Digital rights management system and methods for provisioning content to an intelligent storage

US 9,342,701 B1
Filed: 08/20/2014
Issued: 05/17/2016
Est. Priority Date: 04/10/2012
Status: Active Grant

First Claim

Patent Images

1. A computing system comprising:

a data storage device storing encrypted media content and a content key that uniquely identifies the media content, the data storage device comprising a controller configured to generate a binding key that binds the encrypted content to the data storage device; and

a host subsystem comprising one or more processors configured to;

receive the binding key and the content key from the data storage device;

generate an access key based on the binding key and the content key;

receive the encrypted media content from the data storage device; and

decrypt the encrypted media content using the access key.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to digital rights management (DRM) for content that downloaded and saved to a storage device. The storage may be a disk drive, or network attached storage. In addition, the storage device performs cryptographic operations and provides a root of trust. The DRM employs a binding key, a content key, and an access key. The binding key binds the content to a specific storage and is based on a key that is concealed on the storage. The binding key is not stored on the storage device with the content. The content key is a key that has been assigned to the content. The access key is determined based on a cryptographic combination of the content key and the binding key. In one embodiment, the content is provisioned based on the access key and stored in encrypted form in the storage device.

72 Citations

16 Claims

1. A computing system comprising:
- a data storage device storing encrypted media content and a content key that uniquely identifies the media content, the data storage device comprising a controller configured to generate a binding key that binds the encrypted content to the data storage device; and
  
  a host subsystem comprising one or more processors configured to;
  
  receive the binding key and the content key from the data storage device;
  
  generate an access key based on the binding key and the content key;
  
  receive the encrypted media content from the data storage device; and
  
  decrypt the encrypted media content using the access key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the binding key is based on a key that is concealed on the data storage device.
  - 3. The system of claim 1, wherein the one or more processors are further configured to:
    - authenticate the data storage device; and
      
      establish a secured communication channel with the data storage device based on the authentication.
  - 4. The system of claim 1, wherein the one or more processors are further configured to request the binding key from the data storage device as an ephemeral key.
  - 5. The system of claim 1, wherein the one or more processors are further configured to generate the access key based on a request received from the storage device.
  - 6. The system of claim 1, wherein the one or more processors are further configured to generate the access key based on a one-way function.
  - 7. The system of claim 1, wherein the binding key is based at least partly on manufacturing defects information associated with a storage medium of the data storage device.
  - 8. The system of claim 7, wherein the storage medium comprises magnetic media.

9. A method of provisioning content to a storage device from a download site, said method comprising:
- providing, to a remote download server, a binding key that binds media content from the download site to a data storage device;
  
  receiving, from the remote download server, an access key based on the binding key and a content key that uniquely identifies the media content;
  
  receiving, from the remote download server, the content key;
  
  storing the content key in a non-user area of the data storage device;
  
  receiving, from the remote download server, an encrypted version of the media content that is encrypted based on the access key; and
  
  storing the encrypted version of the media content in a user area of the data storage device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising establishing a secured communication channel with the remote download server based on an authentication of the remote download server.
  - 11. The method of claim 9, wherein the binding key is based on a concealed key that is concealed in the data storage device.
  - 12. The method of claim 9, wherein the binding key is unique to a class of data storage devices and based on a concealed key that is concealed in the data storage device.
  - 13. The method of claim 9, further comprising mutually authenticating with the remote download server.
  - 14. The method of claim 9, wherein providing the binding key comprises ephemerally generating the binding key based on information that is unique to the data storage device and a key that is concealed in the data storage device.
  - 15. The method of claim 9, wherein the binding key is based at least partly on manufacturing defects of a storage medium of the data storage device.
  - 16. The method of claim 15, wherein the storage medium comprises magnetic media.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
Western Digital Technologies Incorporated (Western Digital Corporation)
Inventors
Blankenbeckler, David L., Ybarra, Danny O., Hesselink, Lambertus
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US14/464,023
Time in Patent Office

636 Days
Field of Search

713/150, 713/168
US Class Current

1/1
CPC Class Codes

G06F 21/1014   to tokens

G06F 21/602   Providing cryptographic fac...

G06F 21/71   to assure secure computing ...

G06F 2221/2107   File encryption

G11B 20/00115   wherein the record carrier ...

G11B 20/00123   the record carrier being id...

G11B 20/00137   involving measures which re...

G11B 20/00246   wherein the key is obtained...

H04L 2209/603   Digital right managament [DRM]

H04L 9/006   involving public key infras...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/321   involving a third party or ...

Digital rights management system and methods for provisioning content to an intelligent storage

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Digital rights management system and methods for provisioning content to an intelligent storage

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links