Provisioning a computing system for digital rights management
First Claim
Patent Images
1. A single-device system comprising:
- one or more computer-readable storage media hardware;
computer-readable instructions on the one or more computer-readable storage media hardware which, responsive to execution by at least one processor, are configured to;
provide a digital rights management (DRM) partition which, when created, comprises an empty operating environment that does not include DRM functionality and is to be provisioned with DRM software, including executable DRM software configured to acquire, manage, and enforce licenses associated with protected content;
provide a hypervisor that is configured to;
provide partitioning functionality on the system, including the DRM partition which is to be provisioned with the DRM software,wherein the DRM partition is configured to have all associated DRM functionality executing within the DRM partition remotely provisioned; and
maintain isolation between partitions on the system; and
wherein the DRM partition is further configured to generate an attestation request to a network-accessible individualization service to initiate a provisioning process in which it receives the DRM software, wherein the attestation request includes;
an identification of the DRM partition;
an identification of the single-device associated with the DRM partition;
an identification of a version of an operating system running on the single-device; and
an identification of the hypervisor that is running on the single-device.
2 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for tamper-resistant storage.
-
Citations
20 Claims
-
1. A single-device system comprising:
-
one or more computer-readable storage media hardware; computer-readable instructions on the one or more computer-readable storage media hardware which, responsive to execution by at least one processor, are configured to; provide a digital rights management (DRM) partition which, when created, comprises an empty operating environment that does not include DRM functionality and is to be provisioned with DRM software, including executable DRM software configured to acquire, manage, and enforce licenses associated with protected content; provide a hypervisor that is configured to; provide partitioning functionality on the system, including the DRM partition which is to be provisioned with the DRM software, wherein the DRM partition is configured to have all associated DRM functionality executing within the DRM partition remotely provisioned; and maintain isolation between partitions on the system; and wherein the DRM partition is further configured to generate an attestation request to a network-accessible individualization service to initiate a provisioning process in which it receives the DRM software, wherein the attestation request includes; an identification of the DRM partition; an identification of the single-device associated with the DRM partition; an identification of a version of an operating system running on the single-device; and an identification of the hypervisor that is running on the single-device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method comprising:
-
contacting a remote provisioning service that is configured to provision Digital Rights Management (DRM) functionality to one or more computing devices, wherein at least some provisionable DRM functionality includes DRM software configured to acquire, manage, and enforce licenses associated with protected content, the DRM software further being encrypted and configured to only decrypt in a DRM partition, the DRM partition configured to have all associated DRM functionality executing within the DRM partition remotely provisioned, wherein said act of contacting is performed, at least in part, by a DRM partition that is managed by a hypervisor; receiving, from the remote provisioning service, encrypted content that is to be used to provision the DRM functionality on a computing device that performed said act of contacting; using said encrypted content to provision DRM functionality on said computing device; and responsive to receiving provisioned DRM functionality, using at least some of said provisioned DRM functionality to acquire, manage, and enforce one or more licenses associated with protected content, wherein contacting the remote provisioning service comprises sending an attestation request to initiate a provisioning process, the attestation request comprising; an identification of the DRM partition; an identification of the computer associated with the DRM partition; an identification of a version of an operating system running on the computer; and an identification of the hypervisor that is running on the computer. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer implemented method comprising:
-
preparing, using a Digital Rights Management (DRM) partition, an attestation request that includes an identification of the DRM partition, an identification of a computing device associated with the DRM partition, an identification of a version of an operating system running on the computing device, and an identification of a hypervisor that is running on the computing device, the hypervisor configured to provide partitioning functionality, the DRM partition configured to have all associated DRM functionality executing within the DRM partition remotely provisioned; sending the attestation request to an individualization service that is configured to provision DRM software to the DRM partition, wherein at least some of the DRM software comprises software configured to acquire, manage, and enforce licenses associated with protected content; receiving, from the individualization service, an encrypted private key; storing the private key in a gated, hardware key storage; receiving encrypted DRM software from the individualization service; storing the encrypted DRM software in a local storage; decrypting the encrypted DRM software for usage; and re-encrypting said decrypted DRM software when the usage is done, wherein at least some of said re-encrypted DRM software is executable software. - View Dependent Claims (18, 19, 20)
-
Specification