Technique for securely communicating programming content

US 9,973,798 B2
Filed: 04/11/2016
Issued: 05/15/2018
Est. Priority Date: 07/20/2004
Status: Active Grant

First Claim

Patent Images

1. A method for protecting data content within a trusted domain, comprising:

receiving one or more protected data content from a device of a first domain that is outside of the trusted domain, the one or more protected data content associated with a minimum security level of compliance of the first domain that is outside of the trusted domain, where the first domain comprises a first multi-layered rights arrangement, and the trusted domain comprises a second multi-layered rights arrangement different from the first multi-layered rights arrangement of the first domain, the minimum security level of compliance comprising a set of rights selected from a plurality of sets of rights of the first multi-layered rights arrangement;

invoking a mutual authentication process, the mutual authentication process comprising registering with a trusted network entity, the trusted network entity being known commonly to (i) the device of the first domain that is outside of the trusted domain and (ii) a first device of the trusted domain;

causing a creation of a rights file indicating an extent of sharing permissions within the trusted domain, the causing the creation of the rights file being based at least on the minimum security level of compliance assigned to the device of the first domain that is outside of the trusted domain; and

responsive to receiving a request to transfer the one or more protected data content within the trusted domain;

verifying that the request to transfer the one or more protected data content complies with the extent of sharing permissions and with the minimum security level of compliance assigned to the device of the first domain; and

based at least on successful completion of the verifying, causing transmitting of the one or more protected data content;

wherein all devices of the trusted domain are configured to enable consumption of the one or more protected data content within the extent of sharing permissions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for securely transferring content from a first device in a first layer to a second device in a second layer. In one embodiment, the first device is a device in a trusted domain and the second device is outside of the trusted domain. Transfer of protected content to another device may require authentication of the receiving device. A rights file which specifies the rights of the receiving device to use the protected content, according to its security level is also transferred. These rights may concern, e.g., the number of times the receiving device may transfer the protected content to other devices, the time period within which the receiving device may play the protected content, etc. The higher the security level of the receiving device, the more rights accorded thereto. A minimum security level requirement may be imposed in order for protected content to be transferred to a device.

407 Citations

23 Claims

1. A method for protecting data content within a trusted domain, comprising:
- receiving one or more protected data content from a device of a first domain that is outside of the trusted domain, the one or more protected data content associated with a minimum security level of compliance of the first domain that is outside of the trusted domain, where the first domain comprises a first multi-layered rights arrangement, and the trusted domain comprises a second multi-layered rights arrangement different from the first multi-layered rights arrangement of the first domain, the minimum security level of compliance comprising a set of rights selected from a plurality of sets of rights of the first multi-layered rights arrangement;
  
  invoking a mutual authentication process, the mutual authentication process comprising registering with a trusted network entity, the trusted network entity being known commonly to (i) the device of the first domain that is outside of the trusted domain and (ii) a first device of the trusted domain;
  
  causing a creation of a rights file indicating an extent of sharing permissions within the trusted domain, the causing the creation of the rights file being based at least on the minimum security level of compliance assigned to the device of the first domain that is outside of the trusted domain; and
  
  responsive to receiving a request to transfer the one or more protected data content within the trusted domain;
  
  verifying that the request to transfer the one or more protected data content complies with the extent of sharing permissions and with the minimum security level of compliance assigned to the device of the first domain; and
  
  based at least on successful completion of the verifying, causing transmitting of the one or more protected data content;
  
  wherein all devices of the trusted domain are configured to enable consumption of the one or more protected data content within the extent of sharing permissions.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the transmitting the one or more protected data content further comprises transmitting the rights file.
  - 3. The method of claim 2, wherein the transmitting further comprises:
    - authenticating at least the first device of the trusted domain; and
      
      transmitting the one or more protected data content to the authenticated first device.
  - 4. The method of claim 3, wherein the authenticating of the at least first device of the trusted domain comprises the mutual authentication process.
  - 5. The method of claim 1, wherein the creation of the rights file is performed by the commonly known and trusted entity.
  - 6. The method of claim 1, further comprising selecting the minimum security level from a multi-layered rights arrangement scheme, the multi-layered rights arrangement scheme comprising multiple discrete security levels, each of the multiple discrete security levels comprising corresponding limitations related to said consumption of said one or more protected data content.

7. A device configured to protect data content within a trusted domain, comprising:
- a first interface in data communication with a first domain outside of the trusted domain;
  
  a trusted interface in data communication with the trusted domain;
  
  a processor apparatus in data communication with the first interface and the trusted interface; and
  
  a non-transitory computer readable medium in data communication with the processor apparatus and comprising at least one computer program having one or more instructions which, when executed by the processor apparatus, cause the device to;
  
  receive one or more protected data content from a client device of the first domain outside of the trusted domain, the one or more protected data content associated with a minimum security level of compliance, the minimum security level of compliance comprising prescribed one or more rights of a plurality of rights, where only the prescribed one or more rights is supported on the client device of the first domain outside of the trusted domain;
  
  invoke a mutual authorization process, the mutual authorization process comprising a registration of the device with a trusted network entity, the trusted network entity being known commonly to (i) the device and (ii) the client device of the first domain outside of the trusted domain; and
  
  cause the creation of a rights file indicating an extent of sharing permissions within the trusted domain, the causing of the creation of the rights file being based at least on the minimum security level of compliance supported on the client device of the first domain outside of the trusted domain;
  
  wherein the prescribed one or more rights supported on the client device are determined by the rights file indicating the extent of sharing permissions.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The device of claim 7, wherein the at least one computer program further comprises one or more instructions which, when executed by the processor apparatus, cause the device to request the creation of the rights file from a licensing authority.
  - 9. The device of claim 8, wherein the digital signature indicates a chain of authority to a licensing authority.
  - 10. The device of claim 7, wherein the at least one computer program further comprises one or more instructions which, when executed by the processor apparatus, cause the device to generate the rights file, and to sign the rights file with a digital signature.
  - 11. The device of claim 7, wherein the at least one computer program further comprises one or more instructions which, when executed by the processor apparatus, cause the device to register to a licensing authority at a first security level.
  - 12. The device of claim 11, wherein the extent of sharing permissions is based, at least in part, on the first security level and the minimum security level of compliance.
  - 13. The device of claim 7, wherein the first domain outside the trusted domain is configured to implement a first digital rights scheme, and the trusted domain is configured to implement a second digital rights scheme distinct from the first digital rights scheme.
  - 14. The device of claim 7, wherein the trusted domain is configured to be secured by a top-level licensing authority disposed at a networked operator entity.
  - 15. The device of claim 7, wherein the prescribed one or more rights of the plurality of rights comprise a distinct set of rights selected from a plurality of distinct sets of rights.

16. A non-transitory computer-readable storage medium having at least one computer program comprising a plurality of instructions stored therein, the plurality of instructions being configured to, when executed by a processor apparatus, cause a first computerized device to:
- receive protected data content from a second computerized device, the second computerized device being disposed in an outside domain that is not within a trusted domain, the protected data content being associated with a minimum security level of compliance of the outside domain, where the outside domain comprises a first multi-layered rights arrangement, and the trusted domain comprises a second multi-layered rights arrangement different from the first multi-layered rights arrangement of the first domain, the minimum security level of compliance comprising a set of rights selected from a plurality of sets of rights of the first multi-layered rights arrangement;
  
  invoke a mutual authorization process, the mutual authorization process comprising a registration of the first computerized device with a computerized trusted network entity, the computerized trusted network entity being known commonly to (i) the first computerized device and (ii) the second computerized device operative within the outside domain;
  
  cause a creation of a rights data file indicating an extent of sharing permissions within the trusted domain, where the causation of the creation of the rights data file is based at least on the minimum security level of compliance assigned to the second computerized device of the outside domain; and
  
  based on receipt of a request to transfer the protected data content within the trusted domain;
  
  verify that the request to transfer the one or more protected data content complies with the extent of sharing permissions and with the minimum security level of compliance assigned to the second computerized device of the outside domain; and
  
  based at least on successful verification, cause transmission of the protected data content;
  
  wherein all computerized devices of the trusted domain are configured to enable consumption of the protected data content within the extent of sharing permissions.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The non-transitory computer-readable storage medium of claim 16, wherein the creation of the rights data file is performed by the trusted network entity.
  - 18. The non-transitory computer-readable storage medium of claim 16, wherein the extent of sharing permissions is determined based at least on the minimum security level of compliance.
  - 19. The non-transitory computer-readable storage medium of claim 16, wherein the transmission of the protected data content comprises transmission of the rights file.
  - 20. The non-transitory computer-readable storage medium of claim 19, wherein the transmission of the rights file comprises:
    - authorization of at least the first computerized device registered with the trusted network entity; and
      
      transmission of the one or more protected data content to the authorized first computerized device.
  - 21. The non-transitory computer-readable storage medium of claim 20, wherein the authorization of the at least first computerized device registered with the computerized trusted network entity comprises the mutual authorization process.
  - 22. The non-transitory computer-readable storage medium of claim 16, wherein the plurality of instructions are further configured to, when executed by the processor apparatus, cause the first computerized device to:
    - cause the creation of the rights data file from a licensing authority that is part of a licensing hierarchy, the licensing hierarchy comprising a chain of authority up to and including the licensing authority.
  - 23. The non-transitory computer-readable storage medium of claim 22, wherein the plurality of instructions are further configured to, when executed by the processor apparatus, cause the first computerized device to register to the licensing authority at a first security level;
    - wherein the extent of sharing permissions is based, at least in part, on the first security level and the minimum security level of compliance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated), Comcast Cable Communications LLC (Comcast Corporation)
Original Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated), Comcast Cable Communications LLC (Comcast Corporation)
Inventors
Helms, William L., Carlucci, John B., Hayashi, Michael T., Fahrny, James W.
Primary Examiner(s)
Ho, Dao Q

Application Number

US15/096,019
Publication Number

US 20160301962A1
Time in Patent Office

764 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

H04L 2209/60   Digital content management,...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3263   involving certificates, e.g...

H04N 21/2347   involving video stream encr...

H04N 21/23473   by pre-encrypting

H04N 21/2541   Rights Management protectin...

H04N 21/25816   involving client authentica...

H04N 21/26613   for generating or managing ...

H04N 21/4405   involving video stream decr...

H04N 21/4627   Rights management associate...

H04N 21/6334   for authorisation, e.g. by ...

H04N 21/63775   for uploading keys, e.g. fo...

H04N 21/6582   Data stored in the client, ...

H04N 21/8355   involving usage data, e.g. ...

H04N 7/1675   Providing digital key or au...

H04N 7/17318   Direct or substantially dir...

H04N 7/17354   in an intermediate station ...

Technique for securely communicating programming content

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

407 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Technique for securely communicating programming content

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

407 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links