WO2003005174A1 - Consumption of digital data content with digital rights management - Google Patents
Consumption of digital data content with digital rights management Download PDFInfo
- Publication number
- WO2003005174A1 WO2003005174A1 PCT/IB2002/002601 IB0202601W WO03005174A1 WO 2003005174 A1 WO2003005174 A1 WO 2003005174A1 IB 0202601 W IB0202601 W IB 0202601W WO 03005174 A1 WO03005174 A1 WO 03005174A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal
- content
- computer
- digitally signed
- signed data
- Prior art date
Links
- 238000000034 method Methods 0.000 claims abstract description 58
- 238000009877 rendering Methods 0.000 claims abstract description 47
- 238000012545 processing Methods 0.000 claims description 23
- 238000004891 communication Methods 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims 20
- 230000006870 function Effects 0.000 description 8
- 238000007726 management method Methods 0.000 description 8
- 101100207325 Arabidopsis thaliana TPPE gene Proteins 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000010076 replication Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000013479 data entry Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1014—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
- H04N21/63345—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
Definitions
- the present invention relates to the consumption of content, particularly although not exclusively the distribution, rendering and decryption of content having digital rights such as copyright therein.
- content such as video, audio or textual data is consumed by a user via a terminal such as a rendering machine.
- a rendering machine transforms the data defining the content into a form which may be interpreted by a user's senses.
- content in the form of video may be rendered on a visual display unit or monitor
- audio content may be rendered by a stereo system and a printer used to render textual content, to name but a few examples.
- a number of steps will take place in rendering the data to a form suitable for interpretation by a user's senses.
- FIG. 3 A particularly favored approach (Fig. 3) is to provide each rendering machine 2 with a globally unique tamperproof identity 4 and to incorporate a Digital Rights Management (DRM) engine 6 into the device 2. Subsequently, content stored in encrypted form on the device 2 may be unlocked only where license conditions, including a requirement to confirm that the globally unique identity 4 of the device 2 matches a set of binding attributes in the license, are met.
- DRM Digital Rights Management
- a method of decrypting content stored on a terminal comprising obtaining a license comprising a content decryption key and a set of binding attributes, the attributes including a public key; establishing a communication link between the terminals; receiving digitally signed data on the communication link at the terminal from the one other terminal; verifying at the terminal the digitally signed data utilizing the said public key; and wherein the terminal in response to verification of the digitally signed data using the content decryption key to decrypt the content.
- ⁇ QQQ7 By binding content to a consumer identity, preferably in the form of an asymmetric key-pair, with a private key held in a Personal Trusted Device (PTD) of the user, the content is no longer bound to a particular terminal such as a rendering machine. As a result, the consumer is able to enjoy content in any suitable rendering machine wherever the consumer is able to prove the consumer's identity through the presence of the consumer's personal trusted device or more particularly through the presence of the consumer's private key on a secure tamperproof security element accessible to a protected processing environment (PPE) of the consumer's personal trusted device.
- PPE protected processing environment
- Such a PPE provides functions including the ability to digitally sign data e.g. text, for the purposes of authentication.
- a terminal for rendering encrypted content comprising a storage for the encrypted content and a license containing a content decryption key and a set of binding attributes, the attributes including a public key; a protected processing environment; a personal area network interface which establishes a ⁇ ommunication link between the terminal and at least one other terminal and which delivers digitally signed data received from the other terminal to the protected processing environment; and wherein upon successful verification of the digitally signed data using the public key, the protected processing environment decrypts the encrypted content using the content decryption key.
- the protected processing environment includes a digital rights management engine operable in accordance with the set of binding attributes.
- a license creation method for facilitating the decryption of content on a terminal, the method comprising appending a set of binding attributes to a content decryption key wherein the binding attributes include a public key certificate obtained from a repository holding a public . key certificate of a licensee with a corresponding private key being held on another terminal.
- the license creation method is most conveniently under the control of the content provider or a party authorized thereby.
- the content provider should be able to verify the identity of those customers to whom the content provider provides access to encrypted content in the form of a license. Such verification of identity may be carried out by authenticating those certificates obtained from the repository with the relevant certification authority.
- the public key certificate may be stored at the terminal or alternatively access to the public key certificate may be obtained by the terminal by storing a URL at the terminal, which is an alias to a network address at which the public key certificate may be retrieved by the terminal for rendering the content.
- the use of the URL decreases the storage requirements for data at the terminal significantly. Consequently, the URL at which the public key certificate may be retrieved may be stored in the terminal so that the terminal merely fetches the public key certificate when necessary.
- the content provider is able to assess a level of trust in each customer based on the results of verification of the digital signature and the nature of the certification authority. This level of trust may be utilized by the content provider in determining what rights, if any, should be given in the license. Such rights may conveniently be stored in a voucher attached to the license or alternatively the content.
- the DRM engine of a terminal is able to parse the voucher and act in accordance with any restrictions set by the content provider or owner in terms of the granted rights.
- the content or license is locked unless the right voucher is available.
- the license may include a plurality of binding attributes which may allow content to be rendered by corresponding user identities.
- the content provider may establish different conditions to the rendering of the content as parsed from a corresponding voucher by a DRM engine of a terminal. Different user or device specific conditions, e.g. preferences or profiles may be established.
- the license may only be delivered to a user on payment of a fee for example, advantageously, it may only be utilized to access content provided the relevant binding attributes can be satisfied, namely through the above described mechanism. Consequently, the license is freely transferable over a network or indeed on any insecure channel.
- the invention further is a method of distributing encrypted content to a terminal comprising delivering encrypted content and a license relating thereto to a terminal, the license containing binding attributes corresponding to a user identity, and requesting authentication of the attributes by a personal trusted device.
- the personal trusted device may be utilized to authenticate the attributes of a license regardless of the particular platform on which the content is to be rendered, provided the requisite communication can be established.
- the rendering device and trusted device can be different which allows a free roaming voucher to be utilized.
- a terminal which renders encrypted content in accordance with the invention includes a storage for the encrypted content and a license, the license containing a content decryption key and a set of binding attributes, the attributes including a public key; a protected processing environment; a communication link between the terminal and at least one other terminal which delivers digitally signed data from the other terminal to the terminal; a digital rights management engine disposed in a non-secure part of the terminal; and a digital rights management agent disposed within the protected processing environment which verifies if the digitally signed data is signed by a licensee of the encrypted content and upon verification, uses the content decryption key to decrypt the encrypted content.
- the storage may be unprotected; and the digital rights management engine may decrypt the set of binding attributes to determine if the encrypted content is licensed to be decrypted and if the encrypted content is authorized to be decrypted signals the digital rights management engine to render the content.
- the personal area network interface may issue a request to the other terminal to provide the digitally signed data.
- An encrypted part of the license may include a user identity certificate issued and digitally signed by a certification authority which permits a licensor of the content to establish a level of trust in a licensee of the content.
- An encrypted part of the license may include a URL which is an address at which a user identity certificate was issued and a digitally signed by a certification authority may be obtained which permits a licensor of the content to establish a level of trust in a licensee of the content.
- FIG. 1 is a diagrammatic representation of encrypted content and associated attributes or business rules helpful for use in understanding the present invention
- FIG. 2 is a diagrammatic representation of an encrypted license in accordance with one aspect of the present invention
- Fig. 3 is a schematic view of a prior art content rendering system
- Fig. 4 is a schematic view of a content rendering system according to a further aspect of the present invention
- FIG. 5 is a diagrammatic view of a personal trusted device of Fig. 4;
- Fig. 6 is a diagrammatic view of a rendering machine of the system of Fig. 4;
- FIG. 7 is a schematic view of the system of Fig. 4;
- Figs. 8a to 8d are examples of screen displays of the rendering machine of Fig. 6;
- FIG. 9 is a flow chart illustrating a method according to a still a further aspect of the present invention.
- FIG. 10 is a diagram of an embodiment of a rendering machine having high security against obtaining the encrypted content stored therein without appropriate authority which does not require substantial data storage capability;
- Fig. 11 illustrates one form of a voucher stored in the unprotected storage of Fig. 10;
- Fig. 12 illustrates one form of the content stored in the unprotected storage of Fig. 10.
- Like reference numerals identify like parts throughout the drawings. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS OF THE INVENTION
- content 1 for delivery to a terminal hereinafter referred to as a rendering machine is, in this case, packaged together with a voucher 3 defining a set of conditions, (e.g. business rules) applying to the rendering of that content 1.
- the conditions may describe the technical requirements for rendering the content 1 and/or additional data such as copyright and distribution rights information.
- the entire package of content and metadata (data about data) is protected against unauthorized access by a symmetric encryption key 5.
- the strength of the symmetric encryption technology is at least 128 bits and a suitable symmetric encryption algorithm may be without limitation that set out in the Advanced Encryption Standard (AES) draft proposal for a Federal Information Processing Standard (FIPS) dated February 28, 2001 which is incorporated herein by reference in its entirety.
- AES Advanced Encryption Standard
- FIPS Federal Information Processing Standard
- the license 7 comprises encrypted 9 and unencrypted 11 portions.
- the unencrypted portion 11 which identifies the licensee, incorporates additional data identifying the content 1 to which it relates.
- the encrypted portion 9 of the license 7 contains a symmetric content key 13 and a set of binding attributes 15.
- the key 13 enables access to the corresponding content 1 while the binding attributes 15 relate to user identification data which will be elaborated upon below.
- the encrypted portion 9 of the license 7 is manipulated by those external services required to manipulate the license and the corresponding content 1 such as those services provided by the DRM engine and exemplified by certain further security aspects of the aforementioned Wireless Application Protocol Identity Module specification.
- the encryption key pair including public key 17 of a key pair used to protect the above-described encrypted portion 9 of the license 7, preferably utilizes asymmetric encryption techniques.
- the public key 17 and the corresponding private key 91 are used to open the encrypted portion 9 at step (A) to access the symmetric content key 13 required at step (C) to unlock the encryption 5 of the content 1.
- the key pair comprising the public key 17 and private key 91 protecting the encrypted license portion is generated by or on behalf of a content provider and remains under the content provider's control, in particular, the content provider is able to control to whom the license 7 is delivered. Typically, delivery of the license 7 will be contingent on payment of an appropriate fee or the like.
- FIG. 4 With reference to Fig. 4, there is shown a plurality of content rendering machines 19a, 19b, 19c and a number of Personal Trusted Devices (PTD) 21a, 21b, 21c.
- the plurality of content rendering machines 19a, 19b, 19c includes both portable and fixed equipment.
- the rendering machines 19a, 19b, 19c need not be of the same ownership as any or all of the PTDs 21a 21b, and 21c.
- Each PTD 21a, 21b and 21c has a networking capability used to communicate with a rendering machine.
- a capability is provided by a Personal Area Network (PAN) through the provision of one or more technologies from the following non-exhaustive list, namely wireless connectivity such as Infra Red, Low Power Radio Frequency (LPRF) such as e.g. Bluetooth and wired connectivity such as parallel port, serial port, USB, IEEE 1394 and the like.
- LPRF Low Power Radio Frequency
- the extent of each PAN is shown by respective chain lines 23a, 23b, 23c.
- the PAN may overlap as shown.
- the PAN capability is interfaced with the known functionality of a mobile terminal as is well known to those skilled in the art.
- each of the PTDs 21a, 21b and 23c includes a display 29, a data entry device such as a keypad 31, a transceiver 33, an antenna 35, a general memory 37, a controller 39 and the aforementioned connectivity provided by a wireless interface 25 and wired interface 27.
- the PTD 21 is provided with audio/video outputs 41 as well as a headphone jack 43, a speaker 45 and a microphone 47.
- the general memory 37 includes Read Only and Random Access portions (ROM and RAM) 49 and 51 respectively and provides storage for the code necessary to implement the PAD 21 functions and storage for data which has been generated, received or otherwise utilized by the PTD 21 except to the extent that the function is carried out by or relates to a Protected Processing Environment (PPE) 53.
- PPE Protected Processing Environment
- the PPE 53 of the PTD 21 implements the functions required to provide authentication through a set of services including providing digital signatures and as exemplified by the aforementioned Wireless Application Protocol Identity Module specification (WIM).
- WIM Wireless Application Protocol Identity Module
- the PPE 53 is connected to a Security Element Interface 55 providing a secure access channel to a tamper resistant storage module, hereinafter referred to as a Security Element (SE) 57.
- SE Security Element
- the SE 57 holds private keys, certificates and other personal data belonging to a user.
- the SE 57 inhibits access to the data stored therein by a combination of well-known physical and software barriers.
- the SE (vault) 57 facilitates the storage of a private key forming part of an asymmetric key pair owned by the SE 57 owner which in the event the SE 57 is not a permanent component of the terminal 21 will most probably, but not necessarily, correspond to the owner of the terminal 21 in which the SE 57 is installed.
- the corresponding public key 93 is made available to third parties as a constituent of a user identity certificate 61 issued and digitally signed by a certification authority (CA).
- CA certification authority
- the certificate 61 is stored on a repository (not shown) to which a content provider, amongst others has reading privileges.
- the rendering machines 19a, 19b and 19c of Fig. 4 each have a general architecture shown in Fig. 6 and may have the more specific DRM architecture explained below with reference to Figs. 10-12.
- the user identity certificate 61 in the terminal may alternatively be replaced by storage of a URL 63' which is the address in a network at which the identical user identity certificate 61' may be fetched when the user identity certificate 61 is not present in the terminal.
- the network location 65' at which the user identity certificate 61' may be fetched in any location in any network from which data is available.
- Each rendering machine 19 therefore comprises hardware including a controller 73 and a PAN interface utilizing at least one connectivity option including wireless connectivity 63 such as IR and LPRF and wired connectivity 65 such serial, parallel, USB, IEEE 1394 and the like.
- the PAN interfaces permit the delivery of encrypted content and/or licenses to the rendering machine 19.
- a USB cable 71 may be attached between a portable rendering machine 19a and a PC 67 having a connection to the Internet 69 or an internal CD drive. Encrypted content, such as music, may then be delivered over the cable 71 and stored in the rendering machine 19a for later enjoyment provided the necessary license conditions are met for rendering the content.
- a suitable output 75 illustrated in Fig. 6, is provided for delivering rendered content to an output device 77, such as a monitor, audio amplifier, or the like.
- the rendered content is output through a display 79 and loudspeaker 81'.
- the device 19 further includes a storage in the form of memory 81 provided to accommodate the large volume of data necessary to store encrypted content in the form of video and audio data files, for example.
- the rendering machine 19 further incorporates a Digital Rights Management (DRM) engine 83 which is connected to a Security Element (SE) 85 via a security element interface 87.
- DRM Digital Rights Management
- SE Security Element
- a DRM including a DRM engine and a DRM agent in a PPE which is highly resistant to tampering is described below in conjunction to Figs. 10-12.
- the SE 85 stores at least one license private key 91 necessary to decrypt the license 7, a portion of which is encrypted using the corresponding public key 17 of the license public-private key pair.
- the DRM engine 83 administers the usage of content based on the aforementioned licenses distributed by the content provider.
- Such functionality includes the ability, expanded upon below, by which an identity of a user is verified.
- the SE 85 of the rendering engine 19 has the private license key 91 of a content provider already installed thereon which may be used subsequently at step (A) to decrypt licenses 7 delivered to the rendering machine 19, that are encrypted with the corresponding public key 17 of the content provider.
- a user of the rendering machine 19 may choose to have the encrypted content 1 delivered to the device 19 at which the encrypted content is stored in memory 81.
- an appropriate license 7 must be obtained from the content provider.
- Such a license 7 is delivered with the content 1 or obtained separately over a different channel and/or at different time.
- the license 7 contains a set of binding attributes 15. The attributes 15 are required to ensure that only a user (licensee) party authorized by the content provider extracts the symmetrical key 13 required to decrypt the encrypted content 1 from the license.
- the binding attributes 15 are provided in the form of a Public Key Infrastructure (PKI) user certificate 61 which is representative of the licensee identity.
- the certificate 61 contains a public key 93 of the licensee which is preferably digitally signed by a Certification Authority (CA).
- CA Certification Authority
- the licensor may assess the extent of trust of the certificate of a potential licensee and this may include a determination of the level of trust in the CA and, of course, whether the certificate has been appropriately signed.
- the user of the rendering machine 19 first selects the encrypted content which the user desires to have rendered. Thus, via a user interface (Ul), a list of encrypted content is displayed on the display (Fig. 8a).
- the user selects an encrypted content item from the list and the Ul passes an instruction to the controller 73 which in turn is passed to the DRM engine 83.
- the DRM engine 83 of the rendering machine 19 first searches for a license 7 corresponding to the content for which a request to render has been received by the Ul.
- the DRM engine 83 attempts to match the identity of the encrypted content 1 with the licensee identity data in the exposed portion 11 of any license stored on the device 19. In the event, no license can be found, the DRM engine 83 communicates this to the controller 73 which causes the Ul to display an error message on the display (Fig. 8b). Otherwise, the DRM engine 83 utilizes the licensee's private key 91 at step (A) to unlock the encryption surrounding the content key 13 and binding attributes 15. However, before the content key 13 is extracted during decryption at step (C), the DRM engine 83 first accesses the binding attributes 15, namely the user certificate 61. The user certificate 61 contains a public key 93 of a user to whom a license has been given to render the content 1.
- the DRM engine 83 instructs the controller 73 to commence by polling the local PTDs 21 forming a PAN 23 in which the rendering machine 19 is a member.
- the polling step (B) further contains the instruction to the PTDs 21 within the PAN to digitally sign a randomly generated text with a private key 59 stored in the PTDs SE 57 and returns at step (B 1 ).
- the randomly generated text and corresponding signature is the response to the poll from the rendering machine 19.
- FIG. 9 illustrates the above process in more detail.
- a hashing algorithm 97 generates a one-way hash 99 of a particular part of randomly generated RAND data 101 and then encrypts the one-way hash 99 at step 103 utilizing the user private key 59 stored in the SE 57 to form a digital signature 105.
- the signature 105 and corresponding randomly generated text 101 is received via each device within the PAN 23 and the DRM engine of the rendering machine 19.
- the DRM engine 83 takes the randomly generated RAND data 101 returned from each device 21 and processes the randomly generated RAND data with the same hashing algorithm 97 to form a one way hash 99.
- This hash 99 is compared at 109 with the results of the decryption 107 of the corresponding signature 105 carried out utilizing the public key 93 stored in the certificate 61 forming the binding attributes 15, namely a further one way hash 111.
- the DRM engine 83 does not permit the extraction of the symmetric key 13 necessary to decrypt the encrypted content 1.
- the DRM engine 83 instructs the controller 73 to indicate via the U! that the content cannot be accessed.
- Figs. 10-12 illustrate an embodiment of the DRM engine which is split into two parts which is designed to minimize data storage.
- the DRM engine 100 is unsecured and the DRM agent 102 is secure as a result of being located in a PPE 104.
- CODEC 108 provides analog signals to speaker 110.
- a PPE symmetrical secret key 112 is located in a tamper resistant container 113 which may be fused/laser etched.
- a PPE symmetrical key 114' is associated with a protected store 114 within the PPE 104 which contains a target TDRM private key 116 associated with the DRM engine 100 and a target private key TPPE 118 associated with the PPE 104.
- the unprotected storage 120 stores a voucher 122, for example, as illustrated in Fig. 11 and encrypted content 124 as, for example, illustrated in Fig. 12.
- the DRM voucher 122 includes business rules, content identifications and target device identifications in the same manner as discussed above with respect to Fig. 7.
- the business rules, content identifications and target device identifications are encrypted with a TDRM public key 123.
- the target TDRM public key 123 is the DRM engine public key and the target is the target device for the voucher.
- the content key 126 is used to unlock the content and is normally a symmetrical key.
- the content key 126 is encrypted with a target TPPE public key 128 which is the target PPE engine public key and the target device is the target device for the voucher.
- the content 124 illustrated in Fig. 12 is encrypted with a content key 130 which is typically a symmetrical key.
- the PPE may include additional hardware allowing bootstrapping in a secure manner and may include a verifying signed code.
- the PPE has control of a memory managing unit (not illustrated) to restrict access to certain areas of the memory during operation.
- the CODEC 108 may be disposed outside the application specific integrated circuit (ASIC)/CPU and furthermore, the output data from the CODEC may be from pins at the center of the integrated circuit making access thereto physically difficult. Furthermore, the output lines may run through a center layer of a multi-layered printed circuit board to provide additional protection to unauthorized access. As a result of the location exterior to the ASIC, the CODEC 108 may be removed from the PPE to permit change during the lifetime of the device.
- ASIC application specific integrated circuit
- the PPE 104 includes its own tamper-proof key 112 and includes a secure area for using the protected key making it a secure platform.
- the DRM engine 100 functions as a remote control of the DRM agent 106 in the PPE for reproduction of the content 124.
- This architecture has the advantage that the content 124 is only unprotected inside of the PPE 102 which strongly guards against theft. Therefore, even if the DRM engine 100 is unintentionally or maliciously compromised, all that can be accomplished is to play the content against the business rules within the voucher 122. Moreover, if a DRM engine attack is successful on one terminal, it does not break all of the terminals. [0060] The operation of the terminal 19 in Fig.
- the first step 140 is when the private keys 116 and 118 in the protected store 114 are respectively used to initialize the DRM engine 100 which is unprotected except for its own tamper proof schemes and the DRM agent 106 in the PPE 104.
- the play message step 142 occurs when the user activates the application player reader 144 to play DRM protected content, such as music.
- the play message 142 is sent to the DRM engine 00.
- the voucher 122 is loaded at step 146 into the DRM engine 100 for the content 124 in the unprotected storage 120 which is to be reproduced.
- the DRM engine 100 next, at step 148, decrypts the business rules within the voucher 122 to determine if the requested usage is permitted.
- the DRM engine 100 does not and cannot decrypt the content as it is protected by the TPPE public key (not illustrated), which is contained in the DRM agent 106. Assuming that the business rules are verified by the DRM engine processing 148, at step 150 the DRM agent 106 in the PPE is signalled so that it is considered by the DRM agent to be authorized to play the content 124 which may be music, video, etc. At step 152, the DRM agent 106 in the PPE obtains the voucher 122 from the unprotected storage 120 and decrypts the content key therein using the TPPE private key 118. The DRM agent 106 then opens the content file in the unprotected storage. At step 154, the content stream is decrypted using the content key 126.
- the decrypted content is processed by CODEC 108 where it is converted to analog and transmitted to the external reproduction device such as a speaker 110 when the content is audio.
- the terminal of Fig. 10 has significant attributes.
- the content 124 is never in plain digital form outside the PPE 104.
- the DRM agent 106 in the PPE 104 functions as a decrypting system and contains much less software than putting the entire DRM engine 100 within the PPE. Unauthorized entry into the PPE is very difficult to accomplish. Finally, unauthorized entry into the DRM engine 100 is difficult and at worst, allows multiple playing on a given device, but does not compromise the entire system.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP02741054A EP1412833A1 (en) | 2001-07-06 | 2002-07-01 | Consumption of digital data content with digital rights management |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0116489.6 | 2001-07-06 | ||
GBGB0116489.6A GB0116489D0 (en) | 2001-07-06 | 2001-07-06 | Improvements in and relating to consumption of content |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2003005174A1 true WO2003005174A1 (en) | 2003-01-16 |
Family
ID=9918001
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2002/002601 WO2003005174A1 (en) | 2001-07-06 | 2002-07-01 | Consumption of digital data content with digital rights management |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1412833A1 (en) |
GB (1) | GB0116489D0 (en) |
WO (1) | WO2003005174A1 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004077911A2 (en) * | 2003-03-03 | 2004-09-16 | Sony Ericsson Mobile Communications Ab | Rights request method |
EP1658566A1 (en) * | 2003-09-30 | 2006-05-24 | Inka Entworks, Inc. | A method of synchronizing data between contents providers and a portable device via network and a system thereof |
EP1686757A1 (en) * | 2005-01-28 | 2006-08-02 | Thomson Licensing S.A. | Method for managing consumption of digital contents within a client domain and devices implementing this method |
WO2007018623A1 (en) * | 2005-08-02 | 2007-02-15 | Sony Ericsson Mobile Communications Ab | Methods, systems, and computer program products for sharing digital rights management-protected multimedia content using biometric data |
SG138452A1 (en) * | 2004-05-18 | 2008-01-28 | Victor Company Of Japan | Content presentation |
WO2011029678A1 (en) * | 2009-09-08 | 2011-03-17 | Siemens Aktiengesellschaft | Method for digital rights management in a computer network having a plurality of subscriber computers |
CN113132107A (en) * | 2019-12-31 | 2021-07-16 | 奇安信科技集团股份有限公司 | License encryption method and device, license decryption method and device and equipment |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4683553A (en) * | 1982-03-18 | 1987-07-28 | Cii Honeywell Bull (Societe Anonyme) | Method and device for protecting software delivered to a user by a supplier |
EP0613073A1 (en) * | 1993-02-23 | 1994-08-31 | International Computers Limited | Licence management mechanism for a computer system |
EP0679980A1 (en) * | 1994-04-25 | 1995-11-02 | International Business Machines Corporation | Method and apparatus enabling software trial with computer-dependent identification |
EP0766165A2 (en) * | 1995-08-31 | 1997-04-02 | Fujitsu Limited | Licensee notification system |
WO2000059151A2 (en) * | 1999-03-27 | 2000-10-05 | Microsoft Corporation | Rendering digital content in an encrypted rights-protected form |
WO2000058810A2 (en) * | 1999-03-27 | 2000-10-05 | Microsoft Corporation | Structure of a digital content package |
EP1076279A1 (en) * | 1999-08-13 | 2001-02-14 | Hewlett-Packard Company | Computer platforms and their methods of operation |
WO2001046783A2 (en) * | 1999-12-17 | 2001-06-28 | Microsoft Corporation | System and method for accessing protected content in a rights-management architecture |
-
2001
- 2001-07-06 GB GBGB0116489.6A patent/GB0116489D0/en not_active Ceased
-
2002
- 2002-07-01 EP EP02741054A patent/EP1412833A1/en not_active Withdrawn
- 2002-07-01 WO PCT/IB2002/002601 patent/WO2003005174A1/en not_active Application Discontinuation
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4683553A (en) * | 1982-03-18 | 1987-07-28 | Cii Honeywell Bull (Societe Anonyme) | Method and device for protecting software delivered to a user by a supplier |
EP0613073A1 (en) * | 1993-02-23 | 1994-08-31 | International Computers Limited | Licence management mechanism for a computer system |
EP0679980A1 (en) * | 1994-04-25 | 1995-11-02 | International Business Machines Corporation | Method and apparatus enabling software trial with computer-dependent identification |
EP0766165A2 (en) * | 1995-08-31 | 1997-04-02 | Fujitsu Limited | Licensee notification system |
WO2000059151A2 (en) * | 1999-03-27 | 2000-10-05 | Microsoft Corporation | Rendering digital content in an encrypted rights-protected form |
WO2000058810A2 (en) * | 1999-03-27 | 2000-10-05 | Microsoft Corporation | Structure of a digital content package |
EP1076279A1 (en) * | 1999-08-13 | 2001-02-14 | Hewlett-Packard Company | Computer platforms and their methods of operation |
WO2001046783A2 (en) * | 1999-12-17 | 2001-06-28 | Microsoft Corporation | System and method for accessing protected content in a rights-management architecture |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004077911A2 (en) * | 2003-03-03 | 2004-09-16 | Sony Ericsson Mobile Communications Ab | Rights request method |
WO2004077911A3 (en) * | 2003-03-03 | 2004-11-11 | Sony Ericsson Mobile Comm Ab | Rights request method |
EP1658566A1 (en) * | 2003-09-30 | 2006-05-24 | Inka Entworks, Inc. | A method of synchronizing data between contents providers and a portable device via network and a system thereof |
EP1658566A4 (en) * | 2003-09-30 | 2007-01-03 | Inka Entworks Inc | A method of synchronizing data between contents providers and a portable device via network and a system thereof |
JP2007507788A (en) * | 2003-09-30 | 2007-03-29 | インカエントワークス インク | Method and system for data synchronization with personal portable terminal through network |
SG138452A1 (en) * | 2004-05-18 | 2008-01-28 | Victor Company Of Japan | Content presentation |
EP1686757A1 (en) * | 2005-01-28 | 2006-08-02 | Thomson Licensing S.A. | Method for managing consumption of digital contents within a client domain and devices implementing this method |
FR2881596A1 (en) * | 2005-01-28 | 2006-08-04 | Thomson Licensing Sa | METHOD FOR PROTECTING AUDIO AND / OR VIDEO DIGITAL CONTENTS AND ELECTRONIC DEVICES USING THE SAME |
WO2007018623A1 (en) * | 2005-08-02 | 2007-02-15 | Sony Ericsson Mobile Communications Ab | Methods, systems, and computer program products for sharing digital rights management-protected multimedia content using biometric data |
WO2011029678A1 (en) * | 2009-09-08 | 2011-03-17 | Siemens Aktiengesellschaft | Method for digital rights management in a computer network having a plurality of subscriber computers |
CN113132107A (en) * | 2019-12-31 | 2021-07-16 | 奇安信科技集团股份有限公司 | License encryption method and device, license decryption method and device and equipment |
CN113132107B (en) * | 2019-12-31 | 2023-02-07 | 奇安信科技集团股份有限公司 | License encryption method and device, license decryption method and device and equipment |
Also Published As
Publication number | Publication date |
---|---|
EP1412833A1 (en) | 2004-04-28 |
GB0116489D0 (en) | 2001-08-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7224805B2 (en) | Consumption of content | |
JP5065911B2 (en) | Private and controlled ownership sharing | |
EP1942430B1 (en) | Token Passing Technique for Media Playback Devices | |
US8336105B2 (en) | Method and devices for the control of the usage of content | |
KR100605071B1 (en) | System and method for secure and convenient management of digital electronic content | |
JP4795727B2 (en) | Method, storage device, and system for restricting content use terminal | |
US7620814B2 (en) | System and method for distributing data | |
EP1372317B1 (en) | Authentication system | |
RU2504005C2 (en) | Digital rights management apparatus and method | |
US20040088541A1 (en) | Digital-rights management system | |
US20080260155A1 (en) | Storage Medium Processing Method, Storage Medium Processing Device, and Program | |
Messerges et al. | Digital rights management in a 3G mobile phone and beyond | |
JP2005080315A (en) | System and method for providing service | |
US20080097923A1 (en) | Method and apparatus for providing digital rights management content and license, and method and apparatus for using digital rights management content | |
KR20050020165A (en) | Method for Sharing Rights Object Between Users | |
KR20030027066A (en) | Device arranged for exchanging data, and method of authenticating | |
KR20050123105A (en) | Data protection management apparatus and data protection management method | |
JP2009530917A (en) | A federated digital rights management mechanism including a trusted system | |
JP2003530599A (en) | System and method for controlling and exercising access rights to encrypted media | |
US8417937B2 (en) | System and method for securely transfering content from set-top box to personal media player | |
WO2004064318A1 (en) | Content reproduction device, license issuing server, and content reproduction system | |
JPH1131130A (en) | Service providing device | |
JP2000113048A (en) | Contents receiver group and ic card to be used for the same | |
GB2404828A (en) | Copyright management where encrypted content and corresponding key are in same file | |
JP4673150B2 (en) | Digital content distribution system and token device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG UZ VN YU ZA ZM ZW Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ CZ DE DE DK DK DM DZ EC EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SK SL TJ TM TN TR TT TZ UA UG UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2002741054 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2002741054 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |