EP2082348A2 - Methods and apparatuses for accessing content based on a session ticket - Google Patents

Methods and apparatuses for accessing content based on a session ticket

Info

Publication number
EP2082348A2
EP2082348A2 EP07870860A EP07870860A EP2082348A2 EP 2082348 A2 EP2082348 A2 EP 2082348A2 EP 07870860 A EP07870860 A EP 07870860A EP 07870860 A EP07870860 A EP 07870860A EP 2082348 A2 EP2082348 A2 EP 2082348A2
Authority
EP
European Patent Office
Prior art keywords
content
session
memory device
parameter
session ticket
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07870860A
Other languages
German (de)
English (en)
French (fr)
Inventor
Fabrice Jogand COULOMB
Haluk Kent TANIK
Oktay Rasizade
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SanDisk Technologies LLC
Original Assignee
SanDisk Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/600,263 external-priority patent/US8079071B2/en
Priority claimed from US11/600,273 external-priority patent/US20080112566A1/en
Application filed by SanDisk Corp filed Critical SanDisk Corp
Publication of EP2082348A2 publication Critical patent/EP2082348A2/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00485Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier
    • G11B20/00492Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein content or user data is encrypted
    • G11B20/00521Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein content or user data is encrypted wherein each session of a multisession recording medium is encrypted with a separate encryption key
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00485Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier
    • G11B20/0055Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein license data is encrypted
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00731Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
    • G11B20/00746Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number
    • G11B20/00789Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number wherein the usage restriction limits the number of functional copies, which can be accessed at a time, e.g. electronic bookshelf concept, virtual library, video rentals or check-in/check out
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00731Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
    • G11B20/00746Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number
    • G11B20/00797Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number wherein the usage restriction limits the number of times a content can be reproduced, e.g. using playback counters
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00731Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
    • G11B20/0084Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific time or date
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B2220/00Record carriers by type
    • G11B2220/60Solid state media
    • G11B2220/61Solid state media wherein solid state memory is used for storing A/V content

Definitions

  • Embodiments of the present invention relate generally to content access and, more particularly, linking content with license and accessing the content based on a session ticket.
  • Digital rights management is a technology used to protect and control the distribution of content, such as music files, video files, and other content.
  • content is encrypted with a cryptographic key, whereby the cryptographic key can also be used to decrypt the content.
  • the user In order for a user to decrypt and access the content, the user must have access to a license that is associated with the content.
  • a license can grant different access rights to the content depending on the permissions defined by a license provider. For example, the license may limit the content (e.g., a music file) to be played for a limited number of times.
  • the cryptographic key used to decrypt the content is stored only in the license.
  • the license can be hacked and the cryptographic key can be easily extracted from the license. If the cryptographic key is compromised, an unauthorized user can decrypt the content without the license and thereby access the content without limitations. As a result, there is a need to further improve the protection of content.
  • Various embodiments of the present invention provide methods, systems and/or apparatuses for linking a license with content and accessing content based on a session ticket. It should be appreciated that the embodiments can be implemented in numerous ways, including as a method, a circuit, a system, or a device. Several embodiments of the present invention are described below.
  • a method for accessing content stored on a memory device is provided.
  • a request to access the content is transmitted and a session ticket is received.
  • the session ticket includes a parameter used to decrypt the content and the session ticket is generated based on a variable that is configured to change at a session.
  • the content may be accessed based on the session ticket.
  • an apparatus is provided.
  • the apparatus includes a memory and a processor that is in communication with the memory. The processor is configured to: transmit a request to a memory device to access content stored in the memory device; receive a session ticket; and access the content based on the session ticket.
  • the session ticket includes a parameter used to decrypt the content and the session ticket is generated based on a variable that is configured to change at a session.
  • FIG. 1 is a simplified block diagram of a system of apparatuses, in accordance with an embodiment of the invention.
  • Figure 2 is a block diagram depicting the generation of a parameter used to decrypt content, in accordance with an embodiment of the invention.
  • FIG. 3 is a simplified block diagram of a system for accessing a memory device, in accordance with an embodiment of the invention.
  • Figure 4 is a flowchart diagram depicting the access of content from a memory device, in accordance with an embodiment of the invention.
  • Figure 5 is a block diagram depicting the generation of a session ticket, in accordance with an embodiment of the invention.
  • Figure 6 is a simplified block diagram of a system for accessing a memory device using a session ticket, in accordance with an embodiment of the invention.
  • Figure 7 is a flowchart diagram depicting the access of content from a memory device based on a session ticket, in accordance with an embodiment of the invention.
  • Figure 8 is a simplified block diagram of program applications that may be hosted on a host computing device for accessing content, in accordance with an embodiment of the invention.
  • Figure 9 is a simplified block diagram of program applications that may be included in a memory device, in accordance with an embodiment of the invention.
  • Figure 10 is a simplified block diagram of a general overview of a host computing device suitable for hosting a content protection platform and other program applications, in accordance with an embodiment of the invention.
  • Figure 11 is a simplified block diagram of a memory device, in accordance with an embodiment of the invention.
  • FIG. 1 is a simplified block diagram of a system of apparatuses, in accordance with an embodiment of the invention. As shown in Figure 1, system 102 includes host computing device 114 and memory device 116.
  • Host computing device 114 can include a variety of electronic devices capable of accessing memory device 116 to store or retrieve content 118 stored on the memory device.
  • Memory device 116 may be removably coupled to host computing device 114 by way of mechanical interface 108 such as pin and/or socket connectors.
  • Memory device 116 is a memory storage device.
  • an example of memory device 116 is a memory card using non-volatile memory.
  • Host computing device 1 14 hosts application 104.
  • Application 104 may include a variety of program applications.
  • application 104 may be an operating system that manages the hardware and software resources on host computing device 114.
  • application 104 may be a multimedia player configured to play audio and video files.
  • application 104 may be a video game.
  • Application 104 may access content 1 18 stored in memory device 116.
  • Content 118 can include a variety of data. Examples of content 118 include audio files encoded in audio file formats such as WAVE, MPEG-I Audio Layer 3 (MP3), Advanced Audio Coding (AAC), and other audio file formats. Content 118 may also include video files encoded in video file formats such as Audio Video Interleave (AVI), Moving Picture Experts Group (MPEG), and other video file formats. Other examples of content 118 include document files, image files, application files, and other data. [0024] Linking License with Content
  • FIG. 2 is a block diagram depicting the generation of a parameter used to decrypt content, in accordance with an embodiment of the invention.
  • Figure 2 shows content 118 and associated license 204.
  • Content 1 18 is encrypted such that the content is unintelligible.
  • license 204 is data (e.g., a string, a file, and other data) that enables content 1 18 to be accessed.
  • License 204 may include the permissions or rules to access content 118, such as duration of access, limiting the access of the content to a particular computing device, dates, times, a number of times the content may be accessed, and other permissions. License 204 therefore may be configured to define the permissions to access content 118.
  • license 204 may allow content 118 in the form of a music file to be played three times on a specific computing device.
  • license 204 may allow content 118 to be accessed but not copied to another computing device.
  • Third parameter 210 includes a variety of data that may be associated with the decryption of content 118.
  • third parameter 210 may be a cryptographic key used for the encryption and decryption of content 118.
  • third parameter 210 may also include a reference to the cryptographic key. The reference, for instance, may be a number or string that identifies the cryptographic key.
  • Third parameter 210 may also include an authentication key. The authentication key is a cryptographic key used for authentication sessions between the host computing device and memory device.
  • third parameter 210 may be a cryptographic nonce. A cryptographic nonce is a number that can be used to generate the cryptographic key.
  • Third parameter 210 is generated based on first parameter 202 and second parameter 206. In other words, third parameter 210 can be expressed as
  • Third parameter F (first parameter, second parameter) (1.0) where the third parameter is a function of first and second parameters 202 and 206.
  • the function may include a variety of functions, such as a hash function, whereby third parameter 210 can be the hash value of the hash function.
  • First parameter 202 is associated with license 204 and second parameter 206 is associated with content 118.
  • First and second parameters 202 and 206 may include a variety of data.
  • first parameter 202 may be a number. In an embodiment, the number may be randomly generated. In another embodiment, the number is pre-defined.
  • Second parameter 206 may be dependent on first parameter 202 or vice versa.
  • second parameter 206 may be a number or string derived from both a reference to a cryptographic key and first parameter 202. Such number or string may be expressed as
  • Second parameter F (key reference, first parameter) (1.2) where second parameter 206 is a function of both the reference to the cryptographic key and first parameter 202. It should be appreciated that second parameter 206 also may be derived from both an authentication key and first parameter 202. In another example, second parameter 206 may be derived from a cryptographic nonce and first parameter 202. Conversely, first parameter 202 may be derived from second parameter 206 and an authentication key, a reference to a cryptographic key, a cryptographic nonce or other parameters.
  • First and second parameters 202 and 206 are associated with license 204 and content 118, respectively.
  • first and second parameters 202 and 206 may be located or included in the license and the content, respectively.
  • second parameter 206 may be located in the header or footer of content 118.
  • first parameter 202 and/or second parameter 206 may be located separately from license 204 and/or content 118.
  • license 204 may be associated with first parameter 202 with the inclusion of a pointer to the first parameter.
  • Content 118 may also include a pointer to second parameter 206 if the second parameter is located separately from the content.
  • FIG. 3 is a simplified block diagram of a system for accessing a memory device, in accordance with an embodiment of the invention.
  • system 302 includes host computing device 1 14 coupled to memory device 116.
  • Host computing device 114 may include application 104 and first content protection platform 304.
  • Memory device 116 includes second content protection platform 306, content 118, and license 204.
  • license 204 may be stored in a hidden partition of memory device 116 where the license is not visible or accessible by many applications.
  • license 204 may also be stored in host computing device 114.
  • First and second content protection platforms 304 and 306 are technology platforms for securing content 1 18 to memory device 1 16.
  • first content protection platform 304 and/or second content protection platform 306 a user may transfer memory device 116 and its content 118 without compromising the content protection.
  • content protection platforms that may be used for securing data, examples being sold under the trademarks TrustedFlashTM and GruviTM (as manufactured by SanDisk, Inc.).
  • application 104 by way of first content protection platform 304 transmits a request for content 118 stored in memory device 116.
  • content 118 is encrypted.
  • first parameter 202 associated with license 204 and second parameter 206 associated with content 118 are retrieved.
  • First parameter 202 and second parameter 206 may be included in license 204 and content 118, respectively, or may be files located separately from the license and the content.
  • a third parameter is generated based on first parameter 202 and second parameter 206. In other words, the third parameter may be derived from first and second parameters 202 and 206.
  • the third parameter may be a cryptographic key used to decrypt content 118, a reference to the cryptographic key, an authentication key, a nonce, or other parameters.
  • application 104 can decrypt and access content 118.
  • first content protection platform 304 may transmit the third parameter and request for content 118 to memory device 1 16.
  • Second content protection platform 306 can decrypt content 1 18 based on the third parameter and may transmit the content, which is decrypted, to application 104 by way of first content protection platform 304.
  • first content protection platform 304 hosted on host computing device 114 retrieves first and second parameters 202 and 206 and generates the third parameter based on the first and second parameters.
  • second content protection platform 306 included in memory device 116 can also retrieve first and second parameters 202 and 206 and generate the third parameter based on the first and second parameters.
  • FIG. 4 is a flowchart diagram depicting the access of content from a memory device, in accordance with an embodiment of the invention.
  • the content is analyzed to determine whether the content is protected (i.e., encrypted).
  • Various information associated with the content can indicate whether the content is encrypted.
  • the header of the content for example, may indicate that the content is encrypted.
  • the filename extension of the content can also indicate that the content is encrypted.
  • the content may be directly accessed in 410.
  • a first parameter is retrieved from the license at 404.
  • the first parameter is a number. The number can be randomly generated or predefined.
  • a second parameter is retrieved from the content.
  • the second parameter may be derived from a reference to the cryptographic key and the first parameter.
  • the cryptographic key is used to encrypt or decrypt the content.
  • the second parameter is associated with both the content and the license because the second parameter is derived or computed from a reference to the cryptographic key that is used to decrypt the content and a number that is included with the license.
  • the first parameter e.g., a number
  • the second parameter may be associated with the license.
  • a reference to the cryptographic key may be generated or computed at 408.
  • the reference to the cryptographic key can be generated based on the first parameter and the second parameter.
  • the content can be decrypted and accessed based on the third parameter.
  • the third parameter in the form of a reference to the cryptographic key can be transmitted to the memory device.
  • the memory device can include a secure store that stores the cryptographic key.
  • the memory device can retrieve the cryptographic key from the secure store using the reference to the cryptographic key.
  • the memory device can decrypt the content and transmit the decrypted content to a host computing device.
  • FIG. 5 is a block diagram depicting the generation of a session ticket, in accordance with an embodiment of the invention.
  • Parameter 502 is initially provided and the parameter includes a variety of data that may be associated with the decryption of content. Parameter 502 may be generated based on parameters associated with the license and content as discussed above. Examples of parameter 502 include a reference to a cryptographic key used for the decryption of the content, a cryptographic nonce or other parameters.
  • variable 504 includes a variety of data.
  • the data can be a number. The number may be predefined or randomly generated.
  • the data can be a character string.
  • variable 504 may not be associated with the license and content. In other words, variable 504 may be independent of the license and content.
  • Variable 504 is configured to change at a session.
  • a session may span for a period of time. For example, the session may last for an hour, a day, a week, or other units of time.
  • a session may expire when the host computing device that is coupled to the memory device is initiated or restarted.
  • a session may also expire when the memory device is decoupled from the host computing device. Furthermore, for example, a session can span for a limited number of access to the content (e.g., a limited number of times the content can be accessed).
  • Session ticket 506 is generated based on parameter 502 and variable 504, whereby the parameter is encrypted based on the variable to define session ticket 506. Session ticket 506 can therefore be expressed as
  • Session Ticket F (Parameter, Variable) (2.0) where the session ticket is a function of parameter 502 and variable 504.
  • the content may be accessed based on the session ticket.
  • a host computing device can transmit session ticket 506 to the memory device.
  • the memory device may derive the parameter used to decrypt the content based on session ticket 506.
  • Parameter 502 may be derived from
  • session ticket 506 is associated with a particular content because the session ticket is used to decrypt the content. As a result, another content that is stored in the memory device cannot be used or accessed with session ticket 506 unless the session ticket includes a parameter, such as parameter 502, to decrypt that other content.
  • the host computing device or memory device generates two, different session tickets to access the two, separate contents.
  • one session ticket cannot be used to access the two, separate contents that are encrypted with different cryptographic keys.
  • FIG. 6 is a simplified block diagram of a system for accessing a memory device using a session ticket, in accordance with an embodiment of the invention.
  • System 602 includes host computing device 114 coupled to memory device 116.
  • Host computing device 114 may include application 104 and first content protection platform 304.
  • Memory device 116 includes second content protection platform 306, content 118, and license 204.
  • first and second content protection platforms 304 and 306 may be configured to manage the digital rights of content 118 stored in memory device 116.
  • application 104 transmits a request for content 118 stored in memory device 116 by way of first content protection platform 304.
  • Content 118 is encrypted with a cryptographic key.
  • a parameter associated with the cryptographic key e.g., a reference to the cryptographic key, a nonce, or other parameters
  • second content protection platform 306 encrypts the parameter based on variable 604 to define a session ticket, which is expressed in Equation 2.0.
  • Second content protection platform 306 may generate variable 604 (e.g., a number, a string, or other parameters).
  • Variable 604 is configured to change at a session.
  • second content protection platform 306 may generate a different variable 604 for every session. Variable 604 may be randomly generated or predefined. [0041] After the session ticket is generated, second content protection platform 306 transmits the session ticket to host computing device 114. With the session ticket, host computing device 114 may access content 118 based on the session ticket. To access content 118, host computing device 114 subsequently transmits the session ticket back to memory device 1 16. With the receipt of session ticket, second content protection platform 306 decrypts the session ticket to extract the parameter used to decrypt content 118, which is expressed in Equation 2.2. If variable 604 has not changed, then the parameter can be extracted because the decryption is based on a variable that is identical to the variable used to encrypt the parameter.
  • Variable 604 may change at different sessions. As a result, variable 604 is identical to the variable used to encrypt the parameter if the variables are generated within the same session. However, if variable 604 has changed, then the parameter cannot be extracted because the decryption is based on a variable that is different from the variable used to encrypt the parameter. Variable 604 is different from the variable used to encrypt the parameter if the variables are generated within different sessions. By changing variable 604 at a session, the session ticket lasts or is valid for one session. If the parameter can be extracted, then the second content protection platform 306 can decrypt content 118 based on the parameter and transmit the decrypted content to host computing device 114.
  • first content protection platform 304 may also generate the session ticket by encrypting the parameter used to decrypt content 118.
  • first content protection platform 304 may generate the session ticket and transmit the session ticket to application 104.
  • Application 104 can then transmit the session ticket back to first content protection platform 304 to access content 118.
  • Figure 7 is a flowchart diagram depicting the access of content from a memory device based on a session ticket, in accordance with an embodiment of the invention. Starting at 702, a reference to a cryptographic key is retrieved. The reference may be retrieved from a host computing device or a memory device.
  • the content stored in the memory device is encrypted and can be decrypted using the cryptographic key.
  • the reference to the cryptographic key is encrypted based on a number at 704 to define a session ticket.
  • the number is configured to change at a session and may be randomly generated.
  • the session ticket can then be transmitted to, for example, a host computing device at 706.
  • the host computing device accesses content stored on a memory device
  • the host computing device can transmit the session ticket received to the memory device at 706.
  • the memory device receives the session ticket at 708 and decrypts the session ticket based on a number at 710. If the number matches the number used to generate the session ticket, then the reference to the cryptographic key can be extracted from the decryption operation.
  • FIG. 8 is a simplified block diagram of program applications that may be hosted on a host computing device for accessing content, in accordance with an embodiment of the invention.
  • Host computing device 114 may host application 104, digital rights management (DRM) module 806, content protection platform 304, file system manager 808, and device driver 810.
  • application 104 may include a variety of program applications, such as multimedia players, video games, and other applications.
  • DRM module 806 In communication with application 104 are DRM module 806 and content protection platform 304.
  • DRM module 806 allows host computing device 114 to manage the digital rights of content stored in a memory device or other locations. For example, DRM module 806 may protect content and control their distribution.
  • content protection platform 304 is a technology platform for securing content on a memory device.
  • Content protection platform 304 can include security manager 802 and host cryptographic engine 804.
  • security manager 802 manages the access of content stored in a memory device. Management includes, for example, checking whether the content is protected, generating a reference to a cryptographic key based on parameters associated with a license and the content, generating a session ticket based on a parameter and a variable, generating the variable, and other operations.
  • Host cryptographic engine 804 includes the cryptographic libraries to handle cryptographic operations.
  • Content protection platform 304 and DRM module 806 together provide host computing device 114 (and memory device) with secure storage and content management capabilities. For example, content protection platform 304 and DRM module 806 allow secure storage of content (e.g., music files, movie files, software, and other data) stored in the memory device and enforcement of pre-defined policies for controlling access to the content.
  • file system manager 808 In communication with content protection platform 304 is file system manager 808. In general, file system manager 808 is configured to manage and handle access
  • Host computing device 114 can interface with a memory device.
  • Host computing device 1 14 therefore can include device driver 810, which is in communication with file system manager 808, to interface with the memory device.
  • Device driver 810 may, for example, include the lower-level interface functions to communicate with a memory device.
  • An example of a lower-level interface function include input/out functions associated with input and output of data to and from the memory device.
  • FIG. 9 is a simplified block diagram of program applications that may be included in a memory device, in accordance with an embodiment of the invention.
  • Memory device 1 16 may include DRM module 902, content protection platform 306, cryptographic engine 904, and secure store 906.
  • DRM module 902 allows memory device 116 to manage the digital rights of content stored in the memory device.
  • DRM module 902 may be configured to enforce content rights.
  • Content protection platform 306, as discussed above, is a technology platform for securing content stored on memory device 116.
  • Content protection platform 306 may be configured to generate a reference to a cryptographic key based on parameters associated with a license and the content, to generate a session ticket based on a parameter and a variable, and may be configured for other operations.
  • Cryptographic engine 904 handles cryptographic operations and secure store 906 stores the cryptographic keys.
  • host computing device 1 14 of Figure 8 and memory device 116 of Figure 9 may include fewer or more program applications apart from those shown in Figures 8 and 9.
  • file system manager 808 and device driver 810 may be integrated into content protection platform 304.
  • Host computing device 114 of Figure 8 may therefore include DRM module 806 and content protection platform 304.
  • FIG 10 is a simplified block diagram of a general overview of a host computing device suitable for hosting a content protection platform and other program applications, in accordance with an embodiment of the invention.
  • host computing device 114 may be used to implement computer programs (e.g., content protection platform), logic, applications, methods, processes, or other software to access content.
  • Examples of host computing device 114 include a desktop computer, a server, a portable computing device, a personal digital assistant, a cell phone, a computational engine within an appliance, and other computer systems.
  • host computing device 114 includes bus 1002 or other communication mechanism for communicating information, which interconnects subsystems and devices, such as processor 1004, system memory 1006 (e.g., random access memory (RAM)), storage device 1008 (e.g., read only memory (ROM), magnetic disk drives, optical disk drives, and other storage devices), communication interface 1012 (e.g., modem or Ethernet card), display 1014 (e.g., cathode ray tube (CRT) or liquid crystal display (LCD)), input/output device 1016 (e.g., keyboard), and cursor control 1018 (e.g., mouse or trackball).
  • processor 1004 system memory 1006 (e.g., random access memory (RAM)
  • storage device 1008 e.g., read only memory (ROM), magnetic disk drives, optical disk drives, and other storage devices
  • communication interface 1012 e.g., modem or Ethernet card
  • display 1014 e.g., cathode ray tube (CRT) or liquid crystal display (LCD)
  • host computing device 114 performs specific operations by processor 1004 when executing one or more sequences of one or more program instructions stored in system memory 1006. Such program instructions may be read into system memory 1006 from another computer readable medium, such as storage device 1008. In some embodiments, hard- wired circuitry may be used in place of or in combination with software program instructions to implement embodiments of the invention.
  • computer readable medium refers to suitable medium that participates in providing program instructions to processor 1004 for execution. Such a medium may take many forms, including but not limited to, nonvolatile media, volatile media, and transmission media. Non-volatile media may include, for example, optical or magnetic disks, such as storage device 1008.
  • Volatile media may include dynamic memory, such as system memory 1006.
  • Transmission media includes coaxial cables, copper wire, and fiber optics, including wires that comprise bus 1002. Transmission media can also take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications.
  • Computer readable media include, for example, magnetic mediums (e.g., floppy disk, flexible disk, hard disk, magnetic tape, and other magnetic mediums), optical mediums (e.g., compact disc read-only memory (CD-ROM) and other optical mediums), physical medium with patterns (e.g., punch cards, paper tape, any other physical mediums), memory chips or cartridges, carrier waves, (e.g., RAM, programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), flash memory, and other memory chips or cartridges), and any other medium from which a computer can read.
  • execution of the sequences of program instructions to practice the embodiments may be performed by a single computing device 114.
  • two or more computer systems such as host computing device 114, coupled by communication link 1020 (e.g., local area network (LAN), public switched telephone network (PSTN), wireless network, and other communication links) may perform the sequence of program instructions to practice the embodiments in coordination with one another.
  • computing device 114 may transmit and receive messages, data, and instructions, including program, i.e., application code, through communication link 1020 and communication interface 1012.
  • Received program instructions may be executed by processor 1004 as the program instructions are received, and/or stored in storage device 1008, or other non-volatile storage for later execution.
  • Figure 11 is a simplified block diagram of a memory device, in accordance with an embodiment of the invention.
  • memory device 116 includes memory controller 1102 in communication with memory 1104.
  • memory controller 1 102 controls the operation of memory 1106. Examples of operations include writing (or programming) data, reading data, erasing data, verifying data, and other operations. Additionally, memory controller 1102 may be configured to generate a parameter based on parameters associated with the license and the content, generate a session ticket based on a parameter and a number, and may be configured for other operations described above.
  • Memory device 116 can include a variety of non- volatile memory structures and technologies.
  • memory technologies include flash memories (e.g., NAND, NOR, Single-Level Cell (SLC/BIN), Multi-Level Cell (MLC), Divided bit-line NOR (DINOR), AND, high capacitive coupling ratio (HiCR), asymmetrical contactless transistor (ACT), and other flash memories), erasable programmable read-only memory (EPROM), electrically-erasable programmable read-only memory (EEPROM), read-only memory (ROM), one-time programmable memory (OTP), and other memory technologies.
  • flash memories e.g., NAND, NOR, Single-Level Cell (SLC/BIN), Multi-Level Cell (MLC), Divided bit-line NOR (DINOR), AND, high capacitive coupling ratio (HiCR), asymmetrical contactless transistor (ACT), and other flash memories
  • EPROM erasable programmable read-only memory
  • EEPROM electrically-erasable programmable read-only memory
  • ROM read-only memory
  • OTP one-time
  • flash memory cards include a variety of the following trademarked products such as Secure DigitalTM (compliant with specifications maintained by the SD Card Association of San Ramon, California), MultiMediaCardTM (compliant with specifications maintained by the MultiMediaCard Association (“MMCA”) of Palo Alto, California), MiniSDTM (as manufactured by SanDisk, Inc.), MicroSDTM (as manufactured by SanDisk, Inc.), CompactFlashTM (compliant with specifications maintained by the CompactFlash Association (“CFA”) of Palo Alto, California), SmartMediaTM (compliant with specifications maintained by the Solid State Floppy Disk Card (“SSFDC”) Forum of Yokohama, Japan), xD-Picture CardTM (compliant with specifications maintained by the xD-Picture Card Licensing Office of Tokyo, Japan ), Memory StickTM (compliant with specifications maintained by the Solid State Floppy Disk Card (“SSFDC”) Forum of Yokohama, Japan), TransFlashTM (as manufactured by SanDisk, Inc.), and other flash memory cards.
  • memory device 116 can be implemented as a non-removable memory device.
  • the following patent documents contain embodiments that can be used with the embodiments described herein. Each of these patent documents is being filed on the same date as the present application, is assigned to the assignee of the present invention, and is hereby incorporated by reference: "Methods for Linking Content with License,” U.S. patent application serial no. 11/599,655; "Apparatuses for Linking Content with License,” U.S. patent application serial no. 11/600,270; "Apparatuses for Accessing Content Based on a Session Ticket," U.S. patent application serial no.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Library & Information Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)
EP07870860A 2006-11-14 2007-11-09 Methods and apparatuses for accessing content based on a session ticket Withdrawn EP2082348A2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US11/600,263 US8079071B2 (en) 2006-11-14 2006-11-14 Methods for accessing content based on a session ticket
US11/600,273 US20080112566A1 (en) 2006-11-14 2006-11-14 Apparatuses for accessing content based on a session ticket
PCT/US2007/023617 WO2008069888A2 (en) 2006-11-14 2007-11-09 Methods and apparatuses for accessing content based on a session ticket

Publications (1)

Publication Number Publication Date
EP2082348A2 true EP2082348A2 (en) 2009-07-29

Family

ID=39313149

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07870860A Withdrawn EP2082348A2 (en) 2006-11-14 2007-11-09 Methods and apparatuses for accessing content based on a session ticket

Country Status (5)

Country Link
EP (1) EP2082348A2 (zh)
JP (1) JP2010509887A (zh)
KR (1) KR101450131B1 (zh)
TW (1) TWI441037B (zh)
WO (1) WO2008069888A2 (zh)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060242068A1 (en) * 2004-12-21 2006-10-26 Fabrice Jogand-Coulomb Method forversatile content control

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3216607B2 (ja) * 1998-07-29 2001-10-09 日本電気株式会社 デジタル著作物流通システム及び方法、デジタル著作物再生装置及び方法、並びに記録媒体
US7599890B2 (en) * 2000-03-30 2009-10-06 Sanyo Electric Co., Ltd. Content data storage
US20040019801A1 (en) * 2002-05-17 2004-01-29 Fredrik Lindholm Secure content sharing in digital rights management
JP3869761B2 (ja) * 2002-06-05 2007-01-17 三洋電機株式会社 コンテンツ再生装置
JP2004133654A (ja) * 2002-10-10 2004-04-30 Sanyo Electric Co Ltd 記憶装置、端末装置およびサーバ装置
KR20050096040A (ko) * 2004-03-29 2005-10-05 삼성전자주식회사 휴대형 저장장치와 디바이스간에 디지털 저작권 관리를이용한 콘텐츠 재생방법 및 장치와, 이를 위한 휴대형저장장치
US7664966B2 (en) * 2004-05-17 2010-02-16 Microsoft Corporation Secure storage on recordable medium in a content protection system
WO2006013924A1 (ja) * 2004-08-06 2006-02-09 Pioneer Corporation 記録再生装置、記録媒体処理装置、再生装置、記録媒体、コンテンツ記録再生システム、及びコンテンツ記録再生方法

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060242068A1 (en) * 2004-12-21 2006-10-26 Fabrice Jogand-Coulomb Method forversatile content control

Also Published As

Publication number Publication date
TWI441037B (zh) 2014-06-11
JP2010509887A (ja) 2010-03-25
KR101450131B1 (ko) 2014-10-13
KR20090091750A (ko) 2009-08-28
WO2008069888B1 (en) 2008-09-18
TW200839564A (en) 2008-10-01
WO2008069888A2 (en) 2008-06-12
WO2008069888A3 (en) 2008-07-31

Similar Documents

Publication Publication Date Title
US8533807B2 (en) Methods for accessing content based on a session ticket
US8763110B2 (en) Apparatuses for binding content to a separate memory device
US20080115211A1 (en) Methods for binding content to a separate memory device
US7227952B2 (en) System, method, and device for playing back recorded audio, video or other content from non-volatile memory cards, compact disks or other media
AU775002B2 (en) Semiconductor memory card and data reading apparatus
US9075957B2 (en) Backing up digital content that is stored in a secured storage device
EP2410456A1 (en) Methods and apparatuses for binding content to a separate memory device
US20090276829A1 (en) System for copying protected data from one secured storage device to another via a third party
US20080112566A1 (en) Apparatuses for accessing content based on a session ticket
US20090276474A1 (en) Method for copying protected data from one secured storage device to another via a third party
US20080114686A1 (en) Apparatuses for linking content with license
KR20100014767A (ko) 디지털 콘텐트에 대한 액세스를 제어하기 위한 방법과 시스템
US20080112562A1 (en) Methods for linking content with license
TWI441037B (zh) 基於會話權證存取內容之方法與裝置
EP2082349A2 (en) Methods and apparatuses for linking content with license

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20090513

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20111206

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SANDISK TECHNOLOGIES INC.

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20140603