Digital rights managment system, devices, and methods for binding content to an intelligent storage device
First Claim
1. A storage device configured to generate a binding key for binding data stored in the storage device, said storage device comprising:
- a storage medium comprising a user area and a non-user area; and
a controller comprising a cryptographic module providing a hardware root of trust and a secured memory, wherein the controller is configured to generate a unique identifier for data to be stored in the user area of the storage medium, determine a first cryptographic key that is concealed by the cryptographic module, and generate a binding key that can be exposed based on the unique identifier and the concealed first cryptographic key.
8 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to digital rights management (DRM) for content that may be downloaded and bound to a storage device. The storage device may be an intelligent storage device, such as a disk drive, or network attached storage. In addition, the storage device is capable of performing cryptographic operations and providing a root of trust. In one embodiment, the DRM employs a binding key, a content key, and an access key. The binding key binds the content to a specific storage and is based on a key that is concealed on the storage. However, the binding key is not stored on the storage with the content. The content key is a key that has been assigned to the content, for example, by a trusted third party. The access key is determined based on a cryptographic combination of the content key and the binding key. In one embodiment, the content is encrypted based on the access key and stored in encrypted form in the storage device.
82 Citations
20 Claims
-
1. A storage device configured to generate a binding key for binding data stored in the storage device, said storage device comprising:
-
a storage medium comprising a user area and a non-user area; and a controller comprising a cryptographic module providing a hardware root of trust and a secured memory, wherein the controller is configured to generate a unique identifier for data to be stored in the user area of the storage medium, determine a first cryptographic key that is concealed by the cryptographic module, and generate a binding key that can be exposed based on the unique identifier and the concealed first cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A digital rights management system, said system comprising:
-
a content key server configured to provide a first cryptographic key for encrypting content; a storage device comprising a storage medium configured to store content and a hardware cryptographic processor determining an ephemeral binding key that is unique to the hardware processor; a download server configured to provide encrypted content to the storage device, wherein the download server receives the binding key from the storage device, receives the first cryptographic key from the content key server, and encrypts the content based on a cryptographic combination of at least the first cryptographic key and the binding key; and a media player configured to receive the binding key, the first cryptographic key, and the encrypted content from the storage device, and decrypt the encrypted content based on a cryptographic combination of at least the first cryptographic key and the binding key. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method of determining a key that binds data to a storage device, wherein said storage device comprises a controller, a cryptographic module with a memory, and a storage medium, said method comprising:
-
generating a unique identifier for data to be stored on the storage medium of the storage device; determining, by the cryptographic module, a first cryptographic key that is concealed in the storage device; generating, by the cryptographic module, a binding key based on the unique identifier and the concealed first cryptographic key; and transmitting the binding key to a server that provides the data to the storage device. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification