Summary of the invention
According to an aspect of the present invention, provide a kind of method that is used for the DRM of protected digit content, this method comprises:
Protected digit content is used in request, so that use by having with should being used for of supporting of the electronic installation of its device identification that is associated;
Read the permission object that permission to use with protected digital content is associated and manages the permission to use of this content;
From permission object, determine identifier and the restriction of at least one part matching identification symbol; And
Only when device identification matching identification symbol or guarantee and during part matching identification symbol, allow to use protected digit content by the management of permission object definitely by device by at least one part matching identification symbol restriction.
Aptly, identifier can be the user's of recognition device a user identifier.A suitable identifier is the identifier of RUIM or SIM or USIM.Typically, identifier can be international mobile subscriber identification (International Mobile Subscriber Identity) or an international mobile device identifier (International Mobile Equipment Identity).
Identifier can be the telephone number corresponding to international mobile subscriber identification.
Aptly, at least one part matching identification symbol restriction can be the phase ortho position (adjacent bit) in international mobile subscriber identification.The phase ortho position can be adjacent least important position or adjacent most important position.Adjacent position can recognition network provider, maybe can discern country, area, state or city.This at least one part matching identification symbol restriction can comprise aptly from following one or more coupling: 10 most important positions of identifier; 10 least important positions of identifier; The n of identifier phase ortho position; N phase ortho position of the least significant bit i position of range marker symbol; N phase ortho position of the most significant bit i position of range marker symbol; The the 11st and the 12nd least important position of identifier; Or the 11st to the 15th least important position of identifier, wherein n and i are integers.Permission is made up each part matching identification symbol restriction and one or more other part matching identification symbol restrictions by the Boolean logic operational character.
According to a further aspect in the invention, provide a kind of device, it comprises:
Storer, its storage protected digit content file and the object permission that is associated, this object permission have identifier and the restriction of at least one part matching identification symbol;
Processor, it is connected with storer effectively,
At least one user interface and keyboard; it is the connection processing device effectively; wherein in response to the user command that provides at keyboard; device is determined identifier and the restriction of at least one part matching identification symbol from permission object; and afterwards only when the device identification of recognition device matching identification symbol or guarantee and during part matching identification symbol, allow device to use protected digit content by the management of permission object definitely through user interface by at least one part matching identification symbol restriction.
Aptly, identifier can be the user's of recognition device a user identifier.A suitable identifier is the identifier of RUIM or SIM or USIM.Identifier can be international mobile subscriber identification or international mobile device identifier.Identifier can be the telephone number corresponding to international mobile subscriber identification.
According to a further aspect in the invention, provide a kind of method that is used to provide protected digit content, this method comprises:
Obtain device identification from the device that protected digit content is provided to it; And
The permission object that protected digit content is provided and is associated, wherein this permission object comprises identifier and the restriction of at least one part matching identification symbol that obtains from device identification.
Aptly, identifier can be the user's of recognition device a user identifier.A suitable identifier is the identifier of RUIM or SIM or USIM.Identifier can be international mobile subscriber identification or international mobile device identifier.Identifier can be the telephone number corresponding to international mobile subscriber identification.
Aptly, at least one part matching identification symbol restriction can be the phase ortho position in the telephone number of discerning corresponding to international mobile subscriber.The phase ortho position can be adjacent least important position or adjacent most important position.Adjacent position can recognition network provider, maybe can discern country, area, state or city.This at least one part matching identification symbol restriction can comprise aptly from following one or more coupling: 10 most important positions of identifier; 10 least important positions of identifier; The n of identifier phase ortho position; N phase ortho position of the least significant bit i position of range marker symbol; N phase ortho position of the most significant bit i position of range marker symbol; The the 11st and the 12nd least important position of identifier; Or the 11st to the 15th least important position of identifier, wherein n and i are integers.Permission is made up each part matching identification symbol restriction and one or more other part matching identification symbol restrictions by the Boolean logic operational character.
Embodiment
Provide directly open and make and use the mode of enabling according to the best mode of at least one embodiment of the present invention with further explanation.Further provide the disclosure to strengthen understanding and approval, rather than limit the present invention in any way for inventive principle of the present invention and advantage.
Further understand, the use of relational language only is for differentiation entity or action mutually, and does not need to represent or hint the relation or the order of any practical between this entity or action.And the term in this instructions " use " or " utilization " have implication widely, and it comprises: check, carry out, listen to, broadcast, visit data, visit information and other similar terms.The reader pays particular attention to the definition of " device identification ", it has implication widely, comprise with sign or recognition device or on device or any device that is associated of the module that is connected with device, method, technology etc., and " device identification " comprising: international mobile phone user discern (IMSI), international mobile device discern (IMEI), IP address or arbitrarily other possible appropriate identification accord with.
A lot of invention functions and a lot of invention principle preferably realize by software or in software program, perhaps by instruction and integrated circuit (IC), realize such as application-specific integrated circuit.Expection those of ordinary skills can generate this software instruction and program and IC at an easy rate with minimum experience by here disclosed notion and guidance of principle the time.Therefore, cause for simplicity and in order to minimize the purpose that makes according to any risk of principle of the present invention and concept obfuscation, the further discussion of this software and IC will be limited to about the principle of being used by the present invention and the essence of notion.
Forward accompanying drawing now to, the element that wherein similar numeral is similar.With reference to figure 1, it shows is the explanatory view of the electronic installation of movement station or mobile phone 100 in form, and this movement station or mobile phone 100 comprise radio frequency communications unit 102, and it is connected to communicate by letter with it with processor 103.This mobile phone 100 also has keyboard 106 and display screen 105, and they are connected to communicate by letter with it with processor 103.To those skilled in the art clearly, screen 105 can be a touch-screen, makes that thus keyboard 106 is optional.
Processor 103 comprises encoder/decoder 111, and it has the code ROM (read-only memory) (ROM) 112 that is associated, and is used to store be used for Code And Decode by mobile phone 100 transmissions or the voice that receive or the data of other signals.Processor 103 also comprises microprocessor 113, it is connected encoder/decoder 111, character ROM (read-only memory) (ROM) 114, random-access memory (ram) 104, able to programmely reads and write static memory 116, short-range wireless transceiver 180, plug-in unit memory module and network connection interface 160 by conventional data with address bus 117, and removable Subscriber Identity Module (RUIM) interface 118.Static programmable memory 116 is connected RUIM interface 118 effectively with RUIM card 119, each can store preferred roaming list (PRL), subscriber's authorization data, selected introducing text message and telephone number database (TND telephone directory), and the TND telephone directory comprises the numeric field of subscriber directory number and is used for and the name field of the identifier that one of therein number is associated.RUIM card 119 and static memory 116 can also be stored the password that is used to allow to visit the cipher protection function on mobile phone 100.To those skilled in the art clearly, RUIM card 119 is sometimes referred to as or is called subscriber identity module (SIM) or global subscriber identity module (USIM) interchangeably, and stores unique international mobile subscriber identification (IMSI) thereon.
Microprocessor 113 has the port that is used to be connected to keyboard 106, screen 105 and warns 115, and this warning 115 typically comprises alert speaker, vibrating motor and the driver that is associated.And microprocessor 113 has the port that is used to be connected to microphone 135, polyphony loudspeaker 170 and communications speaker 140.Character ROM (read-only memory) 114 storage be used to decode or the encode code of the text message that can receive by communication unit 102.In this embodiment, character ROM (read-only memory) 114, RUIM card 119 and static memory 116 can also be stored operation code (OC) that is used for microprocessor 113 and the code that is used to carry out the function that is associated with mobile phone 100.In addition, static memory 116 is also stored and is had the corresponding permission object file that will be described below and the digital content of rights expression language.
Radio frequency communications unit 102 is receiver and transmitters of combination, and it has common antenna 107.Communication unit 102 has the transceiver 108 that is connected with antenna 107 through radio frequency amplifier 109.This transceiver 108 also is connected with the modulator/demodulator 110 of combination, and modulator/demodulator 110 is connected to processor 103 with communication unit 102.
Fig. 2 is the block diagram of system 200 according to an embodiment of the invention.As shown in the figure, system 200 comprises that typical landform is a plurality of electronic installations 201,202 and 203 of movement station or mobile phone 100.But electronic installation 201,202 and 203 can be the device of the network-connectable of any suitable, such as, but be not limited to personal digital assistant, audio player, video player, pocket computer etc.In addition, by the mode of example, can typically equip one or more electronic installations 201,202 and 203 and have MPEG video layer 4 files of standard MPEG Video Codec with broadcast.And by the mode of example, one or more devices 201,202 and 203 can be equipped with the application program with application program " broadcast " mpeg audio layer 3 (MP3) file, such as standard MP3 player.
System 200 also comprises a plurality of content suppliers 205,207,209 and network 210, and wherein network 210 allows in the communication between the electronic installation 201,202,203 (peer-to-peer communications) or in content supplier 205,207,209 and the communication between the electronic installation 201,202,203 arbitrarily arbitrarily.Content supplier 205,207,209 has aptly after carrying out by the suitable DRM agreement of using limitation management, available protected digit content is offered the database of electronic installation 201,202,203.For example; content supplier 205 can use the DRM agreement that the protected digit content mp3 file is offered electronic installation 201; here this DRM with MPEG-21 (ISO/IEC TR 21000-1:2001 (E) " Part 1:Vision, Technologies and Strategy ", can from
Http:// www.iso.ch/iso/en/ittf/Obtain) exploitation, and also content supplier 207 can use the 2nd DRM agreement that shielded digital video content is offered electronic installation 202, the two DRM agreements as described in the Open Mobile Alliance standard known to a person of ordinary skill in the art.Can comprise by the digital content that content supplier 205,207,209 provides, but be not limited to, music, recreation, video, picture, books, map, software, add other digital contents arbitrarily.And content supplier 205,207,209 can provide the communication network provider that the communication network between electronic installation 201,202,203 is connected with peer-to-peer communications.
According to exemplary embodiment of the present invention, all communications between electronic installation 201,202,203 and the 205-207 of content supplier are carried out on network 202.Network 202 can have various ways, such as, but being not limited to, cellular network, LAN (Local Area Network), wide area network, hardware circuit connect or other communication networks arbitrarily.
Fig. 3 is the conceptual schema that is stored in the content in the static memory 116.As shown in the figure, static memory 116 storages comprise program, file or the module of protected digit content file 310,314,318 and each authority that is associated (permission object) 312,316,320 and DRM Agent 330.Static memory 116 is also stored the program that is used for system service 340 and is used to use 305,307,309 program.Though this exemplary embodiment shows static memory 116 storages and uses 305,307,309; protected digit content file 310,314,318; authority (permission object) 312,316,320 and DRM Agent 330 should be noted that the memory storage that can use any amount stores above-mentioned one or more.Such memory storage can comprise, but be not limited to, the harddisk storage device that is connected with interface 160, random-access memory (ram) 104, and smart cards for storage device or the RUIM card 119 that is connected with RUIM interface 118, or the removable memory storage that is connected with interface 160, such as multimedia card (MMC) or removable storer.And, to those skilled in the art clearly, the conceptual schema of Fig. 3 only is the purpose that is used to illustrate, and the program, file or the module that are stored in the static memory 116 can be by any Storage Mapping memory allocated, and can be continuously or the piecewise allocation map.Should be noted that authority 312,316 and 320 can be embedded in the protected digit content file 310,314,318.
Generally speaking, by using relevant authority 312 for example on protected digit content file 310, to strengthen or protection DRM.Authority 312 comprises the usage license and the contents encryption key (CEK) that is used for protected digit content file 310, and only gives or use therein content by having device by identifier (ID) processing authority of the permission of corresponding authority 312 definition.Give device with this authority by the identifier (ID) that the module of installing or effectively be connected to device is discerned, this identifier is such as the identification code on mobile phone 100 (or numeral), the international mobile subscriber identification (IMSI) that has on RUIM typically.
When need by use one of 305,307,309 use on protected digit content file 310 protected digit content the time; mode with the management of the access rights that provide by authority 312; device such as mobile phone 100 will use DRM Agent 330 to specially permit with authentication; resolve and the reinforcement rule, and resolve, decipher and next visit or use protected digit content.DRM Agent 330 serves 340 to help carrying out public function, such as the file system management or the deciphering of the content in protected digit content file 310 with using system.
Model, scheme or the agreement of the DRM authority of format, editor or encryption that consideration has on authority 312,316,320.This model, scheme or agreement comprise permissions (PR), binding authority (CR) and secret authority (SR) aptly.The model of this DRM of being used for authority, scheme or agreement define with for example Open Mobile Alliance standard DRM rights expression language usually.
Consider binding authority (CR), it is following described that the present invention provides aptly:
Restriction (CR):
number_of_usages;.........;expiry_date;
identity;.........;end
The number of times of the assets (asset) that number_of_usages binding authority (CR) appointment permission to use is admitted wherein defines this permission by permissions (PR).
The time range or the time restriction of the assets that Expiry_date binding authority (CR) appointment permission to use is admitted.
Sign (identity) binding authority (CR) specify have the permission (PR) admitted, by the permissions definition to use one or more identifiers (ID) of assets.
The present invention uses identity restriction authority (CR), and wherein sign has following object:
Permitted_Identifier:<32 〉;
Mate 1:<10 most important positions 〉;
Mate 2:<10 least important positions 〉;
Coupling 3:<n phase ortho position 〉; N is the integer between 2 to 31
Coupling 4:<n phase ortho position, apart from least significant bit i position 〉; Wherein n and i are the integers between 1 and 16
Coupling 5:<n phase ortho position, apart from most significant bit i position 〉; Wherein n and i are the integers between 1 and 16
Mate 6:<the 11 and the 12nd least important position 〉;
Mate the 7: the<the 11 to the 15th least important position 〉;
Coupling 8: for being used to mate 1 Boolean logic AND/OR/NOT operational character to any of coupling 7 or all parts couplings
Can find out from above-mentioned identity restriction authority (CR); if wishing to allow only to have, the permission object publisher has the specific the 11st to the 15th (just; 46000) identifier (ID) and other all irrelevant users, device, system or network use protected digit content; by only selecting coupling 7 (do not select every other coupling: coupling 1 to 6 and coupling 8), the permission object publisher will realize required protection purpose: only allow to have its 11st to the 15th, the use of the identifier of coupling 46000.As another example, if the permission object publisher wishes to allow only to have and has the specific the 11st to the 15th and the specific the 3rd to the 7th both and other all irrelevant users, device, system or network and use protected digit content, by only select coupling 8 (do not select every other coupling: coupling 1 to 7), the permission object publisher will be encoded as by use " coupling 7AND coupling 3 (n=4; I=6) " coupling 8 Boolean logic operational characters realize required protection purpose.Therefore, from as can be seen above-mentioned, clearly allow to make up each part matching identification symbol restriction and one or more other part matching identification symbol restrictions by the Boolean logic operational character.
With reference to figure 4, it shows the process flow diagram of the method for operating 400 of communication system 200.This method 400 is to start frame 410 beginnings, and one of device 201,202,203 is connected to one of content supplier 205,207,209 suitably by network 210.The permission object that this method 400 provides protected digit content and is associated at frame 420.Provide and can carry out that Multimedia Message transmits from the website or download by network, perhaps can be arbitrarily other form is provided.For instance; if network 210 is cellular networks, will sends to mobile phone 100 at the protected digit content in one or more Multimedia Messages and the permission object that is associated by content supplier 205 (it also is the permission object publisher in essence) so and carry out and provide.
At frame 430, in static memory 116, receive and storage protected digit content and the permission object that is associated.Receive by radio frequency communications unit 102, and, for example, in protected digit content file 310, store protected digit content and in authority 312, store permission object.Can in a transmission, receive protected digit content file 310 respectively and the permission object of storage in authority 312, perhaps can in two transmission that separate, receive them.And, permission object can be embedded in the protected digit content file 310.
To those skilled in the art clearly, when execution provides, content supplier 205 obtains identifier (ID) from device, and this identifier (ID) is the international mobile subscriber identification (IMSI) that is stored among RUIM119 or SIM or the USIM, but can use other forms of identifier (ID), comprise international equipment identification (IMEI), IP address or other possible suitable identifiers arbitrarily of moving, this generally depends on the type of system 200 and the requirement of content supplier 205.In this illustrative examples, this identifier (ID) is the identifier (PID) with the permission in the identity restriction authority (CR) of 32 Permitted_Identifier object/field store in the permission object that provides is provided.Should notice that not all 32 can be used in Permitted_Identifier object/field, in one embodiment, the identifier (PID) that is stored in the permission in Permitted_Identifier object/field can be corresponding to the telephone number of international mobile subscriber identification (IMSI) or other identifiers (ID) arbitrarily, such as IMEI, IP address or other possible operable appropriate identification symbols arbitrarily.At least one part matching identification symbol restriction (coupling 1 is to coupling 8) also is provided in permission object, and it is allowed by identity restriction authority (CR).The restriction of part matching identification symbol can be the adjacent numeral (position) in the telephone number of discerning corresponding to international mobile subscriber.Adjacent position can be adjacent least important position or adjacent most important position.Adjacent position can marked network provider, perhaps can identify country, area, state or city.At least one part matching identification symbol restriction can comprise following coupling suitably: 10 most important positions of identifier; 10 least important positions of identifier; The n of identifier phase ortho position; N phase ortho position, the least significant bit i position of range marker symbol; N phase ortho position, the most significant bit i position of range marker symbol; The the 11st and the 12nd least important position of identifier; Or the 11st to the 15th least important position of identifier, wherein n and i are integers.
After frame 430, the permission object that method 400 can stop or further provide and receive more protected digit content and be associated.But at some point, mobile phone 100 can be sent in the user command of keyboard 106 inputs, and protected digit content is used in request.As shown in the figure, carrying out request immediately after frame 430 is finished reception and storage uses.
Use protected digit content in frame 440 execution requests, typically in response to user command (or when frame 430 receives and stores, automatically performing) in keyboard 105 inputs.It is that mobile phone 100 has device identification at the employed content of being supported by mobile phone 100 of application that protected digit content is used in request, for example, and the identifier (ID) that obtains from international mobile subscriber identification (IMSI).If; for example; protected digit content is MPEG video layer 4 files of encrypting in file 310; so; at frame 450; permission object in the authority 312 that method 500 reads in and the protected digit content in file 310 is associated, and the permission of the protected digit content of this permission object management in file 310 is used.Selection can move one of application 305,307,309 of MPEG video layer 4 files and use for mobile phone 100.
Afterwards, at frame 460, method 400 is determined the DRM authority from the permission object file 312, comprising: from the identifier (PID) of one or more permissions of Permitted_Identifier object/field; And if be included in the identity restriction authority (CR), the DRM authority comprises that also the coupling 1 that is set up/selects is at least one part matching identification symbol restriction of mating 8.
Test at matching test frame 470 afterwards, with the identifier (ID) of checking the permission in permission object file 312 whether: mate the device identification that obtains from identifier (ID) definitely; Or partly mate the device identification that obtains from identifier (ID), at least one the part matching identification symbol restriction that defines as the coupling (coupling 1 is to mating 8) that allows setting/selection is guaranteed.If in frame 470 not coupling or part coupling, method provides banning use of of the protected digit content that is stored in the file 310 at frame 480 so.As another selection; if have coupling or part coupling; based on above-mentioned match-on criterion; at frame 490; method is only when the device identification that obtains from identifier (ID) mates the identifier (PID) of permission or the identifier (PID) that part is mated permission (at least one the part matching identification symbol restriction that defines as the coupling (coupling 1 is to coupling 8) that allows is guaranteed) definitely; permission is by mobile phone 100; by the management of the permission object in file 312, and the protected digit content of use in file 310.Therefore; DRM Agent 330 is under the help of system service; the contents encryption key (CEK) of use in permission object deciphered; and use to use 305 (mpeg players), on the screen 105 and replenish with polyphony loudspeaker 170 and play protected digit content (MPDG video layer 4 files of encryption) in file 310.Then, method 400 stops in end block 495 after frame 480 or 490.
Useful is; if content supplier; perhaps copyright owner or the franchisor protected digit content that is desirable to provide them is given specific group or zone; perhaps allow its use, suitable one or more in limiting of at least one part matching identification symbol by the coupling of the permission of identity restriction authority (CR) (coupling 1 is to coupling 8) definition can be set in permission object so.Therefore, content supplier, perhaps copyright owner or franchisor can optionally allow big group through their wireless communication unit 102 on network, the certain subscriber grade, use with the zone and distribute, can connect by hardware circuit, by using the insert arrangement of interface 160, perhaps by the transceiver 180 of short distance or by any other modes.For example; if the device identification that obtains from identifier (ID) is corresponding to telephone number 65123456789; if select coupling 3 to be included in the permission object so; and n is set to 2, and the telephone number that has 2 phase ortho positions at two phase ortho positions in the coupling any 65 123456789 so can use protected digit content.But; for stricter restriction is provided; make group can use protected digit content, can use coupling 4 make n be set to 2 and i be set to 8, therefore only the 9th and the 10th numeral (position) is that 65 telephone number can use protected digit content.Because the 9th and the 10th numeral (position) in telephone number be 65 be the international code of Singapore, therefore this group user is those users with mobile phone of the identifier (telephone number) that has the IMSI number that is used for Singapore.
Another example relates to different operational character schemes.One of IMSI number segmentation of distributing to a move operation person of China is segmentation 460 00XXXXX XXXXX, this means that preceding 5 most important positions equal 460 00 an international mobile subscriber identification (IMSI) and belong to this move operation person.For another operator in China, international mobile subscriber identification (IMSI) segmentation is with 460 01 beginnings.Therefore; if for 5 part couplings that are defined in the permission object since the first most important position; and the User_Identifiter in permission object is written as 460 00 XXXXX XXXXX by the permission object publisher, and other move operations person's subscriber can not obtain visiting the permission of protected digit content arbitrarily.
By specific reference to the IMSI number of generator sign, the example seldom of advantage of the present invention only is provided, but, to those skilled in the art clearly, device identification and permitted_Identifier (PID) can be any other possible admissible identifiers, include, but are not limited to the identifier that in this instructions, is specifically related to.
Foregoing detailed description only provides schematic embodiment, and is not intended to qualification scope of the present invention, applicability or setting.And the detailed description of exemplary embodiment makes those of ordinary skills can realize exemplary embodiment of the present invention.Should be appreciated that, under the situation of the spirit and scope that do not break away from the proposition of the present invention such as claims, can make multiple change the function and the layout of element and step.