Methods and systems for scalable distribution of protected content

US 8,793,492 B2
Filed: 01/13/2011
Issued: 07/29/2014
Est. Priority Date: 01/13/2011
Status: Active Grant

First Claim

Patent Images

1. A computerized device, comprising:

a network interface; and

a data processing hardware element,wherein the data processing hardware element is configured to implement a content player, wherein the content player is configured to obtain a parameter value from a content stream accessed by the content player via the network interface, the content stream comprising encrypted content requested by the content player and an embedded license, the embedded license comprising a content key that is useable for decrypting the encrypted content and that is encrypted according to a global key accessible by the content player, the parameter value specifying a digital signature,wherein the content player is configured to;

obtain an electronic token based on performing an authentication process for authenticating a client associated with the computerized device;

access the content stream without performing the authentication process;

determine that the electronic token is present and is signed with the digital signature specified by the parameter value obtained from the content stream, anduse the global key to decrypt the content key based on determining that the electronic token signed with the specified digital signature is present.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computerized device can implement a content player to access a content stream using a network interface, the content stream comprising encrypted content and an embedded license comprising a content key encrypted according to a global key accessible by the content player. The content player determines whether a token meeting an authorization condition is present and uses the global key to decrypt the content key only if such a token is present. The authorization condition may be evaluated at least in part based on data included in the content stream. The authorization condition can include presence of a token having a content ID matching a corresponding ID in the license; presence of a token with a correct device ID; presence of a token signed according to a digital signature identified in the licenses; and/or presence of a token that is unexpired, with expiration evaluated based on a time-to-live indicator in the token.

15 Citations

View as Search Results

18 Claims

1. A computerized device, comprising:
- a network interface; and
  
  a data processing hardware element,wherein the data processing hardware element is configured to implement a content player, wherein the content player is configured to obtain a parameter value from a content stream accessed by the content player via the network interface, the content stream comprising encrypted content requested by the content player and an embedded license, the embedded license comprising a content key that is useable for decrypting the encrypted content and that is encrypted according to a global key accessible by the content player, the parameter value specifying a digital signature,wherein the content player is configured to;
  
  obtain an electronic token based on performing an authentication process for authenticating a client associated with the computerized device;
  
  access the content stream without performing the authentication process;
  
  determine that the electronic token is present and is signed with the digital signature specified by the parameter value obtained from the content stream, anduse the global key to decrypt the content key based on determining that the electronic token signed with the specified digital signature is present.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computerized device of claim 1, wherein the content player is further configured to use the global key to decrypt the content key based on at least one of determining that the electronic token includes a device ID matching the device ID of the computerized device and evaluating a time-to-live indicator included in the electronic token to determine that the electronic token is not expired.
  - 3. The computerized device of claim 1, wherein the content player is further configured to use the global key to decrypt the content key based on:
    - determining that the electronic token includes a device ID matching a device ID of the computerized device; and
      
      evaluating a time-to-live indicator included in the electronic token to determine that the electronic token is not expired.
  - 4. The computerized device of claim 1, wherein the data processing hardware element further comprises a token acquisition component configured to obtain the electronic token separately from accessing the content stream.
  - 5. The computerized device of claim 1, wherein the data processing hardware element comprises a processor and the content player comprises a program component embodied in a memory device accessible by the processor.
  - 6. The computerized device of claim 1, wherein the content player is further configured to use the decrypted content key to decrypt the encrypted content and provide output based on the decrypted content.
  - 7. The computerized device of claim 1, wherein the global key is identical to a global key accessible by a plurality of instances of the content player, each instance of the content player implemented at a different computerized device.

