Protecting media items using a media security controller

What is claimed is: 1. A method comprising: receiving, by a media security controller circuit of a media storage device from a rendering device, a request to render a media item that is stored in a memory of the media storage device, the memory storing an authorization file comprising one or more sets of digitally-signed instructions; obtaining, by the media security controller circuit, a first set of instructions from the authorization file, the first set of instructions being associated with the media item and comprising a first set of operations to: i) derive a temporary key from a base media storage device key; ii) use the temporary key to decrypt an encrypted key using a specified key in the first set of instructions; iii) decrypt a result using an authorization key matching an identifier (ID) designated in the first set of instructions; iv) use a session key to re-encrypt the result; and v) send the re-encrypted result to the rendering device; sending to the rendering device, by the media security controller circuit in response to receiving the request, a second set of instructions from the authorization file, the second set of instructions to be executed by the rendering device to render the media item, the second set of instructions being associated with the media item and comprising a second set of operations to: vi) to decrypt a re-encrypted result using the session key; and vii) use the decrypted result as a key to render the media item; executing, by the media security controller circuit, the first set of instructions; receiving from the rendering device, by the media security controller circuit, a portion of data, the portion of data relating to the media item to be rendered; transforming, by the media security controller circuit, the portion of data; and sending to the rendering device, by the media security controller circuit, the transformed portion of data. 2. The method of claim 1 , wherein executing the first set of instructions comprises sending to the rendering device a message for the rendering device to obtain the portion of data from the memory of the media storage device and to provide the portion of data to the media security controller circuit. 3. The method of claim 1 , wherein the first set of instructions are a set of digitally-signed instructions that are hashed in a way that connects the first set of instructions into a hash with various stages of hashing. 4. The method of claim 3 , wherein the set of digitally-signed instructions are hashed using a hash tree. 5. The method of claim 1 , wherein the authorization file comprises the encrypted key. 6. The method of claim 1 , wherein the transformed portion of data comprises data for the rendering device to render the media item. 7. The method of claim 1 , wherein transforming the portion of data comprises at least one of decrypting the portion of data, encrypting the portion of data, or compressing the portion of data. 8. The method of claim 1 , wherein the media security controller circuit comprises a second memory to store the authorization key corresponding to the transformed portion of data, and wherein transforming the portion of data comprises decrypting, by the media security controller circuit, the portion of data using the authorization key. 9. The method of claim 1 , further comprising: performing a first handshake between the media security controller circuit and the rendering device based on public key infrastructure cryptography; performing a second handshake between the media storage device and the rendering device based on symmetric key cryptography; and establishing a secure session with the rendering device based on the first handshake and the second handshake. 10. The method of claim 1 , wherein the first set of instructions specify the authorization key for transforming the portion of data and enable forensic analysis to identify the media security controller circuit to a third party, and wherein transforming the portion of data comprises creating, by the media security controller circuit, the transformed portion of data using the authorization key, wherein the transformed portion of data identifies the media security controller circuit to the third party. 11. The method of claim 1 , further comprising: synchronizing a first certificate revision list of the media security controller circuit with a second certificate revision list of the rendering device, wherein the first certificate revision list and the second certificate revision list describe one or more changes to a set of rights. 12. A method comprising: sending, by a rendering device, a request to render a media item that is stored in a memory of a media storage device; receiving, by the rendering device, an authorization file stored in the memory of the media storage device, the authorization file comprising a first set of instructions to be executed by a media security controller of the media storage device and a second set of instructions to be executed by the rendering device to render the media item, wherein the media security controller is hardware integrated within the media storage device, wherein the first set of instructions is associated with the media item and comprises a first set of operations to: i) derive a temporary key from a base media storage device key; ii) use the temporary key to decrypt an encrypted key using a specified key in the first set of instructions; iii) decrypt a result using an authorization key matching an identifier (ID) designated in the first set of instructions, iv) use a session key to re-encrypt the result; and v) send the re-encrypted result to the rendering device, and wherein the second set of instructions is associated with the media item and compress a second set of operations to: vi) decrypt a re-encrypted result using the session key; and vii) use the decrypted result as a key to render the media item; sending, by the rendering device, at least the second set of instructions to the media security controller; receiving from the rendering device, by the media security controller, a portion of data, the portion of data relates to the media item to be rendered receiving, by the rendering device, a portion of data from the memory of the media storage device, wherein the portion of data relates to the media item to be rendered by the rendering device; sending, by the rendering device, the portion of data read from the memory of the media storage device to the media security controller of the media storage device; and receiving, by the rendering device, a transformed portion of data from the media security controller of the media storage device. 13. The method of claim 12 , further comprising: receiving, by the rendering device, a message from the media security controller, the message instructing the rendering device to retrieve the portion of data and provide the portion of data to the media security controller, wherein the data in the memory of the media storage device is stored according to a file system unknown to the media security controller. 14. The method of claim 12 , further comprising: creating a playback map based on the transformed portion of data received from the media security controller, wherein the playback map comprises data to render the media item. 15. The method of claim 12 , further comprising: rendering the media item based on the transformed portion of data received from the media security controller. 16. The method of claim 12 , further comprising: processing the transformed portion of data using the session key that is shared with the media storage device