System and method for parts-based digital rights management

US 9,112,862 B2
Filed: 02/02/2009
Issued: 08/18/2015
Est. Priority Date: 02/02/2009
Status: Active Grant

First Claim

Patent Images

1. A system comprising a memory and one or more processors coupled to the memory, wherein the memory comprises program instructions executable by the one or more processors to implement a digital rights management component configured to:

receive content comprising a plurality of portions of content, wherein the content is encrypted with a master decryption key;

receive a license for the content, wherein the license comprisesa user identifier that identifies a user requesting the content,an encrypted version of the master decryption key that is generated using a user-specific key that is derived by applying a cryptographic hash function to the user identifier, anda plurality of permissions each specific to a respective portion of the content, wherein each permission specifies one or more access privileges for its respective portion of the content, and wherein different ones of the plurality of permissions are specific to different portions of the content such that different access privileges are specified in the license for different portions of the content;

receive a digital signature for the entire license such that all of the plurality of permissions of the license are signed together by the same digital signature;

validate the digital signature to determine that the permissions have not been modified; and

in response to determining that said permissions have not been modified, provide access to said content in accordance with said license including said permissions, wherein providing access to the content comprisesapplying the cryptographic hash function to the user identifier included in the license to generate the user-specific key,decrypting the encrypted version of the master decryption key using the user-specific key, anddecrypting the content using the master decryption key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of a system and method for parts-based digital rights management are described. Various embodiments may include a digital rights management component configured to receive content comprising a plurality of portions of content. The digital rights management component may also receive a license for the encrypted content; the license may include a plurality of permissions each specific to a respective portion of the content. Additionally, each permission may specify one or more access privileges for the respective portion of the content. The digital rights management component may receive a digital signature for the entire license. The digital rights management component may validate the digital signature to determine that the permissions have not been modified. The digital rights management component may also be configured to, in response to determining that said permissions have not been modified, provide access to content in accordance with said license including said permissions.

12 Citations

19 Claims

1. A system comprising a memory and one or more processors coupled to the memory, wherein the memory comprises program instructions executable by the one or more processors to implement a digital rights management component configured to:
- receive content comprising a plurality of portions of content, wherein the content is encrypted with a master decryption key;
  
  receive a license for the content, wherein the license comprisesa user identifier that identifies a user requesting the content,an encrypted version of the master decryption key that is generated using a user-specific key that is derived by applying a cryptographic hash function to the user identifier, anda plurality of permissions each specific to a respective portion of the content, wherein each permission specifies one or more access privileges for its respective portion of the content, and wherein different ones of the plurality of permissions are specific to different portions of the content such that different access privileges are specified in the license for different portions of the content;
  
  receive a digital signature for the entire license such that all of the plurality of permissions of the license are signed together by the same digital signature;
  
  validate the digital signature to determine that the permissions have not been modified; and
  
  in response to determining that said permissions have not been modified, provide access to said content in accordance with said license including said permissions, wherein providing access to the content comprisesapplying the cryptographic hash function to the user identifier included in the license to generate the user-specific key,decrypting the encrypted version of the master decryption key using the user-specific key, anddecrypting the content using the master decryption key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein one or more of said access privileges specifies one or more operations permitted to be performed on the respective portion of the content, said one or more operations comprising one or more of:
    - accessing data, copying data, printing data, and transferring data to a device.
  - 3. The system of claim 1, wherein the digital rights management component is further configured to:
    - generate a respective decryption key for each particular portion of encrypted content based on said master decryption key; and
      
      decrypt each portion of the content with the respective decryption key that corresponds to that portion of the content.
  - 4. The system of claim 1, wherein to decrypt said master decryption key, the digital rights management component is configured to:
    - perform a key derivation function on said user identifier to generate an intermediate key; and
      
      decrypt said master decryption key with a symmetrical decryption function, wherein said intermediate key is utilized as a decryption key for said symmetrical decryption algorithm.
  - 5. The system of claim 1, wherein to determine that said digital signature is valid, the digital rights management component is configured to:
    - decrypt the digital signature with a public key to determine a first result;
      
      perform a second cryptographic hash function on said license to determine a second result; and
      
      determine that said first result is equivalent to said second result.
  - 6. The system of claim 5, wherein said public key corresponds to a private key previously utilized to generate said digital signature.

7. A computer-implemented method, comprising:
- receiving content comprising a plurality of portions of content, wherein the content is encrypted with a master decryption key;
  
  receiving a license for the content, wherein the license comprisesa user identifier that identifies a user requesting the content,an encrypted version of the master decryption key that is generated using a user-specific key that is derived by applying a cryptographic hash function to the user identifier, anda plurality of permissions each specific to a respective portion of the content, wherein each permission specifies one or more access privileges for its respective portion of the content, and wherein different ones of the plurality of permissions are specific to different portions of the content such that different access privileges are specified in the license for different portions of the content;
  
  receiving a digital signature for the entire license such that all of the plurality of permissions of the license are signed together by the same digital signature;
  
  validating the digital signature to determine that the permissions have not been modified; and
  
  in response to determining that said permissions have not been modified, providing access to said content in accordance with said license including said permissions, wherein providing access to the content comprisesapplying the cryptographic hash function to the user identifier included in the license to generate the user-specific key,decrypting the encrypted version of the master decryption key using the user-specific key, anddecrypting the content using the master decryption key.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein one or more of said access privileges specifies one or more operations permitted to be performed on the respective portion of the content, said one or more operations comprising one or more of:
    - accessing data, copying data, printing data, and transferring data to a device.
  - 9. The method of claim 7, wherein the method further comprises:
    - generating a respective decryption key for each particular portion of encrypted content based on said master decryption key; and
      
      decrypting each portion of the content with the respective decryption key that corresponds to that portion of the content.
  - 10. The method of claim 7, wherein to decrypt said master decryption key, the method comprises:
    - performing a key derivation function on said user identifier to generate an intermediate key; and
      
      decrypting said master decryption key with a symmetrical decryption function, wherein said intermediate key is utilized as a decryption key for said symmetrical decryption algorithm.
  - 11. The method of claim 7, wherein to determine that said digital signature is valid, the method comprises:
    - decrypting the digital signature with a public key to determine a first result;
      
      performing a second cryptographic hash function on said license to determine a second result; and
      
      determining that said first result is equivalent to said second result.
  - 12. The method of claim 11, wherein said public key corresponds to a private key previously utilized to generate said digital signature.

13. A non-transitory computer-readable storage medium, storing program instructions computer-executable to implement a digital rights management component configured to:
- receive content comprising a plurality of portions of content, wherein the content is encrypted with a master decryption key;
  
  receive a license for the content, wherein the license comprisesa user identifier that identifies a user requesting the content,an encrypted version of the master decryption key that is generated using a user-specific key that is derived by applying a cryptographic hash function to the user identifier, anda plurality of permissions each specific to a respective portion of the content, wherein each permission specifies one or more access privileges for the respective portion of its content, and wherein different ones of the plurality of permissions are specific to different portions of the content such that different access privileges are specified in the license for different portions of the content;
  
  receive a digital signature for the entire license such that all of the plurality of permissions of the license are signed together by the same digital signature;
  
  validate the digital signature to determine that the permissions have not been modified; and
  
  in response to determining that said permissions have not been modified, provide access to said content in accordance with said license including said permissions, wherein providing access to the content comprisesapplying the cryptographic hash function to the user identifier included in the license to generate the user-specific key,decrypting the encrypted version of the master decryption key using the user-specific key, anddecrypting the content using the master decryption key.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The medium of claim 13, wherein one or more of said access privileges specifies one or more operations permitted to be performed on the respective portion of the content, said one or more operations comprising one or more of:
    - accessing data, copying data, printing data, and transferring data to a device.
  - 15. The medium of claim 13, wherein the digital rights management component is further configured to:
    - generate a respective decryption key for each particular portion of encrypted content based on said master decryption key; and
      
      decrypt each portion of the content with the respective decryption key that corresponds to that portion of the content.
  - 16. The medium of claim 13, wherein to decrypt said master decryption key, the digital rights management component is configured to:
    - perform a key derivation function on said user identifier to generate an intermediate key; and
      
      decrypt said master decryption key with a symmetrical decryption function, wherein said intermediate key is utilized as a decryption key for said symmetrical decryption algorithm.
  - 17. The medium of claim 13, wherein to determine that said digital signature is valid, the digital rights management component is configured to:
    - decrypt the digital signature with a public key to determine a first result;
      
      perform a second cryptographic hash function on said license to determine a second result; and
      
      determine that said first result is equivalent to said second result.
  - 18. The medium of claim 17, wherein said public key corresponds to a private key previously utilized to generate said digital signature.

19. A computer-implemented method, comprising:
- executing instructions on a specific apparatus so that binary digital electronic signals representing content comprising a plurality of portions of content are received, wherein the content is encrypted with a master decryption key;
  
  executing instructions on said specific apparatus so that binary digital electronic signals representing a license for the content are received,wherein the license comprisesa user identifier that identifies a user requesting the content,an encrypted version of the master decryption key that is generated using a user-specific key that is derived by applying a cryptographic hash function to the user identifier, anda plurality of permissions each specific to a respective portion of the content, wherein each permission specifies one or more access privileges for the respective portion of its content, and wherein different ones of the plurality of permissions are specific to different portions of the content such that different access privileges are specified in the license for different portions of the content;
  
  executing instructions on said specific apparatus so that binary digital electronic signals representing a digital signature for the entire license such that all of the plurality of permissions are signed together by the same digital signature are received;
  
  executing instructions on said specific apparatus to validate the digital signature to determine that the permissions have not been modified; and
  
  executing instructions on said specific apparatus to, in response to determining that said permissions have not been modified, provide access to said content in accordance with said license including said permissions, wherein providing access to the content comprisesapplying the cryptographic hash function to the user identifier included in the license to generate the user-specific key,decrypting the encrypted version of the master decryption key using the user-specific key, anddecrypting the content using the master decryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Sorotokin, Peter, Lester, James L.
Primary Examiner(s)
Kyle, Tamara T

Application Number

US12/364,468
Publication Number

US 20130124868A1
Time in Patent Office

2,388 Days
Field of Search

726/27
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06Q 10/06   Resources, workflows, human...

G06Q 2220/18   Licensing

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04N 21/4627   Rights management associate...

System and method for parts-based digital rights management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for parts-based digital rights management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links