P
USRE47730EExpiredUtilityPatentIndex 51

System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage state

Assignee: NOKIA TECHNOLOGIES OYPriority: Oct 18, 2001Filed: May 2, 2016Granted: Nov 12, 2019
Est. expiryOct 18, 2021(expired)· nominal 20-yr term from priority
Inventors:ALVE JUKKACHIU PETER KYAN ZHENGHIETASARKA JUHA
G11B 20/0021G11B 20/00166G11B 20/00181H04L 63/0428H04N 2005/91335G11B 20/00086H04N 2005/91364H04H 20/31G11B 20/00768G11B 20/0071H04N 5/913G11B 20/00884G11B 20/00666H04L 2463/101G06F 2221/0706G06F 2221/0737G06F 21/10G06F 21/1012G06F 21/16
51
PatentIndex Score
0
Cited by
126
References
31
Claims

Abstract

A system and method is disclosed for allowing content providers to protect against widespread copying of their content, while enabling them to give their customers more freedom in the way they use the content. In accordance with one embodiment, content providers identify their content as protected by watermarking the content. Consumers use compliant devices to access protected content. All of a user's compliant devices, or all of a family's devices, can be organized into an authorized domain. This authorized domain is used by content providers to create a logical boundary in which they can allow users increased freedom to use their content.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A method, comprising:
 at a first device within an authorized domain, checking a usage state record contained in a voucher which accompanies a piece of encrypted content, the voucher including the usage state record and an encrypted content key;   if the usage state record is not unrestricted and allows copying:
 decrypting the encrypted content key with a device key; 
 re-encrypting the decrypted content key with a public key of a target device within said authorized domain; 
 updating the usage state record; and 
 storing the re-encrypted content key and the updated usage state record in a re-targeted voucher; and 
 determining to send the encrypted content and the re-targeted voucher to the target device. 
   
     
     
       2. The method of  claim 1  where the device key used to decrypt the encrypted content key is a private key of the first device. 
     
     
       3. The method of  claim 1  further comprising:
 receiving the encrypted content and re-targeted voucher at the target device; 
 decrypting the re-encrypted content key using a domain key; and 
 decrypting the encrypted content with the content key. 
 
     
     
       4. The method of  claim 3  further comprising:
 decrypting the re-encrypted content key with a private key of the target device. 
 
     
     
       5. The method of  claim 1  wherein the usage state record contains a budget of allowed copies and further comprising reducing the budget of allowed copies. 
     
     
       6. A method, comprising:
 at a first device within a first authorized domain, checking a usage state record contained in a voucher which accompanies a piece of encrypted content, the voucher including the usage state record and an encrypted content key;   if the usage state record or a domain traversal flag in said voucher indicates that inter- domain copying is allowed:
 decrypting the encrypted content key with a device key; 
 re-encrypting the decrypted content key with a public key of a target device within a second authorized domain; 
   updating the usage state record; and   storing the re-encrypted content key and the updated usage state record in a re- targeted voucher; and   determining to send the encrypted content and the re-targeted voucher to the target device.   
     
     
       7. The method of  claim 6  where the device key used to decrypt the encrypted content key is a private key of the first device. 
     
     
       8. The method of  claim 6  further comprising:
 protecting at least part of the re-targeted voucher using at least one of the following: 
 a cryptographic hashing function; and 
 a digital signature. 
 
     
     
       9. The method of  claim 6  wherein the usage state record contains a budget of allowed copies and further comprising reducing the budget of allowed copies. 
     
     
       10. An apparatus, comprising:
 a processor; and   at least one memory including computer program code, the at least one memory and the computer program code configured to, with the processor, cause the apparatus at least to perform:   at a first device within an authorized domain, check a usage state record contained in a voucher which accompanies a piece of encrypted content, the voucher including the usage state record and an encrypted content key;   if the usage state record is not unrestricted and allows copying:
 decrypt the encrypted content key with a device key; 
 re-encrypt the decrypted content key with a public key of a target device within said authorized domain; 
 update the usage state record; and 
 store the re-encrypted content key and the updated usage state record in a re- targeted voucher; and 
   determine to send the encrypted content and the re-targeted voucher to the target device.   
     
     
       11. The apparatus of  claim 10  where the device key used to decrypt the encrypted content key is a private key of the first device. 
     
     
       12. The apparatus of  claim 11  wherein the usage state record contains a budget of allowed copies and wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
 reduce the budget of allowed copies. 
 
     
     
       13. An apparatus, comprising:
 a processor; and   at least one memory including computer program code, the at least one memory and the computer program code configured to, with the processor, cause the apparatus at least to perform:   at a first device within a first authorized domain, check a usage state record contained in a voucher which accompanies a piece of encrypted content, the voucher including the usage state record and an encrypted content key;   if the usage state record or a domain traversal flag in said voucher indicates that inter-domain copying is allowed:
 decrypt the encrypted content key with a device key; 
 re-encrypt the decrypted content key with a public key of a target device within a second authorized domain; 
 update the usage state record; and 
 store the re-encrypted content key and the updated usage state record in a re- targeted voucher; and 
   determine to send the encrypted content and the re-targeted voucher to the target device.   
     
     
       14. The apparatus of  claim 13  where the device key used to decrypt the encrypted content key is a private key of the first device. 
     
     
       15. The apparatus of  claim 13 , wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
 protect at least part of the re-targeted voucher using at least one of the following:
 a cryptographic hashing function; and 
 a digital signature. 
   
     
     
       16. The apparatus of  claim 13  wherein the usage state record contains a budget of allowed copies and wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
 reduce the budget of allowed copies. 
 
     
     
       17. A computer program product comprising computer executable program code recorded on a non-transitory computer readable storage medium, the computer executable program code comprising:
 code for causing, at a first device within an authorized domain, check of a usage state record contained in a voucher which accompanies a piece of encrypted content, the voucher including the usage state record and an encrypted content key;   code for causing if the usage state record is not unrestricted and allows copying:
 decryption of the encrypted content key with a device key; 
 re-encryption of the decrypted content key with a public key of a target device within said authorized domain; 
 update of the usage state record; and 
 store of the re-encrypted content key and the updated usage state record in a re- targeted voucher; and 
   code for causing determination to send the encrypted content and the re-targeted voucher to the target device.   
     
     
       18. The computer program product of  claim 17  where the device key used to decrypt the encrypted content key is a private key of the first device. 
     
     
       19. The computer program product of  claim 17  wherein the usage state record contains a budget of allowed copies and wherein the computer executable program code further comprises code for causing reduction of the budget of allowed copies. 
     
     
       20. A computer program product comprising computer executable program code recorded on a non-transitory computer readable storage medium, the computer executable program code comprising:
 code for causing, at a first device within a first authorized domain, check of a usage state record contained in a voucher which accompanies a piece of encrypted content, the voucher including the usage state record and an encrypted content key;   code for causing if the usage state record or a domain traversal flag in said voucher indicates that inter-domain copying is allowed:   decryption of the encrypted content key with a device key;   re-encryption of the decrypted content key with a public key of a target device within a second authorized domain;   update of the usage state record; and   store of the re-encrypted content key and the updated usage state record in a re-targeted voucher; and   code for causing determination to send the encrypted content and the re-targeted voucher to the target device.   
     
     
       21. The computer program product of  claim 20  where the device key used to decrypt the encrypted content key is a private key of the first device. 
     
     
       22. The computer program product of  claim 20  wherein the computer executable program code further comprises code for causing protection of at least part of the re-targeted voucher using at least one of the following:
 a cryptographic hashing function; and 
 a digital signature. 
 
     
     
       23. The computer program product of  claim 20  wherein the usage state record contains a budget of allowed copies and wherein the computer executable program code further comprises code for causing reduction of the budget of allowed copies. 
     
     
       24. A method comprising:
 providing, by a trust management provider server, certification that a new device to be added to an authorized domain, meets requirements of the authorized domain;   communicating, by the trust management provider server, with a content provider that dictates rules for the authorized domain for the new device for certifying that the new device meets requirements of having a domain key for the authorized domain, the content provider being a provider of a content key seed to encrypt with the domain key to generate a content key useable in the authorized domain;   determining, by the trust management provider server, that the new device has the domain key for the authorized domain; and   joining, by the trust management provider server, the new device into the authorized domain and maintaining the authorized domain, including replacing unusable content keys produced with content key seeds;   wherein the new device is the device of a user or a family or both, and wherein a content protection scheme is provided for any type of content or device, which enables a multitude of content providers and device manufacturers to implement the content protection scheme.   
     
     
       25. The method as claimed in claim 24, wherein the method further comprises:
 adding a domain traversal flag indicating whether out of domain transfer is allowed.   
     
     
       26. The method as claimed in claim 24, wherein the method further comprises:
 adding a usage state indicating ranging from unrestricted use, copying, moving or using is allowed.   
     
     
       27. The method as claimed in claim 24, wherein the method further comprises:
 organizing a user's devices within the authorized domain, or a family's devices within the authorized domain, for enabling the user's devices, or the family's devices to decrypt content keys encrypted with a domain key.   
     
     
       28. The method as claimed in claim 24, wherein the method further comprises:
 limiting a number of devices to include in the authorized domain.   
     
     
       29. The method as claimed in claim 24, wherein the method further comprises:
 limiting a total number of devices included in the authorized domain to devices that are owned by owners who are related to one another.   
     
     
       30. An apparatus comprising:
 a processor; and   at least one memory including computer program code, the at least one memory and the computer program code configured to, with the processor, cause the apparatus at least to perform:   providing, by a trust management provider server, certification that a new device to be added to an authorized domain, meets requirements of the authorized domain;   communicating, by the trust management provider server, with a content provider that dictates rules for the authorized domain for the new device for certifying that the new device meets requirements of having a domain key for the authorized domain, the content provider being a provider of a content key seed to encrypt with the domain key to generate a content key useable in the authorized domain;   determining, by the trust management provider server, that the new device has the domain key for the authorized domain; and   joining, by the trust management provider server, the new device into the authorized domain and maintaining the authorized domain, including replacing unusable content keys produced with content key seeds;   wherein the new device is the device of a user or a family or both, and wherein a content protection scheme is provided for any type of content or device, which enables a multitude of content providers and device manufacturers to implement the content protection scheme.   
     
     
       31. A computer program product comprising computer executable program code recorded on a non-transitory computer readable storage medium, the computer executable program code, which when executed, performs steps comprising:
 causing providing, by a trust management provider server, certification that a new device to be added to an authorized domain, meets requirements of the authorized domain;   causing communicating, by the trust management provider server, with a content provider that dictates rules for the authorized domain for the new device for certifying that the new device meets requirements of having a domain key for the authorized domain, the content provider being a provider of a content key seed to encrypt with the domain key to generate a content key useable in the authorized domain;   causing determining, by the trust management provider server, that the new device has the domain key for the authorized domain; and   causing joining, by the trust management provider server, the new device into the authorized domain and maintaining the authorized domain, including replacing unusable content keys produced with content key seeds;   wherein the new device is the device of a user or a family or both, and wherein a content protection scheme is provided for any type of content or device, which enables a multitude of content providers and device manufacturers to implement the content protection scheme.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.