Method and system for binding enhanced software features to a persona
First Claim
1. A method of enabling the use of an item on plural computing devices, said method comprising the acts of:
- providing, to a first computing device associated with a persona, first data which enables the use of said item on said first computing device; and
determining that a second computing device is associated with said persona; and
providing to said second computing device second data which enables the use of said item on said second computing device, wherein said first data differs in at least some respect from said second data, wherein said first data comprises a first cryptographic key which enables the use of said item, said first cryptographic key being included in said first data in a form encrypted by a second cryptographic key, and wherein said second data comprises said first cryptographic key in a form encrypted by a third cryptographic key different from said second cryptographic key, wherein said item comprises encrypted content and a decryption key which decrypts said encrypted content, and wherein said decryption key is encrypted so as to be decryptable by said first cryptographic key, wherein said first data further comprises a fourth cryptographic key, wherein said second data further comprises said fourth cryptographic key, wherein said first and fourth cryptographic keys are the private and public keys, respectively, of an asymmetric key pair, and wherein said decryption key is included in said item in a form encrypted by said fourth cryptographic key, and wherein the method further comprises the acts of;
providing to said first computing device a first set of computer-executable instructions which applies said second cryptographic key; and
providing to said second computing device a second set of computer-executable instructions which applies said third cryptographic key.
4 Assignments
0 Petitions
Accused Products
Abstract
A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. Each retail site is equipped with a URL encryption object, which encrypts, according to a secret symmetric key shared between the retail site and the fulfillment site, information that is needed by the fulfillment site to process an order for content sold by the retail site. Upon selling a content item, the retail site transmits to the purchaser a web page having a link to a URL comprising the address of the fulfillment site and a parameter having the encrypted information. Upon following the link, the fulfillment site downloads the ordered content to the consumer, preparing the content if necessary in accordance with the type of security to be carried with the content. The fulfillment site includes an asynchronous fulfillment pipeline which logs information about processed transactions using a store-and-forward messaging service. The fulfillment site may be implemented as several server devices, each having a cache which stores frequently downloaded content items, in which case the asynchronous fulfillment pipeline may also be used to invalidate the cache if a change is made at one server that affects the cached content items. An activation site provides an activation certificate and a secure repository executable to consumer content-rendering devices which enables those content rendering devices to render content having an enhanced level of copy-resistance. The activation site “activates” client-reading devices in a way that binds them to a persona, and limits the number of devices that may be activated for a particular persona, or the rate at which such devices may be activated for a particular persona.
486 Citations
2 Claims
-
1. A method of enabling the use of an item on plural computing devices, said method comprising the acts of:
-
providing, to a first computing device associated with a persona, first data which enables the use of said item on said first computing device; and
determining that a second computing device is associated with said persona; and
providing to said second computing device second data which enables the use of said item on said second computing device, wherein said first data differs in at least some respect from said second data, wherein said first data comprises a first cryptographic key which enables the use of said item, said first cryptographic key being included in said first data in a form encrypted by a second cryptographic key, and wherein said second data comprises said first cryptographic key in a form encrypted by a third cryptographic key different from said second cryptographic key, wherein said item comprises encrypted content and a decryption key which decrypts said encrypted content, and wherein said decryption key is encrypted so as to be decryptable by said first cryptographic key, wherein said first data further comprises a fourth cryptographic key, wherein said second data further comprises said fourth cryptographic key, wherein said first and fourth cryptographic keys are the private and public keys, respectively, of an asymmetric key pair, and wherein said decryption key is included in said item in a form encrypted by said fourth cryptographic key, and wherein the method further comprises the acts of; providing to said first computing device a first set of computer-executable instructions which applies said second cryptographic key; and
providing to said second computing device a second set of computer-executable instructions which applies said third cryptographic key.
-
-
2. A computer-readable medium encoded with computer-executable instructions to perform a method of enabling the use of an item on plural computing devices, said method comprising the acts of:
-
providing, to a first computing device associated with a persona, first data which enables the use of said item on said first computing device; and
determining that a second computing device is associated with said persona; and
providing to said second computing device second data which enables the use of said item on said second computing device, wherein said first data differs in at least some respect from said second data, wherein said first data comprises a first cryptographic key which enables the use of said item, said first cryptographic key being included in said first data in a form encrypted by a second cryptographic key, and wherein said second data comprises said first cryptographic key in a form encrypted by a third cryptographic key different from said second cryptographic key, wherein said item comprises encrypted content and a decryption key which decrypts said encrypted content, and wherein said decryption key is encrypted so as to be decryptable by said first cryptographic key, wherein said first data further comprises a fourth cryptographic key, wherein said second data further comprises said fourth cryptographic key, wherein said first and fourth cryptographic keys are the private and public keys, respectively, of an asymmetric key pair, and wherein said decryption key is included in said item in a form encrypted by said fourth cryptographic key, and wherein the method further comprises the acts of; providing to said first computing device a first set of computer-executable instructions which applies said second cryptographic key; and
providing to said second computing device a second set of computer-executable instructions which applies said third cryptographic key.
-
Specification
-
- Resources
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsDeMello, Marco A., Byrum, Frank D., Keely, Leroy B., Yaacovi, Yoram, Hughes, Kathryn E.
-
Primary Examiner(s)Darrow, Justin T.
-
Assistant Examiner(s)Zand, Kambiz
-
Application NumberUS09/604,541Time in Patent Office1,778 DaysField of Search380/259, 380/277, 380/281, 380/282, 380/284, 380/285, 380/45, 713/156, 713/171US Class Current380/277CPC Class CodesG06F 21/109 by using specially-adapted ...G06F 2221/2117 User registration
