System and method for digital rights management using a secure end-to-end protocol with embedded encryption keys
First Claim
1. A computer-implemented method, comprising:
- generating, by a digital rights management (DRM) client, an encrypted request to authenticate a client application as a trusted consumer of protected content, the DRM client implemented within the client application, the client application configured to consume content, the request encrypted using an encryption key embedded within a binary representation of the DRM client, the encryption key having been selected from a pool of encryption keys and embedded by a software vendor during a build of the binary representation of the DRM client and being different than one or more encryption keys embedded within one or more other binary representations of the DRM client;
providing, by the DRM client, the encrypted request to an authentication server;
receiving, by the DRM client, an encrypted response from the authentication server, the authentication server being remote from the DRM client and using a particular encryption key corresponding to the encryption key of the DRM client to decrypt the encrypted request and to encrypt the encrypted response, the encrypted response including an authentication token;
decrypting, by the DRM client, the encrypted response; and
enabling the client application via the DRM client to consume the protected content based at least in part on the authentication token.
2 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of a system and method for digital rights management using a secure end-to-end protocol with embedded encryption keys are described. A DRM framework may implement a secure end-to-end protocol configured to protect messages sent between trusted endpoints by encrypting and decrypting the messages within software applications executing on each trusted endpoint. An encryption key embedded within a binary representation of a DRM client may be used by the DRM client to encrypt and decrypt messages sent over the secure protocol. The DRM client may request authentication using the secure protocol and receive an authentication token used by the DRM client to acquire a license to view protected content. The encryption key may be chosen from a pool of encryption keys and embedded in the DRM client during the software build process for the DRM client. The secure protocol may be designed according to Representational State Transfer guidelines.
-
Citations
26 Claims
-
1. A computer-implemented method, comprising:
-
generating, by a digital rights management (DRM) client, an encrypted request to authenticate a client application as a trusted consumer of protected content, the DRM client implemented within the client application, the client application configured to consume content, the request encrypted using an encryption key embedded within a binary representation of the DRM client, the encryption key having been selected from a pool of encryption keys and embedded by a software vendor during a build of the binary representation of the DRM client and being different than one or more encryption keys embedded within one or more other binary representations of the DRM client; providing, by the DRM client, the encrypted request to an authentication server; receiving, by the DRM client, an encrypted response from the authentication server, the authentication server being remote from the DRM client and using a particular encryption key corresponding to the encryption key of the DRM client to decrypt the encrypted request and to encrypt the encrypted response, the encrypted response including an authentication token; decrypting, by the DRM client, the encrypted response; and enabling the client application via the DRM client to consume the protected content based at least in part on the authentication token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 24, 25, 26)
-
-
9. A system, comprising:
-
a processor; and a memory having program instructions stored thereon, that when executed by the processor, cause the processor to implement a digital rights management (DRM) client within a client application, configured to; generate, within the client application, the client application configured to consume content, an encrypted request to authenticate the client application as a trusted consumer of protected content using an encryption key, the encryption key having been selected from a pool of encryption keys and embedded within a binary representation of the DRM client by a software vendor during a build of the binary representation of the DRM client and being different than one or more encryption keys embedded within one or more other binary representations of the DRM client; provide, by the DRM client, the encrypted request to an authentication server; receive, by the DRM client, an encrypted response from the authentication server, the authentication server being different from the DRM client and using a particular encryption key corresponding to the encryption key of the DRM client to decrypt the encrypted request and to encrypt the encrypted response, the encrypted response including an authentication token; decrypt, using the DRM client, the encrypted response; and enable the client application via the DRM client to consume the protected content based at least in part on the authentication token. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium having program instructions stored thereon that when executed by a computer, cause the computer to implement a DRM client within a client application, configured to:
-
generate, within the client application, the client application configured to consume content, an encrypted request to authenticate the client application as a trusted consumer of protected content using an encryption key embedded within a binary representation of the DRM client, the encryption key having been selected from a pool of encryption keys and embedded by a software vendor during a build of the binary representation of the DRM client and being different than one or more encryption keys embedded within one or more other binary representations of the DRM client; provide, by the DRM client, the encrypted request to an authentication server; receive, at the DRM client, an encrypted response from the authentication server, the authentication server being remote from the DRM client and using a particular encryption key corresponding to the encryption key of the DRM client to decrypt the encrypted request and to encrypt the encrypted response, the encrypted response including an authentication token; decrypt, using the DRM client, the encrypted response; and enable the client application via the DRM client to consume the protected content based at least in part on the authentication token. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. The computer-readable storage medium of 16, wherein the encryption key comprises a symmetric key or a key from a public-private key pair.
-
23. A computer-implemented method, comprising:
-
receiving, by a server software application, a plurality of encrypted requests to authenticate a client application as a trusted consumer of protected content from a plurality of digital rights management (DRM) clients, wherein each of the plurality of encrypted requests includes an unencrypted portion comprising a unique identifier and an encryption key corresponding to a binary representation of a DRM client that sent the encrypted request, the unique identifier and the encryption key, the encryption key having been selected from a pool of encryption keys, having been embedded into the binary representation by a software vendor during a build of the binary representation of the DRM client; for each encrypted request; accessing, by the server software application, an encryption key map; locating, using the encryption key map, an associated encryption key corresponding to the embedded unique identifier and encryption key; decrypting, by the server software application, the encrypted request using the located associated encryption key; providing, by the server software application to the plurality of DRM clients, an encrypted response that was encrypted using the associated encryption key, the encrypted response including an authentication token; and enabling the DRM client implemented within the client application to consume the protected content based at least in part on the authentication token, the client application configured to consume content.
-
Specification