Abstract: To render content on a medium, a device obtains a table from the medium, obtains a private key of the device (PR-PD), indexes into an entry of the table based thereon, obtains (PU-PD(RND)) from the indexed-into entry of the table, and applies (PR-PD) to (PU-PD(RND)) to expose a random key (RND). Then, the device obtains (RND(PR-PM)) from the table, applies (RND) to (RND(PR-PM)) to expose a private key of the medium (PR-PM), obtains (PU-PM(KD)) from the license, applies (PR-PM) to (PU-PM(KD)) to expose a content key (KD), obtains (KD(content)) from the storage medium, applies (KD) to (KD(content)) to expose the content.

Abstract: A digital license is migrated from a source platform to a target platform. At the source platform, a migration image is produced to include the license and corresponding data therein, and the license is deleted from such source platform. At the target platform, permission is requested from a centralized migration service to migrate the license in the migration image to the target platform. The migration service determines whether to permit migration of the license based on predetermined migration policy. Upon receiving the requested permission as a response from the migration service, the migration image is applied to the target platform by un-tying the license from the source platform and re-tying the license to the target platform.

Abstract: A digital license includes an identification of a removal service that can authorize removing such license. A client selects the license to be removed and the service, constructs a challenge including therein a challenge license identification block (LIB) identifying the license to be removed, and sends the challenge to the service. The service receives the challenge, stores at least a portion of the challenge in a database, constructs a response corresponding to the challenge and including therein a response LIB identifying the license to be removed and an identification of the service, and sends the response to the client. The client receives the response, employs the response LIB from the response to identify the license to be removed, and removes the identified license upon confirming that the identification of the service in the identified license matches the identification of the service in the response.

Abstract: A system of controlling playback of digital media. A system of controlling playback of digital media comprising a CE device having a secure clock and a license having a specified grace period disposed upon the CE device in which a digital media file governed by the license may be played for the grace period upon failure of the secure clock.

Abstract: A receiver tunes content and initially does not locate information relating to requirements for a corresponding license, and therefore constructs a default message including default requirements and sends such constructed default message with such default requirements to a computing device that is to render the content. The computing device upon receiving the sent default message with the default requirements constructs a default version of a license based on such received default requirements, stores such constructed default version of the license in a license store of such computing device, and thereafter renders the content only in accordance with the default version of the license.

Abstract: A sequence of content keys are shared between a receiver of pieces of digital content and a computing device upon which the content is to be rendered. The receiver encrypts each piece of content according to a corresponding content key in the sequence and forwards the encrypted content to the computing device and the computing device decrypts the encrypted content according to the corresponding content key. The receiver initially transmits to the computing device an initialization digital license with an initial content key (CK0) therein. Each of the receiver and the computing device derive a new content key (CKx) in the sequence from the initial content key (CK(0)) in the sequence on an as-needed basis and in a coordinated fashion. The initialization license is required only once for the sequence of content keys, and the receiver need not explicitly communicate (CKx) to the computing device for each piece of content.

Abstract: A computing device segregates licenses for corresponding content according to relatively short lived licenses for relatively short lived content and relatively long lived licenses for relatively long lived content. The computing device stores the relatively short lived licenses in a more temporary and volatile license store, and the relatively long lived licenses in a more permanent and non-volatile license store. Thus, the relatively short lived licenses are deleted when the temporary license store is turned off and do not create disorder in the permanent license store.

Abstract: A system of controlling playback of digital media. A system of controlling playback of digital media comprising a CE device having an output path and a license having a specified output protection level disposed upon the CE device in which the specified output protection level controls playback of the digital media over the output path.

Abstract: A computing device has encrypted content and a corresponding license having a decryption key for decrypting the content. The license allows the computing device to render the content thereon. The computing device may issue a sub-license based on the license to a portable device. The sub-license allows the portable device to render the content thereon and has the decryption key. The portable device has a digital device certificate including information thereon. The computing device receives from the portable device the device certificate thereof, and determines based on rules in the license and the information on the portable device in the device certificate whether the computing device can issue the sub-license to the portable device. If so, the computing device constructs such sub-license to include the decryption key (KD) and transmits the constructed sub-license to the portable device.

Abstract: A method of registering network devices in a digital rights management system (DRMS) includes receiving a digital certificate transmitted by the network device requesting registration and verifying the validity of the certificate. The DRMS may then send cryptographic information to the applying network device. The network device may be authorized for registration via a user interface to the DRMS. The DRMS may conduct a proximity test to determine of the network device is proximate to the DRMS. If the certificate is validated, authorization is received, and the proximity test indicates that the network device is proximate to the DRMS, the network device may be registered. A registered network device is then authorized to play protected digital content.

Abstract: Described herein are one or more implementations for transforming (e.g., transcoding) DRM-protected digital media content while retaining associated DRM-information (e.g., a user license its related information).

Abstract: A method is provided for a computing device to copy (burn) a playlist of tracks to a portable medium, where each track corresponds to a piece of digital content. At least one of the pieces of content is rights-management (RM) protected and accordingly is burned to the portable medium only in accordance with a corresponding digital license.

Abstract: A method of indirect license acquisition. A method of indirect license acquisition comprising, requesting a device certificate from a CE device by a PC. Then validating the device certificate sent from the CE device by the PC. Creating a random session ID and a session key by the PC. Generating a sent license response that is sent to the CE device. And processing a license response by the CE device.

Abstract: Digital content is rendered on a device by transferring the content to the device and obtaining a digital license corresponding to the content. A sub-license corresponding to and based on the obtained license is composed and transferred to the device, and the content is rendered on the device only in accordance with the terms of the sub-license. The content is encrypted and decryptable according to a content key, and the sub-license includes the content key encrypted and decryptable according to a secret. The sub-license also includes indexing information identifying the secret to the device. The indexing information in the sub-license is obtained to identify the secret, and the secret is acquired based at least in part on the indexing information. The secret is then applied to the encrypted content key to decrypt and obtain the content key, and the obtained content key is applied to the encrypted content to decrypt and obtain the content.

Abstract: Content revocation is achieved by disabling licenses issued to a computing device for the content. A content revocation is delivered within a license to the computing device. Upon license storage the content revocation is recognized, validated, and stored in a secure state store under the public key of the content server (PU-CS) that issued the content. Each license has a (PU-CS) therein, and each license evaluation considers each content revocation stored in the state store and having the same (PU-CS). The license is disabled or otherwise affected based on the considered content revocation. A content revocation is one form of a license modification that may be delivered within a license.

Abstract: A method for storing data. A method for storing data comprising arranging a plurality of data buckets in a logical inverted tree structure having a plurality of levels; and performing nested hashing at each level of the plurality of levels.

Abstract: A method of synchronizing. A method of synchronizing comprising, transferring at least one license of a plurality of licenses from a first PC, populating a license store on a CE device with the at least one license of the plurality of licenses from the first PC, populating a synchronization list with all licenses having state, filtering the synchronization list according to at least one threshold value to create a filtered synchronization list of licenses to be refreshed and refreshing the licenses to be refreshed.

Abstract: Generating a device certificate. A method of generating a device certificate comprising forming a template that will generate a device certificate upon the occurrence of a triggering event, filling in an authorization root certificate section of the template; filling in an authorization certificate section of the template, filling in a group certificate section of the template, and forming a device certificate section of the template.

Abstract: Content revocation is achieved by disabling licenses issued to a computing device for the content. A content revocation is delivered within a license to the computing device. Upon license storage the content revocation is recognized, validated, and stored in a secure state store under the public key of the content server (PU-CS) that issued the content. Each license has a (PU-CS) therein, and each license evaluation considers each content revocation stored in the state store and having the same (PU-CS). The license is disabled or otherwise affected based on the considered content revocation. A content revocation is one form of a license modification that may be delivered within a license.

Abstract: Metered data is accumulated and is indexed within a metering database of a client according to a metering ID (MID) and a content-associated ID (KID). The client selects a particular MID and metered data in the metering database having the selected MID, and constructs a challenge based on the selected metered data and sends same to a metering service. The metering service obtains the metered data from the challenge, stores same, and constructs a response. The client receives the response including a list of KIDs of the selected metered data in the challenge, and processes the list of KIDs by, for each KID in the list, deleting the metered data from the metering database having the selected MID and the KID.