WO2002069562A1 - Method to control the transmission and use of digital information over a computer network - Google Patents

Method to control the transmission and use of digital information over a computer network Download PDF

Info

Publication number
WO2002069562A1
WO2002069562A1 PCT/US2002/006949 US0206949W WO02069562A1 WO 2002069562 A1 WO2002069562 A1 WO 2002069562A1 US 0206949 W US0206949 W US 0206949W WO 02069562 A1 WO02069562 A1 WO 02069562A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
data
package
decoder
decryption algorithm
Prior art date
Application number
PCT/US2002/006949
Other languages
French (fr)
Other versions
WO2002069562A8 (en
Inventor
Dennis Palatov
Original Assignee
Minds@Work, Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Minds@Work, Llc filed Critical Minds@Work, Llc
Publication of WO2002069562A1 publication Critical patent/WO2002069562A1/en
Publication of WO2002069562A8 publication Critical patent/WO2002069562A8/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/426Internal components of the client ; Characteristics thereof
    • H04N21/42607Internal components of the client ; Characteristics thereof for processing the incoming bitstream
    • H04N21/42623Internal components of the client ; Characteristics thereof for processing the incoming bitstream involving specific decryption arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2543Billing, e.g. for subscription services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25808Management of client data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4622Retrieving content or additional data from different sources, e.g. from a broadcast channel and the Internet
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/472End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content
    • H04N21/47202End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content for requesting content on demand, e.g. video on demand
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/478Supplemental services, e.g. displaying phone caller identification, shopping application
    • H04N21/4782Web browsing, e.g. WebTV
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/81Monomedia components thereof
    • H04N21/8166Monomedia components thereof involving executable data, e.g. software
    • H04N21/8193Monomedia components thereof involving executable data, e.g. software dedicated tools, e.g. video decoder software or IPMP tool
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • H04N21/8352Generation of protective data, e.g. certificates involving content or source identification data, e.g. Unique Material Identifier [UMID]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Definitions

