Systems and methods for governing content rendering, protection, and management applications

US 9,298,929 B2
Filed: 03/11/2013
Issued: 03/29/2016
Est. Priority Date: 06/04/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method performed by a first system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the first system to perform the method, the method comprising:

receiving, by a secure control application executing on the first system in a protected processing environment, a request to access protected content by a governed application executing on a second system, the second system being remote from the first system;

extracting, by the secure control application executing on the first system, secret information from a secure electronic container, the secret information being configured to be used, at least in part, to decrypt the protected content, wherein extracting the secret information comprises decrypting at least a portion of the secure electronic container to generate unencrypted secret information; and

sending, by the secure control application executing on the first system, the unencrypted secret information to the governed application of the second system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and methods are disclosed for governing digital rights management systems and other applications through the use of supervisory governance applications and keying mechanisms. Governance is provided by enabling the supervisory applications to revoke access keys and/or to block certain file system calls, thus preventing governed applications from accessing protected electronic content.

78 Citations

18 Claims

1. A method performed by a first system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the first system to perform the method, the method comprising:
- receiving, by a secure control application executing on the first system in a protected processing environment, a request to access protected content by a governed application executing on a second system, the second system being remote from the first system;
  
  extracting, by the secure control application executing on the first system, secret information from a secure electronic container, the secret information being configured to be used, at least in part, to decrypt the protected content, wherein extracting the secret information comprises decrypting at least a portion of the secure electronic container to generate unencrypted secret information; and
  
  sending, by the secure control application executing on the first system, the unencrypted secret information to the governed application of the second system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - receiving, by the secure control application, a first control expressing that the governed application should not be provided with the secret information; and
      
      implementing a first control action preventing the secret information from being provided to the governed application in response to a subsequent access request.
  - 3. The method of claim 2 further comprising:
    - receiving, by the secure control application, a second control expressing that the governed application should be provided with the secret information; and
      
      implementing a second control action allowing the secret information to be provided to the governed application in response to the subsequent access request.
  - 4. The method of claim 1 further comprising:
    - prior to sending the secret information to the governed application, determining, by the secure control application, that the governed application satisfies one or more requirements.
  - 5. The method of claim 4, wherein the one more requirements comprise at least one security requirement.
  - 6. The method of claim 4, wherein the one or more requirements comprise at least one requirement for processing the protected content.
  - 7. The method of claim 4, further comprising:
    - determining, by the secure control application, that the governed application no longer satisfies the one or more requirements; and
      
      implementing a control action preventing the secret information from being provided to the governed application in response to a subsequent access request.
  - 8. The method of claim 1, wherein the secret information comprises one or more access keys.
  - 9. The method of claim 1, wherein the secret information comprises a portion of an access key.

10. A non-transitory computer-readable storage medium storing instructions that, when executed by a processor of a first system, cause the first system to perform a method, the method comprising:
- receiving, by a secure control application executing on the first system in a protected processing environment, a request to access protected content by a governed application executing on a second system, the second system being remote from the first system;
  
  extracting, by the secure control application executing on the first system, secret information from a secure electronic container, the secret information being configured to be used, at least in part, to decrypt the protected content, wherein extracting the secret information comprises decrypting at least a portion of the secure electronic container to generate unencrypted secret information; and
  
  sending, by the secure control application executing on the first system, the unencrypted secret information to the governed application.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The non-transitory computer-readable storage medium of claim 10, wherein the method further comprises:
    - receiving, by the secure control application, a first control expressing that the governed application should not be provided with the secret information; and
      
      implementing a first control action preventing the secret information from being provided to the governed application in response to a subsequent access request.
  - 12. The non-transitory computer-readable storage medium of claim 11, wherein the method further comprises:
    - receiving, by the secure control application, a second control expressing that the governed application should be provided with the secret information; and
      
      implementing a second control action allowing the secret information to be provided to the governed application in response to the subsequent access request.
  - 13. The non-transitory computer-readable storage medium of claim 10, wherein the method further comprises:
    - prior to sending the secret information to the governed application, determining, by the secure control application, that the governed application satisfies one or more requirements.
  - 14. The non-transitory computer-readable storage medium of claim 13, wherein the one more requirements comprise at least one security requirement.
  - 15. The non-transitory computer-readable storage medium of claim 13, wherein the one or more requirements comprise at least one requirement for processing the protected content.
  - 16. The non-transitory computer-readable storage medium of claim 13, wherein the method further comprises:
    - determining, by the secure control application, that the governed application no longer satisfies the one or more requirements; and
      
      implementing a control action preventing the secret information from being provided to the governed application in response to a subsequent access request.
  - 17. The non-transitory computer-readable storage medium of claim 10, wherein the secret information comprises one or more access keys.
  - 18. The non-transitory computer-readable storage medium of claim 10, wherein the secret information comprises a portion of an access key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
MacKay, Michael K., Maher, David P.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US13/793,539
Publication Number

US 20130191930A1
Time in Patent Office

1,114 Days
Field of Search

726 26- 30
US Class Current

1/1
CPC Class Codes

G06F 21/60   Protecting data

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 63/062   for key distribution, e.g. ...

H04L 9/0822   using key encryption key

H04L 9/0877   using additional device, e....

H04L 9/0891   Revocation or update of sec...

Systems and methods for governing content rendering, protection, and management applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for governing content rendering, protection, and management applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links