Systems and Methods for Secure Execution of Code Using a Hardware Protection Module

US 20100241855A1
Filed: 03/17/2009
Published: 09/23/2010
Est. Priority Date: 03/17/2009
Status: Abandoned Application

First Claim

Patent Images

1. A method for executing digital rights management software comprising content code and outputting multimedia content within a secure environment, comprising:

receiving encrypted multimedia content and content code from a storage medium by a host processor, wherein the content code provides restricted content distribution by examining an environment in which a player application resides;

based on functions defined within the content code, partitioning the content code into portions by a host processor; and

based on whether the functions corresponding to the portions are related to computations involving confidential data, generating and forwarding commands and parameters related to the portions of the content code to a secure processor for decrypting the encrypted multimedia content.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for securely executing digital rights management software comprising content code are described. One method comprises receiving encrypted multimedia content and content code from a storage medium by a host processor, wherein the content code provides restricted content distribution by examining an environment in which a player application resides. Based on functions defined within the content code, the host processor partitions the content code into portions. Based on whether the functions corresponding to the portions are related to computations involving confidential data, commands and parameters related to the portions of the content code are generated and forwarded to a secure processor for decrypting the encrypted multimedia content.

24 Citations

View as Search Results

27 Claims

1. A method for executing digital rights management software comprising content code and outputting multimedia content within a secure environment, comprising:
- receiving encrypted multimedia content and content code from a storage medium by a host processor, wherein the content code provides restricted content distribution by examining an environment in which a player application resides;
  
  based on functions defined within the content code, partitioning the content code into portions by a host processor; and
  
  based on whether the functions corresponding to the portions are related to computations involving confidential data, generating and forwarding commands and parameters related to the portions of the content code to a secure processor for decrypting the encrypted multimedia content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 18)
- - 2. The method of claim 1, wherein the content code is executed by a virtual machine on the host processor.
  - 3. The method of claim 1, wherein the confidential data comprises:
    - encrypted keys; and
      
      a decryption table.
  - 4. The method of claim 3, wherein the encrypted keys are embedded within the player application.
  - 5. The method of claim 3, wherein the decryption table is embedded within the player application and read by the host processor.
  - 6. The method of claim 3, wherein the decryption table is calculated during execution of the content code by a virtual machine of the host processor.
  - 7. The method of claim 1, wherein generating and forwarding commands and parameters to a secure processor comprises first encrypting the commands and parameters associated with portions of the content code using keys shared between the host processor and the secure processor.
  - 8. The method of claim 1, further comprising:
    - at the secure processor, executing authentication commands in conjunction with the host processor to determine whether the player application is an authorized player, wherein the authentication commands are executed based on the content code;
      
      decrypting received commands and parameters related to the portions of content code at the secure processor;
      
      executing the commands based on the parameters at the secure processor to decrypt the encrypted multimedia content; and
      
      transmitting the multimedia content to an output device.
  - 9. The method of claim 1, wherein functions corresponding to the portions related to computations involving confidential data comprise sub-instructions and micro-instructions.
  - 10. The method of claim 8, further comprising decoding the multimedia content by the secure processor after decrypting received commands and parameters related to the portions of content code at the secure processor.
  - 11. The method of claim 8, further comprising decoding the multimedia content by the host processor after decrypting received commands and parameters related to the portions of content code at the secure processor.
  - 12. The method of claim 8, further comprising executing any remaining portions of the content code not executed by the secure processor at the host processor.
  - 13. The method of claim 8, further comprising the host processor querying the secure processor to monitor execution of the commands being executed by the secure processor.
  - 14. The method of claim 8, wherein transmitting the multimedia content to an output device comprises outputting the multimedia content to an output device that has incorporated a restricted access standard comprising one of:
    - High-bandwidth Digital Content Protection (HDCP),Analog Content Protection (ACP), andCopy Generation Management System (CGMS).
  - 18. The system of claim 11, wherein the partitioning logic is configured to implement traps within the content code to monitor for computations involving confidential data within the content code.

15. A playback system for executing digital rights management software and outputting multimedia content, comprising:
- a media interface for receiving the encrypted multimedia content and content code from a storage medium;
  
  a host processor configured to execute logic for partitioning the content code into portions based on functions to be performed by the content code;
  
  a secure hardware protection module communicatively coupled to the host processor, wherein the secure hardware protection module comprises a secure processor configured to receive and execute commands associated with the portions of the content code related to computations involving confidential data, wherein the secure processor is accessible only by the host processor; and
  
  an output interface configured to output decoded multimedia content to an output device.
- View Dependent Claims (16, 17, 19, 20, 21, 22, 23, 25, 26, 27)
- - 16. The system of claim 15, wherein the secure hardware protection module comprises random access memory (RAM) accessible only by the secure processor.
  - 17. The system of claim 15, wherein the host processor is further configured to implement a virtual machine for executing and partitioning the content code.
  - 19. The system of claim 15, wherein the host processor is configured to encrypt the commands prior to sending the commands to the hardware protection module based on keys shared between the host processor and the secure processor.
  - 20. The system of claim 19, wherein the secure hardware protection module further comprises a decryptor for decrypting encrypted commands received form the host processor.
  - 21. The system of claim 15, wherein the content code comprises BD+ virtual machine-based code.
  - 22. The system of claim 15, wherein the storage medium is a BD disc.
  - 23. The system of claim 15, wherein the hardware protection module further comprises an OPM (output protection management) module configured to support a restricted access standard comprising one of:
    - High-bandwidth Digital Content Protection (HDCP),Analog Content Protection (ACP), andCopy Generation Management System (CGMS).
  - 25. The computer-readable medium of claim 15, further comprising a virtual machine for executing the BD+ content code.
  - 26. The computer-readable medium of claim 15, wherein the program is further configured to perform playback of multimedia content stored on the BD.
  - 27. The computer-readable medium of claim 26, wherein the program is further configured to receive data generated by execution of the commands by the secure processor, wherein the program utilizes the data to perform playback of the multimedia content.

24. A computer-readable medium storing a program for execution on a host processor, the program comprising computer executable instructions configured to perform the steps of:
- receiving encrypted multimedia content and content code from a Blu-ray Disc (BD), wherein the content code provides restricted content distribution based on the BD+ standard;
  
  utilizing traps within the program to partition the content code at the host processor based on functions to be performed by the content code; and
  
  forwarding commands and parameters associated with portions of the content code relating to computations involving confidential data to a secure processor for decrypting the encrypted multimedia content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cyberlink Corporation
Original Assignee
Cyberlink Corporation
Inventors
Wu, Kuang-che, Chou, Hung-Te

Application Number

US12/405,518
Publication Number

US 20100241855A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/109   by using specially-adapted ...

G06F 21/72   in cryptographic circuits

G11B 20/00086   Circuits for prevention of ...

G11B 20/00173   wherein the origin of the c...

G11B 20/0021   involving encryption or dec...

G11B 20/00246   wherein the key is obtained...

G11B 20/00362   the key being obtained from...

G11B 20/00427   advanced access content sys...

G11B 20/00463   high-bandwidth digital cont...

G11B 20/00659   involving a control step wh...

G11B 20/00731   involving a digital rights ...

G11B 20/00753   wherein the usage restricti...

G11B 2220/2541   Blu-ray discs; Blue laser D...

H04N 21/42646   for reading from or writing...

H04N 21/4405   involving video stream decr...

Systems and Methods for Secure Execution of Code Using a Hardware Protection Module

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods for Secure Execution of Code Using a Hardware Protection Module

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links