Rights management system for streamed multimedia content

US 7,693,280 B2
Filed: 04/22/2005
Issued: 04/06/2010
Est. Priority Date: 04/22/2005
Status: Active Grant

First Claim

Patent Images

1. A method for sharing a sequence of content keys between a receiver of pieces of digital content and a computing device upon which the digital content is to be rendered, the receiver encrypting each piece of content according to a corresponding content key in the sequence and forwarding the encrypted content to the computing device and the computing device decrypting the encrypted content according to the corresponding content key, the method comprising:

the receiver initially transmitting to the computing device an initialization digital license including an initial content key (CK0) and an initial integrity key (IK0) as decided upon by the receiver and as encrypted according to a public key (PU-C) to result in an initial signed decrypted public key (PU-C(CK0, IK0)) that is decryptable by the computing device, the initialization digital license further including a signature element based on the initial integrity key (IK0);

the computing device receiving the initialization digital license, retrieving said decrypted public key (PU-C(CK0, IK0)) therefrom, applying a private key (PR-C) thereto corresponding to said public key (PU-C) to result in (CK0) and (IK0), and employing said initial integrity key (IK0) to verify the signature element of such initialization license; and

each of the receiver and the computing device deriving a new content key (CKx) in the sequence from the initial content key (CK0) in the sequence on an as-needed basis and in a coordinated fashion,whereby the initialization license is required only once for the sequence of content keys, and the receiver need not explicitly communicate said new content key (CKx) to the computing device for each piece of content.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A sequence of content keys are shared between a receiver of pieces of digital content and a computing device upon which the content is to be rendered. The receiver encrypts each piece of content according to a corresponding content key in the sequence and forwards the encrypted content to the computing device and the computing device decrypts the encrypted content according to the corresponding content key. The receiver initially transmits to the computing device an initialization digital license with an initial content key (CK0) therein. Each of the receiver and the computing device derive a new content key (CKx) in the sequence from the initial content key (CK(0)) in the sequence on an as-needed basis and in a coordinated fashion. The initialization license is required only once for the sequence of content keys, and the receiver need not explicitly communicate (CKx) to the computing device for each piece of content.

66 Citations

View as Search Results

18 Claims

1. A method for sharing a sequence of content keys between a receiver of pieces of digital content and a computing device upon which the digital content is to be rendered, the receiver encrypting each piece of content according to a corresponding content key in the sequence and forwarding the encrypted content to the computing device and the computing device decrypting the encrypted content according to the corresponding content key, the method comprising:
- the receiver initially transmitting to the computing device an initialization digital license including an initial content key (CK0) and an initial integrity key (IK0) as decided upon by the receiver and as encrypted according to a public key (PU-C) to result in an initial signed decrypted public key (PU-C(CK0, IK0)) that is decryptable by the computing device, the initialization digital license further including a signature element based on the initial integrity key (IK0);
  
  the computing device receiving the initialization digital license, retrieving said decrypted public key (PU-C(CK0, IK0)) therefrom, applying a private key (PR-C) thereto corresponding to said public key (PU-C) to result in (CK0) and (IK0), and employing said initial integrity key (IK0) to verify the signature element of such initialization license; and
  
  each of the receiver and the computing device deriving a new content key (CKx) in the sequence from the initial content key (CK0) in the sequence on an as-needed basis and in a coordinated fashion,whereby the initialization license is required only once for the sequence of content keys, and the receiver need not explicitly communicate said new content key (CKx) to the computing device for each piece of content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the receiver initially transmitting to the computing device an initialization digital license comprises:
    - the computing device sending an initialization request to the receiver, the initialization request including the public key of the computing device (PU-C), said computing device being in possession of the corresponding private key (PR-C);
      
      the receiver constructing and sending to the computing device the initialization digital license including the initial content key (CK0) as decided upon by the receiver and as encrypted according to said public key (PU-C) from the initialization request to result in an initial decrypted public key (PU-C(CK0)); and
      
      the computing device receiving the initialization digital license, retrieving said initial decrypted public key (PU-C(CK0)) therefrom, and applying said corresponding private key (PR-C) thereto to result in (CK0).
  - 3. The method of claim 1 comprising:
    - the computing device commanding the receiver to send a piece of content to the computing device;
      
      the receiver and the computing device each retrieving the initial content key (CK0), incrementing a count to x, and deriving the new content key (CKx) from the initial content key (CK0) by applying said initial content key (CK0) and the count x to a function to result in said new content key (CKx);
      
      the receiver encrypting the piece of content according to said new content key (CKx) and forwarding the encrypted content to the computing device; and
      
      the computing device decrypting the encrypted content according to said new content key (CKx).
  - 4. The method of claim 3 comprising the receiver incrementing the count to x and deriving the new content key (CKx) from the initial content key (CK0) by applying said initial content key (CK0) and the count x to a one-way hash function to result in said new content key (CKx).
  - 5. The method of claim 3 further comprising the receiver sending a derived message to the computing device, the derived message including the count x and a signature based on an integrity key (IKx).
  - 6. The method of claim 3 comprising:
    - the receiver and the computing device each further retrieving the initial integrity key (IK0) and deriving an integrity key (IKx) from the initial integrity key (IK0) by applying said initial integrity key (IK0) and the count x to a function to result in said integrity key (IKx);
      
      the receiver sending a derived message to the computing device, the derived message including the count x, and a signature element based on the integrity key (IKx);
      
      the computing device receiving the derived message and employing said integrity key (IKx) to verify the signature element of such derived message;
      
      the receiver encrypting the piece of content according to said new content key (CKx) and forwarding the encrypted content to the computing device; and
      
      the computing device decrypting the encrypted content according to said new content key (CKx).
  - 7. The method of claim 6 comprising the receiver deriving the new content key (CKx) from the initial content key (CK0) by applying said initial content key (CK0) and the count x to a one-way hash function to result in said new content key (CKx), and deriving the integrity key (IKx) from the initial integrity key (IK0) by applying said initial integrity key (IK0) and the count x to a one-way hash function to result in said integrity key (IKx).
  - 8. The method of claim 1 comprising:
    - the computing device commanding the receiver to send a piece of content to the computing device;
      
      the receiver and the computing device each retrieving a count (x−
      
      1) and a prior content key (CK(x−
      
      1)), incrementing the count (x−
      
      1) to x, deriving the new content key (CKx) from the prior content key (CK(x−
      
      1)) by applying said prior content key (CK(x−
      
      1)) and the count x to a function to result in the new content key (CKx), and storing said count x and said new content key (CKx);
      
      the receiver encrypting the piece of content according to the new content key (CKx) and forwarding the encrypted content to the computing device; and
      
      the computing device decrypting the encrypted content according to said new content key (CKx).
  - 9. The method of claim 8 comprising:
    - the computing device commanding the receiver to send a piece of content to the computing device;
      
      the receiver and the computing device each retrieving the count (x−
      
      1), the prior content key (CK(x−
      
      1)), and a prior integrity key (IK(x−
      
      1)), deriving the new content key (CKx) from the prior content key (CK(x−
      
      1)) by applying said prior content key (CK(x−
      
      1)) and the count x to a function to result in the new content key (CKx), deriving an integrity key (IKx) from the prior integrity key (IK(x−
      
      1)) by applying said prior integrity key (IK(x−
      
      1)) and the count x to a function to result in the integrity key (IKx), and storing said count x, said new content key (CKx), and said integrity key (IKx);
      
      the receiver sending a derived message to the computing device, the derived message including the count x, and a signature element based on the integrity key (IKx);
      
      the computing device receiving the derived message and employing said integrity key (IKx) to verify the signature element of such derived message;
      
      the receiver encrypting the piece of content according to the new content key (CKx) and forwarding the encrypted content to the computing device; and
      
      the computing device decrypting the encrypted content according to said new content key (CKx).

10. A computer-readable storage medium having stored thereon computer-executable instructions that when processed by a processor implement a method for sharing a sequence of content keys between a receiver of pieces of digital content and a computing device upon which the digital content is to be rendered, the receiver encrypting each piece of content according to a corresponding content key in the sequence and forwarding the encrypted content to the computing device and the computing device decrypting the encrypted content according to the corresponding content key, the method comprising:
- the receiver initially transmitting to the computing device an initialization digital license including an initial content key (CK0) and an initial integrity key (IK0) as decided upon by the receiver and as encrypted according to a public key (PU-C) to result in an initial signed decrypted public key (PU-C(CK0, IK0)) that is decryptable by the computing device, the initialization digital license further including a signature element based on the initial integrity key (IK0);
  
  the computing device receiving the initialization digital license, retrieving said decrypted public key (PU-C(CK0, IK0)) therefrom, applying a private key (PR-C) thereto corresponding to said public key (PU-C) to result in (CK0) and (IK0), and employing said initial integrity key (IK0) to verify the signature element of such initialization license; and
  
  each of the receiver and the computing device deriving a new content key (CKx) in the sequence from the initial content key (CK(0)) in the sequence on an as-needed basis and in a coordinated fashion,whereby the initialization license is required only once for the sequence of content keys, and the receiver need not explicitly communicate said new content key (CKx) to the computing device for each piece of content.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer readable storage medium of claim 10 wherein the instructions that enable the step of said receiver initially transmitting to the computing device an initialization digital license comprises instructions for implementing the steps of:
    - the computing device sending an initialization request to the receiver, the initialization request including the public key of the computing device (PU-C), said computing device being in possession of the corresponding private key (PR-C);
      
      the receiver constructing and sending to the computing device the initialization digital license including the initial content key (CK0) as decided upon by the receiver and as encrypted according to said public key (PU-C) from the initialization request to result in an initial decrypted public key (PU-C(CK0)); and
      
      the computing device receiving the initialization digital license, retrieving said initial decrypted public key (PU-C(CK0)) therefrom, and applying said corresponding private key (PR-C) thereto to result in (CK0).
  - 12. The computer readable storage medium of claim 10 wherein the instructions further include instructions for implementing the steps of:
    - the computing device commanding the receiver to send a piece of content to the computing device;
      
      the receiver and the computing device each retrieving the initial content key (CK0) incrementing a count to x, and deriving the new content key (CKx) from the initial content key (CK0) by applying said initial content key (CK0) and the count x to a function to result in said new content key (CKx);
      
      the receiver encrypting the piece of content according to said new content key (CKx) and forwarding the encrypted content to the computing device; and
      
      the computing device decrypting the encrypted content according to said new content key (CKx).
  - 13. The computer readable storage medium of claim 12 wherein the instructions for the receiver incrementing the count to x and deriving the new content key (CKx) from the initial content key (CK0) include instructions for applying said initial content key (CK0) and the count x to a one-way hash function to result in said new content key (CKx).
  - 14. The computer readable storage medium of claim 12 wherein the instructions further include instructions for the receiver sending a derived message to the computing device, the derived message including the count x and a signature based on an integrity key (IKx).
  - 15. The computer readable storage medium of claim 12 wherein the instructions further include instructions for:
    - the computing device commanding the receiver to send a piece of content to the computing device;
      
      the receiver and the computing device each further retrieving the initial integrity key and deriving an integrity key (IKx) from the initial integrity key (IK0) by applying said initial integrity key (IK0) and the count x to a function to result in said integrity key (IKx);
      
      the receiver sending a derived message to the computing device, the derived message including the count x, and a signature element based on the integrity key (IKx);
      
      the computing device receiving the derived message and employing said integrity key (IKx) to verify the signature element of such derived message;
      
      the receiver encrypting the piece of content according to said new content key (CKx) and forwarding the encrypted content to the computing device; and
      
      the computing device decrypting the encrypted content according to said new content key (CKx).
  - 16. The computer readable storage medium of claim 15 wherein the instructions further include instructions for the receiver deriving the new content key (CKx) from the initial content key (CK0) by applying said initial content key (CK0) and the count x to a one-way hash function to result in said new content key (CKx), and deriving the integrity key (IKx) from the initial integrity key (IK0) by applying said initial integrity key (IK0) and the count x to a one-way hash function to result in said integrity key (IKx).
  - 17. The computer readable storage medium of claim 10 wherein the instructions further include instructions for:
    - the computing device commanding the receiver to send a piece of content to the computing device;
      
      the receiver and the computing device each retrieving a count (x−
      
      1) and a prior content key (CK(x−
      
      1)), incrementing the count (x−
      
      1) to x, deriving the new content key (CKx) from the prior content key (CK(x−
      
      1)) by applying said prior content key (CK(x−
      
      1)) and the count x to a function to result in the new content key (CKx), and storing said count x and said new content key (CKx);
      
      the receiver encrypting the piece of content according to the new content key (CKx) and forwarding the encrypted content to the computing device; and
      
      the computing device decrypting the encrypted content according to said new content key (CKx).
  - 18. The computer readable storage medium of claim 17 wherein the instructions further include instructions for:
    - the computing device commanding the receiver to send a piece of content to the computing device;
      
      the receiver and the computing device each retrieving the count (x−
      
      1), the prior content key (CK(x−
      
      1)), and a prior integrity key (IK(x−
      
      1)), deriving the new content key (CKx) from the prior content key (CK(x−
      
      1)) by applying said prior content key (CK(x−
      
      1)) and the count x to a function to result in the new content key (CKx), deriving an integrity key (IKx) from the prior integrity key (IK(x−
      
      1)) by applying said prior integrity key (IK(x−
      
      1)) and the count x to a function to result in the integrity key (IKx), and storing said count x, said new content key (CKx), and said integrity key (IKx);
      
      the receiver sending a derived message to the computing device, the derived message including the count x, and a signature element based on the integrity key (IKx);
      
      the computing device receiving the derived message and employing said integrity key (IKx) to verify the signature element of such derived message;
      
      the receiver encrypting the piece of content according to the new content key (CKx) and forwarding the encrypted content to the computing device; and
      
      the computing device decrypting the encrypted content according to said new content key (CKx).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Paka, Anand D., Oliveria, Eduardo, Rosenstein, Daniel, Strom, Clifford P., Fang, Nicholas J., Evans, Brian P.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Poltorak; Peter

Application Number

US11/112,325
Publication Number

US 20060239451A1
Time in Patent Office

1,810 Days
Field of Search

380/44
US Class Current

380/44
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04N 21/26613   for generating or managing ...

H04N 21/43615   Interfacing a Home Network,...

H04N 21/4405   involving video stream decr...

H04N 21/4408   involving video stream encr...

H04N 21/63345   by transmitting keys key di...

H04N 21/8355   involving usage data, e.g. ...

Rights management system for streamed multimedia content

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Rights management system for streamed multimedia content

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links