DIGITAL RIGHTS MANAGEMENT SYSTEM TRANSFER OF CONTENT AND DISTRIBUTION
First Claim
1. A first storage device configured to provide content to a player system for rendering of the content, wherein the content has been transferred by a trusted server from a second storage device, said first storage device comprising:
- a storage medium comprising a user area that is accessible by the player system and a non-user area that is not accessible by the player system; and
a controller comprising a cryptographic module providing a hardware root of trust and a secured memory, wherein the controller is configured to authenticate the player system, establish a secured communication channel with the player system based on the authentication, provide, to the player system, a first cryptographic key, wherein the first cryptographic key is unique to the second storage device and based on a key that was concealed by the second storage device, provide, to the player system, a second cryptographic key that is associated with the content, and provide, to the player system, the content in encrypted form from the user area of the storage medium, wherein the content is accessible based on a cryptographic combination of the first cryptographic key and the second cryptographic key.
8 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to digital rights management (DRM) for content that may be downloaded and securely transferred from one storage to another storage. The storage may be a disk drive, or network attached storage. The storage performs cryptographic operations and provides a root of trust. The DRM system enables secure copying or transfer of content from one storage device to another storage device. In this embodiment, a trusted server that is authenticated and trusted by both storage devices brokers the transfer of content. The trusted server may be a separate entity of the DRM system or may be a component or function of an existing server of the DRM system. In another embodiment, the storage devices may transfer content in a peer-to-peer fashion. The transfer of content may be authorized and controlled based on a digital certificate associated with the content.
77 Citations
20 Claims
-
1. A first storage device configured to provide content to a player system for rendering of the content, wherein the content has been transferred by a trusted server from a second storage device, said first storage device comprising:
-
a storage medium comprising a user area that is accessible by the player system and a non-user area that is not accessible by the player system; and a controller comprising a cryptographic module providing a hardware root of trust and a secured memory, wherein the controller is configured to authenticate the player system, establish a secured communication channel with the player system based on the authentication, provide, to the player system, a first cryptographic key, wherein the first cryptographic key is unique to the second storage device and based on a key that was concealed by the second storage device, provide, to the player system, a second cryptographic key that is associated with the content, and provide, to the player system, the content in encrypted form from the user area of the storage medium, wherein the content is accessible based on a cryptographic combination of the first cryptographic key and the second cryptographic key. - View Dependent Claims (2, 3, 4)
-
-
5. A player system configured to play encrypted content transferred by a trusted server, said system comprising:
-
a first interface configured to communicate with a first storage device storing encrypted content, wherein the content was transferred by the trusted server to the first storage device from a second storage device; and a processor configured to authenticate the first storage device, establish a secured communication channel with the first storage device via the first interface, receive, from the first storage device, a binding cryptographic key that is unique to the second storage device and based on a key that was concealed in the second storage device, receive, from the first storage device, a second cryptographic key that is associated with the content, determine an access key for the content based on a cryptographic combination of the binding cryptographic key and the second cryptographic key, receive, from the first storage device, the encrypted content, and decrypt the content based on the access key. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A method of enabling authorized transfer of content via a trusted server from a first storage to a second storage, said method comprising:
-
receiving a binding key that is unique to the first storage and binds the content to the first storage; encrypting, by the second storage, the binding key based on a second concealed key that is concealed on the second storage; storing the encrypted binding key in the secure area of the second storage; receiving a first cryptographic key from the first storage; encrypting, by the second storage, the first cryptographic key based on a second concealed key that is concealed on the second storage; and storing the first cryptographic key in the secure area of the second device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification