Adaptable security mechanism for preventing unauthorized access of digital data
First Claim
1. A method for converting content data from machine-bound to user-bound, the method comprising:
- (i) binding the content data to one or more hardware devices using one or more binding keys which are related to the one or more hardware devices;
(ii) converting the one or more binding keys to form one or more cleartext keys such that the one or more cleartext keys are independent of the one or more hardware devices; and
(iii) binding the one or more cleartext keys to a user to form one or more user-bound keys.
3 Assignments
0 Petitions
Accused Products
Abstract
Content such as computer software, data representing audiovisual works, and electronic documents can converted from a machine-bound state to user-bound state without modification to the content data itself. Instead, keys used to access the content are converted from the machine-bound state to the user-bound state. In particular, the keys are kept in a passport data structure which can represent either a machine-binding or a user-binding. A machine-bound passport can be upgraded to a user-bound passport without modifying the bound content. The private key of the machine-bound passport, in cleartext form, is included in the user-bound passport and encrypted using a user-supplied password to bind the private key to the user. In addition, private user information is collected and verified and included in the user-bound passport. Upgrading a machine-bound passport can be initiated automatically upon detection that an attempt is made to play back machine-bound content on a machine other than the one to which the content is bound.
-
Citations
9 Claims
-
1. A method for converting content data from machine-bound to user-bound, the method comprising:
-
(i) binding the content data to one or more hardware devices using one or more binding keys which are related to the one or more hardware devices;
(ii) converting the one or more binding keys to form one or more cleartext keys such that the one or more cleartext keys are independent of the one or more hardware devices; and
(iii) binding the one or more cleartext keys to a user to form one or more user-bound keys. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
requiring that the user enters a password prior to allowing use of the user-bound keys to access the content data.
-
-
3. The method of claim 2 wherein (iii) binding further comprises:
encrypting the one or more cleartext keys using the password as an encryption key.
-
4. The method of claim 1 wherein (iii) binding comprises:
encrypting the one or more cleartext keys to form the user-bound keys in a manner which requires that the user provide a decryption key to decrypt the cleartext keys from the user-bound keys to thereby provide access to the content data.
-
5. The method of claim 1 wherein (iii) binding comprises:
associating private information of the user with the content data such that playback of the content data causes display of the private user information.
-
6. The method of claim 1 wherein (i) binding comprises:
encrypting the one or more cleartext keys using hardware identification data as an encryption key to form the one or more binding keys wherein the hardware identification data corresponds to the one or more hardware devices.
-
7. The method of claim 6 wherein (ii) converting comprises:
decrypting the one or more binding keys using the hardware identification data as the encryption key to form the one or more cleartext keys.
-
8. The method of claim 1 further comprising:
-
determining that a pre-existing data structure binds the user to other content;
wherein (iii) binding includes;
including the user-bound keys as one or more additional keys to the data structure.
-
-
9. The method of claim 1 wherein (ii) converting and (iii) binding are performed in response to detection of a condition in which the user requests playback of the content data in a system which does not include the one or more hardware devices.
Specification