Provisioning a computing system for digital rights management

US 9,147,052 B2
Filed: 02/20/2014
Issued: 09/29/2015
Est. Priority Date: 06/28/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, using the computer, an attestation request from a digital rights management (DRM) partition associated with a computing device, the attestation request comprising;

information identifying the DRM partition;

information identifying the computing device;

information identifying an operating system associated with the computing device; and

information identifying a hypervisor associated with partitioning functionality of the computing device, including the DRM partition;

determining, using the computer, validity associated with the attestation request;

responsive to a valid determination, sending, using the computer, a private key to the DRM partition associated with the computing device, the private key associated with decrypting encrypted content, the sending comprising sending the private key through the hypervisor; and

provisioning, using the computer, encrypted DRM software to the DRM partition associated with the computing device, the encrypted DRM software configured to be decrypted using the private key, the provisioning comprising provisioning all associated executable DRM functionality within the DRM partition via the encrypted DRM software based, at least in part, on the private key sent through the hypervisor.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for tamper-resistant storage.

70 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- receiving, using the computer, an attestation request from a digital rights management (DRM) partition associated with a computing device, the attestation request comprising;
  
  information identifying the DRM partition;
  
  information identifying the computing device;
  
  information identifying an operating system associated with the computing device; and
  
  information identifying a hypervisor associated with partitioning functionality of the computing device, including the DRM partition;
  
  determining, using the computer, validity associated with the attestation request;
  
  responsive to a valid determination, sending, using the computer, a private key to the DRM partition associated with the computing device, the private key associated with decrypting encrypted content, the sending comprising sending the private key through the hypervisor; and
  
  provisioning, using the computer, encrypted DRM software to the DRM partition associated with the computing device, the encrypted DRM software configured to be decrypted using the private key, the provisioning comprising provisioning all associated executable DRM functionality within the DRM partition via the encrypted DRM software based, at least in part, on the private key sent through the hypervisor.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein the encrypted DRM software is unique to the computing device.
  - 3. The computer-implemented method of claim 1, wherein determining validity of the attestation request further comprises utilizing a revocation list.
  - 4. The computer-implemented method of claim 1, wherein the encrypted DRM software comprises executable software configured to:
    - acquire at least one license associated with DRM-protected content;
      
      manage the at least one license; and
      
      enforce access to the DRM-protected content based, at least in part, on the at least one license.
  - 5. The computer-implemented method of claim 4, wherein the encrypted DRM software is configured to only decrypt and execute in the DRM partition associated with the computing device.
  - 6. The computer-implemented method of claim 1 further comprising:
    - receiving, using the computer, an indication that a particular version of code on the computing device has been compromised; and
      
      enabling, using the computer, the computing device to download a newer version of the code that has been identified as trusted.
  - 7. The computer-implemented method of claim 1, wherein determining validity associated with the attestation request comprises at least one of:
    - determining the DRM partition as a valid partition;
      
      ordetermining the computing device as a valid computing device.

8. One or more computer-readable storage memories comprising processor-executable instructions which, responsive to execution by at least one processor, are configured to:
- receive an attestation request from a digital rights management (DRM) partition associated with a computing device, the attestation request comprising;
  
  information identifying the DRM partition;
  
  information identifying the computing device;
  
  information identifying an operating system associated with the computing device; and
  
  information identifying a hypervisor associated with partitioning functionality of the computing device, including the DRM partition;
  
  determine validity associated with the attestation request;
  
  responsive to a valid determination, send a private key to the DRM partition associated with the computing device at least by sending the private key through the hypervisor, the private key associated with decrypting encrypted content; and
  
  provision encrypted DRM software to the DRM partition associated with the computing device, the encrypted DRM software configured to be decrypted using the private key, the processor-executable instructions to provision the encrypted DRM software further configured to provision all associated executable DRM functionality within the DRM partition via the encrypted software based, at least in part, on the private key sent through the hypervisor.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The one or more computer-readable storage memories of claim 8, wherein the encrypted DRM software comprises functionality associated with protecting transfer of content between devices.
  - 10. The one or more computer-readable storage memories of claim 8, wherein the processor-executable instructions to determine validity associated with the attestation request are further configured to utilize a revocation list.
  - 11. The one or more computer-readable storage memories of claim 8, wherein the encrypted DRM software comprises executable software configured to:
    - acquire at least one license associated with DRM-protected content;
      
      manage the at least one license; and
      
      enforce access to the DRM-protected content based, at least in part, on the at least one license.
  - 12. The one or more computer-readable storage memories of claim 11, wherein the encrypted DRM software is configured to only decrypt and execute in the DRM partition associated with the computing device.
  - 13. The one or more computer-readable storage memories of claim 8 further comprising processor-executable instructions configured to:
    - receive an indication that a particular version of code on the computing device has been compromised; and
      
      enable the computing device to download a newer version of the code that has been identified as trusted.
  - 14. The one or more computer-readable storage memories of claim 8, wherein the processor-executable instructions to determine validity associated with the attestation request are further configured to at least:
    - determine the DRM partition as a valid partition;
      
      ordetermine the computing device as a valid computing device.

15. A device comprising:
- at least one processor; and
  
  one or more computer-readable storage memories comprising processor-executable instructions which, responsive to execution by the at least one processor, are configured to;
  
  receive an attestation request from a digital rights management (DRM) partition associated with a computing device, the attestation request comprising;
  
  information identifying the DRM partition;
  
  information identifying the computing device;
  
  information identifying an operating system associated with the computing device; and
  
  information identifying a hypervisor associated with partitioning functionality of the computing device, including the DRM partition;
  
  determine validity associated with the attestation request;
  
  responsive to a valid determination, send a private key to the DRM partition associated with the computing device at least by sending the private key through the hypervisor, the private key associated with decrypting encrypted content; and
  
  provision encrypted DRM software to the DRM partition associated with the computing device, the encrypted DRM software configured to be decrypted using the private key, the processor-instructions to provision the encrypted DRM software further configured to provision all associated executable DRM functionality within the DRM partition via the encrypted software based, at least in part, on the private key sent through the hypervisor.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The device of claim 15, wherein the encrypted DRM software comprises encrypted DRM software unique to the computing device.
  - 17. The device of claim 15, wherein the processor-executable instructions to determine validity associated with the attestation request are further configured to utilize a revocation list.
  - 18. The one or more computer-readable storage memories of claim 15, wherein the encrypted DRM software comprises executable software configured to:
    - acquire at least one license associated with DRM-protected content;
      
      manage the at least one license; and
      
      enforce access to the DRM-protected content based, at least in part, on the at least one license.
  - 19. The device of claim 18, wherein the encrypted DRM software is configured to only decrypt and execute in the DRM partition associated with the computing device.
  - 20. The one or more computer-readable storage memories of claim 15 further comprising processor-executable instructions configured to:
    - receive an indication that a particular version of code on the computing device has been compromised; and
      
      enable the computing device to download a newer version of the code that has been identified as trusted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Alkove, James M., Grigorovitch, Alexandre V., Barde, Sumedh N., Schnell, Patrik
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
KANAAN, SIMON P

Application Number

US14/185,775
Publication Number

US 20140173750A1
Time in Patent Office

586 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/121   Restricting unauthorised ex...

G06F 21/6209   to a single file or object,...

G06F 21/74   operating in dual or compar...

Provisioning a computing system for digital rights management

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Provisioning a computing system for digital rights management

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links