DIGITAL RIGHTS MANAGEMENT SYSTEM AND METHODS FOR PROVISIONING CONTENT TO AN INTELLIGENT STORAGE

US 20130268749A1
Filed: 04/30/2012
Published: 10/10/2013
Est. Priority Date: 04/10/2012
Status: Active Grant

First Claim

Patent Images

1. A system configured to provision content in encrypted form to a storage device, said system comprising:

an interface coupled to the storage device; and

a processor configured to determine a first cryptographic key corresponding to the content, receiving, from the storage device, a first binding key that is unique to the storage device storing the content in encrypted form, generate an access key based on a cryptographic combination of the binding key and the first cryptographic key, encrypt the content based on the access key to create an encrypted form of the content, and transmit the encrypted content and the first cryptographic key to the storage device via the interface.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to digital rights management (DRM) for content that downloaded and saved to a storage device. The storage may be a disk drive, or network attached storage. In addition, the storage device performs cryptographic operations and provides a root of trust. The DRM employs a binding key, a content key, and an access key. The binding key binds the content to a specific storage and is based on a key that is concealed on the storage. The binding key is not stored on the storage device with the content. The content key is a key that has been assigned to the content. The access key is determined based on a cryptographic combination of the content key and the binding key. In one embodiment, the content is provisioned based on the access key and stored in encrypted form in the storage device.

73 Citations

View as Search Results

20 Claims

1. A system configured to provision content in encrypted form to a storage device, said system comprising:
- an interface coupled to the storage device; and
  
  a processor configured to determine a first cryptographic key corresponding to the content, receiving, from the storage device, a first binding key that is unique to the storage device storing the content in encrypted form, generate an access key based on a cryptographic combination of the binding key and the first cryptographic key, encrypt the content based on the access key to create an encrypted form of the content, and transmit the encrypted content and the first cryptographic key to the storage device via the interface.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the first binding key is based on a key that is concealed on the storage device.
  - 3. The system of claim 1, wherein the processor is configured to authenticate the storage device, establish a secured communication channel with the storage device based on the authentication via the interface, and transmit the first cryptographic key to the storage device via the secured communication channel.
  - 4. The system of claim 1, wherein the processor is configured to request first binding key as an ephemeral key.
  - 5. The system of claim 1, wherein the processor is configured to generate an ephemeral access key based on a request received by the storage device.
  - 6. The system of claim 1, wherein the processor is configured to generate the access key based on based on a one-way function.

7. A digital rights management system, said system comprising:
- a storage device comprising a storage medium configured to store content and a storage device controller including a hardware cryptographic processor, wherein the hardware cryptographic processor is configured to generate and store a unique number, read defect information from the storage medium and perform cryptographic operations on the defect information to derive a defect number unique to the storage device, store the derived defect number on the storage medium, perform cryptographic operations on the unique number and the unique defect number to generate a binding key, and provide the binding key to a content download server;
  
  a content key server configured to provide content keys to a content download server;
  
  a content download server configured to perform cryptographic operations on at least a binding key received from a storage device and a content key received from a content key server to generate an access key, encrypt at least a portion of a content with at least the content cryptographic key, provide the encrypted content to the storage device, provide the content key received from the content key server; and
  
  a media player configured to receive a binding key and a content key from the storage device, perform cryptographic operations on the binding key and content key to generate a content cryptographic key and decrypt the content from the storage device based on the content cryptographic key.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The system of claim 7, wherein the media player and the storage device are configured to perform mutual authentication with each other.
  - 9. The system of claim 7, wherein the media player is configured to generate a decryption key for accessing the content based on combining the content keys and the binding cryptographic key.
  - 10. The system of claim 7, wherein the hardware cryptographic processor is configured to generate a set of binding keys.
  - 11. The system of claim 7, wherein the hardware cryptographic processor is configured to store a digital certificate for authenticating the media player.
  - 12. The system of claim 11, wherein the media player is configured to authenticate with the hardware cryptographic processor based on the stored digital certificate.
  - 13. The system of claim 7, wherein the storage device is configured as a network attached storage.
  - 14. The system of claim 7, wherein the hardware cryptographic processor is configured to receive a private key and a public key in a secure manufacturing environment.

15. A method of provisioning content to a storage device from a download site, said method comprising:
- providing, to the download site, a binding cryptographic key for binding content from the download site to the storage device;
  
  receiving, from the download site, a first cryptographic key associated with content encrypted by the download site;
  
  encrypting the first cryptographic key;
  
  storing the encrypted first cryptographic key on the storage device; and
  
  receiving, from the download site, encrypted content, wherein the encrypted content comprises content that is encrypted based on a cryptographic combination of the first cryptographic key and the binding key.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further comprising establishing a secured communication channel with the download site based on an authentication of the download site.
  - 17. The method of claim 15, wherein the binding key is unique to each of the storage device and based on a key that is concealed in the storage device.
  - 18. The method of claim 15, wherein the binding key is unique to a class of storage devices and based on a key that is concealed in the storage device.
  - 19. The method of claim 15, wherein authenticating the download site comprises mutually authenticating with the download site.
  - 20. The method of claim 15, wherein providing the binding cryptographic key comprises ephemerally generating the binding cryptographic key based on information that is unique to the storage device and the concealed key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
Western Digital Technologies Incorporated (Western Digital Corporation)
Inventors
BLANKENBECKLER, David L., Hesselink, Lambertus, Ybarra, Danny

Granted Patent

US 8,831,218 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

G06F 21/1014   to tokens

G06F 21/602   Providing cryptographic fac...

G06F 21/71   to assure secure computing ...

G06F 2221/2107   File encryption

G11B 20/00115   wherein the record carrier ...

G11B 20/00123   the record carrier being id...

G11B 20/00137   involving measures which re...

G11B 20/00246   wherein the key is obtained...

H04L 2209/603   Digital right managament [DRM]

H04L 9/006   involving public key infras...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/321   involving a third party or ...

DIGITAL RIGHTS MANAGEMENT SYSTEM AND METHODS FOR PROVISIONING CONTENT TO AN INTELLIGENT STORAGE

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

DIGITAL RIGHTS MANAGEMENT SYSTEM AND METHODS FOR PROVISIONING CONTENT TO AN INTELLIGENT STORAGE

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others