Method and apparatus for policy-based content sharing in a peer to peer manner using a hardware based root of trust

US 9,990,473 B2
Filed: 12/08/2011
Issued: 06/05/2018
Est. Priority Date: 12/08/2011
Status: Active Grant

First Claim

Patent Images

1. A machine implemented method for operating a first client computing system to securely share content between the first client computing system and a second client computing system, comprising:

receiving, by the first client computing system, from a service provider server, content requested by a user and an encrypted license blob associated with the content, the first client computing system having a first general purpose hardware processor and a first hardware security processor that includes first unique and privacy protected information of a first manufacturer of the first client computing system;

connecting, by the first client computing system, a first sharing agent operated by the first general purpose hardware processor with a second sharing agent operated by a second general purpose hardware processor on the second client computing system, the second client computing system, in addition to the second general purpose hardware processor, further including a second hardware security processor that includes second unique and privacy protected information of a second manufacturer of the second client computing system;

sending, by the first client computer system, the encrypted license blob and a sub-license request from the first sharing agent operated by the first general purpose hardware processor to the first hardware security processor on the first client computing system;

creating, by the first sharing agent of the first client computing system in cooperation with the second sharing agent of the second client computing system, a secure session between the first hardware security processor of the first client computing system and the second hardware security processor of the second client computing system, wherein the unique and privacy protected information of the first and second manufacturer provided to the first and second hardware security processors of the first and second client computing systems are used by the first and second client computing systems to build a hardware-based root of trust to establish trust between the first and second client computing systems;

decrypting, by the first client computing system, using the first hardware security processor, the encrypted license blob, and validating, by the first client computing system, using the first hardware security processor, the sub-license request, and on determination of allowance, creating, by the first client computing system, using the first hardware security processor, a sub-license to allow the second client computing system to play the content;

sending, by the first client computing system, using the first hardware security processor, the sub-license to the second hardware security processor on the second client computing system, wherein the second hardware security processor encrypts the sub-license and provides the encrypted sub-license to the second sharing agent; and

on sending the sub-license, providing, by the first client computing system, access to the content to the second client computing system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Securely sharing content between a first system and a second system is provided. A hardware-based root of trust is established between the first system and a server. Content requested by a user and an encrypted license blob associated with the content is received by the first system from the server. A first agent on the first system connects with a second agent on the second system. The encrypted license blob and a sub-license request are sent from the first agent to a security processor on the first system. The first security processor decrypts the encrypted license blob, validates the sub-license request, and if allowed, creates a sub-license to allow the second system to play the content. The first security processor sends the sub-license to a security processor on the second system. The first system provides access to the content to the second system for future playback according to the sub-license.

64 Citations

View as Search Results

12 Claims

1. A machine implemented method for operating a first client computing system to securely share content between the first client computing system and a second client computing system, comprising:
- receiving, by the first client computing system, from a service provider server, content requested by a user and an encrypted license blob associated with the content, the first client computing system having a first general purpose hardware processor and a first hardware security processor that includes first unique and privacy protected information of a first manufacturer of the first client computing system;
  
  connecting, by the first client computing system, a first sharing agent operated by the first general purpose hardware processor with a second sharing agent operated by a second general purpose hardware processor on the second client computing system, the second client computing system, in addition to the second general purpose hardware processor, further including a second hardware security processor that includes second unique and privacy protected information of a second manufacturer of the second client computing system;
  
  sending, by the first client computer system, the encrypted license blob and a sub-license request from the first sharing agent operated by the first general purpose hardware processor to the first hardware security processor on the first client computing system;
  
  creating, by the first sharing agent of the first client computing system in cooperation with the second sharing agent of the second client computing system, a secure session between the first hardware security processor of the first client computing system and the second hardware security processor of the second client computing system, wherein the unique and privacy protected information of the first and second manufacturer provided to the first and second hardware security processors of the first and second client computing systems are used by the first and second client computing systems to build a hardware-based root of trust to establish trust between the first and second client computing systems;
  
  decrypting, by the first client computing system, using the first hardware security processor, the encrypted license blob, and validating, by the first client computing system, using the first hardware security processor, the sub-license request, and on determination of allowance, creating, by the first client computing system, using the first hardware security processor, a sub-license to allow the second client computing system to play the content;
  
  sending, by the first client computing system, using the first hardware security processor, the sub-license to the second hardware security processor on the second client computing system, wherein the second hardware security processor encrypts the sub-license and provides the encrypted sub-license to the second sharing agent; and
  
  on sending the sub-license, providing, by the first client computing system, access to the content to the second client computing system.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the encrypted license blob comprises sub-license information, the sub-license information comprising policies defining restrictions on sharing the content between the client computing systems.
  - 3. The method of claim 1, wherein creating a secure session comprises using a trusted system attestation protocol with privacy provision.
  - 4. The method claim 1, further comprising modifying the license blob, by the first client computing system, using the first hardware security processor, to reflect sharing of the content;
    - re-encrypting, by the first client computing system, using the first hardware security processor, the license blob, and retuning, by the first client computing system, using the first hardware security processor, the re-encrypted license blob to the first sharing agent, when a sub-license transfer is successful.
  - 5. The method of claim 1, whereinthe second client computing system, using the second sharing agent, stores the encrypted sub-license in a memory of the second client computing system.
  - 6. The method of claim 1, wherein on access of the content, the second client computing system plays the content according to the sub-license.

7. A first client computing system equipped to securely share content with a second client computing system having a second general purpose hardware processor, a second component, a second sharing agent operated by the second general purpose hardware processor, and a second hardware security processor having second unique and privacy protected information programmed of a second manufacturer of the second client computing system, the first client computing system comprising:
- a first general purpose hardware processor;
  
  a first hardware security processor that includes unique and privacy protected information programmed by a first manufacturer of the first client computing system;
  
  a first component to receive from a service provider server content requested by a user and an encrypted license blob associated with the content;
  
  a first sharing agent operated by the first general purpose hardware processor to connect with the second sharing agent operated by the second general purpose hardware processor on the second client computing system, and to cooperate with the second sharing agent to establish a secure session between the first hardware security processor and the second hardware security processor of the second client computing system, the unique and privacy protected information of the first and second manufacturer provided to the first and second hardware security processors of the first and second client computing systems are used by the first and second client computing systems to build a hardware-based root of trust to establish trust between the first and second client computing systems;
  
  wherein the first hardware security processor is to decrypt the encrypted license blob, validate a sub-license request, and on determination of allowance, create a sub-license to allow the second client computing system to play the content, and to send the sub-license to a second hardware security processor on the second client computing system, wherein the second hardware security processor encrypts the sub-license and provide the encrypted sub-license to the second sharing agent; and
  
  wherein on sending of the sub-license, the first component is to provide access to the content to the second client computing system.
- View Dependent Claims (8, 9, 10)
- - 8. The first client computing system of claim 7, wherein the encrypted license blob comprises sub-license information, the sub-license information comprising policies defining restrictions on sharing the content between the client computing systems.
  - 9. The first client computing system of claim 7, wherein the first and second sharing agents are to create the secure session using a trusted system attestation protocol with privacy provision.
  - 10. The first client computing system of claim 7, wherein the first hardware security processor is to modify the license blob to reflect sharing of the content, re-encrypt the license blob, and return the re-encrypted license blob to the first sharing agent, when a sub-license transfer is successful.

11. A non-transitory computer-readable storage medium comprising one or more instructions that when executed by a first general purpose hardware processor of a first client computing system causes the first client computing system to securely share content with a second client computing system, wherein to securely share content includes to:
- receive from a service provider server content requested by a user and an encrypted license blob associated with the content, the first client computing system, in addition to the first general purpose hardware processor, having a first hardware security processor that includes first unique and privacy protected information of a first manufacturer of the first client computing system;
  
  connect a first sharing agent operated by the first general purpose hardware processor on the first client computing system with a second sharing agent operated by a second general purpose hardware processor on the second client computing system, the second client computing system, in addition to the second general purpose hardware processor, further including a second hardware security processor that includes second unique and privacy protected information of a second manufacturer of the second client computing system;
  
  sending the encrypted license blob and a sub-license request from the first sharing agent operated by the first general purpose hardware processor to the first hardware security processor on the first client computing system;
  
  creating, by the first sharing agent of the first client computing system in cooperation with the second sharing agent of the second client computing system, a secure session between the first hardware security processor of the first client computing system and the second hardware security processor of the second client computing system, wherein the unique and privacy protected information of the first and second manufacturers are used by the first and second client computing systems to build a hardware-based root of trust to establish trust between the first and second client computing systems;
  
  cause the decrypting of the encrypted license blob by the first hardware security processor, and validating the sub-license request by the first hardware security processor, and on determination of allowance, creating by the first hardware security processor a sub-license to allow the second client computing system to play the content, and cause the sending of the sub-license by the first hardware security processor to the second hardware security processor on the second client computing system, wherein the second hardware security processor encrypts the sub-license and provides the encrypted sub-license to the second sharing agent; and
  
  on sending the sub-license, provide access to the content to the second client computing system.
- View Dependent Claims (12)
- - 12. The computer-readable storage medium of claim 11, wherein the encrypted license blob comprises sub-license information, the sub-license information comprising policies defining restrictions on sharing the content between the client computing systems.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Mirashrafi, Mojtaba, Hazra, Mousumi M., Pendakur, Ramesh, Nemiroff, Daniel
Primary Examiner(s)
Obeid, Mamon

Application Number

US13/997,320
Publication Number

US 20130283392A1
Time in Patent Office

2,371 Days
Field of Search

705 51, 705 59, 726 29, 726 30
US Class Current
CPC Class Codes

G06F 21/1085   Content sharing, e.g. peer-...

G06F 21/1087   Synchronisation

G06F 21/109   by using specially-adapted ...

Method and apparatus for policy-based content sharing in a peer to peer manner using a hardware based root of trust

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for policy-based content sharing in a peer to peer manner using a hardware based root of trust

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links