Provisioning a computing system for digital rights management
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving, using the computer, an attestation request from a digital rights management (DRM) partition associated with a computing device, the attestation request comprising;
information identifying the DRM partition;
information identifying the computing device;
information identifying an operating system associated with the computing device; and
information identifying a hypervisor associated with partitioning functionality of the computing device, including the DRM partition;
determining, using the computer, validity associated with the attestation request;
responsive to a valid determination, sending, using the computer, a private key to the DRM partition associated with the computing device, the private key associated with decrypting encrypted content, the sending comprising sending the private key through the hypervisor; and
provisioning, using the computer, encrypted DRM software to the DRM partition associated with the computing device, the encrypted DRM software configured to be decrypted using the private key, the provisioning comprising provisioning all associated executable DRM functionality within the DRM partition via the encrypted DRM software based, at least in part, on the private key sent through the hypervisor.
3 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for tamper-resistant storage.
70 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, using the computer, an attestation request from a digital rights management (DRM) partition associated with a computing device, the attestation request comprising; information identifying the DRM partition; information identifying the computing device; information identifying an operating system associated with the computing device; and information identifying a hypervisor associated with partitioning functionality of the computing device, including the DRM partition; determining, using the computer, validity associated with the attestation request; responsive to a valid determination, sending, using the computer, a private key to the DRM partition associated with the computing device, the private key associated with decrypting encrypted content, the sending comprising sending the private key through the hypervisor; and provisioning, using the computer, encrypted DRM software to the DRM partition associated with the computing device, the encrypted DRM software configured to be decrypted using the private key, the provisioning comprising provisioning all associated executable DRM functionality within the DRM partition via the encrypted DRM software based, at least in part, on the private key sent through the hypervisor. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more computer-readable storage memories comprising processor-executable instructions which, responsive to execution by at least one processor, are configured to:
-
receive an attestation request from a digital rights management (DRM) partition associated with a computing device, the attestation request comprising; information identifying the DRM partition; information identifying the computing device; information identifying an operating system associated with the computing device; and information identifying a hypervisor associated with partitioning functionality of the computing device, including the DRM partition; determine validity associated with the attestation request; responsive to a valid determination, send a private key to the DRM partition associated with the computing device at least by sending the private key through the hypervisor, the private key associated with decrypting encrypted content; and provision encrypted DRM software to the DRM partition associated with the computing device, the encrypted DRM software configured to be decrypted using the private key, the processor-executable instructions to provision the encrypted DRM software further configured to provision all associated executable DRM functionality within the DRM partition via the encrypted software based, at least in part, on the private key sent through the hypervisor. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A device comprising:
-
at least one processor; and one or more computer-readable storage memories comprising processor-executable instructions which, responsive to execution by the at least one processor, are configured to; receive an attestation request from a digital rights management (DRM) partition associated with a computing device, the attestation request comprising; information identifying the DRM partition; information identifying the computing device; information identifying an operating system associated with the computing device; and information identifying a hypervisor associated with partitioning functionality of the computing device, including the DRM partition; determine validity associated with the attestation request; responsive to a valid determination, send a private key to the DRM partition associated with the computing device at least by sending the private key through the hypervisor, the private key associated with decrypting encrypted content; and provision encrypted DRM software to the DRM partition associated with the computing device, the encrypted DRM software configured to be decrypted using the private key, the processor-instructions to provision the encrypted DRM software further configured to provision all associated executable DRM functionality within the DRM partition via the encrypted software based, at least in part, on the private key sent through the hypervisor. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification