摘要:
A computing device has encrypted content and a corresponding license having a decryption key for decrypting the content. The license allows the computing device to render the content thereon. The computing device may issue a sub-license based on the license to a portable device. The sub-license allows the portable device to render the content thereon and has the decryption key. The portable device has a digital device certificate including information thereon. The computing device receives from the portable device the device certificate thereof, and determines based on rules in the license and the information on the portable device in the device certificate whether the computing device can issue the sub-license to the portable device. If so, the computing device constructs such sub-license to include the decryption key (KD) and transmits the constructed sub-license to the portable device.
摘要:
Techniques enable building a collection of data that defines an asset, with the data possibly having differing data types. These techniques are then capable of assigning arbitrary policy to that asset, regardless of which data types are present within the asset. In addition, these techniques enable packaging of this first asset with one or more additional assets in a self-contained envelope. Each asset within the envelope may similarly include data of differing data types. Furthermore, each of these assets may be assigned a policy that may be different than the policy assigned to the first asset. This envelope, or a collection of envelopes, may then be provided to a content-consuming device to consume the assets in accordance with each asset's specified policy.
摘要:
A computing device segregates licenses for corresponding content according to relatively short lived licenses for relatively short lived content and relatively long lived licenses for relatively long lived content. The computing device stores the relatively short lived licenses in a more temporary and volatile license store, and the relatively long lived licenses in a more permanent and non-volatile license store. Thus, the relatively short lived licenses are deleted when the temporary license store is turned off and do not create disorder in the permanent license store.
摘要:
A content license associated with unencrypted digital content is generated, the content license including both an identifier of the unencrypted digital content and a content policy. At a user device, a determination is made as to whether the content license corresponds to particular unencrypted digital content. Use of the particular unencrypted digital content by the computing device is permitted in accordance with the content policy if the content license corresponds to the particular unencrypted digital content. However, use of the particular unencrypted digital content by the computing device based on the content license is prohibited if the content license does not correspond to the particular unencrypted digital content.
摘要:
A digital license is migrated from a source platform to a target platform. At the source platform, a migration image is produced to include the license and corresponding data therein, and the license is deleted from such source platform. At the target platform, permission is requested from a centralized migration service to migrate the license in the migration image to the target platform. The migration service determines whether to permit migration of the license based on predetermined migration policy. Upon receiving the requested permission as a response from the migration service, the migration image is applied to the target platform by un-tying the license from the source platform and re-tying the license to the target platform.
摘要:
A source generates a medium key (KM) and a media secret table including a plurality of entries, each entry including (KM) encrypted by a public key (PU-PD) of a plurality of devices, obtains the medium ID of a medium therefrom, generates a content key (KD) for a piece of content, encrypts the content with (KD) to result in (KD(content)), encrypts (KD) with (KM) to result in (KM(KD)), generates a package for the content including (KD(content)), (KM(KD)), the medium ID, and a signature based on at least the medium ID and verifiable with (KM), and copies the generated package and the media secret table to the medium. Thus, a device with the medium and a private key (PR-PD) corresponding to an entry of the media secret table can access and render the content.
摘要:
A method of registering network devices in a digital rights management system (DRMS) includes receiving a digital certificate transmitted by the network device requesting registration and verifying the validity of the certificate. The DRMS may then send cryptographic information to the applying network device. The network device may be authorized for registration via a user interface to the DRMS. The DRMS may conduct a proximity test to determine of the network device is proximate to the DRMS. If the certificate is validated, authorization is received, and the proximity test indicates that the network device is proximate to the DRMS, the network device may be registered. A registered network device is then authorized to play protected digital content.
摘要:
In accordance with one or more aspects, a license for content is retrieved, the license having been previously embedded in the content. A requested action is allowed to be performed with the content only if a standalone license, or both a leaf license and a root license, indicate that the action with the content is permissible. Leaf licenses and/or standalone licenses can be embedded by a source of the content and/or by a target device that receives the content. Additionally, licenses can include one or more rules indicating where a target device that receives the content is to store the licenses.
摘要:
Techniques enable building a collection of data that defines an asset, with the data possibly having differing data types. These techniques are then capable of assigning arbitrary policy to that asset, regardless of which data types are present within the asset. In addition, these techniques enable packaging of this first asset with one or more additional assets in a self-contained envelope. Each asset within the envelope may similarly include data of differing data types. Furthermore, each of these assets may be assigned a policy that may be different than the policy assigned to the first asset. This envelope, or a collection of envelopes, may then be provided to a content-consuming device to consume the assets in accordance with each asset's specified policy.
摘要:
This document describes policies for digital rights management that enable distribution of full-function versions of applications that, while fully functional, have functions limited by an associated policy. A policy may be replaced or updated, thereby enabling use of previously limited functions without distribution of another version of the application.