USRE47595EExpiredUtility

System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage state

51
Assignee: NOKIA TECHNOLOGIES OYPriority: Oct 18, 2001Filed: May 2, 2016Granted: Sep 3, 2019
Est. expiryOct 18, 2021(expired)· nominal 20-yr term from priority
G11B 20/0071H04N 2005/91335G11B 20/00884G11B 20/00768H04N 2005/91364H04H 20/31H04L 63/0428G11B 20/00181H04N 5/913G11B 20/00666G11B 20/0021H04L 2463/101G11B 20/00086G11B 20/00166G06F 21/10G06F 2221/0706G06F 2221/0737G06F 21/1012G06F 21/16
51
PatentIndex Score
0
Cited by
135
References
26
Claims

Abstract

A system and method is disclosed for allowing content providers to protect against widespread copying of their content, while enabling them to give their customers more freedom in the way they use the content. In accordance with one embodiment, content providers identify their content as protected by watermarking the content. Consumers use compliant devices to access protected content. All of a user's compliant devices, or all of a family's devices, can be organized into an authorized domain. This authorized domain is used by content providers to create a logical boundary in which they can allow users increased freedom to use their content.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A method, comprising: at a first device within an authorized domain, checking a usage state record contained in a voucher which accompanies a piece of encrypted content, the voucher including the usage state record and an encrypted content key; if wherein the usage state record is not unrestricted and allows copying: decrypting the encrypted content key with a device key; re-encrypting the decrypted content key with a public key of a target device within said authorized domain; updating the usage state record; and storing the re-encrypted content key and the updated usage state record in a re-targeted voucher; and determining to send the encrypted content and the re-targeted voucher to the target device. 
     
     
       2. The method of  claim 1  where the device key used to decrypt the encrypted content key is a private key of the first device. 
     
     
       3. The method of  claim 1  further comprising:
 receiving the encrypted content and re-targeted voucher at the target device; 
 decrypting the re-encrypted content key using a domain key; and 
 decrypting the encrypted content with the content key. 
 
     
     
       4. The method of  claim 3  further comprising:
 decrypting the re-encrypted content key with a private key of the target device. 
 
     
     
       5. The method of  claim 1  wherein the usage state record contains a budget of allowed copies and further comprising reducing the budget of allowed copies. 
     
     
       6. A method, comprising: at a first device within a first authorized domain, checking a usage state record contained in a voucher which accompanies a piece of encrypted content, the voucher including the usage state record and an encrypted content key; if wherein the usage state record or a domain traversal flag in said voucher indicates that inter- domain copying is allowed: decrypting the encrypted content key with a device key; re-encrypting the decrypted content key with a public key of a target device within a second authorized domain; updating the usage state record; and storing the re-encrypted content key and the updated usage state record in a re- targeted voucher; and determining to send the encrypted content and the re-targeted voucher to the target device. 
     
     
       7. The method of  claim 6  where the device key used to decrypt the encrypted content key is a private key of the first device. 
     
     
       8. The method of  claim 6  further comprising:
 protecting at least part of the re-targeted voucher using at least one of the following: 
 a cryptographic hashing function; and 
 a digital signature. 
 
     
     
       9. The method of  claim 6  wherein the usage state record contains a budget of allowed copies and further comprising reducing the budget of allowed copies. 
     
     
       10. An apparatus, comprising: a processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the processor, cause the apparatus at least to perform: at a first device within an authorized domain, check a usage state record contained in a voucher which accompanies a piece of encrypted content, the voucher including the usage state record and an encrypted content key; if wherein the usage state record is not unrestricted and allows copying: decrypt the encrypted content key with a device key; re-encrypt the decrypted content key with a public key of a target device within said authorized domain; update the usage state record; and store the re-encrypted content key and the updated usage state record in a re- targeted voucher; and determine to send the encrypted content and the re-targeted voucher to the target device. 
     
     
       11. The apparatus of  claim 10  where the device key used to decrypt the encrypted content key is a private key of the first device. 
     
     
       12. The apparatus of  claim 11  wherein the usage state record contains a budget of allowed copies and wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
 reduce the budget of allowed copies. 
 
     
     
       13. An apparatus, comprising: a processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the processor, cause the apparatus at least to perform: at a first device within a first authorized domain, check a usage state record contained in a voucher which accompanies a piece of encrypted content, the voucher including the usage state record and an encrypted content key; if wherein the usage state record or a domain traversal flag in said voucher indicates that inter-domain copying is allowed: decrypt the encrypted content key with a device key; re-encrypt the decrypted content key with a public key of a target device within a second authorized domain; update the usage state record; and store the re-encrypted content key and the updated usage state record in a re- targeted voucher; and determine to send the encrypted content and the re-targeted voucher to the target device. 
     
     
       14. The apparatus of  claim 13  where the device key used to decrypt the encrypted content key is a private key of the first device. 
     
     
       15. The apparatus of  claim 13 , wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
 protect at least part of the re-targeted voucher using at least one of the following:
 a cryptographic hashing function; and 
 a digital signature. 
 
 
     
     
       16. The apparatus of  claim 13  wherein the usage state record contains a budget of allowed copies and wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
 reduce the budget of allowed copies. 
 
