Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out/checking in the digital license to/from the portable device or the like

US 7,073,063 B2
Filed: 06/27/2001
Issued: 07/04/2006
Est. Priority Date: 03/27/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for a user at a second computing device to render encrypted digital content on a first computing device distinct from the second device, the first device having a public key (PU1) and a corresponding private key (PR1), the second device having a public key (PU2) and a corresponding private key (PR2), the digital content being encrypted according to a content key (KD), the method comprising:

the user at the second device obtaining from a licensor distinct from the second device a digital license corresponding to the content and the second device the digital license including the content key (KD) therein encrypted according to the public key (PU2) of the second device (PU2 (KD)), and also including rules for determining whether the license permits issuance of a sub-license from the second device to the first device;

the user at the second device determining that the rules of the license do in fact permit issuance of a sub-license from the second device to the first device;

the user at the second device decrypting (PU2 (KD)) from the digital license with the corresponding private key (PR2) to produce the content key (KD);

the user at the second device obtaining from the first device the public key thereof (PU1);

the user at the second device encrypting the content key (KD) according to the public key (PU1) of the first device (PU1 (KD)); and

the user at the second device composing the sub-license corresponding to and based on the obtained license for the first device, the sub-license including (PU1 (KD)), and transferring the composed sub-license to the first device, wherein the first device can decrypt (PU1 (KD)) with the private key thereof (PR1) to produce the content key (KD), and can render the encrypted content on the first device with the produced content key (KD).

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To render digital content encrypted according to a content key (KD) on a first device having a public key (PU1) and a corresponding private key (PR1), a digital license corresponding to the content is obtained, where the digital license includes the content key (KD) therein in an encrypted form. The encrypted content key (KD) from the digital license is decrypted to produce the content key (KD), and the public key (PU1) of the first device is obtained therefrom. The content key (KD) is then encrypted according to the public key (PU1) of the first device (PU1 (KD)), and a sub-license corresponding to and based on the obtained license is composed, where the sub-license includes (PU1 (KD)). The composed sub-license is then transferred to the first device.

295 Citations

22 Claims

1. A method for a user at a second computing device to render encrypted digital content on a first computing device distinct from the second device, the first device having a public key (PU1) and a corresponding private key (PR1), the second device having a public key (PU2) and a corresponding private key (PR2), the digital content being encrypted according to a content key (KD), the method comprising:
- the user at the second device obtaining from a licensor distinct from the second device a digital license corresponding to the content and the second device the digital license including the content key (KD) therein encrypted according to the public key (PU2) of the second device (PU2 (KD)), and also including rules for determining whether the license permits issuance of a sub-license from the second device to the first device;
  
  the user at the second device determining that the rules of the license do in fact permit issuance of a sub-license from the second device to the first device;
  
  the user at the second device decrypting (PU2 (KD)) from the digital license with the corresponding private key (PR2) to produce the content key (KD);
  
  the user at the second device obtaining from the first device the public key thereof (PU1);
  
  the user at the second device encrypting the content key (KD) according to the public key (PU1) of the first device (PU1 (KD)); and
  
  the user at the second device composing the sub-license corresponding to and based on the obtained license for the first device, the sub-license including (PU1 (KD)), and transferring the composed sub-license to the first device, wherein the first device can decrypt (PU1 (KD)) with the private key thereof (PR1) to produce the content key (KD), and can render the encrypted content on the first device with the produced content key (KD).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 further comprising, prior to composing the sub-license and transferring the composed sub-license to the device, checking the obtained license to determine that such license permits issuance of the sub-license to the device.
  - 3. The method of claim 1 further comprising transferring the content to the first device.
  - 4. The method of claim 1 for rendering encrypted digital content on a first device having a digital rights management (DRM) system, the DRM system having the public key (PU1) and the corresponding private key (PR1), the method comprising:
    - obtaining from the first device the public key of the DRM system thereof (PU1);
      
      encrypting the content key (KD) according to the public key (PU1) of the DRM system of the first device (PU1 (KD)); and
      
      composing a sub-license corresponding to and based on the obtained license, the sub-license including (PU1 (KD)), and transferring the composed sub-license to the first device, wherein the DRIVI system of the first device can decrypt (PU1 (KD)) with the private key thereof (PR1) to produce the content key (KD), and can render the encrypted content on the first device with the produced content key (KD).
  - 5. The method of claim 1 comprising:
    - obtaining the digital license and storing the obtained digital license on a second device;
      
      decrypting the encrypted content key (KD) from the digital license on the second device to produce the content key (KD);
      
      obtaining from the first device the public key thereof (PU1);
      
      encrypting the content key (KD) according to the public key (PU1) of the first device (PU1 (KD)); and
      
      composing a sub-license corresponding to and based on the obtained license, the sub-license including (PU1 (KD)), and transferring the composed sub-license from the second device to the first device, wherein the first device can decrypt (PU1 (KD)) with the private key thereof (PR1) to produce the content key (KD), and can render the encrypted content on the first device with the produced content key (KD).
  - 6. The method of claim 5 wherein the second device has a public key (PU2) and a corresponding private key (PR2), the method comprising:
    - obtaining a digital license corresponding to the content, the digital license including the content key (KD) encrypted according to the public key (PU2) of the second device (PU2 (KD)); and
      
      decrypting (PU2(KD)) from the digital license according to the private key (PR2) of the second device to produce the content key (KD).
  - 7. The method of claim 5 wherein the second device is a computer.
  - 8. The method of claim 1 wherein, the first device is a portable device.
  - 9. The method of claim 1 wherein obtaining from the first device the public key thereof (PU1) comprises receiving a certificate from the first device within which is (PU1).
  - 10. The method of claim 9 further comprising comparing the received certificate against a revocation list to ensure that the certificate has not been compromised.
  - 11. The method of claim 9 comprising receiving a certificate from the first device within which is (PU1) and information relating to the first device.
  - 12. The method of claim 11 further comprising, prior to composing the sub-license and transferring the composed sub-license to the device, checking the obtained license to determine that such license permits issuance of the sub-license to the device, such checking including employing the information relating to the first device to determine whether the license permits issuance of the sub-license.
  - 13. The method of claim 11 comprising receiving a certificate from the first device within which is (PU1) and information relating to at least one of the name, type, and manufacturer of the first device.
  - 14. The method of claim 1 further comprising obtaining (PU1 (KD)) from the transferred sub-license, applying (PR1) to (PU1 (KD)) to obtain the content key (KD)), and applying (KD) to decrypt the encrypted content, all by the first device.

15. A method for a user at first and second devices to render encrypted digital content on a first device computing having a public key (PU1) and a corresponding private key (PR1) by way of a second device distinct from the first device, the second device having a public key (PU1) and a corresponding private key (PR2), the digital content being encrypted according to a content key (KD), the method comprising:
- the user at the second device obtaining from a licensor distinct from the second device a digital license corresponding to the content and the second device, the digital license including the content key (KD) therein encrypted according to the public key (PU2) of the second device (PU2 (KD)), and also including rules for determining whether the license permits issuance of a sub-license from the second device to the first device;
  
  the user at the second device determining that the rules of the license do in fact permit issuance of a sub-license from the second device to the first device;
  
  the user at the second device decrypting (PU2) (KD)) from the digital license with the corresponding private key (PR2) to produce the content key (KD);
  
  the user at the second device obtaining from the first device the public key thereof (PU1);
  
  the user at the second device encrypting the content key (KD) according to the public key (PU1) of the first device (PU1 (KD)); and
  
  the user at the second device composing the sub-license corresponding to and based on the obtained license for the first device, the sub-license including (PU1 (KD)), and transferring the composed sub-license to the first device;
  
  the user at the first device receiving the composed sub-license from the second device;
  
  the user at the first device obtaining (PU1 (KD)) from the received sub-license;
  
  the user at the first device applying (PR1) to (PU1 (KD)) to obtain the content key (KD);
  
  the user at the first device applying (KD) to decrypt the encrypted content; and
  
  the user at the first device rendering the decrypted content.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The method of claim 15 further comprising receiving the content from the second device.
  - 17. The method of claim 15 for rendering encrypted digital content on a first device having a digital rights management (DRM) system, the DRM system having the public key (PU1) and the corresponding private key (PR1), the digital content being encrypted according to a content key (KD), the method comprising:
    - providing the public key (PU1) of the DRM system to the second device;
      
      receiving the composed sub-license from the second device;
      
      obtaining (PU1 (KD)) from the received sub-license;
      
      applying the private key (PR1) of the DRM system to (PU1 (KD)) to obtain the content key (KD);
      
      applying (KD) to decrypt the encrypted content; and
      
      rendering the decrypted content.
  - 18. The method of claim 15 wherein the second device is a computer.
  - 19. The method of claim 15 wherein, the first device is a portable device.
  - 20. The method of claim 15 wherein providing the public key (PU1) to the second device comprises providing a certificate to the second device within which is (PU1).
  - 21. The method of claim 20 wherein providing the public key (PU1) to the second device comprises providing a certificate to the second device within which is (PU1) and information relating to the first device, wherein the second device can employ the information relating to the first device to determine whether the obtained license permits issuance of the sub-license.
  - 22. The method of claim 21 comprising providing the certificate to the second device within which is (PU1) and information relating to at least one of the name, type, and manufacturer of the first device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Peinado, Marcus
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
Ho, Thomas

Application Number

US09/892,371
Publication Number

US 20020013772A1
Time in Patent Office

1,833 Days
Field of Search

380277-279, 705/71, 713/171
US Class Current

713/171
CPC Class Codes

G06F 21/1088   by using transactions with ...

G06F 21/109   by using specially-adapted ...

G06F 21/71   to assure secure computing ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2211/008   Public Key, Asymmetric Key,...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2145   Inheriting rights or proper...

G07F 9/002   Vending machines being part...

H04L 2463/101   applying security measures ...

H04L 63/0442   wherein the sending and rec...

H04L 63/068   using time-dependent keys, ...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out/checking in the digital license to/from the portable device or the like

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

295 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out/checking in the digital license to/from the portable device or the like

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

295 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others