Technique for securely communicating programming content

US 10,848,806 B2
Filed: 05/14/2018
Issued: 11/24/2020
Est. Priority Date: 07/20/2004
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable apparatus comprising a storage medium, the storage medium comprising a plurality of instructions configured to, when executed by a processor apparatus:

enable a first computerized client device to (i) access a media data structure containing protected digital data content in response to a request from the second computerized client device, the access comprising use of a cryptographic element to decrypt the media data structure to produce a rights data structure, and (ii) use the produced rights data structure to authenticate a second computerized client device, the media data structure being associated with the rights data structure, the authentication comprising receipt of a registration message by the first computerized client device, and decryption of a digital signature within the registration message via the cryptographic element, the cryptographic element being retrievable from a storage device associated with the first computerized client device, the rights data structure being indicative of a plurality of restrictions corresponding to respective extents of a right to receive the media data structure by the second computerized client device, the first and second computerized client devices being communicative with respective first and second portions of a content delivery network;

cause the first computerized client device to encrypt the rights data structure using at least a session key; and

based on an examination of the produced rights data structure, the examination comprising a determination enabled by at least said authentication that the second computerized client device is associated with an extent of the right to receive the media data structure which meets or exceeds a prescribed extent of the right to receive the media data structure, enable the first computerized client device to transmit to the second computerized client device via the content delivery network;

(i) a copy of at least a portion of the media data structure containing the protected digital data content, and (ii) an encrypted version of the produced rights data structure.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for securely transferring content from a first device in a first layer to a second device in a second layer. In one embodiment, the first device is a device in a trusted domain and the second device is outside of the trusted domain. Transfer of protected content to another device may require authentication of the receiving device. A rights file which specifies the rights of the receiving device to use the protected content, according to its security level is also transferred. These rights may concern, e.g., the number of times the receiving device may transfer the protected content to other devices, the time period within which the receiving device may play the protected content, etc. The higher the security level of the receiving device, the more rights accorded thereto. A minimum security level requirement may be imposed in order for protected content to be transferred to a device.

432 Citations

20 Claims

1. A non-transitory computer-readable apparatus comprising a storage medium, the storage medium comprising a plurality of instructions configured to, when executed by a processor apparatus:
- enable a first computerized client device to (i) access a media data structure containing protected digital data content in response to a request from the second computerized client device, the access comprising use of a cryptographic element to decrypt the media data structure to produce a rights data structure, and (ii) use the produced rights data structure to authenticate a second computerized client device, the media data structure being associated with the rights data structure, the authentication comprising receipt of a registration message by the first computerized client device, and decryption of a digital signature within the registration message via the cryptographic element, the cryptographic element being retrievable from a storage device associated with the first computerized client device, the rights data structure being indicative of a plurality of restrictions corresponding to respective extents of a right to receive the media data structure by the second computerized client device, the first and second computerized client devices being communicative with respective first and second portions of a content delivery network;
  
  cause the first computerized client device to encrypt the rights data structure using at least a session key; and
  
  based on an examination of the produced rights data structure, the examination comprising a determination enabled by at least said authentication that the second computerized client device is associated with an extent of the right to receive the media data structure which meets or exceeds a prescribed extent of the right to receive the media data structure, enable the first computerized client device to transmit to the second computerized client device via the content delivery network;
  
  (i) a copy of at least a portion of the media data structure containing the protected digital data content, and (ii) an encrypted version of the produced rights data structure.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The non-transitory computer-readable apparatus of claim 1, wherein the second computerized client device comprises a portable wireless device enabled for wireless data communication with the first computerized client device.
  - 3. The non-transitory computer-readable apparatus of claim 1, wherein:
    - the respective extents of the right to receive the media data structure comprise multiple security levels, the second computerized client device being associated with a prescribed security level;
      
      the examination of the produced rights data structure further comprises a determination of a minimum security level associated with the protected digital data content; and
      
      the determination that the second computerized client device is associated with the extent of the right to receive the media data structure which meets or exceeds the prescribed extent of the right to receive the media data structure comprises a determination that the minimum security level associated with the protected digital data content meets or exceeds the prescribed security level associated with the second computerized client device.
  - 4. The non-transitory computer-readable apparatus of claim 1, wherein the produced rights data structure further comprises data indicative of a plurality of restrictions each corresponding to a respective quantity of transfers allowed for the media data structure.
  - 5. The non-transitory computer-readable apparatus of claim 1, wherein the plurality of instructions are further configured to, when executed by the processor apparatus, based on a determination that the second computerized client device is associated with an extent of the right to receive the media data structure which does not meet or exceed the prescribed extent of the right to receive the media data structure, cause the first computerized client device to prevent the transmission of the copy of the media data structure, and transmit information to the second computerized client device to inform that the second computerized client device is not to receive the protected digital data content.
  - 6. The non-transitory computer-readable apparatus of claim 1, wherein the first and second portions of the content delivery network comprise a first discrete domain and a second discrete domain;
    - andwherein the first discrete domain comprises a computerized functional layer, the computerized functional layer being associated with a trusted domain secured by at least a network operator of the content delivery network, and the second discrete domain comprises another computerized functional layer outside of the trusted domain.

7. A method of protecting digital data content via a content delivery network comprising a first computerized client device and a second computerized client device, the method comprising:
- obtaining a rights data structure using at least a cryptographic element;
  
  based at least on a request from the second computerized client device;
  
  accessing the digital data content, the digital data content being associated with the rights data structure, andauthenticating the second computerized client device based at least on the rights data structure, where the authentication comprises a decryption of a digital signature via the cryptographic element from a storage apparatus associated with the first computerized client device, the digital signature being contained within a registration message retrievable by the first computerized client device, where the rights data structure is indicative of a plurality of restrictions corresponding to respective extents of a right to receive the digital data content by the second computerized client device;
  
  encrypting the rights data structure; and
  
  based on a determination that the second computerized client device is associated with an extent of the right to receive the digital data content which meets or exceeds a prescribed extent of the right to receive the digital data content, the authentication enabling at least the determination, transmitting to the second computerized client device (i) a copy of at least a portion of the digital data content, and (ii) an encrypted rights data structure.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7, wherein the second computerized client device comprises a portable media device configured to wirelessly communicate with the first computerized client device via at least the content delivery network.
  - 9. The method of claim 7, further comprising enabling the second computerized client device to (i) retrieve another cryptographic element from a data storage apparatus associated with the second computerized client device, and (ii) decrypt the copy of the at least portion of the digital data content and a data comprising the rights data structure.
  - 10. The method of claim 7, wherein the respective extents of the right to receive the digital data content comprise multiple security levels, the second computerized client device being associated with a security level;
    - andwherein the method further comprises determining, based on the registration message, the security level associated with the second computerized client device.
  - 11. The method of claim 7, further comprising evaluating the rights data structure, the evaluating comprising determining a minimum security level required for access to at least the portion of the digital data content;
    - wherein the determination that the second computerized client device is associated with the extent of the right to receive the digital data content which meets or exceeds the prescribed extent of the right to receive the digital data content comprises a determination that the second computerized client device meets or exceeds the determined minimum security level required for access to the at least portion of the digital data content.
  - 12. The method of claim 7, wherein the rights data structure comprises data representative of one or more limitations associated with transfer of the digital data content.
  - 13. The method of claim 7, wherein the first computerized client device is configured to be communicative with at least a first portion of the content delivery network, and the second computerized client device is configured to be communicative with at least a second portion of the content delivery network.
  - 14. The method of claim 13, wherein the first portion comprises a trusted domain secured by at least a network operator of the content delivery network, the trusted domain being exclusive of at least the second portion.

15. A computerized media device configured to protect digital data content, the computerized media device comprising:
- a data interface;
  
  a storage apparatus;
  
  a processor apparatus; and
  
  a non-transitory computer-readable apparatus in data communication with the processor apparatus and comprising a storage medium, the storage medium comprising a computer program having a plurality of instructions, the plurality of instructions being configured to, when executed by the processor apparatus, cause the computerized media device to;
  
  utilize a cryptographic element to yield a media data structure comprising the protected digital data content and a rights data structure, the cryptographic element being accessible at the storage apparatus;
  
  access the media data structure comprising the protected digital data content and the rights data structure;
  
  in response to a request for the protected digital data content from another computerized media device, authenticate the another computerized media device based at least on a rights data structure, the authentication comprising (i) access of a message from the another computerized media device, and (ii) decryption of a digital signature within the accessed message using the cryptographic element, the rights data structure being indicative of one or more limitations corresponding to respective extents of a right to receive the media data structure by the another computerized media device;
  
  encrypt the rights data structure using at least a cryptographic key; and
  
  based at least on a determination that the another computerized media device is associated with an extent of the right to receive the media data structure which meets or exceeds a prescribed extent of the right to receive the media data structure, the authentication enabling the determination, cause transmission to the another computerized media device of (i) a copy of at least a portion of the media data structure, and (ii) at least a portion of the rights data structure which has been encrypted.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computerized media device of claim 15, wherein:
    - the computerized media device and the another computerized media device are communicative with respective first and second portions of a content delivery network; and
      
      the second portion of the content delivery network comprises a computerized functional layer that is outside of a trusted domain, the trusted domain comprising a computerized functional layer secured by an operator of the content delivery network.
  - 17. The computerized media device of claim 15, wherein the plurality of instructions are further configured to, when executed by the processor apparatus, cause the computerized media device to, based on a determination that the another computerized media device is not associated with an extent of the right to receive the media data structure which meets or exceeds a prescribed extent of the right to receive the media data structure, prevent the transmission of the copy and the encrypted at least portion of the rights data structure.
  - 18. The computerized media device of claim 15, wherein the another computerized media device comprises a portable wireless device enabled for wireless data communication with the computerized media device.
  - 19. The computerized media device of claim 15, wherein:
    - the respective extents of the right to receive the media data structure comprise multiple security levels, the another computerized media device being associated with a prescribed security level; and
      
      the determination further comprises a determination of a minimum security level associated with the protected digital data content.
  - 20. The computerized media device of claim 15, wherein the rights data structure further comprises data indicative of one or more limitations, the one or more limitations comprising one or more of (i) a quantity of transfers allowed for the copy of the at least portion of the media data structure by the another computerized media device, or (ii) a duration of access allowed to the copy of the at least portion of the media data structure by the another computerized media device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Original Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Inventors
Helms, William L., Carlucci, John B., Hayashi, Michael T., Fahrny, James W.
Primary Examiner(s)
Ho, Dao Q

Application Number

US15/979,318
Publication Number

US 20180332327A1
Time in Patent Office

925 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

H04L 2209/60   Digital content management,...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3263   involving certificates, e.g...

H04N 21/2347   involving video stream encr...

H04N 21/23473   by pre-encrypting

H04N 21/2541   Rights Management protectin...

H04N 21/25816   involving client authentica...

H04N 21/26613   for generating or managing ...

H04N 21/4405   involving video stream decr...

H04N 21/4627   Rights management associate...

H04N 21/6334   for authorisation, e.g. by ...

H04N 21/63775   for uploading keys, e.g. fo...

H04N 21/6582   Data stored in the client, ...

H04N 21/8355   involving usage data, e.g. ...

H04N 7/1675   Providing digital key or au...

H04N 7/17318   Direct or substantially dir...

H04N 7/17354   in an intermediate station ...

Technique for securely communicating programming content

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

432 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Technique for securely communicating programming content

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

432 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others