MULTI-FACTOR CONTENT PROTECTION

US 20090097660A1
Filed: 10/11/2007
Published: 04/16/2009
Est. Priority Date: 10/11/2007
Status: Active Grant

First Claim

Patent Images

1. In a computing environment, a method of protecting content, the method comprising;

at a recipient, wherein access to at least some content used by the recipient is managed by an access server, the access server configured to control the recipient'"'"'s use of managed content through interaction with a trusted agent tied to the recipient, receiving content from a publisher, wherein the content is encrypted to a content key, and wherein the content is associated with policy information, wherein the policy information comprises;

the content key for decrypting the content; and

wherein the policy information is encrypted to an access server key so that the policy information can be decrypted by the access server;

at the recipient, receiving from the access server, the content key, wherein the content key is encrypted to a trusted agent key such that the trusted agent can decrypt the content key, wherein the content key is further encrypted to at least one additional factor defining additional content protection beyond content protection provided by trusted agent;

at the recipient, decrypting the content key using the trusted agent key and the at least one additional factor; and

decrypting the content using the content key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Protecting content. A recipient receives content from a publisher. Some content is managed by an access server. The access server controls the recipient'"'"'s use of managed content through interaction with a trusted agent at the recipient. The content is encrypted to a content key, and the content is associated with policy information. The policy information includes the content key for decrypting the content. The policy information is encrypted to an access server key allowing the policy information to be decrypted by the access server. The content key is received from the access server. The content key is encrypted to a trusted agent key. The content key is further encrypted to additional factor(s) defining additional content protection beyond that provided by trusted agent. The content key is decrypted using the trusted agent key and the at least one additional factor. The content is decrypted using the content key.

26 Citations

View as Search Results

20 Claims

1. In a computing environment, a method of protecting content, the method comprising;
- at a recipient, wherein access to at least some content used by the recipient is managed by an access server, the access server configured to control the recipient'"'"'s use of managed content through interaction with a trusted agent tied to the recipient, receiving content from a publisher, wherein the content is encrypted to a content key, and wherein the content is associated with policy information, wherein the policy information comprises;
  
  the content key for decrypting the content; and
  
  wherein the policy information is encrypted to an access server key so that the policy information can be decrypted by the access server;
  
  at the recipient, receiving from the access server, the content key, wherein the content key is encrypted to a trusted agent key such that the trusted agent can decrypt the content key, wherein the content key is further encrypted to at least one additional factor defining additional content protection beyond content protection provided by trusted agent;
  
  at the recipient, decrypting the content key using the trusted agent key and the at least one additional factor; and
  
  decrypting the content using the content key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the at least one factor is specified in the policy information.
  - 3. The method of claim 2, wherein the at least one factor is specified generically as a class of factors.
  - 4. The method of claim 2, wherein the at least one factor is explicitly specified.
  - 5. The method of claim 2, wherein the at least one factor is implicitly determined by a classification of at least a portion of the content.
  - 6. The method of claim 1, wherein the policy information specifies use restrictions for the content.
  - 7. The method of claim 1, wherein the content key is encrypted to at least one factor by encrypting the content key to one or more keys corresponding to one or more factors.
  - 8. The method of claim 1, wherein the content key is encrypted to at least one factor by encrypting the content key to a single key derived from multiple factors.
  - 9. The method of claim 1, wherein decrypting the content using the content key and the at least one factor comprises the trusted agent using the trusted agent key to decrypt a user key, and using the user key to decrypt the content key from the access server.
  - 10. The method of claim 1, wherein receiving from the access server, the content key, comprises receiving an authorization token specifying usage restrictions on the content, and wherein the usage restrictions are enforced by the trusted agent.
  - 11. The method of claim 1, further comprising an application at the recipient using the decrypted content, wherein the application'"'"'s use of the content is limited based on the factor or factors used to decrypt the content.
  - 12. The method of claim 1, wherein a user'"'"'s use of the content is limited based on the factor or factors used to decrypt the content.
  - 13. The method of claim 1, wherein the content key is only enabled to decrypt a specified portion or portions of the content as defined by policy based on the available additional factor factors.
  - 14. The method of claim 1, further comprising, at the recipient:
    - receiving the policy information encrypted to the access server key; and
      
      sending the policy information encrypted to the access server key to the access server.
  - 15. The method of claim 1, wherein receiving from the access server, the content key, comprises receiving the content key from one or more intermediaries that receive the content key from the access server.

16. A system comprising a recipient computer system, wherein the recipient computer system is configured to receive content from a publishing computer system, wherein the recipient computer system comprises:
- a trusted agent, wherein the trusted agent comprises software or hardware which communicates with an access server to receive content usage restrictions for the content, wherein the trusted agent comprises a trusted agent key for decrypting data from the access server;
  
  a trusted application configured to communicate with the trusted agent to access content controlled by the access server;
  
  a factor key configured to decrypt data from the access server, the data comprising a content key for decrypting content from the publishing computer system; and
  
  a user key guarded by the trusted agent configured to decrypt data from the trusted agent.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16, wherein the factor key corresponds to a factor specified by the publisher.
  - 18. The system of claim 17, wherein the factor key is specified generically by the publisher as a class of factors.
  - 19. The system of claim 17, wherein the factor key is explicitly specified by the publisher.

20. A system for protecting content, the system comprising:
- a publisher, wherein the publisher is configured to send encrypted content to recipients, the publisher further configured to send a content key used to decrypt the encrypted content, and policy defining how the encrypted content is allowed to be used, the policy further comprising a specification of one or more additional protection factors to protect the encrypted content;
  
  a recipient coupled to the publisher, the recipient configured to receive the content from the publisher, wherein the recipient further comprises a trusted agent configured to control how content is used at the recipient; and
  
  an access server coupled to the trusted agent of the recipient, the access server configured to receive the policy and the content key from the publisher and configured to provide access policy and the content key from the access server to the recipient through the trusted agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Malaviarachchi, Rushmi U., Cross, David B., Kamat, Mayur

Granted Patent

US 8,059,820 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/279
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06Q 20/3829   involving key management

H04L 2209/60   Digital content management,...

H04L 9/083   involving central third par...

MULTI-FACTOR CONTENT PROTECTION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MULTI-FACTOR CONTENT PROTECTION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links