×

Client-side encryption with DRM

  • US 9,129,095 B1
  • Filed: 12/19/2014
  • Issued: 09/08/2015
  • Est. Priority Date: 12/19/2014
  • Status: Active Grant
First Claim
Patent Images

1. An apparatus operative in association with a group key service, and a digital rights management (DRM) service having a DRM license server, the apparatus being distinct from the group key service and the DRM service, comprising:

  • one or more hardware processors;

    computer memory storing computer program instructions executed by the hardware processors;

    to receive and store an encrypted DRM-protected object, the encrypted DRM-protected object having been generated at a first computing entity distinct from the apparatus, the group key service and the DRM service by (i) associating together (a) a result of encrypting an object with a DRM key, and (b) a result of encrypting the DRM key and a DRM license with a public key of the DRM license server, to produce a DRM-protected object, and (ii) encrypting the DRM-protected object so produced with a group key, the group key having been obtained at the first computing entity according to a distributed group key agreement protocol managed by the group key service and enforced by a set of computing entities that include the first computing entity but not the apparatus that receives and stores the encrypted DRM-protected object, wherein the group key and the encrypted DRM-protected object are unavailable to the DRM license server, and wherein the group key in a clear form is unavailable to the group key service;

    to receive and store an access control that is set on the encrypted DRM-protected object;

    to use the access control, in response to receipt of a request from a second computing entity that is a member of the set of computing entities, to determine whether access to the encrypted DRM-protected object and thus the object by the second computing entity is permitted; and

    to provide the encrypted DRM-protected object to the second computing entity when access to the encrypted DRM-protected object and the object by the second computing entity is permitted as determined by the access control, the object being recoverable by the second computing entity using the group key to decrypt the encrypted DRM-protected object, and a DRM operation with the DRM license server to recover the object for subsequent use according to the DRM license.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×