Claims
- 1. A method for a publishing user to publish digital content and issue to itself a corresponding digital publisher license to allow itself to render the published digital content, the publishing user being supplied with a publishing certificate from a digital rights management (DRM) server, the publishing certificate having a public key (PU-OLP), and a corresponding private key (PR-OLP) encrypted by a public key associated with the publishing user (PU-ENTITY) to form (PU-ENTITY(PR-OLP)), the method comprising:
developing the content and encrypting the developed content according to a content key (CK); creating a rights label for the encrypted content with (CK) encrypted by a public key of the DRM server (PU-DRM) to form (PU-DRM(CK)); retrieving (PU-ENTITY(PR-OLP)) from the publishing certificate; applying a private key (PR-ENTITY) corresponding to (PU-ENTITY) to (PU-ENTITY(PR-OLP)) to obtain (PR-OLP); signing the created rights label with (PR-OLP) to create a signed rights label (SRL); concatenating the created SRL and the publishing certificate to the encrypted content to form a content package distributable to another user, the another user having to contact the DRM server to obtain a corresponding license with (CK) to render the encrypted content therein, only such DRM server having a private key (PR-DRM) corresponding to (PU-DRM) and being able to apply (PR-DRM) to (PU-DRM(CK)) to obtain (CK); creating license data corresponding to the content package with (CK) encrypted by a (PU-ENTITY) to form (PU-ENTITY(CK)); signing the created license data with (PR-OLP) to create the publisher license; and attaching the publishing certificate to the publisher license, whereby only the publishing user having (PR-ENTITY) corresponding to (PR-ENTITY) can apply such (PR-ENTITY) to (PU-ENTITY(CK)) from the publisher license to obtain (CK) and thereby decrypt the encrypted content therewith for rendering.
- 2. The method of claim 1 wherein the publishing certificate further has a digital signature from the DRM server and is accompanied by a chain of certificates leading back to a root authority, the method comprising:
verifying the publishing certificate based on the signature thereof and the chain of certificates leading back to the root authority and retrieving (PU-ENTITY(PR-OLP)) from the verified publishing certificate; concatenating the created SRL and the publishing certificate and accompanying chain of certificates to the encrypted content to form a content package distributable to another user; and attaching the publishing certificate and accompanying chain of certificates to the publisher license, whereby the content package, the publisher license, and the publishing certificate in combination form a chain of digital items back to the root authority.
- 3. The method of claim 1 comprising creating the rights label for the encrypted content with (PU-DRM(CK)) and with rights data specifying rights and conditions that must be satisfied to allow rendering of the content.
- 4. The method of claim 3 comprising creating the rights label for the encrypted content with (PU-DRM(CK)) and with the rights data in an encrypted form.
- 5. The method of claim 1 comprising creating the license data corresponding to the content package with (PU-ENTITY(CK)) and with rights data specifying rights and conditions that must be satisfied to allow rendering of the content.
- 6. The method of claim 5 comprising creating the license data corresponding to the content package with (PU-ENTITY(CK)) and with the rights data in an encrypted form.
- 7. A method for a publishing user to render published digital content based on a self-issued corresponding digital publisher license, the content being encrypted by a content key (CK) to form (CK(content)) and the publisher license including (CK) encrypted by a public key (PU-ENTITY) associated with the publishing user to form (PU-ENTITY(CK)) and having attached thereto a publishing certificate from a digital rights management (DRM) server, the publishing certificate having a public key (PU-OLP) and a corresponding private key (PR-OLP) encrypted by (PU-ENTITY) to form (PU-ENTITY(PR-OLP)), the publisher license being signed by (PR-OLP), the method comprising:
verifying the publishing certificate based on the chain of certificates; obtaining (PU-OLP) from the publishing certificate; employing the obtained (PU-OLP) to verify the signature of the publisher license; retrieving (PU-ENTITY(CK)) from the verified publisher license; applying to (PU-ENTITY(CK)) a private key (PR-ENTITY) corresponding to (PU-ENTITY) to obtain (CK); applying (CK) to (CK(content)) to result in the content; and forwarding the content to a rendering application for actual rendering.
- 8. The method of claim 7 wherein the publishing certificate further has a digital signature and is accompanied by a chain of certificates leading back to a root authority, the method further comprising verifying the publishing certificate based on the signature thereof and the chain of certificates leading back to the root authority.
- 9. The method of claim 7 wherein the publisher license includes (PU-ENTITY(CK)) and rights data specifying rights and conditions that must be satisfied to allow rendering of the content, the method further comprising verifying that the specified rights and conditions of the rights data allow the rendering.
- 10. The method of claim 9 comprising creating the license data corresponding to the content package with (PU-ENTITY(CK)) and with the rights data in an encrypted form, the method further comprising decrypting the rights data.
