US20200233981A1 - Method to Identify Consumer Electronics Products - Google Patents
Method to Identify Consumer Electronics Products Download PDFInfo
- Publication number
- US20200233981A1 US20200233981A1 US16/844,631 US202016844631A US2020233981A1 US 20200233981 A1 US20200233981 A1 US 20200233981A1 US 202016844631 A US202016844631 A US 202016844631A US 2020233981 A1 US2020233981 A1 US 2020233981A1
- Authority
- US
- United States
- Prior art keywords
- product
- identifier
- playback device
- credential reference
- cryptographic information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 79
- 230000008569 process Effects 0.000 claims description 25
- 230000006870 function Effects 0.000 claims description 11
- 230000003044 adaptive effect Effects 0.000 claims description 10
- XUIMIQQOPSSXEZ-UHFFFAOYSA-N Silicon Chemical compound [Si] XUIMIQQOPSSXEZ-UHFFFAOYSA-N 0.000 claims description 8
- 229910052710 silicon Inorganic materials 0.000 claims description 8
- 239000010703 silicon Substances 0.000 claims description 8
- 238000012790 confirmation Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 2
- 230000004044 response Effects 0.000 claims 3
- 239000000047 product Substances 0.000 description 525
- 230000008859 change Effects 0.000 description 7
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 101100522110 Oryza sativa subsp. japonica PHT1-10 gene Proteins 0.000 description 2
- 101100522109 Pinus taeda PT10 gene Proteins 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000004806 packaging method and process Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 239000006227 byproduct Substances 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 238000011179 visual inspection Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
Definitions
- the present invention relates generally to managing consumer electronics products operating on a digital rights management (DRM) system, and more specifically to systems and methods for reliably identifying a class of device by product line using an identifier.
- DRM digital rights management
- a consumer electronic or CE device is typically built using a specific chipset designed for a specific class of consumer electronics device (e.g. high definition televisions).
- Many original equipment manufacturers (OEMs) can utilize the same chipset to produce a similar product.
- the OEMs differentiate the products using different firmware to modify the user interface and the capabilities of the device.
- products manufactured by an OEM that share a common chipset and firmware are referred to as a product line.
- a common capability of CE devices is the playback of multimedia content.
- a variety of digital rights management (DRM) systems exist to prevent unauthorized playback of protected content.
- DRM systems typically encrypt content so that a specific cryptographic key or combination of cryptographic keys is required to play back the content.
- Playback devices typically register with the DRM system to obtain the keys that are necessary to play back protected content.
- a DRM system owner/operator may implement a certification system, through which it “approves” a device model or product line to operate on its DRM system.
- Certification typically involves the DRM system operator testing that the device and/or chipset and firmware combination that defines a product line operates in the manner required for operation within the DRM system.
- a playback device includes a processor and memory configured to store a product identifier, where the product identifier is associated with a specific product and is associated with cryptographic information, wherein the processor is configured by a client application to request content from a server, communicate the product identifier to a server, and receive encrypted content accessible using cryptographic information including the cryptographic information associated with the product identifier.
- the processor is further configured by a client application to communicate a product identifier version to the server.
- the memory is further configured to store product tag data associated with the product identifier, and the product tag data includes at least one product tag that describes a characteristic of the product.
- the processor is further configured by a client application to transmit product tag data to a server and receive confirmation from the server whether a first product credential reference identifier that is generated from the transmitted product tag data matches a second product credential reference identifier stored on the server.
- product tag data includes at least one tag selected from the group consisting of: product ID version, brand, ODM/manufacturer, device type, model number, base model number, silicon platform ID, certified playback profile, country, and digital secure adaptive streaming software version.
- the memory is further configured to store a product credential reference identifier that is associated with the product identifier and is generated using at least the product identifier and at least a portion of the product tag data.
- the method used to generate the product credential reference identifier is determined based upon a product identifier version.
- the cryptographic information associated with the product identifier includes a product key.
- the memory is further configured to store user account data.
- the user account data includes a user identifier and cryptographic information associated with the user identifier.
- the cryptographic information associated with the user identifier includes a user key and product SSL certificate.
- the processor is further configured by a client application to receive cryptographic information associated with a user identifier and store the cryptographic information in memory.
- the content encrypted using the cryptographic information associated with the product identifier includes the cryptographic information associated with the user identifier.
- the cryptographic information associated with the product identifier includes a product key and the processor is further configured by a client application to access the cryptographic information associated with a user identifier using the product key.
- the cryptographic information associated with the product identifier includes a product key and the processor is further configured by a client application to access the cryptographic information associated with a user identifier using the product key and a device key.
- the second product credential reference identifier is stored on the server and associated with product tag data stored on the server.
- the second product credential identifier is stored in the memory and associated with the product tag data stored in the memory and the processor is further configured by a client application to transmit the second product credential identifier to the server.
- a method of identifying a playback device including a product identifier includes communicating a product identifier to a server, where the product identifier is associated with a specific product and is associated with cryptographic information, requesting content from the server, and receiving encrypted content accessible using cryptographic information including the cryptographic information associated with the product identifier.
- the method includes communicating a product identifier version to the server.
- the method includes associating product tag data with the product identifier, where the product tag data includes at least one product tag that describes a characteristic of the product, and storing the product tag data in memory.
- the product tag data includes at least one tag selected from the group consisting of: product ID version, brand, ODM/manufacturer, device type, model number, base model number, silicon platform ID, certified playback profile, country, and digital secure adaptive streaming software version.
- the method includes associating a product credential identifier with the product identifier, where the product credential reference identifier is uniquely generated using at least the product identifier and at least a portion of the product tag data, and storing the product credential identifier in memory.
- the method used to generate the product credential reference identifier is based upon a product identifier version.
- the cryptographic information includes a product key.
- the method includes receiving and storing user account data.
- the user account data includes a user identifier and cryptographic information associated with the user identifier.
- the cryptographic information associated with the user identifier includes a user key and product SSL certificate.
- the method includes accessing the cryptographic information associated with a user identifier using a product key and a device key.
- the content encrypted using the cryptographic information associated with the product identifier includes the cryptographic information associated with the user identifier.
- the method includes receiving a request for product tag data from a server, transmitting product tag data to the server, and receiving confirmation from the server whether a first product credential reference identifier that is generated from the transmitted product tag data matches a second product credential reference identifier.
- the method includes retrieving a second product credential reference identifier from memory and transmitting the second product credential reference identifier to the server.
- a machine readable medium contains processor instructions, where execution of the instructions by a processor causes the process to perform a process including communicating a product identifier to a server, where the product identifier is associated with a specific product and is associated with cryptographic information, requesting content from the server, and receiving content encrypted using cryptographic information including the cryptographic information associated with the product identifier.
- a method for certifying a consumer electronics product includes receiving product tag data, storing a product identifier, a product credential reference identifier, and at least one product tag from the received product tag data on a registration server so that the product credential reference identifier and the at least one product tag are associated with the product identifier, storing the product identifier, the product credential reference identifier, and at least one product tag from the received product tag data on a device, and retrieving the product credential reference identifier and at least one product tag stored on the device to display in human-readable format.
- the method includes receiving input of the product credential reference identifier and the at least one product tag stored on the device into a certification terminal and transmitting the product credential reference identifier and the at least one product tag to the registration server.
- the product tag data includes at least one tag selected from the group consisting of: product ID version, brand, ODM/manufacturer, device type, model number, base model number, silicon platform ID, certified playback profile, country, and digital secure adaptive streaming software version.
- the product credential reference identifier is generated using at least the product identifier and one product tag.
- the product credential reference identifier is generated using a cryptographic hash function.
- receiving product tag data includes receiving an electronic transmission that includes the product tag data over a network.
- FIG. 1 is a system-level overview illustrating a DRM and content distribution system in accordance with an embodiment of the invention.
- FIG. 2A is a chart listing product tags in accordance with an embodiment of the invention.
- FIG. 2B conceptually illustrates product tags forming a set of product tag data.
- FIG. 2C conceptually illustrates the relationship between a product descriptor, a product ID, product tags (both constant and variable), and a credential reference identifier in accordance with an embodiment of the invention.
- FIG. 3 conceptually illustrates a playback device, which stores information related to a user account and a product identifier and cryptographic data used to decode content in accordance with an embodiment of the invention.
- FIG. 4 conceptually illustrates a registration server, which stores information related to user accounts including (but not limited to) cryptographic data, in accordance with an embodiment of the invention.
- FIG. 5 is a flow chart illustrating a process that can be used to generate a product identifier and associate the product identifier with product tag data in accordance with an embodiment of the invention.
- FIG. 6 is a flow chart illustrating a process for verifying the correct storage of a product identifier and associated information on a playback device.
- FIG. 7 is a flow chart illustrating a process for checking revocation status of a product identifier and communicating secure data from a server to a device based upon the product identifier.
- playback devices operate within a digital rights management (DRM) system in which they communicate with different types of servers over a network.
- DRM digital rights management
- the playback devices are certified for use in the DRM system. Certification is an endorsement by a DRM system operator that devices in a particular product line have been tested to be compatible with the DRM system. It may be helpful for a device manufacturer to resort to a form of counterfeiting, by taking firmware that was written for the chipset of one model of device and placing it on another model of device that uses the same chipset. This improper use of the issued device certification can present technical difficulties in interoperability with the DRM system and is typically motivated by a desire to avoid paying royalties and/or other contractual obligations related to the use of the DRM system with respect to the devices in question.
- DRM systems in accordance with many embodiments of the invention utilize a mechanism to identify products by manufacturer and product line in order to enforce certification policies, facilitate confinement of security breaches, and assist with the tracking of revenues.
- a process for certifying a product and/or product line within a DRM system can include assigning a product descriptor to each product or product line.
- product can be used to refer to both individual products and product lines and is used to refer to both products and product lines throughout the discussion that follows.
- DRM systems in accordance with a number of embodiments of the invention also store product tag data describing the product on the device and a product credential reference identifier (credential reference ID) generated using some or all of the product tag data. Displaying the product tag data enables a quick visual inspection of whether the characteristics of the device correspond to the product characteristics indicated by the product tags.
- the product credential reference ID is generated using a subset of the product tags that remain constant through the useful life of the product (constant tags) and can be utilized to verify that the product tag data corresponds to the characteristics of the device. If the product credential reference ID generated using some or all of the product tags does not match the stored product credential reference ID associated with a specific product ID, then tampering is likely present.
- a product ID together with constant product tags and a subset of the product tags that may change over the life of the product form a product descriptor.
- Variable product tags can be used to indicate software versions or provide tracking capabilities.
- the product descriptor can serve to differentiate devices within a product line (i.e., having the same product ID) by their installed software version and/or updates the device has received.
- one or more pieces of cryptographic data can also be issued with respect to each product ID and/or product descriptor.
- the product key(s) can be utilized to issue technically protected content to the device.
- the product key(s) can be revoked to limit the scope of the security breach. DRM systems and methods for identifying different products within a DRM system in accordance with embodiments of the invention are discussed further below.
- the DRM system 10 includes a plurality of consumer electronics devices that include information identifying a specific product or product line to which the device belongs.
- the consumer electronics devices include devices with content playback capabilities such as (but not limited to) a cellular phone 12 , smart phone 14 , television 16 , personal computer 18 , DVD player, or digital media player.
- the consumer electronics devices are configured to communicate with remote servers via a network 20 such as the Internet.
- the DRM system includes a registration server 22 and content server 24 .
- Devices typically first connect to a registration server to be associated with a user account and acquire credentials/cryptographic data (e.g., SSL certificate, encryption keys) used to access content.
- Devices may then connect to a content server and request content with the credentials.
- the content server can issue the requested content in such a way that the credentials/cryptographic data (e.g., SSL certificate, encryption keys) of the device are required to access the content.
- credentials/cryptographic data e.g., SSL certificate, encryption keys
- a product descriptor that includes a product ID is assigned to each product.
- the product ID can be generated based upon the characteristics of the product and/or arbitrarily assigned.
- Variations within a product can be identified by a product descriptor that includes a product ID, variable product tags, and constant product tags.
- One or more variable product tags can be used to indicate a variation such as different software versions and updates.
- the product descriptor and/or product ID can be utilized in a variety of processes including (but not limited to) the certification and registration of the device.
- the use of the product ID during certification is enhanced by also associating product tag data with the product ID to form a product descriptor.
- the product tag data describes the product and, when displayed, can be utilized to readily verify whether the characteristics of the device correspond to the characteristics of the product associated with the product ID.
- attempts to detect tampering with the product tags can be identified by generating a product credential reference ID using some or all of the product tags.
- the product credential reference ID can be stored with respect to the product tags originally associated with a product ID. When a product credential reference ID generated using the product tags present on a device do not match with the stored product credential reference ID associated with the product ID, tampering is present.
- cryptographic data is also associated with the product ID to enable the quarantining of security breaches with respect to a specific product.
- the product ID, product credential reference ID, product key, and product tag data are stored in non-volatile memory on a playback device.
- the DRM system operator will package into a dataload the encryption keys, algorithms, and/or other information and software instructions necessary for the device to communicate with DRM servers and receive content.
- the product ID and other data is included in the dataload given to a manufacturer for storage on each device.
- FIG. 1 any of a variety of architectures can be utilized that enable playback devices to communicate with servers over a network in accordance with embodiments of the invention.
- much of the discussion that follows relates to the use of the product descriptor, product ID, product credential reference ID, product key(s) and product tag data in the certification of products and authentication of devices.
- product credential reference ID product key(s) and product tag data
- additional data associated with a product ID can vary depending upon the requirements of a specific application in accordance with embodiments of the invention.
- Product descriptors, Product IDs, additional data that can be associated with product IDs, and systems and methods for using product IDs and associated data in accordance with embodiments of the invention are discussed further below.
- a product identifier is a character string that is associated with one or more sets of product tag data, where a set of product tag data is descriptive of a product. Any of a number of methods can be used to generate a product ID, including a random number generator, manual numbering or determination by a person, or systematic methods such as using sequential numbers or globally unique identifiers.
- a set of product tag data is associated with a product ID.
- the individual tags represent information about some aspect of a product.
- an original equipment manufacturer (OEM) requests that a product be certified (i.e. issued a product ID) and provides information for the product tags.
- OEM original equipment manufacturer
- the DRM system operator certifies the product by verifying that a device that is exemplary of the product passes certain tests. Assuming the product tags accurately describe the device, the DRM system operator can issue a product ID for the product and can associate the product tags with the product ID.
- a change in the value of some of the product tags may necessitate a different product ID.
- some product tags may be constant product tags while other tags are variable product tags.
- Constant product tags are expected to remain constant and not to change through the life of a product.
- a product credential reference ID can be generated using some or all of the constant product tags associated with a product, as will be described further below.
- Variable product tags may change over the life of the product. Variable tags can be used to track characteristics that may change such as software versions.
- a product descriptor may be formed using a product ID, variable product tags, and constant product tags, as will be described further below.
- FIG. 2A A list of product tags, in accordance with an embodiment of the invention is shown in FIG. 2A .
- Product ID Version indicates the version of the product ID creation algorithm used to generate the product ID and product credential reference ID from the product tags.
- Each version can also specify lengths and format of tag data, as well as the number of tags and the meaning of each tag. In essence, PT1 allows for the product descriptor to be extensible through the definition of new tag names and versions.
- the Brand tag (PT2) is the brand that the device is sold under—the name marked on the product and product packaging.
- the ODM/Manufacturer tag is the company name of the manufacturer of the product.
- the company may or may not be the same as the Brand.
- a product may be designed and manufactured by an original design manufacturer (ODM) and eventually branded by another firm for sale.
- ODM original design manufacturer
- a company may design and manufacture its own product, in which case the Brand may be the same as the ODM/Manufacturer.
- the Device Type tag represents the type of product (e.g., DVD player, television).
- the product type is indicated in a license agreement between the company seeking certification and the certifying DRM system owner.
- the Model Number tag (PT5) is the model number of the product indicated on the product and product packaging.
- products with different model numbers may have the same product ID so long as they share the same base model number. These may be thought of as related products which often share the same chipset and/or other major components and differ only by some playback features or capabilities.
- each product with a distinct model number has a distinct product ID.
- the Base Model Number tag (PT6) is the model number of a product's base model. For a base model itself, the value is the same as the Model Number. In many embodiments of the invention, a base model specifies devices using the same chipset and firmware.
- the Silicon Platform ID tag (PT7) is the model number of the chipset or processor architecture used in the device.
- the Certified Playback Profile tag denotes the playback profile or profiles for which the device is certified.
- a playback profile is defined by a DRM system owner as a set of supported or compatible file types, container formats, playback codecs, resolutions, and/or other features of digital media content.
- the Country tag (PT9) is the country name where the product will be shipped and sold.
- the Digital Secure Adaptive Streaming (DSAS) Software Version tag (PT10) can be used to indicate the version numbers for secure adaptive streaming software components implemented on the device. These may include platform components such as the playback software, operating system, and firmware. As will be discussed further below, the tag may be used to determine various device capabilities when the device plays back content such as in the process described in the discussion of FIG. 7 below.
- tags and fields have been described above, systems and methods in accordance with embodiments of the invention can utilize any of a variety of types of information in product tags that are associated with a product ID.
- product tag values can be obtained from a device by running an application on the device that will record the values and communicate the values to a server.
- the product tags can vary with different types and classes of product.
- the constant tags or a subset of the constant tags for a specific device are utilized as device match data for the purpose of registering the device within a DRM system in the manner outlined in U.S. patent application Ser. No. 13/339,315, to Chan et al. entitled “Binding of Cryptographic Content Using Unique Device Characteristics with Server Heuristics” filed Dec. 28, 2011, the disclosure of which is incorporated by reference herein in its entirety.
- the constant tags can vary from product descriptor to product descriptor and so the constant tags that are utilized as device match data can also vary from one product descriptor to the next.
- a product ID identifies devices of a particular product or product line.
- a product descriptor can differentiate devices within a product or product line by feature set or software or firmware versions.
- a product descriptor includes a product ID and product tag data.
- product tag data includes constant product tags and variable product tags.
- the variable product tags in the product descriptor of one device may have different values from the variable product tags in the product descriptor of another device, while having the same product ID.
- the actual tags used in the product descriptor can vary between product IDs.
- the relationship between a product descriptor, product ID, variable product tags, constant product tags, and credential reference identifier (product credential reference ID) in accordance with an embodiment of the invention is conceptually illustrated in FIG. 2C .
- a product credential reference ID is generated using one or more of the product tags and associated with that set of product tags, a product ID, and/or a product descriptor.
- the product credential reference ID is a unique string of set length generated from some or all of the product tags.
- the product tags used to generate the product credential reference ID are constant product tags.
- the product credential reference ID is an efficient technique for representing a set of product tags and for detecting tampering. When product tags are changed so that a device passes inspection, the changes can be detected by comparing the product credential reference ID generated using the modified tags and the original product credential reference ID associated with the product ID.
- the generation of a product credential reference ID can be achieved by many methods, one of which is a cryptographic hash function.
- a cryptographic hash function is a procedure or algorithm that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value.
- a cryptographic hash function ideally has four significant properties: it is easy to compute the hash value for a given input value, it is infeasible to generate an input value that has a given hash value, it is infeasible to modify an input value without changing the resulting hash value, and it is infeasible to find two input values with the same hash value.
- the product credential reference ID generation algorithm uses some or all of the product tags and optionally the product ID as inputs. The result is truncated to a prespecified length, which makes reading and recording by a human observer easier.
- the hash creation and truncation methods are updatable based on the product ID version. It is understood that a very small chance for collision in the credential reference ID exists; however, hash creation and truncation methods can be adapted to mitigate the problem. Although specific techniques are referenced above for generating credential reference IDs, any of a variety of processes appropriate to a specific application can be utilized in accordance with embodiments of the invention.
- a product key is cryptographic data that can be utilized in the encryption and/or decryption of content and is associated with a product ID and/or product descriptor.
- a product key is stored together with the product ID on a CE playback device.
- the product key can be used in conjunction with one or more other encryption keys stored on the device to access encrypted data (e.g., other keys used to access content or the content itself).
- a product ID and associated data are stored on a playback device to enable the playback device to identify itself to a DRM system.
- a playback device which stores a product ID, product credential reference ID, product tag data (the set of product tags), and product key in non-volatile memory, in accordance with an embodiment of the invention is shown in FIG. 3 .
- the playback device 30 includes a processor 32 , volatile memory 34 , and non-volatile memory 36 .
- the non-volatile memory 36 includes a product ID 44 , product tag data 46 , a product credential reference ID 48 , and a product key 50 .
- product ID 44 and product tag data 46 form a product descriptor 52 .
- product descriptor 52 e.g., constant tags and variable tags
- the user ID, user key, and SSL certificate may be stored during a registration process, and the product ID, product credential reference ID, product tag data, and product key are typically loaded onto the device during manufacturing as part of the device's firmware.
- Cryptographic data which can be used to decrypt encrypted data or create secure connections to other systems, may also be stored in the non-volatile memory.
- the cryptographic data includes (but is not limited to) a user ID 38 that is a unique identifier for a user account, a user key 40 used in decryption of content, and an SSL certificate 42 used in creating secure connections with other devices via Hypertext Transfer Protocol Secure (HTTPS) or a similar secure communication protocol.
- HTTPS is a combination of the Hypertext Transfer Protocol (HTTP) with Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol to provide encrypted communication and secure identification of a network device.
- SSL/TLS Secure Sockets Layer/Transport Layer Security
- any of a variety of identifiers, keys, certificates and other types of information can be stored as cryptographic data on a playback device.
- product IDs and data associated with each ID are stored on a registration server.
- a registration server which stores the product IDs, product credential reference IDs, sets of product tag data, and product keys in non-volatile memory, in accordance with an embodiment of the invention is shown in FIG. 4 .
- the registration server includes a processor 70 and non-volatile memory 72 .
- the non-volatile memory includes a product list 74 , which includes at least one product ID 76 , and its associated product tag data 78 (i.e., set of tags), product credential reference ID 80 , and product key 82 .
- a product ID together with product tag data forms a product descriptor 83 .
- the non-volatile memory also includes a user account list 84 , which includes at least one user ID 86 , and its associated user key 88 and a product SSL certificate 90 .
- the data may also be stored in data structures other than lists, such as (but not limited to) databases.
- SSL certificates may be assigned uniquely to user accounts, to product classes, to device models, to individual devices or by numerous other classifications subject to the limitations and security policies of the DRM system.
- a product ID is issued for a set of product tag data and the collection of product ID and the product tag data embedded in each device in the product line associated with that product tag data.
- a flow chart illustrating a process for issuing a product ID during a certification process, in accordance with an embodiment of the invention is shown in FIG. 5 .
- a vendor submits ( 102 ) product tag data to a certification team.
- the submission can be a paper form that is filled out with the relevant product tag data, an electronic form that transmits the information over a network, or other manual or automated process.
- the certification team verifies ( 104 ) that the information is correct—that it is unique (i.e., tags that should be unique to a product do not have the same values as tags in another product) and complete (i.e., tags are not missing). If the information is correct ( 106 ), the certification team generates ( 108 ) a product ID, product credential reference ID, and product key. The newly created product ID, product credential reference ID, and product key are associated with the product tag data and stored on a registration server.
- the product ID, product credential reference ID, product key, and the product ID version used to generate the product ID are sent ( 110 ) to the vendor to be stored on each device in the product line designated by the product ID.
- a product descriptor is sent to the vendor that includes the product ID and product tag data.
- the DRM system owner packages into a dataload the encryption keys, algorithms, and/or other information and software instructions necessary for the device to communicate with DRM servers and receive content.
- the dataload is given to the manufacturer to be stored as firmware or as data in non-volatile memory on each device when it is manufactured.
- the product ID and associated data can be included in the dataload given to a manufacturer.
- the process described above with respect to FIG. 5 may be conducted differently in circumstances where a product ID is assigned to a class of devices (e.g. devices that utilize the same operating system) that include different hardware. In situations where a single product ID is assigned to a class of devices (e.g.
- the tag values can be dynamically collected from the system and provided to the DRM system during the certification time using a specific certification application. Accordingly, any of a variety of processes for generating product identifying information and loading the information onto devices can be utilized in accordance with embodiments of the invention.
- certification of a product includes verifying that the product ID and associated tag data within the product descriptor are stored accurately on a device in the product line.
- a flow chart illustrating a process for verifying a product ID during a certification process, in accordance with an embodiment of the invention is shown in FIG. 6 .
- the vendor stores ( 130 ) a product ID, product certification reference ID, product tag data, and product key in memory on a device.
- the product ID, product certification reference ID, product tag data, and product key can be contained within a dataload of information packaged to be loaded on the device during the manufacturing process as discussed above.
- product tag data may be dynamically collected from a device using an application that reads and records tag values as described above, and the device may generate the product credential reference ID.
- the certification team verifies ( 132 ) that the product ID and other information are stored accurately.
- An interface on the device may be configured such that the memory can be read directly.
- Firmware or software on the device may be programmed to respond to a device status call with the product ID, product credential reference identifier, and/or product tag data.
- Firmware or software on the device may also be programmed to show the information in human-readable format on a display integrated on the device or removably attached to the device.
- the product credential reference identifier and at least one product tag are rendered viewable for certification purposes.
- Verification may be facilitated by recalling and displaying the product ID and/or other information stored on the server for comparison with the corresponding information stored on the device.
- Another mechanism that can be utilized is to transfer the product ID and/or other information stored on the device to a terminal manually (e.g., by human interaction) or electronically (e.g., by a physical or wireless connection).
- the terminal electronically communicates the information to a registration server storing a copy of the information and the registration server responds with whether the information matches.
- the certification team stores ( 136 ) the product ID, product credential reference ID, product tag data, and product key on the registration server.
- the information is associated as pertaining to one product line in the DRM system.
- the certification team can investigate whether the product is participating in the DRM system without appropriate authorization.
- a specific process is illustrated in FIG. 6 , any of a variety of processes for verifying the product ID and the product related credentials of a device can be utilized in accordance with embodiments of the invention.
- a playback device In order to participate in a DRM system, a playback device typically connects to a registration server to register itself as an authorized device and connect to a content server each time a user wishes to stream or download content over a network.
- a playback device sends its stored product ID, product credential reference ID, and/or product tag data to a server when registering with a registration server or connecting to a content server to play back streaming content. If the product ID is revoked or if product tag data does not match, the registration or connection attempt can be denied.
- Various embodiments of the invention utilize a product ID and associated information in authenticating a device to a server in a DRM system.
- a product ID and product tag data are sent together as a product descriptor.
- a device receives cryptographic data that it uses to decrypt content and the cryptographic data is encrypted with a product key.
- registration of a product includes verifying that the product ID and associated data in the product descriptor are correct and that the product ID has not been revoked.
- a flow chart illustrating a registration process involving verification of a device's product ID, in accordance with an embodiment of the invention is shown in FIG. 7 .
- a device sends ( 170 ) its stored product ID and product ID version to a server.
- the server determines ( 172 ) if the product ID is in a revoked state.
- the server may maintain a list of revoked product IDs, may indicate revocation status in a database where the product ID is stored, or obtain revocation status of product IDs with any of a variety of other methods including (but not limited to) communicating with a remote system that maintains product ID revocation status.
- Revocation status may be determined based upon a product ID, any combination of one or more product tags, or any combination of product ID and product tags.
- Revocation can be checked by any process where a server receives a combination of product ID and product tags that determines revocation status, or information that can be used to look up the product ID and product tags.
- the server or the remote system can be configured to update the list or database using various manipulative functions including adding and removing product IDs. If the product ID is revoked, the device will not be permitted any protected functions ( 182 ) with the server, unless the product ID is restored ( 184 ).
- a protected function is any function that is restricted to devices that can be authenticated and can include (but are not limited to) registration of the device or issuance of content to the device.
- the server proceeds to authenticate ( 174 ) the session with the device.
- Authentication may entail the device using its SSL certificate to request a secure connection, although other methods may be used to ensure a secure connection (i.e., where the server and device have reliably identified the machine it is communicating with). For example, during initial registration of a device, the device may not have received an SSL certificate, so a trust relationship may be established by supplying user account details of the customer attempting to register the device.
- a device connects to a registration server for registration on the DRM system.
- a transaction associates the device with a user account and the device receives ( 176 ) cryptographic data with which the device can decrypt content.
- the cryptographic data may include encryption keys associated with the user account such as user keys and other user account data associated with the user account such as (but not limited to) user IDs and product SSL certificates.
- the cryptographic data may further be encrypted with a product key that is associated with the product ID issued to the device and a device key that is associated with the class of device to which it belongs (e.g., DVD players, televisions).
- a device connects to a content server to request and receive digital content.
- the server encrypts ( 178 ) the content using cryptographic data that can include encryption keys associated with the user account such as user keys.
- the server sends the encrypted content to the device.
- the device may then store or immediately play back the received content, using its stored cryptographic data to access the content.
- the device has user keys stored in memory that are encrypted with a product key and device key.
- the device key and the product key are used to decrypt ( 180 ) a user key and the user key is used to decrypt ( 181 ) the encrypted content.
- any of a variety of combinations of keys and/or cryptographic data including a product key can be utilized to access encrypted content.
- variable product tags such as a Digital Secure Adaptive Streaming (DSAS) Software Version tag (PT10)
- DSAS Digital Secure Adaptive Streaming
- Platform components may include the playback software, operating system, and firmware.
- the collection of the Product ID and the product tags may indicate various device capabilities, such as the category of asset the device can play back.
- categories of assets may be specified by quality, performance, or resource utilization characteristics that can include (but are not limited to) a bitrate, video resolution, file size, video format, or audio format. Some categories may be lower quality and/or less resource intensive than others.
- the playback software version or other version number may be associated with certain categories.
- a device may initially be manufactured with a software version that is capable of playing back certain categories of assets and later updated or upgraded to play back other categories of assets.
- a server may determine the playback capabilities based on a combination of the product ID, the constant, and the variable product descriptor tags. Alternatively, if no description for the capability using this combination is found, the server may match on the product ID and the constant product descriptor tag values. Again, if no description for the device capability using this combination is found, the server may perform a match only on the product ID field of the product descriptor and determine a gross set of capabilities that would be tied to the granularity of the products that the product ID is associated with. The identified capabilities can be used for a variety of purposes.
- the identified capabilities can be utilized to select streams appropriate to the specific device from a set of available streams for inclusion in a dynamically generated top level index file that is then provided to the playback device for use during adaptive bitrate streaming.
- knowledge of device capabilities can be used in any of a variety of different ways appropriate to the specific application.
- a server can verify the product tag data stored on a device by comparing a generated product credential reference ID against a stored copy.
- a device sends its stored product tag data and product credential reference ID to the server.
- the server generates a product credential reference ID in accordance with the corresponding product ID version from the received product tag data.
- the server compares the newly generated product credential reference ID with the product credential reference ID stored on the server for that set of product tag data and/or the product credential reference ID received from the device.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
Description
- The current application is a continuation of U.S. patent application Ser. No. 13/436,888, filed Mar. 31, 2012, which claims priority to U.S. Provisional Application No. 61/581,598, filed Dec. 29, 2011 and U.S. Provisional Application No. 61/503,581, filed Jun. 30, 2011, the disclosures of which are incorporated herein by reference in their entireties.
- The present invention relates generally to managing consumer electronics products operating on a digital rights management (DRM) system, and more specifically to systems and methods for reliably identifying a class of device by product line using an identifier.
- A consumer electronic or CE device is typically built using a specific chipset designed for a specific class of consumer electronics device (e.g. high definition televisions). Many original equipment manufacturers (OEMs) can utilize the same chipset to produce a similar product. The OEMs differentiate the products using different firmware to modify the user interface and the capabilities of the device. In many instances, products manufactured by an OEM that share a common chipset and firmware are referred to as a product line.
- A common capability of CE devices is the playback of multimedia content. A variety of digital rights management (DRM) systems exist to prevent unauthorized playback of protected content. DRM systems typically encrypt content so that a specific cryptographic key or combination of cryptographic keys is required to play back the content. Playback devices typically register with the DRM system to obtain the keys that are necessary to play back protected content.
- A DRM system owner/operator may implement a certification system, through which it “approves” a device model or product line to operate on its DRM system. Certification typically involves the DRM system operator testing that the device and/or chipset and firmware combination that defines a product line operates in the manner required for operation within the DRM system. Once a device model or product line is approved to operate within a DRM system, purchasers of approved devices can register the devices with the DRM system and play protected content authorized for playback on the registered device.
- Systems and methods for identifying consumer electronic products using a playback device with a product identifier in accordance with embodiments of the invention are disclosed. In one embodiment, a playback device includes a processor and memory configured to store a product identifier, where the product identifier is associated with a specific product and is associated with cryptographic information, wherein the processor is configured by a client application to request content from a server, communicate the product identifier to a server, and receive encrypted content accessible using cryptographic information including the cryptographic information associated with the product identifier.
- In a further embodiment, the processor is further configured by a client application to communicate a product identifier version to the server.
- In another embodiment, the memory is further configured to store product tag data associated with the product identifier, and the product tag data includes at least one product tag that describes a characteristic of the product.
- In a still further embodiment, the processor is further configured by a client application to transmit product tag data to a server and receive confirmation from the server whether a first product credential reference identifier that is generated from the transmitted product tag data matches a second product credential reference identifier stored on the server.
- In still another embodiment, product tag data includes at least one tag selected from the group consisting of: product ID version, brand, ODM/manufacturer, device type, model number, base model number, silicon platform ID, certified playback profile, country, and digital secure adaptive streaming software version.
- In a yet further embodiment, the memory is further configured to store a product credential reference identifier that is associated with the product identifier and is generated using at least the product identifier and at least a portion of the product tag data.
- In yet another embodiment, the method used to generate the product credential reference identifier is determined based upon a product identifier version.
- In a further embodiment again, the cryptographic information associated with the product identifier includes a product key.
- In another embodiment again, the memory is further configured to store user account data.
- In a further additional embodiment, the user account data includes a user identifier and cryptographic information associated with the user identifier.
- In another additional embodiment, the cryptographic information associated with the user identifier includes a user key and product SSL certificate.
- In a still yet further embodiment, the processor is further configured by a client application to receive cryptographic information associated with a user identifier and store the cryptographic information in memory.
- In still yet another embodiment, the content encrypted using the cryptographic information associated with the product identifier includes the cryptographic information associated with the user identifier.
- In a still further embodiment again, the cryptographic information associated with the product identifier includes a product key and the processor is further configured by a client application to access the cryptographic information associated with a user identifier using the product key.
- In still another embodiment again, the cryptographic information associated with the product identifier includes a product key and the processor is further configured by a client application to access the cryptographic information associated with a user identifier using the product key and a device key.
- In a still further additional embodiment, the second product credential reference identifier is stored on the server and associated with product tag data stored on the server.
- In still another additional embodiment, the second product credential identifier is stored in the memory and associated with the product tag data stored in the memory and the processor is further configured by a client application to transmit the second product credential identifier to the server.
- In a yet further embodiment again, a method of identifying a playback device including a product identifier includes communicating a product identifier to a server, where the product identifier is associated with a specific product and is associated with cryptographic information, requesting content from the server, and receiving encrypted content accessible using cryptographic information including the cryptographic information associated with the product identifier.
- In yet another embodiment again, the method includes communicating a product identifier version to the server.
- In a yet further additional embodiment, the method includes associating product tag data with the product identifier, where the product tag data includes at least one product tag that describes a characteristic of the product, and storing the product tag data in memory.
- In yet another additional embodiment, the product tag data includes at least one tag selected from the group consisting of: product ID version, brand, ODM/manufacturer, device type, model number, base model number, silicon platform ID, certified playback profile, country, and digital secure adaptive streaming software version.
- In a further additional embodiment again, the method includes associating a product credential identifier with the product identifier, where the product credential reference identifier is uniquely generated using at least the product identifier and at least a portion of the product tag data, and storing the product credential identifier in memory.
- In another additional embodiment again, the method used to generate the product credential reference identifier is based upon a product identifier version.
- In a still yet further embodiment again, the cryptographic information includes a product key.
- In still yet another embodiment again, the method includes receiving and storing user account data.
- In a still yet further additional embodiment, the user account data includes a user identifier and cryptographic information associated with the user identifier.
- In still yet another additional embodiment, the cryptographic information associated with the user identifier includes a user key and product SSL certificate.
- In a yet further additional embodiment again, the method includes accessing the cryptographic information associated with a user identifier using a product key and a device key.
- In yet another additional embodiment again, the content encrypted using the cryptographic information associated with the product identifier includes the cryptographic information associated with the user identifier.
- In a still yet further additional embodiment again, the method includes receiving a request for product tag data from a server, transmitting product tag data to the server, and receiving confirmation from the server whether a first product credential reference identifier that is generated from the transmitted product tag data matches a second product credential reference identifier.
- In still yet another additional embodiment again, the method includes retrieving a second product credential reference identifier from memory and transmitting the second product credential reference identifier to the server.
- In another further embodiment, a machine readable medium contains processor instructions, where execution of the instructions by a processor causes the process to perform a process including communicating a product identifier to a server, where the product identifier is associated with a specific product and is associated with cryptographic information, requesting content from the server, and receiving content encrypted using cryptographic information including the cryptographic information associated with the product identifier.
- In still another further embodiment, a method for certifying a consumer electronics product includes receiving product tag data, storing a product identifier, a product credential reference identifier, and at least one product tag from the received product tag data on a registration server so that the product credential reference identifier and the at least one product tag are associated with the product identifier, storing the product identifier, the product credential reference identifier, and at least one product tag from the received product tag data on a device, and retrieving the product credential reference identifier and at least one product tag stored on the device to display in human-readable format.
- In yet another further embodiment, the method includes receiving input of the product credential reference identifier and the at least one product tag stored on the device into a certification terminal and transmitting the product credential reference identifier and the at least one product tag to the registration server.
- In another further embodiment again, the product tag data includes at least one tag selected from the group consisting of: product ID version, brand, ODM/manufacturer, device type, model number, base model number, silicon platform ID, certified playback profile, country, and digital secure adaptive streaming software version.
- In another further additional embodiment, the product credential reference identifier is generated using at least the product identifier and one product tag.
- In a further embodiment, the product credential reference identifier is generated using a cryptographic hash function.
- In another embodiment, receiving product tag data includes receiving an electronic transmission that includes the product tag data over a network.
-
FIG. 1 is a system-level overview illustrating a DRM and content distribution system in accordance with an embodiment of the invention. -
FIG. 2A is a chart listing product tags in accordance with an embodiment of the invention. -
FIG. 2B conceptually illustrates product tags forming a set of product tag data. -
FIG. 2C conceptually illustrates the relationship between a product descriptor, a product ID, product tags (both constant and variable), and a credential reference identifier in accordance with an embodiment of the invention. -
FIG. 3 conceptually illustrates a playback device, which stores information related to a user account and a product identifier and cryptographic data used to decode content in accordance with an embodiment of the invention. -
FIG. 4 conceptually illustrates a registration server, which stores information related to user accounts including (but not limited to) cryptographic data, in accordance with an embodiment of the invention. -
FIG. 5 is a flow chart illustrating a process that can be used to generate a product identifier and associate the product identifier with product tag data in accordance with an embodiment of the invention. -
FIG. 6 is a flow chart illustrating a process for verifying the correct storage of a product identifier and associated information on a playback device. -
FIG. 7 is a flow chart illustrating a process for checking revocation status of a product identifier and communicating secure data from a server to a device based upon the product identifier. - Turning now to the drawings, systems and methods for identifying consumer electronic products using a playback device with a product descriptor are illustrated. In many embodiments of the invention, playback devices operate within a digital rights management (DRM) system in which they communicate with different types of servers over a network. In many embodiments, the playback devices are certified for use in the DRM system. Certification is an endorsement by a DRM system operator that devices in a particular product line have been tested to be compatible with the DRM system. It may be tempting for a device manufacturer to resort to a form of counterfeiting, by taking firmware that was written for the chipset of one model of device and placing it on another model of device that uses the same chipset. This improper use of the issued device certification can present technical difficulties in interoperability with the DRM system and is typically motivated by a desire to avoid paying royalties and/or other contractual obligations related to the use of the DRM system with respect to the devices in question.
- DRM systems in accordance with many embodiments of the invention utilize a mechanism to identify products by manufacturer and product line in order to enforce certification policies, facilitate confinement of security breaches, and assist with the tracking of revenues. In a number of embodiments, a process for certifying a product and/or product line within a DRM system can include assigning a product descriptor to each product or product line. The term product can be used to refer to both individual products and product lines and is used to refer to both products and product lines throughout the discussion that follows.
- In order to facilitate reviewing whether the product ID installed on a specific device is appropriate to the device (i.e. whether the device is the product indicated by the product ID), DRM systems in accordance with a number of embodiments of the invention also store product tag data describing the product on the device and a product credential reference identifier (credential reference ID) generated using some or all of the product tag data. Displaying the product tag data enables a quick visual inspection of whether the characteristics of the device correspond to the product characteristics indicated by the product tags. The product credential reference ID is generated using a subset of the product tags that remain constant through the useful life of the product (constant tags) and can be utilized to verify that the product tag data corresponds to the characteristics of the device. If the product credential reference ID generated using some or all of the product tags does not match the stored product credential reference ID associated with a specific product ID, then tampering is likely present.
- In many embodiments, a product ID together with constant product tags and a subset of the product tags that may change over the life of the product (variable product tags) form a product descriptor. Variable product tags can be used to indicate software versions or provide tracking capabilities. The product descriptor can serve to differentiate devices within a product line (i.e., having the same product ID) by their installed software version and/or updates the device has received.
- In several embodiments, one or more pieces of cryptographic data (product keys) can also be issued with respect to each product ID and/or product descriptor. The product key(s) can be utilized to issue technically protected content to the device. In the event of a security breach with respect to a specific product, the product key(s) can be revoked to limit the scope of the security breach. DRM systems and methods for identifying different products within a DRM system in accordance with embodiments of the invention are discussed further below.
- A DRM system in accordance with an embodiment of the invention is illustrated in
FIG. 1 . TheDRM system 10 includes a plurality of consumer electronics devices that include information identifying a specific product or product line to which the device belongs. In the illustrated embodiment, the consumer electronics devices include devices with content playback capabilities such as (but not limited to) acellular phone 12,smart phone 14,television 16,personal computer 18, DVD player, or digital media player. The consumer electronics devices are configured to communicate with remote servers via anetwork 20 such as the Internet. In the illustrated embodiment, the DRM system includes a registration server 22 andcontent server 24. Devices typically first connect to a registration server to be associated with a user account and acquire credentials/cryptographic data (e.g., SSL certificate, encryption keys) used to access content. Devices may then connect to a content server and request content with the credentials. The content server can issue the requested content in such a way that the credentials/cryptographic data (e.g., SSL certificate, encryption keys) of the device are required to access the content. - A variety of techniques can be utilized to identify a specific product. In a number of embodiments, a product descriptor that includes a product ID is assigned to each product. The product ID can be generated based upon the characteristics of the product and/or arbitrarily assigned. Variations within a product can be identified by a product descriptor that includes a product ID, variable product tags, and constant product tags. One or more variable product tags can be used to indicate a variation such as different software versions and updates. The product descriptor and/or product ID can be utilized in a variety of processes including (but not limited to) the certification and registration of the device. In several embodiments, the use of the product ID during certification is enhanced by also associating product tag data with the product ID to form a product descriptor. The product tag data describes the product and, when displayed, can be utilized to readily verify whether the characteristics of the device correspond to the characteristics of the product associated with the product ID. In many embodiments, attempts to detect tampering with the product tags can be identified by generating a product credential reference ID using some or all of the product tags. The product credential reference ID can be stored with respect to the product tags originally associated with a product ID. When a product credential reference ID generated using the product tags present on a device do not match with the stored product credential reference ID associated with the product ID, tampering is present. In several embodiments, cryptographic data is also associated with the product ID to enable the quarantining of security breaches with respect to a specific product.
- In many embodiments, the product ID, product credential reference ID, product key, and product tag data are stored in non-volatile memory on a playback device. Often, when a playback device is designed and manufactured to be used in a DRM system, the DRM system operator will package into a dataload the encryption keys, algorithms, and/or other information and software instructions necessary for the device to communicate with DRM servers and receive content. In several embodiments of the invention, the product ID and other data is included in the dataload given to a manufacturer for storage on each device.
- Although a specific architecture is shown in
FIG. 1 any of a variety of architectures can be utilized that enable playback devices to communicate with servers over a network in accordance with embodiments of the invention. Furthermore, much of the discussion that follows relates to the use of the product descriptor, product ID, product credential reference ID, product key(s) and product tag data in the certification of products and authentication of devices. As can readily be appreciated not all of the product credential reference ID, product key(s) and product tag data need be associated with a product ID. Indeed, additional data associated with a product ID can vary depending upon the requirements of a specific application in accordance with embodiments of the invention. Product descriptors, Product IDs, additional data that can be associated with product IDs, and systems and methods for using product IDs and associated data in accordance with embodiments of the invention are discussed further below. - In many embodiments of the invention, a product identifier (ID) is a character string that is associated with one or more sets of product tag data, where a set of product tag data is descriptive of a product. Any of a number of methods can be used to generate a product ID, including a random number generator, manual numbering or determination by a person, or systematic methods such as using sequential numbers or globally unique identifiers.
- In several embodiments of the invention, a set of product tag data is associated with a product ID. The individual tags represent information about some aspect of a product. In several embodiments of the invention, an original equipment manufacturer (OEM) requests that a product be certified (i.e. issued a product ID) and provides information for the product tags. The DRM system operator certifies the product by verifying that a device that is exemplary of the product passes certain tests. Assuming the product tags accurately describe the device, the DRM system operator can issue a product ID for the product and can associate the product tags with the product ID. Generally, a change in the value of some of the product tags may necessitate a different product ID.
- In many embodiments of the invention, some product tags may be constant product tags while other tags are variable product tags. Constant product tags are expected to remain constant and not to change through the life of a product. A product credential reference ID can be generated using some or all of the constant product tags associated with a product, as will be described further below.
- Variable product tags may change over the life of the product. Variable tags can be used to track characteristics that may change such as software versions. A product descriptor may be formed using a product ID, variable product tags, and constant product tags, as will be described further below.
- A list of product tags, in accordance with an embodiment of the invention is shown in
FIG. 2A . A set of product tag data, including three variable product tags and seven constant product tags, is illustrated inFIG. 2B . There can be other values of product tags that represent the characteristics of the class of device. - Product ID Version (PT1) indicates the version of the product ID creation algorithm used to generate the product ID and product credential reference ID from the product tags. Each version can also specify lengths and format of tag data, as well as the number of tags and the meaning of each tag. In essence, PT1 allows for the product descriptor to be extensible through the definition of new tag names and versions.
- The Brand tag (PT2) is the brand that the device is sold under—the name marked on the product and product packaging.
- The ODM/Manufacturer tag (PT3) is the company name of the manufacturer of the product. The company may or may not be the same as the Brand. For instance, a product may be designed and manufactured by an original design manufacturer (ODM) and eventually branded by another firm for sale. Or, a company may design and manufacture its own product, in which case the Brand may be the same as the ODM/Manufacturer.
- The Device Type tag (PT4) represents the type of product (e.g., DVD player, television). In many embodiments of the invention, the product type is indicated in a license agreement between the company seeking certification and the certifying DRM system owner.
- The Model Number tag (PT5) is the model number of the product indicated on the product and product packaging. In some embodiments of the invention, products with different model numbers may have the same product ID so long as they share the same base model number. These may be thought of as related products which often share the same chipset and/or other major components and differ only by some playback features or capabilities. In other embodiments, each product with a distinct model number has a distinct product ID.
- The Base Model Number tag (PT6) is the model number of a product's base model. For a base model itself, the value is the same as the Model Number. In many embodiments of the invention, a base model specifies devices using the same chipset and firmware.
- The Silicon Platform ID tag (PT7) is the model number of the chipset or processor architecture used in the device.
- The Certified Playback Profile tag (PT8) denotes the playback profile or profiles for which the device is certified. A playback profile is defined by a DRM system owner as a set of supported or compatible file types, container formats, playback codecs, resolutions, and/or other features of digital media content.
- The Country tag (PT9) is the country name where the product will be shipped and sold.
- The Digital Secure Adaptive Streaming (DSAS) Software Version tag (PT10) can be used to indicate the version numbers for secure adaptive streaming software components implemented on the device. These may include platform components such as the playback software, operating system, and firmware. As will be discussed further below, the tag may be used to determine various device capabilities when the device plays back content such as in the process described in the discussion of
FIG. 7 below. - Although specific tags and fields have been described above, systems and methods in accordance with embodiments of the invention can utilize any of a variety of types of information in product tags that are associated with a product ID.
- In several embodiments of the invention, product tag values can be obtained from a device by running an application on the device that will record the values and communicate the values to a server. In addition, the product tags can vary with different types and classes of product. In many embodiments, the constant tags or a subset of the constant tags for a specific device are utilized as device match data for the purpose of registering the device within a DRM system in the manner outlined in U.S. patent application Ser. No. 13/339,315, to Chan et al. entitled “Binding of Cryptographic Content Using Unique Device Characteristics with Server Heuristics” filed Dec. 28, 2011, the disclosure of which is incorporated by reference herein in its entirety. As can readily be appreciated, the constant tags can vary from product descriptor to product descriptor and so the constant tags that are utilized as device match data can also vary from one product descriptor to the next.
- In several embodiments of the invention, a product ID identifies devices of a particular product or product line. In further embodiments, a product descriptor can differentiate devices within a product or product line by feature set or software or firmware versions. A product descriptor includes a product ID and product tag data. In many embodiments, product tag data includes constant product tags and variable product tags. The variable product tags in the product descriptor of one device may have different values from the variable product tags in the product descriptor of another device, while having the same product ID. The actual tags used in the product descriptor can vary between product IDs. The relationship between a product descriptor, product ID, variable product tags, constant product tags, and credential reference identifier (product credential reference ID) in accordance with an embodiment of the invention is conceptually illustrated in
FIG. 2C . - In several embodiments of the invention, a product credential reference ID is generated using one or more of the product tags and associated with that set of product tags, a product ID, and/or a product descriptor. The product credential reference ID is a unique string of set length generated from some or all of the product tags. In many embodiments of the invention, the product tags used to generate the product credential reference ID are constant product tags. The product credential reference ID is an efficient technique for representing a set of product tags and for detecting tampering. When product tags are changed so that a device passes inspection, the changes can be detected by comparing the product credential reference ID generated using the modified tags and the original product credential reference ID associated with the product ID. The generation of a product credential reference ID can be achieved by many methods, one of which is a cryptographic hash function.
- A cryptographic hash function is a procedure or algorithm that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value. A cryptographic hash function ideally has four significant properties: it is easy to compute the hash value for a given input value, it is infeasible to generate an input value that has a given hash value, it is infeasible to modify an input value without changing the resulting hash value, and it is infeasible to find two input values with the same hash value.
- In many embodiments of the invention, the product credential reference ID generation algorithm uses some or all of the product tags and optionally the product ID as inputs. The result is truncated to a prespecified length, which makes reading and recording by a human observer easier.
- In several embodiments, the hash creation and truncation methods are updatable based on the product ID version. It is understood that a very small chance for collision in the credential reference ID exists; however, hash creation and truncation methods can be adapted to mitigate the problem. Although specific techniques are referenced above for generating credential reference IDs, any of a variety of processes appropriate to a specific application can be utilized in accordance with embodiments of the invention.
- A product key is cryptographic data that can be utilized in the encryption and/or decryption of content and is associated with a product ID and/or product descriptor. In many embodiments, a product key is stored together with the product ID on a CE playback device. As will be discussed further below, the product key can be used in conjunction with one or more other encryption keys stored on the device to access encrypted data (e.g., other keys used to access content or the content itself).
- In many embodiments of the invention, a product ID and associated data are stored on a playback device to enable the playback device to identify itself to a DRM system. A playback device, which stores a product ID, product credential reference ID, product tag data (the set of product tags), and product key in non-volatile memory, in accordance with an embodiment of the invention is shown in
FIG. 3 . Theplayback device 30 includes aprocessor 32,volatile memory 34, andnon-volatile memory 36. In the illustrated embodiment, thenon-volatile memory 36 includes aproduct ID 44,product tag data 46, a productcredential reference ID 48, and aproduct key 50. As described above, in many embodiments,product ID 44 and product tag data 46 (e.g., constant tags and variable tags) form aproduct descriptor 52. As will be discussed below, the user ID, user key, and SSL certificate may be stored during a registration process, and the product ID, product credential reference ID, product tag data, and product key are typically loaded onto the device during manufacturing as part of the device's firmware. - Cryptographic data, which can be used to decrypt encrypted data or create secure connections to other systems, may also be stored in the non-volatile memory. In many embodiments, the cryptographic data includes (but is not limited to) a
user ID 38 that is a unique identifier for a user account, auser key 40 used in decryption of content, and anSSL certificate 42 used in creating secure connections with other devices via Hypertext Transfer Protocol Secure (HTTPS) or a similar secure communication protocol. HTTPS is a combination of the Hypertext Transfer Protocol (HTTP) with Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol to provide encrypted communication and secure identification of a network device. In other embodiments, any of a variety of identifiers, keys, certificates and other types of information can be stored as cryptographic data on a playback device. - In several embodiments of the invention, product IDs and data associated with each ID are stored on a registration server. A registration server, which stores the product IDs, product credential reference IDs, sets of product tag data, and product keys in non-volatile memory, in accordance with an embodiment of the invention is shown in
FIG. 4 . The registration server includes aprocessor 70 andnon-volatile memory 72. The non-volatile memory includes aproduct list 74, which includes at least oneproduct ID 76, and its associated product tag data 78 (i.e., set of tags), productcredential reference ID 80, andproduct key 82. In many embodiments, a product ID together with product tag data forms aproduct descriptor 83. - In some embodiments of the invention, the non-volatile memory also includes a
user account list 84, which includes at least oneuser ID 86, and its associateduser key 88 and aproduct SSL certificate 90. The data may also be stored in data structures other than lists, such as (but not limited to) databases. As can readily be appreciated, SSL certificates may be assigned uniquely to user accounts, to product classes, to device models, to individual devices or by numerous other classifications subject to the limitations and security policies of the DRM system. - In many embodiments of the invention, a product ID is issued for a set of product tag data and the collection of product ID and the product tag data embedded in each device in the product line associated with that product tag data. A flow chart illustrating a process for issuing a product ID during a certification process, in accordance with an embodiment of the invention is shown in
FIG. 5 . - A vendor submits (102) product tag data to a certification team. The submission can be a paper form that is filled out with the relevant product tag data, an electronic form that transmits the information over a network, or other manual or automated process. The certification team verifies (104) that the information is correct—that it is unique (i.e., tags that should be unique to a product do not have the same values as tags in another product) and complete (i.e., tags are not missing). If the information is correct (106), the certification team generates (108) a product ID, product credential reference ID, and product key. The newly created product ID, product credential reference ID, and product key are associated with the product tag data and stored on a registration server. The product ID, product credential reference ID, product key, and the product ID version used to generate the product ID are sent (110) to the vendor to be stored on each device in the product line designated by the product ID. In many embodiments, a product descriptor is sent to the vendor that includes the product ID and product tag data.
- In several embodiments of the invention, the DRM system owner packages into a dataload the encryption keys, algorithms, and/or other information and software instructions necessary for the device to communicate with DRM servers and receive content. The dataload is given to the manufacturer to be stored as firmware or as data in non-volatile memory on each device when it is manufactured. The product ID and associated data can be included in the dataload given to a manufacturer. The process described above with respect to
FIG. 5 , however, may be conducted differently in circumstances where a product ID is assigned to a class of devices (e.g. devices that utilize the same operating system) that include different hardware. In situations where a single product ID is assigned to a class of devices (e.g. mobile devices running a specific operating system), the tag values can be dynamically collected from the system and provided to the DRM system during the certification time using a specific certification application. Accordingly, any of a variety of processes for generating product identifying information and loading the information onto devices can be utilized in accordance with embodiments of the invention. - In many embodiments of the invention, certification of a product includes verifying that the product ID and associated tag data within the product descriptor are stored accurately on a device in the product line. A flow chart illustrating a process for verifying a product ID during a certification process, in accordance with an embodiment of the invention is shown in
FIG. 6 . - The vendor stores (130) a product ID, product certification reference ID, product tag data, and product key in memory on a device. In some embodiments of the invention, the product ID, product certification reference ID, product tag data, and product key can be contained within a dataload of information packaged to be loaded on the device during the manufacturing process as discussed above. In other embodiments, product tag data may be dynamically collected from a device using an application that reads and records tag values as described above, and the device may generate the product credential reference ID.
- The certification team verifies (132) that the product ID and other information are stored accurately. A variety of methods can be utilized to complete the verification. An interface on the device may be configured such that the memory can be read directly. Firmware or software on the device may be programmed to respond to a device status call with the product ID, product credential reference identifier, and/or product tag data. Firmware or software on the device may also be programmed to show the information in human-readable format on a display integrated on the device or removably attached to the device. In several embodiments of the invention, the product credential reference identifier and at least one product tag are rendered viewable for certification purposes.
- Verification may be facilitated by recalling and displaying the product ID and/or other information stored on the server for comparison with the corresponding information stored on the device. Another mechanism that can be utilized is to transfer the product ID and/or other information stored on the device to a terminal manually (e.g., by human interaction) or electronically (e.g., by a physical or wireless connection). The terminal electronically communicates the information to a registration server storing a copy of the information and the registration server responds with whether the information matches.
- If the product ID and other information are correct (134), the certification team stores (136) the product ID, product credential reference ID, product tag data, and product key on the registration server. The information is associated as pertaining to one product line in the DRM system.
- If the product ID and other information are not stored correctly, the certification team can investigate whether the product is participating in the DRM system without appropriate authorization. Although a specific process is illustrated in
FIG. 6 , any of a variety of processes for verifying the product ID and the product related credentials of a device can be utilized in accordance with embodiments of the invention. - In order to participate in a DRM system, a playback device typically connects to a registration server to register itself as an authorized device and connect to a content server each time a user wishes to stream or download content over a network. In several embodiments of the invention, a playback device sends its stored product ID, product credential reference ID, and/or product tag data to a server when registering with a registration server or connecting to a content server to play back streaming content. If the product ID is revoked or if product tag data does not match, the registration or connection attempt can be denied. Various embodiments of the invention utilize a product ID and associated information in authenticating a device to a server in a DRM system. In many embodiments, a product ID and product tag data are sent together as a product descriptor. In several embodiments of the invention, a device receives cryptographic data that it uses to decrypt content and the cryptographic data is encrypted with a product key. Systems and methods for implementing a product ID and product key in registration and authentication of a device are discussed below.
- In many embodiments of the invention, registration of a product includes verifying that the product ID and associated data in the product descriptor are correct and that the product ID has not been revoked. A flow chart illustrating a registration process involving verification of a device's product ID, in accordance with an embodiment of the invention is shown in
FIG. 7 . - A device sends (170) its stored product ID and product ID version to a server. The server determines (172) if the product ID is in a revoked state. The server may maintain a list of revoked product IDs, may indicate revocation status in a database where the product ID is stored, or obtain revocation status of product IDs with any of a variety of other methods including (but not limited to) communicating with a remote system that maintains product ID revocation status. Revocation status may be determined based upon a product ID, any combination of one or more product tags, or any combination of product ID and product tags. Revocation can be checked by any process where a server receives a combination of product ID and product tags that determines revocation status, or information that can be used to look up the product ID and product tags. The server or the remote system can be configured to update the list or database using various manipulative functions including adding and removing product IDs. If the product ID is revoked, the device will not be permitted any protected functions (182) with the server, unless the product ID is restored (184). A protected function is any function that is restricted to devices that can be authenticated and can include (but are not limited to) registration of the device or issuance of content to the device.
- If the product ID is not revoked, the server proceeds to authenticate (174) the session with the device. Authentication may entail the device using its SSL certificate to request a secure connection, although other methods may be used to ensure a secure connection (i.e., where the server and device have reliably identified the machine it is communicating with). For example, during initial registration of a device, the device may not have received an SSL certificate, so a trust relationship may be established by supplying user account details of the customer attempting to register the device.
- A variety of protected functions can be allowed once the server has determined that the product ID has not been revoked. Functions may vary depending on the purpose for which the device is communicating to the server. In some embodiments of the invention, a device connects to a registration server for registration on the DRM system. Typically, such a transaction associates the device with a user account and the device receives (176) cryptographic data with which the device can decrypt content. The cryptographic data may include encryption keys associated with the user account such as user keys and other user account data associated with the user account such as (but not limited to) user IDs and product SSL certificates. The cryptographic data may further be encrypted with a product key that is associated with the product ID issued to the device and a device key that is associated with the class of device to which it belongs (e.g., DVD players, televisions).
- In many embodiments of the invention, a device connects to a content server to request and receive digital content. The server encrypts (178) the content using cryptographic data that can include encryption keys associated with the user account such as user keys. The server sends the encrypted content to the device. The device may then store or immediately play back the received content, using its stored cryptographic data to access the content. In some embodiments of the invention, the device has user keys stored in memory that are encrypted with a product key and device key. The device key and the product key are used to decrypt (180) a user key and the user key is used to decrypt (181) the encrypted content. In other embodiments, any of a variety of combinations of keys and/or cryptographic data including a product key can be utilized to access encrypted content.
- As discussed above, certain variable product tags, such as a Digital Secure Adaptive Streaming (DSAS) Software Version tag (PT10), can be used to indicate the version numbers for secure adaptive streaming software components implemented on the device. Platform components may include the playback software, operating system, and firmware. The collection of the Product ID and the product tags may indicate various device capabilities, such as the category of asset the device can play back. For example, categories of assets may be specified by quality, performance, or resource utilization characteristics that can include (but are not limited to) a bitrate, video resolution, file size, video format, or audio format. Some categories may be lower quality and/or less resource intensive than others. The playback software version or other version number may be associated with certain categories. Thus, a device may initially be manufactured with a software version that is capable of playing back certain categories of assets and later updated or upgraded to play back other categories of assets. A server may determine the playback capabilities based on a combination of the product ID, the constant, and the variable product descriptor tags. Alternatively, if no description for the capability using this combination is found, the server may match on the product ID and the constant product descriptor tag values. Again, if no description for the device capability using this combination is found, the server may perform a match only on the product ID field of the product descriptor and determine a gross set of capabilities that would be tied to the granularity of the products that the product ID is associated with. The identified capabilities can be used for a variety of purposes. In the context of an adaptive bitrate streaming system, the identified capabilities can be utilized to select streams appropriate to the specific device from a set of available streams for inclusion in a dynamically generated top level index file that is then provided to the playback device for use during adaptive bitrate streaming. In other applications, knowledge of device capabilities can be used in any of a variety of different ways appropriate to the specific application.
- Although a specific process is illustrated in
FIG. 7 , any of a variety of processes can be utilized to verify the product ID of a device during registration and/or content distribution in accordance with embodiments of the invention. In several embodiments of the invention, a server can verify the product tag data stored on a device by comparing a generated product credential reference ID against a stored copy. A device sends its stored product tag data and product credential reference ID to the server. The server generates a product credential reference ID in accordance with the corresponding product ID version from the received product tag data. The server then compares the newly generated product credential reference ID with the product credential reference ID stored on the server for that set of product tag data and/or the product credential reference ID received from the device. - Although the description above contains many specificities, these should not be construed as limiting the scope of the invention but as merely providing illustrations of some of the presently preferred embodiments of the invention. Various other embodiments are possible within its scope. Accordingly, the scope of the invention should be determined not by the embodiments illustrated, but by the appended claims and their equivalents.
Claims (29)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/844,631 US20200233981A1 (en) | 2011-06-30 | 2020-04-09 | Method to Identify Consumer Electronics Products |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201161503581P | 2011-06-30 | 2011-06-30 | |
US201161581598P | 2011-12-29 | 2011-12-29 | |
US13/436,888 US20130006869A1 (en) | 2011-06-30 | 2012-03-31 | Method to identify consumer electronics products |
US16/844,631 US20200233981A1 (en) | 2011-06-30 | 2020-04-09 | Method to Identify Consumer Electronics Products |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/436,888 Continuation US20130006869A1 (en) | 2011-06-30 | 2012-03-31 | Method to identify consumer electronics products |
Publications (1)
Publication Number | Publication Date |
---|---|
US20200233981A1 true US20200233981A1 (en) | 2020-07-23 |
Family
ID=47391604
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/436,888 Abandoned US20130006869A1 (en) | 2011-06-30 | 2012-03-31 | Method to identify consumer electronics products |
US13/436,898 Active 2032-06-13 US9092646B2 (en) | 2011-06-30 | 2012-03-31 | Systems and methods for identifying consumer electronic products based on a product identifier |
US16/844,631 Pending US20200233981A1 (en) | 2011-06-30 | 2020-04-09 | Method to Identify Consumer Electronics Products |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/436,888 Abandoned US20130006869A1 (en) | 2011-06-30 | 2012-03-31 | Method to identify consumer electronics products |
US13/436,898 Active 2032-06-13 US9092646B2 (en) | 2011-06-30 | 2012-03-31 | Systems and methods for identifying consumer electronic products based on a product identifier |
Country Status (2)
Country | Link |
---|---|
US (3) | US20130006869A1 (en) |
WO (1) | WO2013003611A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11190497B2 (en) | 2011-08-31 | 2021-11-30 | Divx, Llc | Systems and methods for application identification |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8787570B2 (en) | 2011-08-31 | 2014-07-22 | Sonic Ip, Inc. | Systems and methods for automatically genenrating top level index files |
US20130325725A1 (en) * | 2012-06-04 | 2013-12-05 | Schlumberger Technology Corporation | People in context |
US9727321B2 (en) * | 2012-10-11 | 2017-08-08 | Netflix, Inc. | System and method for managing playback of streaming digital content |
US9565475B2 (en) | 2012-10-11 | 2017-02-07 | Netflix, Inc. | System and method for managing playback of streaming digital content |
US20140236726A1 (en) * | 2013-02-18 | 2014-08-21 | Disney Enterprises, Inc. | Transference of data associated with a product and/or product package |
US9712508B2 (en) * | 2013-03-13 | 2017-07-18 | Intel Corporation | One-touch device personalization |
US10057228B2 (en) | 2014-04-17 | 2018-08-21 | Ct Acquisition Holdco, Llc | Registering content to a digital locker |
WO2015187740A1 (en) | 2014-06-02 | 2015-12-10 | Sonic Ip, Inc. | Binding content playback to a removable storage |
US9684915B1 (en) * | 2014-07-11 | 2017-06-20 | ProSports Technologies, LLC | Method, medium, and system including a display device with authenticated digital collectables |
US9418360B1 (en) | 2014-07-11 | 2016-08-16 | ProSports Technologies, LLC | Digital kiosk |
CN107111477B (en) | 2015-01-06 | 2021-05-14 | 帝威视有限公司 | System and method for encoding content and sharing content between devices |
US10853592B2 (en) | 2015-02-13 | 2020-12-01 | Yoti Holding Limited | Digital identity system |
US9641553B2 (en) * | 2015-09-25 | 2017-05-02 | Intel Corporation | Methods and apparatus to facilitate end-user defined policy management |
US10482437B2 (en) * | 2015-12-16 | 2019-11-19 | Mastercard International Incorporated | Systems and methods for identifying suspect illicit merchants |
US10558979B2 (en) * | 2016-01-20 | 2020-02-11 | Zortag, Inc. | Method of, and system for, preventing unauthorized products from being sold on online sites |
DE112018000705T5 (en) | 2017-03-06 | 2019-11-14 | Cummins Filtration Ip, Inc. | DETECTION OF REAL FILTERS WITH A FILTER MONITORING SYSTEM |
US10911954B2 (en) * | 2018-03-01 | 2021-02-02 | The Boeing Company | Dynamic data package access for mobile device |
US11101984B2 (en) | 2019-04-04 | 2021-08-24 | Micron Technology, Inc. | Onboarding software on secure devices to generate device identities for authentication with remote servers |
US11388067B2 (en) * | 2020-03-30 | 2022-07-12 | Tencent America LLC | Systems and methods for network-based media processing (NBMP) for describing capabilities |
CN111669530A (en) * | 2020-05-07 | 2020-09-15 | 浙江大华技术股份有限公司 | Method for setting video playback permission, video recording equipment and computer equipment |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060020825A1 (en) * | 2004-07-21 | 2006-01-26 | Dixxnetworks, Inc. | Optimized secure media playback control |
US20060224513A1 (en) * | 2005-03-31 | 2006-10-05 | Sony Corporation | Content information providing system, content information providing server, content reproduction apparatus, content information providing method, content reproduction method and computer program |
US20060235956A1 (en) * | 2005-03-30 | 2006-10-19 | Sony Corporation | Information process distribution system, information processing apparatus and information process distribution method |
US20070033419A1 (en) * | 2003-07-07 | 2007-02-08 | Cryptography Research, Inc. | Reprogrammable security for controlling piracy and enabling interactive content |
US20090013195A1 (en) * | 2005-01-18 | 2009-01-08 | Matsushita Electric Industrial Co., Ltd. | Data Storing Method, Data Playback Method, Data Recording Device, Data Playback Device, and Recording Medium |
US20110145562A1 (en) * | 2009-12-10 | 2011-06-16 | General Instrument Corporation | System and method for securely transfering content from set-top box to personal media player |
US7975312B2 (en) * | 2007-01-08 | 2011-07-05 | Apple Inc. | Token passing technique for media playback devices |
US20140195807A1 (en) * | 2009-11-16 | 2014-07-10 | Hagai Bar-El | System, device, and method of provisioning cryptographic data to electronic devices |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5734823A (en) * | 1991-11-04 | 1998-03-31 | Microtome, Inc. | Systems and apparatus for electronic communication and storage of information |
US5673316A (en) * | 1996-03-29 | 1997-09-30 | International Business Machines Corporation | Creation and distribution of cryptographic envelope |
WO2001031841A1 (en) | 1999-10-27 | 2001-05-03 | Visa International Service Association | Method and apparatus for leveraging an existing cryptographic infrastructure |
US6834269B1 (en) | 2000-02-23 | 2004-12-21 | Dell Products L.P. | Factory-installed software purchase verification key |
US7603703B2 (en) | 2001-04-12 | 2009-10-13 | International Business Machines Corporation | Method and system for controlled distribution of application code and content data within a computer network |
US6585521B1 (en) | 2001-12-21 | 2003-07-01 | Hewlett-Packard Development Company, L.P. | Video indexing based on viewers' behavior and emotion feedback |
US8082198B2 (en) | 2002-12-11 | 2011-12-20 | Broadcom Corporation | Billing support in a media exchange network |
US8214884B2 (en) * | 2003-06-27 | 2012-07-03 | Attachmate Corporation | Computer-based dynamic secure non-cached delivery of security credentials such as digitally signed certificates or keys |
BRPI0508712A (en) | 2004-03-18 | 2007-08-07 | Thomson Licensing | method and system for selectively providing access to content |
US20060015580A1 (en) | 2004-07-01 | 2006-01-19 | Home Box Office, A Delaware Corporation | Multimedia content distribution |
JP2007060066A (en) | 2005-08-23 | 2007-03-08 | Toshiba Corp | Content data distribution method, and content data distribution system and portable terminal for use therein |
US8620147B2 (en) * | 2009-03-31 | 2013-12-31 | Samsung Electronics Co., Ltd. | Method and apparatus for transmitting compressed data using digital data interface, and method and apparatus for receiving compressed data using digital data interface |
US9094379B1 (en) * | 2010-12-29 | 2015-07-28 | Amazon Technologies, Inc. | Transparent client-side cryptography for network applications |
-
2012
- 2012-03-31 US US13/436,888 patent/US20130006869A1/en not_active Abandoned
- 2012-03-31 US US13/436,898 patent/US9092646B2/en active Active
- 2012-06-28 WO PCT/US2012/044680 patent/WO2013003611A2/en active Application Filing
-
2020
- 2020-04-09 US US16/844,631 patent/US20200233981A1/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070033419A1 (en) * | 2003-07-07 | 2007-02-08 | Cryptography Research, Inc. | Reprogrammable security for controlling piracy and enabling interactive content |
US20060020825A1 (en) * | 2004-07-21 | 2006-01-26 | Dixxnetworks, Inc. | Optimized secure media playback control |
US20090013195A1 (en) * | 2005-01-18 | 2009-01-08 | Matsushita Electric Industrial Co., Ltd. | Data Storing Method, Data Playback Method, Data Recording Device, Data Playback Device, and Recording Medium |
US20060235956A1 (en) * | 2005-03-30 | 2006-10-19 | Sony Corporation | Information process distribution system, information processing apparatus and information process distribution method |
US20060224513A1 (en) * | 2005-03-31 | 2006-10-05 | Sony Corporation | Content information providing system, content information providing server, content reproduction apparatus, content information providing method, content reproduction method and computer program |
US7975312B2 (en) * | 2007-01-08 | 2011-07-05 | Apple Inc. | Token passing technique for media playback devices |
US20140195807A1 (en) * | 2009-11-16 | 2014-07-10 | Hagai Bar-El | System, device, and method of provisioning cryptographic data to electronic devices |
US20110145562A1 (en) * | 2009-12-10 | 2011-06-16 | General Instrument Corporation | System and method for securely transfering content from set-top box to personal media player |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11190497B2 (en) | 2011-08-31 | 2021-11-30 | Divx, Llc | Systems and methods for application identification |
US11870758B2 (en) | 2011-08-31 | 2024-01-09 | Divx, Llc | Systems and methods for application identification |
Also Published As
Publication number | Publication date |
---|---|
US20130007443A1 (en) | 2013-01-03 |
WO2013003611A3 (en) | 2014-05-08 |
WO2013003611A2 (en) | 2013-01-03 |
US9092646B2 (en) | 2015-07-28 |
US20130006869A1 (en) | 2013-01-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200233981A1 (en) | Method to Identify Consumer Electronics Products | |
US11870758B2 (en) | Systems and methods for application identification | |
US9946851B2 (en) | Systems and methods for managing and protecting electronic content and applications | |
US8955158B2 (en) | Method and apparatus for transmitting rights object information between device and portable storage | |
JP5837234B2 (en) | System and method for accessing digital content using electronic tickets and ticket tokens | |
US7698743B2 (en) | Authentication server, method and system for detecting unauthorized terminal | |
US8156049B2 (en) | Universal DRM support for devices | |
US8738536B2 (en) | Licensing content for use on portable device | |
US7325139B2 (en) | Information processing device, method, and program | |
US7644446B2 (en) | Encryption and data-protection for content on portable medium | |
CN107770115A (en) | Distribute the method and system of digital content in a peer-to-peer network | |
US20020157002A1 (en) | System and method for secure and convenient management of digital electronic content | |
US10698987B2 (en) | Systems and methods for binding content playback to the pairing of a playback device and removable memory storage device | |
US20090183000A1 (en) | Method And System For Dynamically Granting A DRM License Using A URL | |
TWI691857B (en) | Digital rights management system and digital rights protection method | |
US20050138400A1 (en) | Digital content protection method | |
US20140230068A1 (en) | System and method for packaging and authenticating a software product | |
US20240356903A1 (en) | Systems and Methods for Application Identification | |
Karuppiah | Blockchain for digital rights management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
AS | Assignment |
Owner name: DIVX, LLC, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:GRAB, ERIC WILLIAM;SOROUSHIAN, KOUROSH;LIN, TUNG;AND OTHERS;SIGNING DATES FROM 20120503 TO 20120505;REEL/FRAME:055774/0210 Owner name: SONIC IP, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DIVX, LLC;REEL/FRAME:055774/0220 Effective date: 20131121 Owner name: DIVX CF HOLDINGS LLC, NEW YORK Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SONIC IP, INC.;REEL/FRAME:055774/0247 Effective date: 20180212 Owner name: DIVX, LLC, CALIFORNIA Free format text: CHANGE OF NAME;ASSIGNOR:DIVX CF HOLDINGS LLC;REEL/FRAME:055774/0280 Effective date: 20180212 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |