PRE-PERFORMING OPERATIONS FOR ACCESSING PROTECTED CONTENT

US 20090192942A1
Filed: 01/25/2008
Published: 07/30/2009
Est. Priority Date: 01/25/2008
Status: Active Grant

First Claim

Patent Images

1. In a DRM system including a DRM server, a central repository, a pre-generation module, and one or more client machines, a method for pre-generating principal cryptographic key pairs for use in DRM operations prior to receiving a key request for a principal cryptographic key pair, the method comprising:

an act of receiving a key pre-generation request from a pre-generation module in the DRM system, the key pre-generation request sent from the pre-generation module in response to the occurrence of a key pre-generation event within the DRM system;

an act of performing cryptographic operations to pre-generate one or more principal cryptographic key pairs of a compatible format for use with the DRM system in response to the key pre-generation request, the one or more principal cryptographic key pairs pre-generated for subsequent distribution to requesting client machines in response to corresponding subsequent key requests; and

an act of storing the one or more pre-generated principal cryptographic keys in the central repository for subsequent distribution to client machines, including subsequent distribution to client machines in response to provisioning requests from client machines such that resource consumption to provision a client machine for use with the DRM system is reduced.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention extends to methods, systems, and computer program products for pre-performing operations for accessing protected content. Cryptographic user key pairs can be pre-generated and distributed in response to a variety of different events prior to provisioning client machine for accessing protected content. Usage licenses can be pre-generated and allocated prior to requests for usage licenses. Usage licenses can be pre-obtained for client machines prior to client machines access protected content. Pre-performed operations can be performed in response to detected events, such as, for example, reduced resource consumption in a Digital Rights Management system.

64 Citations

View as Search Results

20 Claims

1. In a DRM system including a DRM server, a central repository, a pre-generation module, and one or more client machines, a method for pre-generating principal cryptographic key pairs for use in DRM operations prior to receiving a key request for a principal cryptographic key pair, the method comprising:
- an act of receiving a key pre-generation request from a pre-generation module in the DRM system, the key pre-generation request sent from the pre-generation module in response to the occurrence of a key pre-generation event within the DRM system;
  
  an act of performing cryptographic operations to pre-generate one or more principal cryptographic key pairs of a compatible format for use with the DRM system in response to the key pre-generation request, the one or more principal cryptographic key pairs pre-generated for subsequent distribution to requesting client machines in response to corresponding subsequent key requests; and
  
  an act of storing the one or more pre-generated principal cryptographic keys in the central repository for subsequent distribution to client machines, including subsequent distribution to client machines in response to provisioning requests from client machines such that resource consumption to provision a client machine for use with the DRM system is reduced.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as recited in claim 1, further comprising:
    - an act of receiving a key request from a client machine, the key request requesting delivery of a cryptographic key pair to the client machine, the key request sent from the client machine in response to detecting at least one of a participant logon event at the client machine, an enterprise scheduled time event, a password expiration event, and a password change event.
  - 3. The method as recited in claim 2, further comprising:
    - an act of detecting that the participant is not currently associated with a cryptographic key pair compatible for use with the DRM system;
      
      an act of associating one of the pre-generated cryptographic key pairs stored in the central repository with the participant; and
      
      an act of distributing the associated pre-generated cryptographic key pair to the client machine such that resources of the DRM system are more evenly utilized to provision the client machine for use with the DRM system and such that the associated pre-generated cryptographic key pair is already available for use in cryptographic operations when DRM protected content is subsequently received at the client machine.
  - 4. The method as recited in claim 2, further comprising:
    - an act of detecting that the participant was previously associated with a cryptographic key pair stored in the central repository;
      
      an act of distributing the previously associated cryptographic key pair to the client machine such that the previously associated cryptographic key pair is already available for use in cryptographic operations when DRM protected content is subsequently received at the client machine.
  - 5. The method as recited in claim 1, wherein the act of receiving a key pre-generation request from a pre-generation module in the DRM system comprises an act of receiving an indication that available resources of the DRM system are above a specified threshold.
  - 6. The method as recited in claim 1, wherein the act of receiving a key pre-generation request from a pre-generation module in the DRM system comprises an act of receiving an express command from a pre-generation module.
  - 7. The method as recited in claim 1, further comprising:
    - an act of distributing one of the pre-generated cryptographic key pairs to a user of a client machine;
      
      an act of a accessing a usage policy for DRM protected content, the usage policy describing how and under what conditions one or more principals can use the DRM protected content;
      
      an act of storing the usage policy in the central repository;
      
      an act of detecting a pre-licensing event within the DRM system;
      
      an act of a policy monitoring agent subsequently initiating a pre-licensing process for the protected content based on the usage policy and in response to the pre-licensing event, including;
      
      an act of identifying the user of the client machine as a possible consumer of the protected content from the usage policy;
      
      an act of determining how and under what conditions the user can use the DRM protected content from the usage policy;
      
      an act of performing cryptographic operations to pre-generate a usage license for the user, the usage license expressing how and under what conditions the user can use the DRM protected; and
      
      an act of allocating the pre-generated usage license for subsequent distribution to the user, including subsequent distribution to other client machines in response to a consumer request to use the DRM protected content such that resource consumption to distribute the usage license to client machines is reduced when satisfying a subsequent consumer request.
  - 8. The method as recited in claim 7, further comprising:
    - an act of a client licensing agent accessing the usage policy for the DRM protected content;
      
      an act of the client licensing agent identifying the set of principals named in the usage policy;
      
      for each principal in the identified set of principals;
      
      an act of querying a network resource for a principal cryptographic key pair for the principal;
      
      an act of receiving one of the pre-generated cryptographic key pairs for the principal from the network resource;
      
      an act of utilizing the received pre-generated principal cryptographic key pair to query the DRM server for a usage license for the principal;
      
      an act of receiving a pre-generated usage license for the principal from the DRM server, the pre-generated usage license having been pre-generated by the policy monitoring agent; and
      
      an act of storing the received pre-generated usage license for the principal such that further resource consumption to deliver the usage license to a client machine is reduced.

9. In a DRM system including a DRM server, a central repository, a policy monitoring agent, and one or more client machines, a method for generating a usage license for use in DRM operations prior to receiving a request for a usage license, the method comprising:
- an act of accessing a usage policy for DRM protected content, the usage policy describing how and under what conditions one or more principals can use the DRM protected content;
  
  an act of storing the usage policy in the central repository;
  
  an act of detecting a pre-licensing event within the DRM system;
  
  an act of subsequently initiating a pre-licensing process for the protected content based on the usage policy and in response to the pre-licensing event, including;
  
  an act of identifying each possible consumer of the protected content from the usage policy;
  
  for each possible consumer;
  
  an act of determining how and under what conditions the consumer can use the DRM protected content from the usage policy;
  
  an act of performing cryptographic operations to pre-generate a usage license for the consumer, the usage license expressing how and under what conditions the consumer can use the DRM protected content; and
  
  an act of allocating the pre-generated usage license for subsequent distribution to client machines, including subsequent distribution to a client machine in response to a consumer request to use the DRM protected content such that resource consumption to distribute the usage license to a client machine is reduced when satisfying a subsequent consumer request.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method as recited in claim 9, wherein the act of detecting a pre-licensing event within the DRM system comprises an act of receiving an indication that available resources of the DRM system are above a specified threshold.
  - 11. The method as recited in claim 9, wherein the act of performing cryptographic operations to pre-generate a usage license for the consumer comprises an act of accessing a pre-generated cryptographic key pair for the consumer.
  - 12. The method as recited in claim 9, wherein the act of allocating the pre-generated usage license for subsequent distribution to client machines comprises an act of storing the pre-generated usage license in the central repository.
  - 13. The method as recited in claim 9, wherein the act of allocating the pre-generated usage license for subsequent distribution to client machines comprises an act of sending the pre-generated usage license to a client machine.
  - 14. The method as recited in claim 9, wherein the act of allocating the pre-generated usage license for subsequent distribution to client machines comprises an act of sending the pre-generated usage license to a client licensing agent for further distribution to a client machine.
  - 15. The method as recited in claim 9, further comprising:
    - an act of a client licensing agent accessing a usage policy for DRM the protected content;
      
      an act of the client licensing agent identifying a set of principals named in the usage policy;
      
      for each principal in the identified set of principals;
      
      an act of the client licensing agent querying a network resource for a principal public key from a principal cryptographic key pair for the principal;
      
      an act of the client licensing agent receiving a principal public key for the principal from the network resource;
      
      an act of the client licensing agent including the principal public key in a query to the DRM server for a usage license for the principal;
      
      an act of the client licensing agent receiving one of the pre-generated usage license for the principal from the DRM server; and
      
      an act of the client licensing agent storing the received pre-generated usage license for the principal such that further resource consumption to deliver the pre-generated usage license to a client machine is reduced.

16. In a DRM system including a DRM server, a central repository, a policy monitoring agent, and one or more client machines, a method for obtaining a usage license for protected content prior to receiving a request to use the protected content, the method comprising:
- an act of accessing a usage policy for DRM protected content, the usage policy describing how and under what conditions one or more principals can use the DRM protected content;
  
  an act of identifying a set of principals named in the usage policy;
  
  for each principal in the identified set of principals;
  
  an act of querying a network resource for a principal public key from a principal cryptographic key pair for the principal;
  
  an act of receiving a principal public key for the principal from the network resource;
  
  an act of including the principal public key in a query to the DRM server for a usage license for the principal;
  
  an act of receiving a usage license for the principal from the DRM server; and
  
  an act of storing the received usage license for the principal such that further resource consumption to deliver the usage license to a client machine is reduced.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method as recited in claim 16, wherein the act of receiving a principal public key for the principal from the network resource comprises an act of receiving a pre-generated principal public key for the principal that was generated before the principal was provisioned.
  - 18. The method as recited in claim 16, wherein the act of receiving a usage license for the principal from the DRM server comprises an act of receiving a pre-generated usage license that was generated before the principal accessed the protected content.
  - 19. The method as recited in claim 16, wherein the act of storing the received usage license for the principal comprises an act of storing the usage license along with the protected content
  - 20. The method as recited in claim 16, further comprising:
    - an act of distributing the usage license along with the protected content to a client machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Yarmolenko, Vladimir, Zhong, Yuhui, Cottrille, Scott C., Brown, Jeffrey M., Kostal, Gregory, Malaviarachchi, Rushmi U., Karamfilov, Krassimir E., Rozenfeld, Yevgeniy, Hendrix, Jody A., Fulay, Amit, Dhond, Umesh R.

Granted Patent

US 7,882,035 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/59
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 9/088   Usage controlling of secret...

H04L 9/30   Public key, i.e. encryption...

Y10S 705/902   Licensing digital content

PRE-PERFORMING OPERATIONS FOR ACCESSING PROTECTED CONTENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PRE-PERFORMING OPERATIONS FOR ACCESSING PROTECTED CONTENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links