KR100848369B1 - Method and device for producing coded data, for decoding coded data and for producing re-signed data - Google Patents

Abstract

An apparatus and method for generating encrypted data, executing encrypted data, and re-signing encrypted data already signed, includes information necessary for decrypting the data, apart from the encrypted media information, to generate encrypted data. Based on encrypted data additionally including the signature of the child. Thus the source of the encrypted data can be traced back. In particular, encrypted data is allowed to be delivered to a limited range, for example by friends or relatives, by the producer, whereas only reproduction of encrypted data in bulk is considered pirated copying. However, pirated pirates can be found with the help of a signature, where the signature is optionally protected by an embedded watermark signature. Since this is a concept where only encrypted data occurs when used legally, the removal of unauthorized ciphers is a legal violation. The concept of the present invention has the potential to be accepted in the marketplace by enabling the identification of intruders and at the same time respecting the ownership of the operator due to the limited delivery of media information.

Description

METHODS AND DEVICE FOR PRODUCING CODED DATA, FOR DECODING CODED DATA AND FOR PRODUCING RE-SIGNED DATA}             

delete

TECHNICAL FIELD The present invention relates to the distribution of media, and more particularly, to the distribution of media so that it can be delivered at a suitable size without cost, and can be delivered in large quantities so that it can be tracked at all times with minimal difficulty.
Digital signage of media content allows media content to be replicated as desired without compromising quality. This, in turn, has led to an increase in unauthorized piracy, or "piracy piracy," which causes economic losses for media content owners compared to a few years ago. Compared to a few years ago, when analog signal systems led the quality features to motivate people to buy records rather than simply own pirated versions, the possibility of digital production reproducing could be attributed to the infinite economic loss of the rights holder. Resulted.

For this situation there are several different concepts and companies such as Intertrust, such as what is known as "SDMI" to prevent unauthorized operator access by cryptographic methods. However, this method, on the one hand, increases costs and limits the usual exercise of ownership held by operators up to now. Such ordinary ownership exercise of the operators was to distribute a few copies to friends or family.

The prior art by the encryption method has the following problems. First, access keys must be distributed in a complex and logical manner. In addition, the conventional scheme additionally requires a separate decoding key which is separated from the media content and provided through alternative means such as letters, telephones, and the like. For example, if such a separate decryption key is no longer available due to a change in the system or an expiration of the use contract, the music collection by this type of protection is no longer available. This form is not safe for the future and cannot be used rapidly. Moreover, rights for current use are limited to equipment or people and cannot be extended or applied to other equipment or people, so record CDs to audio cassettes for friends or record them to audio cassettes for in-car listening. Private copying was impossible.

And since no access is granted to such a system except when authorized, it has always provided a stimulus to crack the concept of password protection.

In addition, such password protection concepts often rely on password safeguards. By way of cracking already, the content is completely free and no one in the (illegal) distribution chain can detect it. Thus, this breach cannot be proven.

Systems that seek to reduce the economic loss of media content owners, such as audio work in the music industry, have been called "DRM systems" (DRM = Digital Rights Management) among professionals. Such a system is intended to prevent unauthorized duplication and to enable detailed accounting through "E-Commerce". However, such a system has not yet been settled and there is doubt about its adoption on the operator side. As already explained, the existing ownership of the operator is limited.

The above methods commonly prevent unauthorized users from accessing content and allow the authorized user to pay for it. These payments can be applied more precisely to actual usage by additional criteria, at least equal to those required for general equipment or data transfer. However, this criterion, which, for example, permits up to seven copies of the original but not copies of the original, is complex, and it is still doubtful whether this complexity will be adopted by the operator.

Current systems are described, for example, in "Secure Delivery of Compressed Audio by Compatible Bitstream Scrambling" by C. Neubauer and J. Herrer at notice 5100 of the 108th AES Convention in Paris, February 2000. have. And at the "MPEG-4 Intellectual Property Management & Protection (IPMP) Overview & Applications" by Jack Lacy, Niels Rump, Talal Shamoon, Panos Kudumakis at the 17th AES Conference in Florence, September 1999, or at the same conference. Niels Rump, Philip R. Wiser of "AESSC SC-06-04 Activities on Digital Music Distribution".

As already explained, the above mentioned problems result in a low adoption rate by operators, so that well-known systems are not adopted in the market. This is because until now they were tailored only for the benefit of the music industry, which may be illegal by law, but not for the "ownership" of current operators who would automatically succumb the system if infringed.

It is an object of the present invention to provide a concept of rights management that is easier to adopt in the market.

This object is an apparatus for generating encrypted data according to claim 1, a method for generating encrypted data according to claim 16, an apparatus for decrypting encrypted data according to claim 17, a method for decrypting encrypted data according to claim 23, a resigned data generating apparatus according to claim 24, and a claim Obtained by a re-signed data generation method according to 39 or a computer program according to claim 40.

The present invention is based on the fact that not only the interests of the music industry but also the rights management concept which takes into account the benefits of the already existing ownership or operator that will ultimately govern its adoption in the market will be adopted in the market. The present invention for media distribution coordinates benefits between media providers and media consumers.

The present invention will be described below with reference to other aspects, but is based on the determination that content is available for anyone in principle once purchased. Authentication of the original purchaser or media content distributor is stored in the delivered data. In this way, in the case of abuse, such as when too many copies are made, it is possible to verify the identity of the violator in the distributed copy and to sue and punish the violator.

The encrypted data generated by the present invention is characterized by being encrypted but containing decryption information, and further including authentication information of the person who created the encrypted data. Thus, the encrypted data includes, in addition to the encrypted media information, additional information for authenticating the encrypted data creator and decrypting the encrypted media information.

Separately, it means that the publisher of the media content must digitally sign the content before publication.

An essential part of the invention is that it is based on encryption, ie the media content or media information is encrypted. Deletion of such passwords is illegal under US law, known as the "Milleniums Act." According to the law, copying an unencrypted file such as an MP3 file is not an infringement, but deleting the password in an unauthorized state is an infringement.

According to a preferred embodiment of the present invention, authentication information and decryption information constitute both axes of encrypted data, which are mutually dependent. Thus, if the authentication information is removed from the encrypted data, the encrypted data can no longer be decrypted. According to a preferred embodiment of the present invention, an asymmetrical encryption method is applied here. In particular, an operator has a pair of public and private keys associated with it. The private key is used when the operator wants to obtain an encrypted symmetric key by encrypting a symmetrical key for decrypting the media information. The operator adds this encrypted symmetric key and its public key to the encrypted media information. At this point, the added public key is operator authentication, since the operator can be explicitly authenticated with the help of the public key. The recipient of the encrypted data then extracts the public key from the encrypted data, decrypts the encrypted symmetric key added with the public key, and decrypts and executes the encrypted media information with the encrypted symmetric key. If the creator's public key is removed from the encrypted data without permission, decryption of the symmetric key and finally decryption of the encrypted media information is no longer possible. Thus, operator authentication information (signature) determines whether encrypted data is available.

It will be mentioned that free distribution among a limited range of media information, ie, multiple players owned by friends, relatives or the operator himself, is free. Therefore, ordinary ownership of the operator who does not want to limit his ownership is considered. In the end, this will be the deciding factor in allowing the present invention to be adopted in the market. On the other hand, the interests of the media information owners are also taken into account, which should be considered for free reproduction as limitedly as in the analogue audio system, but the use of large amounts of media information such as mass misuse, for example over the Internet. It has the potential to track and punish offers. Tracking is possible because the decryptable encrypted data includes the authentication of the person who performed such mass distribution.

According to a preferred embodiment of the present invention, it is preferable as a so-called second defense line to add a watermark to the media information that enables operator authentication separately from operator authentication in plain text. If an attacker continually attempts to blunt or remove operator authentication, and nevertheless provides complete data, authentication of media information is still possible with the aid of a watermark. In particular, if an attacker succeeds in generating plain text data from encrypted data made difficult by technical precautions, authentication can still be found by the watermark. If an attacker wants to generate plain text data without his watermark to be added to the media information, the media information will contain the watermark of the person who was given him encrypted data. Thus, at least that identity is secured. As stated above, there is a minimum chance of knowing who the actual infringer was who acted illegally by removing the password.

The present invention is thus characterized by containing the media information in encrypted form and the key for decryption and execution contained in the encrypted data even though it is not possible to write the file in plain text data. Moreover, the encrypted data contains the operator's identity as a digital notary or user signature. Preferably such signatures are issued and registered by a notary body for use as an operator's certificate in court in matters of punishment. Then, it is preferable that the operator identification information is imprinted with the watermark on the media data as the second line of defense.

The present invention has the advantage of providing a transparent system that is easy to use for the operator or consumer of the media information and allows for free copying for a limited range, for example for friends, for personal use. To date, simple operators who are quasi-legal or have no illegal interests move to a legal state consistent with the laws or regulations for media providers. In order to compress the data rate, it is preferable to perform compression before encrypting the media information. When MPEG-4 is used as the compression method, the operator can get better audio quality and higher compression rate than MP3, for example, and the operator can change from MP3 to MPEG-4, which is the encryption method according to the present invention, which is freely copyable in all respects. Will change. The new concept does not cause problems for ordinary operators who want to reproduce freely on a small scale, but for illegal distributors who make pirated copies in large quantities. Such pirated versions are not completely prevented by the concept of encryption, but pirated replicators can be found and punished by operator authentication in encrypted data.

And, since MPEG-4 can be used not only for audio compression but also for video, text, etc., an operator is provided with an additional media track. First of all, since the illegal copying is reduced by the concept of the present invention, the price of music and video work will be lowered by the reduction of illegal use.

The concept of the present invention also provides advantages for the owners of media information, not to deteriorate the value compared to the time of distribution of analog music, but to provide a legal basis for eradicating pirated copying prevalent in the MP3 era. The system then allows media producers to enter a period when media content is no longer free and is distributed in encrypted form.

And, the concept of the present invention also gives advantages to the music industry, since the fact that the media information is already encrypted has the effect that the operator is grateful for its value. Moreover, the present invention will allow operators to handle media content more responsibly when delivering media, as they must expect their IDs to be contained in pirated copies that can eventually be distributed in mass and cause problems. Operators who accept them will nevertheless suffer from this because the delivery on a limited scale is from a lawful state to a lawful state.

delete

delete

The present invention also solves a number of problems with known DRM systems by adding decryption keys, eliminating the need for complicated and expensive logic management. And the present invention is self-contained, which means that the encrypted data always stores the information necessary for execution, and how secure the encrypted data generated by the present invention is for the future. . As an encryption method, RSA, which is an example of an asymmetric encryption method, and Rijndal, which is an example of a symmetric encryption method, are both known technologies.

The present invention allows copying and execution as desired, as in the case of the past, to be delivered to a limited range such as a friend in a personal domain within the scope of the operator's responsibility.

In addition, according to the present invention, since it is free to an ordinary operator, it does not give a stimulus for cracking. It is the operator's responsibility to limit mass distribution, not encrypted methods.

The watermark that authenticates the signer as a so-called selectively added line of defense is optionally contained in the cracked media data.

The invention is also independent of the encoded format of the source. Although it is desirable to introduce MPEG-4 as a source encoding method that includes higher data compression ratios, better audio / video quality, and more advanced features to give the operator additional stimulation, all existing compression methods such as MP3, etc. This can be integrated. This stimulus which allows the operator to comply with the present invention is not by making a freely available MPEG-4 encoder / decoder, but can be used free of charge or at a low cost in connection with a DRM system so as not to enter the market at risk. Can be further increased by. This means that in the best case there is no decoder, in particular a hardware player running the decrypted format. This results in easier downloading and use of the new -encrypted and signed-formatting format rather than performing complex attacks on encrypted protection or signatures, to make it easier for normal operators to avoid illegal intentions.

With reference to the accompanying drawings will be described in detail a preferred embodiment of the present invention.

1 is a block diagram of the present invention for generating encrypted data;

2 is a block diagram of the present invention for decrypting / executing encrypted and signed data;

3 is a block diagram of the present invention for re-signing such that encrypted data can be delivered to another trusted person;

4 is a conceptual diagram illustrating the format of encrypted and signed media information;

5 is a schematic diagram illustrating different data formats and scenarios that may be provided by embodiments of the present invention;

6 is a block diagram of a simple apparatus for executing encrypted and signed media information;

7 is a block diagram of the present invention for creating an operator specific local archive with an "introduced version";

8 is a block diagram of the present invention capable of executing, generating and re-signing according to a preferred embodiment of the present invention;

9 illustrates an extension of the apparatus of FIG. 8 to provide media information specifically supplied by a media provider within an encrypted and signed format;

FIG. 10 illustrates an extension of the device of FIG. 9 to enable a one-to-one option that is impossible to deliver content to others, apart from the free encryption / signature options.

1 illustrates an apparatus of the present invention for generating encrypted data representing media information. Media information, which may be compressed data rate according to a method such as plain text or MPEG-4, is provided to the input 10 of the device according to the invention. The media information is input to encryption means 12 for encryption, which is provided with a key 14 by means of providing additional information, including operator authentication and key information at the same time. The providing means 14 may be embodied in a memory, on the one hand providing additional information which enables operator authentication and on the other hand decrypts the encrypted media information output at the output of the encryption means 12. By providing additional information to the encrypted media information so that encrypted data signed by the operator of the apparatus shown in FIG. 1 is provided via output stage 18. It will be mentioned that the data provided at output 18 is either an encrypted file or contiguous stream data.

The plain text media information may be, for example, PCM data read out or ripped from a CD or DVD owned by an operator. The media information may be, for example, compressed source information such as encoded PCM data. In this case, a well-known encoding algorithm such as MPEG-4 or MP3 may be used as the encoding algorithm.

It should be noted that any media information, such as audio information, video information, text information, graphics, and special music information such as WAV files, MIDI files, music score files, etc., may be processed by the present invention.

Any encryption method, such as a symmetric encryption method (eg Rijndal) or an asymmetric encryption method (eg RAS), may be adopted as the decryption method for means 12 to perform the decryption, combining both of them. It is desirable in terms of computing time. In particular, it is more preferable to encrypt a symmetric key that actually encrypts media information with a key of asymmetric encryption concept, and to use both the public key of the asymmetric method and the symmetric key encrypted with the corresponding private key as additional information. In this case, the added public key is also provided for operator authentication. In general, the additional information is formed to perform both the authentication of the operator and the decryption of the encrypted media information by the additional information. In particular, at least one portion of the additional information, such as the public key in the above example, is selected at the same time to indicate the operator authentication, so that if there is a false operation of the operator authentication, decryption by the information contained in the encrypted data itself is no longer possible. It is desirable to render the encrypted data at the output stage 18 of the apparatus of 1 useless.

2 shows an apparatus according to the invention for decrypting encrypted data. By way of example, the input 20 of the device shown in FIG. 2 is provided with encrypted and signed data provided by the output 18 of the device shown in FIG. 1, means 22 for key extraction and means for decryption. Is applied to (24). The means for key extraction 22 extracts decryption information from the encrypted data, and if the decryption information is applied to the means for decryption 24, the means for decryption 24 means for extracting the key ( The decryption information from 22) is used to decrypt the encrypted media information contained in the encrypted data and provide it to the means for execution 26 for display or execution. According to an embodiment, the means 26 for execution are speakers (audio information), monitors (video information), special means for outputting voice or music, and the like. In particular, in the embodiment of the apparatus of FIG. 2, which is included in the entire system, which may be implemented by, for example, an operator's PC or the like, it is desirable that the output of the means 24 prevent the decrypted media information from being output as digital data or generating a plain text file. Do. But if so by unauthorized use, this would be an unauthorized violation of the code and would already be a violation of US law. In such a case, as described below, if the watermark is included as a second line of defense in the plain text data that can be "stealed" at the output of the decryption means 24, punishment or sued by the infringer would be possible.

3 shows an apparatus of the present invention for generating re-signature data from encrypted data representing media information. In particular, encrypted data signed by the manufacturer is provided to the input 30 of the device shown in FIG. This encrypted and signed data is the same data as that at the output 18 of the device shown in FIG. 1 or the input 20 of the device shown in FIG. Means for re-signing include means 32 for providing authentication of the re-signing device operator shown in FIG. 3 and encryption of the re-signing operator to encrypted media information derived from the decrypted media information by means of an output terminal ( Means 34 for providing re-signed encrypted data at 38). The re-signed encrypted data at the output 38 includes in any case the operator authentication of the device shown in FIG. 3 and the signature of the last producer, such as the data stream provided at the input 30, due to this feature. All paths of media information can be tracked.

In the embodiment described so far, the apparatus shown in FIG. 3 should only add new re-signing authentication. This may be possible if the key information contained in the encrypted data at the input 30 is independent of operator authentication. However, if the operator data and the decryption information, i.e., the additional information in the encrypted data, are interdependent, the apparatus shown in Fig. 3 can be embodied in the same manner as the key extracting means 22 in Fig. 2. ), Decryption means 36, which may be embodied in the same way as means 24 of FIG. 2, and further encryption means 37, which may in principle be embodied, such as encryption means 12 of FIG. 1. something to do. In this case the data stream at the input end 30 signed by the former manufacturer is first decrypted by the decryption means 36 using the decryption information provided by the key-extraction means 35 and authenticated by the re-signing device operator. It is encrypted again using the new re-signing authentication provided by the means 32 using. In this case there will be no connection 39, indicated by the dashed line in FIG.

Next, a preferred embodiment of a file format for encrypted and signed data will be described. If encrypted and signed data is present in the file, the file includes a header with a format indication 40. This header is followed by the notary of the operator or the public key associated with the operator 42. Therefore, entering the file (42) to secure the producer certification. This area 42 is followed by an area 44 containing a symmetric key encrypted by the public key of the area 42, where the symmetric key is used to decrypt the encrypted media information in the area 46. Thus, areas 42 and 44 represent additional information for the operator's authentication (by area 42) and decryption of encrypted media information (by areas 42 and 44) to be executed.

delete

A schematic of the possibility of the present invention, referred to as DRM system 50 in FIG. 5 and including all the apparatus and more features shown in FIGS. 1-3 will be described with reference to FIG. 5 below. On the input side, plain text media information or compressed media information may be applied to the DRM system 51a. In addition, the DRM system 50 according to the preferred embodiment of the present invention is configured to acquire, as an input signal, the signed and encrypted data 51b corresponding to the data at the output stage 18 of FIG. In addition, the DRM system 50 according to the preferred embodiment of the present invention is "hard" -encrypted using a machine depending key to include decryption information and operator signatures. Local archive data 51c which is not to be used can be obtained as an input quantity.

In addition, according to a preferred embodiment of the present invention, a data format having additionally "hard" -encrypted data after being signed may be provided to the DRM system 50 shown in FIG. 5, which data format is "AtoB". It is referred to as format 51d. The "AtoB" format 51d is characterized in that it has been created by user A so that the content can only be decrypted by B.

In another embodiment of the invention, the DRM system 50 may also be provided with a file that protects the media information from the media provider 52, which is typically an example of the owner or authorized publisher of the media information. Is not signed by the media provider 52. The media information transmitted from the media provider 52 to the DRM system 50 is cryptographically protected media information. Thus, the DRM system may operate in a publish mode that supports or performs media distribution of the media provider 52. This is called a super distribution.

On the output side, the DRM system 50 of the present invention executes the data format obtained through the inputs 51a to 51d (54a), generates a signed data format (54b), or sets up a local data format. May generate 54d at the output, such as generating (54c) or writing an AtoB format. Whether the format authorized to the DRM system 50 is plain text data or compressed data 51a, signed and encrypted data 51b, local data 51c, AtoB format 51d or issuing format A format indication such as whether it is 51e is included in the header of FIG. The DRM system 50 of the present invention shown in FIG. 5 performs header inspection before taking each actual action to take specifically according to the data format.

If a mismatch is found in the header 40 of FIG. 4, the data format will not be performed. In any case, the preferred DRM system shown in FIG. 5 does not output plain text data or compressed data in digital form. This makes it clear that, as already explained, the DRM concept of the present invention does not generate or provide plain text data in any case except for a CD or other voice carrier containing plain text data (PCM data). As already explained, the DRM system of the present invention also includes a data extrusion module, which allows for digital storage of conventional methods due to the high data rate compression. If such a compression module cannot be obtained in plain text form, and only if it is embedded in a DRM system, processing of data compressed in this compression format will never occur. What is stimulating to the operator is that this compression format offers high data compression on the one hand and high quality on the other, and in addition, it is practical for new data formats such as MPEG-4 by eliminating free or illegal pirated copies. By saving money easily, it can be deployed at a very low cost.

delete

delete

Herein, it should be mentioned that encrypted data is generated from plain text data by an encryption algorithm, while plain text data may be encoded or unencoded.

delete

Next, referring to Figures 6, 7, 8, 9 and 10, five other embodiments of the preferred DRM system are discussed. Like numbers refer to like elements throughout the drawings and like functions.

The level-1 DRM system shown in FIG. 6 includes executing a signed format as its primary function, and is alternatively capable of replacing signed and encrypted data at the plaintext input end, or input end 51b for the operator. It further includes an input terminal 51a for encoded media information. The data encoded to be replaceable is applied to an alternative decoder 60 to be decoded prior to its representation / execution. If plain text data is supplied to the input 51a, the alternative decoder will be bypassed (62). The media information is then compressed media information, preferably determined to be compressed by means of MPEG-4. Thus, a decoder 64 connected to the DRM system via a secure channel (SAC = secure authenticated channel 66) is connected between the decryption means 24 and the presentation means 26. The decoder 64 may be part of a DRM system or further switched as an external module. In this case, the SAC 66 is an external interface for the DRM system and guarantees that only a special decoder that is notarized to output plain text as a digital file is available.

delete

PCM data or MP3 encoded data may be applied as plain text or replaceable encoded input data, where the alternative decoder is an MP3 decoder.

FIG. 7 shows a level-2 DRM system in addition to the DRM system shown in FIG. 6 to generate a local archive 54c and to apply local archive data 51c on the one hand. The level-2 DRM system shown in FIG. 7 introduces a local format that allows an operator to locally produce MPEG-4 data and additionally execute it only locally. As a result, the plain text data of the input terminal 51b is encoded by the MPEG-4 encoder 70 which can be interfaced or integrated via the SAC 72.

The encoded data is encrypted using local key 76 and applied to encryption means 74 which applies to local archive output 54c. However, locally encrypted data does not contain decryption information. For decryption, if local archive data is provided to decryption means 24, decryption means 24 does not extract key information when the local format is recognized (40 in FIG. 4) but instead switches to local key 76. do.

Level-2 DRM systems want to find new systems, especially new encoders / decoders (70/64), but do not register (yet) to generate (FIG. 1) or re-sign (FIG. 3) encrypted and signed data (FIG. 3). It is a system intended for non-operators. Thus, operators of Level-2 DRM systems cannot yet generate or deliver legitimately encrypted and signed data. However, the operator can first investigate the functionality of the new encoding / decoding concept and then make a decision on the complete version. Since the level-1 DRM system of FIG. 6 is included in the level-2 DRM system of FIG. 7, the operator can first execute a work obtained in a signed format from friends or distributors. Moreover, the operator can create a local archive of his music data (54c), for example a digital archive of his CD (CD), and execute it only on his device such as his computer (pc) using the local key 76 Can be. As described with reference to FIG. 8, a Level-2 DRM system that relies on unsigned local data, regardless of whether the input data is plain text data or encrypted, ensures that encrypted and signed data is generated after registering the operator. 3 DRM system. The local key 76 is derived from machine-dependent authentication, such as the serial number of the computer pc, as described below.

delete

delete

delete

delete

Next, the Level-3 DRM system is based on plain text information (the device of FIG. 1), apart from the ability to execute the signed and encrypted data of the DRM systems of FIGS. 6 and 7 and to generate a local archive. It is described with reference to FIG. 3, which has the function of generating a signed format or converting the signed data format into a re-signed data format (the device of FIG. 3).

delete

delete

Means 14 for providing a notarized key are necessary for the device shown in FIG. 8 to generate encrypted (and thus signed) data or to resign data signed by the first operator. The notarized key is preferably provided by a registrar representing a neutral authority, and operator authentication of the device shown in FIG. 8 can be determined through the help of a notarized key. The public key input in block 42 of FIG. 4 represents operator authentication information.

A preferred function of embedding a watermark at the PCM level or bitstream level is also described in FIG. 8. Embedding the watermark is performed by a PCM watermark embedder 80 or a bitstream watermark embedder 82.

PCM watermark embedders are described by way of example in German patent DE 196 40 814 C1. In addition to the bitstream watermark embedder, the PCM watermark embedder in this case provides a distributed order in the payload such as an operator ID or user ID to apply a load to the distributed payload signal, thereby providing a watermark It is based on the inability to hear below the acoustic shield threshold as far as energy is concerned when associated with the accompanying audio data. Selective watermark embedding can occur at the time level (block 80) or bitstream level (block 82) as already described, where only partial decryption or incomplete decryption of the encrypted data is required. If watermark embedding is performed at the time level, the output signal of the decoder 64 is applied to the PCM watermark embedder 80 via the transmission line 84. However, if the bitstream watermark is executed, the input signal to the decoder 64, i.e., the encryption source information at the output of the decryption means 24, 36 is the bitstream watermark via another transmission line 86. Applied to the bedding. In this case, the bitstream watermark embedder 82 provides the media information to be encrypted in advance so that encoder 70 is no longer needed when performing bitstream watermarking.

delete

delete

delete

delete

delete

It will be mentioned that watermarks are not evaluated in normal use. However, if the creative concept of protection mechanism is illegally bypassed and the source data is further processed, it can be input by steganographic methods on inaudible watermarks, watermarks not visible in video data, or text data. This watermark can be assessed for legal purposes to draw conclusions concerning illegal distributors.

Therefore, when payload information corresponding to a user ID or a user ID is too long or a direct transmission of user authentication is not desirable due to protecting a personal area, a hash process (using a key referred to as “random key” in FIG. 8) is performed. It is preferable to embed the watermark itself such as payload information derived from the user ID through processing. Thus, another encrypted imitation random order is used for distribution. This has the advantage of less or no interference of the payload compared to encrypting the payload by encrypting the distributed order.

delete

This has the advantage that the watermark is better protected. And while the spread sequences derived from random keys are orthogonal to each other, the watermarks of the following operators can be inserted. This concept corresponds to the well-known CDMA method, in which several communication channels are put in frequency channels, each frequency channel occupying the same frequency band but to be separated with the aid of the correlator of the watermark extractor. It becomes possible. In addition, tampering with watermarks increases the anonymity of legitimate operators, but allows illegal operators to be exposed and punished.

delete

In particular, two methods for generating such watermark keys are desirable. In the first method for generating a watermark key, another random key with variable length determined by the decryption time as the technology is further advanced is used. This ensures that when testing all possible keys for extracting watermarks for legal purposes, an arbitrary amount of work must be completed, so that the watermark ID is particularly secure and anonymous, since no one knows the key. This can be read at a significant cost. Decoding for legal purposes therefore takes place by trying all possible keys. This is not a problem because when decoding for legal purposes there is ample time because the number of illegal distributors will be adapted to current computer technology.

delete

An alternative method for generating a watermark key is the well-known method that one of these possible watermark keys is used for watermark encryption and the presence of a series of other keys derived from the operator ID in fact. Thus, proof of authentication can only be performed for the operator to be checked at a reasonable expense.

From FIG. 8, the Level-3 DRM system has all functions such as the function of executing signed data, local data and plain text data, the function of generating signed data from the plain text data, the function of generating re-signed data from the signed data, and the like. It can be seen that including. As included in Fig. 8, it is more desirable for the function that the conversion to the encrypted and signed form can be executed when the local data is applied to the input side by an operator to execute. This is possible because the operator of the system shown in FIG. 8 has a notarized key 14 and is already registered.

delete

As already described with reference to the embodiment shown in FIG. 7, the local data format for creating an encrypted local archive is provided by the so-called introductory versions for each new encode method 70 and decode method 64. It has an advantage in that it becomes. For economic reasons, legalizing or releasing to the Level-3 DRM system of FIG. 8, which enables the user to output a signed data format when the user obtains the public key 14 from the registrar 56 of FIG. It is further desirable to provide a releasing means 88. If the user has not yet obtained the public key, the legalization or release means 88 is activated to output only local data, not signed data. Thus, when an operator registers and acquires a public key, new software or hardware can be added to the function shown in FIG. 7 in addition to the function shown in FIG. 8 by simply activating the legalization or release means without any necessary operation. According to an embodiment, the release means 88 may be distributed with a full version such that the full functionality is available by the operator only when the operator registers, i.e. when the operator obtains the public key 14. have.

delete

delete

delete

Next, the extension of the DRM system according to the present invention to the so-called distribution format will be described with reference to FIG. 9 (Level-4 DRM system). For this purpose, the operator of the DRM system receives media information protected from the media provider 52 but not signed by the input end 51e. Another decryption means 90 is provided for decrypting encrypted media information that is protected without including encryption information, for example, the decryption means being a key typically transmitted to the operator of the DRM system via a secure channel. 92 is provided. Asymmetric encryption methods combined with symmetric encryption methods are preferred here. The protected media information 51e supplied by the provider 52 is encrypted with a symmetric key, which is not included in the protected media information in the embodiment of the present invention. This key is provided externally (92).

delete

delete

delete

Asymmetric encryption methods can also be used here with advantages. The operator of the device shown in FIG. 9 provides its public key to the media provider 52, which encrypts the symmetric key to decrypt the media information via the public key, and then encrypts the encrypted symmetric key. Add to media information. The operator of the apparatus shown in FIG. 9 can decrypt the encrypted symmetric key included in the data stream using the operator private key to decrypt the unsigned information obtained from the media provider by means 90. The decrypted media information, when it is encoded information, is provided to the decoder 64 and then outputted by the presentation means 26 in the form provided rather than as a file.

delete

In order to generate the signed data format from the protected media information supplied by the supplier, the output data of the decryption means is normally processed. The level-4 DRM system shown in FIG. 9 thus allows for distribution through uncharacterized media such as super distribution or CD.

delete

The DRM system shown in FIG. 9 further has the function of automatically or non-automatically converting it into signed data, in case the operator of the system still has local data.

Another embodiment of the invention, which will be referred to as a level-5 DRM system for reasons of simplicity, will continue to be described with reference to FIG. In order to ensure that an encrypted and signed file can be delivered to only one user, the system shown in FIG. 10 can further encrypt via a private key and send it to the recipient. This one-to-one format is called the AtoB format. If the system shown in Fig. 10 is called receiver B, the system at the input side will receive the encrypted AtoB data stream 51d via the system B's public key. Another decryption means 100 is provided for decryption, in which a private key B is applied to the decryption means in order to decrypt the AtoB format and continue the process as shown in the remaining figures. If the device shown in Fig. 10 is a producer of the AtoB format, then the additional means 16, 34 are subsequently signed and encrypted via the recipient B's public key obtained from the receiver to output the data stream in AtoB format. Another encryption means 102 is provided for encrypting the data stream.

delete

delete

It is not necessary for the asymmetric encryption method to be adopted in order for the means 102 and 100 to be encrypted and decrypted respectively. However, this is desirable for economic reasons. In addition, the device shown in FIG. 10 is configured to prevent the conversion of the hard-encrypted AtoB format into a freely encrypted and signed format. The device shown in FIG. 10 allows only a representation of media information, not a change to a signed / encrypted format.

In this regard, the AtoB format is a way of delivering signed data to someone who does not trust it 100%. Such recipients cannot deliver content in terms of conventional rigorous DRM systems. The exception to playing back to a file is when it is signed for B and sent to B for distribution. The signed format can be written to a file when the signer and receiver are the same. As explained before, a private key is required for each player to run in AtoB format. This private key must be provided to the decryption means 100. In order to avoid bypassing the AtoB format, the dark colored areas in the DRM system 104 of FIG. 10 are preferably embodied in hardware.

delete

delete

In order to send the private key to the recipient, the key is signed and sent to the player corresponding to the recipient so that the AtoB format is converted into a signed format for execution and executed without the possibility of being stored. A secure method (SAC) is also desirable for this transmission.

Since multiple private keys enable the execution of content belonging to multiple individuals, in principle only one private key should be provided for each device. On the other hand, the personal operator is replaceable, by loading a new key and deleting the old key. The complexity of the replacement, due to the addition of an hour or one artificial time limit when updating, appears to be sufficient to prevent mass misuse. But personalizing the second device is simple.

delete

With respect to members of the shopping club, it is desirable to install one or multiple additional club keys that are valid for a limited time (eg, one year) on a personal device so that content obtained from the club can be executed in AtoB format. There are many keys for this on the device, but not in the media portion itself, because the keys are made available to anyone. Many of these keys need to be consistently executable in libraries that collect personalized files.

Depending on the environment, the method of the invention shown in Figures 1-3 and in particular Figures 6-10 may be implemented in either hardware or software. The implementation may also be possible on a digital storage medium, in particular on a floppy disk or CD having control signals which can be read electronically, in such a way that the corresponding method can be executed by cooperating with a programmable computer system. have. In general, the present invention encompasses computer program output having program code stored on a machine-readable carrier to perform the method of the present invention when the computer program output is executed on a computer. In contrast, the invention also relates to a computer program having program code for executing the method when the computer program is executed on a computer.

delete

delete

Claims (41)

An apparatus for generating encrypted data representing media information: Providing means (14) for providing operator authentication that allows the device operator to be authenticated; Encryption means (12) for encrypting the media information with an encryption key to produce encrypted media information; Additional means (16) for adding additional information to the encrypted media information to produce encrypted data, wherein the additional information is explicitly authenticated by the operator with the aid of the authentication information, including authentication information and decryption information; Decryption of the media information is to be performed using the decryption information, and the authentication information and decryption information is interdependent so that the encrypted data can no longer be decrypted after removing the authentication information from the encrypted data. , Additional means 16; And An output stage 18 for outputting the encrypted data, wherein the encrypted data has the encrypted media information and the additional information, and wherein the encrypted data does not comprise a decrypted form of the media information. Encryption data generating device comprising a. The method according to claim 1, And an encoder (70) for encoding the source information to obtain media information which is a data rate compressed version of the source information. The method according to claim 1, The encrypting means 12 is configured to use the operator authentication or information dependent on the operator authentication as the encryption key, and the adding means 16 adds only the decryption information to the additional information to further permit the operator authentication. An encrypted data generating device, characterized in that configured. The method according to claim 1, The encryption means 12 is configured to execute a symmetric encryption scheme with a symmetric encryption key, Additional encryption means is provided for encrypting the symmetric encryption key with an asymmetric encryption private key to obtain an encrypted key 44 in encrypted form, and And said additional means (16) is configured to use said encrypted key (44) of said encrypted form and a public key (42) belonging to said private key as additional information as plain text. The method according to claim 1, Watermark embedding means (80,82) for embedding a watermark corresponding to or subordinate to the operator authentication, or And the means for adding the additional information adds a notary of the operator or a public key assigned to the operator as the authentication information. The method according to claim 5, The watermark embedding means (82) is configured to embed the watermark in the media information. The method according to claim 5, The media information is a data rate compressed version of source information, and wherein the watermark embedding means (80) is configured to insert a watermark into the source information before the source information is compressed. The method according to claim 5, The media information is a data rate compressed version of encoded source information, and wherein the watermark embedding means (82) is configured to insert the watermark in a version in which a portion of the media information is decrypted. The method according to claim 5, And the watermark embedding means (80, 82) is configured to encrypt the watermark with a watermark key before embedding the watermark. The method according to claim 9, And the watermark embedding means (80, 82) is configured to select the watermark key or randomly select the watermark key from a set of other keys subordinate to the operator authentication. The method according to claim 1, The media information is a data rate compressed version of source information that can be generated by encoder 70, Interface means 72 is further provided for interfacing to the encoder 70, wherein the interface means 72 irradiates the connected encoder 70 with respect to safety characteristics so that the encoder is not compressed source information. The apparatus for generating encrypted data, characterized in that configured to communicate with the encoder (70) when the safety characteristic of preventing the output of the satisfactory. The method according to claim 1, The providing means (14) is characterized in that it is only configured to supply the operator authentication (42) assigned to the device operator by the registrar. The method according to claim 1, Release means 88 for releasing the output of the encrypted data only if the providing means 14 has an externally assigned operator authentication, and Local to encrypt media information with a local key 76 uniquely associated with the device and output local data 54c without the local key 76 so that local data 54c can only be decrypted by the device itself. Further provided with an archive means 74, Said local archive means being operable independently of the release by said release means (88). The method according to claim 13, The local archiving means is configured to derive the local key associated with the system in which the device is embedded, from machine idendification, network identification, or time stamp; . The method according to claim 1, The media information 51e is encrypted by the media provider 52, does not include the signature of the media provider 52, The apparatus further comprises means (90) for decrypting the encrypted media information using a key (92) not included in the encrypted media information, wherein the decryption means (90) is encryption means in the signal flow direction. (12, 37) An apparatus for generating encrypted data, which is located before. A method of generating encrypted data representing media information: Providing step 14 for providing operator authentication which allows the device operator to be authenticated; Encrypting (12) the media information with an encryption key to generate encrypted media information; And An additional step 16 of adding additional information to the encrypted media information to generate encrypted data, wherein the additional information is explicitly authenticated by the operator with the aid of the authentication information, including authentication information and decryption information; Decryption of the media information is to be performed using the decryption information, and the authentication information and decryption information is interdependent so that the encrypted data can no longer be decrypted after removing the authentication information from the encrypted data. , Adding step 16, and Outputting the encrypted data (18), wherein the encrypted data has the encrypted media information and the additional information, and wherein the encrypted data does not include a decrypted form of the media information. And an outputting step (18). An encryption data generating method. A decryption apparatus for decrypting encrypted data including encrypted media information 46 and additional information 40, 42, 44 representing media information, wherein the additional information includes authentication information and decryption information. With the help of the information the operator is explicitly authenticated and the decryption of the media information is to be carried out using the decryption information, wherein the encrypted data does not comprise a decrypted form of the media information, the decryption device comprising: Means (22) for calculating a decryption key (42) using said decryption information from said encrypted data; Means (24) for decrypting the encrypted media information using the decryption key to obtain decrypted media information; Means 26 for executing the decrypted media information, An apparatus for decrypting encrypted data, characterized in that it is configured to prevent decrypted media information from being output as digital data. delete The method according to claim 17, The encrypted media information is encrypted using a symmetric key, the symmetric key is encrypted using a producer's private key, the producer's public key 42 belonging to the private key is a plain text key, The apparatus comprises extraction means 24 configured to extract a public key 42 and an encrypted symmetric key 44 from the additional information, and The decrypting means decrypts the symmetric key using the public key and decrypts the encrypted media information using the decrypted symmetric key. The method according to claim 17, The media information is a data rate compressed version of the source information, The means for executing 26 comprises a decoder 64 for decoding the decrypted media information to obtain the source information, And said means for executing (26) is configured to prevent storage of the source information in digital form. The method according to claim 17, The media information is a data rate compressed version of the source information that can be decoded by the decoder 64, Interface means 66 for interfacing to the decoder 64 is further provided, wherein the interface means 66 examines the connected decoder 64 in terms of safety characteristics, so that the decoder is capable of decoding the decoded source information. Encrypted data decryption device configured to communicate with said decoder (64) if a safety characteristic that prevents output in digital form is satisfied. The method according to claim 17, And means (26) for executing unencrypted media information. The method according to claim 17, And further comprising local execution means for decrypting (24) local data (51c) that does not include decryption information as additional information, using a key (76) connected to the device for executing decrypted local data. Data decryption device A method for decrypting encrypted data comprising encrypted media information 46 and additional information 40, 42, 44, and representing media information, wherein the additional information includes authentication information and decryption information. With the help of the operator being explicitly authenticated and decrypting the media information is performed using the decryption information, the encrypted data does not comprise a decrypted form of the media information, wherein the method for decrypting is: Calculating (22) a decryption key (42) using the decryption information from the encrypted data; Decrypting (24) the encrypted media information using the decryption key to obtain decrypted media information; Executing (26) the decrypted media information; Preventing the decrypted media information from being output as digital data. Encrypted data representing media information, including encrypted media information 46 and additional information 40, 42, 44 for authenticating the creator of the encrypted data (42) and decrypting the encrypted media information (42, 44). An apparatus for generating resigned data from Means 32 for providing resignation operator authentication of an operator of the apparatus for generating resigned data, and Means (34) for adding said re-signature operator authentication to encrypted media information obtained by encrypting media information to obtain re-signed data (54b). The method according to claim 25, The additional information includes decryption information 42 for simultaneously expressing the identity information of the producer, Means (35) for extracting said decryption information from encrypted data, Means for decrypting encrypted data using said decryption information, and Means (37) for encrypting decrypted data using encryption information corresponding to said re-signing operator authentication (32) or encryption information dependent on said re-signing operator authentication (32) to obtain encrypted media information. And a re-signed data generator. The method of claim 26, The decryption information includes the producer's public key 42 and a symmetric key 44 encrypted with the creator's private key and used for encryption of the media information, The means for decryption 36 decrypts the symmetric key 44 encrypted initially using the public key, sequentially decrypts the encrypted media information 46 using the symmetric key, The encrypting means 37 initially encrypts the media information using the symmetric key and encrypts the symmetric key using a private key associated with the operator of the device for generating the sequentially re-signed data, where the resignation is performed. Operator authentication is characterized in that it comprises or is dependent on the operator's public key (42) of the device for generating the re-signed data. The method according to claim 25, And watermark embedding means (80,82) for embedding a watermark corresponding to or relying on the resignation operator authentication. The method according to claim 28, And said watermark embedding means is configured to embed said workmark in said media information. The method of claim 27, The media information is a data rate compressed version of the source information, and the watermark embedding means (80) embeds a watermark in the source information before the source information is compressed. The method of claim 27, The media information is an encoded data rate compressed version of source information, and the watermark embedding means 82 is configured to embed the watermark in a version in which a portion of the media information is decoded. Device. The method according to claim 28, And said watermark embedding means (80,82) is configured to add a watermark based on re-signature operator authentication to one or more already embedded watermarks. The method according to claim 32, And the watermark embedding means is configured to obtain a deterioration in quality when the media information is represented with all the watermarks. The method of claim 27, And said watermark embedding means is configured to embed a watermark using a watermark key. The method of claim 34, wherein And said watermark embedding means is configured to randomly select a watermark key or to select said watermark from a set of other keys subject to said re-signature operator authentication. The method according to claim 25, Release means 88 for releasing the output of the encrypted data only if the providing means 32 have an externally authorized operator authentication; and Local to encrypt media information with a local key 76 uniquely associated with the device and output local data 54c without the local key 76 so that local data 54c can only be decrypted by the device itself. Further provided with an archive means 74, And said local archiving means is operable independently of the release by said release means (88). The method according to claim 25, Means 22 for extracting the decryption key 42 from the encrypted data, Means (24) for decrypting encrypted media information using said decryption key to obtain decrypted media information, and And means (26) for executing said media information. The method according to claim 25, And further prevention means for preventing the output of data rate compression source information for storage in plain text media information, plain text source information or digital form is provided. The method according to claim 25, And encrypting means (102) for encrypting the resigned data for the exclusive operator so that only the exclusive operator can execute the media information. Encrypted data representing media information, including encrypted media information 46 and additional information 40, 42, 44 for authenticating the creator of the encrypted data (42) and decrypting the encrypted media information (42, 44). A method for generating resigned data from Providing 32 a resignation operator authentication of an operator of the apparatus for generating the resigned data, and And adding (34) a re-signature operator certificate to the encrypted media information obtained by encrypting the media information to obtain re-signed data (54b). A recording medium storing a computer program comprising program code for performing the method defined in claim 16, 24 or 40 when the program is run on a computer.

Images