System and method for providing authorized access to digital content
First Claim
Patent Images
1. A method for providing authorized access to content, comprising the steps of:
- receiving a PPV access request for content from a plurality of PPV users;
responsive to the PPV access request, providing an asymmetric key pair having a public encryption key and a private encryption key to each of the plurality of PPV users;
providing a unique device unit key for each of the plurality of PPV users, wherein each of the device unit key is encrypted with the public encryption key associated with the each PPV user;
providing a first entitlement control message (ECM) for the PPV access request, the step of providing the first ECM includes,a) providing PPV access rules for the PPV access request in the first ECM;
b) providing a first message authentication code (MAC) for at least the PPV access rules in the first ECM; and
c) providing the first ECM as a group-addressed, multicast ECM to the plurality of PPV users; and
furthermore,providing a second ECM for the PPV access request, wherein the step of providing the second ECM includes,a) encrypting a first copy of a program key with the device unit key, the program key is operable for decrypting the content for the PPV access request and deriving the first MAC; and
b) providing the first copy of the program key in the second ECM.
4 Assignments
0 Petitions
Accused Products
Abstract
Described herein are embodiments that provide an approach to cryptographic key management for a digital rights management (DRM) architecture that includes multiple levels of key management for minimizing bandwidth usage while maximizing security for the DRM architecture. In one embodiment, there is provided a data structure for cryptographic key management that includes a public/private key pair and three additional layers of symmetric keys for authorizing access to a plurality of contents.
90 Citations
20 Claims
-
1. A method for providing authorized access to content, comprising the steps of:
-
receiving a PPV access request for content from a plurality of PPV users; responsive to the PPV access request, providing an asymmetric key pair having a public encryption key and a private encryption key to each of the plurality of PPV users; providing a unique device unit key for each of the plurality of PPV users, wherein each of the device unit key is encrypted with the public encryption key associated with the each PPV user; providing a first entitlement control message (ECM) for the PPV access request, the step of providing the first ECM includes, a) providing PPV access rules for the PPV access request in the first ECM; b) providing a first message authentication code (MAC) for at least the PPV access rules in the first ECM; and c) providing the first ECM as a group-addressed, multicast ECM to the plurality of PPV users; and
furthermore,providing a second ECM for the PPV access request, wherein the step of providing the second ECM includes, a) encrypting a first copy of a program key with the device unit key, the program key is operable for decrypting the content for the PPV access request and deriving the first MAC; and b) providing the first copy of the program key in the second ECM. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. Computer-readable media tangibly embodying a program of instructions executable by a computer to perform a method for providing authorized access to content, the method comprising the steps of:
-
receiving a PPV access request for content from a plurality of PPV users; responsive to the PPV access request, providing an asymmetric key pair having a public encryption key and a private encryption key to each of the plurality of PPV users; providing a unique device unit key for each of the plurality of PPV users, wherein each of the device unit key is encrypted with the public encryption key associated with the each PPV user; providing a first entitlement control message (ECM) for the PPV access request, the step of providing the first ECM includes, a) providing PPV access rules for the PPV access request in the first ECM; b) providing a first message authentication code (MAC) for at least the PPV access rules in the first ECM; and c) providing the first ECM as a group-addressed, multicast ECM to the plurality of PPV users; and
furthermore,providing a second ECM for the PPV access request, wherein the step of providing the second ECM includes, a) encrypting a first copy of a program key with the device unit key, the program key is operable for decrypting the content for the PPV access request and deriving the first MAC; and b) providing the first copy of the program key in the second ECM. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification