US2012284804A1PendingUtilityA1

System and method for protecting digital contents with digital rights management (drm)

35
Assignee: LINDQUIST JOHANPriority: May 2, 2011Filed: May 2, 2011Published: Nov 8, 2012
Est. expiryMay 2, 2031(~4.8 yrs left)· nominal 20-yr term from priority
G06F 21/10H04L 63/0428
35
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

An approach for protecting digital contents includes a content delivery phase wherein a client stores digital contents or retrieves them in streaming, transmits to a user device the digital content in a protected format along with an enabling code for enabling the user device to access or read the protected digital content. The approach includes a key generation phase in a DRM (Digital Right Management) server which derives at least one key for encrypting the digital contents. A key transmission phase involves the derived key being transmitted from the DRM server to the client. For decrypting the digital content, the user device requests the key from the DRM server, with the request including a key identification defined by the enabling code transmitted by the client to the user device which is used by the DRM server to derive the key for the user device.

Claims

exact text as granted — not AI-modified
1 . A method for protecting digital contents comprising:
 a content delivery phase wherein a client stores digital content or receives streaming digital content, and transmits to a user device the digital content in a protected format along with an enabling code to enable the user device to access the protected digital content;   a key generation phase in a DRM (Digital Right Management) server which derives at least one key for protecting the digital contents; and   a key transmission phase wherein the derived key is transmitted from the DRM server to the client;   wherein, for unlocking the digital content, the user device requests the derived key from the DRM server, the request including a key identification defined by the enabling code transmitted by the client to the user device which is used by the DRM server to derive the key for the user device.   
     
     
         2 . The method according to  claim 1  wherein said key generation phase is requested from a DRM batch protector module of said client to said DRM server before encrypting the digital contents, the encryption of the digital contents being executed offline in said DRM batch protector module after receipt of the derived key from the DRM server as an encryption key. 
     
     
         3 . The method according to  claim 2  wherein said DRM batch protector module reads the digital contents from a local directory or from a URL (Uniform Resource Locator) and retrieves the encryption key from a key file provided to the DRM batch protector module by said DRM server with password protection. 
     
     
         4 . The method according to  claim 1  wherein the key generation phase comprises an execution of a SOAP (Simple Object Access Protocol) API (Application Programming Interface) in said DRM server, the SOAP API having in input an identifier of the digital content to be protected and a Crypto Period Number (CPN) associated to a number of segments in which the digital contents is transmitted, and in output a plurality of keys to be used for protecting the digital content in the plurality of segments. 
     
     
         5 . The method according to  claim 4  wherein a DRM batch protector module of said client transmits the CPN and the identifier of digital contents to the DRM server to obtain in response from the DRM server the plurality of keys, and wherein further keys are obtained by the DRM batch protector module transmitting an increased CPN to said DRM server. 
     
     
         6 . The method according to  claim 5  wherein said DRM batch protector module further provides to said DRM server a type of DRM protection used for protecting the digital content, the type including at least one of PlayReady, Windows Media DRM and Apple HTTP Streaming. 
     
     
         7 . The method according to  claim 1 , wherein said DRM server does not store but derives the at least one key with the key identification and an internal server table. 
     
     
         8 . The method according to  claim 1 , wherein the transmission of the derived key between said DRM server and said client is over one of a secure channel and a secure out-of-band channel. 
     
     
         9 . The method according to  claim 1 , wherein the transmission of the derived key between said DRM server and said client is password protected. 
     
     
         10 . The method according to  claim 1 , wherein the transmission of protected digital content from the client to the user device is streamed with each stream being separately encrypted before transmission. 
     
     
         11 . The method according to  claim 1 , wherein the transmission of protected digital contents from the client to the user device is in a single block stored in the client. 
     
     
         12 . The method according to  claim 1 , wherein the key is used only for a single communication session between the DRM server and the client, and then marked as used. 
     
     
         13 . The method according to  claim 1 , wherein the protected digital content is delivered to a content delivery network of said client, being one of a web server and an edge-caching network, for subsequent delivery to the user device. 
     
     
         14 . The method according to  claim 1 , wherein the user device consumes the key after accessing the protected digital content. 
     
     
         15 . A system for protecting digital contents comprising:
 a DRM (Digital Right Management) server configured to derive at least one key; and   a client configured to store digital content or receive streaming digital content to be protected, and configured to receive a derived key from said DRM server, and configured to transmit protected digital content to a user device including a key identification;   said DRM server configured to receive the key identification from the user device to derive the key for said user device.   
     
     
         16 . The system according to  claim 15  wherein said client includes a DRM batch protector module configured to request key generation from said DRM server before encrypting the digital content to be protected which is then performed offline in said DRM batch protector module after receipt of the derived key from the DRM server as an encryption key. 
     
     
         17 . The system according to  claim 16  wherein said DRM batch protector module is configured to read the digital content from a local directory or from a URL (Uniform Resource Locator) and retrieve the encryption key from a key file provided to the DRM batch protector module by said DRM server with password protection. 
     
     
         18 . The system according to  claim 15  wherein said DRM server is further configured to perform key generation including an execution of a SOAP (Simple Object Access Protocol) API (Application Programming Interface) having in input an identifier of the digital content to be protected and a Crypto Period Number (CPN) associated to a number of segments in which the digital content is transmitted, and in output a plurality of keys to be used for protecting the digital content in the number of segments. 
     
     
         19 . The system according to  claim 18  wherein said client includes a DRM batch protector module configured to transmit the CPN and the identifier of digital content to the DRM server to obtain in response from the DRM server the plurality of keys, and further configured to transmit an increased CPN to said DRM server to obtain additional keys. 
     
     
         20 . The system according to  claim 19  wherein said DRM batch protector module is further configured to provide to said DRM server a type of DRM protection used for protecting the digital content, the type including at least one of PlayReady, Windows Media DRM and Apple HTTP Streaming. 
     
     
         21 . The system according to  claim 15 , wherein said DRM server is configured to derive the at least one key with the key identification and an internal server table without storing the key. 
     
     
         22 . The system according to  claim 15 , wherein said DRM server is configured to transmit the derived key between to said client over one of a secure channel and a secure out-of-band channel. 
     
     
         23 . The system according to  claim 15 , wherein said DRM server is configured to transmit the derived key to said client as a password protected derived key. 
     
     
         24 . The system according to  claim 15 , wherein said client is configured to stream protected digital content to the user device with each stream being separately encrypted before transmission. 
     
     
         25 . The system according to  claim 15 , wherein said client is configured to transmit protected digital contents to the user device in a single block stored in the client.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.