Interpreter using cryptographic values of a playback device's keys to authorize the playback device
First Claim
1. A non-transitory computer-readable medium comprising:
- encrypted digital content, the encrypted digital content including representations of a plurality of versions of a plurality of regions of the encrypted digital content, each version of the plurality of versions being encrypted with a unique cryptographic key; and
program logic for processing by an interpreter in a playback device, including;
program logic configured to query said playback device to obtain the results of cryptographic computations performed by said playback device, where said cryptographic operations use a plurality of cryptographic keys, each cryptographic key of the plurality of cryptographic kegs corresponding to a unique version of the plurality of versions, the plurality of cryptographic keys not being accessible by said program logic;
program logic configured to determine whether playback is authorized to proceed on said playback device by using said obtained results; and
program logic configured to derive values of the plurality of cryptographic keys for decrypting a particular version of the plurality of versions and thereby enable playback of the particular version, if it is it determined that playback is authorized.
6 Assignments
0 Petitions
Accused Products
Abstract
In an exemplary embodiment, digital content is mastered as a combination of encrypted data and data processing operations that enable use in approved playback environments. Player devices having a processing environment compatible with the content'"'"'s data processing operations are able to decrypt and play the content. Players can also provide content with basic functions, such as loading data from media, performing network communications, determining playback environment configuration, controlling decryption/playback, and/or performing cryptographic operations using the player'"'"'s keys. These functions allow the content to implement and enforce its own security policies. If pirates compromise individual players or content titles, new content can be mastered with new security features that block the old attacks. A selective decryption capability can also be provided, enabling on-the-fly watermark insertion so that attacks can be traced back to a particular player. Features to enable migration from legacy formats are also provided.
52 Citations
24 Claims
-
1. A non-transitory computer-readable medium comprising:
-
encrypted digital content, the encrypted digital content including representations of a plurality of versions of a plurality of regions of the encrypted digital content, each version of the plurality of versions being encrypted with a unique cryptographic key; and program logic for processing by an interpreter in a playback device, including; program logic configured to query said playback device to obtain the results of cryptographic computations performed by said playback device, where said cryptographic operations use a plurality of cryptographic keys, each cryptographic key of the plurality of cryptographic kegs corresponding to a unique version of the plurality of versions, the plurality of cryptographic keys not being accessible by said program logic; program logic configured to determine whether playback is authorized to proceed on said playback device by using said obtained results; and program logic configured to derive values of the plurality of cryptographic keys for decrypting a particular version of the plurality of versions and thereby enable playback of the particular version, if it is it determined that playback is authorized. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A device for playing encrypted digital content, comprising:
-
an input interface usable to input said encrypted digital content and associated program logic, the encrypted digital content including representations of a plurality of versions of a plurality of regions of the encrypted digital content, each version of the plurality of versions being encrypted with a unique cryptographic key; a memory usable to store inputs read from said interface; a processor usable to read data from said interface and to store data in said memory; an interpreter, implemented using software executable on said processor and configured to interpret program logic read from said interface and stored in said memory; a cryptographic module; having access to a plurality of cryptographic keys, each cryptographic key of the plurality of cryptographic keys corresponding to a unique version of the plurality of versions; and configured to perform cryptographic processing using the plurality of cryptographic keys as directed by said program logic, such that said program logic can obtain the results of said cryptographic processing but cannot determine values of the plurality of cryptographic keys; and an output interface for outputting after decryption, a particular version of the plurality of versions by using the results of the cryptographic processing. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for playing encrypted digital content, the method comprising:
-
reading data from a medium, where said data incorporates processing instructions combined with encrypted digital content, the encrypted digital content including representations of a plurality of versions of a plurality of regions of the encrypted digital content, each version of the plurality of versions being encrypted with a unique cryptographic key; using an interpreter within a player device, performing said processing instructions; using cryptographic keys of a plurality of cryptographic keys in a cryptographic operation to produce a result, each cryptographic key of the plurality of cryptographic keys corresponding to a unique version of the plurality of versions, the plurality of cryptographic keys being accessible to said player device, returning the result to said processing instructions; using the result to decrypt said encrypted digital content; and outputting a representation of said decrypted digital content by using an output interface. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification