System And Method For Digital Rights Management With System Individualization

US 20130132733A1
Filed: 05/26/2009
Published: 05/23/2013
Est. Priority Date: 05/26/2009
Status: Abandoned Application

First Claim

Patent Images

1. A system, comprising:

a memory; and

one or more processors coupled to the memory, wherein the memory comprises program instructions executable by the one or more processors to implement a digital rights management (DRM) component configured to;

generate a request for machine-specific credentials unique to the system, the request comprising unique device information that is unique to one or more components of said system;

receive an encrypted response comprising the machine-specific credentials, the encrypted response encrypted with a machine-specific encryption key generated from said unique device information;

based on said unique device information, generate an encryption key equivalent to said machine-specific encryption key; and

decrypt the encrypted response comprising the machine-specific credentials with the generated encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of a system and method for digital rights management with system individualization are described. In various embodiments, a DRM component may generate a request for machine-specific credentials specific to the system on which the DRM component is implemented. This request may include device information of component(s) of such system. The DRM component may also receive an encrypted response that includes the machine-specific credentials. This encrypted response may be encrypted with a machine-specific encryption key generated from the device information. In various embodiments the response may be generated by an individualization server that verified the request for machine-specific credentials. The DRM component may also, based on the device information of the system on which the DRM component is implemented, generate an encryption key equivalent to the machine-specific encryption key with which the received response is encrypted. The DRM component may decrypt the encrypted response with the generated encryption key.

71 Citations

View as Search Results

45 Claims

1. A system, comprising:
- a memory; and
  
  one or more processors coupled to the memory, wherein the memory comprises program instructions executable by the one or more processors to implement a digital rights management (DRM) component configured to;
  
  generate a request for machine-specific credentials unique to the system, the request comprising unique device information that is unique to one or more components of said system;
  
  receive an encrypted response comprising the machine-specific credentials, the encrypted response encrypted with a machine-specific encryption key generated from said unique device information;
  
  based on said unique device information, generate an encryption key equivalent to said machine-specific encryption key; and
  
  decrypt the encrypted response comprising the machine-specific credentials with the generated encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the DRM component is further configured to:
    - generate a license request for a content license, the license request comprising a public key from the decrypted machine-specific credentials; and
      
      receive a content license, wherein one or more portions of the content license are encrypted with the public key; and
      
      decrypt the one or more portions of the content license with a private key from the decrypted machine-specific credentials.
  - 3. The system of claim 2, wherein the DRM component is configured to securely store the content license in an encrypted form, wherein the encrypted form of the content license is encrypted with a private key from the machine-specific credentials.
  - 4. The system of claim 2, wherein the DRM component is further configured to decrypt content with an encryption key from the one or more decrypted portions of the content license.
  - 5. The system of claim 4, wherein the DRM component is configured to enforce usage rules on said content, said usage rules from the content license.
  - 6. The system of claim 1, wherein the DRM component is configured to securely store the received machine-specific credentials in an encrypted form in said memory, wherein the machine-specific credentials are encrypted with an encryption key based on device information of one or more components of said system.
  - 7. The system of claim 1, wherein a stored representation of said DRM component in said memory includes a DRM credential specific to the DRM component, wherein said DRM credential is different than one or more DRM credentials included within one or more other DRM components deployed on one or more other systems.
  - 8. The system of claim 7, wherein the received encrypted response comprising the machine-specific credentials is additionally encrypted with a public key from the DRM credential of the DRM component, wherein the DRM component is configured to decrypt the encrypted response comprising the machine-specific credentials with a private key from the DRM credential.
  - 9. The system of claim 7, wherein the DRM component is configured to securely store the received machine-specific credentials in an encrypted form in said memory, wherein the encrypted form of said machine-specific credentials is encrypted by the DRM component with a private key from the DRM credential.
  - 10. The system of claim 1, wherein the DRM component is configured to, subsequent to a configuration change causing one or more changes in the device information for said system:
    - determine a new set of device information comprising device information for a group of components of said system;
      
      determine a measure of similarity between the new set of device information and the device information of the system prior to said configuration change;
      
      in response to determining that said measure of similarity is above a threshold value, utilize the machine-specific credentials for one or more subsequent content license requests; and
      
      in response to determining that said measure of similarity is not above a threshold value, obtain new machine-specific credentials for said system.

11. A system, comprising:
- a memory; and
  
  one or more processors coupled to the memory, wherein the memory comprises program instructions executable by the one or more processors to implement an individualization component configured to;
  
  receive a request for machine-specific credentials unique to a computer system, the request comprising unique device information that is unique to one or more components of the computer system;
  
  based on the unique device information specified by the request, generate a machine-specific encryption key;
  
  generate an encrypted response comprising the machine-specific credentials, the encrypted response encrypted with the generated machine-specific encryption key; and
  
  provide the response to the computer system.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The system of claim 11, wherein the request comprises a public key of a DRM component of said computer system, wherein the individualization component is configured to generate the encrypted response such that the encrypted response is encrypted with said public key.
  - 13. The system of claim 11, wherein the individualization component is configured to:
    - perform a widening function on the device information of the request to determine a result; and
      
      generate the encrypted response such that the machine-specific credentials include an identifier of the computer system, wherein said identifier of the computer system is based on the result of performing the widening function.
  - 14. The system of claim 13, wherein the machine-specific credentials include a digital certificate comprising a public key for the computer system and said identifier.
  - 15. The system of claim 13, wherein the result of the widening function is a Hash Message Authentication Code (HMAC).
  - 16. The system of claim 13, wherein the individualization server is further configured to randomly generate a second identifier of the computer system and include that randomly generated second identifier in the machine-specific credentials generated by the individualization server.

17. A computer-implemented method, comprising:
- performing, by one or more computers;
  
  generating a request for machine-specific credentials unique to a computer system, the request comprising unique device information that is unique to one or more components of said computer system;
  
  receiving an encrypted response comprising the machine-specific credentials, the encrypted response encrypted with a machine-specific encryption key generated from said unique device information;
  
  based on said unique device information, generating an encryption key equivalent to said machine-specific encryption key; and
  
  decrypting the encrypted response comprising the machine-specific credentials with the generated encryption key.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The method of claim 17, further comprising:
    - generating a license request for a content license, the license request comprising a public key from the decrypted machine-specific credentials; and
      
      receiving a content license, wherein one or more portions of the content license are encrypted with the public key; and
      
      decrypting the one or more portions of the content license with a private key from the decrypted machine-specific credentials.
  - 19. The method of claim 18, further comprising securely storing the content license in an encrypted form, wherein the encrypted form of the content license is encrypted with a private key from the machine-specific credentials.
  - 20. The method of claim 18, further comprising decrypting content with an encryption key from the one or more decrypted portions of the content license.
  - 21. The method of claim 20, further comprising enforcing usage rules on said content, said usage rules from the content license.
  - 22. The method of claim 17, further comprising securely storing the received machine-specific credentials in an encrypted form in a memory of said computer system, wherein the machine-specific credentials are encrypted with an encryption key based on device information of one or more components of said computer system.
  - 23. The method of claim 17, further comprising, subsequent to a configuration change causing one or more changes in the device information for said computer system:
    - determining a new set of device information comprising device information for a group of components of said computer system;
      
      determining a measure of similarity between the new set of device information and the device information of the computer system prior to said configuration change;
      
      in response to determining that said measure of similarity is above a threshold value, utilizing the machine-specific credentials for one or more subsequent content license requests; and
      
      in response to determining that said measure of similarity is not above a threshold value, obtaining new machine-specific credentials for said computer system.

24. A computer-implemented method, comprising:
- receiving a request for machine-specific credentials unique to a computer system, the request comprising unique device information that is unique to one or more components of the computer system;
  
  based on the unique device information specified by the request, generating a machine-specific encryption key;
  
  generating an encrypted response comprising the machine-specific credentials, the encrypted response encrypted with the generated machine-specific encryption key; and
  
  providing the response to the computer system.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The method of claim 24, wherein the request comprises a public key of a DRM component of said computer system, wherein the method comprises generating the encrypted response such that the encrypted response is encrypted with said public key.
  - 26. The method of claim 24, further comprising:
    - performing a widening function on the device information of the request to determine a result; and
      
      generating the encrypted response such that the machine-specific credentials include an identifier of the computer system, wherein said identifier of the computer system is based on the result of performing the widening function.
  - 27. The method of claim 26, wherein the machine-specific credentials include a digital certificate comprising a public key for the computer system and said identifier.
  - 28. The method of claim 26, wherein the result of the widening function is a Hash Message Authentication Code (HMAC).
  - 29. The method of claim 26, further comprising randomly generating a second identifier of the computer system and including that randomly generated second identifier in the generated machine-specific credentials.

30. A non-transitory computer-readable storage medium, storing program instructions executable on a computer system to implement a DRM component configured to:
- generate a request for machine-specific credentials unique to the computer system, the request comprising unique device information that is unique to one or more components of said computer system;
  
  receive an encrypted response comprising the machine-specific credentials, the encrypted response encrypted with a machine-specific encryption key generated from said unique device information;
  
  based on said unique device information, generate an encryption key equivalent to said machine-specific encryption key; and
  
  decrypt the encrypted response comprising the machine-specific credentials with the generated encryption key.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 31. The medium of claim 30, wherein the DRM component is further configured to:
    - generate a license request for a content license, the license request comprising a public key from the decrypted machine-specific credentials; and
      
      receive a content license, wherein one or more portions of the content license are encrypted with the public key; and
      
      decrypt the one or more portions of the content license with a private key from the decrypted machine-specific credentials.
  - 32. The medium of claim 31, wherein the DRM component is configured to securely store the content license in an encrypted form, wherein the encrypted form of the content license is encrypted with a private key from the machine-specific credentials.
  - 33. The medium of claim 31, wherein the DRM component is further configured to decrypt content with an encryption key from the one or more decrypted portions of the content license.
  - 34. The medium of claim 33, wherein the DRM component is configured to enforce usage rules on said content, said usage rules from the content license.
  - 35. The medium of claim 30, wherein the DRM component is configured to securely store the received machine-specific credentials in an encrypted form in memory of said computer system, wherein the machine-specific credentials are encrypted with an encryption key based on device information of one or more components of said system.
  - 36. The medium of claim 30, wherein a stored representation of said DRM component in memory of said computer system includes a DRM credential specific to the DRM component, wherein said DRM credential is different than one or more DRM credentials included within one or more other DRM components deployed on one or more other systems.
  - 37. The medium of claim 36, wherein the received encrypted response comprising the machine-specific credentials is additionally encrypted with a public key from the DRM credential of the DRM component, wherein the DRM component is configured to decrypt the encrypted response comprising the machine-specific credentials with a private key from the DRM credential.
  - 38. The medium of claim 36, wherein the DRM component is configured to securely store the received machine-specific credentials in an encrypted form in said memory, wherein the encrypted form of said machine-specific credentials is encrypted by the DRM component with a private key from the DRM credential.
  - 39. The medium of claim 30, wherein the DRM component is configured to, subsequent to a configuration change causing one or more changes in the device information for said system:
    - determine a new set of device information comprising device information for a group of components of said system;
      
      determine a measure of similarity between the new set of device information and the device information of the system prior to said configuration change;
      
      in response to determining that said measure of similarity is above a threshold value, utilize the machine-specific credentials for one or more subsequent content license requests; and
      
      in response to determining that said measure of similarity is not above a threshold value, obtain new machine-specific credentials for said system.

40. A non-transitory computer-readable storage medium, storing program instructions computer-executable to implement an individualization server configured to:
- receive a request for machine-specific credentials unique to a computer system, the request comprising unique device information that is unique to one or more components of the computer system;
  
  based on the unique device information specified by the request, generate a machine-specific encryption key;
  
  generate an encrypted response comprising the machine-specific credentials, the encrypted response encrypted with the generated machine-specific encryption key; and
  
  provide the response to the computer system.
- View Dependent Claims (41, 42, 43, 44, 45)
- - 41. The medium of claim 40, wherein the request comprises a public key of a DRM component of said computer system, wherein the individualization component is configured to generate the encrypted response such that the encrypted response is encrypted with said public key.
  - 42. The medium of claim 40, wherein the individualization component is configured to:
    - perform a widening function on the device information of the request to determine a result; and
      
      generate the encrypted response such that the machine-specific credentials include an identifier of the computer system, wherein said identifier of the computer system is based on the result of performing the widening function.
  - 43. The medium of claim 42, wherein the machine-specific credentials include a digital certificate comprising a public key for the computer system and said identifier.
  - 44. The medium of claim 42, wherein the result of the widening function is a Hash Message Authentication Code (HMAC).
  - 45. The medium of claim 42, wherein the individualization server is further configured to randomly generate a second identifier of the computer system and include that randomly generated second identifier in the machine-specific credentials generated by the individualization server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Systems Incorporated (Adobe Inc.)
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Agrawal, Sunil C., Nadell, Katherine K., Shah, Kunal D.

Application Number

US12/472,155
Publication Number

US 20130132733A1
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/10 Protecting distributed prog...

System And Method For Digital Rights Management With System Individualization

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

71 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

System And Method For Digital Rights Management With System Individualization

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links