Systems, methods and apparatuses for the secure transmission and restricted use of media content

US 9,185,094 B2
Filed: 02/28/2013
Issued: 11/10/2015
Est. Priority Date: 03/01/2012
Status: Active Grant

First Claim

Patent Images

1. A method for distributing media content for restricted use, comprising:

receiving a request for the media content from a user device, the request comprising a content identifier identifying the media content, a user identifier identifying a user requesting the media content, a display device identifier identifying a display device coupled to the user device, a nonce and a requested time period for the media content;

determining that the user is authorized to receive the media content;

generating a first time duration restriction associated with the user and the media content, the first time duration restriction being generated based on the requested time period to represent a rental period of the media content to the display device;

generating, on a media distribution center, an association encryption envelope to hold the nonce and the first time duration restriction, wherein the association encryption envelope includes a symmetric key to encrypt the media content and the symmetric key is associated with a combination of the user identifier and the content identifier, and wherein the association encryption envelope further includes parameters regarding a maximum permissible error drift which, when approached, prompts the display device to seek a forced association;

encrypting the media content; and

transmitting the encrypted media content and the association encryption envelope to the user device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The systems, methods and apparatuses described herein permit encrypted media content to be displayed by an apparatus for a restricted time period. The apparatus may comprise a communication interface configured to couple to a controlling device to transmit a first nonce and to receive the encrypted media content and an association encryption envelope. The association encryption envelope may comprise at least a second nonce and a first time restriction expressed as a first time interval. The apparatus may further comprise a counter, a storage configured to store a value of the counter representing a time of when the first nonce is transmitted, and an engine configured to perform operations according to the first time restriction.

112 Citations

42 Claims

1. A method for distributing media content for restricted use, comprising:
- receiving a request for the media content from a user device, the request comprising a content identifier identifying the media content, a user identifier identifying a user requesting the media content, a display device identifier identifying a display device coupled to the user device, a nonce and a requested time period for the media content;
  
  determining that the user is authorized to receive the media content;
  
  generating a first time duration restriction associated with the user and the media content, the first time duration restriction being generated based on the requested time period to represent a rental period of the media content to the display device;
  
  generating, on a media distribution center, an association encryption envelope to hold the nonce and the first time duration restriction, wherein the association encryption envelope includes a symmetric key to encrypt the media content and the symmetric key is associated with a combination of the user identifier and the content identifier, and wherein the association encryption envelope further includes parameters regarding a maximum permissible error drift which, when approached, prompts the display device to seek a forced association;
  
  encrypting the media content; and
  
  transmitting the encrypted media content and the association encryption envelope to the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - storing a second time duration restriction associated with the user and the media content, the second time duration restriction being generated based on the requested time period;
      
      searching a database to locate a public key associated with the display device; and
      
      encrypting the association encryption envelope with the public key before transmitting the association encryption envelope to the user device.
  - 3. The method of claim 2, further comprising verifying a signature attached to the request is signed by the display device, wherein the signature is verified using the public key associated with the display device.
  - 4. The method of claim 2, wherein the user identifier identifying the user requesting the media content identifies a user account associated with the user.
  - 5. The method of claim 2, wherein determining that the user is authorized to receive the media content includes determining the user has appropriate privileges to access the media content.
  - 6. The method of claim 5, wherein the appropriate privileges include a parental control privilege.
  - 7. The method of claim 2, wherein the first time duration restriction is calculated based on a time zone of the user device and expressed as an interval of time, and wherein the stored second time duration restriction is stored in real-world time.
  - 8. The method of claim 2, wherein the stored second time duration restriction includes a start time and a duration, or a start time and an end time.
  - 9. The method of claim 2, further comprising receiving a dissociation request from the user device to dissociate the media content from the display device.
  - 10. The method of claim 2, further comprising receiving a temporary association request to associate the media content with another display device for a short time period that satisfies the second time duration restriction.
  - 11. The method of claim 2, wherein the request for the media content is a request for a renewable time-limited license for the media content.
  - 12. The method of claim 11, wherein the association encryption envelope includes an indication that the association is renewable and the media content is associated with only one display device for the user at any time.

13. A method for requesting media content for restricted use, comprising:
- receiving user input indicating a desire for the media content;
  
  generating a request for the media content, the request comprising a content identifier identifying the media content, a user identifier identifying a user requesting the media content, a display device identifier identifying a display device coupled to the user device, a nonce received from the display device and a requested time period for the media content;
  
  transmitting the request to a media distribution center;
  
  receiving an association encryption envelope for the requested media content from the media distribution center, the association encryption envelope containing a time duration restriction representing a rental period of the requested media content to the display device, wherein the association encryption envelope is generated on the media distribution center and includes a symmetric key to encrypt the media content, and wherein the symmetric key is associated with a combination of the user identifier and the content identifier and wherein the association encryption envelope further includes parameters regarding a maximum permissible error drift which, when approached, prompts the display device to seek a forced association; and
  
  forwarding the received association encryption envelope to the display device.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, further comprising sending the request to the display device for the request to be digitally signed by the display device with a digital signature, wherein the request transmitted to the media distribution center is accompanied by the digital signature.
  - 15. The method of claim 14, wherein signing the request is restricted by a pre-defined rate within a certain time period.
  - 16. The method of claim 13, further comprising receiving user input to dissociate the media content from the display device and sending a request to the media distribution center to dissociate the media content from the display device.
  - 17. The method of claim 16, wherein the request to dissociate the media content from the display device is accompanied by a request to associate the media content with another display device.
  - 18. The method of claim 13, further comprising receiving the media content in an encrypted format from the media distribution center and forward the media content to the display device in the encrypted format.
  - 19. The method of claim 18, further comprising controlling the display device to display the media content on the display device according to the time duration restriction.

20. A method for receiving time restrictions on a device, comprising:
- transmitting to a controlling device a first nonce;
  
  storing a counter value of a counter representing a time of when the first nonce is transmitted;
  
  receiving, from the controlling device, an association encryption envelope comprising at least a second nonce and a first time restriction expressed as a first time interval from the time when the first nonce is transmitted until an end time, wherein the association encryption envelope includes a symmetric key to encrypt a media content and the symmetric key is associated with a combination of a user identifier and a content identifier;
  
  performing operations on an encrypted media content in conformance to the first time restriction; and
  
  determining time intervals at which the display device seeks forced associations to stay within a drift requirement of a media distribution center for authorized media playback.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The method of claim 20, wherein the first nonce and the second nonce are the same.
  - 22. The method of claim 20, wherein the operations include decryption, decoding and displaying the encrypted media content received from the controlling device.
  - 23. The method of claim 22, wherein the association encryption envelope contains a symmetric key used for encryption of the encrypted media content.
  - 24. The method of claim 20, wherein the controlling device is a smartphone, desktop computer, a laptop, or a set-top box and the display device is a television set or a monitor.
  - 25. The method of claim 20, wherein the associated encryption envelope is encrypted using a public key of the display device before being sent to the display device and decrypted using a private key of the display device after being received at the display device.
  - 26. The method of claim 20, further comprising sending new association requests from time to time to obtain a second time restriction expressed as a second time interval.
  - 27. The method of claim 20, wherein the drift requirement is provided in the association encryption envelope or is a previously-agreed upon value.

28. A media distribution server, comprising:
- a communication interface configured to receive a request for media content from a user device, wherein the request comprises a content identifier identifying the media content, a user identifier identifying a user requesting the media content, a display device identifier identifying a display device coupled to the user device, a nonce and a requested time period for the media content;
  
  a media content storage storing the media content; and
  
  a crypto engine coupled to the communication interface and the media content storage, the crypto engine configured to;
  
  obtain a symmetric key associated with the user and media content;
  
  retrieve the requested media content from the media content storage;
  
  encrypt the media content retrieved from the media content storage using the symmetric key when the user is authorized to receive the media content;
  
  generate a first time duration restriction associated with the user and the media content, the first time duration restriction being generated based on the requested time period to represent a rental period of the media content to the display device;
  
  generate an association encryption envelope to hold the symmetric key, the first time duration restriction and the nonce, wherein the symmetric key is associated with a combination of the user identifier and the content identifier, and wherein the association encryption envelope further includes parameters regarding a maximum permissible error drift which, when approached, prompts the display device to seek a forced association;
  
  obtain a public key associated with the display device;
  
  encrypt the association encryption envelope with the public key; and
  
  transmit the encrypted media content and the association encryption envelope to the user device via the communication interface.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The media distribution server of claim 28, wherein the crypto engine is further configured to verify a signature attached to the request is signed by the display device, wherein the signature is verified using the public key associated with the display device.
  - 30. The media distribution server of claim 29, wherein the first time duration restriction is calculated based on a time zone of the user device and expressed as an interval of time, and wherein the crypto engine is further configured to store a second time duration restriction associated with the user and the media content, the second time duration restriction being generated based on the requested time period and stored in real-world time.
  - 31. The media distribution server of claim 29, wherein the request for the media content is a request for a renewable time-limited license for the media content.
  - 32. The media distribution server of claim 31, wherein the association encryption envelope includes an indication that the association is renewable and the media content is associated with only one display device for the user at any time.

33. An apparatus, comprising:
- a user input device to receive user input indicating a desire for media content;
  
  a computer processor configured to generate a request for the media content, the request comprising a content identifier identifying the media content, a user identifier identifying a user requesting the media content, a display device identifier identifying a display device coupled to the apparatus, a nonce received from the display device and a requested time period for the media content; and
  
  a communication interface configured to;
  
  transmit the request to a media distribution center;
  
  receive an association encryption envelope for the requested media content from the media distribution center, the association encryption envelope containing a time duration restriction representing a rental period of the requested media content to the display device, wherein the association encryption envelope is generated on the media distribution center and includes a symmetric key to encrypt the media content, and wherein the symmetric key is associated with a combination of the user identifier and the content identifier, and wherein the association encryption envelope further includes parameters regarding a maximum permissible error drift which, when approached, prompts the display device to seek a forced association; and
  
  forward the received association encryption envelope to the display device.
- View Dependent Claims (34, 35, 36)
- - 34. The apparatus of claim 33, wherein the computer processor is further configured to send the request to the display device for the request to be digitally signed by the display device with a digital signature, wherein the request transmitted to the media distribution center is accompanied by the digital signature.
  - 35. The apparatus of claim 33, wherein the computer processor is further configured to receive the media content in an encrypted format from the media distribution center and forward the media content to the display device in the encrypted format.
  - 36. The apparatus of claim 33, wherein the computer processor is further configured to control the display device to display the media content on the display device according to the time duration restriction.

37. An apparatus, comprising:
- a communication interface configured to couple to a controlling device to transmit a first nonce and to receive an association encryption envelope, the association encryption envelope comprising at least a second nonce and a first time restriction expressed as a first time interval, wherein the symmetric key is associated with a combination of a user identifier and a content identifier;
  
  a counter;
  
  a storage configured to store a value of the counter representing a time of when the first nonce is transmitted; and
  
  an engine configured to perform operations on an encrypted media content according to the first time restriction and determine time intervals at which the apparatus seeks forced associations to stay within a drift requirement of a media distribution center for authorized media playback.
- View Dependent Claims (38, 39, 40, 41, 42)
- - 38. The apparatus of claim 37, wherein the first nonce and the second nonce are the same.
  - 39. The apparatus of claim 38, wherein the engine is a crypto engine and the operations include decryption, decoding and displaying the encrypted media content received from the controlling device.
  - 40. The apparatus of claim 39, wherein the association encryption envelope contains a symmetric key used for encryption of the encrypted media content.
  - 41. The apparatus of claim 37, wherein the controlling device is a smartphone, desktop computer, a laptop, or a set-top box and the apparatus is a television set or a monitor.
  - 42. The apparatus of claim 37, wherein the associated encryption envelope is encrypted using a public key of the apparatus before being sent to the apparatus and decrypted using a private key of the apparatus after being received at the apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OLogN Technologies AG
Original Assignee
OLogN Technologies AG
Inventors
Ivanchykhin, Dmytro, Ignatchenko, Sergey
Primary Examiner(s)
Rashid, Harunur
Assistant Examiner(s)
STEINLE, ANDREW J

Application Number

US13/780,288
Publication Number

US 20130230171A1
Time in Patent Office

985 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/108   when the policy decisions a...

H04L 63/126   the source of the received ...

H04L 9/08   Key distribution or managem...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04N 21/2347   involving video stream encr...

H04N 21/25816   involving client authentica...

H04N 21/4108   characterised by an identif...

H04N 21/4122   additional display device, ...

H04N 21/6334   for authorisation, e.g. by ...

H04N 21/835   Generation of protective da...

Y04S 40/20   Information technology spec...

Systems, methods and apparatuses for the secure transmission and restricted use of media content

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

112 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods and apparatuses for the secure transmission and restricted use of media content

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links