WO2017083311A1

WO2017083311A1 - Timed release of decryption keys for access to distributed encrypted content

Info

Publication number: WO2017083311A1
Application number: PCT/US2016/061002
Authority: WO
Inventors: Paul C. Kocher; Helena Handschuh
Original assignee: Secure Content Storage Association, Llc; Cryptography Research, Inc.
Priority date: 2015-11-09
Filing date: 2016-11-08
Publication date: 2017-05-18

Abstract

Methods and apparatus for generating, publishing, and using cryptographic keys that enable access to encrypted content any time after, and not before, a defined future release time, without depending on publication of a key or other information at or after the release time. The methods and apparatus make use of various cryptographic features, including but not limited to a time key selected by a key issuer from a predetermined key sequence based on a publication time for data including a time key or set of time keys and a timestamp, an intermediate key derived by a player device from the time key using an iterative cryptographic transformation based on comparing the release time to the publication time, and optionally including derivation of a shadow key.

Description

TIMED RELEASE OF DECRYPTION KEYS FOR ACCESS TO DISTRIBUTED

ENCRYPTED CONTENT

PRIORITY CLAIM

[001 ] The present application claims priority to U.S. provisional patent application Serial No. 62/253,054 filed November 9, 2015, which is entirely incorporated herein by reference.

FIELD

[002] The present application relates to controlling access to distributed encrypted content that is stored in non-transitory computer-readable storage media using a system and method of specially configured decryption keys.

BACKGROUND

[003] Data security is important for many reasons, and data stored in non-transitory computer-readable storage media can be quite valuable. Although digital right management (DRM) methods and systems exist to secure stored data, existing methods may suffer from weaknesses that make stored data vulnerable to unauthorized use. At the same time, the widespread adoption of portable content devices such as smart phones, notepad computers, and the like, has increased public demand for consumption of copyrighted content from various types of portable non- transitory computer-readable and writable storage media. Such non-transitory computer-readable storage media include, for example, solid-state drives (SSDs), hard disk drives, Universal Serial Bus (USB) memory sticks, flash memory cards, and other portable storage devices. Data stored on these types of storage media may not be sufficiently secured against theft or unauthorized access, using existing DRM methods.

[004] For some applications, it is desirable that encrypted content be distributed to multiple recipients in advance before it is desired to grant access to the content, and to set some future time at which the content will be made accessible. A key can simply be provided upon request at or after the appointed time; however, this may require not only processing a large number of simultaneous requests, but also servicing key requests for an indeterminate period after the release date. When many copies of the encrypted copies are distributed, such key handling may be cumbersome, and may lead to premature obsolescence of the distributed content. For example, if the key becomes unavailable for some reason long after the release date, the content will become unusable, and the consumer unhappy.

[005] It would be desirable, therefore, to develop new methods and other new technologies for controlling access to the data stored in non-transitory computer- readable storage media, that overcomes these and other limitations of the prior art.

SUMMARY

[006] This summary and the following detailed description should be interpreted as complementary parts of an integrated disclosure, which parts may include redundant subject matter and/or supplemental subject matter. An omission in either section does not indicate priority or relative importance of any element described in the integrated application. Differences between the sections may include supplemental disclosures of alternative embodiments, additional details, or alternative descriptions of identical embodiments using different terminology, as should be apparent from the respective disclosures.

[007] In an aspect of the disclosure, it may be desired to provide encrypted content to a storage device well in advance of a release date for the content, such that the content cannot be decrypted prior to that date even if a player device is tampered with so as to disregard a published release date. The encrypted content may be stored with a separate "license" file including a header that contains metadata including encrypted versions of a time-release key used to encrypt the content, the release date, and a content issuer ID used to derive shadow keys with which the time-release key has been encrypted.

[008] In a related aspect, a method for decrypting, by a player device, encrypted content stored at a storage device configured for access only after a defined future release time may include receiving, at the player device, a digitally-signed data structure published by a key issuer at a publication time, the digitally-signed data structure including a time key selected by the key issuer from a predetermined key sequence based on the publication time. Thus, the time key, which may be one of a set of time keys each indicating a different subdivision (e.g., year, day, minute) of time, corresponds to the publication date of the digitally-signed data structure. Optionally, the digitally-signed data structure may also include a timestamp indicating the publication time. Meanwhile, the encrypted content on the storage device or a key for decrypting it has been encrypted using a related set of shadow keys corresponding to the release time. The shadow keys are configured such that it is cryptographically infeasible to recover them until the publication time is equal to or later than the release time, after which one or more time keys selected based on a time equal to or after the release time have been published. Hence, the shadow keys cannot be determined by the player device until or after receiving time keys for a publication time that is equal to or after the release date.

[009] The digitally-signed data structure may be published to the network and received by the player device at regular intervals, for example, one per minute or once per second. Selected versions of the digitally-signed data structure may be truncated to little more than essential header information, to conserve network bandwidth. Other versions of the digitally-signed data structure may include lists of revoked or security- revised devices participating in the security system and known to be compromised.

[010] The method may further include determining, by the player device, to not decrypt the time-release key based on the publication time being earlier than the release time. This is an optional step, because the player device would be unable to decrypt the encrypted content prior to the release date, before the necessary time keys have been published.

[01 1 ] The method may further include determining, by the player device, a number of iterations of a one-way cryptographic transformation that are needed to derive one or more intermediate keys from the time key, based on comparing the release time to the publication time, wherein it is cryptographically infeasible to derive the one or more intermediate keys from the time key unless the release time is earlier than or equal to the publication time. As described in more detail herein, the number of times to iterate the one-way cryptographic transformation on the time key may be determined by a difference between the release date and the publication date.

[012] The method may include deriving, by the player device, one or more intermediate keys, at least in part by iterating the one-way cryptographic transformation on the time key for the number of iterations. The one or more intermediate keys may include, for example, a shadow key derived from iterating the time key and shadowing the result, and the time-release key that is encrypted by the shadow key. The one or more intermediate keys may further include, for example, at least one content key that is encrypted by the time-release key.

[013] The method may further include decrypting, by the player device, the encrypted content using at least the one or more intermediate keys to access a media file. The media file (e.g., digital audio-video content) may be decoded by the player device and the decoded signal provided to an audio-video output device.

[014] Using the method summarized above, and related methods by other system components, the time of release of content can be controlled without requiring distribution of key tables to player devices or supplying of specific decryption keys from a network source after the time of release has passed. In addition, network or server congestion created by a rush to obtain keys around the time of release, and congestion caused by distribution of content at the time of release, can be completely eliminated. Content can be securely distributed in advance of the release date. Both the content and the keys needed to access it become locally accessible to every player device as soon as the regularly issued digitally-signed data structure with time keys and timestamp indicates that the time of release has passed. There is no extraordinary network load that need be caused by the release event.

[015] As used herein, a "client device" includes at least a computer processor coupled to a memory and to one or more ports, including at least one input port and at least one output port (e.g. , a desktop computer, laptop computer, tablet computer, smartphone, PDA, etc.). A computer processor may include, for example, a microprocessor, microcontroller, system on a chip, or other processing circuit. As used herein, a "processor" means a computer processor.

[016] As used herein, a "key" refers to a particular transformation of plaintext into ciphertext, or vice versa, during decryption for use in conjunction with cryptographic algorithms (e.g., symmetric key algorithms and asymmetric key algorithms) to allow access to encrypted content. Advanced Encryption Standard (AES) is an example of a symmetric key algorithm. Shadow or time keys as described herein may be AES keys.

[017] To the accomplishment of the foregoing and related ends, one or more examples comprise the features hereinafter fully described and particularly pointed out in the claims. The following description and the annexed drawings set forth in detail certain illustrative aspects and are indicative of but a few of the various ways in which the principles of the examples may be employed. Other advantages and novel features will become apparent from the following detailed description when considered in conjunction with the drawings and the disclosed examples, which encompass all such aspects and their equivalents.

BRIEF DESCRIPTION OF THE DRAWINGS

[018] The features, nature, and advantages of the present disclosure will become more apparent from the detailed description set forth below when taken in conjunction with the drawings in which like reference characters identify like elements correspondingly throughout the specification and drawings.

[019] Fig. 1 is a schematic diagram illustrating aspects of a system for implementing methods for controlling access to stored distributed encrypted content in a storage device using timed release of decryption keys.

[020] Fig. 2 is a schematic diagram illustrating aspects of an apparatus including a content access device coupled to a storage device.

[021 ] Fig. 3 is a block diagram illustrating more detailed aspects of systems and methods for controlling access to stored distributed encrypted content in a storage device using timed release of decryption keys.

[022] Fig. 4 is a block diagram illustrating aspects of a time/shadow key table.

[023] Fig. 5 is a flow diagram illustrating aspects of key handling and use by a player device in a system for controlling access to stored distributed encrypted content in a storage device using timed release of decryption keys.

[024] Fig. 6 is a flow chart illustrating a method for decrypting, by a player device, encrypted content stored at a storage device configured for access only after a defined future release time.

[025] Fig. 7 is a flow chart illustrating a method for controlling a future release time at which distributed encrypted content is capable of being decrypted by a client device.

[026] Fig. 8 is a flow chart illustrating a method for controlling access to distributed encrypted content at a future release time.

[027] Figs. 9 is a conceptual block diagram illustrating components of an apparatus or system for decrypting encrypted content after a defined future release time.

[028] Fig. 10 is a conceptual block diagram illustrating components of an apparatus or system for controlling a future release time. [029] Fig. 1 1 is a conceptual block diagram illustrating components of an apparatus or system for controlling access to distributed encrypted content.

DETAILED DESCRIPTION

[030] Various aspects are now described with reference to the drawings. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of one or more aspects. It may be evident, however, that the various aspects may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to facilitate describing these aspects.

[031 ] Referring to Fig. 1 , a system 100 illustrates an example of a network context including several different types of computing and/or storage devices 102, 104, 106 coupled via a router/modem 108 and local area network (LAN) or wireless access node 1 18 for a cellular telephone network to a license server 1 14 and remote clients 102, 104, 106, 1 10, 1 12. By way of non-limiting example, a personal computer 104 may include, or may be coupled to, via a high-speed serial connection or the like, a relatively large secure storage device capable of storing and providing access to copy-protected content through the usage of timed-release decryption keys at a future release time. A consumer of protected content may therefore use the personal computer or a connected external drive, or the like, for holding all or part of the user's media content library. Library content may also be held, via a cloud computing network or other server configuration, in a storage server 120. More portable devices, such as a notepad computer 102 or 1 12, smartphone 106, or other small form factor computer, may be used primarily for consuming, managing, or purchasing licenses to specific content.

[032] Each of these devices may also include a secure storage device able to use timed-release decryption keys to allow access to distributed encrypted content by a player device 1 10 or other content access device (such as the notepad computer 102 or 1 12 and smartphone 106). Alternatively, each of these devices can be wirelessly coupled to secure storage apparatus 120. Secure storage apparatus 120 can be a server comprising a grouping of hard drives as known in the art for server systems, or may be a dedicated hardware storage device embedded in any of the content access devices. [033] A player or content access device may be used primarily for viewing or otherwise accessing content, or may include other components such as a secure storage device for performing other functions. Content player devices may include, for example, flat- screen televisions of various types, digital video projectors, smartphones, notepad computers, wrist watch computers, and any other computing device that includes or is coupled to a suitable audio/video output component. Using timed-release decryption keys may be a necessary feature of a security protocol for controlling access to certain content. Hence, a device with a non-capable storage component may not be able to access certain content, or may be restricted to more limited uses of the certain content.

[034] The system 100 can further include a Key Issuance Center (KIC) server 122, a license server 1 14 and content issuer server 124. Content issuer server 124 can be controlled by an administrator for the purpose of distributing encrypted digital content. The encrypted digital content can be downloaded onto player or content access devices, or stored in secure storage devices or in a secure storage apparatus 120. A secure storage device may include, for example, a magnetic disk or solid-state storage device including a user area and a non-user area. The user area may be used to store encrypted content in the clear. The non-user area or a memory device in a hardware controller for the storage device may be used to store keys and communication protocols for receiving and providing content according to a defined security specification. The encrypted content stored in the user area of the secure storage device can be accessed and played e.g., as an audio-video signal creating video images on a display screen with accompanying sound output, or sound alone without video, by an audio transducer in speakers or the like. A player device may include any general purpose client such as the computer 104, notepad computer 102, smartphone 106, or a dedicated player device such as a Blu-ray™ or other media player. The player device is configured with system keys and communication protocols to secure communications between the player device and storage device, or between the player device and KIC server 122.

[035] Timed release content features as described more particularly herein enable a content provider via a content server to configure encrypted content that cannot be decrypted by any device that is compliant with the security specification prior to a certain date and time, while assuring that the content will continue to be playable for so long as the security system is operable without special delivery of keys to player devices. The content issuer server 124 can be used to create encrypted content files that are marked with a content issuer identifier (ID) assigned to the content issuer via the KIC server 122. The content issuer ID is used to "shadow" a set of keys that are unique to content produced by the content provider identified by the content issuer ID and can be used by any system-compliant player device to obtain access to shadow keys needed to access content that is distributed by the content provider. As used herein, each of the shadow keys are said to be a "shadow" of the content issuer ID because they are generated by operating on key using a one-way cryptographic transformation that takes the content issuer ID as an input. Similarly, "shadowing" as used herein means to process input data (e.g., a cryptographic key) using a one-way cryptographic transform based on additional data input (e.g., an identifier), yielding an output. Shadowing a time key using a content issuer ID yields a shadow key. In a well- designed system, it is cryptographically infeasible to derive the time key from the shadow key, even if possessing the content issuer ID. Any device that knows (e.g., has a copy of the one-way cryptographic transform stored in its memory) can generate keys as used in the timed-release methods described herein.

[036] The KIC server 122 may be controlled by an administrator, and may provide timed-release decryption keys at a future date to allow decryption and access to the stored encrypted digital content. In some versions the license server 1 14 may connect to the content issuer server 124, storage server 120, KIC server 122, and player devices. A more general function of the KIC server 122 may include a periodic broadcast of a certificate revision list or certificate revocation list, either or both indicated generally herein by the acronym 'CRL.' A certificate revocation list is a list of player devices whose security has been compromised, while a certificate revision list may list both security-revoked devices and security-revised devices that retain one or more levels of limited access. The CRL may be published at frequent intervals, e.g., one minute or more frequently, and may include a header holding a current system timestamp and a set of keys used in the timed-release system described herein. The timestamp may be used to establish official system time for use of time-release control. A CRL may have other features beyond the scope of the present application. A CRL is an example of a digitally-signed data structure.

[037] In operation, the system 100 may be adapted to allow access to distributed encrypted content at a future date by using timed-release decryption keys. For example, secure storage apparatus 120 can be configured to receive distributed encrypted content and a license file from content issuer server 124. The encrypted content is not yet able to be decrypted by the player devices and can comprise a media file {e.g. , movie, video file, video game, etc.) suitable for playback on a player device. An administrator of the content issuer server 124 (i.e. , the content issuer) determines a release time (e.g. , year, day, and minute) when the encrypted content will be released for end-user access. The content issuer server selects a random time-release key and provides the time-release key to a license server for encrypting using different shadow keys based on the time of the release date. Each encrypted version of the time-release key may be included in a license file or in other data associated with encrypted content.

[038] In some aspects, three shadow keys corresponding to a year key based on a year of release, a day key based on a day of release, and a minute key based on a minute of release, are used to encrypt the time-release key. The license server selects each shadow key from a table of shadow keys based on desired year, day, and minute of release. In some versions, the shadow key selected corresponds to the year immediately after the release year, the day immediately after the release day, and the minute of release. The table of shadow keys is derived by shadowing a corresponding table of time keys using a content issuer identifier. The value of each key in the table of time keys can be derived by successively hashing any later time key using a defined one-way hash function. The shadow key needed to unlock the time-release key thus can be derived from any later time key. The table of shadow keys is specific to a shadow of a content issuer ID, whereas the table of time keys is not limited to use with any particular content issuer, and can be shadowed by different content issuer IDs to obtain shadow key tables used for different content issuers. The table of time keys from which the shadow keys are derived is not published as a whole. Individual time keys from the table are released on a time schedule as described herein below.

[039] In some aspects, at a later date, time keys corresponding to a publication date are published in a digitally-signed data structure by KIC server 122. A digitally-signed data structure may be of any suitable file type, including but not limited to a CRL or certificate file. The time keys are used by the player device to derive the shadow keys, which are then used by the player device for decryption of the encrypted content on or after the release date. The digitally-signed data structure contains a timestamp for determination of time for the purposes of decryption of the encrypted content. The storage device and player device may rely on the timestamp to determine system time. The player device may refuse to decrypt the random key if the timestamp is prior to the release time that is saved with the content or license file. However, the time-release method does not rely on refusal by the player device, and will operate despite tampering with the player device aimed at defeating timestamp control. The methods described herein will ensure that it is cryptographically infeasible to derive intermediate keys needed to decrypt the content file from the time key, unless the release time is earlier than or equal to the publication time of the digitally-signed data structure.

[040] The digitally-signed data structure contains three master time keys that correspond to the year, day, and minute indicated by the timestamped publication time of the data structure. If the timestamp is after the release date, the player determines how many times to execute the one-way hash function on the master time key based on comparing the timestamp to the release date. For example, if the timestamp year is one or more years after the release year, then the player determines the year time key for the release year using a one-way hash function on the year master time key, and uses the year time key and content issuer ID to recover the shadow key, which it then uses to derive the time-release key. If the timestamp day is one or more days after the release day, then the player determines the day time key for the release day using a one-way hash function on the day master time key, derives the day shadow key from the day time key and the content issuer ID, and uses the day shadow key to recover the time-release key. Otherwise, if the timestamp minute is one or more minutes after the release minute, then the player determines the minute time key for the release minute using a one-way hash function on the minute master time key, derives the minute shadow key from the minute time key and the content issuer ID, and uses the minute shadow key to recover the time-release key. In some versions, the shadow keys are included in digitally-signed data structure header, not in a file body, for convenience in updating the included keys.

[041 ] The player device processes the license file to check that the time-release key is correctly recovered. The player device then decrypts the encrypted content using at least the time-release key, and initiates playback of the media file thus decrypted. A more detailed description of these processes is described in connection with the figures below. [042] Referring to Fig. 2, aspects of a computing apparatus 200 for enabling access to distributed encrypted content using timed-release decryption keys as described herein are illustrated. In embodiments, the apparatus may be configured as a content access device, a content issuer device, or a key issuer device. In other embodiments, the apparatus may be configured to include a storage device holding protected content, or as a player device that communicates with an external storage device. In other embodiments, the apparatus 200 may be used for video gaming, entertainment, social networking, data processing, user interfacing or other application, and may include, for example, a processor 202, for example a central processing unit based on 80x86 architecture as designed by Intel™ or AMD™, or a system-on-a-chip as designed by ARM™. The processor 202 may be communicatively coupled to auxiliary devices or modules of the apparatus 200, using a bus or other coupling. Optionally, the processor 202 and some or all of its coupled auxiliary devices or modules (examples of which are depicted at 204-216) may be housed within or coupled to a housing 218, for example, a housing having a form factor of a personal computer, gaming console, smart phone, notepad computer, laptop computer, set-top box, or other form factor. In alternative embodiments, as described above in connection with Fig. 1 , the storage device 216 may be in a first device that is communicatively coupled to a second player or content access device, using timed-release decryption keys as described in more detail herein below.

[043] A user interface device 204 may be coupled to the processor 202 for providing user control input to a content access process operated by an application executing on the processor 202. User control input may include, for example, selections from a graphical user interface or other input (e.g., textual or directional commands) generated via a touch screen, keyboard, pointing device (e.g., game controller), microphone, motion sensor, camera, or some combination of these or other input devices. Input may also be provided via a sensor 206 coupled to the processor 202. A sensor may comprise, for example, a motion sensor (e.g., an accelerometer), a position sensor, a temperature sensor, a location sensor (for example, a Global Positioning System (GPS) receiver and controller), or a microphone. The sensor 206 may detect a motion or other state of a user interface display, for example, motion of a virtual-reality headset, or the bodily state of the user, for example, skin temperature or pulse. [044] The apparatus 200 may optionally include an input/output port 208 coupled to the processor 202, to enable communication between the processor 202 and a computer network. Such communication may be used, for example, to enable access to secured content from the storage device 216 by a content access device using timed-release decryption keys. In other words, a storage device and content access (or player) device may be integrated in a single apparatus, or may be embodied as separate apparatuses. The content access may be for any single or multi-user purpose for which the content is licensed, for example, viewing a movie or television program, video gaming, social networking, group entertainment experiences, experiencing virtual realities, experiencing augmented realities, accessing educational data, accessing proprietary data, and so forth.

[045] A display 220 may be coupled to the processor 202, for example via a graphics processing unit (not shown) integrated in the processor 202 or in a separate chip. The display 220 may include, for example, a flat screen color liquid crystal (LCD) display illuminated by light-emitting diodes (LEDs) or other lamps, a projector driven by an LED display or by a digital light processing (DLP) unit, or other digital display device. The display device 220 may be, or may be incorporated into a virtual reality headset or other immersive display system. Video output driven by a content access application operating on the processor 202 for accessing distributed encrypted content, may be provided to the display device 220 and output as a video display to the user (also referred to herein as the "player"). Similarly, an amplifier/speaker or other audio output transducer 212 may be coupled to the processor 202 via an audio processing system. Audio output correlated to the video output and generated by a content access application may be provided to the audio transducer 212 and output as audible sound to the user.

[046] The computing apparatus 200 may further include a random access memory (RAM) 214 holding program instructions and data for rapid execution or processing by the processor during decryption of distributed encrypted content using timed-release keys. When the apparatus 200 is powered off or in an inactive state, program instructions and data may be stored in a long-term memory, for example, a non-volatile magnetic, optical, or electronic memory storage device 216. Either or both of the RAM 214 or the storage device 216 may comprise a non-transitory computer-readable medium holding program instructions, that when executed by the processor 202, cause the apparatus 200 to perform a method or operations as described herein. Further details regarding secure memory handling are described later in the specification. Program instructions may be written in any suitable high-level language, for example, C, C++, C#, or Java™, and compiled to produce machine-language code for execution by the processor. Program instructions may be grouped into functional modules, to facilitate coding efficiency and comprehensibility. It should be appreciated that such modules, even if discernable as divisions or grouping in source code, are not necessarily distinguishable as separate code blocks in machine-level coding. Code bundles directed toward a specific type of function may be considered to comprise a module, regardless of whether or not machine code on the bundle can be executed independently of other machine code. In other words, the modules may be high-level modules only.

[047] Fig. 3 shows more particular aspects of a security system 300 including content issuer and license servers 302, a secure storage device 322, a secure player device 326 and a KIC server 342. Functional aspects of the system 300 may be distributed among different components without departing from the inventive aspects of the disclosure. For example, functional components of the servers 302 may be distributed between a license server 301 (above the intermediate dotted line in box 302) and a content issuer server 303 (below the dotted line), as shown.

[048] The KIC server 342 publishes a set (e.g., three) time keys, for example AES keys, that are used for the time-release system. The server 342 generates 348 a periodic digitally-signed data structure 350 (for example, a CRL or certificate file) that includes a current timestamp (date/time) and the set of time keys. While an embodiment with three time keys will be described, it should be appreciated that other numbers, for example two or four, or keys used for different divisions of time, may also be useful. The set of time keys in the digitally-signed data structure may be arranged in a predetermined order in a header. For example, a first key K_year may represent the year key, a second key Kday.year may represent the year and day key (for brevity, the day key or K_day), and a third (last) key K_mj_nute, day, year may represent the year day and minute key (for brevity, the minute key or K_minute)-

[049] The set of time keys may be published by the KIC server 342 in the digitally- signed data structure 350 to enable time-based release of content under control of a content issuer server 303. For example, a distributed content package 324, which may include a license file 323 and other files, can be published and distributed that is unplayable prior to a specified date, or specific security rules for a license can be designed to be related on a particular date. For further example, a digitally-signed data structure issued on April 20, 2024 at 12:25 would include K2024, ΚΑΡ_ΠΙ 20, 2024 and Ki 2:25, April 20, 2024- Each key may have a fixed length, for example, 12, 14, 16 or 18 bytes, and may be located in a predefined position in the digitally-signed data structure 350 header. Accordingly, the player device can quickly and accurately find the appropriate key. As explained elsewhere in the present disclosure, the player device need only use one of the time keys to access content, depending on the time of access.

[050] The KIC server 342 may generate 344 a time key table 345 and a shadow key table 304 for each particular content issuer identifier based on the time key table. The shadow key table 304may be, or may include, a digital data structure that includes every shadow key needed to access time-release content at future times. It should be appreciated that the table 304 is provided in digital machine-readable form for automatic processing by a digital microprocessor. A manual key table (e.g. , one made with pencil and paper) is useless because the computations required to use the keys are too extensive to have any practical use unless performed by a modern microprocessor. Moreover, the keys are applied as part of a security process that protects digital video or audio data and allows it to be played by a player device. These security and media player operations also require machine implementation.

[051 ] Each shadow key table 304 is a complete set of time keys that are shadowed by a particular content issuer ID. In other words, the time keys in table 345 maintained by the KIC server 342 can be transformed into any desired number of shadow key sets, one set for each content issuer ID, by shadowing (transforming) each key in the time key set under a content issuer ID. A shadowing function is a one-way cryptographic transformation that creates a definite and repeatable output, given two inputs: a time key and a content issuer ID.

[052] Shadow keys and time keys for any particular year, day or minute (or other division of time, if used) have a defined relationship with each other, as illustrated by the time and shadow key table 400 of one example embodiment shown in Fig. 4. Each of the yearly time keys 412, 414, 416, 418 is a one-way hash of the next year's key, except that the last key (Year 'N' key 418) is determined by and known only by a licensing authority node, such as the KIC server. Thus, any previous year's key can be derived by repeatedly hashing the current year's time key, using a known hashing algorithm. For example, if a player device is provided with the Year 3 key 416, it can derive the Year 2 key 414 by hashing the Year 3 key 416 once and can derive the Year

1 key 412 by hashing the Year 3 key twice. In any year up to the limit of Year 'N', the player device can derive any prior year time key by hashing the current year key using a predefined hash or other one-way cryptographic transformation a known number of times. The digitally-signed data structure (e.g., CRL or certificate file) therefore carries a copy of the current year in its header; i.e., the year when the digitally-signed data structure was issued. The time key for every previous year can thus be derived from the current year, and the shadow key for any particular year can be recovered by shadowing the time key for the year under the content issuer ID. However, because a one-way cryptographic transformation is used to derive the time key, keys for future years (or days or minutes) cannot be derived from the current key. Many one-way cryptographic transformations (e.g., one-way hash functions) are known in cryptography, and any suitable one-way cryptographic transformation may be used. The KIC server 342 may define 352 a key derivation algorithm 354 including one or more one-way cryptographic transformations that is securely provided to the player device 326. For example, the key derivation algorithm may be provided to a manufacturer of the player device and included as secure firmware or hardware in each player device's electronic hardware.

] To allow for finer control over release times, day and minute keys may be added. Similarly to the year keys, each daily time key 422, 424, 426, etc. is a one-way hash of the next day's key. However, the key for the last day of the year, the Day 366 (or Day 367) key 428, is determined and kept by the KIC server, and is unique to that particular date (i.e., every last day of every year has a unique code. Hence, a different day key sequence is generated for every year. In an aspect, every year may be assumed to have a February 29^th key regardless of whether it is a leap year, so 366 day keys may be consistently used in every year. One additional day key may be added for a total of 367 day keys, depending on the algorithm used by the content issuer to select the day key from shadow key table, to facilitate a release day on the last day of the year. In non-leap years, no digitally-signed data structure will be issued with the February 29^th key but the key sequence will work just as it does in a leap year. For example, the Day

2 key 426 may be derived by hashing the Day 100 key (not shown) 98 times. Thus, a value encrypted under a particular day's key can be decrypted using that day's key or any later day's key in the same year. Each digitally-signed data structure therefore carries also a copy of the current day in its header; i.e., the day when the digitally- signed data structure was issued.

[054] Similarly, each minute time key 432, 434, 436, etc. is a predetermined one-way cryptographic transformation of the next minute's key, except that the last Minute 1440 key 438 is determined by and kept by the KIC server and is unique to the particular date. Hence, a different minute sequence exists for every date. The entire table of time keys 400 can be shadowed by a particular content issuer ID to produce a set of shadow keys for a particular content issuer. Hence, the shadow portion of table 400 is unique for each content issuer. Each shadow key table includes only the shadow keys, and omits the time keys. Using appropriate one-way cryptographic transformations and key lengths, the content issuer can be rendered unable to derive the time keys even when provided with a very large (e.g., greater than 500 million keys) set of shadow keys all shadowed under the same content issuer ID using the same shadowing function, due to the nature of robust one-way cryptographic transformations. Thus, the KIC server retains sole knowledge of each time key until published in a time key set of a digitally-signed data structure, which occurs only when the digitally-signed data structure timestamp matches a time (e.g., year, day, minute) represented by a time key set.

[055] Referring back to Fig. 3, the KIC server 342 may supply the shadow key table 304 to a license server 301 , shadowed under the content issuer ID. A complete shadow key table 304, 400 may include N yearly keys, N^*366 (or N^*367) daily keys, and N^*366^*1440 (or N^*367^*1440) minute keys. Any desired subdivision of time may be used to construct a shadow key table, and the use of years, days and minutes is merely a convenient alternative for consumer media applications. A shadow key table will be at least as large as the number of different keys it contains multiplied by the number of bytes in each key. For example, a table wherein the number of year keys 'N' is 1000 will contain a total of 527,407,000 shadow keys. If each key is 16 bytes, the table will be about 8.4 gigabytes in size. In the illustrated embodiment, the entire shadow key table 304 is provided to the license server 303. It should be appreciated, however, that portions of the table may be provided in increments, or the final master keys may be provided with knowledge of the one-way cryptographic transformation needed to derive each key in the table. The shadow key table 304 is shadowed under the content issuer ID for the server 303, so it is unique to a particular content issuer.

[056] A programmed module 308 of the license server 301 may select a set of shadow keys 310 from the table 304, based on a predefined release date and time-of-day. As used herein, "release time" generally encompasses both date and time-of-day values as a designation of a unique time point. The release time may be encoded in a header of the license file 323 that is distributed with encrypted content 320 in the content package 324. Fig. 4 at 440 illustrates selection of a set 310 of shadow keys 414, 426, 436 based on a release time 440 designating a release time of year 1 , day 2 and minute 3. The shadow keys selected are the next keys 414, 426 after the keys for the desired time 412, 424, except for the minute key 436 that is selected for the time of release. To permit the release day to be the last day of the year in any year, 367 day keys may be provided for each year. The last (367^th) key is used for a release date falling on the last day of a leap year.

[057] Referring again to Fig. 3, the content issuer server 303 defines or receives a primary time-release key 312, which may be, for example, a random bit or character string such as a 128 bit random value. Content 306 may comprise digital audio-video content in any suitable format, for example, MP3, MPEG-2, MPEG-4, Common File Format (CFF), Quicktime, Windows Media Video, Audio Video Interleaved (AVI), Advanced Authoring Format (AAF), or other audio, video, or audio-video digital format. In an aspect, the license server 301 may include, in formation of the license file 323, instructions for one or more processes 332, 334, 336, 338 that require use of the primary time-release key 312 to decrypt the content. For example, the content issuer server 303 may encrypt the content 306 using a process 318 that requires use of the time-release key 312, without which the encrypted content 320 cannot be decrypted. The process 318 may include the use of additional keys or security features in addition to the time-release key. The content issuer server 303 may include the encrypted content 320 in the license file 323 in the distributed content package 324 that is provided to a secure storage device 322 communicatively coupled to the player device 326. The license server 301 may include a hashed value of the time-release key 312 in the license file 323, for use as a check value to checking validity of the time-release key when decrypted by the player device. [058] In an embodiment, the time-release key 312 may not be included in the license file 323 in decrypted form. Instead, the key 312 may be encrypted 314 by the set of shadow keys 310, once by each key (applied separately, not in succession) thereby producing three separate encrypted time-release keys 316, one for each shadow key in the set 310. These encrypted time-release keys 316 may be placed by the license server 301 in designated locations (e.g., in assigned, predetermined bit positions) of a header 325 (for example) of the license file 323. The license file may then be distributed by the license server 301 to one or more secure storage devices 322 in advance of the release time used to generate the shadow key set 310, which release time may also be encoded in a designated position of the license file 323 header 325.

[059] When processing the license file 323, a player device 326 may determine, at 328, whether or not the content package 324 includes time-release content. If the content in the package 324 is subject to time-of-release control, the player 326 processes 330 the latest digitally-signed data structure (e.g., CRL) 350 that it has received from the KIC server 342 and thus obtains the latest system timestamp and a corresponding set of year-day-minute time keys. The player 326 then executes a branching process 332 based on the timestamp, that is described in more detail below in connection with Fig. 5. In general terms, the process 332 may include determining, by the player device, a key decryption algorithm for decrypting the time-release key, based on comparing the publication time to the release time, one of the time keys and on a hash function. If the timestamp obtained from the digitally-signed data structure 350 is equal to or later than the release time specified in the license file 323, the player derives 334 the applicable year, day or minute time key needed to decrypt the corresponding one of the encrypted time-release keys 316 in the license file 323 header.

[060] The player derives the applicable time key by applying the key derivation algorithm 354, which may include (as described in connection with Figs. 4 and 5) applying a one-way hash function to a selected one of the year, day or minute key provided in the header 325 of the license file 323 a successive number of times, based on comparing the digitally-signed data structure 350 timestamp (indicating the most recent system time) to the release time specified in the header 325 of the license file 323. After obtaining the time key for the time of release, the player device shadows the time key with the content issuer ID to obtain the shadow key for the time of release. The player device 326 uses the derived shadow key to decrypt 336 the corresponding time-release key 312. The player device 326 then uses the time-release key 312 to decrypt 338 the encrypted content 320 from the license file 323, using a decryption process that may include additional keys. For example, the time-release key may be used to decrypt one or more additional keys, and the one or more additional keys used to decrypt content. The decryption process may be specified for system 300 and modified by instructions provided in the license file 323 (e.g., such as by requiring use of the time-release key 312). The decryption process may include the use of other keys in addition to the time-release key, for additional security. The process 338 results in decrypted digital audio, video, or audio-video content that the player device 326 decodes 340 using any suitable process for the content file format, thereby generating an audio/video signal 356 for an output device such as an electronic display screen, virtual reality headset, augmented reality headset, or optical projector, or an audio amplifier/transducer. The audio, video, or audio-video content may be included in any suitable program format, for example, in generally non-interactive programming such as motion pictures or other pre-recorded entertainment or the like, or in generally interactive content such as video games, interactive lessons, interactive entertainment, virtual reality content, augmented reality content, or the like.

[061 ] More detailed aspects of a time-release access control process 500 executed by the player device according to one embodiment are illustrated by Fig. 5. At 502, the player device reads the release time (date and time-of-day) and the content issuer ID from designated locations of a license file for content that a user of the player device has selected for play. At 504, the player device determines a latest or most current time by reading the header of the latest system digitally-signed data structure (e.g., a CRL or certificate file). At 506, the player device determines whether the current time is equal to or later than the release time. If the release time is later than the current time, decryption fails at 522 and the player device may generate an error message, if desired.

[062] If the current time is equal to or later than the release time, the player device determines at 508 whether the publication year of the digitally-signed data structure is later than the release year. If the digitally-signed data structure publication year is later than the release year, the player device at 510 derives the year time key by iteratively applying a system-specified one-way cryptographic transformation (e.g., a one way hash) to the year time key obtained from the digitally-signed data structure, for a number of times determined by the difference in years between one year after the release year and the current year. For example, if the release year is 2015 and the current year is 2025, the player device iterates the one-way cryptographic transformation on the Year 2025 key obtained from the digitally-signed data structure nine times to obtain the base Year 2016 key (because the license server selects the year shadow key one year after the release year). The player device then computes the shadow of the derived year key (e.g., the base Year 2016 key in the example) using the content issuer ID from the license file header, thereby obtaining the shadow key from the content issuer ID-shadowed table that was used by the license server to encrypt the time-release key. The player device then uses the release-year shadow key to decrypt the year-key encrypted time-release key that is located in a designated position of the license file header (e.g., in a first of three positions reserved for the encrypted time-release keys). Thus, the player device recovers the time-release key, in any year after the release year.

3] If the publication year of the digitally-signed data structure is not later than the release year, the player device determines at 512 whether the current digitally-signed data structure day-of-the-year is later than the release day-of-the-year. If the digitally- signed data structure day-of-the-year is later than the release day-of-the-year, the player device at 514 derives the day shadow key. To reach this branch 514, the release year must equal the current digitally-signed data structure year. To derive the day shadow key, the player device iteratively applies the system-specified one-way cryptographic transformation to the day time key obtained from digitally-signed data structure, for a number of times determined by the difference in days between one day after the release day-of-the-year and the current day-of-the-year. For example, if the release day-of-the-year is January 1 and the current day-of-the-year is January 31 , the player device iterates the one-way cryptographic transformation on the Day 31 key from the digitally-signed data structure twenty-nine times to obtain the base Day 2 key (one day after the release day). The player device then computes the shadow of the derived day time key (e.g., the base Day 2 key in the example) using the content issuer ID from the license file header, thereby obtaining the day shadow key from the content issuer ID-shadowed table that was used by the license server to encrypt the time-release key. The player device then uses the release-day shadow key to decrypt the day-key encrypted time-release key that is located in a designated position of the license file header (e.g., in a second of three positions reserved for the encrypted time-release keys). Thus, the player device recovers the time-release, during the release year and after the release day.

[064] If the current digitally-signed data structure day-of-the-year is not later than the release day-of-the-year, the player device at 516 derives the minute shadow key. To reach this branch 516, the release day-of-the-year must equal the current digitally- signed data structure day-of-the-year. To derive the minute shadow key, the player device iteratively applies the system-specified one-way cryptographic transformation to the minute key obtained from the digitally-signed data structure, for a number of times determined by the difference in minutes between the release minute and the current digitally-signed data structure minute. For example, if the release minute is 1 and the current minute is 720, the player device iterates the one-way cryptographic transformation on the Minute 720 key from the digitally-signed data structure 719 times to obtain the base Minute 1 key. In an embodiment, the license server does not pick the shadow key for the minute after the release minute; instead it chooses the key for the minute of release. In contrast, the license server may select day and year keys based on the day or year after the release day or year, to avoid an unnecessary iteration of the one-way cryptographic transformation. If this were also done for the minute key, it would prevent accessing content until one minute after release, which may not be acceptable in some applications. Thus, in the instant example, the player devices iterates the one-way cryptographic transformation 719 times instead of 718 times, as it might were it computing a shadow key for the year or day (except that there are only 366 or 367 day keys to be concerned with).

[065] The player device then computes the shadow of the derived minute key (e.g., the base Minute 1 key in the example) using the content issuer ID from the license file header, thereby obtaining the minute shadow key from the content issuer ID-shadowed table that was used by the license server to encrypt the time-release key. The player device then uses the release-minute shadow key to decrypt the minute key-encrypted time-release key that is located in a designated position of the license file header (e.g., in a third of three positions reserved for the encrypted time-release keys). Thus, the player device recovers the time-release key, during the release day of the release year and during or after the release minute. [066] Once the time-release key is recovered, the player device confirms validity of the time-release key at 518, by hashing the recovered key and comparing the resulting hash value to a hash of the time-release key provided by the content issuer server in a designated bit position of the license file header. If the hash values do not match, the decryption has failed 522 and the player may generate an error message, if desired. If the hash values match, the time-release key is confirmed and the player device may decrypt and play the content 520 per system specifications. Thus, the time of release of content can be controlled without requiring distribution of key tables to player devices or supplying of specific decryption keys from a network source after the time of release has passed. In addition, network or server congestion created by a rush to obtain keys around the time of release, and congestion caused by distribution of content at the time of release, can be completely eliminated. Content can be securely distributed in advance of the release date. Both the content and the keys needed to access it become locally accessible to every player device as soon as the system digitally-signed data structure timestamp indicates that the time of release has arrived, using the described system and method.

[067] In accordance with the foregoing, and by way of additional example, Fig. 6 shows more general aspects of a method or methods 600 according to one embodiment, as may be performed for operating a player device to control release of timed-release encrypted content as described herein. It should be appreciated that the more general operations of method 600 may include or embody more detained aspects of corresponding methods described herein above.

[068] Referring to Fig. 6, a computer-implemented method 600 for decrypting, by a player device, encrypted content stored at a storage device configured for access only after a defined future release time may include, at 610, receiving, by the player device, a digitally-signed data structure published by a key issuer at a publication time, the digitally-signed data structure comprising a time key and a timestamp indicating the publication time, wherein the time key is selected by the key issuer from a predetermined key sequence based on the publication time. In some embodiments, the timestamp may be omitted; the timestamp is useful for efficient operation of the player device but may not be essential for the time-release control to operate, in all embodiments. The digitally-signed data structure may also include a set of time keys from which earlier time keys may be derived using a one-way cryptographic transformation known to the player device. The time key may comprise one member of this set of time keys. Each of the set of time keys may pertain to a different increment of time, for example, a year, day, and minute. In an aspect, the method may include obtaining, by the player device prior to the deriving, a set of encrypted time-release keys from one of the encrypted content file or an associated file (e.g., a license file), wherein the one or more intermediate keys includes a time-release key decrypted from one of the set of encrypted time-release keys, and each of the set of encrypted time- release keys corresponds to a different one of the different increments of time (e.g., year, day or minute). In addition, the player device may communicate with a storage device on which the encrypted content is stored. The encrypted content may be stored together with a random or quasi-random encrypted time-release key that can be used together with other keys for decrypting the content.

[069] The method 600 may further include, at 620, determining, by the player device, a number of iterations of a one-way cryptographic transformation that are needed to derive one or more intermediate keys from the time key, based on comparing the release time to the publication time. In an aspect, it is cryptographically infeasible to derive the one or more intermediate keys from the time key unless the release time is earlier than or equal to the publication time..

[070] The method may further include, at 630, deriving, by the player device, one or more intermediate keys, at least in part by iterating the one-way cryptographic transformation on the time key for the number of iterations. Deriving the one or more intermediate keys may include deriving a shadow key by shadowing an iterated time key with a content issuer identifier. The player device may shadow the iterated time key to obtain a shadow key, as previously described.

[071 ] The method 600 may further include, at 640, decrypting, by the player device, the encrypted content file using the one or more intermediate keys, yielding decrypted content for output by an output device. This may include, for example, decrypting the time-release key using the shadow key. Optionally, the decrypting may be based on the publication time being equal to or later than the release time. Prior to the release time, the player device will not possess the necessary time key anyway, because the digitally-signed data structure containing the necessary time key will not yet have issued. [072] The method 600 may include any one or more additional operations as described above and below herein. Each of these additional operations is not necessarily performed in every embodiment of the method, and the presence of any one of the operations does not necessarily require that any other of these additional operations also be performed. For example, optionally, method 600 may further include determining, by the player device, to not decrypt the time-release key based on the publication time being earlier than the release time.

[073] For further example, the method may include obtaining, by the player device prior to the deriving, a set of encrypted time-release keys from one of the encrypted content file or an associated file, wherein the one or more intermediate keys includes a time-release key decrypted from one of the set of encrypted time-release keys, and each of the set of encrypted time-release keys corresponds to a different one of the different increments of time. The method may further include obtaining, by the player device, a content issuer identifier from the encrypted content file or the associated file.

[074] In an aspect, the method may include determining, by the player device, that the release time occurs in a release year prior to a current year indicated by the publication time. This may be done, for example, using a timestamp obtained from the digitally- signed data structure (e.g., CRL). In another aspect, this may include selecting, by the player device, the time key from a position of the digitally-signed data structure allocated for a year time key, and deriving, by the player device, a year shadow key at least in part by iterating the one-way cryptographic transformation on the time key a number of times based on a difference between the current year and the release year. The method may include deriving, by the player device, a year shadow key using a content issuer ID from one of the encrypted content file or an associated file, as diagrammed herein above. The method may further include using the year shadow key to decrypt the encrypted time-release key selected from a position of the encrypted content file or the associated file (e.g., license file) allocated for a year time-release key, wherein the one or more intermediate keys includes a year time-release key decrypted from the encrypted time-release key.

[075] For further example, the method 600 may include determining, by the player device, that the release time occurs in a release year equal to a current year indicated by the publication time and on a release day prior to a current day indicated by the publication time. In such case, the method 600 may include selecting, by the player device, the time key from a position of the digitally-signed data structure allocated for a day time key, and deriving, by the player device, a day shadow key at least in part by iterating the one-way cryptographic transformation on the day time key a number of times based on a difference between the current day and the release day, and using the day shadow key and a content issuer ID to recover the time-release key. The method may further include deriving, by the player device, a day shadow key using a content issuer ID from one of the encrypted content file or an associated file. The method may further include, by the player device, using the day shadow key to decrypt the encrypted time-release key selected from a position of the encrypted content file or the associated file allocated for a day time-release key, wherein the one or more intermediate keys includes a day time-release key decrypted from the encrypted time- release key.

[076] For further example, the method may include determining, by the player device that the release time occurs in a release year equal to a current year indicated by the publication time and on a release day equal to a current day indicated by the publication time. In such case, the method 600 may include selecting, by the player device, the time key from a position of the digitally-signed data structure allocated for a minute time key, and deriving, by the player device, a minute shadow key at least in part by iterating the one-way cryptographic transformation on the minute time key a number of times based on a difference between the current minute and the release minute.

