Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• • G—PHYSICS
  • G11—INFORMATION STORAGE
  • G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
  • G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
  • G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
• • G—PHYSICS
  • G11—INFORMATION STORAGE
  • G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
  • G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
  • G11B20/10—Digital recording or reproducing
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
  • H04N21/254—Management at additional data server, e.g. shopping server, rights management server
  • H04N21/2541—Rights Management
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/41—Structure of client; Structure of client peripherals
  • H04N21/426—Internal components of the client ; Characteristics thereof
  • H04N21/42646—Internal components of the client ; Characteristics thereof for reading from or writing on a non-volatile solid state storage medium, e.g. DVD, CD-ROM
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
  • H04N21/433—Content storage operation, e.g. storage operation in response to a pause request, caching operations
  • H04N21/4334—Recording operations
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
  • H04N21/442—Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
  • H04N21/44209—Monitoring of downstream path of the transmission network originating from a server, e.g. bandwidth variations of a wireless network
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
  • H04N21/442—Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
  • H04N21/44245—Monitoring the upstream path of the transmission network, e.g. its availability, bandwidth
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
  • H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
  • H04N21/4627—Rights management associated to the content
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
  • H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
  • H04N21/643—Communication protocols
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
  • H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
  • H04N21/835—Generation of protective data, e.g. certificates
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N7/00—Television systems
  • H04N7/16—Analogue secrecy systems; Analogue subscription systems
  • H04N7/173—Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N7/00—Television systems
  • H04N7/24—Systems for the transmission of television signals using pulse code modulation
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N7/00—Television systems
  • H04N7/16—Analogue secrecy systems; Analogue subscription systems
  • H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
  • H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Definitions

