Secure storage for digital rights management
First Claim
Patent Images
1. A method, implemented at least in part by a computer, comprising:
- providing a computing device with digital rights management (DRM) software that has been remotely provisioned, wherein the remotely provisioned DRM software performs DRM operations, the DRM operations including acquisition and enforcement of one or more licenses pertaining to DRM data, and wherein the remotely provisioned DRM software has been remotely provisioned by;
creating a DRM partition that serves as an empty host;
generating an attestation request that includes at least;
an identity (ID) of the DRM partition; and
an identification of the computing device; and
using the attestation request to initiate a provisioning process from a remote service in which the remotely provisioned DRM software is provisioned to the DRM partition;
providing, in secure storage on the computing device, a signing key and a counter that maintains a counter value that is to be used for verification;
associating a counter value with the DRM data that is to be protected;
signing, under the influence of the remotely provisioned DRM software, the DRM data and associated counter value using the signing key, said signing providing signed DRM data and the associated counter value;
storing the signed DRM data and the associated counter value in local storage on the computing device; and
verifying that a counter value stored in the local storage matches with a counter value stored in the secure storage, wherein the act of verifying comprises sending, by the remotely provisioned DRM software, a nonce to the secure storage and receiving, responsive to said sending, a signed package that includes the nonce and a counter value to be verified.
2 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for robustly secure storage.
-
Citations
15 Claims
-
1. A method, implemented at least in part by a computer, comprising:
-
providing a computing device with digital rights management (DRM) software that has been remotely provisioned, wherein the remotely provisioned DRM software performs DRM operations, the DRM operations including acquisition and enforcement of one or more licenses pertaining to DRM data, and wherein the remotely provisioned DRM software has been remotely provisioned by; creating a DRM partition that serves as an empty host; generating an attestation request that includes at least; an identity (ID) of the DRM partition; and an identification of the computing device; and using the attestation request to initiate a provisioning process from a remote service in which the remotely provisioned DRM software is provisioned to the DRM partition; providing, in secure storage on the computing device, a signing key and a counter that maintains a counter value that is to be used for verification; associating a counter value with the DRM data that is to be protected; signing, under the influence of the remotely provisioned DRM software, the DRM data and associated counter value using the signing key, said signing providing signed DRM data and the associated counter value; storing the signed DRM data and the associated counter value in local storage on the computing device; and verifying that a counter value stored in the local storage matches with a counter value stored in the secure storage, wherein the act of verifying comprises sending, by the remotely provisioned DRM software, a nonce to the secure storage and receiving, responsive to said sending, a signed package that includes the nonce and a counter value to be verified. - View Dependent Claims (2, 3, 4, 5)
-
-
6. One or more hardware computer readable storage memories storing computer readable instructions which, when executed, implement a method comprising:
-
providing a computing device with digital rights management (DRM) software that has been remotely provisioned, wherein the remotely provisioned DRM software performs DRM operations, the DRM operations including acquisition and enforcement of one or more licenses pertaining to DRM data, and wherein the remotely provisioned DRM software has been remotely provisioned by; creating a DRM partition that serves as an empty host; generating an attestation request that includes at least; an identity (ID) of the DRM partition; and an identification of the computing device; and using the attestation request to initiate a provisioning process from a remote service in which the remotely provisioned DRM software is provisioned to the DRM partition; providing, in secure storage on the computing device, a signing key and a counter that maintains a counter value that is to be used for verification; associating a counter value with the DRM data that is to be protected; signing, under the influence of the remotely provisioned DRM software, the DRM data and associated counter value using the signing key, said signing providing signed DRM data and the associated counter value; storing the signed DRM data and the associated counter value in local storage on the computing device; and verifying that a counter value stored in the local storage matches with a counter value stored in the secure storage, wherein the act of verifying comprises sending, by the remotely provisioned DRM software, a nonce to the secure storage and receiving, responsive to said sending, a signed package that includes the nonce and a counter value to be verified. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computing device comprising:
-
one or more hardware processors; one or more computer readable storage memories storing computer readable instructions which, when executed by the one or more processors, implement a method comprising; providing a computing device with digital rights management (DRM) software that has been remotely provisioned, wherein the remotely provisioned DRM software performs DRM operations, the DRM operations including acquisition and enforcement of one or more licenses pertaining to DRM data, and wherein the remotely provisioned DRM software has been remotely provisioned by; creating a DRM partition that serves as an empty host; generating an attestation request that includes at least; an identity (ID) of the DRM partition; and an identification of the computing device; and using the attestation request to initiate a provisioning process from a remote service in which the remotely provisioned DRM software is provisioned to the DRM partition; providing, in secure storage on the computing device, a signing key and a counter that maintains a counter value that is to be used for verification; associating a counter value with the DRM data that is to be protected; signing, under the influence of the remotely provisioned DRM software, the DRM data and associated counter value using the signing key, said signing providing signed DRM data and the associated counter value; storing the signed DRM data and the associated counter value in local storage on the computing device; and verifying that a counter value stored in the local storage matches with a counter value stored in the secure storage, wherein the act of verifying comprises sending, by the remotely provisioned DRM software, a nonce to the secure storage and receiving, responsive to said sending, a signed package that includes the nonce and a counter value to be verified. - View Dependent Claims (12, 13, 14, 15)
-
Specification