DEVICE AND METHOD FOR A BACKUP OF RIGHTS OBJECTS
1 Assignment
0 Petitions
Accused Products
Abstract
A common backup format of a backup rights object according to embodiments of the present invention has the following features: License information that is not critical for cryptographic security of the rights object is kept in “plain text” with a well defined syntax in a first data container, license information that is critical for cryptographic security of the rights object is stored in cryptographically protected form that is specific for the originating device to which the rights object is bound to in a second data container, and the rights object is cryptographically signed by the originating device such that it may not be manipulated. The signature is stored in a third data container.
-
Citations
39 Claims
-
1-23. -23. (canceled)
-
24. An apparatus for storing a backup version of a digital rights object bound to an originating device and related to a digital media content, the apparatus comprising:
-
a parser which is adapted to acquire first information of the digital rights object, the first information not being critical for a usage of the digital media content, and to acquire second information of the digital rights object, the second information being critical for the usage of the digital media content, wherein the parser is adapted to acquire a rights encryption key of the digital rights object as at least a part of the second information, wherein the rights encryption key is used to encrypt/decrypt a content encryption key related to the digital media content; an encrypter for encrypting the second information using a secret of the originating device to acquire encrypted second information, wherein the encrypter is adapted to encrypt the acquired rights encryption key with a backup encryption key as the secret of the originating device, wherein the backup encryption key is a cryptographic key for a symmetric key-algorithm, wherein the backup encryption key is based on a further secret of the originating device and at least the first information, such that the backup encryption key is different for different backup rights objects with different first information; a signature generator being adapted to generate a signature of the originating device over at least the first information of the digital rights object; and a recorder which is adapted to store the first information in a way such that the first information is readable by at least a second device, to store the encrypted second information such that the encrypted second information is not readable by at least the second device, and to store the signature, such that the backup rights object comprises the stored first information, the encrypted second information and the signature. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
-
-
32. A method for storing a backup version of a digital rights object bound to an originating device and related to a digital media content, the method comprising:
-
acquiring first information of the digital rights object, the first information not being critical for a usage of the digital media content, and acquiring second information of the digital rights object, the second information being critical for the usage of the digital media content, wherein a rights encryption key of the digital rights object is acquired as at least a part of the second information, wherein the rights encryption key is used to encrypt/decrypt a content encryption key related to the digital media content; encrypting the second information using a secret of the originating device to acquire encrypted second information, wherein the acquired rights encryption key is encrypted with a backup encryption key as the secret of the originating device, wherein the backup encryption key is a cryptographic key for a symmetric key-algorithm, and wherein the backup encryption key is based on a further secret of the originating device and at least the first information, such that the backup encryption key is different for different backup rights objects with different first information; generating a signature of the originating device over at least the first information of the digital rights object; and storing the first information in a way such that the first information is readable by at least a second device, to store the encrypted second information such that the encrypted second information is not readable by at least the second device, and to store the signature, such that the backup rights object comprises the stored first information, the encrypted second information and the signature.
-
-
33. A tangible computer readable medium including a computer program for carrying out, when the computer program runs on a computer or a micro-controller, a method for storing a backup version of a digital rights object bound to an originating device and related to a digital media content, the method comprising:
-
acquiring first information of the digital rights object, the first information not being critical for a usage of the digital media content, and acquiring second information of the digital rights object, the second information being critical for the usage of the digital media content, wherein a rights encryption key of the digital rights object is acquired as at least a part of the second information, wherein the rights encryption key is used to encrypt/decrypt a content encryption key related to the digital media content; encrypting the second information using a secret of the originating device to acquire encrypted second information, wherein the acquired rights encryption key is encrypted with a backup encryption key as the secret of the originating device, wherein the backup encryption key is a cryptographic key for a symmetric key-algorithm, and wherein the backup encryption key is based on a further secret of the originating device and at least the first information, such that the backup encryption key is different for different backup rights objects with different first information; generating a signature of the originating device over at least the first information of the digital rights object; and storing the first information in a way such that the first information is readable by at least a second device, to store the encrypted second information such that the encrypted second information is not readable by at least the second device, and to store the signature, such that the backup rights object comprises the stored first information, the encrypted second information and the signature.
-
-
34. An apparatus for reading a backup rights object bound to an originating device and related to a digital media content, the backup rights object having stored first information not being critical for a usage of the digital media content, encrypted second information being critical for the usage of the digital media content and a signature of the originating device over at least the first information, the apparatus comprising:
-
a processor for verifying the signature stored in the backup rights object, wherein the signature is based on a first secret of the originating device and at least the first information; and a decrypter for decrypting the encrypted second information based on a second secret of the originating device, wherein the second secret is a cryptographic key for a symmetric key-algorithm, and wherein the second secret is based on a further secret of the originating device and at least the first information, such that the second secret is different for different backup rights objects with different first information. - View Dependent Claims (35, 36, 37)
-
-
38. A method for reading a backup rights object bound to an originating device and related to a digital media content, the backup rights object having stored first information not being critical for a usage of the digital media content, encrypted second information being critical for the usage of the digital media content and a signature of the originating device over at least the first information, the method comprising:
-
verifying the signature stored in the backup rights object, wherein the signature is based on a first secret of the originating device and at least the first information; and a decrypter for decrypting the encrypted second information based on a second secret of the originating device, wherein the second secret is a cryptographic key for a symmetric key-algorithm, and wherein the second secret is based on a further secret of the originating device and at least the first information, such that the second secret is different for different backup rights objects with different first information.
-
-
39. A tangible computer readable medium including a computer program for carrying out, when the computer program runs on a computer or a micro-controller, a method for reading a backup rights object bound to an originating device and related to a digital media content, the backup rights object having stored first information not being critical for a usage of the digital media content, encrypted second information being critical for the usage of the digital media content and a signature of the originating device over at least the first information, the method comprising:
-
verifying the signature stored in the backup rights object, wherein the signature is based on a first secret of the originating device and at least the first information; and a decrypter for decrypting the encrypted second information based on a second secret of the originating device, wherein the second secret is a cryptographic key for a symmetric key-algorithm, and wherein the second secret is based on a further secret of the originating device and at least the first information, such that the second secret is different for different backup rights objects with different first information.
-
Specification