Method and apparatus for policy-based content sharing in a peer to peer manner using a hardware based root of trust
First Claim
1. A machine implemented method for operating a first client computing system to securely share content between the first client computing system and a second client computing system, comprising:
- receiving, by the first client computing system, from a service provider server, content requested by a user and an encrypted license blob associated with the content, the first client computing system having a first general purpose hardware processor and a first hardware security processor that includes first unique and privacy protected information of a first manufacturer of the first client computing system;
connecting, by the first client computing system, a first sharing agent operated by the first general purpose hardware processor with a second sharing agent operated by a second general purpose hardware processor on the second client computing system, the second client computing system, in addition to the second general purpose hardware processor, further including a second hardware security processor that includes second unique and privacy protected information of a second manufacturer of the second client computing system;
sending, by the first client computer system, the encrypted license blob and a sub-license request from the first sharing agent operated by the first general purpose hardware processor to the first hardware security processor on the first client computing system;
creating, by the first sharing agent of the first client computing system in cooperation with the second sharing agent of the second client computing system, a secure session between the first hardware security processor of the first client computing system and the second hardware security processor of the second client computing system, wherein the unique and privacy protected information of the first and second manufacturer provided to the first and second hardware security processors of the first and second client computing systems are used by the first and second client computing systems to build a hardware-based root of trust to establish trust between the first and second client computing systems;
decrypting, by the first client computing system, using the first hardware security processor, the encrypted license blob, and validating, by the first client computing system, using the first hardware security processor, the sub-license request, and on determination of allowance, creating, by the first client computing system, using the first hardware security processor, a sub-license to allow the second client computing system to play the content;
sending, by the first client computing system, using the first hardware security processor, the sub-license to the second hardware security processor on the second client computing system, wherein the second hardware security processor encrypts the sub-license and provides the encrypted sub-license to the second sharing agent; and
on sending the sub-license, providing, by the first client computing system, access to the content to the second client computing system.
1 Assignment
0 Petitions
Accused Products
Abstract
Securely sharing content between a first system and a second system is provided. A hardware-based root of trust is established between the first system and a server. Content requested by a user and an encrypted license blob associated with the content is received by the first system from the server. A first agent on the first system connects with a second agent on the second system. The encrypted license blob and a sub-license request are sent from the first agent to a security processor on the first system. The first security processor decrypts the encrypted license blob, validates the sub-license request, and if allowed, creates a sub-license to allow the second system to play the content. The first security processor sends the sub-license to a security processor on the second system. The first system provides access to the content to the second system for future playback according to the sub-license.
64 Citations
12 Claims
-
1. A machine implemented method for operating a first client computing system to securely share content between the first client computing system and a second client computing system, comprising:
-
receiving, by the first client computing system, from a service provider server, content requested by a user and an encrypted license blob associated with the content, the first client computing system having a first general purpose hardware processor and a first hardware security processor that includes first unique and privacy protected information of a first manufacturer of the first client computing system; connecting, by the first client computing system, a first sharing agent operated by the first general purpose hardware processor with a second sharing agent operated by a second general purpose hardware processor on the second client computing system, the second client computing system, in addition to the second general purpose hardware processor, further including a second hardware security processor that includes second unique and privacy protected information of a second manufacturer of the second client computing system; sending, by the first client computer system, the encrypted license blob and a sub-license request from the first sharing agent operated by the first general purpose hardware processor to the first hardware security processor on the first client computing system; creating, by the first sharing agent of the first client computing system in cooperation with the second sharing agent of the second client computing system, a secure session between the first hardware security processor of the first client computing system and the second hardware security processor of the second client computing system, wherein the unique and privacy protected information of the first and second manufacturer provided to the first and second hardware security processors of the first and second client computing systems are used by the first and second client computing systems to build a hardware-based root of trust to establish trust between the first and second client computing systems; decrypting, by the first client computing system, using the first hardware security processor, the encrypted license blob, and validating, by the first client computing system, using the first hardware security processor, the sub-license request, and on determination of allowance, creating, by the first client computing system, using the first hardware security processor, a sub-license to allow the second client computing system to play the content; sending, by the first client computing system, using the first hardware security processor, the sub-license to the second hardware security processor on the second client computing system, wherein the second hardware security processor encrypts the sub-license and provides the encrypted sub-license to the second sharing agent; and on sending the sub-license, providing, by the first client computing system, access to the content to the second client computing system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A first client computing system equipped to securely share content with a second client computing system having a second general purpose hardware processor, a second component, a second sharing agent operated by the second general purpose hardware processor, and a second hardware security processor having second unique and privacy protected information programmed of a second manufacturer of the second client computing system, the first client computing system comprising:
-
a first general purpose hardware processor; a first hardware security processor that includes unique and privacy protected information programmed by a first manufacturer of the first client computing system; a first component to receive from a service provider server content requested by a user and an encrypted license blob associated with the content; a first sharing agent operated by the first general purpose hardware processor to connect with the second sharing agent operated by the second general purpose hardware processor on the second client computing system, and to cooperate with the second sharing agent to establish a secure session between the first hardware security processor and the second hardware security processor of the second client computing system, the unique and privacy protected information of the first and second manufacturer provided to the first and second hardware security processors of the first and second client computing systems are used by the first and second client computing systems to build a hardware-based root of trust to establish trust between the first and second client computing systems; wherein the first hardware security processor is to decrypt the encrypted license blob, validate a sub-license request, and on determination of allowance, create a sub-license to allow the second client computing system to play the content, and to send the sub-license to a second hardware security processor on the second client computing system, wherein the second hardware security processor encrypts the sub-license and provide the encrypted sub-license to the second sharing agent; and wherein on sending of the sub-license, the first component is to provide access to the content to the second client computing system. - View Dependent Claims (8, 9, 10)
-
-
11. A non-transitory computer-readable storage medium comprising one or more instructions that when executed by a first general purpose hardware processor of a first client computing system causes the first client computing system to securely share content with a second client computing system, wherein to securely share content includes to:
-
receive from a service provider server content requested by a user and an encrypted license blob associated with the content, the first client computing system, in addition to the first general purpose hardware processor, having a first hardware security processor that includes first unique and privacy protected information of a first manufacturer of the first client computing system; connect a first sharing agent operated by the first general purpose hardware processor on the first client computing system with a second sharing agent operated by a second general purpose hardware processor on the second client computing system, the second client computing system, in addition to the second general purpose hardware processor, further including a second hardware security processor that includes second unique and privacy protected information of a second manufacturer of the second client computing system; sending the encrypted license blob and a sub-license request from the first sharing agent operated by the first general purpose hardware processor to the first hardware security processor on the first client computing system; creating, by the first sharing agent of the first client computing system in cooperation with the second sharing agent of the second client computing system, a secure session between the first hardware security processor of the first client computing system and the second hardware security processor of the second client computing system, wherein the unique and privacy protected information of the first and second manufacturers are used by the first and second client computing systems to build a hardware-based root of trust to establish trust between the first and second client computing systems; cause the decrypting of the encrypted license blob by the first hardware security processor, and validating the sub-license request by the first hardware security processor, and on determination of allowance, creating by the first hardware security processor a sub-license to allow the second client computing system to play the content, and cause the sending of the sub-license by the first hardware security processor to the second hardware security processor on the second client computing system, wherein the second hardware security processor encrypts the sub-license and provides the encrypted sub-license to the second sharing agent; and on sending the sub-license, provide access to the content to the second client computing system. - View Dependent Claims (12)
-
Specification