Digital rights management system and methods for accessing content from an intelligent storage

US 8,831,217 B2
Filed: 04/30/2012
Issued: 09/09/2014
Est. Priority Date: 04/10/2012
Status: Active Grant

First Claim

Patent Images

1. A storage device configured to provide content to a player system for rendering of the content, said storage device comprising:

a storage medium comprising a user area that is accessible by the player system and a non-user area that is not accessible by the player system; and

a controller comprising a cryptographic module providing a hardware root of trust and a secured memory, wherein the controller is configured to;

authenticate the player system;

establish a secured communication channel with the player system based on the authentication;

provide, to the player system, a first cryptographic key, wherein the first cryptographic key is unique to the storage device, the first cryptographic key based at least partly on defect information of the storage medium and cryptographic data stored on the non-user area;

provide, to the player system, a second cryptographic key that is associated with the content, wherein the second cryptographic key is based at least partly on cryptographic data previously obtained, over a communication network, from an audit system distinct from the player system; and

provide, to the player system, the content in encrypted form from the user area of the storage medium,wherein the content is accessible based on a cryptographic combination of the first cryptographic key and the second cryptographic key.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to accessing content stored on a storage device and protecting the content with a digital rights management (DRM) scheme. The storage device may be a disk drive, or network attached storage. The storage device can perform cryptographic operations and provide a hardware root of trust. The DRM employs a binding key, a content key, and an access key. The binding key binds the content to the storage device and is based on a key concealed on the storage device. The binding key itself is not stored anywhere on the storage device. The content key is a key assigned to the content. The access key is determined based on a cryptographic combination of the content key and binding key. In one embodiment, the content is encrypted based on the access key and stored in encrypted form in the storage device.

20 Citations

View as Search Results

22 Claims

1. A storage device configured to provide content to a player system for rendering of the content, said storage device comprising:
- a storage medium comprising a user area that is accessible by the player system and a non-user area that is not accessible by the player system; and
  
  a controller comprising a cryptographic module providing a hardware root of trust and a secured memory, wherein the controller is configured to;
  
  authenticate the player system;
  
  establish a secured communication channel with the player system based on the authentication;
  
  provide, to the player system, a first cryptographic key, wherein the first cryptographic key is unique to the storage device, the first cryptographic key based at least partly on defect information of the storage medium and cryptographic data stored on the non-user area;
  
  provide, to the player system, a second cryptographic key that is associated with the content, wherein the second cryptographic key is based at least partly on cryptographic data previously obtained, over a communication network, from an audit system distinct from the player system; and
  
  provide, to the player system, the content in encrypted form from the user area of the storage medium,wherein the content is accessible based on a cryptographic combination of the first cryptographic key and the second cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The storage device of claim 1, wherein the first cryptographic key is based on a key that is concealed in the storage device.
  - 3. The storage device of claim 2, wherein the cryptographic module stores the concealed key in a one-time-programmable, non-volatile memory in the secured memory.
  - 4. The storage device of claim 1, wherein the controller is configured to provide the first cryptographic key as an ephemeral key.
  - 5. The storage device of claim 1, wherein the defect information comprises data on manufacturing defects of the storage medium.
  - 6. The storage device of claim 1, wherein the storage medium comprises magnetic media.

7. A player system configured to play encrypted content, said system comprising:
- a first interface configured to communicate with a storage device storing encrypted content; and
  
  a processor configured to;
  
  authenticate the storage device;
  
  establish a secured communication channel with the storage device via the first interface;
  
  receive, from the storage device, a binding cryptographic key that is unique to the storage device, the binding cryptographic key based at least partly on defect information of a storage medium of the storage device;
  
  receive, from the storage device, a second cryptographic key that is associated with the content, wherein the second cryptographic key is based at least partly on cryptographic data previously obtained, over a communication network, from an audit system distinct from the player system;
  
  determine an access key for the content based on a cryptographic combination of the binding cryptographic key and the second cryptographic key;
  
  receive, from the storage device, the encrypted content; and
  
  decrypt the content based on the access key.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 8. The player system of claim 7, wherein the binding cryptographic key is based on a key that is concealed in the storage device.
  - 9. The player system of claim 7, wherein the processor is configured to authenticate the storage device based on a public key infrastructure.
  - 10. The player system of claim 7, wherein the processor is configured to mutually authenticate with the storage device based on a public key infrastructure.
  - 11. The player system of claim 7, wherein the processor is configured to receive an ephemeral binding cryptographic key based on a request sent to the storage device.
  - 12. The player system of claim 7, wherein the processor is configured to receive a temporary binding cryptographic key based on a request sent to the storage device.
  - 13. The player system of claim 7, wherein the processor is configured to determine an ephemeral access key based on the cryptographic combination of the binding cryptographic key and the second cryptographic key.
  - 14. The player system of claim 7, wherein the processor is configured to obtain a digital certificate for the content.
  - 15. The player system of claim 14, wherein the processor is configured to determine authorization for access to the content based on the digital certificate and the authentication of the storage device.
  - 16. The player system of claim 7, wherein the defect information comprises data on manufacturing defects of the storage medium.

17. A method of accessing encrypted content from a storage device, said method comprising:
- receiving, from the storage device, a binding cryptographic key that binds the content to the storage device, the binding cryptographic key based at least partly on defect information of a storage medium of the storage device;
  
  receiving, from the storage device, a second cryptographic key that is associated with the content, wherein the second cryptographic key is based at least partly on cryptographic data previously obtained, over a communication network, from an audit system distinct from a player system;
  
  determining an access key for the content based on a cryptographic combination of the binding cryptographic key and the second cryptographic key;
  
  receiving, from the storage device, the encrypted content; and
  
  decrypting the content based on the access key.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The method of claim 17, wherein the binding cryptographic key is based on a key that is concealed in the storage device.
  - 19. The method of claim 17, wherein authenticating the storage device comprises mutually authenticating with the storage device based on a public key infrastructure.
  - 20. The method of claim 17, wherein receiving the binding cryptographic key comprises receiving an ephemeral binding cryptographic key based on a request sent to the storage device.
  - 21. The method of claim 17, wherein determining the access key comprises determining an ephemeral access key based on the cryptographic combination of the binding cryptographic key and the second cryptographic key.
  - 22. The method of claim 17, wherein the defect information comprises manufacturing defects of the storage medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
Western Digital Technologies Incorporated (Western Digital Corporation)
Inventors
Blankenbeckler, David L., Ybarra, Danny, Hesselink, Lambertus
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US13/460,616
Publication Number

US 20130268771A1
Time in Patent Office

862 Days
Field of Search

713/189, 380/201, 380/202, 726/26, 705/57
US Class Current

380/201
CPC Class Codes

G06F 21/1014   to tokens

G06F 21/602   Providing cryptographic fac...

G06F 21/71   to assure secure computing ...

G06F 2221/2107   File encryption

G11B 20/00115   wherein the record carrier ...

G11B 20/00123   the record carrier being id...

G11B 20/00137   involving measures which re...

G11B 20/00246   wherein the key is obtained...

H04L 2209/603   Digital right managament [DRM]

H04L 9/006   involving public key infras...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/321   involving a third party or ...

Digital rights management system and methods for accessing content from an intelligent storage

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Digital rights management system and methods for accessing content from an intelligent storage

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links