Apparatus and methods for content transfer protection
First Claim
1. A premises gateway apparatus configured to provide content to one or more client devices in communication therewith, said gateway apparatus comprising:
- at least one first interface configured to permit communication between said gateway apparatus and a first network;
at least one second interface configured to communicate with said one or more client devices;
a storage apparatus; and
a digital processor apparatus configured to run at least one computer program thereon, said computer program comprising a plurality of instructions which are configured to, when executed by said digital processor apparatus;
request and receive said content and a content key from said first network via said first interface;
receive a request originated from at least one of said one or more client devices for said content;
in response to said received request for said content;
(i) decrypt said content via said content key;
(ii) transcode said content from a first encoding format to a second encoding format, said second encoding format being compatible with capabilities of said at least one of said one or more client devices;
(iii) re-encrypt said content via said content key; and
(iv) provide said content to said at least one of said one or more client devices via said second interface;
wherein said request for said content key comprises a request from a digital rights management (DRM) client running on said digital processor apparatus, and an identical DRM client is also configured to run on a digital processor apparatus of said at least one of said one or more client devices; and
wherein said request for said content key comprises a request for said content key from a DRM server of said first network, and said receipt of said content key comprises receipt of a content key generated based at least in part on a determination at said DRM server that said premises gateway apparatus is entitled to receive access thereto based at least in part on communication of said DRM server with at least one database for authentication of a user associated with said premises gateway apparatus, said determination comprising use of said cryptographic hash anonymously identifying said user.
5 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for ensuring protection of transferred content. In one embodiment, content is transferred while enabling a network operator (e.g., MSO) to control and change rights and restrictions at any time, and irrespective of subsequent transfers. This is accomplished in one implementation by providing a premises device configured to receive content in a first encryption format and encodes using a first codec, with an ability to transcrypt and/or transcode the content into an encryption format and encoding format compatible with a device which requests the content therefrom (e.g., from PowerKey/MPEG-2 content to DRM/MPEG-4 content). The premises device uses the same content key to encrypt the content as is used by the requesting device to decrypt the content.
363 Citations
22 Claims
-
1. A premises gateway apparatus configured to provide content to one or more client devices in communication therewith, said gateway apparatus comprising:
-
at least one first interface configured to permit communication between said gateway apparatus and a first network; at least one second interface configured to communicate with said one or more client devices; a storage apparatus; and a digital processor apparatus configured to run at least one computer program thereon, said computer program comprising a plurality of instructions which are configured to, when executed by said digital processor apparatus; request and receive said content and a content key from said first network via said first interface; receive a request originated from at least one of said one or more client devices for said content; in response to said received request for said content; (i) decrypt said content via said content key; (ii) transcode said content from a first encoding format to a second encoding format, said second encoding format being compatible with capabilities of said at least one of said one or more client devices; (iii) re-encrypt said content via said content key; and (iv) provide said content to said at least one of said one or more client devices via said second interface; wherein said request for said content key comprises a request from a digital rights management (DRM) client running on said digital processor apparatus, and an identical DRM client is also configured to run on a digital processor apparatus of said at least one of said one or more client devices; and wherein said request for said content key comprises a request for said content key from a DRM server of said first network, and said receipt of said content key comprises receipt of a content key generated based at least in part on a determination at said DRM server that said premises gateway apparatus is entitled to receive access thereto based at least in part on communication of said DRM server with at least one database for authentication of a user associated with said premises gateway apparatus, said determination comprising use of said cryptographic hash anonymously identifying said user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A digital video recorder (DVR) apparatus configured to enable synchronization of content to one or more portable media devices (PMDs), said DVR comprising:
-
at least one first interface configured to communicate with one or more entities of a content delivery network; a second interface configured to communicate with said one or more PMDs; a storage entity configured to store a plurality of encrypted content received from a content server of said content delivery network; and a processor apparatus configured to; run at least a digital rights management (DRM) client application thereon, said DRM client application configured to request and receive a DRM license from a DRM server of said content delivery network, said request comprising a hash value anonymously identifying said DVR, said DRM license being created based at least in part on a determination that said DVR is entitled to receive access thereto, said determination based at least in part on communication of said DRM server with one or more entitlement entities of said content delivery network and comprising use of said hash value; and run at least one second computer application, said at least one second computer application comprising a plurality of instructions which are configured to, when executed; receive a request for first content from said one or more PMDs; identify said first content among said plurality of encrypted content stored at said storage entity; decrypt said first content via at least information contained in said DRM license; determine whether said identified first content comprises a format compatible with said one or more PMDs; when it is determined that said format is not compatible, transcode said first content to a format compatible with said one or more PMDs; re-encrypt said first content according to DRM standards; and provide said first content and said DRM license to said one or more PMDs. - View Dependent Claims (9, 10, 11)
-
-
12. A method of synchronizing content from a first premises device to at least one portable device in communication therewith, said method comprising:
-
storing at least first content at a storage entity of said first premises device, said at least first content being stored in a first encrypted format; requesting and storing a license via a client application running on said first premises device, said license received from a server in direct or indirect communication with said first premises device, said license based at least in part on communication between the server and a database to determine that said first premises device is associated with an authenticated user, said determination based at least in part on a hash value provided to said server that anonymously identifies said user, said authentication configured to authorize said first premises device to access said first content; receiving a request at said first premises device for said first content stored at said storage entity, said request originated from said at least one portable device; in response to said received request; (i) using at least information contained in said license to decrypt said first content from said first encrypted format and re-encrypt said first content to a second encrypted format; (ii) transcoding said first content from a first encoding format not compatible with said portable device to a second encoding format compatible with said portable device; and (iii) providing said transcoded and re-encrypted first content to said portable device, said portable device also configured to run said client application configured to access said license from said server to enable said decryption of said re-encrypted first content. - View Dependent Claims (13, 18, 19, 20)
-
-
14. A method of providing content to a client device in a premises network, said premises network in data communication with a managed content delivery network, said method comprising:
-
receiving said content at an intermediary entity of said premises network from a content server of said managed content delivery network, said content being encrypted according to a first access control standard; in response to a determination that said intermediary entity is entitled to access said content, receiving a rights package from a DRM server of said managed content delivery network; receiving a request for said content originated from said client device; authenticating a user of said client device as a subscriber of said managed content delivery network; identifying a current subscription or service level of said user; determining one or more rights of said user based at least on said current subscription or service level; and performing via at least said intermediary entity, in response to said request and based at least on said authenticating and said determined one or more rights; decryption of said content via at least information received in said rights package; transcoding of said content from a first encoding format to a second encoding format; re-encryption of said content according to a second access control standard; and provision of said content and said rights package for delivery to said client device; wherein said determination comprises use of a cryptographic hash by said DRM server and a communication with at least one database, said cryptographic hash anonymously identifying said intermediary entity. - View Dependent Claims (15, 16, 17, 21, 22)
-
Specification