DE10120288A1 - Process for accounting for the use of digital data and associated components - Google Patents

Abstract

The invention relates to a method, wherein digital useful data is stored in a useful data storage unit (14). The use of useful data is highlighted with the aid of a billing date (AW). Said billing date (AW) is stored in a storage unit (20) that is protected against unauthorized access. A billing procedure is carried out involving the use of a data transmission network (12) depending on the value of the billing date (AW).

Description

The invention relates to a method for accounting for the groove digital data. The digital user data are stored in one User data storage unit stored, for example part of a playback device or part of a data processing device location is.

Especially in the entertainment industry and in the soft goods industry there are several variants for billing the Use of digital data. A common type of billing is the one-time settlement when submitting the digital data to the user, for example when selling a program CD or a music CD. Another way of billing the groove Digital data is the regular payment of one month basic fee, z. B. in digital radio or digi tal television. Another type of billing is in, flat-rate to the data storage media that have not yet been saved ger to charge a fee, e.g. B. in Germany a so-called called GEMA fee (Society for musical performance safety rights).

The previously used accounting types can be ver equally easy to deal with. Thus, from the side of the Providers of the programs or the music pieces the need for more effective billing types. But also for them Users are the previous types of billing in multiple Adversely, for example in that pau scarf is billed without being used into account.

It is an object of the invention to digi the usage taler data to specify a simple procedure that, on the one hand the billing of usage secures and on the other hand the user  not excessively disadvantaged in billing. except an associated device for the use of user data, an associated program and use of an Chip card can be specified.

The task related to the procedure is carried out by the Pa Solved claim 1 procedural steps. more educations are specified in the subclaims.

In the method according to the invention, the use of the Nutzda noted with the help of at least one billing date. The billing date is in one against unauthorized Access saved storage unit. The safe tion of the storage unit is preferably by electronics achieved means, for example special access prototype or using smart cards. Constructive measure Menus can also be used additionally or alternatively zen, for example encapsulated units or other Units protected against mechanical access. depen depending on the value of the billing date, the usage is up to allowed a predetermined value and / or with inclusion a billing process for a data transmission network anticipate the use of user data.

Using a secured storage device complicates Ma manipulations on the settlement date. Noting usage with the help of the billing date or the execution of the Ab calculation process depending on the value of the billing date allows billing only immediately before use, z. B. only a few seconds, at the beginning of use or also only to be carried out after use. This makes it possible to be billed based on usage. Through a usage-related Ab invoice increases the acceptance of the billing process the page of the users considerably.

In a development of the method according to the invention the value of the billing date is encrypted and / or signed  transmitted over the data transmission network. On Misuse of the billing process is so significant sword.

In one embodiment of the method according to the invention, the value of the billing date is increased or decreased by the same amount with each use, for example by the amount 1 . The billing date is therefore increased or decreased in the manner of a counter.

In another development of the method according to the invention rens is between two consecutive billing accounts the value of the billing date would change several times depending on changed the use of user data. Through this procedure se can be the number of transfers over the data significantly reduce transmission network. Usage costs of the data transmission network can be reduced. shall te no connection establishment via the data transmission be possible in a network, the groove the user data is still released, the billing date will be changed soon, but its value will be transferred later gene.

In another development of the method according to the invention, the billing process is carried out when a predetermined value or certain predetermined values of the billing date are reached. For example, the billing process can be carried out each time the value ten is reached if the value of the billing date is reset after the transmission over the data transmission network. The billing process can, for example, also be carried out for all integer values divisible by 10, e.g. B. with the values 10 , 20 , 30 etc. It is not necessary to reset the value of the billing date in this case.

In a next embodiment of the Ver The billing process is basically the same for everyone Usage started. For example, the value of the bill date with each use to the billing unit telt. Measures to monitor the value of the accounting data In this case, tums are not required. Can't Establish connection, so the use can still be released be. The value of the billing date is changed and the changed value will be transferred later.

In a next development of the Ver The billing process is started automatically. The user of the user data does not have to operate any additional controls perform operations. The billing process is either from started from the side of a terminal that contains the user data storage unit contains, or from the side of a unit to Execution of the billing process.

With another training, the value of the billing date only increased but not decreased. Alternatively, will the value of the billing date only decreases but not it increased. These measures can manipulate the Further complicate the value.

Will the billing date after submitting its value to the accounting unit to a predetermined starting value reset, then to save the value of the account less bit positions needed, for example only one bit position, two bit positions or three bit positions.

In a development of the method according to the invention the secured storage unit is a chip card in which the Billing date is stored in a processor or in which stores the billing date in a storage unit is secured, which is only contained in the chip card by one a processor can be accessed. An access without reverse The processor cannot be hung. Chip cards serve on the one hand  for identification and on the other hand as storage space dium. The processor contained in the chip card allows Encryption and signature procedures on simple and safe way to reduce tampering options. The chip card is for example in a so-called a mobile terminal of a cellular network SIM card (Subscriber Identity Module). The chip card can but also a WIM card (Wireless Identification Module) his.

In a next development of the Ver fahrens checks a release unit before using the utility data whether a secured storage unit in the terminal is available. Alternatively or additionally, the Authorization check carried out on the release unit. With egg The authorization check closes the design request and check a code to be kept secret. The code will be sent to the secured memory for verification unit transmitted, e.g. B. to the chip card. The release unit also causes the debit date to be changed. Wei The release unit also enables positive testers the use of user data. Is a test result ne gativ, the release unit blocks the use of the Nutzda th.

In another development of the method according to the invention, the user data are encrypted. A digital key is stored in the secured storage unit. The user data is decrypted directly before use with the digital key, for example by the release unit. For this purpose, the digital key is transferred from the secured storage unit to the release unit. To prevent manipulation, the key for decrypting the user data can be encrypted again with the help of another key and, if necessary, provided with a digital signature. The further digital key is, for example, part of a so-called key infrastructure, as explained in the X.506 standard of the ITU-T (International Telecommunication Union - Telecommunication Sector) or in the Request for Comment 2459 , January 1999 of the IETF (Internet Engineering Task Force) is. Tampering with data that has been encrypted with such a key is considerably more difficult. In particular, keys and certificates can be declared comparatively simply invalid and excluded from further use or misuse. The further key is an asymmetrical key in a configuration, the z. B. is used in an RSA process (Revist, Shamir, Adleman). In the embodiment, the user data are secured with a symmetrical key in a symmetrical encryption method, for example according to the triple DES algorithm (Data Encription Standard). Asymmetric methods offer greater security than symmetrical methods, but require more computing effort than the symmetrical methods. The extensive user data is therefore encrypted using the symmetric method.

In the case of further training, the user data are stored in accordance with a sym metric encryption method encrypted. A sym Metric key for decrypting the user data is included encrypted using an asymmetric encryption method. The asymmetric key to decrypt the symmetri The key is stored in the secure storage unit stores. Is the secured storage unit part of egg ner chip card, so the decryption of the symmetric Key executed in the chip card. The asymmetrical Keys can be kept secret very well in this way, because it is not read from the chip card. The key For example, sel is not, or at least not without, a long way res readable, d. H. without special knowledge that only the Manufacturer of the chip card.

According to a next development of the Ver driving to the secured storage unit with a  further procedures encrypted and / or signed transfer digital data. Additionally or alternatively there also the secured storage unit with another Ver drive out encrypted and / or signed data. The Analyze and manipulate the incoming data or the sent data is made more difficult.

In the case of a next training session, before Authorization to start the billing process checked by the accounting unit for accounting. Abrechnungsda This means that unauthorized persons cannot read them.

Through the complete use of encryption and / or Signature procedure in combination with constructive measure that can be achieved through the procedure billing to be carried out no longer or only with considerable Effort can be avoided. The constructive measures be are, for example, those involved in the process Units of the end device as far as possible in an integ arranged circuit. The exception is given if only the secured storage unit, for example then if it is on a removable chip card. Exchangeable chip cards allow the use of an end device by different users.

The user data are, for example, voice data, music data, Image data, multimedia data or program data. In particular Voice data or music data can be output by because only the data currently being output is decrypted the. As a result, there is never one in the device completely unencrypted version of this data. This too makes it difficult to copy the data.

In another development, the user data memory is on part of the secured storage unit. Access to the user data is when using encrypted user data thus doubly secured.  

In a next development of the Ver driving become electronic over the data transmission network Letters, so-called eMails or SMS messages (Short Message Service) to carry out the billing process. Between the end device to use the user data and a The unit for executing the billing process therefore becomes Transmission of messages standardized and widespread used transmission protocols, which are also still use for other services. Sending emails or SMS messages is combined in one embodiment with the registration process of a terminal on the data transmission network executed.

The invention also relates to a device for the benefit of Payload. The device contains a user data storage unit for storing the user data, a secured storage unit to save the billing date and a network connection unit for connection to the data transmission network. The device is constructed so that the inventive ß procedure or one of its training carried out becomes.

The invention also relates to a program with a loading failure, when executed by at least one pro processor the method according to the invention or one of its Wei training is carried out. The use continues a chip card in the inventive method or in one of his trainings protected. The above technical effects therefore also apply to the device, for the program and for the use of the chip card.

The following are exemplary embodiments of the invention Hand explained the accompanying drawing. In it show:

Fig. 1 functional units of a player, and

Fig. 2 functional units of a computer.

Fig. 1 shows functional units of a playback device 10 for playing music data, which can be called up, for example, from a data transmission network 12 in encrypted form. The network 12 is, for example, the Internet or a mobile radio network, e.g. B. a GSM network (Global System for Mobile Communication) or a UMTS network (Universal Mobile Telecommunication System). The terminal 10 contains a smart media card 14 , a release unit 16 , a use unit 18 , a smart card 20 and a connection unit 22 . The Smart Media Card 14 is based on a so-called flash memory and stores, for example, 64 MB. The functions of the release unit 16 are provided when a program is executed with the aid of a processor (not shown) of the playback device 10 . The individual functions are explained in more detail below. The usage unit 18 is used to play the music data via a loudspeaker 24 .

Smart card 20 is a plastic card that includes a processor 26 and a memory area 28 of low storage capacity, e.g. B. two hundred bytes. The processor 26 of the smart card 20 is therefore the second processor in the playback device 10 . A certificate Z (DA) is stored in a storage unit 28 of the smart card 20 . With the help of the certificate Z (DA) a music publisher that has issued the smart card 20 to user A has certified a public key EA of user A, ie signed using a private key DM of the music publisher. Moreover, in the Spei chereinheit 28 is the private key of the user A DA vomit chert. The private key DA cannot be read from the smart card 20 . A billing date with a billing value AW is also stored in the storage unit 28 and is used to bill the use of the music data.

The connection unit 22 contains, among other things, a MODEM (modulator / demodulator) which can send and receive data in accordance with the Internet protocol. A data transmission link 30 can be used between the connection unit 22 and the Internet 12 with the help of an Internet service provider for the transmission of data.

A billing computer 32 and a music database 34 are connected to the network 12 . The accounting computer 32 is used to bill the use of the music data stored in the music database 34 . The billing process is explained in more detail below.

The music database 34 contains music data from the music publisher in a compressed form. For example, the audio compression method MP3 is used. However, other compression methods can also be used.

With the help of the terminal 10 , the user A sets up a connection to the music database 34 for loading music data. Before the access to the music database 34 is released, it is checked whether the smart card 20 is valid, ie whether an expiry date has not yet been reached and whether the smart card 20 has actually been issued by the music publisher. For verification, the certificate Z (EA) is transmitted to a computer which enables access to the music database 34 . At the same time, the public key EA of the user A reaches the music database 34 . The public key EM of the music publisher is used to check the certificate Z (EA) and thus also to check the public key EA. If the certificate is genuine, user A may select a piece of music from the music database 34 . After this selection, the selected music data is encrypted with a random key S1 newly determined with each selection according to a symmetrical encryption method, e.g. B. according to the DES method (Data Encription Standard). The encrypted music data are transmitted to the terminal 10 via the network 12 and stored there in the smart media card 14 . The random key S1 is encrypted using the public key EA of the user A and transmitted from the music database 34 to the terminal 10 and stored on the smart media card 14 . The connection via the network 12 is then ended.

If user A wants to hear the music data, the following process steps are carried out:

• - The release unit 16 generates a request signal for the transmission of the certificate Z (EA) for the smart card 20 , for example a specific message, see arrow 40 .
• - The smart card 20 transmits the certificate Z (EA) together with the public key EA of the user A to the release unit 16 , see arrow 42 .
• - The release unit 16 checks the certificate Z (EA) using the public key EM of the music publisher. It is assumed that the certificate Z (EA) is real.
• The release unit 16 generates a random key S2 after a random process. The random key S2 is encrypted by the release unit 16 with the help of the public key EA and transmitted from the release unit 16 to the smart card 20 , see arrow 43 .
• - In the smart card 20 , a decryption process is carried out using the private key DA in order to decrypt the random key S2. This transfer of the key S2 enables a secure connection to be established between the release unit 16 and the smart card 20 .
• The release unit 16 then reads out the initial part of the music data from the smart media card 14 , see arrow 44 . In the initial part is the random key S1 encrypted with the help of the public key EA.
• - The release unit 16 encrypts the already encrypted key S1 with the random key S2, so that the key S1 is now double-encrypted. The double-encrypted key S1 is then transmitted from the release unit 16 to the smart card 20 .
• - The release unit 16 then sends a command to decrypt the key S1 to the smart card 20 .
• The smart card 20 decrypts the key S1 first using the random key S2 and then using the private key DA of user A.
• The smart card 20 then encrypts the random key S1 with the aid of the random key S2 and sends the once-encrypted key S1 to the release unit 16 , see arrow 46 .
• - The release unit 16 decrypts the random key S1 received by the smart card 20 with the aid of the random key S2.
• - With the help of the random key S1, the release unit 16 is able to decrypt the encrypted music data.
• - The decrypted music data are played by the usage unit 18 .

In the smart card 20 , the billing value AW is increased by the value 1 each time the private key DA is used. A connection to the accounting computer 32 is then automatically established via the network 12 . The billing computer 32 uses the certificate Z (EA) transmitted by the smart card 20 using the public key EM of the music publisher to determine whether a valid smart card is involved in the billing process. It is assumed that the certificate Z (EA) is real. In addition, the public key EA is transmitted to the accounting computer 32 together with the certificate Z (EA). The accounting computer 32 assigns the accounting process to the user A on the basis of the public key EA.

The smart card 20 encrypts the current accounting value AW with the help of the private key DA and initiates the transmission of the encrypted and signed accounting value AW via the network 12 to the accounting computer 32 , see arrow 50 . In the accounting computer 32 , the accounting value AW is decrypted using the public key EA. The accounting value AW is noted for user A. For example, at the end of the month, the user A is billed for the use of the music data depending on the billing value in the billing computer 32 .

Fig. 2 shows the functional units of a computer 60 belonging to a user B. The computer 10 is, for example, a so-called PDA (Personal Digital Assistant), which is the size of a palm and is therefore also referred to as a palm top. Such computers 60 are also known under the name Organizer. The computer 60 contains a non-volatile memory unit 62 , a release unit 64 , a use unit 66 , a smart card 68 and a connection unit 70 .

The storage unit 62 serves to store program data, even when the computer 60 is switched off. The storage unit 62 is, for example, a so-called flash memory. The program data are stored in encrypted form in the storage unit 62 .

The functions of the release unit 64 are provided when a program is executed by a main processor (not shown) of the computer 60 . These functions are explained in more detail below.

The usage unit 66 contains a working memory 72 , e.g. B. a RAM memory (Random Access Memory). Unencrypted program data is stored in the working memory 72 for execution by the main processor. The usage unit 66 also includes an input unit 74 and a display unit 76 . The input unit 74 is, for example, a keyboard and / or an input pen. For example, an LCD unit (Liquid Cristal Display) is used as the display unit 76 .

The smart card 68 is constructed like the smart card 20 and contains a microprocessor 78 and a memory unit 80 . The storage unit 80 serves to store a certificate Z (EB) issued by a software manufacturer for the public key EB of the user B. The private key DB of the user B is also stored in the storage unit 80 . Furthermore, a billing date with a billing value AW2 is stored in the storage unit 80 .

The connection unit 70 has the same structure as the connection unit 22 and enables the construction of a connection 80 for data transmission via the network 12 . A billing computer 82 and a program database 84 of the software manufacturer are connected to the network 12 .

In the same way as above, user A was able to select music data from the music database 34 , the user B selects a program from the program database 84 that he would like to use, for example a diary program or an auxiliary program, e.g. B. a virus scanner. Before selecting, it is checked whether the Smart Card 68 is valid. The certificate Z (EB) is transferred to the program database 84 and checked there. Subsequently, a random key S5 is encrypted using the public key EB and transmitted to the storage unit 62 . The program data selected by user B are encrypted with the aid of the random key S5 and then transmitted over the network 12 to the computer 60 and stored there in encrypted form in the storage unit 62 .

If the user B wants to use the program stored in the storage unit 62 , the release unit 64 must first carry out the same steps as the release unit 60 before playing the music data, but now with reference to the program data. The steps for checking the validity of the smart card 68 and for decrypting the random key S5 are indicated by arrows 90 and 92 . In order to protect the data transferred between the release unit 64 and the smart card 68 from manipulation, a random key S6 is generated by the release unit 64 and used to transmit the data. When the private key DB is used to decrypt the random key S5, the accounting value AW2 is increased by one.

The next time a connection is established using the connection unit 70 to the network 12 , the computer 60 automatically establishes a connection to the accounting computer 82 . Who the same operations as when establishing the connection between the player 10 and the accounting computer 32 performed. The billing value AW2 is encrypted using the private key DB and transmitted to the billing computer 82 , see arrow 100 . Depending on the value of the accounting value AW2, an account of the user B is debited in the accounting computer 82 .

The release unit 64 decrypts the data stored in the storage unit 62 with the aid of the decrypted key S5 and stores it in the working memory 72 . The program data stored in the working memory 72 can be executed by the main processor of the computer 60 . For example, a diary program is run.

In other embodiments, additionally or al alternative to the symmetric encryption method Using the symmetrical keys S1, S2, S5 and S6 construct tive measures taken to prevent manipulation.

In a next exemplary embodiment, a symmetrical encryption method is also used between the smart media card 14 and the release unit 16 or between the storage unit 62 and the release unit 64 .

Symmetric encryption methods often work faster as an asymmetrical encryption method. With sufficient faster computing technology can be used instead of the sym metric encryption also the more secure a use symmetric encryption methods.

In another embodiment, the method is carried out Example of an exclusive circuit arrangement without a processor used to run a program.

Furthermore, in one embodiment, the key S1 or S5 is not encrypted again if it is transmitted from the release unit 16 or 64 to the smart card 20 or 68 .

The exemplary embodiments are also combined.

Claims (19)

1. procedure for billing the use of digital data,
in which digital user data are stored in a user data storage unit ( 14 , 62 ),
where the use of the user data is noted with the help of at least one billing date (AW, AW2),
in which the billing date (AW, AW2) is stored in a storage unit ( 20 , 68 ) secured against unauthorized access,
and in which, depending on the value of the billing date (AW, AW2), use up to a predetermined value is permitted and / or with the involvement of a data transmission network ( 12 ), a billing process for billing the use of the user data is carried out. 2. The method according to claim 1, characterized in that the value of the billing date (AW) is encrypted and / or signed and transmitted via the data transmission network ( 12 ), preferably automatically during a registration process of a terminal ( 10 , 60) containing the useful data storage unit ) in the data transmission network ( 12 ). 3. The method according to claim 1 or 2, characterized ge indicates that between two billing processes The value of the billing date (AW) depends on several times the use of user data is changed. 4. The method according to claim 3, characterized records that the billing process upon reaching at least one predetermined value of the billing date (AW) is carried out.   5. The method according to claim 1 or 2, characterized ge indicates that the billing process at each Usage is started or tries every time will start the billing process. 6. The method according to any one of the preceding claims, characterized in that the billing process automatically from the side of a terminal ( 10 , 60 ) containing the user data memory, or from the side of a unit ( 32 , 82 ) for executing the billing process is started. 7. The method according to any one of the preceding claims characterized by that the value of the bill date of extension (AW) only increased but not reduced or only reduced but cannot be increased. 8. The method according to any one of the preceding claims, characterized in that the secured storage unit ( 28 , 80 ) is contained in a chip card ( 20 , 68 ) in which the billing date is stored in a processor or in which the billing date ( AW) is stored in a memory unit ( 28 , 80 ) which can only be accessed by a processor ( 26 , 78 ) contained in the chip card ( 20 , 68 ). 9. The method according to any one of the preceding claims, characterized in that a release unit ( 16 , 64 ) checks before use of the user data whether a secured storage unit ( 20 , 68 ) is present,
and / or that an authorization check is carried out,
and / or that the authorization check includes the request and check of a code to be kept secret,
that the release unit ( 16 , 64 ) causes the change in the debit date (AW),
and that the release unit ( 16 , 64 ) enables or blocks the use of the user data depending on the test result or depending on the test results. 10. The method according to any one of the preceding claims, characterized in that the user data are stored in encrypted form in the user data storage unit ( 14 , 62 ),
that a digital key (DA, DB) is stored in the secured storage unit ( 20 ),
and that the user data are decrypted before use, the digital key (DA, DB) being used directly to decrypt the user data or to decrypt another key (S1) used to decrypt the user data. 11. The method according to any one of the preceding claims, characterized in that the user data are encrypted according to a symmetrical encryption method,
that a symmetrical key (S1) for decrypting the user data is encrypted using an asymmetrical encryption method,
and that the asymmetrical key (DA) for decrypting the symmetrical key is stored in the secured memory unit ( 20 ). 12. The method according to any one of the preceding claims, characterized in that a further encryption method and / or signature method is used in the transmission of data from the secure memory unit ( 20 ) and / or to the secure memory unit ( 20 ), in particular for Transmission of an encrypted key (S1) and the same key (S1) after executing a decryption process for this key (S1) with the aid of a key ( 45 , 46 ) stored in the secured storage unit ( 20 ). 13. The method according to any one of the preceding claims, characterized in that before the transmission of data for performing the billing process, the authorization of the billing unit ( 32 , 82 ) for billing is checked. 14. The method according to any one of the preceding claims characterized by that the payload Voice data or music data or image data or multimedia or program data. 15. The method according to any one of the preceding claims, characterized in that the user data storage unit is part of the secured storage unit ( 20 , 68 ). 16. The method according to any one of the preceding claims, characterized in that e-mails or SMS messages for executing the billing process are transmitted via the data transmission network ( 12 ) and 7 or that the billing process with the registration of a terminal ( 10 ), 60) in Data transmission network ( 12 ) is running. 17. Device ( 10 , 60 ) for using user data,
with a user data storage unit ( 14 , 62 ) for storing user data,
with a storage unit ( 20 , 68 ) secured against unauthorized access for storing a billing date (AW, AW2),
and with a network connection unit ( 22 , 70 ) for connection to a data transmission network ( 12 ),
characterized in that the device ( 10 , 60 ) is constructed such that a method according to one of the preceding claims is carried out during its operation. 18. Program with a sequence of instructions when executed a method according to ei by at least one microprocessor nem of claims 1 to 16 is carried out. 19. Use of a chip card ( 20 , 68 ) in a method according to one of claims 1 to 16.