Digital Rights Management for Segmented Content
US-2016198202-A1 · Jul 7, 2016 · US
Systems and methods for securely processing content
US11790050B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11790050-B2 |
| Application number | US-202217811683-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 11, 2022 |
| Priority date | Jun 18, 2019 |
| Publication date | Oct 17, 2023 |
| Grant date | Oct 17, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A device may not trust another device with which it is in communication. To establish trust, a first device may send a second device an indication of signed code that is stored in a protected memory of the first device. Based on determining that the first device is a trusted device, the second device may send the first device an encrypted content asset, a decryption key associated with the content asset, and/or an encryption key associated with the content asset.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method comprising: receiving, from a network device, an indication of a secure enclave on the network device; determining, based on the indication of the secure enclave, that the network device is authenticated; based on determining that the network device is authenticated, determining a shared secret key; receiving, from the network device, a request for a digital rights management (DRM) key associated with a content asset; and sending, based on the request and to the network device, a response comprising at least the DRM key, wherein the response is encrypted using the shared secret key. 2. The method of claim 1 , wherein the request further comprises a digital certificate associated with the network device, and wherein the method further comprises storing an indication of the digital certificate in a database of trusted devices. 3. The method of claim 1 , wherein the determining that the network device is authenticated comprises sending the indication of the secure enclave to an authentication device, wherein the authentication device is configured to determine, based on the indication of the secure enclave, that the secure enclave comprises a secure environment. 4. The method of claim 1 , wherein the determining the shared secret key comprises initiating a handshake protocol with the network device. 5. The method of claim 1 , wherein the DRM key is associated with a user device, and wherein the request for the DRM key comprises an indication of the user device. 6. The method of claim 1 , wherein the indication of the secure enclave comprises an indication of an initial state of the secure enclave. 7. The method of claim 1 , wherein the determining that the network device is authenticated comprises determining that the network device is trusted. 8. A device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the device to: receive, from a network device, an indication of a secure enclave on the network device; determine, based on the indication of the secure enclave, that the network device is authenticated; based on determining that the network device is authenticated, determine a shared secret key; receive, from the network device, a request for a digital rights management (DRM) key associated with a content asset; and send, based on the request and to the network device, a response comprising at least the DRM key, wherein the response is encrypted using the shared secret key. 9. The device of claim 8 , wherein the request further comprises a digital certificate associated with the network device, and wherein the instructions, when executed by the one or more processors, further cause the device to store an indication of the digital certificate in a database of trusted devices. 10. The device of claim 8 , wherein the instructions that, when executed by the one or more processors, cause the device to determine that the network device is authenticated, cause the device to: send the indication of the secure enclave to an authentication device, wherein the authentication device is configured to determine, based on the indication of the secure enclave, that the secure enclave comprises a secure environment. 11. The device of claim 8 , wherein the instructions that, when executed by the one or more processors, cause the device to determine the shared secret key, cause the device to initiate a handshake protocol with the network device. 12. The device of claim 8 , wherein the DRM key is associated with a user device, and wherein the request for the DRM key comprises an indication of the user device. 13. The device of claim 8 , wherein the indication of the secure enclave comprises an indication of an initial state of the secure enclave. 14. The device of claim 8 , wherein the instructions that, when executed by the one or more processors, cause the device to determine that the network device is authenticated, cause the device to determine that the network device is trusted. 15. A non-transitory computer-readable medium storing instructions that, when executed, cause: receiving, from a network device, an indication of a secure enclave on the network device; determining, based on the indication of the secure enclave, that the network device is authenticated; based on determining that the network device is authenticated, determining a shared secret key; receiving, from the network device, a request for a digital rights management (DRM) key associated with a content asset; and sending, based on the request and to the network device, a response comprising at least the DRM key, wherein the response is encrypted using the shared secret key. 16. The non-transitory computer-readable medium of claim 15 , wherein the request further comprises a digital certificate associated with the network device, and wherein the instructions, when executed, further cause storing an indication of the digital certificate in a database of trusted devices. 17. The non-transitory computer-readable medium of claim 15 , wherein the instructions that, when executed, cause the determining that the network device is authenticated, cause: sending the indication of the secure enclave to an authentication device, wherein the authentication device is configured to determine, based on the indication of the secure enclave, that the secure enclave comprises a secure environment. 18. The non-transitory computer-readable medium of claim 15 , wherein the instructions that, when executed, cause the determining the shared secret key, cause initiating a handshake protocol with the network device. 19. The non-transitory computer-readable medium of claim 15 , wherein the DRM key is associated with a user device, and wherein the request for the DRM key comprises an indication of the user device. 20. The non-transitory computer-readable medium of claim 15 , wherein the indication of the secure enclave comprises an indication of an initial state of the secure enclave. 21. The non-transitory computer-readable medium of claim 15 , wherein the instructions that, when executed, cause the determining that the network device is authenticated, cause determining that the network device is trusted. 22. A system comprising: a network device comprising a secure enclave; and a computing device configured to: receive, from the network device, an indication of the secure enclave on the network device; determine, based on the indication of the secure enclave, that the network device is authenticated; based on determining that the network device is authenticated, determine a shared secret key; receive, from the network device, a request for a digital rights management (DRM) key associated with a content asset; and send, based on the request and to the network device, a response comprising at least the DRM key, wherein the response is encrypted using the shared secret key. 23. The system of claim 22 , wherein the request further comprises a digital certificate associated with the network device, and wherein the computing device is further configured to store an indication of the digital certificate in a database of trusted devices. 24. The system of claim 22 , wherein the computing device is configured to determine that the network device is authenticated by sending the indication of the secure enclave to an authentication device, wherein the authentication device is configu
Assignees
Inventors
Classifications
- G06F21/10Primary
Protecting distributed programs or content, e.g. vending or licensing of copyrighted material (protection in video systems or pay television H04N7/16) {; Digital rights management [DRM]} · CPC title
Secret sharing or secret splitting, e.g. threshold schemes · CPC title
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
Physics · mapped topic
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11790050B2 cover?
- A device may not trust another device with which it is in communication. To establish trust, a first device may send a second device an indication of signed code that is stored in a protected memory of the first device. Based on determining that the first device is a trusted device, the second device may send the first device an encrypted content asset, a decryption key associated with the cont…
- Who is the assignee on this patent?
- Comcast Cable Comm Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/10. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 17 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).