Digital rights management system, devices, and methods for binding content to an intelligent storage device
First Claim
1. A storage device configured to generate a binding key for binding data stored in the storage device, said storage device comprising:
- a storage medium comprising a user area and a non-user area; and
a controller comprising a cryptographic module providing a secured memory separate from the storage medium, wherein the controller is configured to;
generate a unique identifier based on defect data associated with the storage medium, the unique identifier being uniquely associated with the storage medium;
store the unique identifier in the non-user area of the storage medium;
determine a first cryptographic key stored in the secured memory of the cryptographic module;
generate a binding key that binds content to the storage device based at least in part on the unique identifier and the first cryptographic key;
provide the binding key to a remote download server over a secure communication channel; and
receive content from the download server encrypted based in part on the binding key.
10 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to digital rights management (DRM) for content that may be downloaded and bound to a storage device. The storage device may be an intelligent storage device, such as a disk drive, or network attached storage. In addition, the storage device is capable of performing cryptographic operations and providing a root of trust. In one embodiment, the DRM employs a binding key, a content key, and an access key. The binding key binds the content to a specific storage and is based on a key that is concealed on the storage. However, the binding key is not stored on the storage with the content. The content key is a key that has been assigned to the content, for example, by a trusted third party. The access key is determined based on a cryptographic combination of the content key and the binding key. In one embodiment, the content is encrypted based on the access key and stored in encrypted form in the storage device.
-
Citations
17 Claims
-
1. A storage device configured to generate a binding key for binding data stored in the storage device, said storage device comprising:
-
a storage medium comprising a user area and a non-user area; and a controller comprising a cryptographic module providing a secured memory separate from the storage medium, wherein the controller is configured to; generate a unique identifier based on defect data associated with the storage medium, the unique identifier being uniquely associated with the storage medium; store the unique identifier in the non-user area of the storage medium; determine a first cryptographic key stored in the secured memory of the cryptographic module; generate a binding key that binds content to the storage device based at least in part on the unique identifier and the first cryptographic key; provide the binding key to a remote download server over a secure communication channel; and receive content from the download server encrypted based in part on the binding key. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A digital rights management system, said system comprising:
-
a content key server configured to provide a first cryptographic key for encrypting content; a storage device comprising a storage medium and a controller configured to generate a binding key based on defect data associated with the storage medium and the first cryptographic key; a download server configured to; provide encrypted content to the storage device; receive the binding key from the storage device; receive the first cryptographic key from the content key server; and encrypt the content based on at least the first cryptographic key and the binding key; and a media player configured to receive the binding key, the first cryptographic key, and the encrypted content from the storage device, and decrypt the encrypted content based on at least the first cryptographic key and the binding key. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of determining a key that binds data to a storage device, wherein said storage device comprises a controller, a cryptographic module with a memory, and a storage medium, said method comprising:
-
generating a unique identifier based on defect data associated with the storage device, the unique identifier being uniquely associated with a storage medium of the storage device; store the unique identifier in a non-user area of the storage medium; determining, by the cryptographic module, a first cryptographic key that is concealed in the storage device; generating, by the cryptographic module, a binding key that binds content to the storage device based at least in part on the unique identifier and the concealed first cryptographic key; and transmitting the binding key to a server that provides the data to the storage device. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification