Installation of black box for trusted component for digital rights management (DRM) on computing device

US 8,136,166 B2
Filed: 09/06/2006
Issued: 03/13/2012
Est. Priority Date: 10/21/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A system for installing a black box on a computing device, the black box operating in combination with a trusted component on the computing device, the trusted component employing the black box to decrypt encrypted content for being rendered on the computing device only when rights and restrictions specified in a license corresponding to the encrypted content so allow, the system comprising:

an administrator having access to the computing device for querying same for machine properties thereof; and

a black box server in communication with the administrator, the black box server receiving machine properties of the computing device from the administrator in response to a request for a new black box for the computing device, the black box server constructing the new black box based in part on the received machine properties so as to tie the new black box to the computing device, and the black box server delivering the new black box to the administrator for installation on the computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To install a black box on a computing device, an administrator has access to the computing device and queries same for machine properties thereof. The administrator sends the machine properties of the computing device to a black box server as part of a request for a new black box for the computing device. The black box server in response constructs the new black box based in part on the machine properties so as to tie the new black box to the computing device, and delivers the new black box to the administrator. The administrator thereafter installs the new black box on the computing device. The administrator may include an activation provider running on the computing device and an activation manager in communication with the activation provider. The administrator may also deactivate the black box if it determines that the black box is no longer trustworthy.

24 Citations

View as Search Results

21 Claims

1. A system for installing a black box on a computing device, the black box operating in combination with a trusted component on the computing device, the trusted component employing the black box to decrypt encrypted content for being rendered on the computing device only when rights and restrictions specified in a license corresponding to the encrypted content so allow, the system comprising:
- an administrator having access to the computing device for querying same for machine properties thereof; and
  
  a black box server in communication with the administrator, the black box server receiving machine properties of the computing device from the administrator in response to a request for a new black box for the computing device, the black box server constructing the new black box based in part on the received machine properties so as to tie the new black box to the computing device, and the black box server delivering the new black box to the administrator for installation on the computing device.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1 wherein the administrator comprises an activation provider running on the computing device and an activation manager in communication with the activation provider, the activation provider determining the machine properties of the computing device and sending same to the activation manager, the activation manager sending the request to the black box server and receiving the new black box in response thereto, and the activation provider further receiving the new black box from the activation manager and installing same on the computing device.
  - 3. The system of claim 2 wherein the activation manager and the activation provider are constructed in accordance with a management implementation protocol that allows for system management of a computing device.
  - 4. The system of claim 1 wherein the administrator comprises an activation manger, and wherein the activation manager provides a bridge between the computing device and the black box server.

5. A method for installing a black box on a computing device, the black box operating in combination with a trusted component on the computing device, the trusted component employing the black box to decrypt encrypted content for being rendered on the computing device only when rights and restrictions specified in a license corresponding to the encrypted content so allow, the method employing an administrator with access to the computing device and a black box server in communication with the administrator, the method comprising:
- the administrator querying the computing device for machine properties thereof and receiving same;
  
  the administrator sending the machine properties of the computing device to the black box server as part of a request for a new black box for the computing device;
  
  the black box server in response constructing the new black box based in part on the machine properties so as to tie the new black box to the computing device;
  
  the black box server delivering the new black box to the administrator; and
  
  the administrator installing the new black box on the computing device.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 6. The method of claim 5 wherein the administrator comprises an activation provider running on the computing device and an activation manager in communication with the activation provider, the method comprising:
    - the activation manager querying the activation provider on the computing device for machine properties thereof;
      
      the activation provider determining the machine properties of the computing device and sending same to the activation manager;
      
      the activation manager sending the machine properties of the computing device to the black box server as part of a request for a new black box for the computing device;
      
      the black box server in response constructing the new black box based in part on the machine properties so as to tie the new black box to the computing device;
      
      the black box server delivering the new black box to the activation manager;
      
      the activation manager delivering the new black box to the activation provider; and
      
      the activation provider installing the new black box on the computing device.
  - 7. The method of claim 6 further comprising, prior to the activation manager querying the activation provider on the computing device for machine properties thereof:
    - the activation manager querying the activation provider to determine whether the computing device requires the new black box;
      
      the activation provider in response collecting activation state information from the computing device and reporting same to the activation manager; and
      
