System and method for parts-based digital rights management
First Claim
1. A system comprising a memory and one or more processors coupled to the memory, wherein the memory comprises program instructions executable by the one or more processors to implement a digital rights management component configured to:
- receive content comprising a plurality of portions of content, wherein the content is encrypted with a master decryption key;
receive a license for the content, wherein the license comprisesa user identifier that identifies a user requesting the content,an encrypted version of the master decryption key that is generated using a user-specific key that is derived by applying a cryptographic hash function to the user identifier, anda plurality of permissions each specific to a respective portion of the content, wherein each permission specifies one or more access privileges for its respective portion of the content, and wherein different ones of the plurality of permissions are specific to different portions of the content such that different access privileges are specified in the license for different portions of the content;
receive a digital signature for the entire license such that all of the plurality of permissions of the license are signed together by the same digital signature;
validate the digital signature to determine that the permissions have not been modified; and
in response to determining that said permissions have not been modified, provide access to said content in accordance with said license including said permissions, wherein providing access to the content comprisesapplying the cryptographic hash function to the user identifier included in the license to generate the user-specific key,decrypting the encrypted version of the master decryption key using the user-specific key, anddecrypting the content using the master decryption key.
2 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of a system and method for parts-based digital rights management are described. Various embodiments may include a digital rights management component configured to receive content comprising a plurality of portions of content. The digital rights management component may also receive a license for the encrypted content; the license may include a plurality of permissions each specific to a respective portion of the content. Additionally, each permission may specify one or more access privileges for the respective portion of the content. The digital rights management component may receive a digital signature for the entire license. The digital rights management component may validate the digital signature to determine that the permissions have not been modified. The digital rights management component may also be configured to, in response to determining that said permissions have not been modified, provide access to content in accordance with said license including said permissions.
12 Citations
19 Claims
-
1. A system comprising a memory and one or more processors coupled to the memory, wherein the memory comprises program instructions executable by the one or more processors to implement a digital rights management component configured to:
-
receive content comprising a plurality of portions of content, wherein the content is encrypted with a master decryption key; receive a license for the content, wherein the license comprises a user identifier that identifies a user requesting the content, an encrypted version of the master decryption key that is generated using a user-specific key that is derived by applying a cryptographic hash function to the user identifier, and a plurality of permissions each specific to a respective portion of the content, wherein each permission specifies one or more access privileges for its respective portion of the content, and wherein different ones of the plurality of permissions are specific to different portions of the content such that different access privileges are specified in the license for different portions of the content; receive a digital signature for the entire license such that all of the plurality of permissions of the license are signed together by the same digital signature; validate the digital signature to determine that the permissions have not been modified; and in response to determining that said permissions have not been modified, provide access to said content in accordance with said license including said permissions, wherein providing access to the content comprises applying the cryptographic hash function to the user identifier included in the license to generate the user-specific key, decrypting the encrypted version of the master decryption key using the user-specific key, and decrypting the content using the master decryption key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method, comprising:
-
receiving content comprising a plurality of portions of content, wherein the content is encrypted with a master decryption key; receiving a license for the content, wherein the license comprises a user identifier that identifies a user requesting the content, an encrypted version of the master decryption key that is generated using a user-specific key that is derived by applying a cryptographic hash function to the user identifier, and a plurality of permissions each specific to a respective portion of the content, wherein each permission specifies one or more access privileges for its respective portion of the content, and wherein different ones of the plurality of permissions are specific to different portions of the content such that different access privileges are specified in the license for different portions of the content; receiving a digital signature for the entire license such that all of the plurality of permissions of the license are signed together by the same digital signature; validating the digital signature to determine that the permissions have not been modified; and in response to determining that said permissions have not been modified, providing access to said content in accordance with said license including said permissions, wherein providing access to the content comprises applying the cryptographic hash function to the user identifier included in the license to generate the user-specific key, decrypting the encrypted version of the master decryption key using the user-specific key, and decrypting the content using the master decryption key. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium, storing program instructions computer-executable to implement a digital rights management component configured to:
-
receive content comprising a plurality of portions of content, wherein the content is encrypted with a master decryption key; receive a license for the content, wherein the license comprises a user identifier that identifies a user requesting the content, an encrypted version of the master decryption key that is generated using a user-specific key that is derived by applying a cryptographic hash function to the user identifier, and a plurality of permissions each specific to a respective portion of the content, wherein each permission specifies one or more access privileges for the respective portion of its content, and wherein different ones of the plurality of permissions are specific to different portions of the content such that different access privileges are specified in the license for different portions of the content; receive a digital signature for the entire license such that all of the plurality of permissions of the license are signed together by the same digital signature; validate the digital signature to determine that the permissions have not been modified; and in response to determining that said permissions have not been modified, provide access to said content in accordance with said license including said permissions, wherein providing access to the content comprises applying the cryptographic hash function to the user identifier included in the license to generate the user-specific key, decrypting the encrypted version of the master decryption key using the user-specific key, and decrypting the content using the master decryption key. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer-implemented method, comprising:
-
executing instructions on a specific apparatus so that binary digital electronic signals representing content comprising a plurality of portions of content are received, wherein the content is encrypted with a master decryption key; executing instructions on said specific apparatus so that binary digital electronic signals representing a license for the content are received, wherein the license comprises a user identifier that identifies a user requesting the content, an encrypted version of the master decryption key that is generated using a user-specific key that is derived by applying a cryptographic hash function to the user identifier, and a plurality of permissions each specific to a respective portion of the content, wherein each permission specifies one or more access privileges for the respective portion of its content, and wherein different ones of the plurality of permissions are specific to different portions of the content such that different access privileges are specified in the license for different portions of the content; executing instructions on said specific apparatus so that binary digital electronic signals representing a digital signature for the entire license such that all of the plurality of permissions are signed together by the same digital signature are received; executing instructions on said specific apparatus to validate the digital signature to determine that the permissions have not been modified; and executing instructions on said specific apparatus to, in response to determining that said permissions have not been modified, provide access to said content in accordance with said license including said permissions, wherein providing access to the content comprises applying the cryptographic hash function to the user identifier included in the license to generate the user-specific key, decrypting the encrypted version of the master decryption key using the user-specific key, and decrypting the content using the master decryption key.
-
Specification