[077] In an aspect, the digitally-signed data structure comprises a timestamp set by a KIC server for a determination of time by the player device. The timestamp may be used to determine the publication time. In another aspect, the storage device holds the time-release key in encrypted form only and lacks any key for decrypting the time- release key. In another aspect, the one-way cryptographic transformation is, or includes, a predefined one-way hash function. The method may further include deriving, by the player device, a minute shadow key using a content issuer ID from one of the encrypted content file or an associated file. The method may further include, by the player device, using the minute shadow key to decrypt the encrypted time-release key selected from a position of the encrypted content file or the associated file allocated for a minute time-release key, wherein the one or more intermediate keys includes a minute time-release key decrypted from the encrypted time-release key [078] Fig. 7 generally illustrates a method for controlling a future release time according to one embodiment at which distributed encrypted content is capable of being decrypted by a client device. The method 700 may be performed by a license server as described herein above. Further details and aspects pertinent to the method 700 are described above in connection with the description of processes performed by the license server shown in Fig. 3, and elsewhere herein. Referring to Fig. 7, a method 700 comprises, at 710, recognizing, by at least one computer, a digital data string held in a memory of the at least one computer as constituting a time-release key designated for unlocking access to content on or after the future release time. The digital data string may be a random or quasi-random time-release key generated, using a computer operating a key-generation algorithm, and stored in a computer memory. The digital data string may be provided to the at least one computer via a network interface, and made recognizable as the time-release key in any suitable manner, for example, by associating the digital data string with a variable name or with a bit position in a data structure that is allocated for the time-release key. The allocation may be communicated by a specification for a security system or application program interface.

[079] The method 700 may further include, at 720, encrypting, by the at least one computer, at least one of media content or at least one cryptographic key needed to decrypt the time-release key, yielding an encrypted content file or an encrypted cryptographic key needed to decrypt the encrypted content file. The method 700 may further include, at 730, selecting, by the at least one computer, at least one shadow key from a table of predefined shadow keys in the computer memory, based on the future release time. The method 700 may further include, at 740, encrypting, by the at least one computer, the time-release key using the at least one shadow key, yielding an encrypted time-release key. The method 700 may further include, at 750, storing the encrypted time-release key, the future release time and a content issuer identifier under which the table of predefined shadow keys is shadowed on a non-transitory computer- readable medium, for use with the encrypted content file.

[080] The method 700 may include any one or more additional operations as described above and below herein. Each of these additional operations is not necessarily performed in every embodiment of the method, and the presence of any one of the operations does not necessarily require that any other of these additional operations also be performed. [081 ] For example, the distributing 750 may further include distributing the encrypted content file without the at least one shadow key. The player device will instead derive the shadow key from a time key published in a regular digitally-signed data structure and from the content issuer identifier.

[082] For further example, the method 700 may further include selecting, by the at least one computer, the at least one shadow key from the table of predefined shadow keys based on a year after the future release time, a day after the future release time, or a minute of the future release time. In another aspect, the method 700 may include the content server generating, by the at least one computer, the table of predefined shadow keys at least in part by shadowing each key in a table of predefined time keys by a content issuer identifier indicating a source of the media content.

[083] In another aspect, encrypting the time-release key 740 may further include encrypting, by the at least one computer, the time-release key multiple separate times using different shadow keys selected from the shadow key table, thereby producing differently encrypted versions of the time-release key. In a related aspect, the method may include placing, by the at least one computer, the differently encrypted versions of the time-release key at predetermined bit positions in a header of a license file for distributing with the encrypted content. In another related aspect, the method 700 may further include selecting, by the at least one computer, the different shadow keys in which a first key corresponds to a year after release, a second key corresponds to a day after release, and a third key corresponds to a minute of release.

[084] Fig. 8 generally illustrates a method for controlling access to distributed encrypted content at a future release time according to one embodiment, as may be performed by a KIC server. Further details and aspects of the method are described herein in relation to the KIC server, e.g., in connection with Figs. 3 and 4. Referring to Fig. 8, a method 800 comprises, at 810, generating, by at least one computer, a sequence of time keys wherein successive keys in the sequence are derived by iterating a one-way cryptographic transformation in increasing succession on a last key in the sequence representing a last time, wherein each of the time keys in the sequence corresponds to a regular non-overlapping successive interval of a timeline. The method 800 may further include, at 820, publishing, at regular intervals by the at least one computer to a list of player devices over a computer network, a digitally- signed data structure including at least one of the time keys selected to correspond with a time that the digitally-signed data structure is published.

[085] The method 800 may include any one or more additional operations as described above and below herein. Each of these additional operations is not necessarily performed in every embodiment of the method, and the presence of any one of the operations does not necessarily require that any other of these additional operations also be performed.

[086] For example, the method 800 may further include, by the at least one computer, shadowing the sequence of time keys under a content issuer identifier thereby producing a set of time-related shadow keys, and sending the time-related shadow keys to a license server associated with the content issuer identifier. In such case, the method may further include providing, by the at least one computer, the content issuer identifier to the license server.

[087] In an aspect, the method may include providing the one-way cryptographic transformation to a manufacturer of player devices for including in a secure hardware component of the player device.

[088] For further example, generating the sequence of time keys further comprises generating, by the at least one computer, a set of year keys in a sequence wherein each key corresponds to a year in a sequence of 'N' years, wherein 'N' is an integer between 25 and 10,000. In a further, related aspect, generating the sequence of time keys 810 may further include generating 'N' sets of day keys each in a sequence wherein each key corresponds to a day in a sequence of M days, wherein M is an integer between 360 and 370. In an aspect, generating the sequence of time keys may further include generating 'N' times M sets of minute keys each in a sequence wherein each key corresponds to a minute in a sequence of 'P' minutes, wherein 'P' is an integer between 1430 and 1450 minutes. In another aspect, the publishing further comprises selecting the at least one of the time keys so as to include one of the year keys, one of the day keys, and one of the minute keys each corresponding to the time that the digitally-signed data structure is published.

[089] Fig. 9 is a conceptual block diagram illustrating components of an apparatus or system 900 for decrypting encrypted content after a defined future release time as described herein, according to one embodiment. As depicted, the apparatus or system 900 may include functional blocks that can represent functions implemented by a processor, software, or combination thereof (e.g., firmware).

[090] As illustrated in Fig. 9, the apparatus or system 900 may comprise an electrical component 902 for receiving a digitally-signed data structure published by a key issuer at a publication time, the digitally-signed data structure including a time key indicating the publication time, wherein the time key is selected by the key issuer from a predetermined key sequence based on the publication time. Optionally, the digitally- signed data structure may also include a timestamp. The component 902 may be, or may include, a means for said receiving. Said means may include the processor 910 coupled to the memory 916, and to the input device 914, the processor executing an algorithm based on program instructions stored in the memory. Such algorithm may include a sequence of more detailed operations, for example, listening to a network interface, establishing a secure session with a KIC server over a network interface for receiving a digitally-signed data structure in response to receiving a broadcast notice, and receiving the digitally-signed data structure in the secure session.

[091 ] The apparatus 900 may further include an electrical component 903 for determining a number of iterations of a one-way cryptographic transformation that are needed to derive one or more intermediate keys from the time key, based on comparing the release time to the publication time, wherein it is cryptographically infeasible to derive the one or more intermediate keys from the time key unless the release time is earlier than or equal to the publication time. The component 904 may be, or may include, a means for said determining. Said means may include the processor 910 coupled to the memory 916, and to the input device 914, the processor executing an algorithm based on program instructions stored in the memory. Such algorithm may include a sequence of more detailed operations, for example, as described in connection with Fig. 5 (method 500).

[092] The apparatus 900 may further include an electrical component 904 for deriving one or more intermediate keys, at least in part by iterating the one-way cryptographic transformation on the time key for the number of iterations. The component 904 may be, or may include, a means for said deriving. Said means may include the processor 910 coupled to the memory 916, and to the input device 914, the processor executing an algorithm based on program instructions stored in the memory. Such algorithm may include a sequence of more detailed operations, for example, shadowing the time key with the content issuer ID to yield a shadow key, and decrypting the encrypted time- release key using the shadow key, yielding the time-release key.

[093] The apparatus 900 may further include an electrical component 906 for decrypting the encrypted content file using the one or more intermediate keys, yielding decrypted content for output by an output device. The component 906 may be, or may include, a means for said decrypting. Said means may include the processor 910 coupled to the memory 916, and to the input device 914, the processor executing an algorithm based on program instructions stored in the memory. Such algorithm may include a sequence of more detailed operations, for example, applying operations of an AES decryption algorithm using the decrypted time-release key.

[094] The apparatus 900 may optionally include a processor module 910 having at least one processor, in the case of the apparatus 900 configured as a data processor. The processor 910, in such case, may be in operative communication with the modules 902-906 via a bus 912 or other communication coupling, for example, a network. The processor 910 may effect initiation and scheduling of the processes or functions performed by electrical components 902-906.

[095] In related aspects, the apparatus 900 may include a network interface module 914 operable for communicating with a storage device over a computer network. In further related aspects, the apparatus 900 may optionally include a module for storing information, such as, for example, a memory device/module 916. The computer readable medium or the memory module 916 may be operatively coupled to the other components of the apparatus 900 via the bus 912 or the like. The memory module 916 may be adapted to store computer readable instructions and data for effecting the processes and behavior of the modules 902-906, and subcomponents thereof, or the processor 910, or the method 500 or 600 and one or more of the additional operations described in connection with the method 600. The memory module 916 may retain instructions for executing functions associated with the modules 902-906. While shown as being external to the memory 916, it is to be understood that the modules 902-906 can exist within the memory 916.

[096] Fig. 10 is a conceptual block diagram illustrating components of an apparatus or system 1000 for controlling a future release time by a license server as described herein, according to one embodiment. As depicted, the apparatus or system 1000 may include functional blocks that can represent functions implemented by a processor, software, or combination thereof (e.g., firmware).

[097] As illustrated in Fig. 10, the apparatus or system 1000 may comprise an electrical component 1002 for recognizing a digital data string held in a memory of at least one computer as constituting a time-release key designated for unlocking access to content on or after the future release time. The component 1002 may be, or may include, a means for said recognizing. Said means may include the processor 1010 coupled to the memory 1016, and to the input device 1014, the processor executing an algorithm based on program instructions stored in the memory. Such algorithm may include a sequence of more detailed operations, for example, associating the digital data string with a variable name or with a bit position in a data structure that is allocated for the time-release key. The allocation may be communicated to the component 1002 by a specification for a security system or application program interface. The digital data string may be generated by another component (not shown) or system node, for example by providing a seed value to a random or quasi-random bit or character generator, processing an output of the generator by selecting a defined number of bit from the output, and writing the defined number of bit in a string arrangement (sequence) to a memory location in association with a variable name or allocated bit position in a data structure.

[098] As illustrated in Fig. 10, the apparatus or system 1000 may comprise an electrical component 1003 for encrypting at least one of media or at least one cryptographic key needed to decrypt a time-release key, yielding at least one of an encrypted content file or an encrypted cryptographic key needed to decrypt the encrypted content file. The component 1003 may be, or may include, a means for said encrypting. Said means may include the processor 1010 coupled to the memory 1016, and to the input device 1014, the processor executing an algorithm based on program instructions stored in the memory. Such algorithm may include a sequence of more detailed operations, for example executing an AES encryption algorithm on the media file or the at least one cryptographic key using the generated time-release key, and storing the output of the algorithm in a file or data structure on a non-transitory computer-readable medium.

[099] The apparatus 1000 may further include an electrical component 1004 for selecting at least one shadow key from a table of predefined shadow keys in the computer memory, based on the future release time. The component 1004 may be, or may include, a means for said selecting. Said means may include the processor 1010 coupled to the memory 1016, and to the input device 1014, the processor executing an algorithm based on program instructions stored in the memory. Such algorithm may include a sequence of more detailed operations, for example, a sequence of selection operations as described and shown in connection with Fig. 4 at 440.

[0100] As illustrated in Fig. 10, the apparatus or system 1000 may comprise an electrical component 1005 for encrypting a time-release key using the at least one shadow key, yielding an encrypted time-release key. The component 1005 may be, or may include, a means for said encrypting. Said means may include the processor 1010 coupled to the memory 1016, and to the input device 1014, the processor executing an algorithm based on program instructions stored in the memory. Such algorithm may include a sequence of more detailed operations, for example retrieving at least one of the selected shadow keys, executing an AES encryption algorithm using the at least one shadow key, and storing the output of the algorithm at a predetermined bit location in a header of a license file or other data structure on a non-transitory computer- readable medium.

[0101 ] The apparatus 1000 may further include an electrical component 1006 for storing the encrypted time-release key, the future release time and a content issuer identifier under which the table of predefined shadow keys is shadowed on a non-transitory computer-readable medium, for use with the encrypted content file. The component 1006 may be, or may include, a means for said storing. Said means may include the processor 1010 coupled to the memory 1016, and to the input device 1014, the processor executing an algorithm based on program instructions stored in the memory. Such algorithm may include a sequence of more detailed operations, for example, generating a data structure that associates the encrypted time-release key, the future release time and the content issuer identifier with the encrypted content file or with an identifier for the encrypted content file, and providing the data structure and the encrypted time-release key, the future release time and a content issuer identifier to a storage device with instruction for writing to a non-transitory computer-readable medium. Once stored, the foregoing data may be distributed by the at least one computer or other system component, for example by arranging a distribution package including the encrypted content file and a license file including the encrypted time- release key or keys, the release time, and the content issuer identifier, and providing the distribution package to a distribution node of a computer network.

[0102] The apparatus 1000 may optionally include a processor module 1010 having at least one processor, in the case of the apparatus 1000 configured as a data processor. The processor 1010, in such case, may be in operative communication with the modules 1002-1006 via a bus 1012 or other communication coupling, for example, a network. The processor 1010 may effect initiation and scheduling of the processes or functions performed by electrical components 1002-1006.

[0103] In related aspects, the apparatus 1000 may include a network interface module 1014 operable for communicating with a player device over a computer network. In further related aspects, the apparatus 1000 may optionally include a module for storing information, such as, for example, a memory device/module 1016. The computer readable medium or the memory module 1016 may be operatively coupled to the other components of the apparatus 1000 via the bus 1012 or the like. The memory module 1016 may be adapted to store computer readable instructions and data for effecting the processes and behavior of the modules 1002-1006, and subcomponents thereof, or the processor 1010, or the method 700 and one or more of the additional operations described in connection with the method 700. The memory module 1016 may retain instructions for executing functions associated with the modules 1002-1006. While shown as being external to the memory 1016, it is to be understood that the modules 1002-1006 can exist within the memory 1016.

[0104] Fig. 1 1 is a conceptual block diagram illustrating components of an apparatus or system 1 100 for controlling access to distributed encrypted content according to one embodiment as described herein, such as described herein in connection with a Key Issuance Center (KIC) server. As depicted, the apparatus or system 1 100 may include functional blocks that can represent functions implemented by a processor, software, or combination thereof (e.g., firmware).

[0105] As illustrated in Fig. 1 1 , the apparatus or system 1 100 may comprise an electrical component 1 102 for generating a sequence of time keys wherein successive keys in the sequence are derived by iterating a one-way cryptographic transformation in increasing succession on a last key in the sequence representing a last time, wherein each of the time keys in the sequence corresponds to a regular non-overlapping successive interval of a timeline. The component 1 102 may be, or may include, a means for said generating a sequence of time keys. Said means may include the processor 1 1 10 coupled to the memory 1 1 16, and to the input device 1 1 14, the processor executing an algorithm based on program instructions stored in the memory. Such algorithm may include a sequence of more detailed operations, for example, as described herein above in connection with Fig. 4, namely, defining a one-way cryptographic transformation, iteratively transforming a last key value by the one-way cryptographic transformation, and storing the result of each iteration as a time key value. Any suitable one-way cryptographic transformation may be used. Examples of suitable one-way cryptographic transformation may include, for example, secure oneway hash functions, for example, a secure function recommended by a cryptographic committee such as, for example, one based on a block cipher such as AES recommended by the U.S. National Institute of Standards and Technology (NIST), a secure one-way function recommended by one of the Cryptography Research and Evaluation Committees (CRYPTREC) established by the Japanese government, or a secure one-way function recommended by the New European Schemes for Signatures, Integrity and Encryption (NESSIE) research project sponsored by the European Union. A more particular example includes, for example, the Secure Hash Algorithm 2 (SHA-2) functions published by NIST.

[0106] The apparatus 1 100 may further include an electrical component 1 104 for publishing, at regular intervals by the computer to a list of player devices over a computer network, a digitally-signed data structure including at least one of the time keys selected to correspond with a time that the digitally-signed data structure is published. The component 1 104 may be, or may include, a means for said publishing. Said means may include the processor 1 1 10 coupled to the memory 1 1 16, and to the input device 1 1 14, the processor executing an algorithm based on program instructions stored in the memory. Such algorithm may include a sequence of more detailed operations, for example, regularly broadcasting a beacon signal to alert recipient nodes of an incoming digitally-signed data structure, compiling the digitally-signed data structure based on a publication time including the selected time keys, and multicasting the digitally-signed data structure to the recipient nodes in a secure session with each recipient node.

[0107] The apparatus 1 100 may optionally include a processor module 1 1 10 having at least one processor, in the case of the apparatus 1 100 configured as a data processor. The processor 1 1 10, in such case, may be in operative communication with the modules 1 102-1 104 via a bus 1 1 12 or other communication coupling, for example, a network. The processor 1 1 10 may effect initiation and scheduling of the processes or functions performed by electrical components 1 102-1 104.

[0108] In related aspects, the apparatus 1 100 may include a network interface module 1 1 14 operable for communicating with a player device over a computer network. In further related aspects, the apparatus 1 100 may optionally include a module for storing information, such as, for example, a memory device/module 1 1 16. The computer readable medium or the memory module 1 1 16 may be operatively coupled to the other components of the apparatus 1 100 via the bus 1 1 12 or the like. The memory module 1 1 16 may be adapted to store computer readable instructions and data for effecting the processes and behavior of the modules 1 102-1 104, and subcomponents thereof, or the processor 1 1 10, or the method 800 and one or more of the additional operations described in connection with the method 800. The memory module 1 1 16 may retain instructions for executing functions associated with the modules 1 102-1 104. While shown as being external to the memory 1 1 16, it is to be understood that the modules 1 102-1 104 can exist within the memory 1 1 16.

[0109] Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the aspects disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.

[01 10] As used in this application, the terms "component", "module", "system", and the like are intended to refer to a computer-related entity, either hardware, a combination of hardware and software, software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer or system of cooperating computers. By way of illustration, both an application running on a server and the server can be a component. One or more components may reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between two or more computers.

[01 1 1 ] Various aspects will be presented in terms of systems that may include a number of components, modules, and the like. It is to be understood and appreciated that the various systems may include additional components, modules, etc. and/or may not include all of the components, modules, etc. discussed in connection with the figures. A combination of these approaches may also be used. The various aspects disclosed herein can be performed on electrical devices including devices that utilize touch screen display technologies and/or mouse-and-keyboard type interfaces. Examples of such devices include computers (desktop and mobile), smart phones, personal digital assistants (PDAs), and other electronic devices both wired and wireless.

[01 12] In addition, the various illustrative logical blocks, modules, and circuits described in connection with the aspects disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.

[01 13] Operational aspects disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.

[01 14] Furthermore, the one or more versions may be implemented as a method, apparatus, or article of manufacture using standard programming and/or engineering techniques to produce software, firmware, hardware, or any combination thereof to control a computer to implement the disclosed aspects. Non-transitory computer readable media can include but are not limited to magnetic storage devices (e.g., hard disk, floppy disk, magnetic strips... ), optical disks (e.g., compact disk (CD), digital versatile disk (DVD), BluRay™... ), smart cards, solid-state devices (SSDs), and flash memory devices (e.g., card, stick). Of course, those skilled in the art will recognize many modifications may be made to this configuration without departing from the scope of the disclosed aspects.

[01 15] The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

[01 16] In view of the exemplary systems described supra, methodologies that may be implemented in accordance with the disclosed subject matter have been described with reference to several flow diagrams. While for purposes of simplicity of explanation, the methodologies are shown and described as a series of blocks, it is to be understood and appreciated that the claimed subject matter is not limited by the order of the blocks, as some blocks may occur in different orders and/or concurrently with other blocks from what is depicted and described herein. Moreover, not all illustrated blocks may be required to implement the methodologies described herein. Additionally, it should be further appreciated that the methodologies disclosed herein are capable of being stored on an article of manufacture to facilitate transporting and transferring such methodologies to computers.

Claims

1 . A method for decrypting, by a player device, an encrypted content file configured for access only after a defined release time, the method comprising:

receiving, by the player device, a digitally-signed data structure published by a key issuer at a publication time, the digitally-signed data structure comprising a time key and a timestamp indicating the publication time, wherein the time key is selected by the key issuer from a predetermined key sequence based on the publication time;

determining, by the player device, a number of iterations of a one-way cryptographic transformation that are needed to derive one or more intermediate keys from the time key, based on comparing the release time to the publication time, wherein it is cryptographically infeasible to derive the one or more intermediate keys from the time key unless the release time is earlier than or equal to the publication time;

deriving, by the player device, one or more intermediate keys, at least in part by iterating the one-way cryptographic transformation on the time key for the number of iterations; and

decrypting, by the player device, the encrypted content file using the one or more intermediate keys, yielding decrypted content for output by an output device.

2. The method of claim 1 , further comprising obtaining, by the player device prior to the deriving, an encrypted time-release key from one of the encrypted content file or an associated file, wherein the one or more intermediate keys includes a time-release key decrypted from the encrypted time-release key.

3. The method of claim 2, further comprising obtaining, by the player device, a content issuer identifier from the encrypted content file or the associated file.

4. The method of claim 3, wherein the deriving further comprises obtaining a result of iterating the one-way cryptographic transformation on the time key for the number of iterations, and then shadowing the result to obtain a shadow key.

5. The method of claim 4, wherein the deriving further comprises decrypting the encrypted time-release key using the shadow key, yielding the time-release key.

6. The method of claim 1 , wherein the receiving, by the player device, the digitally-signed data structure comprises receiving the time key as one of a set of multiple time keys, each of the time keys selected from different one of predetermined key sequences corresponding to different increments of time.

7. The method of claim 6, further comprising obtaining, by the player device prior to the deriving, a set of encrypted time-release keys from the one of the encrypted content file or an associated file, wherein the one or more intermediate keys includes a time-release key decrypted from one of the set of encrypted time-release keys, and each of the set of encrypted time-release keys corresponds to a different one of the different increments of time.

8. The method of claim 1 , further comprising determining, by the player device, that the release time occurs in a release year prior to a current year indicated by the publication time.

9. The method of claim 8, further comprising:

selecting, by the player device, the time key from a position of the digitally-signed data structure allocated for a year time key;

deriving, by the player device, a year shadow key at least in part by iterating the one-way cryptographic transformation on the year time key a number of times based on a difference between the current year and the release year;

deriving, by the player device, a year shadow key using a content issuer ID from one of the encrypted content file or an associated file; and

using the year shadow key to decrypt the encrypted time-release key selected from the position of the encrypted content file or the associated file allocated for a year time- release key, wherein the one or more intermediate keys includes a year time-release key decrypted from the encrypted time-release key.

10. The method of claim 1 , further comprising determining, by the player device, that the release time occurs in a release year equal to a current year indicated by the publication time and on a release day prior to a current day indicated by the publication time.

1 1 . The method of claim 10, further comprising:

selecting, by the player device, the time key from a position of the digitally-signed data structure allocated for a day time key;

deriving, by the player device, a day shadow key at least in part by iterating the oneway cryptographic transformation on the day time key a number of times based on a difference between the current day and the release day;

deriving, by the player device, a day shadow key using a content issuer ID from one of the encrypted content file or an associated file; and

using the day shadow key to decrypt the encrypted time-release key selected from the position of the encrypted content file or the associated file allocated for a day time- release key, wherein the one or more intermediate keys includes a day time-release key decrypted from the encrypted time-release key.

12. The method of claim 1 , further comprising determining, by the player device, that the release time occurs in a release year equal to a current year indicated by the publication time and on a release day equal to a current day indicated by the publication time.

13. The method of claim 12, further comprising:

selecting, by the player device, the time key from a position of the digitally-signed data structure allocated for a minute time key;

deriving, by the player device, a minute shadow key at least in part by iterating the one-way cryptographic transformation on the minute time key a number of times based on a difference between the current minute and the release minute;

deriving, by the player device, a minute shadow key using a content issuer ID from one of the encrypted content file or an associated file; and

using the minute shadow key to decrypt the encrypted time-release key selected from the position of the encrypted content file or the associated file allocated for a minute time-release key, wherein the one or more intermediate keys includes a minute time- release key decrypted from the encrypted time-release key.

14. The method of claim 1 , wherein the one-way cryptographic transformation is a predefined one-way hash function.

15. A method for controlling a future release time at which distributed encrypted content is capable of being decrypted by a client device, the method comprising:

recognizing, by at least one computer, a digital data string held in a memory of the at least one computer as constituting a time-release key designated for unlocking access to content on or after the future release time;

encrypting, by the at least one computer, at least one of media content or at least one cryptographic key needed to decrypt the media content, using the time-release key, yielding at least one of an encrypted content file or an encrypted cryptographic key needed to decrypt the media content;

selecting, by the at least one computer, at least one shadow key from a table of predefined shadow keys in the computer memory, based on the future release time;

encrypting, by the at least one computer, the time-release key using the at least one shadow key, yielding an encrypted time-release key; and

storing, by the at least one computer, the encrypted time-release key and a content issuer identifier under which the table of predefined shadow keys is shadowed on a non- transitory computer-readable medium, for use with the encrypted content file.

16. The method of claim 15, wherein the distributing further comprises distributing the encrypted content without the at least one shadow key.

17. The method of claim 15, further comprising selecting, by the at least one computer, the at least one shadow key from the table of predefined shadow keys based on a year after the future release time, a day after the future release time, or a minute of the future release time.

18. The method of claim 17, further comprising generating, by the at least one computer, the table of predefined shadow keys at least in part by shadowing each key in a table of predefined time keys by a content issuer identifier indicating a source of the media content.

19. The method of claim 15, wherein encrypting the time-release key further comprises encrypting, by the at least one computer, the time-release key multiple separate times using different shadow keys selected from the shadow key table, thereby producing differently encrypted versions of the time-release key.

20. The method of claim 19, further comprising placing, by the at least one computer, the differently encrypted versions of the time-release key at predetermined bit positions in a header of a license file for distributing with the encrypted content file.

21 . The method of claim 19, further comprising selecting, by the at least one computer, the different shadow keys in which a first key corresponds to a year after release, a second key corresponds to a day after release, and a third key corresponds to a minute of release.

22. A method for controlling access to distributed encrypted content at a future release time, the method comprising:

generating, by at least one computer, a sequence of time keys wherein successive keys in the sequence are derived by iterating a one-way cryptographic transformation in increasing succession on a last key in the sequence representing a last time, wherein each of the time keys in the sequence corresponds to a regular non-overlapping successive interval of a timeline;

publishing, at intervals by the at least one computer to a list of player devices over a computer network, a digitally-signed data structure including at least one of the time keys selected to correspond with a time that the digitally-signed data structure is published.

23. The method of claim 22, further comprising shadowing, by the at least one computer, the sequence of time keys under a content issuer identifier thereby producing a set of time-related shadow keys, and sending the time-related shadow keys to a server associated with the content issuer identifier.

24. The method of claim 23, further comprising providing, by the at least one computer, the content issuer identifier to the server.

25. The method of claim 22, further comprising providing, by the at least one computer, the one-way cryptographic transformation to a manufacturer of player devices for including in a secure hardware component of the player device.

26. The method of claim 22, wherein generating the sequence of time keys further comprises generating a set of year keys in a sequence wherein each key corresponds to a year in a sequence of 'N' years, wherein 'N' is an integer between 25 and 10,000.

27. The method of claim 26, wherein generating the sequence of time keys further comprises generating 'N' sets of day keys each in a sequence wherein each key corresponds to a day in a sequence of M days, wherein M is an integer between 360 and 370.

28. The method of claim 27, wherein generating the sequence of time keys further comprises generating 'N' times M sets of minute keys each in a sequence wherein each key corresponds to a minute in a sequence of 'P' minutes, wherein 'P' is an integer between 1430 and 1450 minutes.

29. The method of claim 28, wherein the publishing further comprises selecting the at least one of the time keys so as to include one of the year keys, one of the day keys, and one of the minute keys each corresponding to the time that the digitally-signed data structure is published.