     
     
       17. A computer program product comprising computer executable program code recorded on a non-transitory computer readable storage medium, the computer executable program code comprising: code for causing, at a first device within an authorized domain, check of a usage state record contained in a voucher which accompanies a piece of encrypted content, the voucher including the usage state record and an encrypted content key; code for causing if wherein the usage state record is not unrestricted and allows copying: decryption of the encrypted content key with a device key; re-encryption of the decrypted content key with a public key of a target device within said authorized domain; update of the usage state record; and store of the re-encrypted content key and the updated usage state record in a re- targeted voucher; and code for causing determination to send the encrypted content and the re-targeted voucher to the target device. 
     
     
       18. The computer program product of  claim 17  where the device key used to decrypt the encrypted content key is a private key of the first device. 
     
     
       19. The computer program product of  claim 17  wherein the usage state record contains a budget of allowed copies and wherein the computer executable program code further comprises code for causing reduction of the budget of allowed copies. 
     
     
       20. A computer program product comprising computer executable program code recorded on a non-transitory computer readable storage medium, the computer executable program code comprising: code for causing, at a first device within a first authorized domain, check of a usage state record contained in a voucher which accompanies a piece of encrypted content, the voucher including the usage state record and an encrypted content key; code for causing if wherein the usage state record or a domain traversal flag in said voucher indicates that inter-domain copying is allowed: decryption of the encrypted content key with a device key; re-encryption of the decrypted content key with a public key of a target device within a second authorized domain; update of the usage state record; and store of the re-encrypted content key and the updated usage state record in a re-targeted voucher; and code for causing determination to send the encrypted content and the re-targeted voucher to the target device. 
     
     
       21. The computer program product of  claim 20  where the device key used to decrypt the encrypted content key is a private key of the first device. 
     
     
       22. The computer program product of  claim 20  wherein the computer executable program code further comprises code for causing protection of at least part of the re-targeted voucher using at least one of the following:
 a cryptographic hashing function; and 
 a digital signature. 
 
     
     
       23. The computer program product of  claim 20  wherein the usage state record contains a budget of allowed copies and wherein the computer executable program code further comprises code for causing reduction of the budget of allowed copies. 
     
     
       24. A method of moving protected content between first and second authorized domains, comprising:
 determining, by a server, whether domain traversal is allowed for encrypted content associated with a voucher, the voucher including a domain traversal flag and an encrypted content key, the second authorized domain to receive the encrypted content from the first authorized domain and the first authorized domain being currently authorized to store the content;   wherein a usage state record and the domain traversal flag in the voucher indicates that inter- domain copying is allowed:
 decrypting, by the server, the encrypted content key with a private key of the server; 
 re-encrypting, by the server, the decrypted content key with a public key of a target device within the second authorized domain; 
 including, by the server, the domain traversal flag and the re-encrypted content key in a re-targeted voucher; and 
 sending, by the server, the re-targeted voucher to the target device to thereby enable the target device to decrypt the re-encrypted content key with its private key and decrypt the encrypted content received from the first domain, using the decrypted content key. 
   
     
     
       25. An apparatus for moving protected content between first and second authorized domains comprising:
 a processor, and   at least one memory including computer program code, the at least one memory and the computer program code configured to, with the processor, cause the apparatus at least to perform:   determining, by a server, whether domain traversal is allowed for encrypted content associated with a voucher, the voucher including a domain traversal flag and an encrypted content key, the second authorized domain to receive the encrypted content from the first authorized domain and the first authorized domain being currently authorized to store the content;   wherein a usage state record and the domain traversal flag in the voucher indicates that inter- domain copying is allowed:
 decrypting, by the server, the encrypted content key with a private key of the server; 
 re-encrypting, by the server, the decrypted content key with a public key of a target device within the second authorized domain; 
 including, by the server, the domain traversal flag and the re-encrypted content key in a re-targeted voucher; and 
 sending, by the server, the encrypted content and the re-targeted voucher to the target device to thereby enable the target device to decrypt the re-encrypted content key with its private key and decrypt the encrypted content received from the first domain, using the decrypted content key. 
   
     
     
       26. A computer program product comprising computer executable program code recorded on a non-transitory computer readable storage medium, the computer executable program code for moving protected content between first and second authorized domains, which when executed, performs steps comprising:
 causing determining, by a server, whether domain traversal is allowed for encrypted content associated with a voucher, the voucher including a domain traversal flag and an encrypted content key, the second authorized domain to receive the encrypted content from the first authorized domain and the first authorized domain being currently authorized to store the content;   wherein a usage state record and the domain traversal flag in the voucher indicates that inter- domain copying is allowed:
 causing decrypting, by the server, the encrypted content key with a private key of the server; 
 causing re-encrypting, by the server, the decrypted content key with a public key of a target device within the second authorized domain; 
 causing including, by the server, the domain traversal flag and the re-encrypted content key in a re-targeted voucher; and 
 causing sending, by the server, the encrypted content and the re-targeted voucher to the target device to thereby enable the target device to decrypt the re-encrypted content key with its private key and decrypt the encrypted content received from the first domain, using the decrypted content key.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.