DRM provider interoperability

US 8,751,800 B1
Filed: 04/02/2012
Issued: 06/10/2014
Est. Priority Date: 12/12/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a network device associated with a content provider, having one or more processors configured to perform actions, including;

establishing a trust relationship using a cryptographic protocol with a content decryption module (CDM) provider'"'"'s network device for a version of a CDM and the network device associated with the content provider;

when information is received from a client device indicating that the client device supports at least the version of the CDM;

determining for which of the supported CDMs the network device has an established trust relationship with a corresponding CDM provider;

using the established trust relationships for the supported CDMs, accessing a public key associated with the version of the CDM supported by the client device; and

encrypting a license using the accessed public key, the license protecting access to media content; and

when it is determined that no information is received from the client device indicating the client device supports at least the version of the CDM;

using trust relationships established between the network device and a plurality of different CDM providers to access respective public keys associated with CDMs from the plurality of different CDM providers,encrypting the license with each of the accessed public keys to generate a plurality of encrypted licenses, andproviding each of the encrypted licenses to the client device; and

the client device, comprising;

a plurality of CDMs, wherein one of the plurality of CDMs is the version of the CDM, and wherein the version of the CDM performs actions, including;

receiving from the network device, the encrypted license;

determining an integrity of the version of the CDM and a media player against tampering;

in response to determining that the integrity of the version of the CDM and the media player is confirmed, decrypting the license using a private key associated with the public key, and using the decrypted license to enable access to media content protected by the license; and

in response to determining that the integrity of the version of the media player is not confirmed, denying access to the private key for decryption of the license and access to the media content protected by the license.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed towards providing interoperability by establishing a trust relationship between a provider of a media player usable by a consumer and a content provider. A trust relationship is verified through using a public-private key certification authority. When a request for content is received from a consumer, the request might indicate what content protection mechanisms are available in the consumer'"'"'s device. When a trust relationship is determined to exist between the content provider and the media player providers, the content provider encrypts a license separately for each of a plurality of different content protection mechanisms available at the consumer'"'"'s device. The encrypted licenses are provided to the consumer'"'"'s device, where the media player may be selected to play the content based on a self integrity check the media player may perform, and its ability to use a private key associated with a corresponding public key to decrypt the license.

Citations

20 Claims

1. A system, comprising:
- a network device associated with a content provider, having one or more processors configured to perform actions, including;
  
  establishing a trust relationship using a cryptographic protocol with a content decryption module (CDM) provider'"'"'s network device for a version of a CDM and the network device associated with the content provider;
  
  when information is received from a client device indicating that the client device supports at least the version of the CDM;
  
  determining for which of the supported CDMs the network device has an established trust relationship with a corresponding CDM provider;
  
  using the established trust relationships for the supported CDMs, accessing a public key associated with the version of the CDM supported by the client device; and
  
  encrypting a license using the accessed public key, the license protecting access to media content; and
  
  when it is determined that no information is received from the client device indicating the client device supports at least the version of the CDM;
  
  using trust relationships established between the network device and a plurality of different CDM providers to access respective public keys associated with CDMs from the plurality of different CDM providers,encrypting the license with each of the accessed public keys to generate a plurality of encrypted licenses, andproviding each of the encrypted licenses to the client device; and
  
  the client device, comprising;
  
  a plurality of CDMs, wherein one of the plurality of CDMs is the version of the CDM, and wherein the version of the CDM performs actions, including;
  
  receiving from the network device, the encrypted license;
  
  determining an integrity of the version of the CDM and a media player against tampering;
  
  in response to determining that the integrity of the version of the CDM and the media player is confirmed, decrypting the license using a private key associated with the public key, and using the decrypted license to enable access to media content protected by the license; and
  
  in response to determining that the integrity of the version of the media player is not confirmed, denying access to the private key for decryption of the license and access to the media content protected by the license.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the network device performs actions,wherein sending each of the plurality of encrypted licenses to the client device, comprises wherein at least one other CDM in the plurality of CDMs is selected at the client device to decrypt one of the plurality of encrypted licenses using a private key associated with a corresponding public key for the other CDM.
  - 3. The system of claim 1, wherein the network device performs actions, further including:
    - querying the client device to determine which of the plurality of CDMs the client device supports.
  - 4. The system of claim 1, wherein the network device performs actions, further including:
    - receiving from the client device, information indicating that the client device supports the version of the CDM absent sending a query request to the client device to determine which version of the CDM is supported by the client device.
  - 5. The system of claim 1, wherein encrypting the license, further comprises encrypting one or more content decryption keys that are configured to enable decryption of the media content at the client device by using the private key to decrypt the one or more content decryption keys.
  - 6. The system of claim 1, wherein the client device further comprises:
    - one or more media players that is configured to select one or more of the plurality of CDMs to access the media content.

7. A network device, comprising:
- a memory for storing protected content; and
  
  one or more processors that perform actions, including;
  
  establishing a trust relationship cryptographically with a network device associated with a content decryption module (CDM) provider for a version of a CDM and the network device, wherein the network device is associated with a provider of the protected content;
  
  when information is received from a client device indicating that the client device supports at least the version of the CDM;
  
  determining for which of the supported CDMs the network device has an established trust relationship with a corresponding CDM provider;
  
  using the established trust relationships for the supported CDMs, accessing a public key associated with the version of the CDM;
  
  encrypting a license/decryption key to access content using the accessed public key; and
  
  providing the encrypted license/decryption key to a client device having at least the version of CDM, wherein the version of the CDM is configured to access a protected private key corresponding to the public key, decrypt the encrypted license/decryption key using the private key, and enable access to the content, based in part on an integrity of the client device including the integrity of at least the version of the CDM, the integrity being determined by at least the version of the CDM; and
  
  when it is determined that no information is received from the client device indicating the client device supports at least the version of the CDM;
  
  using trust relationships established between the network device and a plurality of different CDM providers to access respective public keys associated with CDMs from the plurality of different CDM providers,encrypting the license/decryption key with each of the accessed public keys to generate a plurality of encrypted licenses/decryption keys, andproviding each of the encrypted licenses/decryption keys to the client device.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The network device of claim 7, wherein the one or more processors perform actions, further including:
    - sending each of the plurality of encrypted licenses/decryption keys to the client device, wherein at least one other CDM in the plurality of CDMs is selected by the client device to decrypt one of the plurality of encrypted licenses/decryption keys using a private key associated with a corresponding public key for the other CDM.
  - 9. The network device of claim 7, wherein the one or more processors perform actions, further including:
    - querying the client device to determine which of a plurality of CDMs the client device supports; and
      
      wherein providing each of the encrypted licenses/decryption keys to the client device, further comprises the client device selects which CDM to employ to decrypt one of the plurality of encrypted licenses/decryption keys to enable access to the content.
  - 10. The network device of claim 7, wherein the one or more processors perform actions, further including:
    - receiving from the client device, information indicating that the client device supports another CDM absent sending a query request to the client device to determine which CDM is supported by the client device.
  - 11. The network device of claim 7, wherein the one or more processors perform actions, further including:
    - determining that a trust relationship is not established for at least one other CDM provider for another CDM; and
      
      based on the determination of no established trust relationship for the one other CDM provider, refusing to employ another public key associated with the other CDM provider to encrypt and send to the client device the license/decryption key.
  - 12. The network device of claim 7, wherein the one or more processors perform actions, further including:
    - receiving information indicating that at least one of a private key is compromised or an integrity of at least one component of the client device is compromised, and based on the received information refusing to use the compromised public key or to send the license/decryption key to the compromised client device.
  - 13. The network device of claim 7, wherein establishing the trust relationship further comprises receiving at least one attestation from a third-party indicating a level of quality of the CDM provider or version of the CDM.

14. An apparatus comprising a non-transitory computer readable medium, having computer-executable instructions stored thereon, that in response to execution by a computing device, cause the computing device to perform operations, comprising:
- establishing a trust relationship over a network using a cryptographic mechanism with a network device associated with a content decryption module (CDM) provider for a version of a CDM and the computing device that is associated with a content provider;
  
  when information is received from a client device indicating that the client device supports at least the version of the CDM;
  
  determining for which of the supported CDMs the network device has an established trust relationship with a corresponding CDM provider;
  
  using the established trust relationships for the supported CDMs, accessing a public key associated with the version of the CDM;
  
  encrypting a license/decryption key to access content using the accessed public key; and
  
  providing the encrypted license/decryption key to a client device having at least the version of CDM, wherein the version of the CDM is configured to access a protected private key corresponding to the public key, decrypt the encrypted license/decryption key using the private key, and enable access to the content, based in part on an integrity of the client device from tampering including the version of the CDM, the integrity being determined by the version of the CDM; and
  
  when it is determined that no information is received from the client device indicating the client device supports at least the version of the CDM;
  
  using trust relationships established between the network device and a plurality of different CDM providers to access respective public keys associated with CDMs from the plurality of different CDM providers,encrypting the license/decryption key with each of the accessed public keys to generate a plurality of encrypted licenses/decryption keys, andproviding each of the encrypted licenses/decryption keys to the client device.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The apparatus of claim 14, whereinsending each of the plurality of encrypted licenses/decryption keys to the client device, further comprises wherein at least one other CDM in the plurality of CDMs is selected by the client device to decrypt an one of the plurality encrypted licenses/decryption keys using a private key associated with a corresponding public key for the other CDM.
  - 16. The apparatus of claim 14, wherein the operations further comprise:
    - querying the client device to determine which of a plurality of CDMs the client device supports; and
      
      wherein providing each of the encrypted licenses/decryption keys to the client device, further comprises the client device selects which CDM to employ to decrypt one of the plurality of encrypted licenses/decryption keys to enable access to the media content.
  - 17. The apparatus of claim 14, wherein the operations further comprise:
    - receiving from the client device, information indicating that the client device supports another CDM;
      
      determining that a trust relationship is established for the supported other CDM;
      
      based on the results of the determination of the trust relationship for the supported other CDM, encrypting the license/decryption key using another public key associated with the other CDM; and
      
      determining that a trust relationship is not established for at least one other CDM provider for another CDM; and
      
      based on the determination of no established trust relationship, refusing to employ another public key associated with the other CDM provider to encrypt and send to the client device the license/decryption key;
      
      sending to the client device the license/decryption key encrypted with the other public key, wherein the client device selects which CDM to employ to decrypt the encrypted license/decryption key.
  - 18. The apparatus of claim 14, wherein the operations further comprise:
    - receiving information indicating that at least one of a public key is compromised, an integrity of at least one component of the client device is compromised, and based on the received information refusing to use the compromised public key, or to send the license/decryption key to the compromised client device.
  - 19. The apparatus of claim 14, wherein establishing the trust relationship comprises receiving at least one attestation from a third-party indicating a level of quality of the CDM provider or version of the CDM.
  - 20. The apparatus of claim 14, wherein the trust relationship is based at least in part on a contract agreement between a content provider and the CDM provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Dorwin, David Kimbal
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
GRACIA, GARY S

Application Number

US13/437,789
Time in Patent Office

799 Days
Field of Search

713/167
US Class Current

713/167
CPC Class Codes

G06F 11/3003   Monitoring arrangements spe...

G06F 21/105   Arrangements for software l...

G06F 21/1062   Editing

G06F 21/1073   Conversion

G06F 21/50   Monitoring users, programs ...

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 40/143   Markup, e.g. Standard Gener...

G06T 11/00   2D [Two Dimensional] image ...

G11B 20/00086   Circuits for prevention of ...

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 2463/103   applying security measure f...

H04L 47/801   Real time traffic

H04L 47/805   QOS or priority aware

H04L 63/00   Network architectures or ne...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/0876 : based on the identity of th...

H04L 63/102 : Entity profiles

H04L 65/1101 : Session protocols

H04L 65/1108 : Web based protocols, e.g. w...

H04L 65/613 : for the control of the sour...

H04L 65/762 : at the source reformatting...

H04L 65/80 : Responding to QoS

H04L 9/0631 : Substitution permutation ne...

H04L 9/0861 : Generation of secret inform...

H04L 9/32 : including means for verifyi...

H04N 21/2347 : involving video stream encr...

H04N 21/24 : Monitoring of processes or ...

H04N 21/25825 : involving client display ca...

H04N 21/25833 : involving client hardware c...

H04N 21/41407 : embedded in a portable devi...

H04N 21/4405 : involving video stream decr...

H04N 21/4516 : involving client characteri...

View All

DRM provider interoperability

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DRM provider interoperability

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links