as) United States
`a2) Patent Application Publication 10) Pub. No.: US 2008/0270308 Al
`
` Peterkaet al. (43) Pub. Date: Oct. 30, 2008
`
`
`US 20080270308A1
`
`(54) METHOD AND APPARATUS FOR
`PROVIDING A SECURE TRICK PLAY
`Inventors:
`Petr Peterka, San Diego, CA (US);
`Alexander Medvinsky, San Diego,
`CA (US); Paul Moroney,
`Olivenhain, CA (US)
`
`(75)
`
`Correspondence Address:
`Motorola,Inc.
`Law Department
`1303 East Algonquin Road, 3rd Floor
`Schaumburg,IL 60196 (US)
`
`.
`.
`(73) Assignee: CORONTnwat PA
`» Horsham,
`(US)
`
`(21) Appl. No.:
`
`11/843,335
`
`(22)
`
`Filed:
`
`Aug. 22, 2007
`
`Related U.S. Application Data
`(60) Provisional application No. 60/914,431, filed on Apr.
`27, 2007.
`oe
`.
`.
`Publication Classification
`
`(51)
`
`Int. Cl.
`(2006.01)
`G06 10/00
`(52) US. Ch. cece cee ceseeseseeenetesescnesensecaeseees 705/51
`(57)
`ABSTRACT
`A process maybe utilized by a DVR. The process character-
`izes a set of content as a plurality of segments as the set of
`content is received. Each of the segments has a segment
`length according to a predetermined time interval. Further,
`the process encrypts each of the segments with a correspond-
`ing content encryption key to generate a plurality of
`encrypted segments. The corresponding content encryption
`key for each ofthe segments is generated by the DRM com-
`ponent. In addition, the process stores each of the encrypted
`segments for playback withtrick play features in accordance
`with an expiration content rule having a time limit on the
`temporary playability of the set of content.
`
`102
`
`Content
`Source
`
`1Ua]U0DpaydAsouy
`
`
`DRM
`Component
`
`
`
`~~
`__
`a 202
`Re-encrypted
`
`— Content J
`
`
`
`Content Rule
`
`
`~
`
`Nw 206
`
`
`Content
`
`
`- License_—
`
` 1
`
`APPLE 1009
`
`APPLE 1009
`
`1
`
`

`

`Patent Application Publication
`
`Oct. 30,2008 Sheet 1 of 7
`
`US 2008/0270308 Al
`
`108
`
`104
`
`110
`
`He
`
`
`
`
`f 106
`:
`
`102
`
`Content
`Source
`
`Figure 1
`
`2
`
`2
`
`

`

`Patent Application Publication
`
`Oct. 30,2008 Sheet 2 of 7
`
`US 2008/0270308 Al
`
`102
`
`Source
`
` Content
` yue]uoy
`peydAsoug
`
`
`
`
`DRM
`
`Component
`pe,
`Se 202
`Re-encrypted
`Content J
`
`
`
`Content Rule
`
`
`
`
`
`
`
`Cc
`License
`
`Figure 2
`
`3
`
`

`

`Patent Application Publication
`
`Oct. 30,2008 Sheet 3 of 7
`
`US 2008/0270308 Al
`
`a 300
`
`302
`
`304
`
`306
`
`
`
`
`
`Segment#1
`CEK #1
`
`
`
`Segment #2
`CEK #2
`
`
`
`
`
`Segment #3
`CEK #3
`
`a 0
`
`10
`
`15
`
`5
`
`Time (mins.)
`
`Figure 3
`
`4
`
`

`

`Patent Application Publication
`
`Oct. 30,2008 Sheet 4 of 7
`
`US 2008/0270308 Al
`
`a 400
`
`temporary playability of the set of content
`
`402
`
`404
`
`406
`
`characterize a set of content as a plurality of segments as
`the set of content is received, each of the segments having
`a segment length according to a predetermined time interval
`
`encrypt each of the segments with a corresponding
`content encryption key to generate a plurality of
`encrypted segments, the corresponding content
`encryption key for each of the segments being
`generated by a digital rights management component
`
`store each of the encrypted segments for playback
`with trick play features in accordance with an
`expiration content rule having a time limit on the
`
`Figure 4
`
`5
`
`

`

`Patent Application Publication
`
`Oct. 30,2008 Sheet 5 of 7
`
`US 2008/0270308 Al
`
`a 500
`
`y
`
`composea contentlicense for a set of content that
`has a corresponding expiration content rule
`indicating a time limit on temporary playability of
`the set of content, the set of content being
`characterized as a plurality of segments that each
`has a segmentlength according to a
`predetermined time interval
`
`insert a master key into the content license
`
`502
`
`504
`
`506
`
`508
`
`of the encrypted segment
`
`generate a unique content encryption key for each of
`the segments so that each of the segments is
`encrypted to form a plurality of encrypted segments
`
`insert a plurality of time stamps into the content
`license, each of the time stamps corresponding to
`oneof the encrypted segments andindicating a
`relative time from a recording start time to start
`
`Figure 5
`
`6
`
`

`

`Patent Application Publication
`
`Oct. 30,2008 Sheet 6 of 7
`
`US 2008/0270308 Al
`
`a 600
`
`602
`
`characterize a set of content as a plurality of segments as
`the set of content is received, each of the segments having
`a segmentlength according to a predetermined time interval
`
`retrieved during trick mode playback
`
`insert, for each of the encrypted segments, a marker
`token corresponding to the encrypted segmentinto an
`index file, the marker token including an index and a
`contentrule set of values associated with the
`encrypted segment and associated content
`encryption key so that the content rule set of values
`associated with the content encryption keyis
`
`encrypt each of the segments with a corresponding
`content encryption key to generate a plurality of
`encrypted segments, the corresponding content
`encryption key for each of the segments being
`generated by a digital rights management component
`
`store each of the encrypted segments for playback
`with trick play features in accordance with an
`expiration content rule having a time limit on the
`temporary playability of the set of content
`
`604
`
`606
`
`608
`
`Figure 6
`
`7
`
`

`

`Patent Application Publication
`
`Oct. 30,2008 Sheet 7 of 7
`
`US 2008/0270308 Al
`
` Processor
`
`Secure Trick Play Module
`
`1/0 Devices
`
`710
`
`730
`
`740
`
`720
`
`Figure 7
`
`8
`
`

`

`US 2008/0270308 Al
`
`Oct. 30, 2008
`
`METHOD AND APPARATUS FOR
`PROVIDING A SECURE TRICK PLAY
`
`RELATED APPLICATIONS
`
`[0001] This application claimspriority to U.S. Provisional
`Application Ser. No. 60/914,431 entitled “Secure Pause,”
`filed on Apr. 27, 2007, the content of which is incorporated
`herein by referencein its entirety.
`
`BACKGROUND
`
`1. Field
`[0002]
`[0003] This disclosure generally relates to the field of
`audio/visual content. More particularly, the disclosure relates
`to the managementof rights associated with audio/visual
`content.
`
`2. General Background
`[0004]
`[0005] Arecording device such as a Digital Video Recorder
`(“DVR”) records real-time content coming from sources such
`as cable, satellite, or broadband sources. The content gener-
`ally has a content license associated withit that specifies the
`rights associated with the content.
`[0006]
`Protected content marked as copy-neveris generally
`restricted from being recorded by content providers. For
`instance, a cable provider may wish to prevent a user from
`recording a pay-per-view set of content. However, users have
`become accustomedto utilizing features such astrick plays,
`e.g., pause, fast forward, rewind, and jump. Accordingly,
`content providers have made exceptions for copy-never con-
`tent to allow users to utilize pause andtrick plays on copy-
`never content for a temporary period of time. The content
`providers generally prevent a permanent recording for copy-
`never content, but may allow a temporary recording that is
`limited to a short predefined amount of time, e.g., ninety
`minutes, to allow for the pause andtrick play features.
`[0007] Current approaches do not adequately provide secu-
`rity for the temporary recording of copy-never content. The
`current approachesare typically based upon a buffer on the
`DVRharddrive, or other memory,that is only as large as the
`allowed amountofbuffer time would need. An example ofthe
`allowed time may be ninety minutes, but the allowed time
`maybe shorter or longer in duration. These buffers are typi-
`cally not managed with any great amountofsecurity, but will
`behave in the desired mannerif not attackedillicitly. From a
`license point of view, a single content key for the copy never
`content is another approach. However, a single content key
`makesit difficult for a DRM module to enforce the pause
`buffer limit. Content decryption is often provided in hardware
`for enhanced performance, and once that single content key is
`loaded into hardware, the DRM moduleis no longer in con-
`trol. In one example of a two hour movie, the full movie is
`allowed to be played back for ninety minutes after the event
`has completed (which would allow the last minute of the
`movie to be kept for ninety minutes in a pause buffer, but the
`first minute of the movie can be kept for three and a half
`hours). This is not what the content owner intended, where a
`ninety minute duration inside the pause buffer is allowed for
`each minute of the movie.
`
`SUMMARY
`
`predetermined time interval. Further, the process encrypts
`each ofthe segments with a corresponding content encryption
`key to generate a plurality of encrypted segments. The corre-
`sponding content encryption key for each of the segments is
`generated by the DRM component. In addition, the process
`stores each of the encrypted segments for playback with trick
`play features in accordance with an expiration content rule
`having a time limit on the temporary playability of the set of
`content.
`
`In another aspect, a process maybe utilized by the
`[0009]
`DRM component. The process composesa content license for
`a set of content that has a corresponding expiration content
`rule indicating a time limit on temporary playability ofthe set
`of content. Theset of content is characterized as a plurality of
`segments that each has a segment length according to a pre-
`determined timeinterval. Further, the process inserts a master
`key into the contentlicense. In addition, the process generates
`a unique content encryption key for each of the segments so
`that each of the segments is encrypted to form a plurality of
`encrypted segments. Finally, the process inserts a plurality of
`time stamps into the content license. Each ofthe time stamps
`correspondsto one of the encrypted segments and indicates a
`relative time from a recording start time to start of the
`encrypted segment.
`[0010]
`In yet another aspect, a process may be utilized by
`the DVR. The process characterizes a set of content as a
`plurality of segments asthe set of content is received. Each of
`the segments has a segment length according to a predeter-
`mined timeinterval. Further, the process encrypts each ofthe
`segments with a corresponding content encryption key to
`generate a plurality of encrypted segments. The correspond-
`ing content encryption key for each of the segments is gen-
`erated by the DRM component.In addition, the process stores
`each of the encrypted segments for playback with trick play
`features in accordance with an expiration content rule having
`a timelimit on the temporary playability of the set of content.
`The process inserts, for each of the encrypted segments, a
`marker token corresponding to the content encryption key for
`the encrypted segmentinto an index file. The marker token
`includes an index and a content rule set of values associated
`
`with the encrypted segment and associated content encryp-
`tion key so that the contentrule set of values associated with
`the content encryption key is retrieved during trick mode
`playback.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`[0011] The above-mentionedfeaturesofthe presentdisclo-
`sure will become more apparent with referenceto the follow-
`ing description taken in conjunction with the accompanying
`drawings wherein like reference numerals denote like ele-
`ments and in which:
`
`FIG. 1 illustrates a DRM environment.
`[0012]
`FIG.2 illustrates the interaction between the DVR,
`[0013]
`the content protection module, and the content source.
`[0014]
`FIG. 3 illustrates an example ofa plurality of seg-
`ments of content that may be recorded.
`[0015]
`FIG. 4 illustrates a process that may be utilized by
`the DVR.
`
`In one aspect of the disclosure, a process may be
`[0008]
`utilized by a DVR. The process characterizes a set of content
`as a plurality of segments as the set of content is received.
`Each of the segments has a segment length according to a
`
`FIG. 5 illustrates a process that may be utilized by
`[0016]
`the DRM component.
`[0017]
`FIG.6 illustrates another process that may be uti-
`lized by the DVR.
`
`9
`
`

`

`US 2008/0270308 Al
`
`Oct. 30, 2008
`
`FIG. 7 illustrates a block diagram of a station or
`[0018]
`system that provides secure trick play.
`
`DETAILED DESCRIPTION
`
`license. As CCI] updatesare receivedfor different segments of
`the content, the DRM componentgenerates a content encryp-
`tion key (‘CEK”) for each segment that is utilized to re-
`encrypt the content for storage on the hard drive 202 or other
`media storage, and to decrypt the re-encrypted content during
`playback. In one embodiment, the DRM component204, for
`each segment, stores a portion ofthe CCI update information.
`The DRM component 204 composes, and later derives, the
`CEK for each segmentby a calculation involving the master
`key and a subset of the content rule associated with the seg-
`ment. As an example, the subset of the content rule may
`include bits that are selected from the CCI information.
`
`[0019] A method and apparatus are disclosed that provide
`for secure pause and/or secure trick plays. A set of content,
`whichis intended by a content providerto be usable only for
`a temporary time period, is divided into a plurality of seg-
`ments. Each of the segments is encrypted with a unique key.
`Further, an expiration time is associated with each oneofthe
`unique keys so that the respective key can be utilized only up
`until the expiration time to decrypt the corresponding seg-
`Accordingly, the DRM component 204 may maintainalist of
`ment. As aresult, features such as pause ortrick plays may be
`CCIbits associated with a set of content. Each entry in thelist
`utilized for a predetermined time measured with respect to
`of CCI bits may be associated with an index that is incre-
`each segment.
`mented sequentially as each set of CCI bits is received. Alter-
`[0020]
`FIG. 1 illustrates a DRM environment 100. A con-
`natively, the index may bea random number used as a Content
`tent source 102, such as a content provider, encrypts a set of
`KeyIdentifier (““CKID”).
`content and then sends the content through a transmission
`[0023]
`FIG. 3 illustrates an example ofa plurality of seg-
`line, e.g., a cable, toa DVR 104, which has a DRMsystem.If
`ments 300 of content that may be recorded. For example, the
`the content is encrypted, the DVR 104 sends the content to a
`DVR 104 illustrated in FIG. 1 maybe at the point in time
`content protection module 106 for decryption. Examples of
`wherefifteen minutes of two hour long copy never protected
`the content protection module 106 include a CableCARD®,
`content has been recorded. In one embodiment, the copy
`secure memory card, on-board security chip, etc. However,
`never protected contentis stored in the hard drive 202 in FIG.
`any componentthat has the capability of terminating condi-
`2 or other media storage. An expiration content rule, e.g.,
`tional access that was protecting content transmitted to a
`copy never content rule, that is received along with the con-
`DVR 104 and applying copy protection when sending the
`tent establishes a predetermined amountoftime for which the
`content to the set to box 104 may be considered a content
`content may be temporarily stored to allow forthe trick play
`protection module 106. Further, the content source 102 may
`features, e.g., ninety minutes. The predetermined amountof
`include the content protection module 106. In other words, a
`time maybe implicit, e.g., hard coded, or provided as part of
`single module may be both the content source 102 and the
`the CCI, e.g., within CCIbits, or provided by an application
`content protection module 106. For instance, a smart card that
`that is running on the DVR 104. To approximate the required
`is inserted into the DVR 104 maystore content and provide
`secure management, the DVR 104 may characterize the con-
`conditional access. Alternatively, the DVR 104 mayreceive
`content that is streamed from a device in a home network.
`tent according to a plurality of segments with each segment
`being determined by a predetermined time sub-interval. For
`instance, the DVR 104 mayestablish a predetermined time
`interval of five minutes that results in characterizing the fif-
`teen minutes of recorded content as three segments: a first
`segment 302, a second segment304, and a third segment306.
`The length of each of the segments may, in general, be as
`small as a few secondsto as long as several minutes.
`[0024]
`In one embodiment, the DRM component 204 gen-
`erates a unique CEK for each segment of copy never content
`at a predefined time interval during recording. For instance,
`the DRM component 204 mayset a timer so that the DRM
`component 204 is automatically notified when a new time
`interval has begun and a new unique CEKhasto be generated
`for the segment in the new time interval. Accordingly, the
`DRM component 204 may begin recording the first segment
`302 by encrypting thefirst segment 302 with a first CEK and
`storing the encryptedfirst segment 302 in the hard drive 202
`or other media storage. Further, a timer may indicate to the
`DRM component 204 when five minutes has elapsed, or is
`aboutto elapse, so that the DRM component 204 may gener-
`ate a second CEK to encrypt the second segment 304 and
`store the encrypted second segment304 inthe hard drive 202
`or other media storage. In addition, the timer may indicate to
`the DRM component 204 when the next five minutes has
`elapsed, or is about to elapse, e.g., ten minutes since the
`beginning of the recording, so that the DRM component 204
`may generate a third CEK to encrypt the third segment 306
`and store the encrypted third segment 306 in the hard drive
`202 or other media storage. Only a small subset of the seg-
`ments is shownforillustrative purposes, but the DRM com-
`
`Further, the DVR 104 is utilized as an example, and one of
`ordinary skill in the art will recognize that any type of device,
`such as a mobile phone, television with a built-in slot for a
`CableCARD®,
`smart card,
`subscriber
`identity module
`(“SIM”) card, etc., may be utilized. The content protection
`module 106 then decrypts the content. Further,
`in one
`embodiment, the content protection module 106 hasan inter-
`face so that it may fit into a slot 110 of a DVR 104 and
`communicate with the DVR 104.
`
`FIG.2 illustrates the interaction between the DVR
`[0021]
`104, the content protection module 106, and the content
`source 102. When the DVR 104 receives encrypted content
`from the content source 102, the DVR 104 mayalso receive
`one or more content rules, e.g., CCI information, via the
`content protection module 106. The DVR 104 requests that
`the content protection module 106 decrypts the content so
`that the DVR 104 mayre-encrypt the content and record the
`re-encrypted content by storing it on a hard drive 202. CCI
`may include traditional copy control information such as
`Encryption ModeIndicator (“EMI”), Analog Protection Sys-
`tem (“APS”), Constrained ImageTrigger (“CIT”), Copy Gen-
`eration Management System-Analog (“CGMS-A”), etc.,
`extended CCI (including rental information, counted play-
`backs, etc., or other relevant content attributes such as the
`contentresolution, e.g., High Definition vs. Standard Defini-
`tion).
`[0022] The DVR 104 has a DRM component 204 that com-
`poses a content license associated with the content. The con-
`tent license may be stored on a storage medium 206. The
`DRM component 204 inserts a master key into the content
`
`10
`
`10
`
`

`

`US 2008/0270308 Al
`
`Oct. 30, 2008
`
`ponent 204 may continue to characterize segments of the
`content according to the predetermined time intervals and
`generate unique CEKsfor each of those predetermined time
`intervals all the way through the end of, for example, a two
`hour long content.
`[0025]
`In one embodiment, the actual CEK for each seg-
`mentis not storedin the hard drive 202 or other media storage.
`Rather, a time stamp, which indicates the relative time value
`from the beginning of the recording to the start of the seg-
`ment, is generated and stored at the time that each unique
`CEKis determined. Each time stamp is dynamically added to
`the content license as the recording progresses. As a result, the
`content license has a master key, which is statically inserted
`into the content license at the time the content license is
`
`generated, and a plurality of time stamps, which are each
`dynamically added through the recording to correspondto a
`particular segment. During playback, the master key and the
`time stampfora particular segment maybe utilized, at least in
`part, to derive the CEKfor that segmentso that the encrypted
`content for that segmentstored in the hard drive 202 or other
`media storage may be decrypted.
`[0026] When a user requests playback ofa particular seg-
`ment, e.g., the next paused segmentin order, or a jump to a
`segment through a trick play, a determination is madeto see if
`the segment complies with the expiration rule. In other words,
`a calculation is performed utilizing the time stamp for a
`segment requested for playback to determine if expiration
`rule is complied with so that the CEK for that segment is
`derived. In one embodiment, the calculation involves deter-
`mining if the current time minusthe relative time stamp,
`minus the time limit from the implicit or explicit expiration
`content rule, minus the predeterminedtimeinterval, is before
`the recording start time in the content license.If the result is
`before the recordingstart time, the entire content segmentis
`still playable. Accordingly, the master key and the time stamp
`for the segment may beutilized to derive the CEK for that
`segment. If the result is equal to or more than the recording
`start time, at least some portion of the content segmentis not
`playable since it is too old. In one embodiment, the DVR 104
`has access to secure time to establish the current time.
`
`the predetermined time
`In another embodiment,
`[0027]
`interval is not subtracted in the calculation, so that the con-
`sumeris granted access to a segment for which any portion
`has not expired. Accordingly, if the current time minus the
`relative time stamp minusthe timelimit is before the record-
`ing start time, then the DRM component 204 derives the
`unique content encryption key for the encrypted segment
`based, at least in part, on the master key and the time stamp for
`the encrypted segmentthat is stored in the content license to
`decrypt the encrypted segment. Therefore, each segment may
`be played only if noneofit has expired, so that no portion of
`the segmentviolates the expiration contentrule.
`[0028]
`In one embodiment, the time limit may be provided
`by a content provider in CCIbits of the expiration content
`rule. Accordingly, the content provider can customize the
`timelimit for different locations, times, users, content, etc. In
`another embodiment, the time limit may be hard coded into
`the application in the DVR 104 sothat the time limit stays the
`same.
`
`Inone embodiment, sequential playback ofthe con-
`[0029]
`tent is effectuated by DRM component 204 remembering the
`last CCI elementutilized. Each time that the DRM compo-
`nent 204 is asked to derive a new CEKandto set CCI values
`
`for protected outputs, the DRM component 204 selects the
`next consecutive CC] element.
`
`In another embodiment, playback in trick mode is
`[0030]
`effectuated utilizing a marker token stored in an indexfile.
`Recorded content is usually accompaniedby an indexfile that
`contains data about significant information and events, e.g.,
`location of I-frames, changes in the program map table
`(“PMT”), etc. In one embodiment, a marker token is added to
`the index file (or a similarfile) that signals an upcoming key
`change. The marker token includes the index and the CCIbits
`and any otherattributes used in deriving the CEK andsetting
`output control, e.g., a timestamp. Accordingly, when a user
`requestsa fast forward, rewind,orjumpto a particular portion
`of the content, the DVR 104 can look in the indexfile to find
`the current index and CCI values to provide to the DRM
`component 204. The DRM component 204 maythen derive
`the CEKfor the segmentthat the user wishes to fast forward,
`rewind, or jumpto by utilizing the CCI value and the master
`key. As a result, the user 1s provided with a glitchless viewing
`experienceirrespective of whether the playback is in sequen-
`tial modeortrick play mode. With respect to a configuration
`that utilizes a stream such as an MPEG-2 stream, a dynamic
`array with an odd/even key indicator (also called Scrambling
`Control) may beutilized so that transitions between keys do
`not cause any picture disruption. The odd/even key may be the
`last bit of the index or a separate odd/even key indicator.
`[0031]
`FIG.4 illustrates a process 400 that maybe utilized
`by the DVR 104. At a process block 402, the process 400
`characterizes a set of content as a plurality of segmentsas the
`set of content is received. Each ofthe segments has a segment
`length according to a predeterminedtimeinterval. Further, at
`a process block 404, the process 400 encrypts each of the
`segments with a corresponding content encryption key to
`generate a plurality of encrypted segments. The correspond-
`ing content encryption key for each of the segments is gen-
`erated by the DRM component204. In addition, at a process
`block 406, the process 400 stores each of the encrypted seg-
`ments for playback with trick play features in accordance
`with an expiration content rule having a time limit on the
`temporary playability of the set of content.
`[0032]
`FIG. 5 illustrates a process 500 that maybe utilized
`by the DRM component 204. At a process block 502, the
`process 500 composesa content license for a set of content
`that has a corresponding expiration content rule indicating a
`time limit on temporary playability of the set of content. The
`set of content is characterized as a plurality of segments that
`each has a segment length according to a predetermined time
`interval. Further, at a process block 504, the process 500
`inserts a master key into the contentlicense. In addition, at a
`process block 506, the process 500 generates a unique content
`encryption key for each of the segments so that each of the
`segments is encrypted to form a plurality of encrypted seg-
`ments. Finally, at a process block 508, the process 500 inserts
`aplurality oftime stampsinto the content license. Each of the
`time stamps corresponds to one of the encrypted segments
`and indicates a relative time from a recordingstart time to
`start of the encrypted segment.
`[0033]
`FIG.6 illustrates another process 600 that may be
`utilized by the DVR 104. At a process block 602, the process
`600 characterizes a set of contentas a plurality of segments as
`the set of content is received. Each of the segments has a
`segment length according to a predetermined timeinterval.
`Further, at a process block 604, the process 600 encrypts each
`of the segments with a corresponding content encryption key
`
`11
`
`11
`
`

`

`US 2008/0270308 Al
`
`Oct. 30, 2008
`
`to generate a plurality of encrypted segments. The corre-
`sponding content encryption key for each of the segments is
`generated by the DRM component 204. In addition, at a
`process block 606,
`the process 600 stores each of the
`encrypted segments for playback with trick play features in
`accordance with an expiration contentrule having atime limit
`on the temporary playability ofthe set ofcontent. Ata process
`block 608, the process 600 inserts, for each of the encrypted
`segments, a marker token corresponding to the encrypted
`segment into an index file. The marker token includes an
`index and a content rule set of values associated with the
`
`encrypted segment and associated content encryption key so
`that the content rule set of values associated with the content
`
`encryption key is retrieved during trick mode playback.
`[0034]
`FIG. 7 illustrates a block diagram of a station or
`system 700 that provides secure trick play. In one embodi-
`ment, the station or system 700 is implemented using a gen-
`eral purpose computer or any other hardware equivalents.
`Thus, the station or system 700 comprises a processor 710, a
`memory 720, e.g., random access memory (“RAM”) and/or
`read only memory (ROM), a secure trick play module 740,
`and various input/output devices 730, (e.g., e.g., audio/video
`outputs and audio/videoinputs,storage devices, including but
`notlimited to, a tape drive, a floppy drive, a hard disk drive or
`a compact disk drive, a receiver, a transmitter, a speaker, a
`display, an image capturing sensor, e.g., those used in a digital
`still cameraordigital video camera, a clock, an outputport, a
`user input device (such as a keyboard, a keypad, a mouse, and
`the like, or a microphone for capturing speech commands).
`The secure trick play module 740 may include one or more
`processors, and/or corresponding code.
`[0035]
`It should be understood that the secure trick play
`module 740 may be implemented as one or more physical
`devices that are coupledto the processor 710 through a com-
`munication channel. Alternatively, the secure trick play mod-
`ule 740 may be represented by one or more software appli-
`cations (or even a combination of software and hardware,e.g.,
`using application specific integrated circuits (ASIC)), where
`the software is loaded from a storage medium,(e.g., a mag-
`netic oroptical drive or diskette) and operated by the proces-
`sor in the memory 720 of the computer. As such, the secure
`trick play module 740 (including associated data structures)
`of the present disclosure may be stored on a computer read-
`able medium, e.g., RAM memory, magnetic or optical drive
`or diskette and the like.
`
`It is understood that the secure trick play approach
`[0036]
`described herein may also be applied in other types of sys-
`tems. Those skilled in the art will appreciate that the various
`adaptations and modifications of the embodiments of this
`method and apparatus may be configured without departing
`from the scope andspirit of the present method and system.
`Therefore, it is to be understood that, within the scope of the
`appended claims, the present method and apparatus may be
`practiced other than as specifically described herein.
`
`Weclaim:
`
`1. A method comprising:
`characterizing a set of contentas a plurality of segments as
`the set of content is received, each of the segments
`having a segment length according to a predetermined
`time interval;
`encrypting each ofthe segments with a corresponding con-
`tent encryption key to generate a plurality of encrypted
`segments, the corresponding content encryption key for
`
`each of the segments being generated by a digital rights
`management component; and
`storing each of the encrypted segments for playback with
`trick play features in accordance with an expiration con-
`tent rule having a time limit on the temporary playability
`of the set of content.
`
`2. The method of claim 1, further comprising receiving the
`expiration contentrule.
`3. The method of claim 2, further comprising receiving the
`predetermined time interval with the expiration contentrule.
`4. The methodof claim 1, wherein the expiration content
`rule is hard coded.
`5. The method of claim 4, wherein the predetermined time
`interval is hard coded.
`
`6. The methodofclaim 1, further comprising generating a
`time stamp for each of the encrypted segments that indicates
`a relative time from a recording start time to start of the
`encrypted segment.
`7. The method of claim 6, wherein the digital rights man-
`agement componentinserts a master key and the time stamp
`for each of the encrypted segments into a contentlicense.
`8. The methodof claim 7, further comprising requesting,
`that the digital rights management component derive the
`unique content encryption key for the encrypted segment
`based, at least in part, on the master key and the time stamp for
`the encrypted segmentthat is stored in the content license to
`decrypt the encrypted segment, the digital rights management
`component performing the derivation if the current time
`minusthe time stamp stored in the content license, minus the
`time limit, minus the segmentlength, is before the recording
`start time.
`
`9. The method of claim 7, further comprising requesting
`that the digital rights management component derive the
`unique content encryption key for the encrypted segment
`based, at least in part, on the master key and the time stamp for
`the encrypted segmentthat is stored in the content license to
`decrypt the encrypted segment, the digital rights management
`component performing the derivation if the current time
`minusthe time stamp stored in the content license, minus the
`time limit, is before the recordingstart time.
`10. The methodof claim 1, further comprising providing a
`timer that automatically indicates at each of the predeter-
`mined time intervals that the digital rights management com-
`ponent should generate a new unique content encryption key.
`11. The method of claim 1, wherein the expiration content
`rule is a copy never contentrule.
`12. The method of claim 1, wherein the timelimit is located
`within copy control informationbits.
`13. The methodof claim 1, wherein the timelimit is located
`within a software application that is stored on a digital video
`recorder.
`
`14. A method comprising:
`composing a content license for a set of content that has a
`co