Method and device for providing access to encrypted content and generating a secure content package

US 20060080259A1
Filed: 07/27/2005
Published: 04/13/2006
Est. Priority Date: 07/30/2004
Status: Abandoned Application

First Claim

Patent Images

1. Method of providing access to encrypted content to one of a plurality of consumer systems, each consumer system being able to obtain a secure content package, including the encrypted content and an indication of a location from which to request a rights data object, and further including at least one device having access to a thus obtained secure content package and provided with an agent function enabling it to retrieve a rights data object from a device issuing rights data objects from the indicated location and for providing access to at least part of the encrypted content, the rights data object including at least content key information enabling decryption of at least part of the encrypted content and being cryptographically bound to at least the device to which it is issued, such that only devices with an agent function to which the rights data object has been bound are able to obtain the content key information, characterised by transferring a rights issuer module to a protected environment of a device for incorporation in the one consumer system, enabling the device, when operational in the consumer system, to generate at least one rights data object cryptographically bound to a requesting one of the devices in the consumer system provided with an agent function.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is described of providing access to encrypted content to one of a plurality of consumer systems. Each consumer system may be able to obtain a secure content package, including the encrypted content and an indication of a location from which to request a rights data object, and further including at least one device having access to a thus obtained secure content package and provided with an agent function enabling it to retrieve a rights data object from a device issuing rights data objects from the indicated location. A rights issuer module may be transferred to a protected environment of a device for incorporation in the one consumer system, enabling the device, when operational in the consumer system, to generate at least one rights data object cryptographically bound to a requesting one of the devices in the consumer system provided with an agent function.

97 Citations

View as Search Results

14 Claims

1. Method of providing access to encrypted content to one of a plurality of consumer systems, each consumer system being able to obtain a secure content package, including the encrypted content and an indication of a location from which to request a rights data object, and further including at least one device having access to a thus obtained secure content package and provided with an agent function enabling it to retrieve a rights data object from a device issuing rights data objects from the indicated location and for providing access to at least part of the encrypted content, the rights data object including at least content key information enabling decryption of at least part of the encrypted content and being cryptographically bound to at least the device to which it is issued, such that only devices with an agent function to which the rights data object has been bound are able to obtain the content key information, characterised by transferring a rights issuer module to a protected environment of a device for incorporation in the one consumer system, enabling the device, when operational in the consumer system, to generate at least one rights data object cryptographically bound to a requesting one of the devices in the consumer system provided with an agent function.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 9)
- - 2. Method according to claim 1, wherein the one consumer system includes an interface to an external communication network and wherein the consumer system is arranged to transfer data received through the interface to the device with the protected environment, wherein the rights issuer module is transferred via the communication network.
  - 3. Method according to claim 1, wherein the rights issuer module is transferred to a portable secure data processing device having an interface to a device in the consumer system.
  - 4. Method according to claim 3, wherein the rights issuer module is transferred to a portable secure device having an interface to a cellular telephone handset, preferably a Subscriber Identity Module Card.
  - 5. Method according to claim 1, including transferring further respective rights issuer modules to protected environments of further devices for incorporation in respective further consumer systems, each rights issuer module enabling the device to which it is transferred, when operational in one of the further consumer systems, to generate at least one rights data object cryptographically bound to a requesting one of the devices in the consumer system provided with an agent function.
  - 6. Method according to claim 1, wherein each device with an agent function is configured, when performing the agent function, to provide access to the encrypted content only in accordance with access rights included in the rights data object, which method includes transferring a rights issuer module enabling the device with the protected environment, when operational in the consumer system, to generate at least one rights data object, cryptographically bound to a requesting one of the devices in the consumer system provided with an agent function and including at least one access right.
  - 7. Method according to claim 1, including receiving a set of access conditions applicable to the one consumer system and configuring the rights issuer module in such a manner that a combination of access rights included in a set of one or more rights data objects issued to requesting devices in the one consumer system provided with an agent function complies with the set of access conditions applicable to the one consumer system.
  - 9. Data processing device according to claim 8, obtainable by execution of a method according to claim 1.

8. Data processing device for incorporation into one of a plurality of consumer systems, each consumer system being able to obtain a secure content package, including the encrypted content and an indication of a location from which to request a rights data object, and further including at least one device having access to a thus obtained secure content package and provided with an agent function enabling it to retrieve a rights data object from a device issuing rights data objects from the indicated location and for providing access to at least part of the encrypted content, the rights data object including at least content key information enabling decryption of at least part of the encrypted content and being cryptographically bound to at least the device to which it is issued, such that only devices with an agent function to which the rights data object has been bound are able to obtain the content key information, which data processing device includes a protected environment, characterised in that the data processing device further includes a rights issuer module, configured to run in the protected environment, and enabling the data processing device, when incorporated and operational in the consumer system, to generate at least one rights data object cryptographically bound to a requesting one of the devices in the consumer system provided with an agent function.
- View Dependent Claims (10)
- - 10. Computer program arranged, when loaded into a data processing device including a protected environment, to enable the data processing device to function as a data processing device according to claim 8.

11. Method of providing a secure content data package, including encrypted content data, for use by one of a plurality of consumer systems, each consumer system including at least an interface for obtaining the secure content data package from an external source, and further including at least one device having access to a thus obtained secure content data package and provided with an agent function enabling it to retrieve a rights data object from a device issuing rights data objects from an indicated location and for providing access to at least part of the encrypted content, the rights data object including at least content key information enabling decryption of at least part of the encrypted content data and being cryptographically bound to at least the device to which it is issued, such that only devices with an agent function to which the rights data object has been bound are able to obtain the content key information, wherein resource indicator data is provided with the encrypted content data, indicative of a location from which a device functioning as the rights issuer is issuing rights data objects, characterised by providing resource indicator data pointing to a location within the one consumer system.
- View Dependent Claims (14)
- - 14. Computer program arranged, when loaded into a data processing device, to enable the data processing device to execute a method according to claim 11.

12. Server for providing a secure content data package, including encrypted content data, for use by one of a plurality of consumer systems, wherein the server includes a network interface to a communications network and each consumer system includes at least an interface for obtaining the secure content data package via the communications network, and further includes at least one device having access to a thus obtained secure content data package and provided with an agent function enabling it to retrieve a rights data object from a device issuing rights data objects from an indicated location and for providing access to at least part of the encrypted content, the rights data object including at least content key information enabling decryption of at least part of the encrypted content data and being cryptographically bound to at least the device to which it is issued, such that only devices with an agent function to which the rights data object has been bound are able to obtain the content key information, wherein the server is configured to provide to the one consumer system resource indicator data with the encrypted content data, indicative of a location from which a device functioning as the rights issuer is issuing rights data objects, characterised in that the server is configured to provide with the encrypted content data resource indicator data pointing to a location within the one consumer system.

13. Signal carrying a secure content data package, including encrypted content data, for use by a consumer system including at least an interface for obtaining the secure content data package from an external source, and further including at least one device having access to a thus obtained secure content data package and provided with an agent function enabling it to retrieve a rights data object from a device issuing rights data objects from an indicated location and for providing access to at least part of the encrypted content, the rights data object including at least content key information enabling decryption of at least part of the encrypted content data and being cryptographically bound to at least the device to which it is issued, such that only devices with an agent function to which the rights data object has been bound are able to obtain the content key information, wherein the secure content data package includes resource indicator data, indicative of a location from which a device functioning as the rights issuer is issuing rights data objects, characterised in that the secure content data package further includes resource indicator data representative of a data path to a location within the consumer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Irdeto B.V. (MultiChoice Group Ltd.)
Original Assignee
Irdeto B.V. (MultiChoice Group Ltd.)
Inventors
Wajs, Andrew Augustine

Application Number

US11/191,524
Publication Number

US 20060080259A1
Time in Patent Office

Days
Field of Search
US Class Current

705/51
CPC Class Codes

G06F 21/10 Protecting distributed prog...

G06F 2221/2149 Restricted operating enviro...

Method and device for providing access to encrypted content and generating a secure content package

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and device for providing access to encrypted content and generating a secure content package

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links