  • the present invention relates to a method for delivering encrypted digital information (e g a movie) over a computer network while controlling the number of times such information may be used and the manner in which the information is used
  • Computer networks such as the Internet
  • digital information such as text files and, most importantly, digital multimedia content, such as audio and video files
  • this ease of distribution also allows for virtually unrestricted unauthorized copying and redistribution of the information with little means to preserve the rights of its owner
  • problems are exemplified by the widespread piracy of audio files copied from compact disks using the P3 compression standard, which currently stands at the center of a significant dispute between the record industry and the Internet community
  • Some solutions are currently being used that require a proprietary playback device for digital content in order to control its usage
  • DIVX employs a proprietary disk format similar to DVD and a proprietary player
  • Each disk bears a unique identification number that is encoded in the data on the disk and readable by the player
  • the proprietary player contains nonvolatile memory which stores the date and time that a particular disk was first played The disk may then be played in that specific player until the authorized use time expires, usually four days from the time the disk was first played
  • the player dials a preprogrammed number to establish a data connection with a central database server The player then uploads usage information to the server so that appropriate billing can be initiated Upon expiration of the authorized time, the disk may be played again resulting in another usage fee or it can be simply discarded by the customer
  • the primary objective of the present invention is to facilitate the distribution of digital information files over existing networks so that well known and readily available devices, such as conventional personal computers, can utilize the information content of the files, while being able to control the number of times such files may be used as well as the manner in which the files are used
  • a method is disclosed by which digital information (e g a movie) stored in a Content Database is transmitted by an information database server to a user's playback device (e g a personal computer) via a computer network (e g the Internet)
  • a user first provides to the server information concerning his identity, the manner in which he will use and pay for the digital information, and the type of playback device to receive and play the digital information to be transmitted by the server
  • the server identifies a distinct encryption and decryption key set for initially encoding and later decoding the digital information to be transmitted to and played on the user's playback device
  • the server creates a Deliverable File and transmits the file to the user's playback device over the network
  • the Deliverable File includes an executable program header which runs on the user's playback device and attempts to establish a secure connection between the playback device and the server
  • the program header Upon successfully establishing a secure connection, the program header transmits a unique transaction identification number contained in the Deliverable file in which the digital information requested by the user is encoded
  • the server compares the information provided to it by the user with predetermined information that is stored in a User Database
  • the server transmits the decryption key to the program header of the Deliverable File so that the previously encoded content file thereof may now be decoded to enable the digital information requested by the user to be played on the user's playback device
  • the server transmits the decryption key to the program header of the Deliverable File so that the previously encoded content file thereof may now be decoded to enable the digital information requested by the user to be played on the user's playback device
  • an error signal is generated to prevent the transmission of the decryption key to the program header of the Deliverable File, whereby the transaction is terminated
  • Figures 1 and 2 show a flow chart to illustrate the steps during the delivery and use halves of the method of the present invention for transmitting digital information over an available network while enabling the frequency and manner of use to be selectively controlled,
  • Figure 3 is a block diagram corresponding to the method steps of Figures 1 and 2, and
  • Figure 4 represents the contents of a Deliverable File which contains encoded digital information transmitted to a user over the network
  • Figure 5A-5C illustrates one embodiment of a distribution architecture for the secure distribution of encrypted data in accordance with the present invention
  • the preferred embodiment of the invention is controlling the use of digital information files
  • the method relies on standard hardware for enabling computer networking data encryption, database management and secure communications over a network
  • Many examples of such hardware are well known in the art and, therefore, they will not be described herein in detail
  • the present method comprises a number of distinct steps, each of which is detailed below to achieve the foregoing objective These steps require at least one central information server that is connected to a computer network, such as the Internet
  • the information server has access to a Content Database containing information files to be transmitted to a user via the network and a User Database containing predetermined user information
  • a Content Database containing information files to be transmitted to a user via the network
  • a User Database containing predetermined user information
  • the method of the present invention is best described by separating the method steps into two halves, a Delivery half and a Use half
  • the Delivery half represented by reference numeral 30 and illustrated in Figure 1
  • the Use half represented by reference numeral 40 and illustrated in Figure 2
  • Step 1 of Figure 1 the Delivery half 30 of the present method begins with Step 1 of Figure 1 at which time the server receives a request for a specific information file from its Content Database 44.
  • This request is preferably received from a customer via the Network 46 and contains information identifying the customer, the type of information requested (e.g. a movie), the type and number of intended uses, and the method of user payment.
  • the intended uses may include playback on the customer's video system (e.g. a television or computer monitor) or the creation of a media disk in a standard format such as CD or DVD.
  • the methods of payment may include credit card, a pre-established account, or an electronic cash transfer.
  • Step 2 information regarding the specific nature of the customer's target environment is obtained interactively via the Network 46. Such information may include the type of playback device 49 to process and play the information requested and its specific capabilities as well as the type and version of system software. Step 2 may be automatically performed if the information describing the customer's playback device 49 is already stored in the User Database 48.
  • a unique file identification number 50 is created by the server 42.
  • the identification number may be created sequentially or at random and will have a sufficient number of digits to identify the customer's transaction and reasonably preclude the possibility that duplicate numbers could be issued.
  • the identification number 50 will become part of the Deliverable File (designated 58 in Figure 4).
  • a unique encryption and decryption key set is generated by the server 42 for the customer's transaction (e.g. ordering a movie). Any known encryption scheme may be used, but one based on public key cryptography is preferable.
  • a decryption key 52 in addition to a customary numerical key used in cryptography, may also include a software routine 54 for implementing a decryption algorithm utilizing the numerical key. The inclusion of a software routine 54 as part of the decryption key 52 and separate from the Deliverable File 58 makes it more difficult to defeat the encryption by examining the Deliverable File.
  • a content file 55 which is encoded by using the encryption key will become part of the Deliverable File 58 and represents the information content requested by the customer.
  • an executable program header 56 is created by the Server 42 that may be executed on the customer's system by utilizing the target environment (e.g. playback device 49) information obtained in Step 2.
  • the executable program header 56 is designed to be recognized as, an executable program by the customer's system and has the capability of performing the Use half 40 of the present method that will be described in greater detail hereinafter when referring to Steps 9-19 of Figure 2.
  • Step 6 of the Delivery half 30 involves combining the executable header 56 created in Step 5, the unique file identification number 50 created in Step 3, and the encrypted content file 55 into a single Deliverable File 58 in such a manner that the Deliverable File will be recognized by the customer's system as an executable program.
  • Step 7 a Use Record 60 is created in the User Database 48 in which is contained at least the unique file identification number 50 created in Step 3, the decryption key 52 created in Step 4, and information 53 describing the number and type of authorized uses for the Deliverable File 58 for a particular customer transaction.
  • Step 8 is the delivery of the Deliverable File 58 that was created in Step 6 to the customer's system (i e playback device 49) via the Network 46 Alternatively, Step 8 may be carried out by-transferring the Deliverable File 58 to a standard media disk such as a CD or DVD and mailing the completed disk to the customer
  • the Use half of the present method begins with Step 9, wherein the customer selects the Deliverable File 58 to run as a program on his system That is to say, the customer's playback device 49 executes the program header 56 of the Deliverable File 58 by whatever means are customary and appropriate for the system
  • This step may be implemented by selecting a corresponding symbol from an on-screen menu More particularly, the program header 56 of Deliverable File 58 that was previously created in Step 5 of the Delivery half 30 is now loaded and executed Note that this step 9 of the Use half 40 may be performed simultaneously with step 8 of the Delivery half 30
  • the executable program header 56 determines the type of use desired (e g rent or purchase a movie), either by interacting with the customer through a means customary on the target system playback device 49 or by having the use of information included in the Deliverable File 58
  • Step 11 the executable program header 56 attempts to establish a secure connection between the customer's playback device 49 and the server 42 over the Network 46
  • the connection may utilize any secure means of communication such as, for example, industry standards known as SSL (Secure Sockets Layer) If a connection cannot be established, an error is reported to the customer and the execution terminates, thereby preventing use of the content file 55 that is part of the Deliverable File 58 If Step 11 is completed successfully, then, in step 12, the executable program header 56 running on the customer's playback device 49 transmits a use request to the server 42 via the secure connection of step 11
  • the information content of the use request contains the unique file identification number 50 obtained from the Deliverable File 58 by the executable program header 56 thereof
  • Step 13 involves the server 42 accessing the Use Record 60 that has been created during Step 7 as part of the User Database 48
  • the unique file identification number 50 of the Use Record 60 is used to locate the particular record Information about the number and type of authorized uses and method of payment is retrieved from the record If a Use Record cannot be located, the method proceeds directly to Step 18 and is treated as an error Otherwise, the presently described method continues with Step 14
  • Step 14 the server 42 compares the requested use with the information retrieved during Step 13 If the requested use is of a type which is not permitted, the method proceeds directly to Step 18 and is also treated as an error If the requested use is compared and verified as an authorized use based upon the Use Record 60 of the User Database 48, the method continues with Step 15 In Step 15, the server 42 retrieves the decryption key 52 created during Step 4 and transmits the decryption key to the executable program header 56 of the Deliverable File 58 on the customer's playback device 49 This transmission is accomplished by means of the previously established secure connection over the Network 46
  • Step 16 the executable program header 56 of Deliverable File 58 uses the decryption key 52 to decrypt and play back the previously encrypted content file 55 of the Deliverable File 58 If the decryption key contains a decryption software algorithm 54, the executable program header loads the algorithm into the user system memory and executes it In Step 17, the number of authorized uses stored in the Use Record 60 is decremented If the new number is zero, the Use Record is removed from the User Database 48 Otherwise, the Use Record 60 is updated with a new number indicating the authorized uses remaining Step 18 is the error-handling step and is only executed if the requested use of the Deliverable File 58 could not be authorized In this step, an error message is transmitted by the Server 42 to the executable program header 56 on the customer's system by means of the previously established secure connection The header 56 then reports the error to the customer and terminates the method, thereby preventing use of the encrypted content file 55 of the Deliverable File 58 In summary, the method of the present invention facilitates the delivery and controlled use of digital content on any playback device capable of
  • the decoder integrated circuit includes a decryption engine processor utilizing a secret, secure instruction set
