WO2006000967A1 - System for transaction of digital content - Google Patents

System for transaction of digital content Download PDF

Info

Publication number
WO2006000967A1
WO2006000967A1 PCT/IB2005/051999 IB2005051999W WO2006000967A1 WO 2006000967 A1 WO2006000967 A1 WO 2006000967A1 IB 2005051999 W IB2005051999 W IB 2005051999W WO 2006000967 A1 WO2006000967 A1 WO 2006000967A1
Authority
WO
WIPO (PCT)
Prior art keywords
treasure box
digital
digital items
server
treasure
Prior art date
Application number
PCT/IB2005/051999
Other languages
French (fr)
Inventor
Paulus A. B. M. Coebergh Van Den Braak
Geert J. Schrijen
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2006000967A1 publication Critical patent/WO2006000967A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • the present invention relates to computer systems and methods for distributing digital content, for example as in transaction technology and encryption technology.
  • it relates to a system and method for selling and delivering digital desirable items to consumers for the consumers to build and keep collections or personal sets of digital desirable items.
  • the "cooler" the items are the greater the desire becomes to be part of such a social interaction and the greater the willingness of children and their parents to spend money on it.
  • the collecting and trading behavior is part of the social positioning of young individuals in a group and gives opportunities for personal expression, and for both showing off and developing personal skills (e.g. negotiation, economics). Items obtain a value when they correspond with "hot” hypes such as the latest movie, popular music artist, branded clothes, sport champions and TV programs. Furthermore, they can be made more valuable or attractive when they posses certain properties that empower the owner in some manner or if they only exist in a limited number.
  • Pokemon provides a good example: it was associated with a game of having to find all Pokemon creatures, and possessing one helps to find others.
  • Digital items - Digital item preferably relates to collectible objects or characters and similar types of entities that have been digitized.
  • the digital items may also refer to the digital representation or description of such digital items and the digital items may also be referred to as Digital Desirable Items or DiDIs.
  • Treasure box - A treasure box or token may be a small electronic device comprising memory etc.
  • Application options - Application options that a customer can use or enjoy.
  • a computer system comprising a server for storing digital items in a database, an intermediary electronic device for downloading the data representing the digital items stored on the database, at least a first treasure box for receiving and storing the data representing the digital items accessed from the database by the intermediary electronic device, said computer system being programmed to: send a treasure box ID from the treasure box to the server for validation of the treasure box ID, transfer data between the treasure box and the intermediary electronic device in response to the validation of the treasure box ID, and altering the data representing the digital items stored in the treasure box in response to instructions originating from the server.
  • a system offering conditional access to multi-media information and entertainment facilities by individuals in a networked digital system comprises at least one treasure box for storing personal sets of digital items, communication means between the networked digital system and the at least one treasure box, authentication means for authenticating the treasure box upon a request from the treasure box to achieve access to the multi-media information and entertainment facilities and/or to obtain digital items from the networked digital system or from peer users - determination means for determining a scope of access for the individual to the multi-media information and entertainment facilities based on a composition of the personal set of digital items.
  • a treasure box for storage of digital items and for use in a computer system according to the first aspect of the invention, the treasure box comprises a memory for storage of the digital items and a unique code, a processor for management of the digital items, and a data communication interface.
  • a method for secure transaction of data representing a collection of digital items via a network comprises the steps of: establishing a secure connection between the treasure box and the server through an intermediary electronic device, - identifying the first treasure box to the server, and transferring the data representing a collection of digital items from the server to the treasure box.
  • a method for conditional accessing multi- media information and entertainment facilities by individuals in a networked digital system comprises building and keeping personal sets of digital items on a treasure box by - obtaining digital items from the networked digital system in response to a counter performance, and - trading digital items with peer users, determining a scope of access for the individual to the multi-media information and entertainment facilities based on a composition of the personal set of digital items, wherein transfer and storage of the personal set of digital items is secured by use of a digital rights management system.
  • the present invention thus allows for the collection of digital items on any kind of electronic storage device, such as in a treasure box.
  • an identification means is provided to the treasure box, so as to allow for authentication of the treasure box before a digital item for collection is provided from a server to the treasure box.
  • the authentication may be a check of compliance or originality of the treasure box and thus ensure that the treasure box behaves according to the rales so that for example a treasure box will delete the digital item locally if it is transferred to another treasure box, etc.
  • the check of compliancy could include the check of a digital certificate (issued by some trusted party) that indicates that the treasure box is compliant.
  • An additional certificate revocation mechanism may be applied to revoke certificates from treasure boxes that are not compliant anymore.
  • the transferring of data from the server to the treasure box may comprise a check of allowability to download the specific digital item, i.e. check if a counter- performance has been performed in return for the digital item, such as e.g. if a valid payment for the item has been performed.
  • the digital items may be associated with or comprising rich features, applications and options, e.g. in the form of interactivity or audiovisual features that may be linked to either a single digital item or to a collection of items.
  • Individuals may furthermore be offered a, preferably conditional, access to audio-visual infotainment services, such as digitized objects/characters, multi-media information and entertainment facilities, the conditional access being determined by the possession of corresponding digital items.
  • the collection of digital items i.e. the personal set of digital items, may be connected with gaming so that certain objects/elements of the game are only obtainable by owning the corresponding digital items, the digital items giving access to special weapons, recovery possibilities, etc. and thus give gaming an extra dimension of fun and excitement.
  • the storage of the digital items in a treasure box makes it easy to keep track of the digitized objects, such as the DiDIs, and to carry and store them in an efficient, easy to handle way.
  • the presentation of the digital objects may also be made attractive and preferably also individualized. It is further an advantage achieved by the present invention to provide a system for selling infotainment-related data such as DiDIs created by content providers.
  • the digital items may also be referred to as Digital Desirable Items or DiDIs and may preferably be digitized objects or characters comprising at least one application option as will be described later.
  • the digital items are preferably the content to be collected by customers by use of the system and method described in the invention.
  • the digital items may be DiDIs that may be stored in encrypted form on a server or on a storage device such as a treasure box described below. Thus they may be obtained from the web preferably via a home computer or another electronic device able to communicate and transfer data by wire or wireless.
  • digital items may be traded with peers either via the home computer and the web, or optionally via other supportive means such as mobile phones, TVs, Game consoles, PDAs, dedicated devices and similar apparatus or between treasure boxes.
  • the digital items may be classified into groups comprising a number of digital items. Preferably each digital item in a group is assigned an individual ID number. Each group may preferably constitute a specific domain. For example Donald Duck may be classified into the Disney group, the Disney group would preferably constitute a domain. Donald Duck within the Disney group preferably have an individual ID number which may be a position in a string or any other number which makes it possible to differentiate this digital item from other digital items. Each digital item, also within a group, may have a specific individual ID number that preferably not relates to a position in a string. Digital items may hold the middle between Audio/Video content, computer games and software applets in that they preferably share properties with each of these, but are not equal to any of them.
  • digital items may be more advanced than only Audio/video content, and they may share properties from many different areas, including audio, videos, pictures, applets etc.
  • the digital items, DiDIs are not editable by a consumer.
  • duplication or creation of a digital items may be performed.
  • One such case could for example be two characters which are able to produce a new one, such as in role games, two parent characters digital items may be able to give birth to a new character, child character digital item. By having this function an owner of a treasure box may be able to breed new species.
  • the breeding of a new digital item is controlled by the server that alters the data on the treasure box, thus adds the child . digital item to the collection.
  • the breeding of new species may be dependent on a counter ⁇ performance.
  • the server for storing digital items in a database may be a server connected to a network or it may be another treasure box. This other treasure box may comprise the intermediary electronic device.
  • the network or the networked digital system may be any public or private network and is in a preferred embodiment the Internet.
  • the digital items stored electronically may in this case be shown to others via the internet and thus provide a system for connecting people all over the world sharing a similar interest.
  • the treasure box may be any storage device for storage of digital items or representations of digital items.
  • the treasure box may further comprise information processing means and a means for communication.
  • the treasure box may be a memory device comprising read/write and erase functions and further comprising means for authentication, such as a 'dongle'-type small electronic device.
  • the treasure box is adapted to be connected to the server, by wiring, direct insertion of the treasure box in a port of the computer, e.g. a USB port, or by a wireless connection, using e.g. infra red, NFC, etc.
  • the digital items or the representation of the digital items are linked or stored in such a way that application options empowered by a digital item may be expressed.
  • the physical dimensions of the treasure box are preferably a size, rendering it easy to carry and to fit into pockets.
  • the means for authentication may comprise hardware to execute cryptographic operations (e.g. encryption) and memory to store cryptographic keys, some processing power and a communication interface.
  • the means for authentication is a part of a digital rights management system (DRM).
  • DRM digital rights management system
  • the treasure box comprises at least one data interface for being able to communicate with other storage means, such as other servers and/or other treasure boxes or other electronic devices such as mobile phones, PDAs, computers, etc.
  • Each treasure box preferably comprises an ID, identification means, in order to distinguish it from other treasure boxes.
  • a treasure box being manufactured legally and comprising identification means identifying the treasure box may be referred to a as a valid treasure box.
  • Any check for authentication may comprise a check as to whether the identification means are undisturbed, that is whether any changes of code have been performed.
  • the treasure box ID is in the simplest embodiment an identity value of the treasure box that the server may use for making a certificate that links the representation of the digital items present in the treasure box to this identifier.
  • the computer system may be programmed to authenticate the treasure box to the server, and this may be the first step in setting up a Secure Authentication Channel.
  • the altering of the data preferably means that the server either adds or removes the right of a certain digital item in a treasure box. This may be done by changing the value at a position in a string from 1 to 0 or 0 to 1 depending on whether the right is removed or added or it may be done by adding/removing the entire digital item to/from the treasure box. Furthermore, when collecting and trading digital items, multiple units of the same DiDI may be present in one treasure box, so that e.g. a "1" indicate the presence of one DiDI of a specific type and N, N > 1, indicates that N DiDI of a specific type are present in the treasure box. This may also be implemented in a string principle by allocating more bits to the number of items present.
  • digital items may be transferred between two treasure boxes, and in this embodiment it is preferred that one of the treasure boxes alters the data on the other treasure box.
  • the treasure boxes comprise a program for altering of the data.
  • the server may act as a broker and alter the data on both treasure boxes.
  • the server preferably comprises a program for altering of the data.
  • the intermediate electronic device is an electronic device such as a computer, a mobile/cellular phone, PDA, mp3 player or similar.
  • the digital items may be linked to the treasure box. For example, this may be done by taking up an identifier ID of the treasure box into a certificate, so that the ID is signed together with the collection or representation.
  • the server may link digital items to the treasure box by having a corresponding processor issuing a digitally signed message or digital certificate preferably comprising at least an identifier of the treasure box and a description of the collection of digital items.
  • the computer system may furthermore comprise a second treasure box wherein the first treasure box upon a counter-performance sent to the second treasure box is able to download and store data representing a digital item stored in the second treasure box.
  • the data relating to a digital item in the second treasure box is removed when it is transferred to the first treasure box.
  • the second treasure box may alter the data on the first treasure box.
  • the treasure boxes may comprise a program for altering other treasure boxes.
  • At least a second treasure box may be provided so that digital items are transferable directly between the at least first and the at least second treasure box, and wherein a digital item transferred from the at least first treasure box to the at least second treasure box is deleted from the first treasure box upon transfer of the digital item.
  • the transfer and storage of digital items can be secured by applying a digital rights management system (DRM), for example in that the transfer of a digital item comprises the steps of having the at least first treasure box authenticating the at least second treasure box, and vice versa, and having the at least first treasure box checking the compliancy of the at least second treasure box and vice versa.
  • DRM digital rights management system
  • the transfer of a digital item comprises the steps of having the at least first treasure box authenticating the at least second treasure box, and vice versa, and having the at least first treasure box checking the compliancy of the at least second treasure box and vice versa.
  • a Digital Rights Management (DRM) system may be implemented with the treasure boxes to protect the digital items present in the treasure boxes and to enforce correct transferring of the digital items between treasure boxes, and between treasures boxes and servers.
  • a counter performance from the at least second treasure box may be required to allow transfer of a digital item from the at least first treasure box to the at least second treasure box.
  • a server may act as a broker and alter the data on both treasure boxes.
  • both the first and second treasure box preferably should authenticate to the server.
  • the treasure box may further comprise a cryptographic key for encryption of a message received from an electronic device such as a computer, treasure box, PDA, mobile phone etc.
  • the treasure box may comprise a cryptographic key for use in a challenge- response authentication protocol with an electronic device such as a computer, treasure box, PDA, mobile phone etc. or other electronic device usable in connection with the invention.
  • an electronic device such as a computer, treasure box, PDA, mobile phone etc. or other electronic device usable in connection with the invention.
  • the electronic device may be interpreted as the intermediary electronic device.
  • the treasure box preferably comprises cryptographic functionality and/or hardware to do cryptographic computations.
  • the message received from an electronic device is a challenge.
  • the challenge may be encrypted with the cryptographic key and this forms the response.
  • the response is preferably sent back to the electronic device and may serve as a proof of authentication.
  • a challenge response system preferably a password or key does not have to be sent over the network.
  • a challenge response system may be more secure since the challenge/response may be different every time.
  • digital items are not automatically transferred between treasure boxes, rather the transaction is related to a counter performance and preferably also related to some rules and/or criteria's.
  • the rules/criteria's may be decided by a content provider, preferably the rules/criteria's are implemented on the server. However the rules/criteria's may also be decided by an owner of a treasure box, hence these are preferably referred to as customer rules/criteria.
  • the treasure box may comprise a private key and a public key pair.
  • challenge response protocol by public key techniques is for example employed.
  • the treasure box may preferably relate to a specific domain related to a collection of digital items.
  • a treasure box may relate to the "Disney domain" and hence preferably comprise Disney character DiDIs. In this way, persons having a certain interest for Disney may be able to trade characters with each other and thus get in contact with people having similar interests.
  • the treasure box comprises a display for displaying digital items, a speaker, and a user interface for receiving input from a user.
  • a treasure box may be embedded in a mobile phone, PDA or any other hand held electronic device.
  • a hand held electronic device such as a mobile phone may be manufactured with a treasure box inside, which gives the owner of the mobile phone access to other applications and services than what is possible with mobile phones not comprising a treasure box.
  • two treasure boxes may be able to directly communicate with each other.
  • the treasure boxes may comprise means for connecting to a mobile telephone network in order to access an online server.
  • the method for secure transaction preferably further comprises the step of signing the data representing a collection of digital items with the private key of the server. For example by taking up the collection representation into a digital certificate signed by the server. Such signing provides integrity. Thus, any intermediary electronic device may be able to check the signature using the public key of the server and may detect whether un ⁇ authorized changes have been made to the collection.
  • the method for secure transaction may further comprise a step in which the treasure box sets up a Secure Authenticated Channel with the server. In this way the treasure box may download data representing digital items directly from the server.
  • the method for secure transaction may further comprise the step of uniquely identifying the first treasure box to preferably a second treasure box.
  • the method for secure transaction may further comprise the step of: the first treasure box setting up a connection with a second treasure box using a very short range connection technology like NFC or the alike to directly connect two treasure boxes and let them exchange DiDIs.
  • the first treasure box may set up a secure connection with a second treasure box.
  • the treasure box preferably provided in the method for secure transaction may support a method for setting up a secure authentication channel with the server for example by using public key cryptography, preferably via the intermediary electronic device.
  • the secure authenticated channel is used for securely transfer data representing digital items from the server to the treasure box.
  • the method for enabling transaction of digital items may further comprise the step of providing services for allowing customers to electronically receive digital items in exchange for a counter-performance.
  • the counter performance may relate to a transaction of money to the owner of the server, and/or to the content providers, and/or to the service providers or to any combination of these or other player that may be involved in the management and service of the system or content providers and service providers.
  • the counter performance may relate to transaction of digital content, hence a DiDI may be traded against one or more other DiDIs.
  • the rules/criteria's for the trade may be set up by the content providers or the server provider, furthermore the rules may also be set up by individuals such as consumers in possession of a treasure box.
  • the trading of DiDIs may work in the same way as the stock market where the demand and supply of digital items may decide the value of them.
  • counter performance may be of many different kinds, in some circumstances wherein the DiDI is for free the counter performance may be that the customer accesses the server.
  • An example of this could be when a consumer obtains a code for a DiDI in for example a product package, such as in a breakfast serial package. The customer can then access the server and by using the code download the DiDI relating to that code.
  • the purchase in the method for enabling transaction may preferably be an electronic purchase, such as a transaction related to a credit card, or an online bank account.
  • the purchase may be connected to a phone bill wherein the purchase of a DiDI is added to a phone bill of a customer.
  • Associates may preferably be content providers, service providers, hardware providers and software providers or any other entity that can join a partnership and is able to contribute to the system, method and content which is to be sold.
  • the method for enabling transaction of digital items wherein the treasure box preferably comprises a composition/selection of data representing digital items the method may further comprise the step of: - providing a scope of access dependent on the composition/selection of the data representing digital items in the treasure box.
  • the scope of access preferably relates to applications options as will be described in "description of preferred embodiments".
  • the scope of access preferably relates to what services, functions and digital items a user may be able to access, download, execute and so forth depending on the collection of digital items the user has in his/her possession.
  • Services could for example be audio-visual infotainment services, or any other service.
  • the method for enabling transaction of digital items may further comprise the step of: providing a service for customers so that they can trade data representing digital items between each other in response to a counter performance.
  • Counter performance may preferably be understood as described earlier in the document.
  • counter performance may relate to the trading of rights related to DiDIs.
  • the method for enabling transaction of digital items may also comprise the steps of providing a wider set of features and applications to customers. Moreover the method for enabling transaction of digital items may also comprise the step of providing application options. This results in an increased freedom for content providers and other players since they will be able to develop new and more advanced application options. Furthermore the term "providing” may in some circumstances also relate to sale, such as sale of treasure boxes, sale of DiDIs etc. This will be clear from the context wherein it is used. These and other aspects of the invention will be apparent from and elucidated with reference to the embodiments described hereinafter.
  • FIG. 1 illustrates an overview of the system
  • Fig. 2 illustrates an overview of a second embodiment of the system
  • Application options preferably comprise specific features, abilities, characters, senses, sounds, pictures, services, movies, rights etc related to a specific DiDI or to a collection of DiDIs.
  • the application options may give the owner certain rights or options for usage in relation to other owners of DiDIs.
  • application options comprised in a DiDI or a collection of DiDIs may include any combination of the following possibilities: Looking at and / or listening to audio, still picture, video properties of any particular DiDI; e.g. a well-known cartoon character jumping around and splashing in a bucket with paint, a famous singer singing a unique piece of music. Getting access to limited access information on the Internet.
  • the system in the present invention preferably comprises: 1. Digital Items. 2. A 'dongle' type small electronics device acting as the physical embodiment of the personal collection of DiDIs - and therefore further referred to as the 'treasure box'. 3. Home computer based software (gaming or other). 4. Web based software (gaming or other). 5. Content (related to games, cartoons, movies, characters, sport idols and so forth).
  • the collection of DiDIs in the treasure box provides its owner with certain desirable application options contingent on the composition of the collection of DiDIs.
  • the home computer, server and web are preferably main support systems to use and express such application options.
  • a scenario of a how the invention may be used.
  • a customer buys a treasure box in a store, preferably the treasure box relates to a domain such as the Disney domain.
  • the bought treasure box may be pre-loaded with one or more DiDIs so that the customer can start to play with the new toy as soon as possible.
  • the DiDIs stored on the treasure box preferably only has a limited number of application options.
  • the customer preferably have to perform some kind of counter performance, such as buying new DiDIs, trading DiDIs etc.
  • the customer may buy new DiDIs from an online server.
  • the customer buys a new DiDI the scope of application options increases and the customer will be able to access new experiences/adventures. That could for example be viewing a movie that is preferably related to the certain collection of DiDIs that the customer just obtained.
  • An example of a DiDI related to application options could for example be Donald Duck as described earlier.
  • the Donald Duck DiDI comprises a basic set of applications options, which a consumer is able to enjoy only by owning/having the Donald Duck DiDI.
  • the basic set of applications options is preferably decided by specific rules relating to the specific DiDI.
  • the Donald Duck DiDI preferably comprises a set of advanced applications options, which is preferably only accessible if the owner owns other DiDIs preferably related to Donald Duck, such as Daisy duck or any other Disney character that preferably belongs to the same domain as Donald Duck.
  • a DiDI may be a tool, weapon or other gadget that preferably belongs to the Disney domain, such as a hammer.
  • the hammer DiDI in combination with Donald Duck would make it possible for Donald Duck to build e.g. a house.
  • the building of the house could be an application option such as a movie showing when Donald builds the house.
  • the Home computer based software may bring at least a part of the application options empowered by the DiDI collection to expression preferably according to some limiting conditions, criteria's and/or rules.
  • the owner of a treasure box has a certain collection of DiDI, the owner may access other applications options depending for example on what DiDIs he owns.
  • the computer-based software is installed on a home computer also referred to as intermediary computer.
  • the intermediary computer may also be a mobile device such as a mobile phone, PDA, and similar.
  • the Web based software preferably consists of the following three parts: Software preferably bringing at least a part of the application options to expression, and combining it with the additional possibilities that the Internet may provide such as using Internet based databases, creating multi-user experiences such as support for gaming clans etc.
  • Functions for end-users to acquire DiDI's preferably in turn for some counter performance such as payment or other.
  • Functions for end users to trade DiDIs with their peers (this may preferably also require a counter performance).
  • the function of making DiDI's available may be integrated with an application. For example DiDI's may be found as side effect or as a main goal in computer games, etc.
  • DiDIs The function for end-users to trade DiDIs preferably works similar to acquire DiDI's, except that now two treasure boxes are involved. Furthermore the end-users may both plug into a PC, or two PC's, at the same time.
  • the home computer software and web based software are designed in order to be attractive and easy to use for the target group.
  • the invention will be described in a preferred embodiment to implement the so-called treasure box in a secure way.
  • Figure 1 shows an overview of a first embodiment wherein DiDIs preferably are stored on an online server (S) in such a way that copying is difficult or close to impossible. Data representing DiDIs may preferably be downloaded from S via the user's P. C.
  • S online server
  • the DiDIs are preferably stored in the treasure box.
  • the treasure box preferably also comprises a display for displaying the DiDIs, memory for storing extrinsic and intrinsic data relating to the DiDIs.
  • the treasure box may be implemented as a small dongle with associated USB connector.
  • a Near Field Connection NFC
  • any wireless or cable communication technology may be used to connect the devices.
  • an infrared or BlueTooth connection can be used as a way of communication.
  • the treasure box may preferably comprise hardware in order to communicate over these connections.
  • the treasure box preferably comprises some security functionality and some storage capacity.
  • a Smart Card chip with built-in crypto co-processor may preferably be used for secure storage of the DiDI collection.
  • the built-in co-processor may be used to execute security protocols with the Web Server and Software programs. Additional connection hardware such as USB or NFC interface may preferably be added to such a Smart Card chip in order to create a functional treasure box.
  • a third embodiment of a treasure box may be a NFC, bluetooth, infrared enabled mobile phone, which has a built-in Smart Card for storing DiDIs and possibly other rights from other Digital Rights Management systems.
  • a list of owned DiDIs are stored in the treasure box.
  • DiDIs In total there may be n possible DiDIs, all having an ID number.
  • the list of DiDIs may be represented as an n-bit bit string DL (Digital _ items_List). If the i-th bit of DL is set to a T, this means that the corresponding i-th DiDI is part of the collection. If a bit is set to 1 O', the corresponding DiDI is not part of the collection.
  • the format of the DL is preferably the same for all treasure boxes within one system and the Servers S uses the same format. In this way the system knows which position in the string relates to a specific DiDI.
  • the string position for that DiDI is changed from 0 to 1 and thus the DiDI is included in the collection.
  • Formats such as lists or arrays can also be used wherein the list and array may comprise pointers to for memory allocation in a memory.
  • a general file system may also be used for storage of the data representing DiDIs.
  • the string or above described formats may be encoded and/or compressed in order to save storage space.
  • the transaction of DiDIs between treasure boxes preferably results in that the data representing the DiDI in the treasure box from where the data representing the DiDI is moved is altered in such a way that the treasure box from which the data is moved loses its right to the DiDI.
  • the data representing a certain DiDI in the second treasure box is preferably removed when it is transferred to a first treasure box.
  • such transfer may be done by changing the position in a string representing the DiDI from 1 to 0.
  • the corresponding position in the first treasure box receiving the DiDI is altered from 0 to 1.
  • no duplication of rights may be possible to perform during this operation.
  • the second treasure box alters the data on the first treasure box.
  • an online server may also be used as a broker and thus the altering of the data representing a DiDI on the first treasure box and/or second treasure box may be altered by the server.
  • a similar approach is adopted when data representing a DiDI or the "right" to the DiDI is transferred from a server to a treasure box.
  • the server alters the data on the treasure box that receives the "right" to a DiDI.
  • the list of DiDIs DL may preferably be stored in the memory of the treasure box and may be accessed by other software programs or web servers.
  • the software programs should preferably be convinced that this list DL was truly collected by the owner of the treasure box and is not simply a self-generated bit string (or a copy). Therefore, the software should preferably be able to check the authenticity of this bit string. This may preferably be achieved by embedding DL in a public key certificate, which may be signed by the trusted Web Server S. Simply represented, this certificate could look like this:
  • DiDI_CERT Sign[KPRIV_S] ⁇ DL, IDJTBi, DT,CNT ⁇
  • a signature is generated by the server S with its private key KPRIVJS.
  • KPRIVJS the RSA public key system
  • the signed message consists of the fields DL, ID TBi and DT.
  • DL represents the list of DiDIs.
  • DI TBi is the identity value of TB i, in other words the subject to, which the certificate is issued.
  • the field DT represents a date and time value of when the certificate was issued.
  • a counter value CNT is present in the certificate. It is increased every time the server creates a new certificate for this particular treasure box (TBi).
  • multiple other fields may be present in a certificate.
  • a certificate may contain a certificate identifier, which is useful in revocation mechanisms for certificates.
  • Standard certificate revocation mechanisms may then be used to inform software programs that certain DiDI certificates are not valid anymore.
  • the public key KPUBJS of a trusted server S is known to the other parties that want to check the DiDI collection. Since the certificate preferably is digitally signed, the values in the certificate may preferably not be changed (except by the server S who knows KPRIVJS). If an adversary tries to upgrade its DiDI collection by changing the value DL, anyone will be able to verify that the signature is invalid (does not match anymore). The fact that the identity value of the treasure box is present in the certificate prevents users from copying each other's certificate, hence the certificates are 'personalized'.
  • the date and time values and the counter value in the certificate should preferably prevent users from replacing old certificates, since inconsistency in these values could be detected.
  • the approach presented above preferably solves the integrity and authenticity aspects of security requirement.
  • Software programs on the PC should preferably be able to communicate with the treasure box and check the collection of DiDIs and thus fulfill some security requirements.
  • the software on a Web Server such as a trusted server (S)
  • S may be able to change the collection of DiDIs, for example when a DiDI is bought or traded via this server.
  • the collection of DiDIs may be amended or managed by software on a PC or on a treasure box (TB).
  • the software then comprises cryptographic keys for changing the contents of the collection.
  • the basic security-related functionality that may be accomplished is: 1. Identification/authentication from the treasure box to the Software program on the PC. . While the software is running, the software may preferably be able to check the presence of the treasure box. 2. Authentication from the Web Server to the treasure box. Preferably, only the authenticated Web Server is allowed to make changes to the DiDI collection. 3. Any party (software program or web application) should preferably be able to view the collection of DiDIs when it connects to the treasure box and should preferably be convinced of the authenticity and integrity of this collection.
  • Treasure Box with symmetric cryptography The treasure box may be cheaper to implement if it does not have any public key cryptographic functionality.
  • some security protocols that are based on symmetric key cryptography techniques are presented. The following security protocols can be used to achieve security requirements 1 and 2.
  • Presence detection of treasure box to software We provide TB /, preferably with two symmetric keys: 1.
  • a unique key Ki which preferably is coupled to a treasure box identity value ID_TBi.
  • ID_TBi preferably, only the particular treasure box and the trusted server (S), know the key value Ki.
  • the server preferably has a list indicating which of the secret key Ki, is coupled to the identity value ID TBi of a specific treasure box.
  • a software key KSW which preferably is securely stored in all treasure boxes and software programs.
  • the Software may check that a valid treasure box is present by preferably executing a challenge response identification protocol.
  • Some simple techniques are described in the ISO/IEC 9798-2 standard. Identification of the treasure box to a software program is based on the shared symmetric key KSW. The following protocol may be used:
  • the software may send a random value r to the treasure box.
  • the treasure box encrypts the received r with the secret key KSW and sends it back (step 2).
  • step 3) the software decrypts the received message with key KSW and checks ⁇ whether the decrypted value is equal to the random number that it has sent in step 1. If this is correct, the software knows that a valid treasure box is present.
  • a symmetric crypto algorithm like DES or AES may be used.
  • the presented protocol is merely an example.
  • Alternative protocols may be used, for example the SKID2 protocol (which is based on keyed hash functions instead of symmetric key encryptions) could be used.
  • Additional identification from treasure box to software may further be improved by giving software programs means to uniquely identify treasure boxes. Therefore and preferably the following keys are given to a treasure box with identity ID_ TBi: 1.
  • a unique key Ki which is coupled to its identity value ID_ TBi. Preferably only the particular treasure box and the trusted server (S), know this value. This key may preferably be used to communicate to S. 2.
  • a second unique key KSWi which preferably also is coupled to identity value ID_TBi. Initially and preferably only the particular treasure box and the trusted server S know this key. Later on, legal (and authentic) software programs may download the individual keys, in order to uniquely identify the various treasure boxes.
  • the server preferably comprises a list of which secret keys Ki and KSWi are coupled to which identity IDJTBi.
  • the software checks which identity is in DiDIjCERT by connecting to the treasure box. Then it contacts the server S in order to download the corresponding key KSWi for that treasure box (personalization phase).
  • the software may be personalized for the use with multiple treasure boxes.
  • the software may execute a challenge response identification based on knowledge of shared key KSWi.
  • the protocol of the previous subsection may be used with key KSWi instead of key KSW.
  • a secure identification protocol is used between the software program and the server.
  • the software downloads the symmetric key KSWi in the personalization phase.
  • This identification may be done with any standard identification protocol (using symmetric or asymmetric cryptography), for example with one of the techniques described in this document for identification between treasure box and software or treasure box and S.
  • a software program at a certain PC may only retrieve a limited set of keys KSWi from the server.
  • the keys KSWi may be downloaded from, the server S, this could also be done by an adversary who fakes the authentication protocol between software and server. If the adversary obtains KSWi, the particular treasure box to which it corresponds can be cloned, for example in software. This weakness may preferably be avoided by letting the software download challenge response pairs for protocol 1 (i.e. pairs r, E [KSWi] ⁇ r ⁇ ), instead of the key KSWi itself.
  • the Software can use the r value in such a pair to send to treasure box, and can check if the response B of TB is equal to E [KSWi] ⁇ r) in the list.
  • the software program connects to the server now and then to obtain fresh challenge response pairs.
  • one-way hash functions can be used in the protocol.
  • the keys KSWi may be generated in a special way. For example the following rule holds:
  • KSWi E[MK] ⁇ ID TBi ⁇
  • the secret key KSWi can be retrieved by encrypting the treasure box identity IDJTBi with master key MK. If software programs know this master key MK, they can calculate individual treasure box keys KSWi by themselves. Instead of an encryption function, also a one-way hash function could be used here.
  • Treasure Box with asymmetric (public key) cryptography a software program preferably has to connect to the server in order to obtain a key to identify treasure boxes. This could be a security flaw. Another disadvantage is the fact that it is not unlikely that hackers will try to retrieve key material from software programs. Since both the treasure box and the software contain the same symmetric key, this hack immediately enables the hacker to forge treasure boxes. With asymmetric cryptography, the present invention preferably doesn't have these problems and hence can obtain much more security.
  • each treasure box is given a unique public/private key pair (KPUBJTBi, KPRIVJTBi), of which the private key is securely stored.
  • KPUBJTBi unique public/private key pair
  • KPRIVJTBi a central trusted system authority
  • This trusted authority may be a web server that has public key KPUB_S. This authority preferably issues public key (identity-) certificates that state which public key is related to which treasure box identity.
  • each treasure box has a certificate that looks like this:
  • CERTJTBi SIGN[KPRIV_S] ⁇ ID_TBi,KPUB_TBi ⁇ This denotes a certificate that is signed with the private key of S and contains the public keyof the treasure box with identity IDJTBi. Only the basic fields of a preferred certificate are shown and not other fields such as timestamp, certificate identifier etc. However the other fields which may also be required is obvious to a person skilled in the art. Furthermore, other entities in the system such as software programs may also have their own public/private key pair and corresponding identity certificate. IDJSWi, preferably denotes the identity of software program i. Preferably the trusted authority (or Server) manages an appropriate certificate revocation system in order to revoke identity certificates when the private key of a treasure box or software program has been compromised.
  • Identification from treasure box to software may be achieved by executing a standard public key identification protocol.
  • a standard public key identification protocol For example the SSL/TLS protocol may be used.
  • such a public key identification protocol preferably has the following basic steps:
  • step 1 treasure box sends its identity value and certificate to the software program.
  • the Software program checks the certificate (i.e. the signature and its validity).
  • step 2 the software program preferably generates a random value r. Furthermore it generates a hashed value A of this random value by applying a one-way hash function h().
  • step 3 the software program encrypts the value r and its own identity value SWi with the public key of treasure box.
  • the software program has found this public key in the public key certificate CERTJTBi.
  • the encrypted values are sent back to treasure box, together with the hashed random value and the identity value of the software.
  • step 3 the treasure box decrypts the encrypted values, using its private key KPRIVJTBi.
  • Treasure box furthermore checks if the retrieved random value (K) corresponds to the value in A. Furthermore the treasure box checks whether the decrypted identity value (L) corresponds to the value IDJSWi that was sent in the clear, in Step 2. If these are correct, in step 4 the treasure box sends the decrypted random value K back to the software program. The latter checks whether it corresponds to the original random value r, and if so, the treasure box is authenticated.
  • protocol 2 only describes unilateral authentication from treasure box to software. Mutual authentication can be achieved when preferably protocol 3 is used, as will be described below.
  • Authentication between treasure box and S For the authentication between Web Server (S) and treasure box, preferably a public key protocol is used that achieves mutual authentication and furthermore established a shared symmetric session key. With this key further communications between both parties can be encrypted and hence a Secure Authenticated Channel (SAC) is established.
  • SAC Secure Authenticated Channel
  • the Modified Needham-Schroeder public-key protocol may be used, see protocol 3.
  • the first step in this protocol is equal to protocol 2.
  • treasure box generates random values rl and kl and encrypts these together with its identity value using the public key of the server.
  • This packet is sent to S and S decrypts the packet by using its private key. After checking that the retrieved identity value corresponds to the one of TBi in the certificate, S continues with step 3.
  • the server generates random values r2 and&2 and encrypts these together with the received random value of treasure box. This packet is sent back to treasure box. Treasure box decrypts the packet and checks that its own random value is contained. If so, it sends back the retrieved random value from S in step 4.
  • both parties have two shared keys (ki and k2) which preferably may be used to further encrypt their communications.
  • partnerships may preferably be set-up with content providers, in which they develop and deliver free content, or pay fees, for the promotional value of the DiDI driven hype.
  • Content providers can treat DiDI's as a new form of merchandise that goes along with introduction of movies, fashion items etc. 6.
  • partnerships may be set-up with packaged goods suppliers that wish to use DiDI's as promotional campaign instruments (like "Flippo's" in packs of potato chips). To this end their packaged goods may contain a unique code that preferably give a one-off right to obtain a DiDI.
  • Preferred payment modes/services for purchasing may include: 1. Selling gift items with one or more unique codes that give a one-off right to obtain a DiDI.
  • Such items should be nicely styled thereby rendering them excellent birthday party gifts for school friends, etc.
  • 6. Providing unique codes (that give a one-off right to obtain a DiDI) on a paid-for telephone number (one code per time tick / money charge unit).
  • the whole business should preferably be content driven.
  • advantages and/or the technical effects resulting from the constituent features of the invention may be as follows: advantages and/or technical effects provided by the present invention are capable of extending the lifetime of collectable objects. It may further be an advantage and/or technical effect achieved by the present invention to provide a solution for a person which makes it easier to keep track of digitized objects such as DiDIs and to carry and store them in an efficient, easy to handle way. It may further be an advantage and/or technical effect achieved by the present invention to provide a solution, which makes it harder to illegally distribute and copy digital content. It may further be an advantage and/or technical effect achieved by the present invention to provide a solution for individuals to join different groups related their interests.

Abstract

The invention relates to a system and method for transaction of digital content while at the same time avoid duplication or copying of the digital content. The system preferably comprises an online server an intermediate computer and a mobile electronic device (treasure box) which is able to store data representing digital content. In order to transfer the data between the different devices in the system, preferably some security protocols and programs are used. Furthermore the invention relates to a method for allowing customers to electronically purchase digital content.

Description

System for transaction of digital content
FIELD OF THE INVENTION The present invention relates to computer systems and methods for distributing digital content, for example as in transaction technology and encryption technology. In particular, it relates to a system and method for selling and delivering digital desirable items to consumers for the consumers to build and keep collections or personal sets of digital desirable items.
BACKGROUND OF THE INVENTION Since ancient times, people have always had a desire to collect different kinds of objects. The kinds of objects that people collected may have started with stones and over time changed into more advanced objects such as, stamps, bottles, cars, etc. These objects have a value, which may among other things depend on supply and demand, state and age. Until recently, the collectable objects have been tangible objects, which actually can be traded from hand to hand. When young children or teenagers are presented with a new hype concerning 'cool' objects they are often easily enticed to start collecting them, and trading them with peers in order to improve their own collection and show it off. The "cooler" the items are, the greater the desire becomes to be part of such a social interaction and the greater the willingness of children and their parents to spend money on it. The collecting and trading behavior is part of the social positioning of young individuals in a group and gives opportunities for personal expression, and for both showing off and developing personal skills (e.g. negotiation, economics). Items obtain a value when they correspond with "hot" hypes such as the latest movie, popular music artist, branded clothes, sport champions and TV programs. Furthermore, they can be made more valuable or attractive when they posses certain properties that empower the owner in some manner or if they only exist in a limited number. Pokemon provides a good example: it was associated with a game of having to find all Pokemon creatures, and possessing one helps to find others. Trading collectible items such as Pokemon cards is well known and commercially very attractive. Today such items are printed cards or similar objects without any embedded functions. Another example is the popular card game "Magic", the game power of the player is not only determined by his playing skills, but to a large extend by the quality of his "deck" (of cards) that is therefore continually under construction via buying and trading of cards. However, in the last few years people have been provided with a new medium, which enables them to interact with people in a different way compared to what was hitherto possible. The Internet has spread rapidly over the last 10 years such that the Internet and the corresponding electronic communication has become the preferred means for communicating within many areas such as between companies and people. Because the nature of digital content makes it very easy to copy and distribute, the value of digital items may decrease if they are not protected in some way. Illegally distributing digital content through the Internet has become a threat to content providers. Currently, legal measures are taken by content providers in order to prevent the illegal distribution of music, movies and other copyright protected content. However, this problem can not only be solved by legal measures, other solutions also have to be considered. By arranging transfer of objects such as physical cards, photos, sounds in the digital domains, such transfer can be made subject to technology pertaining to the digital domain. Thus transaction technology, security systems and methods can be used in order to allow digital information to be exchanged and preferably not copied. Hence, a second level of protection for the digitized objects can be achieved. Furthermore, by digitizing objects into the digital domain, interactive applications can be created and used within many different areas and making the objects more attractive for the 'internet generation'.
SUMMARY OF THE INVENTION In this document some specific terms will be used, below follows a short explanation of these terms. Digital items - Digital item preferably relates to collectible objects or characters and similar types of entities that have been digitized. The digital items may also refer to the digital representation or description of such digital items and the digital items may also be referred to as Digital Desirable Items or DiDIs. Treasure box - A treasure box or token may be a small electronic device comprising memory etc. Application options - Application options that a customer can use or enjoy. According to a first aspect of the invention, a computer system is provided, the computer system comprises a server for storing digital items in a database, an intermediary electronic device for downloading the data representing the digital items stored on the database, at least a first treasure box for receiving and storing the data representing the digital items accessed from the database by the intermediary electronic device, said computer system being programmed to: send a treasure box ID from the treasure box to the server for validation of the treasure box ID, transfer data between the treasure box and the intermediary electronic device in response to the validation of the treasure box ID, and altering the data representing the digital items stored in the treasure box in response to instructions originating from the server. Furthermore, a system offering conditional access to multi-media information and entertainment facilities by individuals in a networked digital system is provided, the system comprises at least one treasure box for storing personal sets of digital items, communication means between the networked digital system and the at least one treasure box, authentication means for authenticating the treasure box upon a request from the treasure box to achieve access to the multi-media information and entertainment facilities and/or to obtain digital items from the networked digital system or from peer users - determination means for determining a scope of access for the individual to the multi-media information and entertainment facilities based on a composition of the personal set of digital items. In a second aspect of the invention, a treasure box for storage of digital items and for use in a computer system according to the first aspect of the invention, is provided, the treasure box comprises a memory for storage of the digital items and a unique code, a processor for management of the digital items, and a data communication interface. In a third aspect of the invention, a method for secure transaction of data representing a collection of digital items via a network is provided, the transaction being between a first treasure box comprising an identity value and a server comprising a public key and a private key, the method comprises the steps of: establishing a secure connection between the treasure box and the server through an intermediary electronic device, - identifying the first treasure box to the server, and transferring the data representing a collection of digital items from the server to the treasure box. In a fourth aspect of the invention, a method for conditional accessing multi- media information and entertainment facilities by individuals in a networked digital system is provided, the method comprises building and keeping personal sets of digital items on a treasure box by - obtaining digital items from the networked digital system in response to a counter performance, and - trading digital items with peer users, determining a scope of access for the individual to the multi-media information and entertainment facilities based on a composition of the personal set of digital items, wherein transfer and storage of the personal set of digital items is secured by use of a digital rights management system. The present invention thus allows for the collection of digital items on any kind of electronic storage device, such as in a treasure box. By the present invention, an identification means is provided to the treasure box, so as to allow for authentication of the treasure box before a digital item for collection is provided from a server to the treasure box. The authentication may be a check of compliance or originality of the treasure box and thus ensure that the treasure box behaves according to the rales so that for example a treasure box will delete the digital item locally if it is transferred to another treasure box, etc. The check of compliancy could include the check of a digital certificate (issued by some trusted party) that indicates that the treasure box is compliant. An additional certificate revocation mechanism may be applied to revoke certificates from treasure boxes that are not compliant anymore. Furthermore, the transferring of data from the server to the treasure box may comprise a check of allowability to download the specific digital item, i.e. check if a counter- performance has been performed in return for the digital item, such as e.g. if a valid payment for the item has been performed. The digital items may be associated with or comprising rich features, applications and options, e.g. in the form of interactivity or audiovisual features that may be linked to either a single digital item or to a collection of items. Individuals may furthermore be offered a, preferably conditional, access to audio-visual infotainment services, such as digitized objects/characters, multi-media information and entertainment facilities, the conditional access being determined by the possession of corresponding digital items. The collection of digital items, i.e. the personal set of digital items, may be connected with gaming so that certain objects/elements of the game are only obtainable by owning the corresponding digital items, the digital items giving access to special weapons, recovery possibilities, etc. and thus give gaming an extra dimension of fun and excitement. The storage of the digital items in a treasure box makes it easy to keep track of the digitized objects, such as the DiDIs, and to carry and store them in an efficient, easy to handle way. The presentation of the digital objects may also be made attractive and preferably also individualized. It is further an advantage achieved by the present invention to provide a system for selling infotainment-related data such as DiDIs created by content providers. The digital items may also be referred to as Digital Desirable Items or DiDIs and may preferably be digitized objects or characters comprising at least one application option as will be described later. The digital items are preferably the content to be collected by customers by use of the system and method described in the invention. The digital items may be DiDIs that may be stored in encrypted form on a server or on a storage device such as a treasure box described below. Thus they may be obtained from the web preferably via a home computer or another electronic device able to communicate and transfer data by wire or wireless. Moreover, digital items may be traded with peers either via the home computer and the web, or optionally via other supportive means such as mobile phones, TVs, Game consoles, PDAs, dedicated devices and similar apparatus or between treasure boxes. The digital items may be classified into groups comprising a number of digital items. Preferably each digital item in a group is assigned an individual ID number. Each group may preferably constitute a specific domain. For example Donald Duck may be classified into the Disney group, the Disney group would preferably constitute a domain. Donald Duck within the Disney group preferably have an individual ID number which may be a position in a string or any other number which makes it possible to differentiate this digital item from other digital items. Each digital item, also within a group, may have a specific individual ID number that preferably not relates to a position in a string. Digital items may hold the middle between Audio/Video content, computer games and software applets in that they preferably share properties with each of these, but are not equal to any of them. Thus digital items may be more advanced than only Audio/video content, and they may share properties from many different areas, including audio, videos, pictures, applets etc. Preferably, the digital items, DiDIs, are not editable by a consumer. Under certain circumstances, which preferably is connected to some applications options, rules and/or criteria's, duplication or creation of a digital items may be performed. One such case could for example be two characters which are able to produce a new one, such as in role games, two parent characters digital items may be able to give birth to a new character, child character digital item. By having this function an owner of a treasure box may be able to breed new species. Preferably, the breeding of a new digital item is controlled by the server that alters the data on the treasure box, thus adds the child . digital item to the collection. The breeding of new species may be dependent on a counter ■ performance. The server for storing digital items in a database may be a server connected to a network or it may be another treasure box. This other treasure box may comprise the intermediary electronic device. The network or the networked digital system may be any public or private network and is in a preferred embodiment the Internet. The digital items stored electronically may in this case be shown to others via the internet and thus provide a system for connecting people all over the world sharing a similar interest. The treasure box may be any storage device for storage of digital items or representations of digital items. The treasure box may further comprise information processing means and a means for communication. The treasure box may be a memory device comprising read/write and erase functions and further comprising means for authentication, such as a 'dongle'-type small electronic device. The treasure box is adapted to be connected to the server, by wiring, direct insertion of the treasure box in a port of the computer, e.g. a USB port, or by a wireless connection, using e.g. infra red, NFC, etc. Preferably, the digital items or the representation of the digital items are linked or stored in such a way that application options empowered by a digital item may be expressed. The physical dimensions of the treasure box are preferably a size, rendering it easy to carry and to fit into pockets. It may be a 'credit card' type or smart card type gadget equipped with a processor-and-memory chip or it may be in the form of a stick as often used with USB ports. The treasure box is preferably designed to fit a target group, the themes of the digital items, and its whole purpose. It should preferably be a valued gadget for a person owning it. Furthermore, the means for authentication may comprise hardware to execute cryptographic operations (e.g. encryption) and memory to store cryptographic keys, some processing power and a communication interface. In a preferred embodiment, the means for authentication is a part of a digital rights management system (DRM). More functionality may be included in one system when a DRM system is used, hi such a system the authentication procedure and furthermore copy protection and secure content management in which revocation mechanisms may be embedded may be provided. Thus, the whole security mechanism to protect the digital items in a system with all the devices, including treasure boxes, intermediary computers, servers, etc, may be implemented by means of such a DRM system. The treasure box comprises at least one data interface for being able to communicate with other storage means, such as other servers and/or other treasure boxes or other electronic devices such as mobile phones, PDAs, computers, etc. Each treasure box preferably comprises an ID, identification means, in order to distinguish it from other treasure boxes. The combination of checking the identity (authentication) and binding the digital items to this identity, e.g. by means of digital certificate or storage of the digital items on a central server, make the digital items harder to copy and distribute illegally. A treasure box being manufactured legally and comprising identification means identifying the treasure box may be referred to a as a valid treasure box. Any check for authentication may comprise a check as to whether the identification means are undisturbed, that is whether any changes of code have been performed. The treasure box ID is in the simplest embodiment an identity value of the treasure box that the server may use for making a certificate that links the representation of the digital items present in the treasure box to this identifier. Furthermore, the computer system may be programmed to authenticate the treasure box to the server, and this may be the first step in setting up a Secure Authentication Channel. The altering of the data preferably means that the server either adds or removes the right of a certain digital item in a treasure box. This may be done by changing the value at a position in a string from 1 to 0 or 0 to 1 depending on whether the right is removed or added or it may be done by adding/removing the entire digital item to/from the treasure box. Furthermore, when collecting and trading digital items, multiple units of the same DiDI may be present in one treasure box, so that e.g. a "1" indicate the presence of one DiDI of a specific type and N, N > 1, indicates that N DiDI of a specific type are present in the treasure box. This may also be implemented in a string principle by allocating more bits to the number of items present. In an embodiment of the invention, digital items may be transferred between two treasure boxes, and in this embodiment it is preferred that one of the treasure boxes alters the data on the other treasure box. Preferably, the treasure boxes comprise a program for altering of the data. However, the server may act as a broker and alter the data on both treasure boxes. Hereby, most of the authentication processes may be performed at the server, reducing the amount of processing power and encryption/decryption software necessary on the individual treasure box. In this case, the server preferably comprises a program for altering of the data. Preferably, the intermediate electronic device is an electronic device such as a computer, a mobile/cellular phone, PDA, mp3 player or similar. In order to be able to control what data belongs to a certain treasure box the digital items may be linked to the treasure box. For example, this may be done by taking up an identifier ID of the treasure box into a certificate, so that the ID is signed together with the collection or representation. Furthermore, the server may link digital items to the treasure box by having a corresponding processor issuing a digitally signed message or digital certificate preferably comprising at least an identifier of the treasure box and a description of the collection of digital items. The computer system may furthermore comprise a second treasure box wherein the first treasure box upon a counter-performance sent to the second treasure box is able to download and store data representing a digital item stored in the second treasure box. Preferably the data relating to a digital item in the second treasure box is removed when it is transferred to the first treasure box. In this case the second treasure box may alter the data on the first treasure box. Hence the treasure boxes may comprise a program for altering other treasure boxes. At least a second treasure box may be provided so that digital items are transferable directly between the at least first and the at least second treasure box, and wherein a digital item transferred from the at least first treasure box to the at least second treasure box is deleted from the first treasure box upon transfer of the digital item. The transfer and storage of digital items can be secured by applying a digital rights management system (DRM), for example in that the transfer of a digital item comprises the steps of having the at least first treasure box authenticating the at least second treasure box, and vice versa, and having the at least first treasure box checking the compliancy of the at least second treasure box and vice versa. By checking the compliancy of each other, it is checked if the treasures boxes behave according to the rules, and that the treasure box e.g. will delete the transferred digital item from its own collection upon transferring. Each treasure box may comprise a digital certificate indicating that the treasure box is compliant. Thus, to achieve maximum security a Digital Rights Management (DRM) system may be implemented with the treasure boxes to protect the digital items present in the treasure boxes and to enforce correct transferring of the digital items between treasure boxes, and between treasures boxes and servers. As also mentioned above, a counter performance from the at least second treasure box may be required to allow transfer of a digital item from the at least first treasure box to the at least second treasure box. However, as described above a server may act as a broker and alter the data on both treasure boxes. In this case, both the first and second treasure box preferably should authenticate to the server. The treasure box may further comprise a cryptographic key for encryption of a message received from an electronic device such as a computer, treasure box, PDA, mobile phone etc. Preferably in order to be able to execute an identification protocol based on symmetric key cryptography. The treasure box may comprise a cryptographic key for use in a challenge- response authentication protocol with an electronic device such as a computer, treasure box, PDA, mobile phone etc. or other electronic device usable in connection with the invention. Furthermore the electronic device may be interpreted as the intermediary electronic device. However, when to use an intermediary electronic device or an electronic device in the system will be clear from the context wherein it is used. Accordingly, the treasure box preferably comprises cryptographic functionality and/or hardware to do cryptographic computations. Preferably the message received from an electronic device is a challenge. The challenge may be encrypted with the cryptographic key and this forms the response. The response is preferably sent back to the electronic device and may serve as a proof of authentication. By using a challenge response system, preferably a password or key does not have to be sent over the network. Furthermore, a challenge response system may be more secure since the challenge/response may be different every time. Preferably, digital items are not automatically transferred between treasure boxes, rather the transaction is related to a counter performance and preferably also related to some rules and/or criteria's. The rules/criteria's may be decided by a content provider, preferably the rules/criteria's are implemented on the server. However the rules/criteria's may also be decided by an owner of a treasure box, hence these are preferably referred to as customer rules/criteria. For example when two owners want to trade digital items each owner may set up a certain set of rules or criteria's in order for the transaction to take place. The treasure box may comprise a private key and a public key pair. Preferably, in order to be able to use a public key identification/authentication protocol, challenge response protocol by public key techniques is for example employed. Furthermore, the treasure box may preferably relate to a specific domain related to a collection of digital items. For example, a treasure box may relate to the "Disney domain" and hence preferably comprise Disney character DiDIs. In this way, persons having a certain interest for Disney may be able to trade characters with each other and thus get in contact with people having similar interests. Hence content providers may be able to create their own treasure box relating to a domain comprising a specific set of digital items. In a preferred embodiment, the treasure box comprises a display for displaying digital items, a speaker, and a user interface for receiving input from a user. By having these extra features on a treasure box, it is possible to trade digital items without an intermediary electronic device. Furthermore, a treasure box may be embedded in a mobile phone, PDA or any other hand held electronic device. Thus, a hand held electronic device such as a mobile phone may be manufactured with a treasure box inside, which gives the owner of the mobile phone access to other applications and services than what is possible with mobile phones not comprising a treasure box. Furthermore, two treasure boxes may be able to directly communicate with each other. Preferably, the treasure boxes may comprise means for connecting to a mobile telephone network in order to access an online server. The method for secure transaction preferably further comprises the step of signing the data representing a collection of digital items with the private key of the server. For example by taking up the collection representation into a digital certificate signed by the server. Such signing provides integrity. Thus, any intermediary electronic device may be able to check the signature using the public key of the server and may detect whether un¬ authorized changes have been made to the collection. Furthermore the method for secure transaction may further comprise a step in which the treasure box sets up a Secure Authenticated Channel with the server. In this way the treasure box may download data representing digital items directly from the server. Furthermore the method for secure transaction may further comprise the step of uniquely identifying the first treasure box to preferably a second treasure box. Furthermore the method for secure transaction may further comprise the step of: the first treasure box setting up a connection with a second treasure box using a very short range connection technology like NFC or the alike to directly connect two treasure boxes and let them exchange DiDIs. Preferably the first treasure box may set up a secure connection with a second treasure box. In order for the treasure boxes to control that the other treasure box is a valid treasure box and that no un-authorized changes have been made to the collection of DiDIs. The treasure box preferably provided in the method for secure transaction may support a method for setting up a secure authentication channel with the server for example by using public key cryptography, preferably via the intermediary electronic device. Preferably, the secure authenticated channel is used for securely transfer data representing digital items from the server to the treasure box. The method for enabling transaction of digital items may further comprise the step of providing services for allowing customers to electronically receive digital items in exchange for a counter-performance. The counter performance may relate to a transaction of money to the owner of the server, and/or to the content providers, and/or to the service providers or to any combination of these or other player that may be involved in the management and service of the system or content providers and service providers. Furthermore the counter performance may relate to transaction of digital content, hence a DiDI may be traded against one or more other DiDIs. The rules/criteria's for the trade may be set up by the content providers or the server provider, furthermore the rules may also be set up by individuals such as consumers in possession of a treasure box. For example the trading of DiDIs may work in the same way as the stock market where the demand and supply of digital items may decide the value of them. However counter performance may be of many different kinds, in some circumstances wherein the DiDI is for free the counter performance may be that the customer accesses the server. An example of this could be when a consumer obtains a code for a DiDI in for example a product package, such as in a breakfast serial package. The customer can then access the server and by using the code download the DiDI relating to that code. Furthermore the purchase in the method for enabling transaction may preferably be an electronic purchase, such as a transaction related to a credit card, or an online bank account. Furthermore the purchase may be connected to a phone bill wherein the purchase of a DiDI is added to a phone bill of a customer. Associates may preferably be content providers, service providers, hardware providers and software providers or any other entity that can join a partnership and is able to contribute to the system, method and content which is to be sold. Furthermore, the method for enabling transaction of digital items wherein the treasure box preferably comprises a composition/selection of data representing digital items, the method may further comprise the step of: - providing a scope of access dependent on the composition/selection of the data representing digital items in the treasure box. The scope of access preferably relates to applications options as will be described in "description of preferred embodiments". Hence, the scope of access preferably relates to what services, functions and digital items a user may be able to access, download, execute and so forth depending on the collection of digital items the user has in his/her possession. Services could for example be audio-visual infotainment services, or any other service. The method for enabling transaction of digital items may further comprise the step of: providing a service for customers so that they can trade data representing digital items between each other in response to a counter performance. Hence providing a service for people to get in contact with other people and to perform business related transactions of digital items. Counter performance may preferably be understood as described earlier in the document. Furthermore counter performance may relate to the trading of rights related to DiDIs. Furthermore the method for enabling transaction of digital items may also comprise the steps of providing a wider set of features and applications to customers. Moreover the method for enabling transaction of digital items may also comprise the step of providing application options. This results in an increased freedom for content providers and other players since they will be able to develop new and more advanced application options. Furthermore the term "providing" may in some circumstances also relate to sale, such as sale of treasure boxes, sale of DiDIs etc. This will be clear from the context wherein it is used. These and other aspects of the invention will be apparent from and elucidated with reference to the embodiments described hereinafter.
BRIEF DESCRIPTION OF FIGURES Fig. 1 illustrates an overview of the system Fig. 2 illustrates an overview of a second embodiment of the system
DESCRIPTION OF PREFERRED EMBODIMENTS Application options preferably comprise specific features, abilities, characters, senses, sounds, pictures, services, movies, rights etc related to a specific DiDI or to a collection of DiDIs. The application options may give the owner certain rights or options for usage in relation to other owners of DiDIs. Preferably, application options comprised in a DiDI or a collection of DiDIs may include any combination of the following possibilities: Looking at and / or listening to audio, still picture, video properties of any particular DiDI; e.g. a well-known cartoon character jumping around and splashing in a bucket with paint, a famous singer singing a unique piece of music. Getting access to limited access information on the Internet. - Getting access to functionality on the Internet; e.g. new "worlds" in games, new characters one can "be" in games, new arms or tricks one can use in games etc. Extended ability or improved conditions to acquire or trade DiDIs; e.g. to ever acquire certain DiDI's one first needs to posses at least a given collection. Rights to buy physical products preferably related to the DiDIs. - May give more capabilities within a game to the owner, for example if the owner has a certain collection of DiDIs. Rights to enjoy discounts for associated phenomena such as visiting a movie, concert, and so forth. Access to services of any kind, which may be interesting to an owner of a treasure box. This is a non-exhaustive list, other possibilities not mentioned here may also be used in relation to the invention. In an embodiment the system in the present invention preferably comprises: 1. Digital Items. 2. A 'dongle' type small electronics device acting as the physical embodiment of the personal collection of DiDIs - and therefore further referred to as the 'treasure box'. 3. Home computer based software (gaming or other). 4. Web based software (gaming or other). 5. Content (related to games, cartoons, movies, characters, sport idols and so forth). The collection of DiDIs in the treasure box provides its owner with certain desirable application options contingent on the composition of the collection of DiDIs. The home computer, server and web are preferably main support systems to use and express such application options. However other supportive means may also be used for that purpose, such as mobile phones, PDA's, gameboys and similar. A scenario of a how the invention may be used. A customer buys a treasure box in a store, preferably the treasure box relates to a domain such as the Disney domain. The bought treasure box may be pre-loaded with one or more DiDIs so that the customer can start to play with the new toy as soon as possible. The DiDIs stored on the treasure box preferably only has a limited number of application options. In order for a customer to enjoy other application options the customer preferably have to perform some kind of counter performance, such as buying new DiDIs, trading DiDIs etc. For example the customer may buy new DiDIs from an online server. When the customer buys a new DiDI the scope of application options increases and the customer will be able to access new experiences/adventures. That could for example be viewing a movie that is preferably related to the certain collection of DiDIs that the customer just obtained. An example of a DiDI related to application options could for example be Donald Duck as described earlier. Preferably, the Donald Duck DiDI comprises a basic set of applications options, which a consumer is able to enjoy only by owning/having the Donald Duck DiDI. The basic set of applications options is preferably decided by specific rules relating to the specific DiDI. Furthermore the Donald Duck DiDI preferably comprises a set of advanced applications options, which is preferably only accessible if the owner owns other DiDIs preferably related to Donald Duck, such as Daisy duck or any other Disney character that preferably belongs to the same domain as Donald Duck. Furthermore, a DiDI may be a tool, weapon or other gadget that preferably belongs to the Disney domain, such as a hammer. For example the hammer DiDI in combination with Donald Duck would make it possible for Donald Duck to build e.g. a house. The building of the house could be an application option such as a movie showing when Donald builds the house. The Home computer based software, may bring at least a part of the application options empowered by the DiDI collection to expression preferably according to some limiting conditions, criteria's and/or rules. Thus, if the owner of a treasure box has a certain collection of DiDI, the owner may access other applications options depending for example on what DiDIs he owns. Preferably, the computer-based software is installed on a home computer also referred to as intermediary computer. However the intermediary computer may also be a mobile device such as a mobile phone, PDA, and similar. The Web based software preferably consists of the following three parts: Software preferably bringing at least a part of the application options to expression, and combining it with the additional possibilities that the Internet may provide such as using Internet based databases, creating multi-user experiences such as support for gaming clans etc. Functions for end-users to acquire DiDI's, preferably in turn for some counter performance such as payment or other. Functions for end users to trade DiDIs with their peers (this may preferably also require a counter performance). The function of making DiDI's available may be integrated with an application. For example DiDI's may be found as side effect or as a main goal in computer games, etc. The function for end-users to trade DiDIs preferably works similar to acquire DiDI's, except that now two treasure boxes are involved. Furthermore the end-users may both plug into a PC, or two PC's, at the same time. Preferably the home computer software and web based software are designed in order to be attractive and easy to use for the target group. The invention will be described in a preferred embodiment to implement the so-called treasure box in a secure way. Figure 1 shows an overview of a first embodiment wherein DiDIs preferably are stored on an online server (S) in such a way that copying is difficult or close to impossible. Data representing DiDIs may preferably be downloaded from S via the user's P. C. or another electronic device such as a PDA or mobile phone comprising the necessary software. In a second embodiment, the DiDIs are preferably stored in the treasure box. In this embodiment, the treasure box preferably also comprises a display for displaying the DiDIs, memory for storing extrinsic and intrinsic data relating to the DiDIs. The treasure box may be implemented as a small dongle with associated USB connector. Alternatively, a Near Field Connection (NFC) could be used to connect the treasure box to the P.C. Furthermore any wireless or cable communication technology may be used to connect the devices. For example an infrared or BlueTooth connection can be used as a way of communication. The treasure box may preferably comprise hardware in order to communicate over these connections. Furthermore, the treasure box preferably comprises some security functionality and some storage capacity. For example, a Smart Card chip with built-in crypto co-processor may preferably be used for secure storage of the DiDI collection. The built-in co-processor may be used to execute security protocols with the Web Server and Software programs. Additional connection hardware such as USB or NFC interface may preferably be added to such a Smart Card chip in order to create a functional treasure box. A third embodiment of a treasure box may be a NFC, bluetooth, infrared enabled mobile phone, which has a built-in Smart Card for storing DiDIs and possibly other rights from other Digital Rights Management systems. In a first embodiment, preferably at least a list of owned DiDIs are stored in the treasure box. In total there may be n possible DiDIs, all having an ID number. The list of DiDIs may be represented as an n-bit bit string DL (Digital _ items_List). If the i-th bit of DL is set to a T, this means that the corresponding i-th DiDI is part of the collection. If a bit is set to 1O', the corresponding DiDI is not part of the collection. The format of the DL is preferably the same for all treasure boxes within one system and the Servers S uses the same format. In this way the system knows which position in the string relates to a specific DiDI. Hence, when a user buys or in any other way receives a DiDI, the string position for that DiDI is changed from 0 to 1 and thus the DiDI is included in the collection. Furthermore other formats may be used for implementing the invention. Formats such as lists or arrays can also be used wherein the list and array may comprise pointers to for memory allocation in a memory. Furthermore a general file system may also be used for storage of the data representing DiDIs. Moreover the string or above described formats may be encoded and/or compressed in order to save storage space. Furthermore, the transaction of DiDIs between treasure boxes preferably results in that the data representing the DiDI in the treasure box from where the data representing the DiDI is moved is altered in such a way that the treasure box from which the data is moved loses its right to the DiDI. For example the data representing a certain DiDI in the second treasure box is preferably removed when it is transferred to a first treasure box. In a first embodiment, such transfer may be done by changing the position in a string representing the DiDI from 1 to 0. Preferably the corresponding position in the first treasure box receiving the DiDI is altered from 0 to 1. Hence the "right" to the DiDI is transferred from the second treasure box to the first treasure box. Preferably, no duplication of rights may be possible to perform during this operation. Preferably the second treasure box alters the data on the first treasure box. However, an online server may also be used as a broker and thus the altering of the data representing a DiDI on the first treasure box and/or second treasure box may be altered by the server. Preferably, a similar approach is adopted when data representing a DiDI or the "right" to the DiDI is transferred from a server to a treasure box. Preferably, the server alters the data on the treasure box that receives the "right" to a DiDI. The list of DiDIs DL may preferably be stored in the memory of the treasure box and may be accessed by other software programs or web servers. However, the software programs should preferably be convinced that this list DL was truly collected by the owner of the treasure box and is not simply a self-generated bit string (or a copy). Therefore, the software should preferably be able to check the authenticity of this bit string. This may preferably be achieved by embedding DL in a public key certificate, which may be signed by the trusted Web Server S. Simply represented, this certificate could look like this:
DiDI_CERT = Sign[KPRIV_S]{DL, IDJTBi, DT,CNT}
This means that a signature is generated by the server S with its private key KPRIVJS. For example, the RSA public key system could be used. The signed message consists of the fields DL, ID TBi and DT. Again DL represents the list of DiDIs. DI TBi is the identity value of TB i, in other words the subject to, which the certificate is issued. The field DT represents a date and time value of when the certificate was issued. Finally a counter value CNT is present in the certificate. It is increased every time the server creates a new certificate for this particular treasure box (TBi). In practice, multiple other fields may be present in a certificate. For example, a certificate may contain a certificate identifier, which is useful in revocation mechanisms for certificates. Standard certificate revocation mechanisms may then be used to inform software programs that certain DiDI certificates are not valid anymore. Preferably the public key KPUBJS of a trusted server S is known to the other parties that want to check the DiDI collection. Since the certificate preferably is digitally signed, the values in the certificate may preferably not be changed (except by the server S who knows KPRIVJS). If an adversary tries to upgrade its DiDI collection by changing the value DL, anyone will be able to verify that the signature is invalid (does not match anymore). The fact that the identity value of the treasure box is present in the certificate prevents users from copying each other's certificate, hence the certificates are 'personalized'. The date and time values and the counter value in the certificate should preferably prevent users from replacing old certificates, since inconsistency in these values could be detected. The approach presented above preferably solves the integrity and authenticity aspects of security requirement. Next section present the preferred treasure box solutions which preferably are based on symmetric key cryptography and public key cryptography that deal with the other security requirements. Software programs on the PC should preferably be able to communicate with the treasure box and check the collection of DiDIs and thus fulfill some security requirements. Preferably, the software on a Web Server such as a trusted server (S), may be able to change the collection of DiDIs, for example when a DiDI is bought or traded via this server. In a second embodiment of the invention, the collection of DiDIs may be amended or managed by software on a PC or on a treasure box (TB). Preferably, the software then comprises cryptographic keys for changing the contents of the collection. The basic security-related functionality that may be accomplished is: 1. Identification/authentication from the treasure box to the Software program on the PC. . While the software is running, the software may preferably be able to check the presence of the treasure box. 2. Authentication from the Web Server to the treasure box. Preferably, only the authenticated Web Server is allowed to make changes to the DiDI collection. 3. Any party (software program or web application) should preferably be able to view the collection of DiDIs when it connects to the treasure box and should preferably be convinced of the authenticity and integrity of this collection.
Treasure Box with symmetric cryptography The treasure box may be cheaper to implement if it does not have any public key cryptographic functionality. In this subsection, some security protocols that are based on symmetric key cryptography techniques are presented. The following security protocols can be used to achieve security requirements 1 and 2. Presence detection of treasure box to software We provide TB /, preferably with two symmetric keys: 1. A unique key Ki, which preferably is coupled to a treasure box identity value ID_TBi. Preferably, only the particular treasure box and the trusted server (S), know the key value Ki. The server preferably has a list indicating which of the secret key Ki, is coupled to the identity value ID TBi of a specific treasure box. 2. A software key KSW, which preferably is securely stored in all treasure boxes and software programs. The Software may check that a valid treasure box is present by preferably executing a challenge response identification protocol. Some simple techniques are described in the ISO/IEC 9798-2 standard. Identification of the treasure box to a software program is based on the shared symmetric key KSW. The following protocol may be used:
Figure imgf000022_0001
In the first step, the software may send a random value r to the treasure box. The treasure box encrypts the received r with the secret key KSW and sends it back (step 2). Finally, (step 3) the software decrypts the received message with key KSW and checks ■ whether the decrypted value is equal to the random number that it has sent in step 1. If this is correct, the software knows that a valid treasure box is present. For the encryption and decryption in this protocol, a symmetric crypto algorithm like DES or AES may be used. The presented protocol is merely an example. Alternative protocols may be used, for example the SKID2 protocol (which is based on keyed hash functions instead of symmetric key encryptions) could be used.
Security Issues Note that after running protocol 1, the software knows that a valid treasure box is present, but the software does not know which particular treasure box is connected. When the software reads out DiDI_CERT from the treasure box, it finds the identifier ID_TBi in the certificate, but is not assured that this identity corresponds to the particular treasure box it is communicating with. A hacker could have built a program that presents a copied DiDI_CERT from someone else at the right moment to the software program.
Additional identification from treasure box to software The security of the solution above may further be improved by giving software programs means to uniquely identify treasure boxes. Therefore and preferably the following keys are given to a treasure box with identity ID_ TBi: 1. A unique key Ki, which is coupled to its identity value ID_ TBi. Preferably only the particular treasure box and the trusted server (S), know this value. This key may preferably be used to communicate to S. 2. A second unique key KSWi, which preferably also is coupled to identity value ID_TBi. Initially and preferably only the particular treasure box and the trusted server S know this key. Later on, legal (and authentic) software programs may download the individual keys, in order to uniquely identify the various treasure boxes. The server preferably comprises a list of which secret keys Ki and KSWi are coupled to which identity IDJTBi. After installing software on the PC, the software checks which identity is in DiDIjCERT by connecting to the treasure box. Then it contacts the server S in order to download the corresponding key KSWi for that treasure box (personalization phase). In a similar way, the software may be personalized for the use with multiple treasure boxes. Now the software may execute a challenge response identification based on knowledge of shared key KSWi. For example the protocol of the previous subsection (protocol 1) may be used with key KSWi instead of key KSW. Preferably a secure identification protocol is used between the software program and the server. Preferably the software downloads the symmetric key KSWi in the personalization phase. This identification may be done with any standard identification protocol (using symmetric or asymmetric cryptography), for example with one of the techniques described in this document for identification between treasure box and software or treasure box and S. Preferably a software program at a certain PC may only retrieve a limited set of keys KSWi from the server.
Security Issues Since the keys KSWi may be downloaded from, the server S, this could also be done by an adversary who fakes the authentication protocol between software and server. If the adversary obtains KSWi, the particular treasure box to which it corresponds can be cloned, for example in software. This weakness may preferably be avoided by letting the software download challenge response pairs for protocol 1 (i.e. pairs r, E [KSWi] {r} ), instead of the key KSWi itself. The Software can use the r value in such a pair to send to treasure box, and can check if the response B of TB is equal to E [KSWi] {r) in the list. Preferably, the software program connects to the server now and then to obtain fresh challenge response pairs. Instead of using encryptions, also one-way hash functions can be used in the protocol.
Identification from treasure box to software, offline In a second embodiment, instead of contacting the server to receive the key KSWi the keys KSWi may be generated in a special way. For example the following rule holds:
KSWi = E[MK] {ID TBi}
This means that the secret key KSWi can be retrieved by encrypting the treasure box identity IDJTBi with master key MK. If software programs know this master key MK, they can calculate individual treasure box keys KSWi by themselves. Instead of an encryption function, also a one-way hash function could be used here.
Treasure Box with asymmetric (public key) cryptography In the solutions described above a software program preferably has to connect to the server in order to obtain a key to identify treasure boxes. This could be a security flaw. Another disadvantage is the fact that it is not unlikely that hackers will try to retrieve key material from software programs. Since both the treasure box and the software contain the same symmetric key, this hack immediately enables the hacker to forge treasure boxes. With asymmetric cryptography, the present invention preferably doesn't have these problems and hence can obtain much more security. Preferably each treasure box is given a unique public/private key pair (KPUBJTBi, KPRIVJTBi), of which the private key is securely stored. Preferably a central trusted system authority may be used, from which every entity knows the public key. This trusted authority may be a web server that has public key KPUB_S. This authority preferably issues public key (identity-) certificates that state which public key is related to which treasure box identity. Preferably each treasure box has a certificate that looks like this:
CERTJTBi = SIGN[KPRIV_S] {ID_TBi,KPUB_TBi} This denotes a certificate that is signed with the private key of S and contains the public keyof the treasure box with identity IDJTBi. Only the basic fields of a preferred certificate are shown and not other fields such as timestamp, certificate identifier etc. However the other fields which may also be required is obvious to a person skilled in the art. Furthermore, other entities in the system such as software programs may also have their own public/private key pair and corresponding identity certificate. IDJSWi, preferably denotes the identity of software program i. Preferably the trusted authority (or Server) manages an appropriate certificate revocation system in order to revoke identity certificates when the private key of a treasure box or software program has been compromised.
Identification from treasure box to software Identification from treasure box to a software program may be achieved by executing a standard public key identification protocol. For example the SSL/TLS protocol may be used. In simplified form, such a public key identification protocol preferably has the following basic steps:
Figure imgf000025_0001
In step 1, treasure box sends its identity value and certificate to the software program. The Software program checks the certificate (i.e. the signature and its validity). In step 2, the software program preferably generates a random value r. Furthermore it generates a hashed value A of this random value by applying a one-way hash function h(). Finally the software program encrypts the value r and its own identity value SWi with the public key of treasure box. Preferably the software program has found this public key in the public key certificate CERTJTBi. The encrypted values are sent back to treasure box, together with the hashed random value and the identity value of the software. In step 3, the treasure box decrypts the encrypted values, using its private key KPRIVJTBi. Treasure box furthermore checks if the retrieved random value (K) corresponds to the value in A. Furthermore the treasure box checks whether the decrypted identity value (L) corresponds to the value IDJSWi that was sent in the clear, in Step 2. If these are correct, in step 4 the treasure box sends the decrypted random value K back to the software program. The latter checks whether it corresponds to the original random value r, and if so, the treasure box is authenticated. Note that protocol 2 only describes unilateral authentication from treasure box to software. Mutual authentication can be achieved when preferably protocol 3 is used, as will be described below.
Authentication between treasure box and S For the authentication between Web Server (S) and treasure box, preferably a public key protocol is used that achieves mutual authentication and furthermore established a shared symmetric session key. With this key further communications between both parties can be encrypted and hence a Secure Authenticated Channel (SAC) is established. For example the Modified Needham-Schroeder public-key protocol may be used, see protocol 3. Preferably the first step in this protocol is equal to protocol 2. In step 2, treasure box generates random values rl and kl and encrypts these together with its identity value using the public key of the server. This packet is sent to S and S decrypts the packet by using its private key. After checking that the retrieved identity value corresponds to the one of TBi in the certificate, S continues with step 3. The server generates random values r2 and&2 and encrypts these together with the received random value of treasure box. This packet is sent back to treasure box. Treasure box decrypts the packet and checks that its own random value is contained. If so, it sends back the retrieved random value from S in step 4.
Figure imgf000027_0001
After the protocol, both parties have two shared keys (ki and k2) which preferably may be used to further encrypt their communications.
Advanced solution Instead of storing a list of ownership of DiDIs DL, the digital items themselves could also be stored in the treasure box. If we use public key cryptography we could make a system of compliant treasure box devices, which can even exchange DiDIs amongst each other (e.g. via a NFC connection by holding them at a close distance from each other). Since each treasure box has its own identity certificate and hence is part of a large Public Key Infrastructure, treasure boxes may set up secure authenticated channels with each other. A non-revoked treasure box is believed to treat DiDIs according to the rules and if for example a DiDI must be transferred from one treasure box A to treasure box B, the compliant treasure box A preferably destroys the DiDI locally after it has been copied to treasure box B.
Business scenarios Business scenarios wherein the present invention may be used with great advantage: In the business, revenues may be generated preferably: 1. by sale of treasure boxes. The treasure box could be a gift item such as for birthdays, Xmas, etc. 2. by selling DiDFs over the web. 3. Optionally, a counter-performance may preferably be required for trading transactions between peers. However this would more be a measure for avoiding too fast a dissemination of DiDI's over the target group then for generating revenues per se. 4. Furthermore apart from paying for DiDI's, preferably a suitable counter-performance could be to give back some DiDIs such as a less valuable DiDI, or a 'double' one to the system with each trade transaction. 5. Moreover partnerships may preferably be set-up with content providers, in which they develop and deliver free content, or pay fees, for the promotional value of the DiDI driven hype. Content providers can treat DiDI's as a new form of merchandise that goes along with introduction of movies, fashion items etc. 6. Furthermore partnerships may be set-up with packaged goods suppliers that wish to use DiDI's as promotional campaign instruments (like "Flippo's" in packs of potato chips). To this end their packaged goods may contain a unique code that preferably give a one-off right to obtain a DiDI. Preferred payment modes/services for purchasing may include: 1. Selling gift items with one or more unique codes that give a one-off right to obtain a DiDI. Such items should be nicely styled thereby rendering them excellent birthday party gifts for school friends, etc. 2. Trading such unique codes along with other goods, at an additional price or as promotion. 3. Including an option where the treasure box may be loaded (by mom or dad - a transaction charged to their credit card) with an allowance for obtaining DiDI's. 4. Charging DiDI transactions on the bill of the web service provider. 5. Installing paid-for phone numbers that are called by the web software to charge DiDl expenditures on the phone bill (preferably for telephone modem users). 6. Providing unique codes (that give a one-off right to obtain a DiDI) on a paid-for telephone number (one code per time tick / money charge unit). Furthermore the whole business should preferably be content driven. In the forgoing, there is described a few solutions for implementing the invention. A straightforward solution for identification and authentication protocols based on public key cryptography is presented above. A cheaper solution (based on symmetric cryptographic algorithms) which is less secure is presented in section "Treasure Box with symmetric cryptography". Of the symmetric identification methods mentioned in that section, the one in section "Additional identification from treasure box to software" is the preferred at this point in time since it allows software programs to uniquely identify treasure boxes. The best applicable solution may depend on several other system choices and details. Hence any of the above-described solutions may be a preferred solution. Thus other alternatives well known in cryptography may also be used. Preferably the advantages and/or the technical effects resulting from the constituent features of the invention may be as follows: advantages and/or technical effects provided by the present invention are capable of extending the lifetime of collectable objects. It may further be an advantage and/or technical effect achieved by the present invention to provide a solution for a person which makes it easier to keep track of digitized objects such as DiDIs and to carry and store them in an efficient, easy to handle way. It may further be an advantage and/or technical effect achieved by the present invention to provide a solution, which makes it harder to illegally distribute and copy digital content. It may further be an advantage and/or technical effect achieved by the present invention to provide a solution for individuals to join different groups related their interests. It is further an advantage and/or technical effect achieved by the present invention to provide a solution for education of individuals in the art of doing business. It is further an advantage and/or technical effect achieved by the present invention to provide a system for connecting people all over the world preferably sharing a similar interest. It is further an advantage and/or technical effect achieved by the present invention to provide a system for selling infotainment-related data such as DiDIs created by content providers. In the above description the term "comprising" does not exclude other elements or steps, "a" or "an" does not exclude a plurality and that a single processor or other unit or device may fulfill the functions of several means recited in the claims. Furthermore the terms "include" and "contain" does not exclude other elements or steps.

Claims

CLAIMS:
1. A computer system comprising a server for storing digital items in a database, an intermediary electronic device for downloading data representing the digital items stored on the database, - at least a first treasure box for receiving and storing the data representing the digital items accessed from the database by the intermediary electronic device, said computer system being programmed to: send a treasure box ID from the treasure box to the server for validation of the treasure box ID, - transfer data between the treasure box and the intermediary electronic device in response to the validation of the treasure box ID, and altering the data representing the digital items stored in the treasure box in response to instructions originating from the server.
2. A computer system according to claim 1, wherein the server is a second treasure box comprising the intermediary electronic device.
3. A computer system according to claim 1 or 2, wherein the server checks the authorization to transfer data to the treasure box.
4. A computer system according to claim 1, wherein a collection of data representing digital items is linked to the treasure box on which the data is downloaded.
5. A computer system according to claim 1, further comprising a second treasure box wherein the first treasure box upon a counter-performance sent to the second treasure box is able to download and store data representing a digital item stored in the second treasure box.
6. A system offering conditional access to multi-media information and entertainment facilities by individuals in a networked digital system, the system comprises at least one treasure box for storing personal sets of digital items, communication means between the networked digital system and the at least one treasure box, authentication means for authenticating the treasure box upon a request from the treasure box to achieve access to the multi-media information and entertainment facilities and/or to obtain digital items from the networked digital system or from peer users, determination means for determining the scope of access for the individual to the multi-media information and entertainment facilities based on a composition of the personal set of digital items, or based on a counter performance.
7. A treasure box for storage of digital items, the treasure box being for use in a computer system according to claim 1 or 6, the treasure box comprising a memory for storage of the digital items and a unique code, a processor for management of the digital items, and a data communication interface.
8. A treasure box according to claim 7, further comprising a cryptographic key for use in an authentication protocol with an electronic device.
9. A treasure box according to claim 7, wherein the treasure box relates to a specific domain related to a collection of digital items.
10. A treasure box according to claim 7, further comprising a display for displaying digital items, a speaker, and a user interface for receiving input from a user.
11. A method for secure transaction of data representing a collection of digital items via a network, between a first treasure box comprising an identity value and a server comprising a public key and a private key, the method comprising the steps of: - establishing a secure connection between the treasure box and the server through an intermediary electronic device, identifying the first treasure box to the server, and transferring the data representing a collection of digital items from the server to the treasure box.
12. A method according to claim 11, wherein the data representing a collection of digital items is signed with the private key of the server.
13. A method according to claim 11, further comprising the step of setting up a connection between the first treasure box and a second treasure box, the first and second treasure boxes being authenticated via the server.
14. A method for conditional accessing multi-media information and entertainment facilities by individuals in a networked digital system, the method comprises: building and keeping personal sets of digital items on a treasure box by - obtaining digital items from the networked digital system in response to a counter performance, and - trading digital items with peer users, determining a scope of access for the individual to the multi-media information and entertainment facilities based on a composition of the personal set of digital items, wherein transfer and storage of the personal set of digital items is secured by use of a digital rights management system.
15. A method according to claim 14, wherein the treasure box is a small electronic device comprising information storage, information processing means, and a means for communication.
16. A method according to claim 14, further comprising a second treasure box wherein the first treasure box upon a counter-performance sent to the second treasure box is able to download and store data representing a digital item stored in the second treasure box.
17. A method according to claim 14, the method further comprising the step of providing services for allowing customers to electronically receive digital items in exchange for a counter-performance.
18. A method according to claim 14, wherein the digital items in the treasure box comprises audio-visual infotainment services to be accessed via the networked digital system or via a treasure box capable of handling audio-visual infotainment.
19. A method according to claim 14, further comprising the step of: providing a service for customers so that they can trade data representing digital items between each other in response to a counter performance.
20. A method according to claim 14, wherein at least a second treasure box is provided and wherein digital items are transferable directly between the at least first and the at least second treasure box, and wherein a digital item transferred from the at least first treasure box to the at least second treasure box is deleted from the first treasure box upon transfer of the digital item.
21. A method according to claim 14, wherein transfer of a digital item comprises the steps of: the at least first treasure box authenticating the at least second treasure box, and vice versa, the at least first treasure box checking the compliancy of the at least second treasure box and vice versa.
22. A method according to claim 20, wherein a counter performance from the at least second treasure box is required to allow transfer of a digital item from the at least first treasure box to the at least second treasure box.
23. A method according to any of claims 12-22, wherein payment for digital items obtained by downloading from a server with assistance of associates, the method comprising the steps of: providing at least one digital item for downloading from the server in response to a performance from an associate, receiving a payment from a customer and/or the associate.
PCT/IB2005/051999 2004-06-22 2005-06-17 System for transaction of digital content WO2006000967A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP04102872 2004-06-22
EP04102872.1 2004-06-22

Publications (1)

Publication Number Publication Date
WO2006000967A1 true WO2006000967A1 (en) 2006-01-05

Family

ID=34970735

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/051999 WO2006000967A1 (en) 2004-06-22 2005-06-17 System for transaction of digital content

Country Status (1)

Country Link
WO (1) WO2006000967A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8082255B1 (en) * 2008-11-21 2011-12-20 eMinor Incorporated Branding digital content

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001003788A1 (en) * 1999-07-14 2001-01-18 Mattel, Inc. Computer game and method of playing the same
WO2002001494A2 (en) * 2000-06-28 2002-01-03 The Upper Deck Company, Llc Virtual unlocking of a trading card
WO2002050752A1 (en) * 2000-12-21 2002-06-27 Bredesa Pty Ltd A trading system and card
US20030220144A1 (en) * 2002-05-24 2003-11-27 Brown Merlyn Louis Collectable electronic multimedia trading card and portable card reader
US20040009777A1 (en) * 2002-05-14 2004-01-15 Nokia Corporation Method and an arrangement for upgrading target devices

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001003788A1 (en) * 1999-07-14 2001-01-18 Mattel, Inc. Computer game and method of playing the same
WO2002001494A2 (en) * 2000-06-28 2002-01-03 The Upper Deck Company, Llc Virtual unlocking of a trading card
WO2002050752A1 (en) * 2000-12-21 2002-06-27 Bredesa Pty Ltd A trading system and card
US20040009777A1 (en) * 2002-05-14 2004-01-15 Nokia Corporation Method and an arrangement for upgrading target devices
US20030220144A1 (en) * 2002-05-24 2003-11-27 Brown Merlyn Louis Collectable electronic multimedia trading card and portable card reader

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8082255B1 (en) * 2008-11-21 2011-12-20 eMinor Incorporated Branding digital content

Similar Documents

Publication Publication Date Title
US7124304B2 (en) Receiving device for securely storing a content item, and playback device
US8689356B2 (en) Content data delivery system, and method for delivering an encrypted content data
US5835595A (en) Method and apparatus for crytographically protecting data
EP1942430B1 (en) Token Passing Technique for Media Playback Devices
US7496540B2 (en) System and method for securing digital content
KR101050594B1 (en) Data object transmission method and device
KR101315076B1 (en) Method for redistributing dram protected content
US20070282747A1 (en) Secure storage digital kiosk distribution
US20030028664A1 (en) Method and system for secure distribution and utilization of data over a network
JP2003115163A (en) Delivery of electronic content over network using hybrid optical disk for authentication
JP2009070397A (en) Method and system for using tamperproof hardware to provide copy protection and online security
US20050027991A1 (en) System and method for digital rights management
TWI226776B (en) Secure super distribution of user data
WO2006011327A1 (en) Storage medium processing method, storage medium processing device, and program
JP2002278845A (en) Method for distributing local data while preserving right of remote party
JP2003298565A (en) Contents distribution system
JP2020052990A (en) Ownership management method of virtual object and related interactive platform
WO2008021594A2 (en) Secure storage digital kiosk distribution
Pérez‐Solà et al. BArt: Trading digital contents through digital assets
WO2006000967A1 (en) System for transaction of digital content
KR101322521B1 (en) The Method for Managing a DRM Rights Object in Smart Card
Zhang et al. FluidMedia: an offline peer-to-peer media transaction system
Nair et al. Turning teenagers into stores
Sun et al. A Trust Distributed DRM System Using Smart Cards
Stini et al. Digital Ownership for P2P Networks

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase