights of said encrypted entertainment content;

receiving said encrypted entertainment content and said signed policy over said one or more first secure, authenticated communication channels;

decrypting said encrypted entertainment content to provide decrypted entertainment content and verifying that the signed policy has not been tampered with;

establishing a second secure, authenticated communication channel with a hardware graphics unit, hardware audio unit, or hardware device unit;

re-encrypting said decrypted entertainment content such that only said hardware graphics unit, hardware audio unit, or hardware device unit is capable of decrypting the re-encrypted entertainment content; and

providing, over the second secure, authenticated communication channel, said re-encrypted entertainment content to said hardware graphics unit, hardware audio unit, or hardware device unit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This document describes tools capable of securely distributing entertainment content among and using distributed hardware. These tools may do so robustly by rebinding entertainment content between distributed hardware units. The tools, for example, may distribute content protection in hardware between a policy unit, a transcryption unit, a graphics processing unit, and a playback unit. By so doing the tools enable, among other things, users to select from many graphics cards rather than rely on the graphics capabilities of an integrated (e.g., SOC) hardware solution.

48 Citations

View as Search Results

20 Claims

1. A hardware transcryption unit capable of:
- establishing one or more first secure, authenticated communication channels with a hardware or software entity or entities capable of providing encrypted entertainment content and a signed policy associated with said encrypted entertainment content and governing usage rights of said encrypted entertainment content;
  
  receiving said encrypted entertainment content and said signed policy over said one or more first secure, authenticated communication channels;
  
  decrypting said encrypted entertainment content to provide decrypted entertainment content and verifying that the signed policy has not been tampered with;
  
  establishing a second secure, authenticated communication channel with a hardware graphics unit, hardware audio unit, or hardware device unit;
  
  re-encrypting said decrypted entertainment content such that only said hardware graphics unit, hardware audio unit, or hardware device unit is capable of decrypting the re-encrypted entertainment content; and
  
  providing, over the second secure, authenticated communication channel, said re-encrypted entertainment content to said hardware graphics unit, hardware audio unit, or hardware device unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A hardware transcryption unit as described in claim 1, further capable of:
    - receiving, over the one or more first secure, authenticated communication channels, an encrypted content key, said encrypted content key encrypted with a public key corresponding to a private key in the hardware transcryption unit,wherein the capability of decrypting said encrypted entertainment content comprises decrypting said encrypted content key with the private key to provide a decrypted content key and decrypting said encrypted entertainment content with the decrypted content key.
  - 3. A hardware transcryption unit as described in claim 1, further capable of:
    - receiving, over the one or more first secure, authenticated communication channels, a previously double-encrypted content key, said previously double-encrypted content key encrypted with a public key corresponding to a private key in the hardware transcryption unit and said previously double-encrypted content key having been doubly encrypted and decrypted to provide said previously double-encrypted content key by a policy unit prior to receipt by the hardware transcryption unit thereby prohibiting the policy unit from being able to decrypt the previously double-encrypted content key to provide a decrypted content key,wherein the capability of decrypting said encrypted entertainment content comprises decrypting said previously double-encrypted content key with the private key to provide a decrypted content key and decrypting said encrypted entertainment content with the decrypted content key.
  - 4. A hardware transcryption unit as described in claim 3, wherein said previously double-encrypted content key is not received from said policy unit without said policy unit determining that a policy permits said hardware graphics unit, hardware audio unit, or hardware device unit to use said re-encrypted entertainment content.
  - 5. A hardware transcryption unit as described in claim 1, wherein the capability of re-encrypting said decrypted entertainment content and said decrypted policy comprises receiving a public key corresponding to a private key of said hardware graphics unit, hardware audio unit, or hardware device unit and re-encrypting said decrypted entertainment content and said decrypted policy with said public key.
  - 6. A hardware transcryption unit as described in claim 1, further capable of combining said decrypted entertainment content and said decrypted policy prior to re-encrypting said decrypted entertainment content to provide a combination of said decrypted entertainment content and said decrypted policy, and wherein the capability of re-encrypting said decrypted entertainment content comprises re-encrypting the combination.
  - 7. A hardware transcryption unit as described in claim 1, wherein the second secure, authenticated communication channel is established with said hardware graphics unit and wherein the hardware transcryption unit is further capable of:
    - establishing a third secure, authenticated communication channel with said hardware audio unit;
      
      re-encrypting a second time said decrypted entertainment content such that only said hardware audio unit is capable of decrypting the second re-encrypted entertainment content; and
      
      providing, over the third secure, authenticated communication channel, said second re-encrypted entertainment content to said hardware audio unit.
  - 8. A hardware transcryption unit as described in claim 1, wherein the second secure, authenticated communication channel is established with said hardware device unit.

9. A method comprising establishing a secure, authenticated communication channel between distributed hardware units, the distributed hardware units comprising a transcryption unit and a graphics or audio unit effective to enable the transcryption unit to securely provide and the graphics or audio unit to securely receive entertainment content with a hardware-based level of security.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. A method as described in claim 9, wherein the transcryption unit is part of a digital rights management (DRM) domain having one or more other transcryption units and further comprising establishing a second secure, authenticated communication channel between at least one of said one or more other transcryption units and said graphics or audio unit.
  - 11. A method as described in claim 10, wherein the transcryption unit and said one or more other transcryption units have a same cryptographic key pair.
  - 12. A method as described in claim 10, wherein the transcryption unit has a first cryptographic key pair and said one or more other transcryption units have a second cryptographic key pair, the first cryptographic key pair and the second cryptographic key pair being different.
  - 13. A method as described in claim 12, further comprising receiving a content key at the transcryption unit that is encrypted with the first cryptographic key pair or at said one or more other transcryption units that is encrypted with the second cryptographic key pair, the first cryptographic key pair providing a hardware-based level of security and the second cryptographic key pair providing a software-based level of security.
  - 14. A method as described in claim 9, wherein the act of establishing the secure, authenticated communication channel comprises establishing said channel using cryptographic certificates for each of the distributed hardware units.
  - 15. A method as described in claim 9, further comprising establishing a second secure, authenticated communication channel between said graphics or audio unit and an output device capable of rendering the entertainment content.
  - 16. A method as described in claim 15, further comprising establishing a third secure, authenticated communication channel between said graphics or audio unit and a second output device effective to enable the graphics or audio unit to securely provide the entertainment content to either or both of the first-mentioned output device and the second output device.
  - 17. A method as described in claim 9, wherein said secure, authenticated communication channel is between said transcryption unit and said graphics unit and further comprising establishing a second secure, authenticated communication channel between said transcryption unit and a different, second graphics unit, the first-mentioned and second authenticated communication channels enabling secure receipt of the entertainment content by said first graphics unit and said second graphics unit, respectively.

18. A hardware graphics card capable of:
- establishing a first secure, authenticated communication channel with an entity capable of providing entertainment content;
  
  receiving encrypted entertainment across the first secure, authenticated communication channel;
  
  decrypting the encrypted entertainment content to provide decrypted entertainment content;
  
  receiving external data for rendering with the decrypted entertainment content;
  
  mixing said decrypted entertainment content with said external data to provide mixed entertainment content and external data;
  
  establishing a second secure, authenticated communication channel with a second entity capable of rendering content; and
  
  providing said mixed entertainment and external data to the second entity effective to enable said second entity to render the mixed entertainment content and external data.
- View Dependent Claims (19, 20)
- - 19. A hardware graphics card as described in claim 18, wherein the external data comprises graphics to be displayed over the entertainment content and wherein said mixed entertainment content and external data when rendered by the second entity renders the entertainment content with the graphics displayed over the entertainment content.
  - 20. A hardware graphics card as described in claim 19 that is further capable of establishing a third secure, authenticated communication channel with a third entity capable of rendering content, the second and third entities requiring the entertainment content to be received in different formats and providing said entertainment content mixed or unmixed with said external data to the third entity effective to enable said third entity to render the entertainment content mixed or unmixed with said external data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Alkove, James M., Grigorovitch, Alexandre V., Schnell, Patrik

Granted Patent

US 8,837,722 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/200
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04N 21/4181   for conditional access

H04N 21/4627   Rights management associate...

H04N 21/8355   involving usage data, e.g. ...

H04N 7/1675   Providing digital key or au...

Secure Content Distribution with Distributed Hardware

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Content Distribution with Distributed Hardware

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links