Technique for securely communicating programming content
First Claim
1. A non-transitory computer-readable apparatus comprising a storage medium, the storage medium comprising a plurality of instructions configured to, when executed by a processor apparatus:
- enable a first computerized client device to (i) access a media data structure containing protected digital data content in response to a request from the second computerized client device, the access comprising use of a cryptographic element to decrypt the media data structure to produce a rights data structure, and (ii) use the produced rights data structure to authenticate a second computerized client device, the media data structure being associated with the rights data structure, the authentication comprising receipt of a registration message by the first computerized client device, and decryption of a digital signature within the registration message via the cryptographic element, the cryptographic element being retrievable from a storage device associated with the first computerized client device, the rights data structure being indicative of a plurality of restrictions corresponding to respective extents of a right to receive the media data structure by the second computerized client device, the first and second computerized client devices being communicative with respective first and second portions of a content delivery network;
cause the first computerized client device to encrypt the rights data structure using at least a session key; and
based on an examination of the produced rights data structure, the examination comprising a determination enabled by at least said authentication that the second computerized client device is associated with an extent of the right to receive the media data structure which meets or exceeds a prescribed extent of the right to receive the media data structure, enable the first computerized client device to transmit to the second computerized client device via the content delivery network;
(i) a copy of at least a portion of the media data structure containing the protected digital data content, and (ii) an encrypted version of the produced rights data structure.
4 Assignments
0 Petitions
Accused Products
Abstract
A technique for securely transferring content from a first device in a first layer to a second device in a second layer. In one embodiment, the first device is a device in a trusted domain and the second device is outside of the trusted domain. Transfer of protected content to another device may require authentication of the receiving device. A rights file which specifies the rights of the receiving device to use the protected content, according to its security level is also transferred. These rights may concern, e.g., the number of times the receiving device may transfer the protected content to other devices, the time period within which the receiving device may play the protected content, etc. The higher the security level of the receiving device, the more rights accorded thereto. A minimum security level requirement may be imposed in order for protected content to be transferred to a device.
432 Citations
20 Claims
-
1. A non-transitory computer-readable apparatus comprising a storage medium, the storage medium comprising a plurality of instructions configured to, when executed by a processor apparatus:
-
enable a first computerized client device to (i) access a media data structure containing protected digital data content in response to a request from the second computerized client device, the access comprising use of a cryptographic element to decrypt the media data structure to produce a rights data structure, and (ii) use the produced rights data structure to authenticate a second computerized client device, the media data structure being associated with the rights data structure, the authentication comprising receipt of a registration message by the first computerized client device, and decryption of a digital signature within the registration message via the cryptographic element, the cryptographic element being retrievable from a storage device associated with the first computerized client device, the rights data structure being indicative of a plurality of restrictions corresponding to respective extents of a right to receive the media data structure by the second computerized client device, the first and second computerized client devices being communicative with respective first and second portions of a content delivery network; cause the first computerized client device to encrypt the rights data structure using at least a session key; and based on an examination of the produced rights data structure, the examination comprising a determination enabled by at least said authentication that the second computerized client device is associated with an extent of the right to receive the media data structure which meets or exceeds a prescribed extent of the right to receive the media data structure, enable the first computerized client device to transmit to the second computerized client device via the content delivery network;
(i) a copy of at least a portion of the media data structure containing the protected digital data content, and (ii) an encrypted version of the produced rights data structure. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of protecting digital data content via a content delivery network comprising a first computerized client device and a second computerized client device, the method comprising:
-
obtaining a rights data structure using at least a cryptographic element; based at least on a request from the second computerized client device; accessing the digital data content, the digital data content being associated with the rights data structure, and authenticating the second computerized client device based at least on the rights data structure, where the authentication comprises a decryption of a digital signature via the cryptographic element from a storage apparatus associated with the first computerized client device, the digital signature being contained within a registration message retrievable by the first computerized client device, where the rights data structure is indicative of a plurality of restrictions corresponding to respective extents of a right to receive the digital data content by the second computerized client device; encrypting the rights data structure; and based on a determination that the second computerized client device is associated with an extent of the right to receive the digital data content which meets or exceeds a prescribed extent of the right to receive the digital data content, the authentication enabling at least the determination, transmitting to the second computerized client device (i) a copy of at least a portion of the digital data content, and (ii) an encrypted rights data structure. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A computerized media device configured to protect digital data content, the computerized media device comprising:
-
a data interface; a storage apparatus; a processor apparatus; and a non-transitory computer-readable apparatus in data communication with the processor apparatus and comprising a storage medium, the storage medium comprising a computer program having a plurality of instructions, the plurality of instructions being configured to, when executed by the processor apparatus, cause the computerized media device to; utilize a cryptographic element to yield a media data structure comprising the protected digital data content and a rights data structure, the cryptographic element being accessible at the storage apparatus; access the media data structure comprising the protected digital data content and the rights data structure; in response to a request for the protected digital data content from another computerized media device, authenticate the another computerized media device based at least on a rights data structure, the authentication comprising (i) access of a message from the another computerized media device, and (ii) decryption of a digital signature within the accessed message using the cryptographic element, the rights data structure being indicative of one or more limitations corresponding to respective extents of a right to receive the media data structure by the another computerized media device; encrypt the rights data structure using at least a cryptographic key; and based at least on a determination that the another computerized media device is associated with an extent of the right to receive the media data structure which meets or exceeds a prescribed extent of the right to receive the media data structure, the authentication enabling the determination, cause transmission to the another computerized media device of (i) a copy of at least a portion of the media data structure, and (ii) at least a portion of the rights data structure which has been encrypted. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification