Methods and apparatus for secure distribution of program content

US 7,469,345 B2
Filed: 12/11/2002
Issued: 12/23/2008
Est. Priority Date: 12/13/2001
Status: Active Grant

First Claim

Patent Images

1. An apparatus operable to receive an encryoted program, said apparatus comprising:

a network interface operable to provide communication with a network such that (i) identification information related to the apparatus is transmitted over the network to an administrator, the identification information including a machine ID unique to the apparatus, (ii) an encrypted decryption key is received over the network from the administrator in response to the identifcation information, the encrypted decryption key being based on the machine ID, and (iii) an encrypted virtual ID is received over the network from the administrator, the virtual ID being associated with the machine ID;

a decryption device operable to decrypt the encrypted virtual ID using the machine ID, to decrypt the encrypted decryption key using the virtual ID, to decrypt the encrypted program using the decryption key, and to reencrypt the program using the virtual ID;

a first storage device operable to store the identification information and the re-encrypted program and to store the machine ID and the encrypted virtual ID;

a second storage device containing a machine ID; and

a processor operable to compare the machine ID stored in the first storage device with the machine ID contained in the second storage device, and to proscribe use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when the machine IDs do not match;

the network interface being further operable, when the machine ID contained in the second storage device does not match the machine ID stored in the first storage device, to facilitate;

the transmission of the machine ID contained in the second storage device over the network to the administrator, andthe reception of a new encrypted virtual ID over the network from the administrator if the administrator determines that the machine ID contained in the second storage device is also stored in a personalizing database, the new encrypted virtual ID having a new virtual ID associated with the machine ID contained in the second storage device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus in accordance with the present invention are operable to carry out certain functions including: receiving an encrypted program at a processing apparatus; transmitting at least some identification information related to the processing apparatus over a network to an administrator; receiving an encrypted decryption key at the processing apparatus over the network from the administrator in response to the at least some identification information; decrypting the encrypted decryption key; decrypting the encrypted program using the decryption key; re-encrypting the program using at least some of the identification information ; and storing the identification information and the re-encrypted program in a first storage device.

Citations

40 Claims

1. An apparatus operable to receive an encryoted program, said apparatus comprising:
- a network interface operable to provide communication with a network such that (i) identification information related to the apparatus is transmitted over the network to an administrator, the identification information including a machine ID unique to the apparatus, (ii) an encrypted decryption key is received over the network from the administrator in response to the identifcation information, the encrypted decryption key being based on the machine ID, and (iii) an encrypted virtual ID is received over the network from the administrator, the virtual ID being associated with the machine ID;
  
  a decryption device operable to decrypt the encrypted virtual ID using the machine ID, to decrypt the encrypted decryption key using the virtual ID, to decrypt the encrypted program using the decryption key, and to reencrypt the program using the virtual ID;
  
  a first storage device operable to store the identification information and the re-encrypted program and to store the machine ID and the encrypted virtual ID;
  
  a second storage device containing a machine ID; and
  
  a processor operable to compare the machine ID stored in the first storage device with the machine ID contained in the second storage device, and to proscribe use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when the machine IDs do not match;
  
  the network interface being further operable, when the machine ID contained in the second storage device does not match the machine ID stored in the first storage device, to facilitate;
  
  the transmission of the machine ID contained in the second storage device over the network to the administrator, andthe reception of a new encrypted virtual ID over the network from the administrator if the administrator determines that the machine ID contained in the second storage device is also stored in a personalizing database, the new encrypted virtual ID having a new virtual ID associated with the machine ID contained in the second storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein:
    - the network interface is operable to facilitate transmission of the machine ID over the network to the administrator such that the encrypted decryption key is received over the network from the administrator in response to the machine ID.
  - 3. The apparatus of claim 2, wherein the identification information includes a media ID that corresponds with a type of the first storage device.
  - 4. The apparatus of claim 1, wherein the decryption device is operable to decrypt the encrypted virtual ID using the machine ID, and to decrypt the re-encrypted program using the virtual ID such that the apparatus is capable of executing the program.
  - 5. The apparatus of claim 1, wherein the first storage device is removably connectable with the apparatus.
  - 6. The apparatus of claim 1, wherein the processor is further operable to prompt a user of the apparatus to select a re-association routine when the machine ID stored in the first storage device does not match the machine ID contained in the second storage device.
  - 7. The apparatus of claim 1, wherein the first storage device is further operable to replace the encrypted virtual ID with the new encrypted virtual ID.
  - 8. The apparatus of claim 7, wherein the decryption device is operable to decrypt the new encrypted virtual ID using the machine ID contained in the second storage device, and to decrypt the re-encrypted program using the new virtual ID such that the apparatus is capable of executing the program.
  - 9. The apparatus of claim 1, wherein the network interface is further operable to facilitate the reception of the encrypted program over the network from the administrator.
  - 10. The apparatus of claim 1, wherein the program is one of an application program and a system program.

11. An apparatus operable to receive an encrypted program, said apparatus comprising:
- a storage medium interface operable to receive an encrypted first decryption key from a storage medium produced by an administrator;
  
  a network interface operable to provide communication with a network such that (i) identification information related to the apparatus is transmitted over the network to the administrator, the identification information including a machine ID unique to the apparatus, (ii) an encrypted second decryption key is received over the network from the administrator in response to the identification information, the encrypted second decryption key being based on the machine ID, and (iii) an encrypted virtual ID is received over the network from the administrator, the virtual ID being associated with the machine ID;
  
  a decryption device operable to decrypt the encrypted virtual ID using the machine ID, to decrypt the encrypted second decryption key using the virtual ID, to decrypt the encrypted first decryption key using the second decryption key, to decrypt the encrypted program using the first decryption key, and to re-encrypt the program using the virtual ID;
  
  a first storage device operable to store the identification information, and the re-encrypted program, the machine ID, and the encrypted virtual ID;
  
  a second storage device operable to store a machine ID; and
  
  a processor operable to compare the machine ID stored in the first storage device with the machine ID contained in the second storage device, and to proscribe use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when the machine IDs do not match;
  
  the network interview being further operable to facilitate;
  
  the transmission of the machine ID contained in the second storage device, when it does not match the machine ID stored in the first storage device, over the network to the administrator, andthe reception of a new encrypted virtual ID over the network from the administrator, the new encrypted virtual ID having a new virtual ID associated with the machine ID contained in the second storage device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The apparatus of claim 11, wherein:
    - the network interface is operable to facilitate transmission of the machine ID over the network to the administrator such that the encrypted second decryption key is received over the network from the administrator in response to the machine ID.
  - 13. The apparatus of claim 12, wherein the identification information includes a media ID that corresponds with a type of the first storage device.
  - 14. The apparatus of claim 11, wherein the decryption device is operable to decrypt the encrypted virtual ID using the machine ID, and to decrypt the re-encrypted program using the virtual ID such that the apparatus is capable of executing the program.
  - 15. The apparatus of claim 11, wherein the first storage device is removably connectable with the apparatus.
  - 16. The apparatus of claim 11, wherein the processor is further operable to prompt a user of the apparatus to select a re-association routine when the machine ID stored in the first storage device does not match the machine ID contained in the second storage device.
  - 17. The apparatus of claim 11, wherein the first storage device is further operable to replace the encrypted virtual ID with the new encrypted virtual ID.
  - 18. The apparatus of claim 17, wherein the decryption device is operable to decrypt the new encrypted virtual in using the machine ID contained in the second storage device, and to decrypt the re-encrypted program using the new virtual in such that the apparatus is capable of executing the program.
  - 19. apparatus of claim 11, wherein the network interface is further operable to facilitate the reception of the encrypted program over the network from the administrator.
  - 20. The apparatus of claim 11, wherein the program is one of an application program and a system program.

21. A method, comprising:
- receiving an encrypted program at a processing apparatus;
  
  transmitting identification information related to the processing apparatus over a network to an administrator, the identification information including a machine ID unique to the processing apparatus;
  
  receiving an encrypted virtual ID and an encrypted decryption key at the processing apparatus over the network from the administrator in response to the identification information, the encrypted decryption key being based on the machine ID, the virtual ID being associated with the machine ID;
  
  decrypting the encrypted virtual ID using the machine ID;
  
  decrypting the encrypted decryption key using the virtual ID;
  
  decrypting the encrypted program using the decryption key;
  
  re-encrypting the program using the virtual ID;
  
  storing the identification information and the re-encrypted program in a first storage device;
  
  storing the machine ID and the encrypted virtual ID in the first storage device;
  
  storing a machine ID in a second storage device;
  
  comparing the machine ID stored in the first storage device with the machine ID contained in the second storage device and proscribing use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when the machine IDs do not match; and
  
  when the machine ID contained in the second storage device does not match the machine ID stored in the first storage device,transmitting the machine ID contained in the second storage device over the network to the administrator, andreceiving a new encrypted virtual ID over the network from the administrator if the administrator determines that the machine ID contained in the second storage device is also stored in a personalizing database, the new encrypted virtual ID having a new virtual ID associated with the machine ID contained in the second storage device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The method of claim 21, wherein:
    - the machine ID is transmitted over the network to the administrator such that the encrypted decryption key is received over the network from the administrator in response to the machine ID.
  - 23. The method, of claim 22, wherein the identification information includes a media ID that corresponds with a type of the first storage device.
  - 24. The method of claim 21, further comprising:
    - decrypting the encrypted virtual ID using the machine ID, and decrypting the re-encrypted program using the virtual in such that the processing apparatus is capable of executing the program.
  - 25. The method of claim 21, wherein the first storage device is removably connectable with the processing apparatus.
  - 26. The method of claim 21, further Comprising prompting a user of the processing apparatus to select a re-association routine when the machine ID stored in the first storage device does not match the machine ID contained in the second storage device.
  - 27. The method of claim 21, further compiising:
    - replacing the encrypted virtual ID with the new encrypted virtual ID in the first storage device.
  - 28. The method of claim 27, further comprising;
    - decrypting the new encrypted virtual ID using the machine ID contained in the second storage device, anddecrypting the re-encrypted program using the new virtual ID such that the processing apparatus is capable of executing the program.
  - 29. The method of claim 21, further comprising receiving the encrypted program over the network from the administrator.
  - 30. The method of claim 21, wherein the program is one of an application program and a system program.

31. A method, comprising:
- receiving an encrypted program at a processing apparatus;
  
  receiving an encrypted first decryption key at the processing apparatus,transmitting identification information related to the processing apparatus over a network to an administrator, the identification information including a machine ID unique to the processing apparatus;
  
  receiving an encrypted virtual ID and an encrypted second decryption key at the processing apparatus over the network from the administrator in response to the identification information, the encrypted second decryption key being based on the machine ID, the virtual ID being associated with the machine ID;
  
  decrypting the encrypted virtual ID using the machine ID;
  
  decrypting the encrypted second decryption key using the virtual ID;
  
  decrypting the encrypted first decryption key using the second decryption key;
  
  decrypting the encrypted program using the first decryption key;
  
  re-encrypting the program using the virtual ID;
  
  storing the identification information and the re-encrypted program in a first storage device;
  
  storing the machine ID and the encrypted virtual ID in the first storage device;
  
  comparing the machine ID stored in the first storage device with a machine ID contained in a second storage device;
  
  proscribing use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when the machine IDs do not match; and
  
  transmitting the machine ID contained in the second storage device, when it does not match the machine ID stored in the first storage device, over the network to the administrator; and
  
  receiving a new encrypted virtual ID over the network from the administrator, the new encrypted virtual ID having a new virtual ID associated with the machine ID contained in the second storage device.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 32. The method of claim 31, wherein:
    - the machine ID is transmitted over the network to the administrator such that the encrypted decryption key is received over the network from the administrator in response to the machine ID.
  - 33. The method of claim 32, wherein the identification information includes a media ID that corresponds with a type of the first storage device.
  - 34. The method of claim 31, further comprising:
    - decrypting the encrypted virtual ID using the machine ID, and decrypting the re-encrypted program using the virtual ID such that the processing apparatus is capable of executing the program.
  - 35. The method of claim 31, wherein the first storage device is removably connectable with the processing apparatus.
  - 36. The method of claim 31, further comprising prompting a user of the processing apparatus to select a re-association routine when the machine ID stored in the first storage device does not match the machine ID contained in the second storage device.
  - 37. The method of claim 31, further comprising:
    - replacing the encrypted virtual ID with the new encrypted virtual ID in the first storage device.
  - 38. The method of claim 37 further comprising:
    - decrypting the new encrypted virtual ID using the machine ID contained in the second storage device, and decrypting the re-encrypted program using the new virtual ID such that the processing apparatus is capable of executing the program.
  - 39. The method of claim 31, further comprising receiving the encrypted program over the network from the administrator.
  - 40. The method of claim 31, wherein the program is one of an application program and a system program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Computer Entertainment Incorporated (Sony Group Corp.)
Original Assignee
Sony Computer Entertainment Incorporated (Sony Group Corp.)
Inventors
Shimada, Muneki, Kanee, Kazuhiro, Okada, Toyoshi, Kimoto, Yousuke, Komaki, Kenjiro
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
PATEL, NIRAV B

Application Number

US10/316,675
Publication Number

US 20030123670A1
Time in Patent Office

2,204 Days
Field of Search

380200-202, 380/228, 380/232, 380/229, 713/189, 713/193, 726 26- 33, 705/51, 705 55- 59, 725/25, 725/31, 725/28, 709/229, 709/225
US Class Current

713/193
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/121   Restricting unauthorised ex...

G06F 21/6218   to a system of files or obj...

G06F 2221/2137   Time limited access, e.g. t...

Methods and apparatus for secure distribution of program content

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for secure distribution of program content

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links