System and method for providing authorized access to digital content

US 7,266,198 B2
Filed: 11/17/2005
Issued: 09/04/2007
Est. Priority Date: 11/17/2004
Status: Active Grant

First Claim

Patent Images

1. A method for providing authorized access to content, comprising the steps of:

receiving a PPV access request for content from a plurality of PPV users;

responsive to the PPV access request, providing an asymmetric key pair having a public encryption key and a private encryption key to each of the plurality of PPV users;

providing a unique device unit key for each of the plurality of PPV users, wherein each of the device unit key is encrypted with the public encryption key associated with the each PPV user;

providing a first entitlement control message (ECM) for the PPV access request, the step of providing the first ECM includes,a) providing PPV access rules for the PPV access request in the first ECM;

b) providing a first message authentication code (MAC) for at least the PPV access rules in the first ECM; and

c) providing the first ECM as a group-addressed, multicast ECM to the plurality of PPV users; and

furthermore,providing a second ECM for the PPV access request, wherein the step of providing the second ECM includes,a) encrypting a first copy of a program key with the device unit key, the program key is operable for decrypting the content for the PPV access request and deriving the first MAC; and

b) providing the first copy of the program key in the second ECM.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein are embodiments that provide an approach to cryptographic key management for a digital rights management (DRM) architecture that includes multiple levels of key management for minimizing bandwidth usage while maximizing security for the DRM architecture. In one embodiment, there is provided a data structure for cryptographic key management that includes a public/private key pair and three additional layers of symmetric keys for authorizing access to a plurality of contents.

90 Citations

View as Search Results

20 Claims

1. A method for providing authorized access to content, comprising the steps of:
- receiving a PPV access request for content from a plurality of PPV users;
  
  responsive to the PPV access request, providing an asymmetric key pair having a public encryption key and a private encryption key to each of the plurality of PPV users;
  
  providing a unique device unit key for each of the plurality of PPV users, wherein each of the device unit key is encrypted with the public encryption key associated with the each PPV user;
  
  providing a first entitlement control message (ECM) for the PPV access request, the step of providing the first ECM includes,a) providing PPV access rules for the PPV access request in the first ECM;
  
  b) providing a first message authentication code (MAC) for at least the PPV access rules in the first ECM; and
  
  c) providing the first ECM as a group-addressed, multicast ECM to the plurality of PPV users; and
  
  furthermore,providing a second ECM for the PPV access request, wherein the step of providing the second ECM includes,a) encrypting a first copy of a program key with the device unit key, the program key is operable for decrypting the content for the PPV access request and deriving the first MAC; and
  
  b) providing the first copy of the program key in the second ECM.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising the step of:
    - providing the second ECM as a unit-addressed ECM to each of the plurality of PPV users, wherein the unit-addressed ECM includes a program key encrypted with the device unit key that is unique to each of the PPV users.
  - 3. The method of claim 1, further comprising the steps of:
    - receiving a subscription-service access request for the content; and
      
      responsive to the subscription-service access request, providing an entitlement management message (EMM), the step of providing the EMM includes,a) encrypting a service key with a device unit key that is unique to a source of the subscription-service access request, the service key is operable to provide encryption and decryption of the program key; and
      
      b) providing the service key in the EMM.
  - 4. The method of claim 3, wherein responsive to the subscription-service access request, the step of providing the first ECM further includes:
    - c) providing subscription-service access rules for the subscription-service access in the first ECM;
      
      d) encrypting a second copy of the program key with the service key;
      
      e) providing the second copy of the program key in the first ECM; and
      
      f) providing a second MAC for at least the subscription service access rules and the second copy of the program key, the second copy of the program key is operable for decrypting the content for the subscription-service access and deriving the second MAC.
  - 5. The method of claim 1, wherein the step of providing PPV access rules for the PPV access request in the first ECM comprises the steps of:
    - providing a predetermined subset of the PPV access rules for the PPV access request in the first ECM at a first rate; and
      
      providing a remainder of the PPV access rules in the first ECM at a rate slower than the rate of providing the predetermined subset of the PPV access rule.
  - 6. The method of claim 1, further comprising the steps of:
    - receiving a roaming request for the content, wherein the roaming request is a roaming PPV access request or a roaming subscription-service access request; and
      
      responsive to the roaming request, providing a roaming device unit key that is unique to a source of the roaming request.
  - 7. The method of claim 6, further comprising the step of:
    - responsive to the roaming request being the roaming PPV access request, providing a roaming ECM, the step of providing the roaming ECM includes,a) encrypting a roaming program key with the roaming device unit key, the roaming program key is operable for decrypting the content for the PPV access request through roaming; and
      
      b) providing the roaming program key in the roaming ECM.
  - 8. The method of claim 6, further comprising the step of:
    - responsive to the roaming request being the subscription-service access request, providing a roaming EMM, wherein the step of providing the roaming EMM includes,c) encrypting a roaming service key with at least the roaming device unit key; and
      
      d) providing the roaming service key in the roaming EMM.
  - 9. The method of claim 8, further comprising the step of:
    - responsive to the roaming request being the subscription-service access request, providing a roaming ECM, the step of providing the roaming ECM includes,a) encrypting a roaming program key with the roaming service key, the roaming program key is operable for decrypting the content for the subscription service access through roaming; and
      
      b) providing the roaming program key in the roaming ECM.
  - 10. The method of claim 1, further comprising the step of:
    - providing an entitlement management message (EMM) that includes a free-preview program key, wherein the free-preview program key is operable to enable a free preview of the content by the PPV access request.

11. Computer-readable media tangibly embodying a program of instructions executable by a computer to perform a method for providing authorized access to content, the method comprising the steps of:
- receiving a PPV access request for content from a plurality of PPV users;
  
  responsive to the PPV access request, providing an asymmetric key pair having a public encryption key and a private encryption key to each of the plurality of PPV users;
  
  providing a unique device unit key for each of the plurality of PPV users, wherein each of the device unit key is encrypted with the public encryption key associated with the each PPV user;
  
  providing a first entitlement control message (ECM) for the PPV access request, the step of providing the first ECM includes,a) providing PPV access rules for the PPV access request in the first ECM;
  
  b) providing a first message authentication code (MAC) for at least the PPV access rules in the first ECM; and
  
  c) providing the first ECM as a group-addressed, multicast ECM to the plurality of PPV users; and
  
  furthermore,providing a second ECM for the PPV access request, wherein the step of providing the second ECM includes,a) encrypting a first copy of a program key with the device unit key, the program key is operable for decrypting the content for the PPV access request and deriving the first MAC; and
  
  b) providing the first copy of the program key in the second ECM.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, further comprising the step of:
    - providing the second ECM as a unit-addressed ECM to each of the plurality of PPV users, wherein the unit-addressed ECM includes a program key encrypted with the device unit key that is unique to each of the PPV users.
  - 13. The method of claim 11, further comprising the steps of:
    - receiving a subscription-service access request for the content; and
      
      responsive to the subscription-service access request, providing an entitlement management message (EMM), the step of providing the EMM includes,a) encrypting a service key with a device unit key that is unique to a source of the subscription-service access request, the service key is operable to provide encryption and decryption of the program key; and
      
      b) providing the service key in the EMM.
  - 14. The method of claim 13, wherein responsive to the subscription-service access request, the step of providing the first ECM further includes:
    - c) providing subscription-service access rules for the subscription-service access in the first ECM;
      
      d) encrypting a second copy of the program key with the service key;
      
      e) providing the second copy of the program key in the first ECM; and
      
      f) providing a second MAC for at least the subscription service access rules and the second copy of the program key, the second copy of the program key is operable for decrypting the content for the subscription-service access and deriving the second MAC.
  - 15. The method of claim 11, wherein the step of providing PPV access rules for the PPV access request in the first ECM comprises the steps of:
    - providing a predetermined subset of the PPV access rules for the PPV access request in the first ECM at a first rate; and
      
      providing a remainder of the PPV access rules in the first ECM at a rate slower than the rate of providing the predetermined subset of the PPV access rule.
  - 16. The method of claim 11, further comprising the steps of:
    - receiving a roaming request for the content, wherein the roaming request is a roaming PPV access request or a roaming subscription-service access request; and
      
      responsive to the roaming request, providing a roaming device unit key that is unique to a source of the roaming request.
  - 17. The method of claim 16, further comprising the step of:
    - responsive to the roaming request being the roaming PPV access request, providing a roaming ECM, the step of providing the roaming ECM includes,a) encrypting a roaming program key with the roaming device unit key, the roaming program key is operable for decrypting the content for the PPV access request through roaming; and
      
      b) providing the roaming program key in the roaming ECM.
  - 18. The method of claim 16, further comprising the step of:
    - responsive to the roaming request being the subscription-service access request, providing a roaming EMM, wherein the step of providing the roaming EMM includes,c) encrypting a roaming service key with at least the roaming device unit key; and
      
      d) providing the roaming service key in the roaming EMM.
  - 19. The method of claim 18, further comprising the step of:
    - responsive to the roaming request being the subscription-service access request, providing a roaming ECM, the step of providing the roaming ECM includes,a) encrypting a roaming program key with the roaming service key, the roaming program key is operable for decrypting the content for the subscription service access through roaming; and
      
      b) providing the roaming program key in the roaming ECM.
  - 20. The method of claim 11, further comprising the step of:
    - providing an entitlement management message (EMM) that includes a free-preview program key, wherein the free-preview program key is operable to enable a free preview of the content by the PPV access request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Medvinsky, Alexander
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
YALEW, FIKREMARIAM A

Application Number

US11/281,019
Publication Number

US 20060107285A1
Time in Patent Office

656 Days
Field of Search

380/200, 725 86- 87, 725/25, 713/168
US Class Current

380/200
CPC Class Codes

H04N 21/234327   by decomposing into layers,...

H04N 21/2347   involving video stream encr...

H04N 21/835   Generation of protective da...

H04N 7/1675   Providing digital key or au...

System and method for providing authorized access to digital content

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for providing authorized access to digital content

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others