• the invention generally relates to an etching method and client device for writing digital data to a blank disc, the digital data being etched to protect against illegal copies.
• the invention relates to a method of burning digital data to a disk having a blank start area and a blank data area by a client device, the digital data being transmitted to the client device by a remote content server by via a distribution network, the client device comprising a network interface, means for establishing an authenticated and secure link with at least one content server, a burner and control means of the burner.
• the invention also relates to a method of distributing digital data to be burned on a blank disc.
• the aim of the invention is to propose an alternative etching method that provides better protection for the rights of owners of multimedia and software contents.
• the subject of the invention is an etching method of the aforementioned type, characterized in that it comprises the following steps performed by the client device: - establish an authenticated and secure connection with the content server;
• the engraving method comprises one or more of the following characteristics: the method further comprises the following steps:
• the method further comprises a step of deleting the authenticated and secure link immediately after the step of burning the first encryption data item;
• the first encryption data is a set comprising the encryption results of a first encryption key by a plurality of keys, the first encryption data being necessary to descramble the content;
• the second encryption data is one or more encryption keys encrypted using the first encryption key, the or each second encryption key being necessary to descramble the content;
• the first encryption key is a disk key and the or each second encryption key is a title key in the sense of the CSS protocol.
• the invention also relates to a method of distributing digital data by a remote content server to at least one client device via a distribution network, the remote content server comprising a network interface, at least one random number generator, a scrambling module, an encryption module, an establishment module; an authenticated and secure link, the client device comprising a network interface, a user interface, means for establishing an authenticated and secure link, a burner and control means of the burner, the digital data being intended to be etched by the client device on a disk having a blank start area and a blank data area, characterized in that it comprises a step of controlling the content server data representative of a content to be burned on the disk by the client device, and the steps of the aforementioned etching method.
• another subject of the invention is a client device adapted to burn digital data on a disk having a blank start area and a blank data area, the digital data being transmitted to the client device by a remote content server by the client.
• a distribution network characterized in that it comprises:
• a network interface for receiving at least a portion of the digital data transmitted by the content server through the authenticated and secure link, said portion of the digital data received comprising a first encryption data item;
• FIG. 1 is a diagram in the form of functional blocks of the system for implementing the methods according to the invention
• FIG. 2 is a diagram illustrating the operations performed by the equipment illustrated in FIG. 1.
• the system 2 allowing the implementation of the methods according to the invention is illustrated schematically in FIG. 1.
• This system 2 comprises a trusted authority 4, a content provider 6 and a client device 8, each adapted to exchange data with a content server 10 remotely via a distribution network 12, such as for example the Internet network.
• a distribution network 12 such as for example the Internet network.
• the trusted authority 4 comprises a secure memory 14 storing a set of master keys MK, an encryption module 16 connected to the memory 14 and to a network interface 18.
• the encryption module 16 is adapted to encrypt a disk key DK by a set of master keys MK stored in the memory 14 to produce a set of secure disk keys SDKs.
• Each set of secure disk keys SDKs is produced from and is associated with a particular disk key DK transmitted by the content server 10, as explained later.
• the network interface 18 is adapted to receive DK disk keys from the content server 10 and to transmit to it secure disk key sets SDKs via the network 12, for example by an authenticated and secure connection SAC (of the English “Secure Authenticated Channel”).
• the content provider 6 comprises a database 20 storing digital data and a network interface 22 enabling the transmission of the digital data to the content server 10 via the network 12, for example by an authenticated and secure connection SAC.
• Digital data is representative of multimedia or software content. These are for example sequences of audio, video, textual data or computer data files used for the implementation of software. These data are protected by copyright and therefore can not be copied or reproduced after burning.
• the digital data is stored in the base 20 in compressed form.
• the client device 8 is generally disposed of in a user who wishes to download and burn on a blank disc 24 digital data representative of multimedia or software content.
• the blank disc 24 is a DVD disc comprising a start zone 26 readable and non-writable by a conventional recorder and a data area 28 readable and writable by a conventional recorder.
• the client device 8 is for example constituted by a computer connected to a burner of a particular type.
• It comprises a network interface 30 connected to a user interface 32 of the keyboard and / or screen and / or remote control type for controlling the content server 10 with digital data.
• the client device 8 further comprises a central unit 34 connected on the one hand to the network interface 30 and on the other hand to an etching module 36 of digital data.
• the central unit 34 is adapted to establish an authenticated and secure connection SAC with the content server 10, via the distribution network 12.
• the central unit 34 is adapted to calculate a session key KS from cryptographic data exchanged with the content server 10. This session key KS will be used to protect the data exchanged with the server 10.
• the protocol for establishing the authenticated and secure connection SAC is for example a standard protocol such as the SSL protocol (of the "Secure Sockets Layer") or a proprietary protocol such as the protocol described in the specifications of the protection system. "Smart Right” trademark, this protocol also being described in US Patent Application No. 10/978162 filed October 29, 2004.
• the establishment of the authenticated and secure connection SAC enables the client device 8 to ensure that it exchanges data with a recognized and legal content server 10 and on the other hand enables the content server 10 to ensure that the client device 8 is a recognized device, legal and ensuring a high level of protection of digital data during the operation of burning them on the blank disc.
• the SAC link protects the exchanged data against any interception and decoding by a pirate device.
• the central unit 34 is able to control the etching module 36 in order to authorize or prohibit the etching of digital data on the blank disk 24 as a function of the existence or the absence of establishment of a link authenticated and secure SAC.
• data can be etched on the starting area 26 of the blank disk only after the establishment of the authenticated and secure connection SAC and while it is validly established.
• the burning of data on the data zone 28 of the blank disk 24 is authorized even in the absence of establishment of the authenticated and secure link.
• the etching module 36 is adapted to burn data on both the start area 26 and the data area 28 of the blank disk 24.
• the content server 10 includes a content base 38, a network interface 40, and a processor 42 for providing the client device 8 with the digital data controlled by it.
• the content base 38 is suitable for storing digital data representative of multimedia or software contents.
• the processor 42 is able to search for digital data in the content base 38 from an ICM identification thereof, as explained later.
• the processor 42 transmits a request to request this data to the content provider 6 which sends the requested data via the distribution network 12, for example via a link authenticated and secure SAC, so that these data are stored in the content base 38.
• the content server 10 is able to scramble the digital data according to the DVB CSS (English “Digital Video Broadcasting Content Scrambling System “literally meaning” digital video streaming content scrambling system ").
• the content server 10 further comprises a first generator 44 connected to an encryption database 46 and to the network interface 40.
• the first generator 44 is capable of producing random numbers capable of constituting DK disk keys and of transmitting them on the one hand to the trusted authority 4 via the interface 40 and the network 12 and, on the other hand, to the encryption database 46.
• the encryption database 46 comprises a correspondence table adapted to store DK disk keys and sets of secure disk keys SDKs each corresponding to a disk key DK and obtained by encryption thereof by the trusted authority 4.
• the content server 10 further comprises a second generator 48 connected to a scrambling module 50 and an encryption module 52.
• the second generator 48 is capable of generating random numbers capable of constituting key titles TK.
• the scrambling module 50 is connected to the content base 38 and the network interface 40 to scramble the digital data from the base 38 using TK key keys from the generator 48 and to transmit to the client device 8 the scrambled digital data E ⁇ (C).
• the encryption module 52 is connected to the encryption database 46 and to the network interface 40. It is able to encrypt the TK title keys using a disk key DK and to transmit to the client device 8 the key titles thus encrypted E D "(TK).
• the content server 10 further comprises a control module 54 adapted to establish or delete the authenticated and secure connection SAC with the client device 8.
• the control module 54 is capable of constructing during the establishment of each authenticated and secure connection SAC a new session key KS using cryptographic data exchanged with the client device 8.
• This session key KS is used by the client.
• control module 54 to protect the data exchanged with the client device 8.
• This session key KS is identical to the session key calculated by the device 8.
• the control module 54 is also able to search the encryption database 46 for all the secured disk keys. SDKs associated with the disk key DK that was used to encrypt the TK title keys and to send it to the client device, when the authenticated and secure connection SAC has been established.
• FIG. 2 The steps of the methods according to the invention are illustrated in FIG. 2 by three axes of the time t and by arrows illustrating the exchanges between the content server 10, the trusted authority 4 and the client device 8 as well as the steps of treatment performed by these equipments.
• Steps 60 to 68 described below are performed prior to any control of a multimedia or software content by a user.
• the first random number generator 44 of the content server 10 generates disk keys DK.
• step 62 the generated disk keys DK are transmitted to the encryption module 16 of the trusted authority through the network 12, for example by an authenticated and secure connection SAC.
• the same disk keys DK generated by the first generator 44 are transmitted to the encryption database 46.
• step 64 the encryption module 16 encrypts the received DK disk keys using the master keys MK stored in the memory 14 to produce sets of secure disk keys SDKs.
• step 66 the sets of the secured disk keys
• SDKs are transmitted from the encryption module 16 to the encryption database 46 of the content server.
• step 68 the secure disk key sets
• SDKs are stored in the encryption database 46 in a look-up table so that each set of SDKs secured disk keys is associated with the disk key DK that has been used to produce the set of secure disk keys SDKs.
• the user wishing to purchase a multimedia or software content to be burned on a blank disk 24 connects using the user interface 32 of the client device to the content server 10 and searches for the multimedia content or software of his choice.
• the command established by the client is transmitted from the client device 8 to the content server 10, via the network 12.
• the second generator 48 of the content server 10 produces TK title keys that will be used to scramble the video content controlled by the user.
• the processor 42 searches the content base 38 for the video content controlled using the ICM identification.
• step 78 the scrambling module 50 retrieves the found video content (76) in the content base 38 and scrambles it using the TK title keys produced (74) by the second generator 48.
• the encryption module 52 encrypts the title keys TK using a specific disk key DK from the encryption database 46.
• the control module 54 authenticates the client device 8.
• the central unit 34 of the client device authenticates the content server 10 so as to establish an authenticated and secure link SAC between the client device 8 and the content server 10.
• the client device 8 central unit 34 of the client device and the control module 54 of the content server each calculate a session key KS
• This session key KS will be used by the module 54 to encrypt the data to be transmitted and thus send these data in an authenticated connection and secure.
• This same session key will be used by the central unit 34 to decode the received data, sent by the server 10.
• the control module 54 of the content server looks in the encryption database 46 for all the secured disk keys SDKs corresponding to the disk key DK used to encrypt the title keys TK during step 80. Then, the control module 54 transmits all the secured disk keys SDKs to the client device 8.
• the central unit 34 checks whether the authenticated and secure connection is well established and if and only if this is the case, authorizes the burning on the data zone 28 of all the secured disk keys SDKs received by the client device 8.
• the burning module 36 engraves all the secure disk keys SDKs on the starting area 26 of the blank disk 24.
• the set of secure disk keys SDKs is etched as and when and the reception of the data by the central unit 34. During this burning, the central unit 34 continues to check if the authenticated and secure connection is well established.
• the central unit 34 of the client device deletes the authenticated and secure connection SAC.
• the video content scrambled with the title keys E ⁇ (C) and the title keys encrypted by the disk key EDK (TK) are transmitted from the content server 10 to the client device 8.
• the central unit 34 of the client device authorizes the etching module 36 to write data to the data area 28 of the disk.
• the scrambled video content E ⁇ (C) and the encrypted title keys E D ⁇ (TK) are etched on the data area by the etching module 36. It will be noted that, even in the absence of the authenticated and secure connection SAC between the content server 10 and the client device 8, it is possible to burn in the data area of the disc scrambled content and encrypted securities keys.
• the central unit 34 of the client device 8 prohibits the etching module 36 from burning any data on the starting zone 26 of the disk.
• the client device 8 is an engraver comprising a human machine interface and a central unit.
• the client device comprises a first etching module connected to the central unit and capable of etching data only in the start zone and during the existence of an authenticated and secure connection SAC and a second etching module as well. connected to the CPU is able to burn data into the data area even in the absence of the authenticated and secure SAC link.
• the central unit is adapted to transmit the digital data to the first or second burning module according to the type of data it receives.
• the DVD disc is DVD-R, DVD-RW, DVD + R, DVD + RW or DVD-RAM.
• the CSS Content Scrambling System
• CPPM Content Protection for Prerecorded Media
• CPRM Content Protection for Recordable Media
• BD-CPS Blu-ray Disc Copy Protection System (“Blue-ray Disc Copy")
• Advanced Access Content System means “high-definition content access system”) for high definition HD DVD discs and "Vidi” system for DVD + R / + RW type discs.
• such an engraving method is more secure.

Landscapes

• Engineering & Computer Science (AREA)
• Signal Processing (AREA)
• Multimedia (AREA)
• Databases & Information Systems (AREA)
• Computer Security & Cryptography (AREA)
• Computer Networks & Wireless Communication (AREA)
• Theoretical Computer Science (AREA)
• Software Systems (AREA)
• General Physics & Mathematics (AREA)
• General Engineering & Computer Science (AREA)
• Physics & Mathematics (AREA)
• Computer Hardware Design (AREA)
• Signal Processing For Digital Recording And Reproducing (AREA)
• Storage Device Security (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=37251411

Family Applications (1)

Country Status (7)

Families Citing this family (5)

Family Cites Families (21)

• 2006
  • 2006-01-31 FR FR0600880A patent/FR2896907A1/fr active Pending
• 2007
  • 2007-01-31 EP EP07730896A patent/EP1979904A2/fr not_active Withdrawn
  • 2007-01-31 KR KR1020087018785A patent/KR101420886B1/ko not_active IP Right Cessation
  • 2007-01-31 US US12/223,435 patent/US8627059B2/en not_active Expired - Fee Related
  • 2007-01-31 CN CN2007800038007A patent/CN101375334B/zh not_active Expired - Fee Related
  • 2007-01-31 WO PCT/FR2007/000179 patent/WO2007088273A2/fr active Application Filing
  • 2007-01-31 JP JP2008552846A patent/JP5148513B2/ja not_active Expired - Fee Related

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events