Cloud-based movable-component binding

US 8,850,230 B2
Filed: 01/14/2008
Issued: 09/30/2014
Est. Priority Date: 01/14/2008
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable storage devices having computer-executable instructions that, when executed by one or more processors on a mobile computing device, perform acts comprising:

requesting, from a movable component physically connected to the mobile computing device but removable from the mobile computing device, a cryptographically secure identifier bound to the movable component, identifying the movable component, and not decryptable by the mobile computing device but decryptable by a remote computing device capable of communication with the mobile computing device using a mobile-device communication network, the movable component comprising a token associated with a DRM license, the DRM license permitting the mobile computing device to perform actions on protected media content that is stored on a removable memory physically connected to the mobile computing device but removable from the mobile computing device;

receiving the cryptographically secure identifier from the movable component;

transmitting the cryptographically secure identifier to the remote computing device over the mobile-device communication network to request permission to use the protected media content, the cryptographically secure identifier usable by the remote computing device to determine that the movable component is authentic and an entity associated with the movable component has a right to the requested use of the protected media content;

transmitting a device identifier identifying the mobile computing device effective to enable the remote computing device to determine whether or not the mobile computing device is trusted;

transmitting a non-encrypted identifier for the movable component effective to enable the remote computing device to authenticate the movable component using at least the non-encrypted identifier and the cryptographically secure identifier; and

receiving, from the remote computing device over the mobile-device communication network, permission to use the protected media content based at least in part on an indication from the remote computing device that the mobile computing device is trusted, the permission received responsive to the remote computing device authenticating the movable component using the non-encrypted identifier and the cryptographically secure identifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This document describes tools capable of enabling cloud-based movable-component binding. The tools, in some embodiments, bind protected media content to a movable component in a mobile computing device in a cryptographically secure manner without requiring the movable component to perform a complex cryptographic function. By so doing the mobile computing device may request access to content and receive permission to use the content quickly and in a cryptographically robust way.

36 Citations

View as Search Results

18 Claims

1. One or more computer-readable storage devices having computer-executable instructions that, when executed by one or more processors on a mobile computing device, perform acts comprising:
- requesting, from a movable component physically connected to the mobile computing device but removable from the mobile computing device, a cryptographically secure identifier bound to the movable component, identifying the movable component, and not decryptable by the mobile computing device but decryptable by a remote computing device capable of communication with the mobile computing device using a mobile-device communication network, the movable component comprising a token associated with a DRM license, the DRM license permitting the mobile computing device to perform actions on protected media content that is stored on a removable memory physically connected to the mobile computing device but removable from the mobile computing device;
  
  receiving the cryptographically secure identifier from the movable component;
  
  transmitting the cryptographically secure identifier to the remote computing device over the mobile-device communication network to request permission to use the protected media content, the cryptographically secure identifier usable by the remote computing device to determine that the movable component is authentic and an entity associated with the movable component has a right to the requested use of the protected media content;
  
  transmitting a device identifier identifying the mobile computing device effective to enable the remote computing device to determine whether or not the mobile computing device is trusted;
  
  transmitting a non-encrypted identifier for the movable component effective to enable the remote computing device to authenticate the movable component using at least the non-encrypted identifier and the cryptographically secure identifier; and
  
  receiving, from the remote computing device over the mobile-device communication network, permission to use the protected media content based at least in part on an indication from the remote computing device that the mobile computing device is trusted, the permission received responsive to the remote computing device authenticating the movable component using the non-encrypted identifier and the cryptographically secure identifier.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The one or more computer-readable storage devices of claim 1, wherein the movable component is a Subscriber Identity Module (SIM).
  - 3. The one or more computer-readable storage devices of claim 1, wherein the movable component is a hardware card that is computationally slow relative to the remote computing device.
  - 4. The one or more computer-readable storage devices of claim 1, wherein the cryptographically secure identifier is computed by the movable component with a symmetric key operation using a secret bound to the movable component and known by the remote computing device.
  - 5. The one or more computer-readable storage devices of claim 1, wherein the act of receiving permission includes receiving information sufficient to enable the mobile computing device to decrypt the protected media content.

6. A method implemented at least in part by a computing device comprising:
- receiving, via a mobile-device communication network and from a mobile computing device, a request to use protected media content and a cryptographically secure identifier bound to a movable component physically connected to the mobile computing device but removable from the mobile computing device, the request including a non-encrypted identifier configured to identify the movable component associated with the cryptographically secure identifier, the movable component comprising a token associated with a DRM license, the DRM license permitting the mobile computing device to perform actions on the protected media content, the protected media content stored on a removable memory physically connected to the mobile computing device but removable from the mobile computing device, the request further including a device identifier identifying the mobile computing device and usable to determine whether the mobile computing device is trusted;
  
  determining, based on the cryptographically secure identifier and the non-encrypted identifier, that the movable component is authentic and that an entity associated with the removable component has a right to the requested use of the protected media content; and
  
  responsive to determining that the movable component is authentic and that the entity associated with the removable component has a right to the requested use of the protected media content, transmitting information to the mobile computing device via the mobile-device communication network based on a determination that the mobile computing device is trusted, the information sufficient to enable the mobile computing device to use the protected media content.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method of claim 6, wherein the act of determining finds a number and a secret associated with the non-encrypted identifier, decrypts the cryptographically secure identifier using the secret to provide a decrypted identifier, and wherein, if the decrypted identifier matches or is an increment of the number, determining that the movable component is authentic and that the entity has the right to the requested use.
  - 8. The method of claim 6, wherein the act of determining comprises performing an asymmetric key operation and the cryptographically secure identifier is computed by the movable component with a symmetric key operation.
  - 9. The method of claim 6, wherein the computing device on which the method is implemented at least in part includes a server having fast computational abilities compared to computational abilities of the movable component.
  - 10. The method of claim 9, wherein the movable component is a hardware Subscriber Identity Module (SIM) card that is computationally slow relative to the server.
  - 11. The method of claim 6, wherein the information comprises a key usable by the mobile computing device to decrypt the protected media content.

12. A method implemented at least in part by a mobile computing device comprising:
- requesting, from a movable component physically connected to the mobile computing device but removable from the mobile computing device, a cryptographically secure identifier bound to the movable component, identifying the movable component, and not decryptable by the mobile computing device but decryptable by a remote computing device capable of communication with the mobile computing device using a mobile-device communication network, the movable component comprising a token associated with a DRM license, the DRM license permitting the mobile computing device to perform actions on protected media content that is stored on a removable memory physically connected to the mobile computing device but removable from the mobile computing device;
  
  receiving the cryptographically secure identifier from the movable component;
  
  transmitting the cryptographically secure identifier to the remote computing device over the mobile-device communication network to request permission to use the protected media content, the cryptographically secure identifier usable by the remote computing device to determine that the removable component is authentic and an entity associated with the removable component has a right to the requested use of the protected media content;
  
  transmitting a device identifier identifying the mobile computing device effective to enable the remote computing device to determine whether the mobile computing device is trusted;
  
  transmitting a non-encrypted identifier for the movable component effective to enable the remote computing device to authenticate the movable component using at least the non-encrypted identifier and the cryptographically secure identifier; and
  
  receiving, from the remote computing device over the mobile-device communication network, permission to use the protected media content based on a determination that the mobile computing device is trusted, the permission received responsive to the remote computing device authenticating the movable component using the non-encrypted identifier and the cryptographically secure identifier.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, wherein the movable component is a Subscriber Identity Module (SIM).
  - 14. The method of claim 12, wherein the movable component is a hardware card that is computationally slow relative to the remote computing device.
  - 15. The method of claim 12, wherein the cryptographically secure identifier is computed by the movable component with a symmetric key operation using a secret bound to the movable component and known by the remote computing device.
  - 16. The method of claim 12, wherein the act of receiving permission includes receiving information sufficient to enable the mobile computing device to decrypt the protected media content.
  - 17. The method of claim 12, wherein the movable component is configured to store a unique secret key and nonce.
  - 18. The method of claim 12, wherein the DRM license includes multiple license identifiers including at least one of a customer identifier, a service identifier, or a domain identifier, the multiple identifiers being usable to authenticate the mobile computing device to a license server of a DRM system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Schnell, Patrik, Grigorovitch, Alexandre V, Dubhashi, Kedarnath A
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US12/014,079
Publication Number

US 20090183010A1
Time in Patent Office

2,451 Days
Field of Search

713/193, 713/192, 713/1, 713/2, 713/155, 713/168, 713/172, 726/2, 726/4, 726/6, 726/17, 726/9, 726/20, 726/21, 709/226
US Class Current

713/193
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/603   Digital right managament [DRM]

H04L 2209/80   Wireless network architectu...

H04L 2463/103   applying security measure f...

H04L 63/0853   using an additional device,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 12/48   using secure binding, e.g. ...

Cloud-based movable-component binding

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Cloud-based movable-component binding

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others