Device-independent management of cryptographic information
First Claim
1. A method for distributing keys for accessing content, the method comprising:
- at a digital rights management (DRM) server;
receiving a request from a particular device to access a particular piece of content;
identifying a plurality of devices, including the particular device, that are related through one user account that is associated with the particular device;
for each device, generating a different decryption key for accessing the particular piece of content, wherein each different generated decryption key is specific to one of the devices; and
providing the different generated decryption keys to the particular device in a first data storage structure; and
at the particular device;
storing, one of the generated decryption keys in a second data storage structure, the one of the generated decryption keys being individually encrypted in a same data storage format as the one of the generated decryption keys appears in the first data storage structure provided to the particular device, thereby minimizing exposure of the one of the generated decryption keys during transfer;
using the one of the generated decryption keys to decrypt and access the particular piece of content stored in an encrypted format on the particular device; and
supplying, to each respective device of the other devices, the generated decryption key specific to the respective device in a third data storage structure that also stores another generated decryption key specific to the respective device, the other generated decryption key corresponding to another piece of content, wherein each of the other respective devices uses its respective decryption key to decrypt and access the same particular piece of content in the same encrypted format.
0 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments provide an account-based DRM system for distributing content. The system includes several devices that are associated with an account and a set of DRM computers that receives a request to access a piece of content on the devices associated with the account. The DRM computer set then generates a several keys for the devices, where each particular key of each particular device allows the particular device to access the piece of content on the particular device. In some embodiments, the DRM computer set sends the content and keys to one device (e.g., a computer), which is used to distribute the content and the key(s) to the other devices associated with the account. In some embodiments, the DRM computer set individually encrypts each key in a format that is used during its transport to its associated device and during its use on this device.
145 Citations
23 Claims
-
1. A method for distributing keys for accessing content, the method comprising:
-
at a digital rights management (DRM) server; receiving a request from a particular device to access a particular piece of content; identifying a plurality of devices, including the particular device, that are related through one user account that is associated with the particular device; for each device, generating a different decryption key for accessing the particular piece of content, wherein each different generated decryption key is specific to one of the devices; and providing the different generated decryption keys to the particular device in a first data storage structure; and at the particular device; storing, one of the generated decryption keys in a second data storage structure, the one of the generated decryption keys being individually encrypted in a same data storage format as the one of the generated decryption keys appears in the first data storage structure provided to the particular device, thereby minimizing exposure of the one of the generated decryption keys during transfer; using the one of the generated decryption keys to decrypt and access the particular piece of content stored in an encrypted format on the particular device; and supplying, to each respective device of the other devices, the generated decryption key specific to the respective device in a third data storage structure that also stores another generated decryption key specific to the respective device, the other generated decryption key corresponding to another piece of content, wherein each of the other respective devices uses its respective decryption key to decrypt and access the same particular piece of content in the same encrypted format. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
from a first device, sending a request to a digital rights management (DRM) server for a piece of content; at the first device, receiving from the DRM server, the piece of content in an encrypted format and a set of different keys for the first device and a set of other devices, each key generated specifically for decrypting and accessing the piece of encrypted content on one of the other devices; at the first device, using the key specific to the first device to decrypt and access the encrypted content; and from the first device, supplying to each other device the received key specific to the other device without supplying to the other device any other key in the received set of different keys, wherein the other device uses the key supplied from the first device to decrypt and access the piece of encrypted content, wherein the received key specific to at least one other device is supplied to the at least one other device along with another received key specific to the at least one other device, the other received key corresponding to another piece of encrypted content, and the key and the other received key each being individually encrypted such that the at least one other device can decrypt and use the key without decrypting the other received key. - View Dependent Claims (8, 9, 10)
-
-
11. A non-transitory machine readable medium storing a computer program for execution by at least one processing unit of a first device, the computer program comprising sets of instructions for:
-
from the first device, requesting a piece of content from a set of servers; at the first device, receiving the piece of content in an encrypted format and a set of different keys for the first device and a set of other devices, each key generated specifically for decrypting and accessing the piece of encrypted content on one of the other devices; at the first device, using the key specific to the first device to decrypt and access the encrypted content; and from the first device, distributing to each other device the received key specific to the other device along with at least one other received key specific to the other device without supplying to the other device any other key in the received set of different keys, wherein the key and the at least one other received key are individually encrypted and the other device is configured to decrypt and use the key supplied from the first device to decrypt and access the piece of encrypted content, without decrypting the other received key. - View Dependent Claims (12, 13, 14)
-
-
15. A digital rights management (DRM) system comprising:
-
at least one server configured to; identify a plurality of devices that are related through one user account; and generate a different key for each related device, wherein each generated key is specific to one of the devices and is for accessing a particular piece of content on the device; a first device of the plurality of related devices, the first device configured to; receive, from the at least one server, (i) the particular piece of content in an encrypted format and (ii) a first data storage structure that includes the generated keys for accessing the particular piece of encrypted content; and use one of the generated keys to decrypt and access the particular piece of content on the first device; and a set of related devices of the plurality of related devices, each respective related device configured to; receive, from the first device, a second data storage structure that includes the generated key specific to the respective related device and another generated decryption key specific to the respective related device, the other generated decryption key corresponding to another piece of content, and the generated key being individually encrypted and stored in the second data storage structure in a same format that it appears in the first data storage structure; and use its specific key to decrypt and access the piece of content on the respective related device. - View Dependent Claims (16, 17, 18)
-
-
19. A first device comprising:
-
a memory; and at least one processor configured to; request a piece of content from a set of servers; receive the piece of content in an encrypted format and a set of different keys for the first device and a set of other devices, each key generated specifically for decrypting and accessing the piece of encrypted content on one of the other devices; use the key specific to the first device to decrypt and access the encrypted content; and distribute to each other device the received key specific to the other device along with at least one other received key specific to the other device without supplying to the other device any other key in the received set of different keys, wherein the key and the at least one other received key are individually encrypted and the other device is configured to decrypt and use the key supplied from the first device to decrypt and access the piece of encrypted content, without decrypting the other received key. - View Dependent Claims (20, 21, 22, 23)
-
Specification