      the activation manger determining based on the activation state information whether the computing device requires the new black box.
  - 8. The method of claim 7 comprising the activation provider collecting activation state information from the computing device including whether any black box is present on the computing device, and if so at least one of a version number thereof and a date of activation thereof.
  - 9. The method of claim 7 comprising the activation manager determining whether the computing device requires the new black box based on a rules document setting out a plurality of rules.
  - 10. The method of claim 6 comprising:
    - the black box server creating a corresponding machine certificate certifying the created black box;
      
      the black box server delivering the new black box and corresponding machine certificate to the activation manager;
      
      the activation manager delivering the new black box and corresponding machine certificate to the activation provider; and
      
      the activation provider installing the new black box and corresponding machine certificate on the computing device.
  - 11. The method of claim 10 further comprising:
    - the black box server selecting a key pair (PR-BB, PU-BB) for the new black box;
      
      the black box server hiding (PR-BB) in the new black box; and
      
      the black box server placing (PU-BB) in the corresponding machine certificate and signing the certificate based on (PR-BB).
  - 12. The method of claim 6 comprising the activation provider installing the new black box in a protected location on the computing device.
  - 13. The method of claim 5 wherein the administrator comprises an activation provider running on the computing device and an activation manager in communication with the activation provider, the method comprising:
    - the activation provider sending a request for a new black box to the activation manager, the request including the machine properties;
      
      the activation manager sending the machine properties of the computing device to the black box server as part of a request for anew black box for the computing device;
      
      the black box server in response constructing the new black box based in part on the machine properties so as to tie the new black box to the computing device;
      
      the black box server delivering the new black box to the activation manager;
      
      the activation manager delivering the new black box to the activation provider; and
      
      the activation provider installing the new black box on the computing device.
  - 14. The method of claim 13 comprising:
    - the black box server creating a corresponding machine certificate certifying the created black box;
      
      the black box server delivering the new black box and corresponding machine certificate to the activation manager;
      
      the activation manager delivering the new black box and corresponding machine certificate to the activation provider; and
      
      the activation provider installing the new black box and corresponding machine certificate on the computing device.
  - 15. The method of claim 14 further comprising:
    - the black box server selecting a key pair (PR-BB, PU-BB) for the new black box;
      
      the black box server hiding (PR-BB) in the new black box; and
      
      the black box server placing (PU-BB) in the corresponding machine certificate and signing the certificate based on (PR-BB).
  - 16. The method of claim 13 comprising the activation provider installing the new black box in a protected location on the computing device.

17. A method for deactivating a black box on a computing device, the black box operating in combination with a trusted component on the computing device, the trusted component employing the black box to decrypt encrypted content for being rendered on the computing device only when rights and restrictions specified in a license corresponding to the encrypted content so allow, the method employing an activation provider running on the computing device and an activation manager in communication with the activation provider, the method comprising:
- the activation manager querying the activation provider on the computing device for activation state information relating to a state of the black box on the computing device;
  
  the activation provider in response collecting the activation state information from the computing device and reporting same to the activation manger;
  
  the activation manager determining based on the activation state information whether the black box on the computing device remains trustworthy; and
  
  the activation manager directing the activation provider to deactivate the black box on the computing device if the activation manager determines based on the activation state information that the black box on the computing device does not remain trustworthy.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17 wherein the activation manager and the activation provider are constructed in accordance with a management implementation protocol that allows for system management of a computing device.
  - 19. The method of claim 17 comprising the activation provider collecting activation state information from the computing device including at least one of a version number of the black box on the computing device and a date of activation of the black box on the computing device.
  - 20. The method of claim 17 comprising the activation manager determining whether the black box on the computing device remains trustworthy based on a rules document setting out a plurality of rules that define an activation policy.
  - 21. The method of claim 17 wherein the activation manager directs the activation provider to delete the black box from the computing device if the activation manager determines based on the activation state information that the black box on the computing device does not remain trustworthy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SZ DJI Technology Co., Ltd. (d/b/a DJI) (iFlight Technology Company Limited)
Original Assignee
Microsoft Corporation
Inventors
Dublish, Pratul, Lyndersay, Sean, Chase, Charlie D. Jr., Gunyakti, Caglar
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US11/516,813
Publication Number

US 20070067645A1
Time in Patent Office

2,015 Days
Field of Search

None
US Class Current

726/27
CPC Class Codes

G06F 21/109 by using specially-adapted ...

Installation of black box for trusted component for digital rights management (DRM) on computing device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Installation of black box for trusted component for digital rights management (DRM) on computing device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links