EP1145243A3 - Protection contre la copie par chiffrement de ticket - Google Patents

Protection contre la copie par chiffrement de ticket

Info

Publication number
EP1145243A3
EP1145243A3 EP99932846A EP99932846A EP1145243A3 EP 1145243 A3 EP1145243 A3 EP 1145243A3 EP 99932846 A EP99932846 A EP 99932846A EP 99932846 A EP99932846 A EP 99932846A EP 1145243 A3 EP1145243 A3 EP 1145243A3
Authority
EP
European Patent Office
Prior art keywords
ticket
key
copy
embedded watermark
receiver
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP99932846A
Other languages
German (de)
English (en)
Other versions
EP1145243A2 (fr
Inventor
Michael A. Epstein
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Koninklijke Philips NV
Original Assignee
Koninklijke Philips Electronics NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics NV filed Critical Koninklijke Philips Electronics NV
Publication of EP1145243A2 publication Critical patent/EP1145243A2/fr
Publication of EP1145243A3 publication Critical patent/EP1145243A3/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00884Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a watermark, i.e. a barely perceptible transformation of the original data which can nevertheless be recognised by an algorithm
    • G11B20/00898Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a watermark, i.e. a barely perceptible transformation of the original data which can nevertheless be recognised by an algorithm based on a hash function
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/913Television signal processing therefor for scrambling ; for copy protection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00217Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
    • G11B20/00224Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is obtained from a remote server
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00485Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier
    • G11B20/00557Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein further management data is encrypted, e.g. sector headers, TOC or the lead-in or lead-out areas
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00731Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
    • G11B20/00746Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number
    • G11B20/00753Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number wherein the usage restriction limits the number of copies that can be made, e.g. CGMS, SCMS, or CCI flags
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00731Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
    • G11B20/00746Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number
    • G11B20/00811Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number wherein said number is encoded as a cryptographic token or ticket
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00884Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a watermark, i.e. a barely perceptible transformation of the original data which can nevertheless be recognised by an algorithm
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/913Television signal processing therefor for scrambling ; for copy protection
    • H04N2005/91307Television signal processing therefor for scrambling ; for copy protection by adding a copy protection signal to the video signal
    • H04N2005/91328Television signal processing therefor for scrambling ; for copy protection by adding a copy protection signal to the video signal the copy protection signal being a copy management signal, e.g. a copy generation management signal [CGMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/913Television signal processing therefor for scrambling ; for copy protection
    • H04N2005/91307Television signal processing therefor for scrambling ; for copy protection by adding a copy protection signal to the video signal
    • H04N2005/91335Television signal processing therefor for scrambling ; for copy protection by adding a copy protection signal to the video signal the copy protection signal being a watermark

