Robust and flexible digital rights management involving a tamper-resistant identity module
First Claim
1. A tamper-resistant identity module adapted for physical engagement with a client system, the module comprising:
- means for receiving digital content over a network and a digital-content usage device, wherein said tamper-resistant identity module comprises a digital rights management (DRM) agent for enabling usage of said digital content; and
means for performing at least part of an authentication and key agreement (AKA) procedure, and said DRM agent includes means for performing DRM processing based on information from said AKA procedure.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention relates to digital rights management, and proposes the implementation of a DRM agent (125) into a tamper-resistant identity module (120) adapted for engagement with a client system (100), such as a mobile phone or a computer system. The DRM agent (125) is generally implemented with functionality for enabling usage, such as rendering or execution of protected digital content provided to the client system from a content provider. In general, the DRM agent (125) includes functionality for cryptographic processing of DRM metadata associated with the digital content to be rendered. In a particularly advantageous realization, the DRM agent is implemented as an application in the application environment of the identity module. The DRM application can be preprogrammed into the application environment, or securely downloaded from a trusted party associated with the identity module. The invention also relates to a distributed DRM module, with communication between distributed DRM agents (125, 135) based on usage-device specific key information.
37 Citations
44 Claims
-
1. A tamper-resistant identity module adapted for physical engagement with a client system, the module comprising:
-
means for receiving digital content over a network and a digital-content usage device, wherein said tamper-resistant identity module comprises a digital rights management (DRM) agent for enabling usage of said digital content; and means for performing at least part of an authentication and key agreement (AKA) procedure, and said DRM agent includes means for performing DRM processing based on information from said AKA procedure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A client system comprising:
-
means for receiving digital content over a network; a digital-content usage device; and a tamper-resistant identity module implemented with a digital rights management (DRM) agent for enabling usage of said digital content by said digital-content usage device; wherein said identity module further comprises means for performing at least part of an authentication and key agreement (AKA) procedure, and said DRM agent includes means for performing DRM processing based on information from said AKA procedure. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A client system comprising:
-
a tamper resistant identity module; a digital-content usage device; a first DRM agent implemented in the tamper-resistant identity module for engagement with a client device, said first DRM agent comprising means for performing first DRM processing associated with digital content; a second DRM agent implemented in the digital-content usage device adapted for using said digital content, said second DRM agent comprising means for performing second DRM processing associated with said digital content; and means for communication between said first DRM agent and said second DRM agent based on usage-device specific key information; wherein said tamper-resistant identity module comprises means for performing at least part of an authentication and key agreement (AKA) procedure, and said means for performing first DRM processing in said first DRM agent operates based on information from said AKA procedure. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. A method for digital rights management (DRM) comprising the steps of:
-
tamper-resistantly configuring a usage device, adapted for using digital content, with a usage-device specific key; providing a cryptographic representation of said usage-device specific key to a client device associated with said usage device;
processing, at a trusted certification party, said cryptographic representation received in a request from said client device to retrieve key information representative of said usage-device specific key;securely transferring said key information from said trusted certification party to a tamper-resistant identity module in said client device, based on an identity-module specific key; and establishing communication between a first DRM agent in said tamper-resistant identity module and a second DRM agent in said usage device based on the key information transferred to the identity module and the usage-device specific key in said usage device.
-
Specification