MULTI-FACTOR CONTENT PROTECTION
First Claim
1. In a computing environment, a method of protecting content, the method comprising;
- at a recipient, wherein access to at least some content used by the recipient is managed by an access server, the access server configured to control the recipient'"'"'s use of managed content through interaction with a trusted agent tied to the recipient, receiving content from a publisher, wherein the content is encrypted to a content key, and wherein the content is associated with policy information, wherein the policy information comprises;
the content key for decrypting the content; and
wherein the policy information is encrypted to an access server key so that the policy information can be decrypted by the access server;
at the recipient, receiving from the access server, the content key, wherein the content key is encrypted to a trusted agent key such that the trusted agent can decrypt the content key, wherein the content key is further encrypted to at least one additional factor defining additional content protection beyond content protection provided by trusted agent;
at the recipient, decrypting the content key using the trusted agent key and the at least one additional factor; and
decrypting the content using the content key.
2 Assignments
0 Petitions
Accused Products
Abstract
Protecting content. A recipient receives content from a publisher. Some content is managed by an access server. The access server controls the recipient'"'"'s use of managed content through interaction with a trusted agent at the recipient. The content is encrypted to a content key, and the content is associated with policy information. The policy information includes the content key for decrypting the content. The policy information is encrypted to an access server key allowing the policy information to be decrypted by the access server. The content key is received from the access server. The content key is encrypted to a trusted agent key. The content key is further encrypted to additional factor(s) defining additional content protection beyond that provided by trusted agent. The content key is decrypted using the trusted agent key and the at least one additional factor. The content is decrypted using the content key.
26 Citations
20 Claims
-
1. In a computing environment, a method of protecting content, the method comprising;
-
at a recipient, wherein access to at least some content used by the recipient is managed by an access server, the access server configured to control the recipient'"'"'s use of managed content through interaction with a trusted agent tied to the recipient, receiving content from a publisher, wherein the content is encrypted to a content key, and wherein the content is associated with policy information, wherein the policy information comprises; the content key for decrypting the content; and wherein the policy information is encrypted to an access server key so that the policy information can be decrypted by the access server; at the recipient, receiving from the access server, the content key, wherein the content key is encrypted to a trusted agent key such that the trusted agent can decrypt the content key, wherein the content key is further encrypted to at least one additional factor defining additional content protection beyond content protection provided by trusted agent; at the recipient, decrypting the content key using the trusted agent key and the at least one additional factor; and decrypting the content using the content key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system comprising a recipient computer system, wherein the recipient computer system is configured to receive content from a publishing computer system, wherein the recipient computer system comprises:
-
a trusted agent, wherein the trusted agent comprises software or hardware which communicates with an access server to receive content usage restrictions for the content, wherein the trusted agent comprises a trusted agent key for decrypting data from the access server; a trusted application configured to communicate with the trusted agent to access content controlled by the access server; a factor key configured to decrypt data from the access server, the data comprising a content key for decrypting content from the publishing computer system; and a user key guarded by the trusted agent configured to decrypt data from the trusted agent. - View Dependent Claims (17, 18, 19)
-
-
20. A system for protecting content, the system comprising:
-
a publisher, wherein the publisher is configured to send encrypted content to recipients, the publisher further configured to send a content key used to decrypt the encrypted content, and policy defining how the encrypted content is allowed to be used, the policy further comprising a specification of one or more additional protection factors to protect the encrypted content; a recipient coupled to the publisher, the recipient configured to receive the content from the publisher, wherein the recipient further comprises a trusted agent configured to control how content is used at the recipient; and an access server coupled to the trusted agent of the recipient, the access server configured to receive the policy and the content key from the publisher and configured to provide access policy and the content key from the access server to the recipient through the trusted agent.
-
Specification