8. A computer-implemented method, comprising:
- associating a content item with a parameter value associated with an electronic token, the parameter value specifying a digital signature used to sign the token;
  
  providing the electronic token to a content player application executed at a client device via a network connection based on performing an authentication process for authenticating a client associated with the client device, the electronic token comprising electronic content signed with the digital signature specified by the parameter value; and
  
  responsive to receiving a request for the content item from the client device;
  
  embedding data specifying the parameter value in a content stream comprising an encrypted version of the content item, andproviding the content stream to the client device, the content stream including the encrypted version of the content item and the embedded data specifying the parameter value wherein the content stream is provided to the client device without performing the authentication process in response to the request for the content item.
- View Dependent Claims (14)
- - 14. The method of claim 8, further comprising providing the electronic token with the content player application in response to a request to download the content player application.

9. A computer program product comprising a non-transitory computer readable medium embodying program code, the program code comprising:
- program code for obtaining an electronic token based on performing an authentication process for authenticating a client associated with a computing device;
  
  program code for accessing a content stream using a network interface of the computing device without performing the authentication process, the content stream comprising encrypted content requested by a content player, a parameter value specifying a digital signature, and an embedded license that includes a content key that is useable for decrypting the encrypted content and that is encrypted according to a global key;
  
  program code for identifying the digital signature from the parameter value in the content stream comprising the encrypted content requested by the content player;
  
  program code for determining that the electronic token is present on the computing device and that the electronic token is signed with the digital signature specified by the parameter value; and
  
  program code for using the global key to decrypt the content key based on determining that the electronic token is present and is signed with the digital signature specified by the parameter value.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The computer program product of claim 9, further comprising program code for determining that the electronic token includes a device ID matching the device ID of the computing device and using the global key to decrypt the content key based on the device ID included in the electronic token matching the device ID of the computing device.
  - 11. The computer program product of claim 9, further comprising program code for evaluating a time-to-live indicator included in the electronic token to determine that the electronic token is unexpired and using the global key to decrypt the content key based on determining that the electronic token is unexpired.
  - 12. The computer program product of claim 9, further comprising:
    - program code for requesting the electronic token from a first computing system using an out-of-band mechanism separate from accessing of the content stream.
  - 13. The computer program product of claim 9,wherein the program code for accessing comprises code for establishing a connection to a content server and obtaining the content stream without carrying out an authorization routine specific to the content.

15. A method comprising:
- obtaining an electronic token based on performing an authentication process for authenticating a client associated with a computing device;
  
  accessing a content stream using a network interface of the computing device without performing the authentication process, the content stream comprising encrypted content requested by a content player, a parameter value specifying a digital signature, and an embedded license that includes a content key encrypted according to a global key;
  
  identifying the digital signature from the parameter value in the content stream comprising the encrypted content requested by the content player;
  
  determining that the electronic token is present on the computing device and that the electronic token is signed with the digital signature specified by the parameter value; and
  
  using the global key to decrypt the content key based on determining that the electronic token is present and is signed with the digital signature specified by the parameter value.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, further comprising:
    - determining that the electronic token includes a device ID matching the device ID of the computing device; and
      
      using the global key to decrypt the content key based on the device ID included in the electronic token matching the device ID of the computing device.
  - 17. The method of claim 15, further comprising:
    - evaluating a time-to-live indicator included in the electronic token to determine that the electronic token is unexpired; and
      
      using the global key to decrypt the content key based on determining that the electronic token is unexpired.
  - 18. The method of claim 15, further comprising requesting the electronic token from a first computing system using an out-of-band mechanism separate from the accessing of the content stream.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Shah, Kunal, Agrawal, Sunil
Primary Examiner(s)
Okeke, Izunna

Application Number

US13/005,823
Publication Number

US 20120185695A1
Time in Patent Office

1,293 Days
Field of Search

None
US Class Current

713/168
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 9/0822   using key encryption key

H04L 9/3234   involving additional secure...

H04N 21/26613   for generating or managing ...

H04N 21/4623   Processing of entitlement m...

H04N 21/4627   Rights management associate...

Methods and systems for scalable distribution of protected content

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for scalable distribution of protected content

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links