Protecting digital media of various content types

US 8,321,690 B2
Filed: 08/11/2005
Issued: 11/27/2012
Est. Priority Date: 08/11/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method with a client-receiver computer having a public/private key pair, and at least one server-transmitter computer having a public key of the client-receiver computer, the method comprising steps of:

generating a root content key using the public key of the client-receiver computer;

transmitting the root content key to the client-receiver computer, the root content key being decryptable using the client-receiver computer'"'"'s private key and usable by the client-receiver computer to decrypt leaf content keys;

dividing a single media file into multiple data segments, each data segment associated with a different digital rights management policy;

encrypting each of the data segments with a respective leaf content key to provide encrypted data segmentsappending a descriptor to each of the encrypted data segments, each descriptor identifying the leaf content key with which the data segment was encrypted and the associated digital rights management policy; and

transmitting the encrypted data segments and descriptors to the client-receiver computer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and/or methods (“tools”) are described that enable a digital rights management policy to be associated with digital media having an arbitrary content type or transfer control protocol. In some embodiments, the tools encrypt data segments of a media file and add a descriptor to each of those segments. These descriptors can enable a receiver of the encrypted media file to decrypt the file and consume it according to the correct digital rights management policy.

258 Citations

18 Claims

1. A computer-implemented method with a client-receiver computer having a public/private key pair, and at least one server-transmitter computer having a public key of the client-receiver computer, the method comprising steps of:
- generating a root content key using the public key of the client-receiver computer;
  
  transmitting the root content key to the client-receiver computer, the root content key being decryptable using the client-receiver computer'"'"'s private key and usable by the client-receiver computer to decrypt leaf content keys;
  
  dividing a single media file into multiple data segments, each data segment associated with a different digital rights management policy;
  
  encrypting each of the data segments with a respective leaf content key to provide encrypted data segmentsappending a descriptor to each of the encrypted data segments, each descriptor identifying the leaf content key with which the data segment was encrypted and the associated digital rights management policy; and
  
  transmitting the encrypted data segments and descriptors to the client-receiver computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein the encrypting the data segments uses an AES in counter mode.
  - 3. The computer-implemented method of claim 1, wherein each of the descriptors comprises Initialization Vectors, each Initialization Vector associated with a Key ID identifying the appropriate designated rights policy.
  - 4. The computer-implemented method of claim 1, wherein each of the descriptors has a Key ID that is also in the associated digital rights management policy.
  - 5. The computer-implemented method of claim 1, wherein each of the descriptors comprises a length indicator enabling differentiation between the encrypted data segment and each of the descriptors.
  - 6. The computer-implemented method of claim 1, wherein the encrypted data segments comprise at least one of a packet conforming to an RTP data protocol or a frame conforming to an HTTP protocol.
  - 7. The computer-implemented method of claim 6, wherein the adding descriptors concatenates each of the descriptors to an end of the encrypted data segments if the encrypted data segments comprise a packet conforming to the RTP protocol or the beginning of the encrypted data segments if the encrypted data segments comprise a frame conforming to the HTTP protocol.

8. A system comprising one or more computer-readable media not consisting of a propagated signal, the one or more computer-readable media comprising:
- a digital media file comprising;
  
  one or more data segments, each data segment having a different digital rights management policy, each of the data segments added to a descriptor and comprising;
  
  payload data encrypted with a respective leaf content key, each leaf content key encrypted by a root content key that is encrypted using a public key and decryptable using a private key of a public-private key pair, wherein each descriptor includes at least the associated leaf content key enabling decryption of the encrypted payload data and association of the encrypted payload data with the digital rights management policy.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein each descriptor comprises a Key ID that identifies the digital rights management policy.
  - 10. The system of claim 8, wherein each of the encrypted payload data is encrypted using a content key, and each descriptor comprises a Key ID associated with the leaf content key that is usable to decrypt the encrypted payload data.
  - 11. The system of claim 8, wherein the digital media file further comprises one or more portions, each of the first portions having one or more data segments, and wherein further each descriptor enables each of the portions to be associated with the digital rights management policy.
  - 12. The system of claim 8, wherein each of the data segment'"'"'s payload data is encrypted and its descriptor is not encrypted.
  - 13. The system of claim 8, wherein the digital media file further comprises one or more data segments added to a descriptor and comprises clear payload data, wherein further each data segment'"'"'s descriptor enables association of the clear payload data with digital rights management policy.
  - 14. The system of claim 8, wherein the digital media file is streaming media.

15. A computer-implemented method for communicating a media file with multiple portions to a client-receiver computer from a server-transmitter computer performing the steps of:
- encrypting a root content key using a public key of the client-receiver computer, the root content key being decryptable with a private key of the client-receiver computer;
  
  transmitting the root content key to the client-receiver computer;
  
  dividing the media file into multiple portions, each portion having a different designated rights policy indicating permitted usage of the associated portion;
  
  generating multiple leaf content keys, each leaf content key being generated for an associated portion of the media file, wherein generating each leaf content key comprises encrypting each leaf content key with the root content key;
  
  building a descriptor for each portion of the media file, each descriptor identifying the leaf content key and the associated designated rights policy;
  
  encrypting each portion of the media file with the associated leaf content key;
  
  transmitting the encrypted portions and the descriptors to the client-receiver computer; and
  
  the client-receiver computer decrypting each leaf content key using the root content key and decrypting each of the portions using the associated leaf content key specified in the descriptor associated with each portion.
- View Dependent Claims (16, 17, 18)
- - 16. The computer-implemented method of claim 15, further comprising transmitting the designated rights policy to the receiver.
  - 17. The computer-implemented method of claim 15, wherein the decrypting each of the portions builds a Key ID into the descriptor for each of the portions, wherein the Key ID is used by the client-receiver computer to associate the portion with the appropriate designated rights policy.
  - 18. The computer-implemented method of claim 15, further comprising receiving a media file of an arbitrary content type and encrypting the media file to provide the encrypted media file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Oliveira, Eduardo P., Klemets, Anders E., Bhatt, Sanjay, Paka, Anand, Alkove, James M.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Tabor, Amare F

Application Number

US11/201,751
Publication Number

US 20070038873A1
Time in Patent Office

2,665 Days
Field of Search

713/193, 713/150, 380/37, 380/277
US Class Current

713/193
CPC Class Codes

G06F 21/1083   Partial license transfers

G06F 2221/2145   Inheriting rights or proper...

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04N 21/63345   by transmitting keys key di...

H04N 21/64322   IP

H04N 21/6437   Real-time Transport Protoco...

H04N 21/8193   dedicated tools, e.g. video...

H04N 21/8355   involving usage data, e.g. ...

H04N 21/8456   by decomposing the content ...

Protecting digital media of various content types

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

258 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting digital media of various content types

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

258 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links