Securing media content using interchangeable encryption key

US 9,277,295 B2
Filed: 06/16/2006
Issued: 03/01/2016
Est. Priority Date: 06/16/2006
Status: Active Grant

First Claim

Patent Images

1. A method for securing media content comprising:

maintaining, by a server, a group key, wherein the group key is used to encrypt and decrypt content on at least one digital media recording device located remotely from the server;

associating, by the server, digital media recording devices with a customer account;

associating, by the server, the maintained group key to the associated customer account;

associating, by the server, a group record with the associated maintained group key;

associating, by the server, the associated group record with the customer account;

adding, by the server, a first digital media recording device to the associated group record with the maintained group key on the server, wherein adding the first media recording device comprises;

receiving, by the server, a request to add the first digital media device to the group record associated with the customer account;

receiving, by the server, an identification of the first digital media device and an identification of the group record;

creating, by the server, an entry for a record for the first digital media device in the received identified group record;

generating, by the server, a device record for the first digital media device using the created entry;

encrypting, by the server, the maintained group key with a public key of the first digital media recording device, wherein the public key is associated with a private device key of the first digital media recording device; and

signing, by the server, the encrypted maintained group key;

generating, by the server, a group key entitlement management message (EMM), wherein the EMM comprises private conditional access information about authority of the first digital recording media device to receive service; and

transmitting, by the server, the generated EMM to secure microprocessor of the first digital media recording device at a memory location on the secure microprocessor which cannot be accessed from outside of the secure microprocessor.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment of a system for securing media content includes a digital media device comprising a memory associated with a secure element. The memory contains a private key and storage for at least one group key. The private key is used to decrypt transmissions from a remote access control system that are encrypted by a corresponding public key. The digital media device further comprises logic configured to respond to a first message received from the remote access control system encrypted by the public key and including a first group key, the logic responding to the first message by decrypting the first group key and storing the first group key in the memory of the secure element. The digital media device further comprises logic configured to decrypt a content key with the first group key. The content key is used to encrypt media content stored on a medium accessible by the digital media device.

254 Citations

19 Claims

1. A method for securing media content comprising:
- maintaining, by a server, a group key, wherein the group key is used to encrypt and decrypt content on at least one digital media recording device located remotely from the server;
  
  associating, by the server, digital media recording devices with a customer account;
  
  associating, by the server, the maintained group key to the associated customer account;
  
  associating, by the server, a group record with the associated maintained group key;
  
  associating, by the server, the associated group record with the customer account;
  
  adding, by the server, a first digital media recording device to the associated group record with the maintained group key on the server, wherein adding the first media recording device comprises;
  
  receiving, by the server, a request to add the first digital media device to the group record associated with the customer account;
  
  receiving, by the server, an identification of the first digital media device and an identification of the group record;
  
  creating, by the server, an entry for a record for the first digital media device in the received identified group record;
  
  generating, by the server, a device record for the first digital media device using the created entry;
  
  encrypting, by the server, the maintained group key with a public key of the first digital media recording device, wherein the public key is associated with a private device key of the first digital media recording device; and
  
  signing, by the server, the encrypted maintained group key;
  
  generating, by the server, a group key entitlement management message (EMM), wherein the EMM comprises private conditional access information about authority of the first digital recording media device to receive service; and
  
  transmitting, by the server, the generated EMM to secure microprocessor of the first digital media recording device at a memory location on the secure microprocessor which cannot be accessed from outside of the secure microprocessor.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - encrypting media content recorded by the first digital media recording device using a content key generated by the first digital media recording device;
      
      encrypting the content key using the group key; and
      
      storing the encrypted media content and the encrypted content key on a first storage device associated with the first digital media recording device.
  - 3. The method of claim 2, further comprising:
    - transmitting the EMM from the server to a second digital media recording device having a common media authorization to the first digital recording device; and
      
      storing the EMM within memory associated with the second digital media recording device.
  - 4. The method of claim 3, further comprising:
    - connecting the first storage device having the encrypted media content and the encrypted content key to the second digital recording device;
      
      decrypting the encrypted content key using the group key stored within the memory associated with the second device to obtain the content key; and
      
      decrypting the encrypted media content using the content key.
  - 5. The method of claim 1, wherein maintaining the group key comprises maintaining the group key for the plurality of digital media recording devices, the plurality of digital media recording devices located at a user premises.
  - 6. The method of claim 1, wherein receiving, by the server, the request to add the first digital media device to the group record comprises receiving the request from a billing system associated with a service provided to the customer.
  - 7. The method of claim 1, wherein receiving, by the server, the request to add the first digital media device to the group record comprises receiving the request to add a digital video recorder (DVR) to the group record.

8. A system for securing media content comprising:
- a processor, anda memory coupled to the processor storing instructions that when executed by the processor causes the processor to perform a method comprising;
  
  maintaining a group key, wherein the group key is used to encrypt and decrypt content on at least one digital media recording device located remotely from the server;
  
  associating digital media recording devices with a customer account;
  
  associating the maintained group key to the associated customer account;
  
  associating a group record with the associated maintained group key;
  
  associating the associated group record with the customer account;
  
  adding a first digital media recording device to the associated group record with the maintained group key on the server, wherein adding the first media recording device comprises;
  
  receiving a request to add the first digital media device to the group record associated with the customer account;
  
  receiving an identification of the first digital media device and an identification of the group record;
  
  creating an entry for a record for the first digital media device in the received identified group record;
  
  generating a device record for the first digital media device using the created entry;
  
  encrypting the maintained group key with a public key of the first digital media recording device, wherein the public key is associated with a private device key of the first digital media recording device; and
  
  signing the encrypted maintained group key;
  
  generating a group key entitlement management message (EMM), wherein the EMM comprises private conditional access information about the authority of the first digital recording media device to receive service; and
  
  transmitting the generated EMM to a secure microprocessor of the first digital media recording device at a memory location on the secure microprocessor which cannot be accessed from outside of the secure microprocessor.

9. A system for securing media content comprising:
- a first digital media recording device;
  
  a server connected to the digital media device, wherein the server comprises a non-transitory medium containing instructions which when executed causes the server to perform the steps of;
  
  maintaining a group key, wherein the group key is used to encrypt and decrypt content on at least one digital media recording device located remotely from the server;
  
  associating digital media recording devices with a customer account;
  
  associating the maintained group key to the associated customer account;
  
  associating a group record with the maintained group key;
  
  associating the group record with the associated customer account;
  
  adding the first digital media recording device to the associated group record with the maintained group key on the server;
  
  receiving a request to add the first digital media device to the group record associated with the customer account;
  
  receiving an identification of the first digital media device and an identification of the group record;
  
  creating an entry for a record for the first digital media device in the received identified group record;
  
  generating a device record for the first digital media device using the created entry;
  
  encrypting the maintained group key with a public key of the first digital media recording device, wherein the public key is associated with a private device key of the first digital media recording device;
  
  signing the encrypted maintained group key;
  
  generating a group key entitlement management message (EMM), wherein the EMM comprises private conditional access information about the authority of the first digital recording media device to receive service; and
  
  transmitting the generated EMM to a secure microprocessor of the first digital media recording device at a memory location on the secure microprocessor which cannot be accessed from outside of the secure microprocessor.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 10. The system of claim 9, wherein instructions which when executed further causes the secure microprocessor of the first digital media device to perform the step of authenticating the EMM.
  - 11. The system of claim 10, wherein the instructions which when executed further causes the secure microprocessor of the first digital media device to perform the step of decrypting the EMM to obtain the group key.
  - 12. The system of claim 10, wherein the instructions which when executed further causes the secure microprocessor of the first digital media device to perform the step of storing the group key to the memory location.
  - 13. The system of claim 9, wherein the first digital media device is a digital video recorder (DVR).
  - 14. The system of claim 9, wherein the first digital media device is located at a remote location from the server.
  - 15. The system of claim 9, wherein the instructions which when executed further causes the first digital media device to perform the step of receiving media content from the headend device.
  - 16. The system of claim 15, wherein the media content received from the headend device is encrypted with the group key.
  - 17. The system of claim 16, wherein the instructions which when executed further causes the first digital media device to perform the step of decrypting the media content using the group key.
  - 18. The system of claim 17, wherein the instructions which when executed further causes the first digital media device to perform the step of storing the decrypted media content on a storage device.
  - 19. The system of claim 18, wherein the instructions when executed further causes the first digital media device to perform the step of sending the decrypted media content to a display device associated with the first digital media device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synamedia Limited
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Maholski, Andrew D., Pinder, Howard G.
Primary Examiner(s)
Ravetti, Dante

Application Number

US11/454,421
Publication Number

US 20070294178A1
Time in Patent Office

3,546 Days
Field of Search

705/57, 705/16, 705/21, 705/59, 705/71, 380/44, 380/262, 380/278, 380/279
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04N 21/2541   Rights Management protectin...

H04N 21/4331   Caching operations, e.g. of...

H04N 21/4405   involving video stream decr...

H04N 21/4408   involving video stream encr...

H04N 21/4623   Processing of entitlement m...

H04N 21/4627   Rights management associate...

H04N 21/4788   communicating with other us...

H04N 21/63345   by transmitting keys key di...

H04N 21/835   Generation of protective da...

H04N 21/8355   involving usage data, e.g. ...

H04N 7/1675   Providing digital key or au...

Securing media content using interchangeable encryption key

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

254 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Securing media content using interchangeable encryption key

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

254 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links