Access control for digital content

US 7,461,406 B2
Filed: 07/30/2004
Issued: 12/02/2008
Est. Priority Date: 07/31/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A recording system configured to apply access control processing to input data content using a set of one or more content keys and to record access-controlled data content on a computer readable storage medium, said recording system comprising:

an encryption apparatus having encryption logic configured to encrypt portions of said input data content in dependence upon said set of content keys to generate encrypted input data content;

an access control memory device configured to store securely information from which a private key of a private key/public key pair associated with a data content recording user or user group is derivable, said encryption apparatus and said access control memory device co-operating to provide a content access control data generator configured to generate content access control data, said content access control data including at least one encrypted version of a respective subset of said set of content keys, said content access control data including content recorder access control data and default access control data, said content recorder access control data being generated in dependence upon the public key corresponding to the private key derivable from information stored on said access control memory device and said default access control data being generated in dependence upon one or more public keys of respective default public key/default private key pairs defined as default public keys in said access control memory device, said default access control data providing the same level of access to said input data content via one of said default private keys as the level of access available to said data content recording user or user group, said content access control data generator configured to always encrypt the full set of content keys using the one or more default public keys,wherein said encryption apparatus is configured to record said encrypted input data content on said computer readable storage medium together with said content recorder access control data and said default access control data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A recording system for applying access control processing to input data content and for recording access-controlled data content on a computer readable storage medium. The recording system includes an encryption apparatus for encrypting portions of the input data content and an access control memory device which securely stores information from which a private key of a public key/private key pair associated with a data content recording user or user group is derivable. The encryption apparatus and the access control memory device co-operate to provide access control data including content recorder access control data and default access control data. The default content access control data provides the same level of access to the input data content as the level of access available to the data content recording user/user group. A recorder is provided for recording the encrypted input data content and the content access control data on the computer readable storage medium.

73 Citations

View as Search Results

17 Claims

1. A recording system configured to apply access control processing to input data content using a set of one or more content keys and to record access-controlled data content on a computer readable storage medium, said recording system comprising:
- an encryption apparatus having encryption logic configured to encrypt portions of said input data content in dependence upon said set of content keys to generate encrypted input data content;
  
  an access control memory device configured to store securely information from which a private key of a private key/public key pair associated with a data content recording user or user group is derivable, said encryption apparatus and said access control memory device co-operating to provide a content access control data generator configured to generate content access control data, said content access control data including at least one encrypted version of a respective subset of said set of content keys, said content access control data including content recorder access control data and default access control data, said content recorder access control data being generated in dependence upon the public key corresponding to the private key derivable from information stored on said access control memory device and said default access control data being generated in dependence upon one or more public keys of respective default public key/default private key pairs defined as default public keys in said access control memory device, said default access control data providing the same level of access to said input data content via one of said default private keys as the level of access available to said data content recording user or user group, said content access control data generator configured to always encrypt the full set of content keys using the one or more default public keys,wherein said encryption apparatus is configured to record said encrypted input data content on said computer readable storage medium together with said content recorder access control data and said default access control data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The recording system according to claim 1, wherein said encryption logic is configured to apply a symmetric encryption to portions of said input data content using said set of one or more content keys.
  - 3. The recording system according to claim 1, wherein said content access control data generator is configured to symmetrically encrypt said at least one subset of the set of one or more content keys using a content session key and to asymmetrically encrypt the content session key using the public key of a respective public key/private key pair.
  - 4. The recording system according to claim 1, wherein said content access control data generator is configured to asymmetrically encrypt said at least one subset of said set of one or more content keys using the public key of a respective public key/private key pair.
  - 5. The recording system according to claim 1, wherein said encryption apparatus further includes logic to generate said set of one or more content keys.
  - 6. The recording system according to claim 1, wherein at least one of said access control memory device and said encryption apparatus further includes memory for storing public keys associated with a respective plurality of access control memory devices.
  - 7. The recording system according to claim 1, wherein said access control memory device stores public keys associated with private keys held by other access control memory devices.
  - 8. The recording system according to claim 1, wherein said access control memory device is a removable memory device and said encryption apparatus further includes an interface configured to provide a secure data connection between said encryption apparatus and said removable memory device.
  - 9. The recording system according to claim 8, wherein said encryption apparatus further includes memory for storing a plurality of public keys associated with a respective plurality of removable memory devices and said removable memory device is configured to store identification data associating that removable memory device with a respective public key held by said encryption apparatus.
  - 10. The recording system according to claim 8, wherein said removable memory device further includes a data processing module configured to perform encryption on said input data content and/or for the purpose of generating said content access control data.
  - 11. The recording system according to claim 8, wherein said removable memory device is a smart card.
  - 12. The recording system according to claim 8, wherein said removable memory device is a secure digital card.
  - 13. The recording system according to claim 1, wherein said encryption apparatus further includes an audio and/or video capture or processing apparatus.
  - 14. The recording system according to claim 1, wherein said input data content includes video images and said encryption logic is configured to apply at least one of symmetric encryption, asymmetric encryption and visible watermarking to said video images.

15. A recording system configured to process input data content using a set of one or more content keys and to record access-controlled data content on a computer readable storage medium, said recording system comprising:
- a removable access control memory device;
  
  encryption logic configured to encrypt portions of said input data content in dependence upon said set of content keys to generate encrypted input data content;
  
  an interface configured to provide a secure data connection between said encryption logic and said removable access control memory device,said access control memory device being connectable to said encryption apparatus via said interface and configured to store securely, information from which a private key of a private key/public key pair associated with a data content recording user or user group is derivable; and
  
  a content access control data generator configured to generate content access control data, said content access control data including at least one encrypted version of a respective subset of said set of content keys, said content access control data including content recorder access control data and default access control data, said content recorder access control data being generated in dependence upon the public key corresponding to the private key derivable from information stored on said access control memory device and said default access control data being generated in dependence upon one or more public keys of respective default public key/default private key pairs defined as default public keys in said access control memory device, said default access control data configured to provide the same level of access to said input data content via one of said default private keys as the level of access available to said data content recording user or user group, said content access control data generator configured to always encrypt the full set of content keys using the one or more default public keys,wherein said apparatus is configured to record said encrypted input data content on said computer readable storage medium together with said content recorder access control data and said default access control data.

16. A recording method for applying access control processing to input data content using a set of one or more content keys and recording access-controlled data content on a computer readable storage medium, said recording method comprising:
- encrypting portions of said input data content in dependence upon said set of content keys to generate encrypted input data content;
  
  securely storing information from which a private key of a private key/public key pair associated with a data content recording user or user group is derivable;
  
  generating content access control data including at least one encrypted version of a respective subset of said set of content keys, said content access control data including content recorder access control data and default access control data, said content recorder access control data being generated in dependence upon a public key corresponding to a private key derivable from information stored on an access control memory device and said default access control data being generated in dependence upon one or more public keys of respective default public key/default private key pairs defined as default public keys in said access control memory device, said default access control data configured to provide the same level of access to said input data content via one of said default private keys as the level of access available to said data content recording user or user group, said full set of content keys always encrypted using the one or more default public keys; and
  
  recording said encrypted input data content on said computer readable storage medium together with said content recorder access control data and said default access control data.

17. A computer readable storage medium in which a program is recorded, said program executing a method comprising:
- encrypting portions of input data content in dependence upon a set of content keys to generate encrypted input data content;
  
  securely storing information from which a private key of a private key/public key pair associated with a data content recording user or user group is derivable;
  
  generating content access control data including at least one encrypted version of a respective subset of said set of content keys, said content access control data including content recorder access control data and default access control data, said content recorder access control data being generated in dependence upon a public key corresponding to a private key derivable from information stored on an access control memory device and said default access control data being generated in dependence upon one or more public keys of respective default public key!default private key pairs defined as default public keys in said access control memory device, said default access control data configured to provide the same level of access to said input data content via one of said default private keys as the level of access available to said data content recording user or user group, said full set of content keys always using the one or more default public keys; and
  
  recording said encrypted input data content on said computer readable storage medium together with said content recorder access control data and said default access control data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony United Kingdom Limited (Sony Group Corp.)
Original Assignee
Sony United Kingdom Limited (Sony Group Corp.)
Inventors
Tapson, Daniel Warren, Pelly, Jason Charles, Hooper, Daniel Luke, Taylor, Andrew Robert, Alves-Moreira, Emmanuel
Primary Examiner(s)
Simitoski; Michael J

Application Number

US10/903,266
Publication Number

US 20050180573A1
Time in Patent Office

1,586 Days
Field of Search

713/172, 726/27, 726/31, 726/33, 380/200, 380/285, 705/55, 705/59
US Class Current

726/27
CPC Class Codes

G06F 21/1014   to tokens

G06F 21/109   by using specially-adapted ...

G06F 21/16   Program or content traceabi...

G11B 20/00086   Circuits for prevention of ...

G11B 20/00115   wherein the record carrier ...

G11B 20/0021   involving encryption or dec...

G11B 20/00347   wherein the medium identifi...

G11B 20/00492   wherein content or user dat...

G11B 20/00536   wherein encrypted content d...

G11B 20/00884   involving a watermark, i.e....

G11B 2220/17   Card-like record carriers

G11B 2220/2537   Optical discs

G11B 2220/90   Tape-like record carriers

H04L 2209/60   Digital content management,...

H04L 9/0836   using tree structure or hie...

H04L 9/0894   Escrow, recovery or storing...

H04N 2005/91364   the video signal being scra...

H04N 5/772   the recording apparatus and...

H04N 5/913   for scrambling ; for copy p...

Access control for digital content

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

73 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Access control for digital content

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others