  • a key package used to decrypt a corresponding encrypted data package is securely transmitted to the decoder integrated circuit
  • the key package contains both the decryption key to be used, and the binary executable image of the algorithm for utilizing the key and for decrypting the corresponding data package, the binary image being coded in the secret instruction set of the decryption engine processor
  • the key package may also include a unique ID to be used for identifying the particular key package and matching it with one or more files previously encrypted with the same key package
  • the decoder integrated circuit further includes the circuitry necessary for securely receiving, decrypting, and storing one or more key packages, which is preferably based on commonly available public/private key cryptography methods utilizing session keys for secure transmission of key packages
  • the decoder integrated circuit is housed in an integrated circuit package within the playback device
  • the decoder integrated circuit handles the software transactions between the playback device and a kiosk
  • the integrated circuit may be implemented using gate array, standard cell or custom chip technology False interconnects and false circuitry may be used to obscure the decoder circuit operation to thereby make it more difficult to reverse engineer the decoder circuit and determine the secret instruction set
  • the playback device may be a PC, a television, or a standalone device Because the decrypted key package is not transmitted outside of an integrated circuit device, the security of the corresponding data package is thereby greatly advanced
  • the decoder integrated circuit 530 includes a playback device key generator 532, a playback device algorithm decoder 534, a non-volatile key storage memory 536, a playback device decryption engine 538 and a data port 540
  • the kiosk or distribution center 544 includes a distribution center key generator 546, an distribution center algorithm decoder 548, non
  • the decoder integrated circuit 530 is used to receive an encrypted data file, decrypt the file, then deliver the file in a form which can be utilized for playback
  • the playback device is a handheld use- specific stand-alone device, such as an MP3 player
  • a stand-alone is a device that is capable of operating without an ASCII keyboard, mouse, or personal computer
  • the stand-alone device may be taken to a kiosk to download the data of choice
  • a communication and download process occurs between the playback device and the kiosk. The following entails the process taken to request a video or audio, then later download the data file securely from the kiosk to the playback device.
  • the central database or server 556 receives, stores and encrypts data, stores encryption and decryption algorithms, and generates key packages.
  • the central database then securely transmits the encrypted data and the key package to the kiosk or distribution center 544 in response to a user or administrator request.
  • the data source database 558 stores data to be encrypted and downloaded.
  • the data may be video or audio in the form of MPEG, MP3, WAV, or other video or audio file format.
  • the algorithm database 562 stores the program code used to encrypt the data to be downloaded as well as the program code used for the key packages.
  • Various decryption algorithms for the data and key packages are stored in the database to be utilized as needed.
  • a video file may be encrypted and decrypted using different algorithms than those used to encrypt and decrypt audio file.
  • the type of algorithm used may be randomly selected for each content being encrypted.
  • the data decryption algorithm is coded using a secret instruction set corresponding to the decryption engine processor.
  • the data encryption engine 564 utilizes an encryption algorithm 506 from the algorithm database 562, a media content file 502 from the data source database 558, and a data key 504 and encrypts the data file package 512.
  • the encrypted data package 512 further includes a file ID 576 and the encrypted content media 578.
  • the encrypted data package 512 is preloaded to the kiosk 544 or upon request.
  • the key encoder 566 loads the data decryption algorithm 506 from the algorithm database 562.
  • the kiosk public key 508 is then transmitted by a kiosk key generator 546 to the central server key encoder 566 and creates a key package 510 for the kiosk.
  • the key package 510 includes a data key 568, a data decryption algorithm 570, and may further include a file ID 572 and usage information 574, including number of times used and number of authorized uses remaining.
  • a private key 514 is provided to the algorithm decoder 548 by the key generator 546.
  • the private key 514 is applied to decode the key package 510 transmitted by the server key encoder 566.
  • the decrypted key package 516 is then stored in the non-volatile key memory 550 until a request is made by a user for a particular data file.
  • the kiosk 544 transmits a ready signal to the playback device 528.
  • the decrypted key package 516 is then read by the kiosk key encoder 552.
  • a public key 518 is transmitted from the decoder IC key generator 532 to the kiosk key encoder 552 to re-encode a unique key package 520 for the playback device 528.
  • Public-key cryptography standards developed by RSA Data Security or the like may be used to define the public and private key package.
  • the decryption algorithm is coded using a secret instruction set, even if the encrypted key package is intercepted and decrypted, the algorithm cannot be used to access the associated data content without using a decoder, such as the decoder integrated circuit illustrated in Figure 5A-5C, capable of executing the secret command set.
  • the algorithm decoder 534 decrypts the key package utilizing a private key 522 generated by the decoder IC key generator 532 and saves it in the non-volatile key storage memory 536. Then, the encrypted data 524 stored in the kiosk data store 554 is loaded to the playback device data store 542. The user then removes the playback device from the kiosk.
  • the decryption engine 538 reads the encrypted data 512 from the playback device data store 542 through the data port 540 and reads the decrypted key package 524 from the nonvolatile key storage memory 536. The decryption engine 538 then decrypts the encrypted data package 512 using the key package 524.
  • the decrypted data 580 is transmitted to a digital-to-analog converter 582 to transform the decrypted digital media 580 to analog signals for output 526.
  • a digital-to-analog converter 582 to transform the decrypted digital media 580 to analog signals for output 526.
  • a personal computer or television with an appropriate setup box or internal circuitry may be configured as both a kiosk and a playback device with the addition of the appropriate hardware containing the decoder integrated circuit.
  • the decoder integrated circuit may be mounted on the motherboard or may be on a separate board located on the back panel slots of the personal computer. The personal computer would appropriate as similarly described above.

Abstract

Encrypted digital information (e.g. a movie) is delivered over a computer network while controlling the number of times and the manner in which the information is used. A playback device (49) includes a decoder used to decrypt data, such as audio or video content, transmitted from a data distribution system or server (42). A key generator contained within the decoder generates a public key and a private key. The public key is transmitted to the server. The decoder receives from the server an encrypted key package including a decryption algorithm that includes instructions from a secret instruction set. The decoder also receives from the server an encrypted data package (58), wherein the data package is decryptable using the decryption algorithm. The decoder decrypts the encrypted key package using the private key to obtain a decrypted decryption algorithm which the decoder executes to decrypt the data package (55).

Description

METHOD TO CONTROL THE TRANSMISSION AND USE OF DIGITAL INFORMATION OVER A COMPUTER NETWORK
Background of the Invention Field of the Invention The present invention relates to a method for delivering encrypted digital information (e g a movie) over a computer network while controlling the number of times such information may be used and the manner in which the information is used
Description of the Related Art
Computer networks, such as the Internet, present a very effective and efficient means for distributing digital information, such as text files and, most importantly, digital multimedia content, such as audio and video files Unfortunately, this ease of distribution also allows for virtually unrestricted unauthorized copying and redistribution of the information with little means to preserve the rights of its owner Such problems are exemplified by the widespread piracy of audio files copied from compact disks using the P3 compression standard, which currently stands at the center of a significant dispute between the record industry and the Internet community Some solutions are currently being used that require a proprietary playback device for digital content in order to control its usage One such approach is DIVX that employs a proprietary disk format similar to DVD and a proprietary player
Each disk bears a unique identification number that is encoded in the data on the disk and readable by the player The proprietary player contains nonvolatile memory which stores the date and time that a particular disk was first played The disk may then be played in that specific player until the authorized use time expires, usually four days from the time the disk was first played
Periodically, the player dials a preprogrammed number to establish a data connection with a central database server The player then uploads usage information to the server so that appropriate billing can be initiated Upon expiration of the authorized time, the disk may be played again resulting in another usage fee or it can be simply discarded by the customer
Such solutions, which require a proprietary playback device, significantly limit the size of the potential audience and add to the usage fee the substantial costs of developing, manufacturing and distributing the playback devices Although the DIVX solution does not presently allow for delivering content via a network, such capability may be created using methods and apparatus that are well known in the art
Therefore, what is needed is a method of transmitting digital information files over existing networks so that well known and readily available devices, such as conventional personal computers, can be used to view the content while the number of times such files may be used, as well as the manner in which the files are used, can be selectively controlled
Summary of the Invention The primary objective of the present invention is to facilitate the distribution of digital information files over existing networks so that well known and readily available devices, such as conventional personal computers, can utilize the information content of the files, while being able to control the number of times such files may be used as well as the manner in which the files are used In general terms, a method is disclosed by which digital information (e g a movie) stored in a Content Database is transmitted by an information database server to a user's playback device (e g a personal computer) via a computer network (e g the Internet) A user first provides to the server information concerning his identity, the manner in which he will use and pay for the digital information, and the type of playback device to receive and play the digital information to be transmitted by the server The server identifies a distinct encryption and decryption key set for initially encoding and later decoding the digital information to be transmitted to and played on the user's playback device
Next, the server creates a Deliverable File and transmits the file to the user's playback device over the network The Deliverable File includes an executable program header which runs on the user's playback device and attempts to establish a secure connection between the playback device and the server Upon successfully establishing a secure connection, the program header transmits a unique transaction identification number contained in the Deliverable file in which the digital information requested by the user is encoded The server then compares the information provided to it by the user with predetermined information that is stored in a User Database
In the event that the user information corresponds with the predetermined information from the User Database, whereby to designate an authorized user and use, the server transmits the decryption key to the program header of the Deliverable File so that the previously encoded content file thereof may now be decoded to enable the digital information requested by the user to be played on the user's playback device However, if the user information does not correspond with the information in the User Database, then an error signal is generated to prevent the transmission of the decryption key to the program header of the Deliverable File, whereby the transaction is terminated
Brief Description of the Drawings The invention, its configuration, construction, and operation will be further described in the following detailed description, taken in conjunction with the accompanying drawings in which
Figures 1 and 2 show a flow chart to illustrate the steps during the delivery and use halves of the method of the present invention for transmitting digital information over an available network while enabling the frequency and manner of use to be selectively controlled,
Figure 3 is a block diagram corresponding to the method steps of Figures 1 and 2, and
Figure 4 represents the contents of a Deliverable File which contains encoded digital information transmitted to a user over the network Figure 5A-5C illustrates one embodiment of a distribution architecture for the secure distribution of encrypted data in accordance with the present invention
Detailed Description of the Preferred Embodiment The preferred embodiment of the invention is controlling the use of digital information files The method relies on standard hardware for enabling computer networking data encryption, database management and secure communications over a network Many examples of such hardware are well known in the art and, therefore, they will not be described herein in detail The present method comprises a number of distinct steps, each of which is detailed below to achieve the foregoing objective These steps require at least one central information server that is connected to a computer network, such as the Internet The information server has access to a Content Database containing information files to be transmitted to a user via the network and a User Database containing predetermined user information Many examples of such computer servers exist in the art, and most of these servers use the Internet as the primary network for data transfer
The method of the present invention is best described by separating the method steps into two halves, a Delivery half and a Use half The Delivery half, represented by reference numeral 30 and illustrated in Figure 1 , comprises Steps 1 through 8 of the present method, described below. The Use half, represented by reference numeral 40 and illustrated in Figure 2, comprises Steps 9 through 19 and is also detailed below.
Referring concurrently to Figures 1 , 3 and 4, the Delivery half 30 of the present method begins with Step 1 of Figure 1 at which time the server receives a request for a specific information file from its Content Database 44. This request is preferably received from a customer via the Network 46 and contains information identifying the customer, the type of information requested (e.g. a movie), the type and number of intended uses, and the method of user payment. The intended uses may include playback on the customer's video system (e.g. a television or computer monitor) or the creation of a media disk in a standard format such as CD or DVD. The methods of payment may include credit card, a pre-established account, or an electronic cash transfer. In Step 2, information regarding the specific nature of the customer's target environment is obtained interactively via the Network 46. Such information may include the type of playback device 49 to process and play the information requested and its specific capabilities as well as the type and version of system software. Step 2 may be automatically performed if the information describing the customer's playback device 49 is already stored in the User Database 48.
In Step 3, a unique file identification number 50 is created by the server 42. The identification number may be created sequentially or at random and will have a sufficient number of digits to identify the customer's transaction and reasonably preclude the possibility that duplicate numbers could be issued. The identification number 50 will become part of the Deliverable File (designated 58 in Figure 4).
In Step 4, a unique encryption and decryption key set is generated by the server 42 for the customer's transaction (e.g. ordering a movie). Any known encryption scheme may be used, but one based on public key cryptography is preferable. Within the context of the present invention, a decryption key 52, in addition to a customary numerical key used in cryptography, may also include a software routine 54 for implementing a decryption algorithm utilizing the numerical key. The inclusion of a software routine 54 as part of the decryption key 52 and separate from the Deliverable File 58 makes it more difficult to defeat the encryption by examining the Deliverable File. A content file 55 which is encoded by using the encryption key will become part of the Deliverable File 58 and represents the information content requested by the customer. In Step 5, an executable program header 56 is created by the Server 42 that may be executed on the customer's system by utilizing the target environment (e.g. playback device 49) information obtained in Step 2. The executable program header 56 is designed to be recognized as, an executable program by the customer's system and has the capability of performing the Use half 40 of the present method that will be described in greater detail hereinafter when referring to Steps 9-19 of Figure 2. Step 6 of the Delivery half 30 involves combining the executable header 56 created in Step 5, the unique file identification number 50 created in Step 3, and the encrypted content file 55 into a single Deliverable File 58 in such a manner that the Deliverable File will be recognized by the customer's system as an executable program. All of the Deliverable File 58 or just the content file 55 is encrypted using the encryption key created in Step 4. The means of accomplishing this step are well known in the art and will not be described here. Some examples of such combined files include self-extracting archive files. In Step 7, a Use Record 60 is created in the User Database 48 in which is contained at least the unique file identification number 50 created in Step 3, the decryption key 52 created in Step 4, and information 53 describing the number and type of authorized uses for the Deliverable File 58 for a particular customer transaction. Step 8 is the delivery of the Deliverable File 58 that was created in Step 6 to the customer's system (i e playback device 49) via the Network 46 Alternatively, Step 8 may be carried out by-transferring the Deliverable File 58 to a standard media disk such as a CD or DVD and mailing the completed disk to the customer
The Use half of the present method, designated 40 in Figure 2, begins with Step 9, wherein the customer selects the Deliverable File 58 to run as a program on his system That is to say, the customer's playback device 49 executes the program header 56 of the Deliverable File 58 by whatever means are customary and appropriate for the system This step may be implemented by selecting a corresponding symbol from an on-screen menu More particularly, the program header 56 of Deliverable File 58 that was previously created in Step 5 of the Delivery half 30 is now loaded and executed Note that this step 9 of the Use half 40 may be performed simultaneously with step 8 of the Delivery half 30 In Step 10, the executable program header 56 determines the type of use desired (e g rent or purchase a movie), either by interacting with the customer through a means customary on the target system playback device 49 or by having the use of information included in the Deliverable File 58
In Step 11 , the executable program header 56 attempts to establish a secure connection between the customer's playback device 49 and the server 42 over the Network 46 The connection may utilize any secure means of communication such as, for example, industry standards known as SSL (Secure Sockets Layer) If a connection cannot be established, an error is reported to the customer and the execution terminates, thereby preventing use of the content file 55 that is part of the Deliverable File 58 If Step 11 is completed successfully, then, in step 12, the executable program header 56 running on the customer's playback device 49 transmits a use request to the server 42 via the secure connection of step 11 The information content of the use request contains the unique file identification number 50 obtained from the Deliverable File 58 by the executable program header 56 thereof
Step 13 involves the server 42 accessing the Use Record 60 that has been created during Step 7 as part of the User Database 48 The unique file identification number 50 of the Use Record 60 is used to locate the particular record Information about the number and type of authorized uses and method of payment is retrieved from the record If a Use Record cannot be located, the method proceeds directly to Step 18 and is treated as an error Otherwise, the presently described method continues with Step 14
In Step 14, the server 42 compares the requested use with the information retrieved during Step 13 If the requested use is of a type which is not permitted, the method proceeds directly to Step 18 and is also treated as an error If the requested use is compared and verified as an authorized use based upon the Use Record 60 of the User Database 48, the method continues with Step 15 In Step 15, the server 42 retrieves the decryption key 52 created during Step 4 and transmits the decryption key to the executable program header 56 of the Deliverable File 58 on the customer's playback device 49 This transmission is accomplished by means of the previously established secure connection over the Network 46
In Step 16, the executable program header 56 of Deliverable File 58 uses the decryption key 52 to decrypt and play back the previously encrypted content file 55 of the Deliverable File 58 If the decryption key contains a decryption software algorithm 54, the executable program header loads the algorithm into the user system memory and executes it In Step 17, the number of authorized uses stored in the Use Record 60 is decremented If the new number is zero, the Use Record is removed from the User Database 48 Otherwise, the Use Record 60 is updated with a new number indicating the authorized uses remaining Step 18 is the error-handling step and is only executed if the requested use of the Deliverable File 58 could not be authorized In this step, an error message is transmitted by the Server 42 to the executable program header 56 on the customer's system by means of the previously established secure connection The header 56 then reports the error to the customer and terminates the method, thereby preventing use of the encrypted content file 55 of the Deliverable File 58 In summary, the method of the present invention facilitates the delivery and controlled use of digital content on any playback device capable of establishing a secure network connection with the server 42 By storing the decryption key and use authorization information separate from the Deliverable File 58, it is possible to allow unlimited copying and redistribution of the Deliverable File while still maintaining control over its use By using industry-standard encryption techniques, the method described above is capable of providing a content delivery and control mechanism that is resistant to most attempts at circumvention so as to provide a sufficient deterrent to tampering with its intended use The security of this method can be further enhanced, as described above, by combining the decryption algorithm with the decryption key and separating it from the Deliverable File 56
