Device-independent management of cryptographic information

US 10,417,392 B2
Filed: 05/17/2012
Issued: 09/17/2019
Est. Priority Date: 05/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for distributing keys for accessing content, the method comprising:

at a digital rights management (DRM) server;

receiving a request from a particular device to access a particular piece of content;

identifying a plurality of devices, including the particular device, that are related through one user account that is associated with the particular device;

for each device, generating a different decryption key for accessing the particular piece of content, wherein each different generated decryption key is specific to one of the devices; and

providing the different generated decryption keys to the particular device in a first data storage structure; and

at the particular device;

storing, one of the generated decryption keys in a second data storage structure, the one of the generated decryption keys being individually encrypted in a same data storage format as the one of the generated decryption keys appears in the first data storage structure provided to the particular device, thereby minimizing exposure of the one of the generated decryption keys during transfer;

using the one of the generated decryption keys to decrypt and access the particular piece of content stored in an encrypted format on the particular device; and

supplying, to each respective device of the other devices, the generated decryption key specific to the respective device in a third data storage structure that also stores another generated decryption key specific to the respective device, the other generated decryption key corresponding to another piece of content, wherein each of the other respective devices uses its respective decryption key to decrypt and access the same particular piece of content in the same encrypted format.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide an account-based DRM system for distributing content. The system includes several devices that are associated with an account and a set of DRM computers that receives a request to access a piece of content on the devices associated with the account. The DRM computer set then generates a several keys for the devices, where each particular key of each particular device allows the particular device to access the piece of content on the particular device. In some embodiments, the DRM computer set sends the content and keys to one device (e.g., a computer), which is used to distribute the content and the key(s) to the other devices associated with the account. In some embodiments, the DRM computer set individually encrypts each key in a format that is used during its transport to its associated device and during its use on this device.

145 Citations

23 Claims

1. A method for distributing keys for accessing content, the method comprising:
- at a digital rights management (DRM) server;
  
  receiving a request from a particular device to access a particular piece of content;
  
  identifying a plurality of devices, including the particular device, that are related through one user account that is associated with the particular device;
  
  for each device, generating a different decryption key for accessing the particular piece of content, wherein each different generated decryption key is specific to one of the devices; and
  
  providing the different generated decryption keys to the particular device in a first data storage structure; and
  
  at the particular device;
  
  storing, one of the generated decryption keys in a second data storage structure, the one of the generated decryption keys being individually encrypted in a same data storage format as the one of the generated decryption keys appears in the first data storage structure provided to the particular device, thereby minimizing exposure of the one of the generated decryption keys during transfer;
  
  using the one of the generated decryption keys to decrypt and access the particular piece of content stored in an encrypted format on the particular device; and
  
  supplying, to each respective device of the other devices, the generated decryption key specific to the respective device in a third data storage structure that also stores another generated decryption key specific to the respective device, the other generated decryption key corresponding to another piece of content, wherein each of the other respective devices uses its respective decryption key to decrypt and access the same particular piece of content in the same encrypted format.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the third data storage structure has the same data storage format as the first and second data storage structures.
  - 3. The method of claim 1, wherein the particular device stores the provided decryption keys in a keybag along with other sets of decryption keys for accessing other pieces of content on the plurality of devices.
  - 4. The method of claim 1 further comprising storing the generated decryption keys in the first data storage structure prior to providing the generated decryption keys to the particular device, wherein the generated decryption keys are provided to the particular device by providing the first data storage structure.
  - 5. The method of claim 4, wherein the first data storage structure is a transport keybag.
  - 6. The method of claim 1, wherein providing the different generated decryption keys to the particular device further comprises providing the particular piece of content to the particular device in the encrypted format.

7. A method comprising:
- from a first device, sending a request to a digital rights management (DRM) server for a piece of content;
  
  at the first device, receiving from the DRM server, the piece of content in an encrypted format and a set of different keys for the first device and a set of other devices, each key generated specifically for decrypting and accessing the piece of encrypted content on one of the other devices;
  
  at the first device, using the key specific to the first device to decrypt and access the encrypted content; and
  
  from the first device, supplying to each other device the received key specific to the other device without supplying to the other device any other key in the received set of different keys, wherein the other device uses the key supplied from the first device to decrypt and access the piece of encrypted content, wherein the received key specific to at least one other device is supplied to the at least one other device along with another received key specific to the at least one other device, the other received key corresponding to another piece of encrypted content, and the key and the other received key each being individually encrypted such that the at least one other device can decrypt and use the key without decrypting the other received key.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7, wherein the set of different keys are received from the DRM server in a first data storage structure.
  - 9. The method of claim 8 further comprising extracting the keys from the first data storage structure.
  - 10. The method of claim 8 further comprising storing a first key specific to the first device in a second data storage structure at the first device, the second data storage structure having a same data storage format as the first data storage structure.

11. A non-transitory machine readable medium storing a computer program for execution by at least one processing unit of a first device, the computer program comprising sets of instructions for:
- from the first device, requesting a piece of content from a set of servers;
  
  at the first device, receiving the piece of content in an encrypted format and a set of different keys for the first device and a set of other devices, each key generated specifically for decrypting and accessing the piece of encrypted content on one of the other devices;
  
  at the first device, using the key specific to the first device to decrypt and access the encrypted content; and
  
  from the first device, distributing to each other device the received key specific to the other device along with at least one other received key specific to the other device without supplying to the other device any other key in the received set of different keys, wherein the key and the at least one other received key are individually encrypted and the other device is configured to decrypt and use the key supplied from the first device to decrypt and access the piece of encrypted content, without decrypting the other received key.
- View Dependent Claims (12, 13, 14)
- - 12. The non-transitory machine readable medium of claim 11, wherein the computer program further comprises a set of instructions for storing each of the different keys in a different transport keybag along with the at least one other received key before distributing the key and the at least one other received key to the other device to which the key and the at least one other received key is specific.
  - 13. The non-transitory machine readable medium of claim 12, wherein the set of instructions for distributing a particular key, from the first device to the other device to which the key is specific comprises a set of instructions for supplying the key to the other device in the respective transport keybag along with the at least one other key.
  - 14. The non-transitory machine readable medium of claim 13, wherein the set of different keys are received in a data storage structure, wherein the data storage structure and the transport keybags have a same data storage format.

15. A digital rights management (DRM) system comprising:
- at least one server configured to;
  
  identify a plurality of devices that are related through one user account; and
  
  generate a different key for each related device, wherein each generated key is specific to one of the devices and is for accessing a particular piece of content on the device;
  
  a first device of the plurality of related devices, the first device configured to;
  
  receive, from the at least one server, (i) the particular piece of content in an encrypted format and (ii) a first data storage structure that includes the generated keys for accessing the particular piece of encrypted content; and
  
  use one of the generated keys to decrypt and access the particular piece of content on the first device; and
  
  a set of related devices of the plurality of related devices, each respective related device configured to;
  
  receive, from the first device, a second data storage structure that includes the generated key specific to the respective related device and another generated decryption key specific to the respective related device, the other generated decryption key corresponding to another piece of content, and the generated key being individually encrypted and stored in the second data storage structure in a same format that it appears in the first data storage structure; and
  
  use its specific key to decrypt and access the piece of content on the respective related device.
- View Dependent Claims (16, 17, 18)
- - 16. The DRM system of claim 15, wherein the at least one server is further configured to:
    - store the generated keys in a data storage structure; and
      
      provide the generated keys in the data storage structure to the first device.
  - 17. The DRM system of claim 15, wherein the at least one server comprises a first server for distributing the generated keys and a second server for distributing the particular piece of content in the encrypted format.
  - 18. The DRM system of claim 15, wherein the first device is further configured to:
    - store the received generated keys along with other sets of keys for accessing other pieces of content on the plurality of devices.

19. A first device comprising:
- a memory; and
  
  at least one processor configured to;
  
  request a piece of content from a set of servers;
  
  receive the piece of content in an encrypted format and a set of different keys for the first device and a set of other devices, each key generated specifically for decrypting and accessing the piece of encrypted content on one of the other devices;
  
  use the key specific to the first device to decrypt and access the encrypted content; and
  
  distribute to each other device the received key specific to the other device along with at least one other received key specific to the other device without supplying to the other device any other key in the received set of different keys, wherein the key and the at least one other received key are individually encrypted and the other device is configured to decrypt and use the key supplied from the first device to decrypt and access the piece of encrypted content, without decrypting the other received key.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The first device of claim 19, wherein the at least one processor is further configured to:
    - store each of the different keys in a different transport keybag along with the at least one other received key before distributing the key and the at least one other received key to the other device to which the key and the at least one other received key is specific.
  - 21. The first device of claim 20, wherein the at least one processor is further configured to distribute to each other device the received key specific to the other device along with the at least one other received key specific to the other device by supplying the key to the other device in the respective transport keybag along with the at least one other received key.
  - 22. The first device of claim 21, wherein the set of different keys are received in a data storage structure, wherein the data storage structure and the transport keybags have a same data storage format.
  - 23. The first device of claim 22, wherein the at least one processor is further configured to:
    - extract the set of different keys from the data storage structure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Farrugia, Augustin J., Fasoli, Gianpaolo, Riendeau, Jean-Francois
Primary Examiner(s)
Kim, Steven S
Assistant Examiner(s)
Fenstermacher, Jason B

Application Number

US13/474,697
Publication Number

US 20130003977A1
Time in Patent Office

2,679 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/1012   to domains

G06F 21/107   License processing; Key pro...

H04L 2209/603   Digital right managament [DRM]

H04L 9/083   involving central third par...

H04L 9/14   using a plurality of keys o...

Y10S 705/901   Digital rights management

Device-independent management of cryptographic information

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

145 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Device-independent management of cryptographic information

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

145 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links