- 11. A computer-readable medium having computer-executable instructions thereon for performing a method for a publishing user to publish digital content and issue to itself a corresponding digital publisher license to allow itself to render the published digital content, the publishing user being supplied with a publishing certificate from a digital rights management (DRM) server, the publishing certificate having a public key (PU-OLP), and a corresponding private key (PR-OLP) encrypted by a public key associated with the publishing user (PU-ENTITY) to form (PU-ENTITY(PR-OLP)), the method comprising:
developing the content and encrypting the developed content according to a content key (CK); creating a rights label for the encrypted content with (CK) encrypted by a public key of the DRM server (PU-DRM) to form (PU-DRM(CK)); retrieving (PU-ENTITY(PR-OLP)) from the publishing certificate; applying a private key (PR-ENTITY) corresponding to (PU-ENTITY) to (PU-ENTITY(PR-OLP)) to obtain (PR-OLP); signing the created rights label with (PR-OLP) to create a signed rights label (SRL); concatenating the created SRL and the publishing certificate to the encrypted content to form a content package distributable to another user, the another user having to contact the DRM server to obtain a corresponding license with (CK) to render the encrypted content therein, only such DRM server having a private key (PR-DRM) corresponding to (PU-DRM) and being able to apply (PR-DRM) to (PU-DRM(CK)) to obtain (CK); creating license data corresponding to the content package with (CK) encrypted by a (PU-ENTITY) to form (PU-ENTITY(CK)); signing the created license data with (PR-OLP) to create the publisher license; and attaching the publishing certificate to the publisher license, whereby only the publishing user having (PR-ENTITY) corresponding to (PR-ENTITY) can apply such (PR-ENTITY) to (PU-ENTITY(CK)) from the publisher license to obtain (CK) and thereby decrypt the encrypted content therewith for rendering.
- 12. The medium of claim 11 wherein the publishing certificate further has a digital signature from the DRM server and is accompanied by a chain of certificates leading back to a root authority, the method comprising:
verifying the publishing certificate based on the signature thereof and the chain of certificates leading back to the root authority and retrieving (PU-ENTITY(PR-OLP)) from the verified publishing certificate; concatenating the created SRL and the publishing certificate and accompanying chain of certificates to the encrypted content to form a content package distributable to another user; and attaching the publishing certificate and accompanying chain of certificates to the publisher license, whereby the content package, the publisher license, and the publishing certificate in combination form a chain of digital items back to the root authority.
- 13. The medium of claim 11 wherein the method comprises creating the rights label for the encrypted content with (PU-DRM(CK)) and with rights data specifying rights and conditions that must be satisfied to allow rendering of the content.
- 14. The medium of claim 13 wherein the method comprises creating the rights label for the encrypted content with (PU-DRM(CK)) and with the rights data in an encrypted form.
- 15. The medium of claim 11 wherein the method comprises creating the license data corresponding to the content package with (PU-ENTITY(CK)) and with rights data specifying rights and conditions that must be satisfied to allow rendering of the content.
- 16. The medium of claim 15 wherein the method comprises creating the license data corresponding to the content package with (PU-ENTITY(CK)) and with the rights data in an encrypted form.
- 17. A computer-readable medium having computer-executable instructions thereon for performing a method for a publishing user to render published digital content based on a self-issued corresponding digital publisher license, the content being encrypted by a content key (CK) to form (CK(content)) and the publisher license including (CK) encrypted by a public key (PU-ENTITY) associated with the publishing user to form (PU-ENTITY(CK)) and having attached thereto a publishing certificate from a digital rights management (DRM) server, the publishing certificate having a public key (PU-OLP) and a corresponding private key (PR-OLP) encrypted by (PU-ENTITY) to form (PU-ENTITY(PR-OLP)), the publisher license being signed by (PR-OLP), the method comprising:
verifying the publishing certificate based on the chain of certificates; obtaining (PU-OLP) from the publishing certificate; employing the obtained (PU-OLP) to verify the signature of the publisher license; retrieving (PU-ENTITY(CK)) from the verified publisher license; applying to (PU-ENTITY(CK)) a private key (PR-ENTITY) corresponding to (PU-ENTITY) to obtain (CK); applying (CK) to (CK(content)) to result in the content; and forwarding the content to a rendering application for actual rendering.
- 18. The medium of claim 17 wherein the publishing certificate further has a digital signature and is accompanied by a chain of certificates leading back to a root authority, the method further comprising verifying the publishing certificate based on the signature thereof and the chain of certificates leading back to the root authority.
- 19. The medium of claim 17 wherein the publisher license includes (PU-ENTITY(CK)) and rights data specifying rights and conditions that must be satisfied to allow rendering of the content, the method further comprising verifying that the specified rights and conditions of the rights data allow the rendering.
- 20. The medium of claim 19 wherein the method comprises creating the license data corresponding to the content package with (PU-ENTITY(CK)) and with the rights data in an encrypted form, the method further comprising decrypting the rights data.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] The following U.S. Patent Applications disclose subject matter that is related to the subject matter of the present application, and are hereby incorporated herein by reference in their entirety:
[0002] U.S. patent application Ser. No. 10/185,527, filed Jun. 28, 2002 under attorney docket number MSFT-1330 and entitled “Obtaining a Signed Rights Label (SRL) for Digital Content and Obtaining a Digital License Corresponding to the Content Based on the SRL in a Digital Rights Management System”;
[0003] U.S. patent application Ser. No. 10/185,278, filed Jun. 28, 2002 under attorney docket number MSFT-1333 and entitled “Using a Rights Template to Obtain a Signed Rights Label (SRL) for Digital Content in a Digital Rights Management System”;
[0004] U.S. patent application Ser. No. 10/185,511, filed Jun. 28, 2002 under attorney docket number MSFT-1343 and entitled “Systems And Methods For Issuing Usage Licenses For Digital Content And Services”;
[0005] U.S. Patent Application No. ______, filed ______ under attorney docket number MSFT-1498 and entitled “Publishing Digital Content Within an Organization in Accordance with a Digital Rights Management (DRM) System;
[0006] U.S. Patent Application No. ______, filed ______ under attorney docket number MSFT-1569 and entitled “Publishing Digital Content Within an Organization in Accordance with a Digital Rights Management (DRM) System; and
[0007] U.S. Patent Application No. ______, filed ______ concurrently with the present application under attorney docket number MSFT-1536 and entitled “Enrolling/Sub-Enrolling a Digital Rights Management (DRM) Server Into a DRM Architecture”.