Definitions

  • This invention relates to the field of entertainment systems, and in particular to copy protection for copyrighted material.
  • a computationally difficult process is one that can be expected to require an inordinate amount of time to complete, relative to the potential gain that may be realized by devoting this amount of time.
  • the Linnartz scheme uses a hashing function that provides a hash value from a seed value in such a manner that it is computationally difficult to determine the seed value, given the hash value.
  • FIG. 1 illustrates the Linnartz ticket scheme.
  • the multiple instances of player 110 and recorder 120 are used to illustrate the use of the same or another player 110 and recorder 120 with different inputs 101, 102, 111, 112, 122, 132.
  • a protected recording such as a DVD disk, can be encoded as "copy-never” 101 or "copy-once" 102.
  • the material content C also contains an embedded watermark W that is a hash value of a physical mark P. As in a paper watermark, the watermark W is an encoding that is embedded in the recorded material in such a manner that it does not interfere with the rendering of the material, but cannot be removed from the material without adversely affecting the quality of the material.
  • the physical mark P is a code that is embedded in the material of the disk media that can be read by a disk player 110, and also cannot be removed from the disk media without affecting the quality of the disk media.
  • a copy-never disk 101 may or may not contain a ticket T.
  • the copy- once disk 102 contains an embedded watermark W that is a four-times-hash of the physical mark P, and a ticket T that is a once-hash value of the physical mark P.
  • a compliant player 110 plays a recording that contains an embedded watermark W if and only if: the embedded watermark W is a once- hash of the physical mark P; the embedded watermark W is a thrice-hash of the ticket T; or the embedded watermark W is a once-hash of the ticket T. Any other combination of embedded watermark W, ticket T, and physical mark P is deemed an illegal copy, and the compliant player 110 will not play the illegal copy. If the recording is deemed legal, the compliant player 110 provides as an output the material C, with its embedded watermark W, and a transformed ticket T' that is a once-hash of the incoming ticket T.
  • the compliant player 110 provides an output 111 from the copy-never disk 101 because the embedded watermark W is equal to a once-hash of the physical mark P, and provides an output 112 from the copy-once disk 102 because the embedded watermark W is equal to the thrice-hash of the ticket T.
  • a compliant recorder 120 makes a copy of a recording that contains an embedded watermark W and ticket T, if and only if the embedded watermark W is a twice hash of the ticket T.
  • the copy-never output 111 does not have an embedded watermark W that is a twice hash of the transformed ticket T', and thus will not be recorded by the compliant recorder 120.
  • the copy-once output 112 contains an embedded watermark W that is a four-times-hash of the physical mark P, and a transformed ticket T' that is a once-hash of the original ticket T.
  • the transformed ticket T' is a twice-hash of the physical mark P, and therefore the embedded watermark W is a twice-hash of the transformed ticket T'. Because the embedded watermark W is a twice-hash of the incoming transformed ticket T', the compliant recorder 120 makes a copy 122 of the copy-once material 112. The compliant recorder 120 attaches a once-hash of the incoming ticket T' as a new ticket T" on the copy 122. Because the incoming ticket T' is a twice-hash of the physical mark P, the new ticket T" is a thrice-hash of the physical mark P. The combination of an embedded watermark W that is a once-hash of the attached ticket defines a "copy-no-more" recording.
  • the playback of the original copy-once disk 102 will always produce an output that contains the material C, with its embedded watermark W, and a transformed ticket T' that is a once-hash of the incoming ticket T. Because the original ticket T is a once-hash of the physical mark P, and the transformed ticket T' is a twice-hash of the physical mark P, the embedded watermark W will always be a twice-hash of the transformed ticket T', and therefore recordable.
  • a mass production of the copy-once disk 102 can be effected by merely operating a number of recorders 120 in parallel, each receiving the output 112 of the player 110. Note that this mass production can be performed using recorders 120 that are compliant with the ticketing scheme of Linnartz. As discussed above, a compliant player 110 plays a recording that contains an embedded watermark W if and only if: the embedded watermark W is a once-hash of the physical mark P; the embedded watermark W is a thrice-hash of the incoming ticket; or the embedded watermark W is a once-hash of the incoming ticket.
  • the embedded watermark W is a once-hash of the ticket T", and therefore a legally playable copy.
  • the compliant player 110 plays the legal copy-no-more copy 122 and produces an output 132 that includes the material content C, its embedded watermark W, and a transformed ticket T'" that is a hash of the incoming ticket T".
  • the transformed ticket T'" of the output 132 is a four-times hash of the physical mark P.
  • the compliant recorder 120 makes a copy of a recording that contains an embedded watermark W and ticket T, if and only if the embedded watermark W is a twice hash of the ticket T.
  • the copy-no-more output 132 does not have an embedded watermark W that is a twice hash of the transformed ticket T'", and therefore will not be recorded by the compliant recorder 120.
  • the output of the compliant player is assumed to be displayable on a display device. That is, there are no display restrictions placed on a display device.
  • the arrangement of the embedded watermark W and the ticket T at the output 132 of the compliant player 110 is an embedded watermark W that equals the ticket T.
  • a restriction were placed on a display device based on the embedded watermark W and ticket T, it must allow the display of an output wherein the embedded watermark and ticket are equal.
  • an attempted restriction on the display of copyright material based on the Linnartz embedded watermark and trademark scheme could be overcome by merely replacing whatever ticket is provided by a copy of the embedded watermark.
  • FIGs. 2 and 3 illustrate applications of the prior-art ticket processing scheme for controlling the copying of copyright material that is communicated via a broadcast channel, such as a "pay-per-view" transmission from a service provider.
  • FIG. 2 illustrates the transmission of a copy-never broadcast 201
  • FIG. 3 illustrates the transmission of a copy-once broadcast 202.
  • the broadcast 201, 202 is encrypted.
  • a conditional access decrypter 210 decrypts the encrypted broadcast 201, 202 to provide a decrypted output 211, 212 that contains the material content C, an embedded watermark W, and a ticket T.
  • the conditional access decrypter 210 may be, for example, a "cable-box" that decrypts the incoming broadcast after arrangements are made with the service provider for the payment of the fees associated with the receipt of the material content C, or after a "smart-card" is plugged into the cable box.
  • the decrypted output 211 will include the material content C, an embedded watermark W that equals a double-hash of a physical mark P, and a ticket T that is also equal to the double-hash of the physical mark P.
  • the "physical" mark P may be an arbitrary code associated with the broadcast, or it may be related to an attribute of the broadcast, such as a modulated signal within the broadcast.
  • the origin of the mark P is somewhat arbitrary, except that it should not be "publicly-available"; that is, it should not be easy to determine. Alternative methods can be used to supply the appropriate ticket value.
  • the service provider may provide a ticket that is a single-hash of the physical mark P, and the conditional access decrypter 210 can be configured to apply a single-hash to the incoming ticket, as is performed in the conventional conforming player 110.
  • the service provider may provide the double-hashed ticket directly, and the conditional access decrypter 210 merely passes the incoming ticket on as the output ticket.
  • the compliant recorder 120 will only make copies of watermarked material when the embedded watermark is equal to the twice-hash of the incoming ticket. In this copy-never case, the embedded watermark W is equal to the incoming ticket T, and therefore the compliant recorder 120 will not make a copy of this copy-never material 211.
  • a compliant display device 220 will display the copy-never material 211 because the embedded watermark equals the ticket.
  • the decrypted output 212 will include the material content C, an embedded watermark W that equals a four- hash of the physical mark P, and a ticket T that equals a double-hash of the physical mark P. Because the embedded watermark W is equal to a twice-hash of the incoming ticket T, a compliant recorder 120 will produce a authorized copy 222 of the decrypted output 212, and a compliant display device 220 will provide a display of the decrypted output 212.
  • the copy 222 from the recorder 120 includes the material content C, its embedded watermark W, and a transformed ticket T that is equal to a single-hash of the incoming ticket T. Because the incoming ticket T is a twice-hash of the physical mark P, the transformed ticket T' is equal to a thrice-hash of the physical mark P.
  • a plurality of compliant recorders 120 may be configured to receive the output of the decrypter 210 and will produce a corresponding plurality of copies 222.
  • a non-compliant "blind" copy of the material 212 can be made and subsequently provided to any compliant recorder 120 for an unlimited number of copies 222.
  • a 'blind" copy is substantially a bit-for-bit copy, with no transformation of the information as it is copied.
  • the presence of the physical mark P on the disk media precluded the use of a blind copy, because the physical mark P would not have been transferred with the information that is copied, and a compliant device will reject a copy having an embedded watermark that differs from a single-hash or four-hash of the physical mark P.
  • the physical mark P is communicated, it will be part of the broadcast information, and therefore will be transferred with the information during a blind copy.
  • the player When the copy 222 is provided to a player 110, the player will match the embedded watermark W to a single-hash of the ticket T', and will provide an output 232 that contains the material content C, the embedded watermark W, and a transformed ticket T" that is a single-hash of the incoming ticket T', or, equivalently, a four-hash of the physical mark P.
  • a compliant recorder 120 will not make a copy of the output 232, because the embedded watermark W is not a twice-hash of the incoming ticket T".
  • the compliant display device will display the output 230, because the embedded watermark W is equal to the incoming ticket T". Note that a non-compliant player can have authorized and unauthorized copies of the material content C displayed by a conforming display device 220 by merely providing a ticket T" that is equal to the embedded watermark W.
  • an encryption scheme between the device that communicates the material content and the intended receiver of this content is provided.
  • the encryption is applied to the ticket that conveys copy and display rights.
  • the encryption scheme in a preferred embodiment is dynamic.
  • the channel between the providing device and the receiving device is configured for the exclusive use of these two devices; thereafter, the channel may be configured for the exclusive use of another set of devices.
  • conforming devices contain verifiable certificates of authenticity, and channels are established only when each device on the channel verifies the other device's authenticity.
  • FIG. 1 illustrates a block diagram of an example prior-art ticket processing scheme for controlling the copying of copyright material on a physical media.
  • FIGs. 2 and 3 illustrate applications of the prior- art ticket processing scheme for controlling the copying of copyright material that is communicated via a broadcast channel.
  • FIG. 4 illustrates an example block diagram of a ticket processing scheme for controlling the display of copyright material in accordance with this invention.
  • FIG. 5 illustrates an example block diagram for a ticket processing scheme for controlling the copying of copyright material in accordance with this invention.
  • FIG. 6 illustrates an example flow diagram for a ticket processing scheme for controlling the display or copy of copyright material in accordance with this invention.
  • FIG. 4 illustrates an example block diagram of a ticket processing scheme for controlling the copying of copyright material in accordance with this invention. Illustrated in FIG. 4 are a conditional access module 300 and a display device 400.
  • the conditional access module receives a broadcast 301 that may or may not be encrypted, and which may or may not be copy protected.
  • the brackets ⁇ ⁇ used in FIG. 4 illustrate items that may or may not be present in a particular broadcast 301.
  • a Broadcast decrypter 350 is a conventional broadcast decrypter that decrypts the broadcast 301 if it is encrypted, otherwise, it passes it on unmodified, such that the output 351 of the broadcast decrypter comprises the material content C, it's embedded watermark W, if any, and associated ticket T, if any.
  • a ticket detector 340 separates the ticket T 341, if present, from the output 351 to produce a material content C and it's embedded watermark W, if any, signal 342, and . communicates the ticket 341 to a ticket encrypter 330.
  • the ticket encrypter 330 encrypts the ticket T using a key K 321 to produce an encrypted ticket E ⁇ (T) 331 that can only be decrypted by the display device 400 that is currently bound to it, as will be discussed further below.
  • the material content C and it's embedded watermark W, if any, signal 342, and the encrypted ticket E ⁇ (T) 331, if any, are communicated to the display device 400 as a communicated signal 401.
  • the display device 400 includes a ticket detector 440 that processes the communicated signal 401 to produce a material content C and it's embedded watermark W, if any, signal 442, and extracted ticket 431, if any. If, as illustrated in FIG. 4, the conditional access module 300 is a compliant device in accordance with this invention, the extracted ticket 431 will be equal to the encrypted ticket E K (T) 331. If the communicated signal 401 is not from the compliant conditional access module 300, the extracted ticket 431 will not be equal to the encrypted ticket E ⁇ (T) 331.
  • the ticket decrypter 430 decrypts the extracted ticket 431 based on a key K' 421, such that the resultant ticket T 441 matches the original ticket T 431 if and only if the decryption key K' 421 corresponds to the encryption key K 321.
  • One key corresponds to another if that key decrypts an encryption produced by the other.
  • the keys K 321 and K' 421 are equal to each other.
  • the keys K 321 and K' 421 are private and public keys, respectively, of a private/public encryption key pair.
  • a display controller 460 controls the display of the material content C and it's embedded watermark W, if any, signal 442, based upon the relationship between the embedded watermark W, if any, and the decrypted ticket T 441.
  • the material content C will be displayed if and only if one of the following three conditions are met:
  • the embedded watermark W equals a twice-hash of the decrypted ticket T 441.
  • the first condition corresponds to material content C that is not copy or display protected.
  • the second condition corresponds to the copy-never 212 and copy-no-more 232 states of the prior art ticketing scheme, respectively, and the third condition corresponds to the copy-once 222 state of the prior art ticketing scheme, as illustrated in FIGs. 2 and 3.
  • the embedded watermark W in the prior art ticketing scheme if present, will equal the original ticket T 341 in the copy-never 212 and copy-no-more 232 states, and will equal the twice hash of the original ticket T 341 in the copy-once state 222. Because the .
  • decrypted ticket T 441 will only equal the original ticket T 341 when the display device has a key K' 421 that corresponds to the key K 321 at the conditional access module 300, protected material content C will only be displayed when the conditional access module 300 and display device 400 have corresponding keys K 321 and K' 421. Thus, if a blind copy of the communicated signal 401 is made, it will only be displayable on the display device 400 that contains the key K' 421 that corresponds to key K 321.
  • FIG. 5 illustrates a corresponding recorder 500 in accordance with this invention.
  • the recorder 500 is substantially similar to the display device 400 except for the substitution of a copy controller 560 for the display controller 460.
  • the copy controller 560 allows a copy of the content material C to be made if and only if one of the following two conditions are met: - there is no embedded watermark; or - the embedded watermark W equals a twice-hash of the decrypted ticket T 441.
  • the first condition corresponds to material content C that is not copy or display protected.
  • the second condition corresponds to the copy-once 222 state of the prior art ticketing scheme, as illustrated in FIG 3. Because the decrypted ticket T 441 will only equal the original ticket T 341 when the display device has a key K' 421 that corresponds to the key K 321 at the conditional access module 300, copy-once material C that has an embedded watermark W that is equal to a twice hash of the original ticket T 341 will only be copied when the conditional access module 300 and recorder 500 have corresponding keys K 321 and K' 421. Thus, if a blind copy of the communicated signal 401 is made, it will only be copyable on the recorder 500 that contains the key K' 421 that corresponds to key K 321.
  • each receiver 400, 500 has a private key that is associated with an identifier of the receiver 400, 500, and the conditional access module 300 has a list of public keys corresponding to each identifier.
  • the public key forms the key K 321 and the private key forms the key K' 421.
  • the ticket encrypter 330 and decrypter 430 are an asymmetric encrypter/decrypter pair. The same identifier and public/private key pair may be assigned to multiple receivers 400, 500; assigning a unique public/private key pair to each receiver 400,
  • FIG. 4 illustrates explicit key generators 320 and 420 that generate keys K 321 and K' 421.
  • An example set of key generators 320, 420 include a "Diffie-
  • each key generator 320, 420 selects a random large integer x, y, respectively, and publicly exchange key parameters 325 that include a large prime n, and a number g that is primitive mod n.
  • both K and K' are equal to g xy mod n. Because x and y are kept private, the determination of the key K, K' is computationally difficult.
  • the ticket encrypter 330 and ticket decrypter 430 are a symmetric encrypter/decrypter pair, each using the same key value g xy mod n to encrypt and decrypt the ticket T. Note that two receivers 400, 500 will not generate the same key value with a conventional access module 300 unless they both select the same random number y. In a preferred embodiment of this invention, the receivers 400, 500 are created such that the likelihood of creating the same random number at the same time is minimal. Thus, as compared to the prior-art ticketing system, placing compliant recorders 500 in parallel to the communicated signal 401 will not allow each to copy material that is in the copy-once state
  • creating a blind copy of the communicated signal 401 will only allow the compliant recorder 500 having the proper key K' to produce multiple one-at-a-time copies.
  • FIGs. 4 and 5 illustrate the optional use of corresponding pairs of authenticators 310, 410 with the key generators 320, 420.
  • the authenticator 310 initiates the authentication process upon receipt of a trigger 346 from the ticket detector by requesting a certification 411 from the authenticator 410.
  • the certification 411 is a verifiable digital certificate, common in the art, that is provided by the manufacturer of the receiver and contains an identification of the particular receiver.
  • the authenticator 310 verifies the certificate, using conventional digital signature verification techniques, and communicates the results 311 of this certification to the key generator 320. In this manner, the receiver 400, 500 can be re-authenticated upon receipt of each ticketed material 301. Non-conforming receivers, or particular receivers 400, 500 that have had their authorization revoked, can thus be prevented from receiving ticketed material.
  • the determination or generation of the appropriate key K 321 to correspond to the key K' 421 can occur periodically, randomly, or, as mentioned above, upon receipt of ticketed material 301.
  • the key determination or generation also occurs whenever the communications path between the conditional access module 300 and receiver 400, 500 is newly established. In this manner, the conditional access module 300 can be reassigned, or bound, to a different receiver 400, 500, as required.
  • the conditional access module 300 in a preferred embodiment includes a pair of key generators 320, and corresponding ticket encrypters 330, each associated with a channel.
  • the output 401 of one channel is provided, for example, to a display device 400 at the same time that the output 401 of the other channel is provided to a recorder 500, so that an authorized copy of the protected material can be made at the same time that an authorized viewing occurs.
  • the output 401 of each channel has a different encrypted ticket, depending upon the receiver 400, 500 attached to each output 401.
  • FIG. 6 illustrates a flow diagram for a compliant conditional access module 300 and receiver 400, 500, in accordance with this invention.
  • the broadcast material is received at the conditional access module 300.
  • the broadcast material contains encrypted material 620, it is decrypted, at 625; if it contains a ticket 630, the ticket is encrypted, at 635, using a key that corresponds to a key in the receiver 400, 500, as discussed above.
  • the decrypted material and encrypted ticket is transmitted to the receiver 400, 500, at 640.
  • the receiver 400, 500 determines whether the material contains a ticket. If, at 650, the received material has a ticket, it is decrypted, at 655 using the key associated with the receiver 400, 500. If the receiver 400, 500 is a recorder 500, at 660, the test at 680 is applied to determine if the material is copyable.
  • the material content and embedded watermark W, if any, is copied 685, along with a hash of the decrypted ticket T, consistent with the prior- art ticketing scheme. Otherwise, the copy step 685 is bypassed. If, at 660, the receiver 400, 500 is a display device 400, the test at 670 is applied. If there is no embedded watermark W in the material, or if the embedded watermark W matches the decrypted ticket or a thrice-hash of the decrypted ticket, the material content C is displayed 675. Otherwise, the display step 675 is bypassed. After copying, displaying, or bypassing, the process continues, at 690, awaiting the receipt of the next broadcast material, at 610.
  • the foregoing merely illustrates the principles of the invention. It will thus be appreciated that those skilled in the art will be able to devise various arrangements which, although not explicitly described or shown herein, embody the principles of the invention and are thus within its spirit and scope.
  • the above described ticket encryption scheme at the conditional access module may be embodied in other devices, such as a conventional player 110, an unconditional access module, or any other device that receives ticketed material from a source and provides it to an intended receiver 400, 500.
  • the details of the prior art ticketing scheme is presented above for illustration purposes. Other ticketing schemes may also be employed, requiring only a change to the particular ticket tests 675, 685 to correspond to such schemes.
  • the ticket encrypter 330 can be located at the site of the provider of the broadcast 301, such that the material 301 is received at the broadcast decrypter 350 with a ticket that is suitably encrypted for decryption by the receiver 400, 500.
  • the conditional access module 300 will include means for communicating an identification of the receiver 400, 500 to the provider of the broadcast 301.
  • some or all of the illustrated components of the conditional access module 300 may be included in the receiver 400, 500, or other device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Editing Of Facsimile Originals (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)
  • Television Signal Processing For Recording (AREA)

Abstract

L'invention concerne un mécanisme de chiffrement établi entre un dispositif qui communique un contenu matériel et le récepteur du contenu prévu. Le chiffrement est appliqué à un ticket qui transporte des droits d'affichage ou de copie. Selon un mode de réalisation préféré, le mécanisme de chiffrement est dynamique afin de permettre la transférabilité de devises. A n'importe quel moment, le canal situé entre le dispositif d'alimentation et le dispositif de réception est configuré pour être utilisé, de manière exclusive, par ces deux dispositifs. Toutefois, ce canal peut être configuré pour être utilisé exclusivement par un autre ensemble de dispositifs. Pour empêcher une utilisation non conforme au système, les dispositifs conformes contiennent des certificats d'authenticité vérifiables, et les canaux sont établis lorsque chaque dispositif du canal a vérifié l'authenticité de l'autre dispositif.
EP99932846A 1998-07-14 1999-07-07 Protection contre la copie par chiffrement de ticket Withdrawn EP1145243A3 (fr)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US9272798P 1998-07-14 1998-07-14
US92727P 1998-07-14
US33362899A 1999-06-15 1999-06-15
US333628 1999-06-15
PCT/EP1999/004766 WO2000004549A2 (fr) 1998-07-14 1999-07-07 Protection contre la copie par chiffrement de ticket

Publications (2)

Publication Number Publication Date
EP1145243A2 EP1145243A2 (fr) 2001-10-17
EP1145243A3 true EP1145243A3 (fr) 2004-11-03

Family

ID=26785979

Family Applications (1)

Application Number Title Priority Date Filing Date
EP99932846A Withdrawn EP1145243A3 (fr) 1998-07-14 1999-07-07 Protection contre la copie par chiffrement de ticket

Country Status (5)

Country Link
EP (1) EP1145243A3 (fr)
KR (1) KR20010023967A (fr)
CN (1) CN1333975A (fr)
TW (1) TW406249B (fr)
WO (1) WO2000004549A2 (fr)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8171520B2 (en) 2000-03-02 2012-05-01 Tivo Inc. Method of sharing personal media using a digital recorder
US7908635B2 (en) 2000-03-02 2011-03-15 Tivo Inc. System and method for internet access to a personal television service
US8261315B2 (en) 2000-03-02 2012-09-04 Tivo Inc. Multicasting multimedia content distribution system
US8812850B2 (en) 2000-03-02 2014-08-19 Tivo Inc. Secure multimedia transfer system
US20020166056A1 (en) * 2001-05-04 2002-11-07 Johnson William C. Hopscotch ticketing
CN100356789C (zh) * 2004-09-01 2007-12-19 华为技术有限公司 一种保护宽带视音频广播内容的方法及装置
CN100364332C (zh) * 2004-09-01 2008-01-23 华为技术有限公司 一种保护宽带视音频广播内容的方法
WO2006055920A2 (fr) 2004-11-19 2006-05-26 Tivo Inc. Procede et appareil de transfert securise d'un contenu diffuse precedemment
JP4140624B2 (ja) * 2005-09-16 2008-08-27 ソニー株式会社 情報処理装置、情報記録媒体製造装置、情報記録媒体、および方法、並びにコンピュータ・プログラム
CN101052068B (zh) 2006-04-03 2011-04-06 华为技术有限公司 提供湿电流的设备及方法
KR101319057B1 (ko) * 2006-12-11 2013-10-17 톰슨 라이센싱 디지털 시네마를 위한 텍스트 기반의 불법복제 방지 시스템 및 방법

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5574787A (en) * 1994-07-25 1996-11-12 Ryan; John O. Apparatus and method for comprehensive copy protection for video platforms and unprotected source material
KR0136458B1 (ko) * 1994-12-08 1998-05-15 구자홍 디지탈 자기 기록재생 시스템의 복사 방지장치
CA2179223C (fr) * 1995-06-23 2009-01-06 Manfred Von Willich Methode et appareil pour commander le fonctionnement d'un decodeur de signaux dans un systeme de diffusion
US6047103A (en) * 1995-10-09 2000-04-04 Matsushita Electric Industrial Co., Ltd. Data transmitter, data transmitting method, data receiver, information processor, and information recording medium
AU3207697A (en) * 1996-05-15 1997-12-05 Macrovision Corporation Method and apparatus for copy protection of copyrighted material on various recording media
ATE224124T1 (de) * 1997-01-27 2002-09-15 Koninkl Philips Electronics Nv Verfahren und vorrichtung zur übertragung von inhaltsinformation und darauf bezogener zusatzinformation
JP3794646B2 (ja) * 1997-08-26 2006-07-05 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ 内容情報とそれに関する補足情報とを転送するシステム

Also Published As

Publication number Publication date
CN1333975A (zh) 2002-01-30
EP1145243A2 (fr) 2001-10-17
WO2000004549A3 (fr) 2001-06-07
TW406249B (en) 2000-09-21
WO2000004549A2 (fr) 2000-01-27
KR20010023967A (ko) 2001-03-26

Similar Documents

Publication Publication Date Title
US6550011B1 (en) Media content protection utilizing public key cryptography
JP4714402B2 (ja) 情報源から受信機へのデジタルデータの安全な送信方法
US7224805B2 (en) Consumption of content
US7047422B2 (en) User access to a unique data subset of a database
US4658093A (en) Software distribution system
US7480802B2 (en) License-based cryptographic technique, particularly suited for use in a digital rights management system, for controlling access and use of bore resistant software objects in a client computer
US7840805B2 (en) Method of and apparatus for providing secure communication of digital data between devices
US7996322B2 (en) Method of creating domain based on public key cryptography
JP5309206B2 (ja) コンテンツ頒布システムにおいてマルチメディア・コンテンツのロンダリングおよび再パッケージングを防止する方法
US20080235810A1 (en) Method of Authorizing Access to Content
KR100721269B1 (ko) 컨텐츠물의 동시 카피들을 제한하는 방법 및 체크-아웃/체크-인 장치
KR20030027066A (ko) 데이터 교환을 위해 배열된 장치 및 인증 방법
JP2006527955A (ja) 改善された安全認証されたチャネル
US6748531B1 (en) Method and apparatus for confirming and revoking trust in a multi-level content distribution system
JP2004362547A (ja) スマートカードを用いた装置認証によりホームドメインを構成する方法、及びホームドメインを構成するためのスマートカード
WO2006077222A1 (fr) Systeme et procede de manipulation securisee et pratique d'informations d'etat de liaison cryptographique
EP1145243A2 (fr) Protection contre la copie par chiffrement de ticket
JP2000113048A (ja) コンテンツ受信装置群およびそれに用いるicカード
JP4713745B2 (ja) 認証通信装置及び認証通信システム
JP3846230B2 (ja) コンテンツ情報認証再生装置
EP1412833A1 (fr) Consommation de contenu de donnees numeriques avec gestion de droits numeriques
JP2002520682A (ja) チケット暗号化による複製保護
JP2005080145A (ja) 再生装置管理方法、コンテンツデータ再生装置、コンテンツデータ配布装置及び記録媒体
JP2006201986A (ja) デジタルコンテンツのコピー制御方法および管理装置
MXPA06008255A (en) Method of authorizing access to content

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

XX Miscellaneous (additional remarks)

Free format text: DERZEIT SIND DIE WIPO-PUBLIKATIONSDATEN A3 NICHT VERFUEGBAR.

PUAK Availability of information related to the publication of the international search report

Free format text: ORIGINAL CODE: 0009015

AK Designated contracting states

Kind code of ref document: A3

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

RIC1 Information provided on ipc code assigned before grant

Ipc: 7H 04N 5/913 A

17P Request for examination filed

Effective date: 20011207

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20041123