One embodiment of the present invention provides a decoder integrated circuit configured to handle a plurality of decryption algorithms and key lengths The decoder integrated circuit includes a decryption engine processor utilizing a secret, secure instruction set A key package used to decrypt a corresponding encrypted data package is securely transmitted to the decoder integrated circuit The key package contains both the decryption key to be used, and the binary executable image of the algorithm for utilizing the key and for decrypting the corresponding data package, the binary image being coded in the secret instruction set of the decryption engine processor The key package may also include a unique ID to be used for identifying the particular key package and matching it with one or more files previously encrypted with the same key package The decoder integrated circuit further includes the circuitry necessary for securely receiving, decrypting, and storing one or more key packages, which is preferably based on commonly available public/private key cryptography methods utilizing session keys for secure transmission of key packages
The decoder integrated circuit is housed in an integrated circuit package within the playback device The decoder integrated circuit handles the software transactions between the playback device and a kiosk The integrated circuit may be implemented using gate array, standard cell or custom chip technology False interconnects and false circuitry may be used to obscure the decoder circuit operation to thereby make it more difficult to reverse engineer the decoder circuit and determine the secret instruction set As will be discussed in greater detail below, the playback device may be a PC, a television, or a standalone device Because the decrypted key package is not transmitted outside of an integrated circuit device, the security of the corresponding data package is thereby greatly advanced As illustrated in figure 5A-5C, the decoder integrated circuit 530 includes a playback device key generator 532, a playback device algorithm decoder 534, a non-volatile key storage memory 536, a playback device decryption engine 538 and a data port 540 The kiosk or distribution center 544 includes a distribution center key generator 546, an distribution center algorithm decoder 548, non-volatile key memory 550, a distribution center key encoder 552, and a data store 554 A central database or server 556 includes a data source database 558, a data key generator 560, an algorithm database 562, a data encryption engine 564, and a central database key encoder 566
The decoder integrated circuit 530 is used to receive an encrypted data file, decrypt the file, then deliver the file in a form which can be utilized for playback In the embodiment illustrated in figure 5A-5C, the playback device is a handheld use- specific stand-alone device, such as an MP3 player A stand-alone is a device that is capable of operating without an ASCII keyboard, mouse, or personal computer The stand-alone device may be taken to a kiosk to download the data of choice When the playback device is taken to the kiosk, a communication and download process occurs between the playback device and the kiosk. The following entails the process taken to request a video or audio, then later download the data file securely from the kiosk to the playback device.
In the illustrated embodiment, the central database or server 556 receives, stores and encrypts data, stores encryption and decryption algorithms, and generates key packages. The central database then securely transmits the encrypted data and the key package to the kiosk or distribution center 544 in response to a user or administrator request. The data source database 558 stores data to be encrypted and downloaded. The data may be video or audio in the form of MPEG, MP3, WAV, or other video or audio file format. The algorithm database 562 stores the program code used to encrypt the data to be downloaded as well as the program code used for the key packages. Various decryption algorithms for the data and key packages are stored in the database to be utilized as needed. For example, a video file may be encrypted and decrypted using different algorithms than those used to encrypt and decrypt audio file. There may also be multiple algorithms for video and multiple algorithms for audio, as well as algorithms utilized by the many different key lengths. The type of algorithm used may be randomly selected for each content being encrypted. In addition, as previously discussed, the data decryption algorithm is coded using a secret instruction set corresponding to the decryption engine processor. Advantageously, because different algorithms are used to encrypt data, someone intercepting the encrypted data will have a more difficult time breaking the encryption as even the encryption type is unknown to the interceptor.
The data encryption engine 564 utilizes an encryption algorithm 506 from the algorithm database 562, a media content file 502 from the data source database 558, and a data key 504 and encrypts the data file package 512. The encrypted data package 512 further includes a file ID 576 and the encrypted content media 578. The encrypted data package 512 is preloaded to the kiosk 544 or upon request. The key encoder 566 loads the data decryption algorithm 506 from the algorithm database 562. The kiosk public key 508 is then transmitted by a kiosk key generator 546 to the central server key encoder 566 and creates a key package 510 for the kiosk. The key package 510 includes a data key 568, a data decryption algorithm 570, and may further include a file ID 572 and usage information 574, including number of times used and number of authorized uses remaining. Initially at the kiosk, a private key 514 is provided to the algorithm decoder 548 by the key generator 546. Within the algorithm decoder 548, the private key 514 is applied to decode the key package 510 transmitted by the server key encoder 566. The decrypted key package 516 is then stored in the non-volatile key memory 550 until a request is made by a user for a particular data file.
When a request is made for a file, several processes are performed. When the user connects the playback device 528 to the kiosk 544, and the user selects what data is to be downloaded, the kiosk 544 transmits a ready signal to the playback device 528. The decrypted key package 516 is then read by the kiosk key encoder 552. At this time, a public key 518 is transmitted from the decoder IC key generator 532 to the kiosk key encoder 552 to re-encode a unique key package 520 for the playback device 528. Public-key cryptography standards developed by RSA Data Security or the like may be used to define the public and private key package. Once the key package 520 has been encoded, it is loaded to the playback device algorithm decoder 534. Because the decryption algorithm is coded using a secret instruction set, even if the encrypted key package is intercepted and decrypted, the algorithm cannot be used to access the associated data content without using a decoder, such as the decoder integrated circuit illustrated in Figure 5A-5C, capable of executing the secret command set.
The algorithm decoder 534 decrypts the key package utilizing a private key 522 generated by the decoder IC key generator 532 and saves it in the non-volatile key storage memory 536. Then, the encrypted data 524 stored in the kiosk data store 554 is loaded to the playback device data store 542. The user then removes the playback device from the kiosk. When the user commands the playback device to playback the encrypted data, the decryption engine 538 reads the encrypted data 512 from the playback device data store 542 through the data port 540 and reads the decrypted key package 524 from the nonvolatile key storage memory 536. The decryption engine 538 then decrypts the encrypted data package 512 using the key package 524. Finally, the decrypted data 580 is transmitted to a digital-to-analog converter 582 to transform the decrypted digital media 580 to analog signals for output 526. By outputting only analog representations of the audio and/or video data, potential copiers are thereby prevented from making perfect copies of the decrypted digital version of the audio and/or video data.
In another example, a personal computer or television with an appropriate setup box or internal circuitry may be configured as both a kiosk and a playback device with the addition of the appropriate hardware containing the decoder integrated circuit. For example, the decoder integrated circuit may be mounted on the motherboard or may be on a separate board located on the back panel slots of the personal computer. The personal computer would appropriate as similarly described above.
Although this invention has been described in terms of certain preferred embodiments, other embodiments that are apparent to those of ordinary skill in the art are also within the scope of this invention. Accordingly, the scope of the present invention is intended to be defined only by reference to the appended claims.

Claims

WHAT IS CLAIMED IS:
1. A method of decrypting data within a playback device using a decoder contained within an integrated circuit, the method comprising: generating a first public key and a first private key using a key generator contained within the decoder; transmitting the first public key to a data kiosk, wherein the data kiosk is used to store data intended to be downloaded to playback devices; receiving from the kiosk an encrypted first key package including the first public key and a first decryption algorithm, wherein the first decryption algorithm includes instructions from a secret instruction set; receiving from the kiosk an encrypted first data package, wherein the first data package is decryptable using the first decryption algorithm; decrypting within the decoder the first encrypted key package using the first private key resulting in at least a decrypted first decryption algorithm; executing the decrypted first decryption algorithm using a decryption engine within the decoder, the decryption engine having the secret instruction set, to decrypt the first data package; generating a second public key and a second private key using the key generator; transmitting the second public key to the data kiosk; receiving from the kiosk an encrypted second key package including the second public key and a second decryption algorithm, wherein the second decryption algorithm includes instructions from the secret instruction set; receiving from the kiosk an encrypted second data package, wherein the second data package is decryptable using the second decryption algorithm; decrypting within the decoder the second encrypted key package using the second private key to produce at least a decrypted second decryption algorithm; and executing the decrypted second decryption algorithm using the decryption engine to decrypt the second data package.
2. The method of Claim 1 , wherein the first key package includes an identifier associated with the first data package.
3. The method of Claim 1 , wherein the first data package includes video data.
4. The method of Claim 1 , wherein the first data package includes audio data.
5. The method of Claim 1 , further comprising generating analog video signals using an digital-to-analog converter contained within the decoder.
6. The method of Claim 1, wherein the first decryption algorithm uses a first key length and the second decryption algorithm uses a second key length.
PCT/US2002/006949 2001-02-27 2002-02-27 Method to control the transmission and use of digital information over a computer network WO2002069562A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US79431201A 2001-02-27 2001-02-27
US09/794,312 2001-02-27

Publications (2)

Publication Number Publication Date
WO2002069562A1 true WO2002069562A1 (en) 2002-09-06
WO2002069562A8 WO2002069562A8 (en) 2004-06-03

Family

ID=25162294

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/006949 WO2002069562A1 (en) 2001-02-27 2002-02-27 Method to control the transmission and use of digital information over a computer network

Country Status (1)

Country Link
WO (1) WO2002069562A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2014092B1 (en) * 2006-04-28 2014-09-17 Sony Ericsson Mobile Communications AB Control of mobile television broadcast signals from broadcaster

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5909638A (en) * 1996-08-06 1999-06-01 Maximum Video Systems, Inc. High speed video distribution and manufacturing system
US5926624A (en) * 1996-09-12 1999-07-20 Audible, Inc. Digital information library and delivery system with logic for generating files targeted to the playback device
US6170060B1 (en) * 1997-10-03 2001-01-02 Audible, Inc. Method and apparatus for targeting a digital information playback device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5909638A (en) * 1996-08-06 1999-06-01 Maximum Video Systems, Inc. High speed video distribution and manufacturing system
US5926624A (en) * 1996-09-12 1999-07-20 Audible, Inc. Digital information library and delivery system with logic for generating files targeted to the playback device
US6170060B1 (en) * 1997-10-03 2001-01-02 Audible, Inc. Method and apparatus for targeting a digital information playback device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2014092B1 (en) * 2006-04-28 2014-09-17 Sony Ericsson Mobile Communications AB Control of mobile television broadcast signals from broadcaster

Also Published As

Publication number Publication date
WO2002069562A8 (en) 2004-06-03

Similar Documents

Publication Publication Date Title
KR100798199B1 (en) Data processing apparatus, data processing system, and data processing method therefor
US6367019B1 (en) Copy security for portable music players
US8627415B2 (en) System and method for secure commercial multimedia rental and distribution over secure connections
CN100480947C (en) Conditional access to digital rights management conversion
US7376624B2 (en) Secure communication and real-time watermarking using mutating identifiers
US7233668B2 (en) System and method for a commercial multimedia rental and distribution system
US7440574B2 (en) Content encryption using programmable hardware
US6684198B1 (en) Program data distribution via open network
US20060173787A1 (en) Data protection management apparatus and data protection management method
US20060031175A1 (en) Multiple party content distribution system and method with rights management features
US20120102575A1 (en) Digital content delivery system and method
KR20010086038A (en) Data providing system and method therefor
JPH10301904A (en) Cryptographic system provided with decoding key made into transaction code
JP2001175606A5 (en)
EP1166562B1 (en) Digital content delivery system and method
TW200410540A (en) Validity verification method for a local digital network key
CA2462676C (en) Apparatus and method for accessing material using an entity locked secure registry
JP2001350727A (en) Contents distribution system
WO2002069562A1 (en) Method to control the transmission and use of digital information over a computer network
JP2005056234A (en) Information processing apparatus, information storage device, information processing method, and computer program
JP2001094549A (en) Data providing system and its method
JP2001094557A (en) Data providing system and its method, data providing device, and data processor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC OF 081203

CFP Corrected version of a pamphlet front page
CR1 Correction of entry in section i

Free format text: IN PCT GAZETTE 36/2002 DUE TO A TECHNICAL PROBLEMAT THE TIME OF INTERNATIONAL PUBLICATION, SOME INFORMATION WAS MISSING UNDER (81). THE MISSING INFORMATION NOW APPEARS IN THE CORRECTED VERSION

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP