EP1902415A2 - Method and system for making secure a transaction in a telecommunication network - Google Patents

Method and system for making secure a transaction in a telecommunication network

Info

Publication number
EP1902415A2
EP1902415A2 EP06778925A EP06778925A EP1902415A2 EP 1902415 A2 EP1902415 A2 EP 1902415A2 EP 06778925 A EP06778925 A EP 06778925A EP 06778925 A EP06778925 A EP 06778925A EP 1902415 A2 EP1902415 A2 EP 1902415A2
Authority
EP
European Patent Office
Prior art keywords
server
rights
identifier
beneficiary
commercial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP06778925A
Other languages
German (de)
French (fr)
Inventor
Louis Neau
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Viaccess SAS
Original Assignee
Viaccess SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Viaccess SAS filed Critical Viaccess SAS
Publication of EP1902415A2 publication Critical patent/EP1902415A2/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes

Definitions

  • the invention lies in the field of digital content distribution and more specifically relates to a method of acquisition for a beneficiary of a right to use digital content in a content distribution system comprising a commercial server, a rights server and an operating platform of said content, said flat ⁇ form comprising at least one purchasing module of a right of use and at least one module for use of the purchased right, said module purchase being able to communicate with said commercial server via a first application protocol specific to the commercial server, and said purchased entitlement module being able to communicate with said rights server via a second application protocol specific to the rights server.
  • the invention also relates to an acquisition system for a beneficiary of a right to use digital content comprising a commercial server, a rights server and a platform for exploiting said content, said platform comprising a purchase module of a right able to communicate with said commercial server via a first application protocol specific to the commercial server and a purchased entitlement module able to communicate with said rights server via a second application protocol specific to the rights server.
  • the invention also relates to a commercial server for managing a transaction in a content distribution system further comprising a rights server for using a digital content and a platform for exploiting said content, said platform ⁇ form comprising a purchase module of a right for a beneficiary able to communicate with said commercial server via a first application protocol specific to the commercial server and a purchased entitlement module able to communicate with said rights server via a second application protocol specific to the rights server.
  • the invention also relates to a rights server for using digital content in a content distribution system further comprising a commercial server and a platform for exploiting said content, said operating platform comprising: a purchase module of a right for a beneficiary able to communicate with said commercial server via a first application protocol specific to the commercial server and a purchased entitlement module able to communicate with said rights server via a second application protocol own to the rights server.
  • the invention applies in the context of connected networks (Internet, mobile telephone networks, etc.) or broadcast networks (television networks broadcast over satellite, over IP), in which the exchanged contents are protected by a system access control (or CAS, for Conditional Access System) or a Digital Rights Management (DRM) system.
  • a system access control or CAS, for Conditional Access System
  • DRM Digital Rights Management
  • access to content is obtained in a procedure comprising two distinct steps, a first step of purchasing the right and a second step of acquiring the purchased right. These two steps are typically performed on different servers with different communication protocols.
  • FIG. 1 schematically illustrates a content distribution system comprising a commercial server 2, a rights server 4 and a content exploitation platform 5 comprising a purchasing module 6 of a right of use and a module of use 8 of the bought right.
  • the communications between the module 6 and the commercial server 2 are governed by a first application protocol 12, which may include a first security protocol 14, specific to the commercial server 2, while the communications between the use module 8 and the right server 4 are governed by a second application protocol 16, which may include a second security protocol 18, specific to the right server 4.
  • the acquisition of the right of use in the system described above has a first disadvantage resulting from the fact that the application protocols and the respective security
  • the commercial server 2 and the rights server 4 do not use the same identification and security procedures a priori. This has the consequence of complicating or even preventing the exchange of information between the servers involved in the transaction.
  • the servers involved in the distribution chain may have separate security protocols that require complex and expensive processes to adapt to each other to ensure end-to-end security of the transaction.
  • the object of the invention is to allow the exchange of information relating to the right beneficiary between these different servers having different application and security protocols without modifying the existing protocols.
  • the invention recommends a method of acquisition for a beneficiary of a right to use digital content in a content distribution system comprising a commercial server, a rights server and an operating platform of a digital content, said platform comprising at least one purchase module for a right of use and at least one module for using the purchased right, said purchasing module being able to communicate with said a commercial server via a first application protocol specific to the commercial server, and said purchased rights usage module being able to communicate with said rights server via a second application protocol specific to the rights server.
  • the method according to the invention comprises a third protocol consisting of:
  • said data relating to the beneficiary are exchanged by said servers via said operating platform.
  • the beneficiary data received by the operating platform of one of the servers is transferred without modification to the other server so that the operating platform only fulfills the server.
  • the correspondence between the identifier II and the identifier 12 is preferably recorded in a database accessible by the commercial server and / or by the rights server.
  • the acquisition of the right of use includes a prior step of transmitting from the commercial server to the purchasing module an electronic ticket attesting the actual purchase of the right and comprising in particular a content identifier and a beneficiary identifier
  • the commercial server Upon receipt of a right purchase request, the commercial server inserts the beneficiary's identifier into the electronic ticket.
  • the identifier of the beneficiary inserted in the ticket is the identifier 12 corresponding to the identifier II determined by the commercial server from the database.
  • the identifier of the beneficiary inserted in the ticket is the identifier II received by the commercial server in the purchase request.
  • the electronic ticket preferably includes addressing information relating to the commercial server and / or the rights server to enable the platform to perform the function of routing the data relating to the beneficiary.
  • the invention also relates to an acquisition system for a beneficiary of a right to use digital content comprising a commercial server, a rights server and a platform for exploiting said content, said platform comprising a purchase module of a right able to communicate with said commercial server via a first application protocol specific to the commercial server and a purchased entitlement module able to communicate with said rights server via a second application protocol specific to the rights server.
  • the system according to the invention comprises:
  • identifier II means for establishing a correspondence between the identifier II and the identifier 12 so as to allow the exchange between said data servers relating to the beneficiary when the latter is identified by one or the other of the identifiers II or 12.
  • This system further comprises a database accessible by the commercial server and / or by the rights server and comprising the correspondence between the identifier II and the identifier 12.
  • the invention also relates to a commercial server for managing a transaction in a content distribution system further comprising a rights server for using a digital content and a platform for exploiting said content, said platform ⁇ form comprising a purchase module of a right for a beneficiary able to communicate with said commercial server via a first application protocol specific to the commercial server and a purchased entitlement module able to communicate with said rights server via a second application protocol specific to the rights server.
  • the commercial server comprises a communication module supporting a third application protocol enabling said commercial server and rights server to exchange data. beneficiary data independently of said first and second application protocols.
  • This third application protocol implements means for establishing a correspondence between a beneficiary identifier with the commercial server and an identifier of said beneficiary with the rights server, and a database in which said correspondence is recorded.
  • the invention also relates to a rights server for using digital content in a content distribution system further comprising a commercial server and a platform for exploiting said content, said operating platform comprising a module for purchasing a right for a beneficiary able to communicate with said commercial server via a first application protocol specific to the commercial server and a purchased rights usage module able to communicate with said rights server via a second application protocol own to the rights server.
  • the rights server comprises a communication module supporting a third application protocol enabling said commercial server and rights server to exchange data relating to the beneficiary independently of said first and second application protocols.
  • This third application protocol implements means for establishing a correspondence between a beneficiary identifier with the commercial server and an identifier of said beneficiary with the rights server, and a database in which said correspondence is registered.
  • FIG. 1 previously described schematically represents a content distribution system of the prior art
  • FIG. 2 diagrammatically represents a content distribution system according to the invention
  • FIG. 3 represents a flow diagram illustrating a particular mode of implementation of the method according to the invention.
  • FIG. 2 schematically illustrates a digital content distribution system comprising a commercial server 2, a rights server 4, a database 20 and an operating platform 5.
  • the commercial server 2 and the rights server 4 can both be connected to the database 20 and can share information from this database 20.
  • the right server 4 may be a DRM license server (for Digital Right Management) or a CAS entitlement server (for Conditional Access System).
  • the digital content may represent audio data, video data or multimedia data.
  • the method according to the invention can be implemented in a context in which the operating platform 5 comprises one or more terminals purchasing rights and one or more terminals. beneficiaries of purchased rights.
  • the usage right is purchased via a buyer terminal for the benefit of a user terminal.
  • the purchase module 2 is then integrated in at least one buyer terminal and the user module is integrated in at least one terminal of the beneficiary of the purchased right.
  • the description which follows relates to an exemplary embodiment, illustrated in FIG. 2, in which the operating platform 5 comprises a communication terminal 24 which is both a buyer and a beneficiary of the right to use of digital content.
  • the communication terminal 24 is a UMTS mobile phone equipped with a SIM card 26 (For Subscriber Identity Module) and comprising a purchasing module able to communicate with the commercial server 2 via a first own application protocol. to the commercial server 2, and a purchased rights usage module able to communicate with the rights server 4 via a second application protocol specific to the rights server 4.
  • the purchasing module and the usage module are software that realizes respectively the purchase and exploitation of the purchased right.
  • terminal 24 can be a digital PDA diary (for Portable Digital Agenda) or a laptop without departing from the scope of the invention.
  • the terminal 24 is identified with the commercial server 2 by a first identifier II and with the rights server 4 by a second identifier 12.
  • the identifiers II and 12 are previously stored in the SIM card 26. terminal 24 and in the database 20.
  • the latter comprises a first directory containing a list of correspondences between the services provided to the terminal 24 and the rights associated with these services, and a second directory containing a list of matches between the identifier II. and the identifier 12.
  • the terminal 24 transmits (arrow 30) to the commercial server 2 a purchase request including, in particular, the identifier of the digital content and the identifier II of the terminal 24.
  • the commercial server 2 Upon receipt of this request, the commercial server 2 generates an electronic ticket containing the identifier of the content, inserts the identifier of the beneficiary in the electronic ticket, and transmits this ticket (arrow 32) to the terminal 24.
  • the identifier of the beneficiary inserted in the ticket is the identifier 12 determined by the commercial server from the base 20 in correspondence with the identifier II.
  • the identifier of the beneficiary inserted in the ticket is the identifier II received by the commercial server in the purchase request.
  • the ticket is sent (arrow 36) to the rights server 4 as received from the commercial server 2 without any modification.
  • the terminal 24 exclusively plays a role of router.
  • the rights server determines the beneficiary of the right corresponding to the ticket.
  • the ticket contains the identifier 12 of the beneficiary
  • the rights server 4 determines beforehand, from the base 20, the identifier 12 of the beneficiary by correspondence with the identifier II received in the ticket electronic.
  • the rights server generates the right relative to the content identified in the ticket and sends (arrow 38) the right generated to the terminal 24.
  • the commercial server 2 combines the electronic ticket cryptographic redundancy allowing the rights server 4 to control the authenticity and / or integrity of the content of said ticket.
  • Said cryptographic redundancy is for example an electronic signature generated by means of a private key of the commercial server 2.
  • the control of the authenticity and / or integrity of said ticket is achieved by means of a public key of the commercial server 2 previously transmitted to the rights server 4.
  • the rights server when the ticket is received by the rights server, the latter checks the cryptographic redundancy to check the authenticity and integrity of the ticket. If the cryptographic redundancy of the received ticket is correct, the rights server identifies the beneficiary, then generates and sends the right corresponding to the ticket as previously described.
  • FIG. 3 illustrates a particular context of implementation of the method according to the invention in which the buyer of the right of use is not the beneficiary of the purchased right.
  • the purchase of a right is made via a terminal of the buyer and the exploitation of the purchased right is carried out via the terminal of the beneficiary of the right.
  • the buyer transmits (step 40) to the commercial server 2 the purchase request including, in particular, the identifier of the digital content and the identifier of the recipient of this content.
  • the commercial server 2 On receipt of this request, the commercial server 2 generates (step 42) an electronic ticket comprising the identifier of the content and the identifier of the beneficiary.
  • the ticket may also contain the name of the server (s) to which the recipient's terminal will have to connect to obtain the content and associated rights.
  • the commercial server 2 secures the content of the ticket built in the previous step by associating said ticket with an electronic signature of the commercial server 2 so as to allow the rights server 4 to check the authenticity and the authenticity of the ticket. integrity of the contents of this ticket.
  • Said electronic signature is made by means of a private key of the commercial server 2 and the control of the authenticity and integrity of said ticket is achieved by means of a public key of the commercial server 2 previously transmitted to the rights server 4 .
  • step 46 the commercial server 2 transmits the secure ticket to the recipient's terminal. Note that steps 40 to 46 implement transport protocols, application, dialogue and security specific to the commercial server 2.
  • the ticket is sent (step 48) to the rights server 4 as received from the commercial server 2.
  • step 50 the rights server 4 verifies the signature contained in the ticket and checks, in step 52, the authenticity and integrity of said ticket.
  • the rights server 4 refuses to issue the right to the beneficiary.
  • the rights server 4 delivers the right to the beneficiary.
  • the provision of the right of use to the beneficiary is conditioned by the integrity and authenticity of the ticket. If the ticket does not have cryptographic redundancy, steps 50 and 52 and arrow 54 are ignored.
  • the rights server 4 generates (step 58) this right according to the ticket received, taking into account in particular:
  • step 60 the rights server transmits the generated right to the recipient. Note that steps 48 to 60 implement transport, application, dialogue and security protocols specific to the rights server 4.
  • the embodiment described above allows secure exchange of the end-to-end electronic ticket independently of the application and security protocol of the commercial server 2 and the application and security protocol of the rights server 4.

Abstract

The invention concerns a method for acquiring for a beneficiary a right of use of a digital content in a content distributing system comprising a commercial server (2), a rights server (4) and an operating platform (5) for said content, said platform (5) including at least one module (6) for purchasing a right of use and at least one module (8) for using the purchased right, said purchasing module (6) being adapted to communicate with said commercial module (2) via a first application protocol pertaining to the commercial server (2), and said module (8) for using the purchased right being adapted to communicate with said rights server (4) via a second application protocol pertaining to the rights server (4). The method includes a third protocol which consists in: defining an identifier I1 of the beneficiary with the commercial server (2) and an identifier I2 with the rights server (4); establishing a correspondence between the identifier I1 and the identifier I2 so as to enable data concerning the beneficiary identified by either of the identifiers I1 and I2 to be exchanged between said servers.

Description

PROCEDE ET SYSTEME DE SECURISATION D'UNE TRANSACTION DANS UN RÉSEAU DE TÉLÉCOMMUNICATION METHOD AND SYSTEM FOR SECURING A TRANSACTION IN A TELECOMMUNICATION NETWORK
DESCRIPTIONDESCRIPTION
DOMAINE DE L'INVENTIONFIELD OF THE INVENTION
L' invention se situe dans le domaine de la distribution de contenus numériques et concerne plus spécifiquement un procédé d'acquisition pour un bénéficiaire d'un droit d'usage d'un contenu numérique dans un système de distribution de contenus comprenant un serveur commercial, un serveur de droits et une plate-forme d'exploitation dudit contenu, ladite plate¬ forme comprenant au moins un module d'achat d'un droit d'usage et au moins un module d'utilisation du droit acheté, ledit module d'achat étant apte à communiquer avec ledit serveur commercial via un premier protocole applicatif propre au serveur commercial, et ledit module d'utilisation du droit acheté étant apte à communiquer avec ledit serveur de droits via un deuxième protocole applicatif propre au serveur de droits .The invention lies in the field of digital content distribution and more specifically relates to a method of acquisition for a beneficiary of a right to use digital content in a content distribution system comprising a commercial server, a rights server and an operating platform of said content, said flat ¬ form comprising at least one purchasing module of a right of use and at least one module for use of the purchased right, said module purchase being able to communicate with said commercial server via a first application protocol specific to the commercial server, and said purchased entitlement module being able to communicate with said rights server via a second application protocol specific to the rights server.
L' invention concerne également un système d'acquisition pour un bénéficiaire d'un droit d'usage d'un contenu numérique comprenant un serveur commercial, un serveur de droits et une plate-forme d'exploitation dudit contenu, ladite plate-forme comprenant un module d'achat d'un droit apte à communiquer avec ledit serveur commercial via un premier protocole applicatif propre au serveur commercial et un module d'utilisation du droit acheté apte à communiquer avec ledit serveur de droits via un deuxième protocole applicatif propre au serveur de droits .The invention also relates to an acquisition system for a beneficiary of a right to use digital content comprising a commercial server, a rights server and a platform for exploiting said content, said platform comprising a purchase module of a right able to communicate with said commercial server via a first application protocol specific to the commercial server and a purchased entitlement module able to communicate with said rights server via a second application protocol specific to the rights server.
L' invention concerne également un serveur commercial de gestion d'une transaction dans un système de distribution de contenus comprenant en outre un serveur de droits d'usage d'un contenu numérique et une plate-forme d'exploitation dudit contenu, ladite plate¬ forme comprenant un module d'achat d'un droit pour un bénéficiaire apte à communiquer avec ledit serveur commercial via un premier protocole applicatif propre au serveur commercial et un module d'utilisation du droit acheté apte à communiquer avec ledit serveur de droits via un deuxième protocole applicatif propre au serveur de droits.The invention also relates to a commercial server for managing a transaction in a content distribution system further comprising a rights server for using a digital content and a platform for exploiting said content, said platform ¬ form comprising a purchase module of a right for a beneficiary able to communicate with said commercial server via a first application protocol specific to the commercial server and a purchased entitlement module able to communicate with said rights server via a second application protocol specific to the rights server.
L' invention se rapporte également à serveur de droits d'usage d'un contenu numérique dans un système de distribution de contenus comprenant en outre un serveur commercial et une plate-forme d'exploitation dudit contenu, ladite plate-forme d'exploitation comprenant un module d'achat d'un droit pour un bénéficiaire apte à communiquer avec ledit serveur commercial via un premier protocole applicatif propre au serveur commercial et un module d'utilisation du droit acheté apte à communiquer avec ledit serveur de droits via un deuxième protocole applicatif propre au serveur de droits.The invention also relates to a rights server for using digital content in a content distribution system further comprising a commercial server and a platform for exploiting said content, said operating platform comprising: a purchase module of a right for a beneficiary able to communicate with said commercial server via a first application protocol specific to the commercial server and a purchased entitlement module able to communicate with said rights server via a second application protocol own to the rights server.
L'invention s'applique dans le contexte des réseaux connectés (Internet, réseaux de téléphonie mobile,...) ou des réseaux diffusés (réseaux de télévision diffusée par satellite, sur IP) , dans lesquels les contenus échangés sont protégés par un système de contrôle d'accès (ou CAS, pour Conditional Access System) ou par un système de gestion de droits numériques (ou DRM, pour Digital Rights Management) .The invention applies in the context of connected networks (Internet, mobile telephone networks, etc.) or broadcast networks (television networks broadcast over satellite, over IP), in which the exchanged contents are protected by a system access control (or CAS, for Conditional Access System) or a Digital Rights Management (DRM) system.
ÉTAT DE LA TECHNIQUE ANTÉRIEURESTATE OF THE PRIOR ART
Dans les systèmes actuels de distribution de contenus, l'accès aux contenus est obtenu selon une procédure comportant deux étapes distinctes, une première étape d' achat du droit et une deuxième étape d'acquisition du droit acheté. Ces deux étapes sont généralement exécutées auprès de serveurs différents ayant des protocoles de communication distincts.In current content distribution systems, access to content is obtained in a procedure comprising two distinct steps, a first step of purchasing the right and a second step of acquiring the purchased right. These two steps are typically performed on different servers with different communication protocols.
La figure 1 illustre schématiquement un système de distribution de contenu comprenant un serveur commercial 2, un serveur de droits 4 et une plate-forme 5 d'exploitation d'un contenu comprenant un module d'achat 6 d'un droit d'usage et un module d'utilisation 8 du droit acheté. Le module d'achat 6 et le module d'utilisation 8 du droit utilisent des réseaux de communication 10 et 11, distincts ou communs, pour communiquer respectivement avec le serveur commercial 2 et avec le serveur de droits 4. Les communications entre le module d' achat 6 et le serveur commercial 2 sont régies par un premier protocole applicatif 12, pouvant comporter un premier protocole de sécurité 14, spécifiques au serveur commercial 2, tandis que les communications entre le module d'utilisation 8 et le serveur de droit 4 sont régies par un deuxième protocole applicatif 16, pouvant comporter un deuxième protocole de sécurité 18, spécifiques au serveur de droit 4. L'acquisition du droit d'usage dans le système décrit ci-dessus présente un premier inconvénient résultant du fait que les protocoles applicatifs et de sécurité respectifs du serveur commercial 2 et du serveur de droits 4 n'utilisent pas a priori les mêmes procédures d'identification et de sécurisation. Ceci a pour conséquence de compliquer, voire d'empêcher, les échanges d' informations entre les serveurs impliqués dans la transaction.FIG. 1 schematically illustrates a content distribution system comprising a commercial server 2, a rights server 4 and a content exploitation platform 5 comprising a purchasing module 6 of a right of use and a module of use 8 of the bought right. The purchase module 6 and the usage module 8 of the right use communication networks 10 and 11, which are separate or common, to communicate respectively with the commercial server 2 and with the rights server 4. The communications between the module 6 and the commercial server 2 are governed by a first application protocol 12, which may include a first security protocol 14, specific to the commercial server 2, while the communications between the use module 8 and the right server 4 are governed by a second application protocol 16, which may include a second security protocol 18, specific to the right server 4. The acquisition of the right of use in the system described above has a first disadvantage resulting from the fact that the application protocols and the respective security The commercial server 2 and the rights server 4 do not use the same identification and security procedures a priori. This has the consequence of complicating or even preventing the exchange of information between the servers involved in the transaction.
En outre, lorsque les contenus distribués sont protégés par un droit d'accès, les serveurs intervenant dans la chaîne de distribution peuvent avoir des protocoles de sécurité distincts qui imposent des traitements complexes et coûteux pour les adapter les uns aux autres afin d'assurer une sécurité de bout en bout de la transaction.In addition, when distributed content is protected by a right of access, the servers involved in the distribution chain may have separate security protocols that require complex and expensive processes to adapt to each other to ensure end-to-end security of the transaction.
Par ailleurs, l'intégration ou la modification des protocoles n'est pas toujours souhaitée par les gestionnaires respectifs des deux serveurs .Moreover, integration or modification of the protocols is not always desired by the respective managers of the two servers.
Le but de l'invention est de permettre l'échange d'informations relatives au bénéficiaire du droit entre ces serveurs distincts ayant des protocoles applicatifs et de sécurité différents sans modifier les protocoles existants.The object of the invention is to allow the exchange of information relating to the right beneficiary between these different servers having different application and security protocols without modifying the existing protocols.
EXPOSÉ DE L'INVENTIONSTATEMENT OF THE INVENTION
L' invention préconise un procédé d'acquisition pour un bénéficiaire d'un droit d'usage d'un contenu numérique dans un système de distribution de contenus comprenant un serveur commercial, un serveur de droits et une plate-forme d'exploitation d'un contenu numérique, ladite plate-forme comprenant au moins un module d'achat d'un droit d'usage et au moins un module d'utilisation du droit acheté, ledit module d' achat étant apte à communiquer avec ledit serveur commercial via un premier protocole applicatif propre au serveur commercial, et ledit module d'utilisation du droit acheté étant apte à communiquer avec ledit serveur de droits via un deuxième protocole applicatif propre au serveur de droits.The invention recommends a method of acquisition for a beneficiary of a right to use digital content in a content distribution system comprising a commercial server, a rights server and an operating platform of a digital content, said platform comprising at least one purchase module for a right of use and at least one module for using the purchased right, said purchasing module being able to communicate with said a commercial server via a first application protocol specific to the commercial server, and said purchased rights usage module being able to communicate with said rights server via a second application protocol specific to the rights server.
Le procédé selon l'invention comporte un troisième protocole consistant à :The method according to the invention comprises a third protocol consisting of:
- définir un identifiant II du bénéficiaire auprès du serveur commercial et un identifiant 12 dudit bénéficiaire auprès du serveur de droits,define a beneficiary identifier II with the commercial server and an identifier 12 of said beneficiary with the rights server,
- établir une correspondance entre l'identifiant II et l'identifiant 12 de manière à permettre l'échange entre lesdits serveurs de données relatives au bénéficiaire lorsque ce dernier est identifié par l'un ou par l'autre des identifiants II ou 12.- Establish a correspondence between the identifier II and the identifier 12 so as to allow the exchange between said data servers relative to the beneficiary when the latter is identified by one or other of the identifiers II or 12.
Préférentiellement , lesdites données relatives au bénéficiaire sont échangées par lesdits serveurs via ladite plate-forme d'exploitation.Preferably, said data relating to the beneficiary are exchanged by said servers via said operating platform.
Selon une caractéristique essentielle de l'invention, les données relatives au bénéficiaire reçues par la plate-forme d'exploitation de l'un des serveurs sont transférées sans modification à l'autre serveur de sorte que la plate-forme d'exploitation remplit uniquement une fonction de routage desdites données entre les serveurs commercial et le serveur de droits.According to an essential characteristic of the invention, the beneficiary data received by the operating platform of one of the servers is transferred without modification to the other server so that the operating platform only fulfills the server. a function for routing said data between the commercial servers and the rights server.
La correspondance entre l'identifiant II et l'identifiant 12 est préférentiellement enregistrée dans une base de données accessible par le serveur commercial et/ou par le serveur de droits.The correspondence between the identifier II and the identifier 12 is preferably recorded in a database accessible by the commercial server and / or by the rights server.
Dans un mode préféré de mise en œuvre du procédé selon l'invention, l'acquisition du droit d'usage comporte une étape préalable consistant à transmettre du serveur commercial au module d' achat un ticket électronique attestant l'achat effectif du droit et comportant notamment un identifiant du contenu et un identifiant du bénéficiaireIn a preferred embodiment of the method according to the invention, the acquisition of the right of use includes a prior step of transmitting from the commercial server to the purchasing module an electronic ticket attesting the actual purchase of the right and comprising in particular a content identifier and a beneficiary identifier
A la réception d'une requête d'achat de droit, le serveur commercial insère l'identifiant du bénéficiaire dans le ticket électronique.Upon receipt of a right purchase request, the commercial server inserts the beneficiary's identifier into the electronic ticket.
Dans un premier mode de réalisation, l'identifiant du bénéficiaire inséré dans le ticket est l'identifiant 12 correspondant à l'identifiant II déterminé par le serveur commercial à partir de la base de données.In a first embodiment, the identifier of the beneficiary inserted in the ticket is the identifier 12 corresponding to the identifier II determined by the commercial server from the database.
Dans un deuxième mode de réalisation, l'identifiant du bénéficiaire inséré dans le ticket est l'identifiant II reçu par le serveur commercial dans la requête d' achat .In a second embodiment, the identifier of the beneficiary inserted in the ticket is the identifier II received by the commercial server in the purchase request.
Le ticket électronique comporte préférentiellement des informations d'adressage relatives au serveur commercial et/ou au serveur de droits pour permettre à la plate-forme de remplir la fonction de routage des données relatives au bénéficiaire .The electronic ticket preferably includes addressing information relating to the commercial server and / or the rights server to enable the platform to perform the function of routing the data relating to the beneficiary.
L' invention concerne également un système d'acquisition pour un bénéficiaire d'un droit d'usage d'un contenu numérique comprenant un serveur commercial, un serveur de droits et une plate-forme d'exploitation dudit contenu, ladite plate-forme comprenant un module d'achat d'un droit apte à communiquer avec ledit serveur commercial via un premier protocole applicatif propre au serveur commercial et un module d'utilisation du droit acheté apte à communiquer avec ledit serveur de droits via un deuxième protocole applicatif propre au serveur de droits .The invention also relates to an acquisition system for a beneficiary of a right to use digital content comprising a commercial server, a rights server and a platform for exploiting said content, said platform comprising a purchase module of a right able to communicate with said commercial server via a first application protocol specific to the commercial server and a purchased entitlement module able to communicate with said rights server via a second application protocol specific to the rights server.
Le système selon l'invention comporte:The system according to the invention comprises:
- des moyens pour définir un identifiant II du bénéficiaire auprès du serveur commercial et un identifiant 12 dudit bénéficiaire auprès du serveur de droits,means for defining an identifier II of the beneficiary with the commercial server and an identifier 12 of said beneficiary with the rights server,
- des moyens pour établir une correspondance entre l'identifiant II et l'identifiant 12 de manière à permettre l'échange entre lesdits serveurs de données relatives au bénéficiaire lorsque ce dernier est identifié par l'un ou par l'autre des identifiants II ou 12.means for establishing a correspondence between the identifier II and the identifier 12 so as to allow the exchange between said data servers relating to the beneficiary when the latter is identified by one or the other of the identifiers II or 12.
Ce système comporte en outre une base de données accessible par le serveur commercial et/ou par le serveur de droits et comportant la correspondance entre l'identifiant II et l'identifiant 12.This system further comprises a database accessible by the commercial server and / or by the rights server and comprising the correspondence between the identifier II and the identifier 12.
L' invention concerne également un serveur commercial de gestion d'une transaction dans un système de distribution de contenus comprenant en outre un serveur de droits d'usage d'un contenu numérique et une plate-forme d'exploitation dudit contenu, ladite plate¬ forme comprenant un module d'achat d'un droit pour un bénéficiaire apte à communiquer avec ledit serveur commercial via un premier protocole applicatif propre au serveur commercial et un module d'utilisation du droit acheté apte à communiquer avec ledit serveur de droits via un deuxième protocole applicatif propre au serveur de droits.The invention also relates to a commercial server for managing a transaction in a content distribution system further comprising a rights server for using a digital content and a platform for exploiting said content, said platform ¬ form comprising a purchase module of a right for a beneficiary able to communicate with said commercial server via a first application protocol specific to the commercial server and a purchased entitlement module able to communicate with said rights server via a second application protocol specific to the rights server.
Le serveur commercial selon l'invention comporte un module de communication supportant un troisième protocole applicatif permettant auxdits serveur commercial et serveur de droits d'échanger des données relatives au bénéficiaire indépendamment desdits premiers et deuxième protocoles applicatifs.The commercial server according to the invention comprises a communication module supporting a third application protocol enabling said commercial server and rights server to exchange data. beneficiary data independently of said first and second application protocols.
Ce troisième protocole applicatif met en œuvre des moyens pour établir une correspondance entre un identifiant du bénéficiaire auprès du serveur commercial et un identifiant dudit bénéficiaire auprès du serveur de droits, et une base de données dans laquelle est enregistrée ladite correspondance.This third application protocol implements means for establishing a correspondence between a beneficiary identifier with the commercial server and an identifier of said beneficiary with the rights server, and a database in which said correspondence is recorded.
L' invention concerne également un serveur de droits d'usage d'un contenu numérique dans un système de distribution de contenus comprenant en outre un serveur commercial et une plate-forme d'exploitation dudit contenu, ladite plate-forme d'exploitation comprenant un module d'achat d'un droit pour un bénéficiaire apte à communiquer avec ledit serveur commercial via un premier protocole applicatif propre au serveur commercial et un module d'utilisation du droit acheté apte à communiquer avec ledit serveur de droits via un deuxième protocole applicatif propre au serveur de droits.The invention also relates to a rights server for using digital content in a content distribution system further comprising a commercial server and a platform for exploiting said content, said operating platform comprising a module for purchasing a right for a beneficiary able to communicate with said commercial server via a first application protocol specific to the commercial server and a purchased rights usage module able to communicate with said rights server via a second application protocol own to the rights server.
Le serveur de droits selon l'invention comporte un module de communication supportant un troisième protocole applicatif permettant auxdits serveur commercial et serveur de droits d'échanger des données relatives au bénéficiaire indépendamment desdits premier et deuxième protocoles applicatifs.The rights server according to the invention comprises a communication module supporting a third application protocol enabling said commercial server and rights server to exchange data relating to the beneficiary independently of said first and second application protocols.
Ce troisième protocole applicatif met en œuvre des moyens pour établir une correspondance entre un identifiant du bénéficiaire auprès du serveur commercial et un identifiant dudit bénéficiaire auprès du serveur de droits, et une base de données dans laquelle est enregistrée ladite correspondance BREVE DESCRIPTION DES DESSINSThis third application protocol implements means for establishing a correspondence between a beneficiary identifier with the commercial server and an identifier of said beneficiary with the rights server, and a database in which said correspondence is registered. BRIEF DESCRIPTION OF THE DRAWINGS
D'autres caractéristiques et avantages de l'invention ressortiront de la description qui va suivre, prise à titre d'exemple non limitatif, en référence aux figures annexées dans lesquelles :Other features and advantages of the invention will emerge from the description which follows, taken by way of non-limiting example, with reference to the appended figures in which:
- la figure 1 décrite précédemment, représente schématiquement un système de distribution de contenus de l'art antérieur,FIG. 1 previously described schematically represents a content distribution system of the prior art,
- la figure 2 représente schématiquement un système de distribution de contenus selon l'invention,FIG. 2 diagrammatically represents a content distribution system according to the invention,
- la figure 3, représente un organigramme illustrant un mode particulier de mise en œuvre du procédé selon l'invention.FIG. 3 represents a flow diagram illustrating a particular mode of implementation of the method according to the invention.
EXPOSÉ DÉTAILLÉ DE MODES DE RÉALISATION PARTICULIERSDETAILED PRESENTATION OF PARTICULAR EMBODIMENTS
La figure 2 illustre schématiquement un système de distribution d'un contenu numérique comportant un serveur commercial 2, un serveur de droits 4, une base de données 20 et une plate-forme d'exploitation 5. Le serveur commercial 2 et le serveur de droits 4 peuvent être reliés l'un comme l'autre à la base de données 20 et peuvent partager les informations de cette base de données 20.FIG. 2 schematically illustrates a digital content distribution system comprising a commercial server 2, a rights server 4, a database 20 and an operating platform 5. The commercial server 2 and the rights server 4 can both be connected to the database 20 and can share information from this database 20.
Le serveur de droit 4 peut être un serveur de licence DRM (pour Digital Right Management) ou un serveur de droit d'un système CAS (pour Conditional Access System) . Le contenu numérique peut représenter des données audio, des données vidéo ou des données multimédia .The right server 4 may be a DRM license server (for Digital Right Management) or a CAS entitlement server (for Conditional Access System). The digital content may represent audio data, video data or multimedia data.
Le procédé selon l'invention peut être mis en œuvre dans un contexte dans lequel la plate-forme d'exploitation 5 comporte un ou plusieurs terminaux acheteurs de droits et un ou plusieurs terminaux bénéficiaires des droits achetés. Dans ce cas, le droit d'usage est acheté via un terminal acheteur au profit d'un terminal utilisateur. Le module d'achat 2 est alors intégré dans au moins un terminal acheteur et le module d'utilisation est intégré dans au moins un terminal du bénéficiaire du droit acheté.The method according to the invention can be implemented in a context in which the operating platform 5 comprises one or more terminals purchasing rights and one or more terminals. beneficiaries of purchased rights. In this case, the usage right is purchased via a buyer terminal for the benefit of a user terminal. The purchase module 2 is then integrated in at least one buyer terminal and the user module is integrated in at least one terminal of the beneficiary of the purchased right.
Pour des raisons de clarté, la description qui suit concerne un exemple de réalisation, illustré par la figure 2, dans lequel la plate-forme d'exploitation 5 comprend un terminal de communication 24 qui est à la fois acheteur et bénéficiaire du droit d'usage d'un contenu numérique.For the sake of clarity, the description which follows relates to an exemplary embodiment, illustrated in FIG. 2, in which the operating platform 5 comprises a communication terminal 24 which is both a buyer and a beneficiary of the right to use of digital content.
Dans cet exemple de réalisation, le terminal de communication 24 est un téléphone mobile UMTS muni d'une carte SIM 26 (Pour Subscriber Identity Module) et comportant un module d'achat apte à communiquer avec le serveur commercial 2 via un premier protocole applicatif propre au serveur commercial 2, et un module d'utilisation du droit acheté apte à communiquer avec le serveur de droits 4 via un deuxième protocole applicatif propre au serveur de droits 4. Le module d'achat et le module d'utilisation sont des logiciels réalisant respectivement l'achat et l'exploitation du droit acheté.In this exemplary embodiment, the communication terminal 24 is a UMTS mobile phone equipped with a SIM card 26 (For Subscriber Identity Module) and comprising a purchasing module able to communicate with the commercial server 2 via a first own application protocol. to the commercial server 2, and a purchased rights usage module able to communicate with the rights server 4 via a second application protocol specific to the rights server 4. The purchasing module and the usage module are software that realizes respectively the purchase and exploitation of the purchased right.
Notons que le terminal 24 peut être un agenda numérique PDA (pour Portable Digital Agenda) ou un ordinateur portable sans sortir du cadre de 1' invention .Note that the terminal 24 can be a digital PDA diary (for Portable Digital Agenda) or a laptop without departing from the scope of the invention.
En référence à la figure 2, le terminal 24 est identifié auprès du serveur commercial 2 par un premier identifiant II et auprès du serveur de droits 4 par un deuxième identifiant 12. Les identifiants II et 12 sont préalablement mémorisés dans la carte SIM 26 du terminal 24 et dans la base de données 20. Cette dernière comporte un premier répertoire contenant une liste de correspondances entre les services fournis au terminal 24 et les droits associés à ces services, et un deuxième répertoire contenant une liste de correspondances entre l'identifiant II et l'identifiant 12.With reference to FIG. 2, the terminal 24 is identified with the commercial server 2 by a first identifier II and with the rights server 4 by a second identifier 12. The identifiers II and 12 are previously stored in the SIM card 26. terminal 24 and in the database 20. The latter comprises a first directory containing a list of correspondences between the services provided to the terminal 24 and the rights associated with these services, and a second directory containing a list of matches between the identifier II. and the identifier 12.
En fonctionnement, le terminal 24 transmet (flèche 30), au serveur commercial 2 une requête d'achat comportant, notamment, l'identifiant du contenu numérique et l'identifiant II du terminal 24. A la réception de cette requête, le serveur commercial 2 génère un ticket électronique comportant l'identifiant du contenu, insère l'identifiant du bénéficiaire dans le ticket électronique, et transmet ce ticket (flèche 32) au terminal 24. Dans un premier mode de réalisation, l'identifiant du bénéficiaire inséré dans le ticket est l'identifiant 12 déterminé par le serveur commercial à partir de la base 20 en correspondance avec l'identifiant II. Dans un autre mode de réalisation l'identifiant du bénéficiaire inséré dans le ticket est l'identifiant II reçu par le serveur commercial dans la requête d' achat .In operation, the terminal 24 transmits (arrow 30) to the commercial server 2 a purchase request including, in particular, the identifier of the digital content and the identifier II of the terminal 24. Upon receipt of this request, the commercial server 2 generates an electronic ticket containing the identifier of the content, inserts the identifier of the beneficiary in the electronic ticket, and transmits this ticket (arrow 32) to the terminal 24. In a first embodiment, the identifier of the beneficiary inserted in the ticket is the identifier 12 determined by the commercial server from the base 20 in correspondence with the identifier II. In another embodiment, the identifier of the beneficiary inserted in the ticket is the identifier II received by the commercial server in the purchase request.
Pour permettre au bénéficiaire d' accéder au contenu, le ticket est envoyé (flèche 36) au serveur de droits 4 tel qu'il a été reçu du serveur commercial 2 sans aucune modification. Ainsi, au cours de cette transaction, le terminal 24 joue exclusivement un rôle de routeur.To allow the recipient to access the content, the ticket is sent (arrow 36) to the rights server 4 as received from the commercial server 2 without any modification. Thus, during this transaction, the terminal 24 exclusively plays a role of router.
Lorsque le ticket est reçu par le serveur de droits, ce dernier détermine le bénéficiaire du droit correspondant au ticket. Dans le premier mode de réalisation où le ticket contient l'identifiant 12 du bénéficiaire, ce dernier est directement identifié par cet identifiant. Dans l'autre mode de réalisation où le ticket contient l'identifiant II du bénéficiaire, le serveur de droits 4 détermine préalablement, à partir de la base 20, l'identifiant 12 du bénéficiaire par correspondance avec l'identifiant II reçu dans le ticket électronique. Quand le bénéficiaire a été identifié, le serveur de droits génère le droit relatif au contenu identifié dans le ticket et envoie (flèche 38) le droit généré au terminal 24.When the ticket is received by the rights server, the latter determines the beneficiary of the right corresponding to the ticket. In the first embodiment where the ticket contains the identifier 12 of the beneficiary, the latter is directly identified by this identifier. In the other embodiment where the ticket contains the identifier II of the beneficiary, the rights server 4 determines beforehand, from the base 20, the identifier 12 of the beneficiary by correspondence with the identifier II received in the ticket electronic. When the beneficiary has been identified, the rights server generates the right relative to the content identified in the ticket and sends (arrow 38) the right generated to the terminal 24.
Avantageusement, le serveur commercial 2 associe au ticket électronique une redondance cryptographique permettant au serveur de droits 4 de contrôler l'authenticité et/ou l'intégrité du contenu dudit ticket. Ladite redondance cryptographique est par exemple une signature électronique générée au moyen d'une clé privée du serveur commercial 2. Le contrôle de l'authenticité et/ou de l'intégrité dudit ticket est réalisé au moyen d'une clé publique du serveur commercial 2 préalablement transmise au serveur de droits 4.Advantageously, the commercial server 2 combines the electronic ticket cryptographic redundancy allowing the rights server 4 to control the authenticity and / or integrity of the content of said ticket. Said cryptographic redundancy is for example an electronic signature generated by means of a private key of the commercial server 2. The control of the authenticity and / or integrity of said ticket is achieved by means of a public key of the commercial server 2 previously transmitted to the rights server 4.
Dans ce cas, lorsque le ticket est reçu par le serveur de droits, ce dernier vérifie la redondance cryptographique pour contrôler l'authenticité et l'intégrité dudit ticket. Si la redondance cryptographique du ticket reçu est correcte, le serveur de droits identifie le bénéficiaire, puis génère et envoie le droit correspondant au ticket comme décrit précédemment .In this case, when the ticket is received by the rights server, the latter checks the cryptographic redundancy to check the authenticity and integrity of the ticket. If the cryptographic redundancy of the received ticket is correct, the rights server identifies the beneficiary, then generates and sends the right corresponding to the ticket as previously described.
L'organigramme de la figure 3 illustre un contexte particulier de mise en œuvre du procédé selon l'invention dans lequel l'acheteur du droit d'usage n'est pas le bénéficiaire du droit acheté. Dans ce contexte, l'achat d'un droit est réalisé via un terminal de l'acheteur et l'exploitation du droit acheté est réalisée via terminal du bénéficiaire du droit.The flowchart of FIG. 3 illustrates a particular context of implementation of the method according to the invention in which the buyer of the right of use is not the beneficiary of the purchased right. In this context, the purchase of a right is made via a terminal of the buyer and the exploitation of the purchased right is carried out via the terminal of the beneficiary of the right.
L'acheteur transmet (étape 40) au serveur commercial 2 la requête d'achat comportant, notamment, l'identifiant du contenu numérique et l'identifiant du bénéficiaire de ce contenu. A la réception de cette requête, le serveur commercial 2 génère (étape 42) un ticket électronique comportant l'identifiant du contenu et l'identifiant du bénéficiaire. Le ticket peut également contenir la désignation du ou des serveurs au (x) quel (s) le terminal du bénéficiaire devra se connecter pour obtenir le contenu et les droits associés. Optionnellement , à l'étape 44, le serveur commercial 2 sécurise le contenu du ticket construit à l'étape précédente en associant audit ticket une signature électronique du serveur commercial 2 de manière à permettre au serveur de droits 4 de contrôler l'authenticité et l'intégrité du contenu de ce ticket. Ladite signature électronique est réalisée au moyen d'une clé privée du serveur commercial 2 et le contrôle de l'authenticité et de l'intégrité dudit ticket est réalisé au moyen d'une clé publique du serveur commercial 2 préalablement transmise au serveur de droits 4.The buyer transmits (step 40) to the commercial server 2 the purchase request including, in particular, the identifier of the digital content and the identifier of the recipient of this content. On receipt of this request, the commercial server 2 generates (step 42) an electronic ticket comprising the identifier of the content and the identifier of the beneficiary. The ticket may also contain the name of the server (s) to which the recipient's terminal will have to connect to obtain the content and associated rights. Optionally, in step 44, the commercial server 2 secures the content of the ticket built in the previous step by associating said ticket with an electronic signature of the commercial server 2 so as to allow the rights server 4 to check the authenticity and the authenticity of the ticket. integrity of the contents of this ticket. Said electronic signature is made by means of a private key of the commercial server 2 and the control of the authenticity and integrity of said ticket is achieved by means of a public key of the commercial server 2 previously transmitted to the rights server 4 .
Grâce à cette procédure, l'intégrité du ticket est garantie et le serveur commercial 2 est authentifié comme émetteur du ticket. A l'étape 46, le serveur commercial 2 transmet le ticket sécurisé au terminal du bénéficiaire. Notons que les étapes 40 à 46 mettent en œuvre des protocoles de transport, d'application, de dialogue et de sécurité propres au serveur commercial 2.With this procedure, the integrity of the ticket is guaranteed and the commercial server 2 is authenticated as the issuer of the ticket. In step 46, the commercial server 2 transmits the secure ticket to the recipient's terminal. Note that steps 40 to 46 implement transport protocols, application, dialogue and security specific to the commercial server 2.
Pour permettre au bénéficiaire d' accéder au contenu, le ticket est envoyé (étape 48) au serveur de droits 4 tel qu'il a été reçu du serveur commercial 2.To allow the recipient to access the content, the ticket is sent (step 48) to the rights server 4 as received from the commercial server 2.
A l'étape 50, le serveur de droits 4 vérifie la signature contenue dans le ticket et contrôle, à l'étape 52, l'authenticité et l'intégrité dudit ticket.In step 50, the rights server 4 verifies the signature contained in the ticket and checks, in step 52, the authenticity and integrity of said ticket.
Si le ticket n'est pas authentique ou n'est pas intègre (flèche 54), le serveur de droits 4 refuse de délivrer le droit au bénéficiaire.If the ticket is not genuine or is not honest (arrow 54), the rights server 4 refuses to issue the right to the beneficiary.
Si le ticket est authentique et intègre (flèche 56), le serveur de droits 4 délivre le droit au bénéficiaire .If the ticket is genuine and intact (arrow 56), the rights server 4 delivers the right to the beneficiary.
Dans le mode particulier de réalisation décrit ci-dessus, la fourniture du droit d'usage au bénéficiaire est conditionnée par l'intégrité et l'authenticité du ticket. Si le ticket ne comporte pas de redondance cryptographique les étapes 50 et 52 et la flèche 54 sont ignorées.In the particular embodiment described above, the provision of the right of use to the beneficiary is conditioned by the integrity and authenticity of the ticket. If the ticket does not have cryptographic redundancy, steps 50 and 52 and arrow 54 are ignored.
Le serveur de droits 4 génère (étape 58) ce droit en fonction du ticket reçu en prenant en compte notamment :The rights server 4 generates (step 58) this right according to the ticket received, taking into account in particular:
- la correspondance entre l'identifiant du bénéficiaire auprès du serveur commercial 2 et l'identifiant de ce même bénéficiaire auprès du serveur de droits 4.the correspondence between the identifier of the beneficiary with the commercial server 2 and the identifier of the same beneficiary with the rights server 4.
- la correspondance entre l'identifiant du contenu demandé et les droits d'usage correspondant à la commercialisation de ce contenu.- the correspondence between the identifier of the requested content and the usage rights corresponding to the marketing of this content.
A l'étape 60, le serveur de droits transmet le droit généré au bénéficiaire. Notons que les étapes 48 à 60 mettent en œuvre des protocoles de transport, d'application, de dialogue et de sécurité propres au serveur de droits 4.In step 60, the rights server transmits the generated right to the recipient. Note that steps 48 to 60 implement transport, application, dialogue and security protocols specific to the rights server 4.
Le mode de réalisation décrit ci-dessus permet un échange sécurisé du ticket électronique de bout-en-bout indépendamment du protocole applicatif et de sécurité du serveur commercial 2 et du protocole applicatif et de sécurité du serveur de droits 4. The embodiment described above allows secure exchange of the end-to-end electronic ticket independently of the application and security protocol of the commercial server 2 and the application and security protocol of the rights server 4.

Claims

REVENDICATIONS
1. Procédé d'acquisition pour un bénéficiaire d'un droit d'usage d'un contenu numérique dans un système de distribution de contenus comprenant un serveur commercial (2), un serveur de droits (4) et une plate-forme d'exploitation (5) dudit contenu, ladite plate-forme (5) comprenant au moins un module d'achat (6) d'un droit d'usage et au moins un module d'utilisation (8) du droit acheté, ledit module d'achatA method of acquiring for a beneficiary a right to use digital content in a content distribution system comprising a commercial server (2), a rights server (4) and a platform of operation (5) of said content, said platform (5) comprising at least one purchase module (6) of a right of use and at least one usage module (8) of the purchased right, said module of 'purchase
(6) étant apte à communiquer avec ledit serveur commercial (2) via un premier protocole applicatif propre au serveur commercial (2) , et ledit module d'utilisation (8) du droit acheté étant apte à communiquer avec ledit serveur de droits (4) via un deuxième protocole applicatif propre au serveur de droits (4) , procédé caractérisé en ce qu'il comporte un troisième protocole consistant à :(6) being able to communicate with said commercial server (2) via a first application protocol specific to the commercial server (2), and said usage module (8) of the purchased right being able to communicate with said rights server (4) ) via a second application protocol specific to the rights server (4), characterized in that it comprises a third protocol consisting of:
- définir un identifiant II du bénéficiaire auprès du serveur commercial (2) et un identifiant 12 dudit bénéficiaire auprès du serveur de droits (4),define a beneficiary identifier II with the commercial server (2) and an identifier 12 of said beneficiary with the rights server (4),
- établir une correspondance entre l'identifiant II et l'identifiant 12 de manière à permettre l'échange entre lesdits serveurs de données relatives au bénéficiaire identifié par l'un ou par l'autre des identifiants II ou 12.- Establish a correspondence between the identifier II and the identifier 12 so as to allow the exchange between said data server relative to the beneficiary identified by one or the other identifiers II or 12.
2. Procédé selon la revendication 1 dans lequel ladite correspondance est enregistrée dans une base de données (20) accessible par le serveur commercial (2) et/ou par le serveur de droits (4) . 2. Method according to claim 1 wherein said correspondence is recorded in a database (20) accessible by the commercial server (2) and / or by the rights server (4).
3. Procédé selon la revendication 1, dans lequel lesdites données relatives au bénéficiaire sont échangées par lesdits serveurs (2,4) via ladite plate¬ forme d'exploitation (5) et en ce que lesdites données ne subissent aucune modification au niveau de ladite plate-forme (5) .3. Method according to claim 1, wherein said data relating to the beneficiary are exchanged by said servers (2,4) via said operating platform ¬ (5) and in that said data do not undergo any modification at said platform (5).
4. Procédé selon la revendication 1 dans lequel l'acquisition de droit comporte une étape préalable consistant à transmettre du serveur commercial (2) au module d'achat (6) un ticket électronique attestant l'achat effectif du droit et comportant notamment un identifiant du contenu et un identifiant du bénéficiaire.4. The method of claim 1 wherein the acquisition of rights comprises a prior step of transmitting from the commercial server (2) to the purchase module (6) an electronic ticket attesting the actual purchase of the right and including an identifier content and an identifier of the beneficiary.
5. Procédé selon la revendication 4, dans lequel, à la réception d'une requête d'achat de droit comportant l'identifiant II du bénéficiaire, le serveur commercial (2) insère dans le ticket électronique le deuxième identifiant 12 correspondant au premier identifiant II de ladite requête.5. Method according to claim 4, wherein, on receipt of a right purchase request comprising the identifier II of the beneficiary, the commercial server (2) inserts in the electronic ticket the second identifier 12 corresponding to the first identifier. II of the said request.
6. Procédé selon la revendication 4, dans lequel le serveur de droits (4) détermine l'identifiant 12 du bénéficiaire par correspondance avec l'identifiant II reçu dans le ticket électronique.6. The method of claim 4, wherein the rights server (4) determines the identifier 12 of the recipient by correspondence with the identifier II received in the electronic ticket.
7. Procédé selon la revendication 4 comportant une étape dans laquelle le serveur commercial (2) associe au ticket électronique une redondance cryptographique permettant au serveur de droits (4) de contrôler l'authenticité et/ou l'intégrité du contenu dudit ticket. 7. The method of claim 4 comprising a step in which the commercial server (2) associates the electronic ticket cryptographic redundancy allowing the rights server (4) to control the authenticity and / or integrity of the contents of said ticket.
8. Procédé selon la revendication I1 dans lequel ladite redondance cryptographique est une signature électronique générée au moyen d'une clé privée du serveur commercial (2) et en ce que le contrôle de l'authenticité et/ou de l'intégrité dudit ticket est réalisée au moyen d'une clé publique du serveur commercial (2) préalablement transmise au serveur de droits (4) .8. The method of claim I 1 wherein said cryptographic redundancy is an electronic signature generated by means of a private key of the commercial server (2) and in that the control of the authenticity and / or integrity of said ticket is performed by means of a public key of the commercial server (2) previously transmitted to the rights server (4).
9. Procédé selon la revendication 7, dans lequel le serveur de droits (4) génère et envoie ledit droit si la redondance cryptographique du ticket reçu est correcte.The method of claim 7, wherein the rights server (4) generates and sends said right if the cryptographic redundancy of the received ticket is correct.
10. Système d'acquisition pour un bénéficiaire d'un droit d'usage d'un contenu numérique comprenant un serveur commercial (2), un serveur de droits (4) et une plate-forme d'exploitation (5) dudit contenu, ladite plate-forme (5) comprenant un module d'achat (6) d'un droit apte à communiquer avec ledit serveur commercial (2) via un premier protocole applicatif propre au serveur commercial (2) et un module d'utilisation (8) du droit acheté apte à communiquer avec ledit serveur de droits (4) via un deuxième protocole applicatif propre au serveur de droits (4), système caractérisé en ce qu'il comporte:10. Acquisition system for a beneficiary of a right to use a digital content comprising a commercial server (2), a rights server (4) and an exploitation platform (5) of said content, said platform (5) comprising a purchase module (6) for a right able to communicate with said commercial server (2) via a first application protocol specific to the commercial server (2) and a usage module (8) ) bought right able to communicate with said rights server (4) via a second application protocol specific to the rights server (4), characterized in that it comprises:
- des moyens pour définir un identifiant II du bénéficiaire auprès du serveur commercial (2) et un identifiant 12 dudit bénéficiaire auprès du serveur de droits (4) ,means for defining an identifier II of the beneficiary with the commercial server (2) and an identifier 12 of said beneficiary with the rights server (4),
- des moyens pour établir une correspondance entre l'identifiant II et l'identifiant 12 de manière à permettre l'échange entre lesdits serveurs de données relatives au bénéficiaire identifié par l'un ou par l'autre des identifiants II ou 12.means for establishing a correspondence between the identifier II and the identifier 12 so as to allow the exchange between said data server relative to the beneficiary identified by one or the other of the identifiers II or 12.
11. Système selon la revendication 10, caractérisé en ce qu'il comporte une base de données (20) accessible par le serveur commercial (2) et/ou par le serveur de droits (4) et comportant la correspondance entre l'identifiant II et l'identifiant 12.11. System according to claim 10, characterized in that it comprises a database (20) accessible by the commercial server (2) and / or the rights server (4) and having the correspondence between the identifier II and the identifier 12.
12. Système selon la revendication 10, dans lequel le serveur de droits (4) est un fournisseur de droits d'accès conditionnel CAS.The system of claim 10, wherein the rights server (4) is a provider of CAS conditional access rights.
13. Système selon la revendication 10, dans lequel le serveur de droits (4) est un fournisseur de licences DRM.The system of claim 10, wherein the rights server (4) is a DRM license provider.
14. Système selon la revendication 10, dans lequel le module d'achat (6) d'un droit et le module d'utilisation (8) du droit acheté sont intégrés dans un terminal (24) du bénéficiaire du droit.14. The system of claim 10, wherein the purchase module (6) of a right and the use module (8) of the purchased right are integrated in a terminal (24) of the right beneficiary.
15. Système selon la revendication 14, dans lequel le terminal (24) du bénéficiaire est un téléphone mobile, un ordinateur portable ou un agenda numérique PDA.15. The system of claim 14, wherein the terminal (24) of the recipient is a mobile phone, a laptop or PDA PDA.
16. Système selon la revendication 10, dans lequel le module d'achat (6) est intégré dans un terminal acheteur (24) de droit et le module d'utilisation (8) est intégré dans un terminal du bénéficiaire du droit acheté.16. The system of claim 10, wherein the purchase module (6) is integrated in a right buyer terminal (24) and the module of use (8) is integrated in a terminal of the beneficiary of the purchased right.
17. Système selon la revendication 16, dans lequel le terminal acheteur (24) et le terminal du bénéficiaire sont des téléphones mobiles, des ordinateurs portables ou des agendas numériques PDA.17. The system of claim 16, wherein the buyer terminal (24) and the recipient's terminal are mobile phones, laptops or digital PDA diaries.
18. Serveur commercial (2) de gestion d'une transaction dans un système de distribution de contenus comprenant en outre un serveur de droits (4) d'usage d'un contenu numérique et une plate-forme d'exploitation (5) dudit contenu, ladite plate-forme18. A commercial server (2) for managing a transaction in a content distribution system further comprising a rights server (4) for using a digital content and an operating platform (5) of said content content, said platform
(5) comprenant un module d'achat (6) d'un droit pour un bénéficiaire apte à communiquer avec ledit serveur commercial (2) via un premier protocole applicatif propre au serveur commercial (2) et un module d'utilisation (8) du droit acheté apte à communiquer avec ledit serveur de droits (4) via un deuxième protocole applicatif propre au serveur de droits (4), serveur commercial (2) caractérisé en ce qu'il comporte un module de communication supportant un troisième protocole applicatif permettant auxdits serveur commercial (2) et serveur de droits (4) d'échanger des données relatives au bénéficiaire indépendamment desdits premiers et deuxième protocoles applicatifs.(5) comprising a module for purchasing (6) a right for a beneficiary able to communicate with said commercial server (2) via a first application protocol specific to the commercial server (2) and a usage module (8) purchased law able to communicate with said rights server (4) via a second application protocol specific to the rights server (4), commercial server (2) characterized in that it comprises a communication module supporting a third application protocol allowing said commercial server (2) and rights server (4) exchanging beneficiary data independently of said first and second application protocols.
19. Serveur commercial (2) selon la revendication 18, dans lequel ledit troisième protocole applicatif comporte des moyens pour établir une correspondance entre un identifiant du bénéficiaire auprès du serveur commercial (2) et un identifiant dudit bénéficiaire auprès du serveur de droits (4). The commercial server (2) according to claim 18, wherein said third application protocol comprises means for establishing a correspondence between a beneficiary identifier with the commercial server (2) and an identifier of said beneficiary with the rights server (4). .
20. Serveur commercial (2) selon la revendication 19, caractérisé en ce qu'il comporte en outre une base de données (20) comprenant ladite correspondance .20. Commercial server (2) according to claim 19, characterized in that it further comprises a database (20) comprising said correspondence.
21. Serveur de droits d'usage (4) d'un contenu numérique dans un système de distribution de contenus comprenant en outre un serveur commercial (2) et une plate-forme (5) d'exploitation dudit contenu, ladite plate-forme (5) d'exploitation comprenant un module d'achat (2) d'un droit pour un bénéficiaire apte à communiquer avec ledit serveur commercial (2) via un premier protocole applicatif propre au serveur commercial (2) et un module d'utilisation (8) du droit acheté apte à communiquer avec ledit serveur de droits (4) via un deuxième protocole applicatif propre au serveur de droits (4), serveur de droits (4) caractérisé en ce qu'il comporte un module de communication supportant un troisième protocole applicatif permettant auxdits serveur commercial (2) et serveur de droits (4) d'échanger des données relatives au bénéficiaire indépendamment desdits premier et deuxième protocoles applicatifs.21. A usage rights server (4) for digital content in a content distribution system further comprising a commercial server (2) and a platform (5) for exploiting said content, said platform Operating system (5) comprising a module for purchasing (2) a right for a beneficiary able to communicate with said commercial server (2) via a first application protocol specific to the commercial server (2) and a usage module (8) bought right able to communicate with said rights server (4) via a second application protocol specific to the rights server (4), rights server (4) characterized in that it comprises a communication module supporting a third application protocol allowing said commercial server (2) and rights server (4) to exchange data relating to the beneficiary independently of said first and second application protocols.
22. Serveur de droits (4) selon la revendication 21, dans lequel ledit troisième protocole applicatif comporte des moyens pour établir une correspondance entre un identifiant du bénéficiaire auprès du serveur commercial (2) et un identifiant dudit bénéficiaire auprès du serveur de droits (4) . The rights server (4) according to claim 21, wherein said third application protocol comprises means for establishing a correspondence between a beneficiary identifier with the commercial server (2) and an identifier of said beneficiary with the rights server (4). ).
23. Serveur selon la revendication 22, caractérisé en ce qu'il comporte en outre une base de données (20) comprenant ladite correspondance. 23. Server according to claim 22, characterized in that it further comprises a database (20) comprising said correspondence.
EP06778925A 2005-06-14 2006-06-12 Method and system for making secure a transaction in a telecommunication network Withdrawn EP1902415A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0551602A FR2887050B1 (en) 2005-06-14 2005-06-14 METHOD AND SYSTEM FOR SECURING A TRANSACTION IN A TELECOMMUNICATION NETWORK
PCT/FR2006/050547 WO2006134297A2 (en) 2005-06-14 2006-06-12 Method and system for making secure a transaction in a telecommunication network

Publications (1)

Publication Number Publication Date
EP1902415A2 true EP1902415A2 (en) 2008-03-26

Family

ID=35197832

Family Applications (1)

Application Number Title Priority Date Filing Date
EP06778925A Withdrawn EP1902415A2 (en) 2005-06-14 2006-06-12 Method and system for making secure a transaction in a telecommunication network

Country Status (7)

Country Link
US (1) US20090083838A1 (en)
EP (1) EP1902415A2 (en)
KR (1) KR20080023251A (en)
CN (1) CN101198979A (en)
FR (1) FR2887050B1 (en)
TW (1) TW200707323A (en)
WO (1) WO2006134297A2 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5429282B2 (en) * 2009-03-24 2014-02-26 日本電気株式会社 Information sharing apparatus, information sharing method, program, and information sharing system
TWI651675B (en) * 2016-12-09 2019-02-21 財團法人工業技術研究院 Ticket management method and server

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5560005A (en) * 1994-02-25 1996-09-24 Actamed Corp. Methods and systems for object-based relational distributed databases
JP2977476B2 (en) * 1995-11-29 1999-11-15 株式会社日立製作所 Security method
US6385596B1 (en) * 1998-02-06 2002-05-07 Liquid Audio, Inc. Secure online music distribution system
US7263497B1 (en) * 1998-02-06 2007-08-28 Microsoft Corporation Secure online music distribution system
JP3216607B2 (en) * 1998-07-29 2001-10-09 日本電気株式会社 Digital work distribution system and method, digital work reproduction apparatus and method, and recording medium
US6970849B1 (en) * 1999-12-17 2005-11-29 Microsoft Corporation Inter-server communication using request with encrypted parameter
JP4511684B2 (en) * 2000-05-16 2010-07-28 日本電気株式会社 Biometrics identity verification service provision system
JP2002091851A (en) * 2000-09-12 2002-03-29 Toshiba Corp Information providing method and repeating server device
JP2002203180A (en) * 2000-10-23 2002-07-19 Matsushita Electric Ind Co Ltd Device and method for outputting control information
WO2002045316A2 (en) * 2000-11-10 2002-06-06 Full Audio Corporation Digital content distribution and subscription system
WO2002101524A2 (en) * 2001-06-11 2002-12-19 Matsushita Electric Industrial Co., Ltd. License management server, license management system and usage restriction method
US7421411B2 (en) * 2001-07-06 2008-09-02 Nokia Corporation Digital rights management in a mobile communications environment
TWI308306B (en) * 2001-07-09 2009-04-01 Matsushita Electric Ind Co Ltd Digital work protection system, record/playback device, recording medium device, and model change device
WO2003027848A2 (en) * 2001-08-03 2003-04-03 Matsushita Electric Industrial Co., Ltd. Backup-restoration system and right management server
US20030028622A1 (en) * 2001-08-06 2003-02-06 Mitsuhiro Inoue License management server, terminal device, license management system and usage restriction control method
JP2003108846A (en) * 2001-09-28 2003-04-11 Fujitsu Ltd Sales promotion method, and sales promotion device
US20030105669A1 (en) * 2001-11-09 2003-06-05 Sony Corporation Contents distributing system, device for processing charge for advertisement information, contents distributing server, their program, and program recording medium
US7693795B2 (en) * 2002-09-05 2010-04-06 Panasonic Corporation Digital work protection system
JP2004157864A (en) * 2002-11-07 2004-06-03 Canon Inc Content distribution system
US20040128544A1 (en) * 2002-12-31 2004-07-01 International Business Machines Corporation Method and system for aligning trust relationships with namespaces and policies
US8554930B2 (en) * 2002-12-31 2013-10-08 International Business Machines Corporation Method and system for proof-of-possession operations associated with authentication assertions in a heterogeneous federated environment
US7529987B2 (en) * 2003-06-05 2009-05-05 Nxp B.V. Integrity control for data stored in a non-volatile memory
US7529853B2 (en) * 2003-06-25 2009-05-05 Oracle International Corporation Universal IM and presence aggregation on technology-specific client
US7734708B1 (en) * 2003-12-22 2010-06-08 Aol Inc. Enabling identification of online identities between different messaging services
US7647375B1 (en) * 2003-12-22 2010-01-12 Aol Llc Enabling mapping identification of online identities between different messaging services
CN101073238A (en) * 2004-02-03 2007-11-14 桑迪士克防护内容解决公司 Protection of digital data content
US20060141981A1 (en) * 2004-12-23 2006-06-29 Motorola, Inc. Universal temporary communication ID with service integration
JP4671332B2 (en) * 2005-03-10 2011-04-13 株式会社日立製作所 File server that converts user identification information
US8028322B2 (en) * 2005-03-14 2011-09-27 Time Warner Cable Inc. Method and apparatus for network content download and recording
US7668871B1 (en) * 2005-04-20 2010-02-23 Network Appliance, Inc. Providing mapped user account information to a storage server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2006134297A2 *

Also Published As

Publication number Publication date
KR20080023251A (en) 2008-03-12
CN101198979A (en) 2008-06-11
WO2006134297A2 (en) 2006-12-21
TW200707323A (en) 2007-02-16
FR2887050A1 (en) 2006-12-15
US20090083838A1 (en) 2009-03-26
WO2006134297A3 (en) 2007-04-05
FR2887050B1 (en) 2007-10-05

Similar Documents

Publication Publication Date Title
EP1153376B1 (en) Telepayment method and system for implementing said method
FR2842059A1 (en) METHOD FOR LOCKING A MOBILE TELECOMMUNICATION TERMINAL
EP0647052A1 (en) Management system for charging of database queries in a telecommunications network
WO2001043092A1 (en) Method and system for managing a secure transaction over a communications network
EP3189485A1 (en) Electronic ticket management
EP1902415A2 (en) Method and system for making secure a transaction in a telecommunication network
EP1894348B1 (en) Method for making secure a transaction in a telecommunication network
EP1190549A2 (en) Method and system for securely accessing a computer server
EP1479212A1 (en) Device and method for intermediation between service providers and their users
FR2927453A1 (en) METHOD AND SYSTEM FOR DISTRIBUTING BANK NOTES FROM A TICKET DISTRIBUTOR
EP1400090A1 (en) Method and device for securing communications in a computer network
EP2260640B1 (en) Packet communication setup between a server and a service entity in a radiocommunication network
FR2795582A1 (en) DEVICE AND METHOD FOR CONTROLLING ACCESS TO AT LEAST ONE SERVICE AVAILABLE FROM A TELECOMMUNICATIONS TERMINAL CONNECTED TO A TELECOMMUNICATIONS NETWORK
EP1992104B1 (en) Authenticating a computer device at user level
EP1321005A1 (en) Method for implanting data on an identifier
EP1264282A2 (en) Computer-assisted ticketing system with multiple operators
FR2887390A1 (en) Payer account e.g. business account, selecting method for use by e.g. law firm, involves typing single command and sending data, triggering communication call to destination number, to mobile terminal, in case of billing authorization
Koskela LICENSE NEGOTIATION SYSTEM FOR MOBILE P2P ENVIRONMENT
FR2818778A1 (en) PAYMENT METHOD AND SYSTEM, AND TELECOMMUNICATIONS EQUIPMENT USED IN THIS SYSTEM
FR2884996A1 (en) Digital file transferring method for e.g. Internet, involves transferring security data in subscriber identity module and non sensible data from one terminal to another and connecting module to latter terminal for exploiting content rights
EP1384366A2 (en) System and method for communication between stations processing common files
EP1518390A1 (en) Method for individualizing a terminal connected to at least one server through a network

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20071113

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20090916

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20100127