System and method for defining programmable processing steps applied when protecting the data

US 8,478,980 B2
Filed: 05/16/2008
Issued: 07/02/2013
Est. Priority Date: 05/18/2007
Status: Active Grant

First Claim

Patent Images

1. A method of protecting digital rights management (DRM) data to be transmitted to client devices, the method comprising:

receiving input DRM data to be protected;

generating sequencer data that describes an order in which selected protection functions will be applied to the input DRM data;

sequentially applying the selected protection functions, by executing a software program, to the input DRM data according to the order described by the sequencer data to generate protected output DRM data, sequentially applying the selected protection functions to the input DRM data according to the order described by the sequencer data to generate the protected output DRM data comprisingusing a portion of the sequencer data to identify a first function, performing the first function on the input DRM data to generate a first output, and performing the first function on at least a portion of the sequencer data to produce first modified sequencer data,using a portion of the first modified sequencer data to identify a second function, performing the second function on the first output to generate a second output, and performing the second function on at least a portion of the first modified sequencer data to produce second modified sequencer data, andusing a portion of the second modified sequencer data to identify a third function and performing the third function on the second output;

transmitting the protected output DRM data to the client devices;

mapping the sequencer data for each of the client devices based on a mapping used by the respective client device for selecting the protection functions from the sequencer data, wherein each of the client devices has unique mapping for selecting protection functions from sequencer data; and

transmitting the corresponding mapped sequencer data to each of the client devices.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for protecting data being sent between a client and a server include the capability of defining programmable processing steps that are applied by the server when protecting the data and the same steps are applied by the client when unprotecting the data. The programmable processing steps can be defined uniquely for each client, and the programmable processing steps are selected from a number of functions using sequencing data that defines the processing steps. The programmable processing steps allow for each client to process encrypted data in a different manner and the programmable processing steps are defined by what is called a digital rights management (DRM) Sequencing Key, and as such the system and method introduces a key-able DRM whereby each DRM message can be processed in a unique (or pseudo unique) manner.

37 Citations

View as Search Results

19 Claims

1. A method of protecting digital rights management (DRM) data to be transmitted to client devices, the method comprising:
- receiving input DRM data to be protected;
  
  generating sequencer data that describes an order in which selected protection functions will be applied to the input DRM data;
  
  sequentially applying the selected protection functions, by executing a software program, to the input DRM data according to the order described by the sequencer data to generate protected output DRM data, sequentially applying the selected protection functions to the input DRM data according to the order described by the sequencer data to generate the protected output DRM data comprisingusing a portion of the sequencer data to identify a first function, performing the first function on the input DRM data to generate a first output, and performing the first function on at least a portion of the sequencer data to produce first modified sequencer data,using a portion of the first modified sequencer data to identify a second function, performing the second function on the first output to generate a second output, and performing the second function on at least a portion of the first modified sequencer data to produce second modified sequencer data, andusing a portion of the second modified sequencer data to identify a third function and performing the third function on the second output;
  
  transmitting the protected output DRM data to the client devices;
  
  mapping the sequencer data for each of the client devices based on a mapping used by the respective client device for selecting the protection functions from the sequencer data, wherein each of the client devices has unique mapping for selecting protection functions from sequencer data; and
  
  transmitting the corresponding mapped sequencer data to each of the client devices.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein at least one of the functions is decomposed and the order described by the sequencer data includes applying only a portion of the at least one decomposed function.
  - 3. The method of claim 1 wherein the sequencer data is generated using information about the client devices.
  - 4. The method of claim 3 wherein the information about the client devices includes information about decryption functions available in the client devices.
  - 5. The method of claim 1 further comprising transmitting keys for at least some of the selected protection functions to the client devices.

6. A computerized client device for using encrypted digital rights management (DRM) data comprising:
- an input data interface module to receive protected DRM data and encrypted sequencer data that defines a sequence of selected ones of a plurality of decryption functions;
  
  a memory storing the plurality of decryption functions; and
  
  a processor coupled to the input data interface module and the memory and arranged to decrypt the encrypted sequencer data and sequentially apply the selected ones of the plurality of the decryption functions to the protected DRM data in the sequence defined by the decrypted sequencer data,wherein the sequence defined by the decrypted sequencer data includes a first function identified by a first portion of the decrypted sequencer data and a second function identified by a portion of self-modified sequencer data, the self-modified sequencer data generated by performing the first function on at least a portion of the decrypted sequencer data.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computerized client device of claim 6 wherein at least one of the plurality of decryption functions is decomposed and the memory stores the decomposed portions in a scrambled order.
  - 8. The computerized client device of claim 6 wherein the encrypted sequencer data is received in a message that is separate from a message in which the protected DRM data is received.
  - 9. The computerized client device of claim 6 wherein the plurality of decryption functions includes a camouflage function that cannot be selected by the sequencer data.
  - 10. The computerized client device of claim 6 wherein at least one of the plurality of decryption functions is selected from the group consisting of partial AES decryption, data shifting, data substitution, bit reversal functions.

11. A computer server comprising:
- an input data interface module for receiving input digital rights management (DRM) data to be protected;
  
  a memory storing a plurality of encryption functions and sequencer data that defines a sequence of selected ones of the plurality of encryption functions; and
  
  a processor coupled to the input data interface module and the memory and configured to protect the input DRM data by sequentially applying the selected ones of the plurality of encryption functions in the sequence defined by the sequencer data to produce protected output DRM data for transmission to a client device, the processor being further configured to encrypt the sequencer data for transmission to the client device,wherein the sequence defined by the sequencer data includes a first function identified by a first portion of the sequencer data and a second function identified by a portion of self-modified sequencer data, the self-modified sequencer data generated by performing the first function on at least a portion of the sequencer data.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer server of claim 11 wherein the memory further stores an encrypted version of a sequencer instruction execution module having instructions performed by the processor to protect the input DRM data.
  - 13. The computer server of claim 11 wherein the plurality of encryption functions includes a camouflage function that cannot be selected by the sequencer data.
  - 14. The computer server of claim 11 wherein at least one of the plurality of encryption functions is selected from the group consisting of partial AES encryption, data shifting, data substitution, and bit reversal functions.
  - 15. The computer server of claim 11 wherein the selected ones of the plurality of encryption functions is time dependent.

16. A method of protecting digital rights management (DRM) data to be transmitted to client devices, the method comprising:
- receiving input DRM data to be protected;
  
  generating sequencer data that describes an order in which selected protection functions will be applied to the input DRM data;
  
  mapping the sequencer data for each of the client devices based on a mapping used by the respective client device for selecting the protection functions from the sequencer data, wherein each of the client devices has a unique mapping for selecting protection functions from sequencer data;
  
  sequentially applying the selected protection functions, by executing a software program, to the input DRM data according to the order described by the mapped sequencer data to generate protected output DRM data for each of the client devices, the sequence defined by the mapped sequencer data including a first function identified by a first portion of the mapped sequencer data and a second function identified by a portion of self-modified sequencer data, the self-modified sequencer data generated by performing the first function on at least a portion of the mapped sequencer data;
  
  transmitting the respective protected output DRM data to each of the client devices;
  
  andtransmitting the sequencer data to the client devices.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16 wherein the sequencer data is transmitted to the client devices in a message that is separate from transmitting the protected output DRM data to the client devices.
  - 18. The method of claim 16 further comprising transmitting keys for at least some of the selected protection functions to the client devices.
  - 19. The method of claim 16 further comprising encrypting the sequencer data before transmitting to the client devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verimatrix Incorporated (Verimatrix SA)
Original Assignee
Verimatrix Incorporated (Verimatrix SA)
Inventors
Kulakowski, Robert T., Mautner, Craig, Fahy, James B., Hutchins, Greg, Bronte, Jeffrey
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Su, Sarah

Application Number

US12/122,303
Publication Number

US 20080288771A1
Time in Patent Office

1,873 Days
Field of Search

713/150, 713/168, 707/397, 707/398, 707/687, 726/26, 705/50, 705/51
US Class Current

713/150
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/60   Protecting data

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/603   Digital right managament [DRM]

H04L 9/088   Usage controlling of secret...

H04L 9/16   the keys or algorithms bein...

System and method for defining programmable processing steps applied when protecting the data

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for defining programmable processing steps applied when protecting the data

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links