Patent Grant
8296240
Computing devices have made significant contributions toward the advancement of modem society and are utilized in a number of applications to achieve advantageous results. Numerous devices, such as TVs, DVD players, game consoles, computers and the like have facilitated increased consumption of content in most, areas of entertainment, education, business and science. Computing devices have also made it faster, easier and cheaper to access content of all types in digital form. The convenience of having content, more readily accessible typically results in users accessing content more often and may also result in users acquiring ever-increasing amounts of content.
However, computing devices also make it easier, faster and cheaper to pirate digital media. Furthermore, unlike content on physical media such as paper and media in analog format, digital media may be exactly reproduced multiple times without degradation. To continue to make content more accessible and encourage greater use and consumption, protective schemes are employed against piracy of digital content while maintaining the accessibility of the content. Conventional protective schemes have included software based encryption and/or tamper-resistant hardware. The conventional protective schemes have also been specific to a particular platform. In addition, the conventional protective schemes are vulnerable to attack. For example, the software implementations can be bypassed, the encryption keys have been found in the clear or even hidden in the device's memory, and the like. Therefore, there is a continuing need for improved digital rights management schemes.
Embodiments of the present invention are directed toward digital rights management protection techniques locked to an encryption/decryption dongle. In one embodiment, a method of enforcing digital rights management includes receiving source encrypted content on an input device (e.g., DVD drive) of a computing device. The source encrypted content is transferred from the computing device to a dongle. The dongle translates a set of DRM rules associated with the source encrypted content to a set of rules associated with the dongle. The dongle also re-encrypts the source encrypted content into a managed copy of the content locked to the dongle. The managed copy of the content may then be transferred from the dongle to the computing device for storage locally on the computing device. The method may also include transferring the managed copy from the computing device back to the dongle. The dongle re-encrypts the managed copy of the content into a rendering copy of the content locked to a video card of the computing device. The rendering copy of the content may then be transferred from the dongle to the video card for rendering on a monitor.
In another embodiment, a method of enforcing digital rights management includes receiving source encrypted content on an input device (e.g., DVD drive) of a computing device. The source encrypted content is transferred from the computing device to a dongle. The dongle translates a set of DRM rules associated with the source encrypted content to a set of rules associated with the dongle. The dongle also re-encrypts the source encrypted content into a rendering copy of the content locked to a video card of the computing device. The rendering copy of the content may then be transferred from the dongle to the video card for rendering on a monitor.
In yet another embodiment, a dongle is adapted to be communicatively coupled to a personal computer, laptop computer, game console, home entertainment system, hand-held gaming unit, digital video recorder, personal digital assistant (PDA), cell phone, portable audio player (e.g., MP3 players), server computer, client computer, minicomputer, mainframe computer, distributed computer system and the like. The dongle includes a digital right management engine and an encryption/decryption engine. The digital rights management engine is adapted to port digital rights management rules associated with a source of content to digital rights management rules enforced by the digital rights management engine. The encryption/decryption engine is adapted to re-encrypting the source encrypted content into a managed copy of the content. Accordingly, the managed copy of the content is locked to the encryption/decryption engine.
Embodiments of the present technology are illustrated by way of example and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:
Reference will now be made in detail to the embodiments of the present technology, examples of which are illustrated in the accompanying drawings. While the present technology will be described in conjunction with these embodiments, it will be understood that they are not intended to limit the invention to these embodiments. On the contrary, the invention is intended to cover alternatives, modifications and equivalents, which may be included within the scope of the invention as defined by the appended claims. Furthermore, in the following detailed description of the present technology, numerous specific details are set forth in order to provide a thorough understanding of the present technology. However, it is understood that the present technology may be practiced without these specific details. In other instances, well-known methods, procedures, components, and circuits have not been described in detail as not to unnecessarily obscure aspects of the present technology.
Referring to
The computing device-readable media 115, 120 and I/O devices 125-150 may be communicatively coupled to the processor 110 by a chip set 155 and one or more busses. The chipset 155 acts as a simple input/output hub for communicating data and instructions between the processor 110, the computing device-readable media 115, 120, and I/O devices 125-150.
The computing device-readable media 115, 120 may include secondary memory, such as a magnetic and/or optical storage, that provides for non-volatile storage of
computing device-executable instructions and data for use by the computing device 100. For instance, a hard disk drive 120 may store the operating system (OS), one or more applications and associated data. The computing device-readable media 115, 120 may also include primary memory, such as the system memory 115 and/or graphics memory, which provides for volatile storage of computing device-executable instructions and data for use by the computing device 100. For instance, the random access memory (RAM) 115 may temporarily store a portion of the operating system, a portion of one or more applications and associated data that are currently used by the CPU 110, GPU and the like.
The computing device 100 may also include a dongle 160, which is a secure local re-encryption engine. The dongle 160 includes a signed digital certificate verifying its security. The dongle 160 may be removably coupleable (e.g., external peripheral device) to the computing device 100. For instance, the dongle 160 may be a small form factor peripheral that can be readily coupled to and uncoupled from a universal serial (USB) port, a FireWire port, or the like. The use of USB or FireWire advantageously provides power from the computing device 100 for operation of the dongle 160. In another implementation, the dongle may be integrally coupled to the computing device 100. For instance, the dongle 160 may be an internal peripheral device, or an integrated circuit within the chipset 155.
Referring now to
The interface controller 210 is adapted to receive source encrypted content from the computing device 100 and send a managed copy and or rendering copy to the computing device 100. The digital rights management (DRM) engine is adapted to port the DRM rules of the source content to the DRM rules enforced by the DRM engine so that the managed copy of the content is locked to the encryption/decryption engine of the given dongle. The DRM engine 220 in combination with the interface controller 210 may also be adapted to establish a secure communication channel. The establishing the secure communication channel may include sending and/or receiving authentication certificates, session keys or the like. In one implementation, the interface may be a USB. In such case the interface controller 210 would have a standard application programming interface (API) for creating the secure communication channel that included exchanging certificates and negotiating session keys. However, while the communication channel is maintained via software, neither the keys nor the content is available in the clear.
The encryption/decryption engine is adapted to decrypt the source encrypted content and re-encrypt the content into the managed copy. The dongle memory 240 is adapted to store one or more encryption keys, authentication certificates and the like for use by the digital rights management engine 220 and/or the encryption/decryption engine 230. The dongle memory 240 is also adapted to store the source content, the managed copy of the content and any content in the clear during processing by the encryption/decryption engine 230.
Operation of the computing device 100 in combination with the dongle 160 will be further described herein with reference to
At 315, the dongle 160 receives the source encrypted content 165 from the computing device 100. For instance, a DVD may be inserted into the DVD drive 150 of the computer 100. The source encrypted content 165 is transferred from the DVD to the dongle 160, In one implementation, the source encrypted content 165 is transferred across a secure communication channel negotiated between the input device (e.g., DVD drive 150) and the dongle 160.
The DRM engine 220 of the dongle 160 translates the DRM rules associated with the source encrypted content 165 into DRM rules associated with the dongle 160, at 320. The DRM rules associated with the dongle 160 enforce the protection policies specified in the DRM rules associated with the source encrypted content 165. The encryption/decryption engine 230 re-encrypts the source encrypted content into a managed copy of the content, at 325. In particular, the encryption/decryption engine 230 decrypts the source encrypted content into a clear copy of the content. The encryption/decryption engine 230 then encrypts the clear copy of the content into a dongle encrypted content, which is also referred herein to as the managed copy. The dongle memory 240 may he utilized to store the source encrypted content, the content in the clear between decryption and encryption and/or the managed copy of the content. However, the dongle memory 240 is not accessible from outside the dongle 160 and therefore the content is not available in the clear outside the dongle 160.
Referring now to
Accordingly, the source encrypted content is locked to the source media and the managed copy is locked to the dongle 160. The managed copy of the content 170 can be stored locally on the computing device 100. However, the managed copy of the content is protected because it can only be decrypted by the dongle 160. The metadata is maintained in the clear and can be used to manipulate the content, whether the content is source encrypted content, a managed copy of the content, or a rendering copy of the content.
The method may also include the computing device 100 sending the managed copy of the content 170 to the dongle 160, at 345. At 350, the dongle 160 receives the managed copy 170 from the computing device. For instance, the managed copy of the content 170 stored locally on the hard disk drive 120 may be transferred back to the dongle 160. In one implementation, the managed copy 170 is transferred across a secure communication channel negotiated between the computing device 100 and the dongle 160.
Referring now to
At 365, the rendering copy is sent by the dongle 160 to the computing device 100. At 370, the rendering copy is received by the computing device 100 from the dongle 160. At 375, the rendering copy may be used by the video card 125, GPU or the like to render the content on the monitor 130 or the like, including decrypting the rendering content. In one implementation, the rendering copy of the content is transferred across a secure communication channel negotiated between the dongle 160 and the video card 125, GPU or the like of the computing device 100.
Referring again to
rendering copy of the content, at 380. In particular, the encryption/decryption engine 230 decrypts the source encrypted content into a clear copy of the content. The encryption/decryption engine 230 then encrypts the clear copy of the content into a rendering encrypted copy of the content. For instance, the encryption/decryption engine 230 may encrypt the clear copy of the content using the public key of the video card 125, GPU or the like. The dongle memory 240 may be utilized to store the source encrypted content, the content in the clear between decryption and encryption, and the rendering copy of the content. However, the dongle memory 240 is not accessible from outside the dongle 160 and therefore the content is not available in the clear outside the dongle 160.
At 385, the rendering copy is sent by the dongle 160 to the computing device 100. At 390, the rendering copy is received by the computing device 100 from the dongle 160. At 395, the rendering copy may be used by the video card 125, GPU or the like to render the content on the monitor 130 or the like, perhaps sending the rendered content to the monitor over a secure link such as HDMI. In one implementation, the rendering copy of the content is transferred across a secure communication channel negotiated between the dongle 160 and the video card 125, GPU or the like.
Accordingly, the dongle advantageously encrypts content for storage local to a computing device as a managed copy and/or for rendering by the computing device. Only the encryption/decryption dongle can decrypt the managed copy. In addition, digital rights management (DRM) protection utilizing the encryption/decryption dongle is operating system (OS) independent, and therefore can advantageously be applied on Open Source platforms, Linux platforms, MAC-OS platforms, Windows/Vista platforms and the like. In addition, the content is locked to the dongle rather than the CPU, hard disk drive, motherboard or the like. Accordingly, if the CPU, hard disk drive, motherboard or the like is replaced (e.g., upgraded), the content can still be available via the dongle
The foregoing descriptions of specific embodiments of the present technology have been presented for purposes of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise forms disclosed, and obviously many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the present technology and its practical application, to thereby enable others skilled in the art to best utilize the present technology and various embodiments with various modifications as are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the Claims appended hereto and their equivalents.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5629980 | Stefik et al. | May 1997 | A |
| 5892900 | Ginter et al. | Apr 1999 | A |
| 6226618 | Downs et al. | May 2001 | B1 |
| 6230267 | Richards et al. | May 2001 | B1 |
| 6550001 | Corwin et al. | Apr 2003 | B1 |
| 6550011 | Sims, III | Apr 2003 | B1 |
| 6615347 | de Silva et al. | Sep 2003 | B1 |
| 6618808 | Johnson et al. | Sep 2003 | B1 |
| 6779115 | Naim | Aug 2004 | B1 |
| 6920567 | Doherty et al. | Jul 2005 | B1 |
| 6944766 | Hamada | Sep 2005 | B2 |
| 6944776 | Lockhart et al. | Sep 2005 | B1 |
| 6981262 | DeMello et al. | Dec 2005 | B1 |
| 7020704 | Lipscomb et al. | Mar 2006 | B1 |
| 7028009 | Wang et al. | Apr 2006 | B2 |
| 7028127 | Kang et al. | Apr 2006 | B2 |
| 7028187 | Rosen | Apr 2006 | B1 |
| 7136945 | Gibbs et al. | Nov 2006 | B2 |
| 7278165 | Molaro | Oct 2007 | B2 |
| 7415439 | Kontio et al. | Aug 2008 | B2 |
| 7426494 | Ohmori et al. | Sep 2008 | B2 |
| 7493291 | Simelius | Feb 2009 | B2 |
| 20020013940 | Tsukamoto et al. | Jan 2002 | A1 |
| 20020019814 | Ganesan | Feb 2002 | A1 |
| 20020032905 | Sherr et al. | Mar 2002 | A1 |
| 20020046181 | Story, Jr. et al. | Apr 2002 | A1 |
| 20020065780 | Barritz et al. | May 2002 | A1 |
| 20020083318 | Larose | Jun 2002 | A1 |
| 20020107941 | Katz et al. | Aug 2002 | A1 |
| 20020152393 | Thoma et al. | Oct 2002 | A1 |
| 20030004885 | Banerjee et al. | Jan 2003 | A1 |
| 20030014630 | Spencer et al. | Jan 2003 | A1 |
| 20030018491 | Nakahara et al. | Jan 2003 | A1 |
| 20030028639 | Yamamoto et al. | Feb 2003 | A1 |
| 20030046568 | Riddick et al. | Mar 2003 | A1 |
| 20030078891 | Capitant | Apr 2003 | A1 |
| 20030167392 | Fransdonk | Sep 2003 | A1 |
| 20030233561 | Ganesan et al. | Dec 2003 | A1 |
| 20040148424 | Berkson et al. | Jul 2004 | A1 |
| 20040168056 | Dillaway et al. | Aug 2004 | A1 |
| 20040171533 | Zehentner et al. | Sep 2004 | A1 |
| 20040172533 | DeMello et al. | Sep 2004 | A1 |
| 20040198494 | Nguyen | Oct 2004 | A1 |
| 20050137984 | Nguyen et al. | Jun 2005 | A1 |
| 20050210261 | Kamperman | Sep 2005 | A1 |
| 20050216763 | Lee et al. | Sep 2005 | A1 |
| 20050289072 | Sabharwal | Dec 2005 | A1 |
| 20060047603 | Fontijn | Mar 2006 | A1 |
| 20060059105 | Ebihara et al. | Mar 2006 | A1 |
| 20060069749 | Herz et al. | Mar 2006 | A1 |
| 20070038576 | Lee | Feb 2007 | A1 |
| 20070073694 | Picault et al. | Mar 2007 | A1 |
| 20070079380 | Kawaguchi et al. | Apr 2007 | A1 |
| 20070089151 | Moore et al. | Apr 2007 | A1 |
| 20070089174 | Bader et al. | Apr 2007 | A1 |
| 20070094737 | Larsson et al. | Apr 2007 | A1 |
| 20070219917 | Liu et al. | Sep 2007 | A1 |
| 20070255580 | Cole et al. | Nov 2007 | A1 |
| 20080071690 | Lee et al. | Mar 2008 | A1 |
| Number | Date | Country |
|---|---|---|
| 1473617 | Nov 2004 | EP |
| 001712978 | Dec 2006 | EP |
| 001045388 | Nov 2009 | EP |
| WO0106699 | Jan 2001 | WO |
| WO03019334 | Mar 2003 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20080235140 A1 | Sep 2008 | US |
