DIGITAL RIGHTS MANAGEMENT SYSTEM AND METHODS FOR PROVISIONING CONTENT TO AN INTELLIGENT STORAGE
First Claim
1. A system configured to provision content in encrypted form to a storage device, said system comprising:
- an interface coupled to the storage device; and
a processor configured to determine a first cryptographic key corresponding to the content, receiving, from the storage device, a first binding key that is unique to the storage device storing the content in encrypted form, generate an access key based on a cryptographic combination of the binding key and the first cryptographic key, encrypt the content based on the access key to create an encrypted form of the content, and transmit the encrypted content and the first cryptographic key to the storage device via the interface.
8 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to digital rights management (DRM) for content that downloaded and saved to a storage device. The storage may be a disk drive, or network attached storage. In addition, the storage device performs cryptographic operations and provides a root of trust. The DRM employs a binding key, a content key, and an access key. The binding key binds the content to a specific storage and is based on a key that is concealed on the storage. The binding key is not stored on the storage device with the content. The content key is a key that has been assigned to the content. The access key is determined based on a cryptographic combination of the content key and the binding key. In one embodiment, the content is provisioned based on the access key and stored in encrypted form in the storage device.
73 Citations
20 Claims
-
1. A system configured to provision content in encrypted form to a storage device, said system comprising:
-
an interface coupled to the storage device; and a processor configured to determine a first cryptographic key corresponding to the content, receiving, from the storage device, a first binding key that is unique to the storage device storing the content in encrypted form, generate an access key based on a cryptographic combination of the binding key and the first cryptographic key, encrypt the content based on the access key to create an encrypted form of the content, and transmit the encrypted content and the first cryptographic key to the storage device via the interface. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A digital rights management system, said system comprising:
-
a storage device comprising a storage medium configured to store content and a storage device controller including a hardware cryptographic processor, wherein the hardware cryptographic processor is configured to generate and store a unique number, read defect information from the storage medium and perform cryptographic operations on the defect information to derive a defect number unique to the storage device, store the derived defect number on the storage medium, perform cryptographic operations on the unique number and the unique defect number to generate a binding key, and provide the binding key to a content download server; a content key server configured to provide content keys to a content download server; a content download server configured to perform cryptographic operations on at least a binding key received from a storage device and a content key received from a content key server to generate an access key, encrypt at least a portion of a content with at least the content cryptographic key, provide the encrypted content to the storage device, provide the content key received from the content key server; and a media player configured to receive a binding key and a content key from the storage device, perform cryptographic operations on the binding key and content key to generate a content cryptographic key and decrypt the content from the storage device based on the content cryptographic key. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of provisioning content to a storage device from a download site, said method comprising:
-
providing, to the download site, a binding cryptographic key for binding content from the download site to the storage device; receiving, from the download site, a first cryptographic key associated with content encrypted by the download site; encrypting the first cryptographic key; storing the encrypted first cryptographic key on the storage device; and receiving, from the download site, encrypted content, wherein the encrypted content comprises content that is encrypted based on a cryptographic combination of the first cryptographic key and the binding key. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification