Method and apparatus for securing transfer of and access to digital content

US 7,178,169 B1
Filed: 09/01/2000
Issued: 02/13/2007
Est. Priority Date: 09/01/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of providing secure access to content comprising:

determining a secure medium identification (disk ID) from a secure medium including content, wherein the content is stored as encrypted content on the secure medium;

sending an encrypted one-time session key and the disk ID to a server;

requesting user authentication;

if the user is successfully authenticated, receiving a copy of the encrypted one-time session key from the server to enable reading of the content on the secure medium;

receiving a content decryption key from the server, in response to the disk ID and the user authentication, wherein the content decryption key is determined based on the disk ID;

using the content decryption key and the session key returned by the server to decrypt the content received from the secure medium; and

playing the decrypted content.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for securely accessing digital content is provided. The method of providing secure access to content comprises determining an identification (ID) from a secure medium including content. The method further comprises sending a session key and the ID to a server. Furthermore, the method includes requesting user authentication and if the user is successfully authenticated, receiving the session key from the server to enable reading of the content on the secure medium.

43 Citations

View as Search Results

16 Claims

1. A method of providing secure access to content comprising:
- determining a secure medium identification (disk ID) from a secure medium including content, wherein the content is stored as encrypted content on the secure medium;
  
  sending an encrypted one-time session key and the disk ID to a server;
  
  requesting user authentication;
  
  if the user is successfully authenticated, receiving a copy of the encrypted one-time session key from the server to enable reading of the content on the secure medium;
  
  receiving a content decryption key from the server, in response to the disk ID and the user authentication, wherein the content decryption key is determined based on the disk ID;
  
  using the content decryption key and the session key returned by the server to decrypt the content received from the secure medium; and
  
  playing the decrypted content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - streaming encrypted content from the secure medium to an application.
  - 3. The method of claim 2, wherein the application uses the one-time session key returned by the server to decrypt the encrypted content, and display the decrypted content.
  - 4. The method of claim 1, further comprising a operating trusted device for accessing secure content:
    - reading the disk ID from the secure medium and generating the one-time session key; and
      
      sending an encrypted copy of the disk ID and the one-time session key to the server.
  - 5. The method of claim 4, wherein the disk ID and one-time session key are encrypted using a symmetric key.
  - 6. The method of claim 1, wherein the secure medium is selected from among the following:
    - an optical disc, a flash memory, a hard drive, a magnetic drive, a memory stick, or a storage device to store encrypted content.
  - 7. The method of claim 1, wherein the content is digitally encoded music.
  - 8. The method of claim 1, wherein user authentication comprises one or more of the following:
    - a credit card, a debit card, electronic cash, a user-specific ID card.
  - 9. The method of claim 1, wherein the user authentication comprises one or more of the following:
    - a password, a user identification, a biometric identification.

10. An apparatus comprising a secure device for accessing secure content coupled to a client system comprising:
- a reader to read an identification (ID) and content from a secure medium;
  
  a session key generation logic to generate a one-time session key;
  
  an encryption logic to send the ID and the session key encrypted to a server;
  
  an authentication logic to receive authentication from the server indicating approval to read the content of the secure medium;
  
  the reader further to pass the ID and the content to the encryption logic;
  
  the encryption logic further to encrypt the content prior to sending the content to an application; and
  
  an application on the client system, the application comprising;
  
  a user authentication interface to request a user authentication in response to a server request, and to send data received from a user to the server;
  
  a key logic to receive a decryption key from the server, if the user is successfully authenticated, wherein the decryption key includes both the session key and a content decryption key; and
  
  a streaming decryption logic to receive content from the secure device and to decrypt the content using the decryption key received from the server, and to play the content.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The apparatus of claim 10, wherein the encryption logic uses a symmetric key to encrypt the ID.
  - 12. The apparatus of claim 10, further comprising a secure server coupled to the client system via a network, the secure server comprising:
    - a network interface to receive the ID and the session key from the secure device;
      
      a user validation logic to request a user validation from the client system and determine whether the user has permission to access the secure medium identified by the ID; and
      
      an encryption logic to return the session key and a content decryption key to the client system if the user has permission to access the secure medium.
  - 13. The apparatus of claim 12, further comprising:
    - the encryption logic further to decrypt data received from the secure device using a symmetric key.
  - 14. The apparatus of claim 12, further comprising:
    - an ID lookup to determine the content decryption key based on the ID.

15. A client system to securely access digital content on a secure medium, the client system comprising:
- a secure device comprising;
  
  a reader to read a disk identification (disk ID) and content from the secure medium;
  
  an authentication logic to receive authentication from a server indicating approval to read the content of the secure medium; and
  
  an encryption logic further to encrypt the content prior to sending the content to an application;
  
  the application comprising;
  
  a user authentication interface to request a user authentication in response to a server request, and to send user authentication data received from a user to the server;
  
  an association logic to determine if the disk ID is associated with the user, and;
  
  if the disk ID is not yet associated with the user, to associate the user authentication data with the disk ID; and
  
  if the disk ID is associated with the user, determining that the current user authentication matches the user associated with the disk ID, to authenticate the user;
  
  a key logic to receive a decryption key from the server, if the user is successfully authenticated; and
  
  a streaming decryption logic to receive encrypted content from the secure device and decrypt the encrypted content using the key received from the server, and play the decrypted content.
- View Dependent Claims (16)
- - 16. The client system of claim 15, further comprising:
    - a session key generation logic to generate a one-time session key, the session key sent with the ID to the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zoran Corporation (Qualcomm, Inc.)
Original Assignee
Zoran Corporation (Qualcomm, Inc.)
Inventors
Salmonsen, Daniel R., Shulsinger, Don
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Simitoski; Michael J.

Application Number

US09/653,966
Time in Patent Office

2,356 Days
Field of Search

713/202, 713/193, 713/165, 713/171, 713/153, 705/55, 705/56, 705/58, 726/28, 726/31
US Class Current

726/31
CPC Class Codes

H04K 1/00   Secret communication

H04L 2209/60   Digital content management,...

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 9/0891   Revocation or update of sec...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

Method and apparatus for securing transfer of and access to digital content

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for securing transfer of and access to digital content

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links