GB2367925A - Digital rights management - Google Patents

Digital rights management Download PDF

Info

Publication number
GB2367925A
GB2367925A GB0112628A GB0112628A GB2367925A GB 2367925 A GB2367925 A GB 2367925A GB 0112628 A GB0112628 A GB 0112628A GB 0112628 A GB0112628 A GB 0112628A GB 2367925 A GB2367925 A GB 2367925A
Authority
GB
United Kingdom
Prior art keywords
drm
mobile device
content
rights
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0112628A
Other versions
GB2367925B (en
GB0112628D0 (en
GB2367925A9 (en
Inventor
Martin Richard Lambert
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sealedmedia Ltd
Original Assignee
Sealedmedia Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sealedmedia Ltd filed Critical Sealedmedia Ltd
Priority to GB0416497A priority Critical patent/GB2400952B/en
Publication of GB0112628D0 publication Critical patent/GB0112628D0/en
Publication of GB2367925A publication Critical patent/GB2367925A/en
Publication of GB2367925A9 publication Critical patent/GB2367925A9/en
Application granted granted Critical
Publication of GB2367925B publication Critical patent/GB2367925B/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1014Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/4104Peripherals receiving signals from specially adapted client devices
    • H04N21/4126The peripheral being portable, e.g. PDAs or mobile phones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/61Network physical structure; Signal processing
    • H04N21/6156Network physical structure; Signal processing specially adapted to the upstream path of the transmission network
    • H04N21/6181Network physical structure; Signal processing specially adapted to the upstream path of the transmission network involving transmission via a mobile phone network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72409User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72409User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
    • H04M1/72412User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories using two-way short-range wireless interfaces

Abstract

Digital rights (110) are associated with a semi-unique node identifier obtained or calculated from characteristics of a mobile device (302) attached to a consumer device, rather than with the node identifier of the consumer device itself (106,206). The user of the consumer device (106,206) may access the digital rights management encrypted content (which may come from local persistent storage or a network) by attaching the mobile device (302) to the consumer device (106,206). In this way, the rights can be associated with the node identifier of the mobile device (302), and the rights are thus usable for the consumer device to access the encrypted content.

Description

2367925 DIGITAL RIGHTS MANAGEMENT
The present invention is in the field of digital rights management (DRM). The present invention has
5 particular applicability to node locking in the context of mobile devices.
If there is to be a viable commerce based upon the electronic distribution of valuable multimedia content 10 (such as for example reports, images, music tracks, videos, etc.), then there must be some means of enforcing and retaining copyright control over the electronic content. There is now emerging a set of hardware and software solutions, generically known as digital rights management 15 (DRM) solutions, that aim to provide this copyright control while, to a varying degree, also enabling new commercial models suited to the Internet and electronic delivery. Common to virtually all these solutions is the requirement that the multimedia content files be distributed within a 20 persistent tamperproof encryption wrapper (the idea being that a million copies of encrypted content is.no more valuable than one). Very simply, DRM works by carefully providing the consumers of this encrypted content with secret decryption keys that provide temporary access to the 25 content for some controlled purpose, e.g. viewing, printing, playing, etc. without ever providing access to the raw decrypted content that could be used for unauthorised reuse or redistribution.
30 Figure I illustrates schematically an overview of how typical DRM systems work. Referring to Figure 1, a "publisher" of digital content seals their digital content files, buffers or streams within a layer of encryption and digital signatures into a DRM-encrypted content format 102. The encryption makes it difficult for-malicious consumers to obtain access to the raw decrypted content (and make. unauthorised copies for redistribution). The digital 5 signatures prevent malicious consumers from tampering with the encrypted content format (perhaps to pass off the content as their own) by enabling the DRM system to detect the smallest change to the encrypted content. The DRMencrypted content 102 can then be delivered to consumers 10 via any electronic distribution medium 104, e.g. web, ftp, email, CD- ROM, etc. The publisher need not worry about protecting the DRM-encrypted content 102 in transit to the consumer since it is inherently protected by its encryption layer and digital signatures.
Less sophisticated DRM systems sometimes bundle individual consumer access rights with the content, either within the encryption layer or at least protected by the digital signatures. The advantage of bundling rights with 20 the content is that the consumer can obtain both the content and the rights at the same time. Disadvantages include extreme inflexibility in the rights management policies that can be implemented and an enormous versioning problem (since there needs to be a separate version of the.
25 encrypted content file 102 for each consumer and a new version of the encrypted content whenever the rights change).
More sophisticated DRM systems deliver the rights 30 separately from the content (from a DRM server 108). The rights are encoded in some electronic format 11o (i.e. electronic "rights") and specify the permitted relationship between consumers and DRM-encrypted content sets (and subsets), e.g. which content the consumer can access, what they are permitted to do with it (e.g. printing), and for how long.
5 A specialised viewer (the DRM client 106) resident on the consumer device is required to obtain, manage and interpret the rights, temporarily decrypt the encrypted content and view/play it within a secure environment (so that the consumer cannot obtain access to the raw decrypted 10 content or the decryption keys) subject to the restrictions implied by the consumer's rights (e.g. view but do not print a document). The DRM server 108 is responsible for issuing rights to requesting DRM clients 106. Current DRM systems typically issue rights to authenticated consumers 15 at the time of purchase (or grant) and the rights are transferred to permanent storage on the consumer device 106. The DRM server 108 plays no further role in the ongoing use of those rights.
20 In general, "content sets" can be thought of as a related set of one or more digital content files, buffers or streams. In general, "rights" can be thought of as an electronic description (explicit or by implication) of the association between consumers (or consumer devices) and 25 DRM-protected content sets. Rights can optionally specify means of identifying the consumer (or consumer device) to which the rights "belong"; means of identifying the content sets and subsets to which the rights apply; encryption keys and checksums (cryptographic or otherwise); and the 30 specific access rights granted to the consumers (and/or their consumer devices) over those content sets (e.g. whether or not the consumer can print a document, the duration of access, etc.). Rights can be encoded in any machine-readable form'(e.g. parsable languages, specialised data structures, etc.) and are used internally by the DRM system to grant, deny or meter consumer access to encrypted content. In general, "node locks" can be thought of as 5 rights that are tied to a particular consumer device or "node", i.e. rights that will only provide access to DRMencrypted content on one particular consumer device.
It is preferable for a DRM system to issue rights to a 10 consumer for the shortest possible time: the rights are preferably issued at the time the consumer actually attempts to access the encrypted content and preferably removed from the consumer device as soon thereafter as possible. In preferred implementations, this implies that 15 the rights are stored on a remote server hosted on a network (e.g., the Internet or an intranet). The consumer identifies herself to the local DRM system which transparently opens network connections to the remote server to obtain the rights which are then used to decrypt 20 and access the encrypted content.
one problem with issuing rights at the time of access attempt is that many consumers may not have an Internet (or intranet) connection at the time they wish to access the 25 encrypted content, perhaps due to being on a flight with a laptop computer onto which encrypted content has been downloaded. If the rights are stored on a remote networked server, the consumer in this case (for flights lacking network connections) cannot connect to the DRM server and 30 therefore cannot access the encrypted content. This lack of guaranteed Internet (or intranet) access has led many DRM solution providers to store the consumer's rights on the fixed or removable disk drives of the consumer device.
Storing the rights on the consumer device, however, creates another drawback in that it becomes trivial for the consumer to redistribute the stored rights on to other consumers and therefore defeat the basic copyright 5 protection of the DRM system.
In order to overcome this drawback, typical DRM solutions that store the rights on the consumer device implement a "node-lock", i.e. rights that are that somehow 10 tied to the consumer device and cannot therefore be usefully copied to another device. Figure 2 illustrates schematically the basic "node-lock" concept in the context of consumers attempting to access DRM-encrypted content on two consumer devices 106 and 206 (for example, personal 15 computers). The assumption is that there are DRM clients installed on both consumer devices 106 and 206 and that the DRM-encrypted content is either stored locally or obtained from a network. In order to obtain access to DRM-protected content on consumer device 106, the locally installed DRM 20 client obtains rights 110 from a remote DRM server 108. As part of the DRM transaction, those rights 110 are "locked" to a pseudoor semi- unique node identifier obtained or calculated from characteristics of consumer device 106. The "locked" rights 106 are then stored in persistent 25 storage belonging to consumer device 106. Subsequent use of the locally stored rights 110 involve the DRM client on consumer device 106 re-obtaining or re-calculating the node identifier of consumer device 106 and checking that it matches the value to which the rights 110 were originally 30 locked. Transferring the "node-locked" rights to persistent storage on consumer device 206 renders them ineffective since, depending upon the nature of the node identifier, there is very little chance that the DRM client on consumer device 206 will obtain or calculate a node identifier (for consumer device 206) that matches that of the transferred rights (which are locked to the node identifier of consumer device 106).
Thus, a disadvantage with node-locked rights is that the consumer is now restricted to accessing the DRMencrypted content on one (or at most a few) consumer devices. This is increasingly bothersome as consumers 10 become increasingly mobile and migrate between business desktop machines, laptops, palmtops and home computers. The increasing availability of network-enabled computers, any of which can be used to access Internet or intranet hosted services, makes simple node-locking closely resemble 15 the much despised PC copy-lock software protection schemes.
What is desired, then, is to extend the concept of node locking to account for an increasingly mobile consumer community.
According to a first aspect of the present invention, there is provided a digital rights management (DRM) system governing whether DRM-protected content can be rendered on a content rendering device, wherein at least one rights 25 specification governing access to DRM-protected content on the content rendering device is tied to a first node identifier that is based on a characteristic of a mobile device coupleable to the content rendering device, the system comprising: a DRM client arranged to operate within
30 the content rendering device and which has access to the at least one rights specification governing access to the DRMprotected content; wherein the at least one rights specification is restricted to apply to at least one node identifier; the DRM client being arranged to retrieve said characteristic of a mobile device coupleable to the content rendering device, to generate the first node identifier based on said characteristic, and to check that the first 5 node identifier matches the or at least one node identifier to which the at least one rights specification is restricted; herein access to the DRM-protected content by the content rendering device is granted subject to the at least one rights specification available to the DRM client
10 and subject to the first node identifier matching the or at least one node identifier to which the at least one rights specification is restricted.
According to a second aspect of the present invention, 15 there is provided a method of accessing digital rights management (DRM) protected content for rendering by a content rendering device, wherein at least one rights specification governing access to the DRM-protected content on the content rendering device is tied to a first node
20 identifier that is based on a characteristic of a mobile device coupleable to the content rendering device, the at least one rights specification being restricted to apply to at least one node identifier, the method comprising the steps of: retrieving from a mobile device coupled to the
25 content rendering device said characteristic of the mobile device coupled to the content rendering device; generating the first node identifier based on said characteristic; and, checking that the first node identifier matches the or at least one node identifier to which the at least one 30 rights specification is restricted; wherein access to the DRM- protected content by the content rendering device is granted subject to the at least one rights specification available to the DRM client and subject to the first node identifier matching the or at least one node identifier to which the at least one rights specification is restricted.
According to a third aspect of the present invention, 5 there is provided a digital rights management (DRM) system governing whether DRM-protected content can be rendered on a content rendering device, wherein at least one rights specification governing access to DRM- protected content on the content rendering device is obtained from a mobile
10 device coupleable to the content rendering device, the system comprising: a DRM client arranged to operate within the content rendering device that is to retrieve from the mobile device the at least one rights specification applying to the DRM-protected content which the content
15 rendering device is attempting to render; wherein access to the DRMprotected content by the content rendering device is granted subject to the at least one rights specification obtained by the DRM client from the mobile device.
According to a fourth aspect of the present invention, there is provided a method of accessing digital rights management (DRM) protected content for rendering by a content rendering device, wherein at least one rights 25 specification governing access to DRM-protected content on the content rendering device is obtained from a mobile device coupleable to the content rendering device, the method comprising the steps of: retrieving from the mobile device the at least one rights specification applying to
30 the DRM-protected content which the content rendering device is attempting to render; wherein access to the DRMprotected content by the content rendering device is granted subject to the at least one rights specification obtained from the mobile device.
According to a fifth aspect of the present invention, 5 there is provided a digital rights management (DRM) system for managing access to content on a content rendering device that is coupled to a wireless device that is coupled to a wireless network, wherein usage of the wireless device on the wireless network produces billing information that 10 is accounted for by a billing system, the system comprising: a DRM server for coupling to a said wireless network and arranged to provide at least one rights specification for gaining access to content on a said content rendering device, the DRM server being arranged to
15 account for usage of the DRM-protected content and to provide billing information based on the usage of the DRMprotected content to a said billing system, such that the said billing system can consolidate billing information based on the usage of the DRM-protected content with 20 billing information based on the usage of the wireless device.
In accordance with one preferred embodiment of the present invention, rights are associated with a pseudo- or- 25 semi-unique node identifier obtained or calculated from characteristics of a mobile device attached to a consumer device, rather than with the node identifier of the consumer device itself. The user of the consumer device may access the DRM-encrypted content (which may come from 30 local persistent storage or via a network) by attaching the mobile device to the consumer device. In this way, the rights can be associated with the node identifier of the mobile device, and the rights are thus usable for the consumer device to access the encrypted content.
Embodiments of the present invention will now be 5 described by way of example with reference to the accompanying drawings, in which:
Figure 1 illustrates schematically an overview of a prior art DRM approach;
Figure 2 illustrates schematically limitations of prior art node locking;
Figure 3 illustrates schematically an example of an 15 embodiment in accordance with the present invention for mobile device lock authentication; Figure 4 illustrates schematically a variation the Figure 3 embodiment, whereby the rights are stored on the 20 mobile device used for authentication; Figure 5 illustrates an example of mobile device lock authentication making use of a wireless network in accordance with an embodiment of the present invention; 25 and, Figure 6 illustrates an example of mobile device lock authentication making use of smart cards in accordance with an embodiment of the present invention.
Referring first to Figure 3, this figure illustrates schematically an embodiment of the present invention that is similar to the conventional node-locked solution illustrated in Figure 2. However, in accordance with the Figure 3 embodiment of the invention, the rights 110 are associated (as part of the transaction with the DRM server 108) with a semi-unique node identifier obtained or 5 calculated from characteristics of a mobile device 302 attached to a consumer device 106 (e.g. a pers onal computer), rather than with the node identifier of the consumer device 106. Note that DRM server as referred to herein refers to just DRM server software or both DRM 10 server software and hardware. Thus, the user of the consumer device 106 may access the DRM-encrypted content (which may come from local persistent storage 202 or the network) by attaching the mobile device 302 to the consumer device 106. In this way, the rights 110 can be associated 15 with the node identifier of the mobile device 302, and the rights 110 are thus usable for the consumer device 106 to access the encrypted content.
The consumer device 106 may be, for example, a 20 personal computer, a set-top box or any other consumer device not typically carried on a consumer's person. The mobile device 302 may be, for example: a palmtop (e.g. Palm Pilot) computer, a cellular phone, a portable audio device, or other mobile device. in one embodiment, the 25 mobile device is a mobile communications device having means by which the mobile device can connect to a telecommunications network, such connection being optionally wireless or cabled. Some form of consumer identity can be deduced from each of these devices, e.g.
30 the telephone number of the mobile telephone, a synchronisation id or email address from the palmtop or a security id from a portable audio device. In this embodiment, a new type of node-locked rights is stored on the consumer device, one that is tied to the mobile device attached to the consumer device rather than to the consumer device itself. The new type of rights contain some information about the mobile device and can only be used by 5 the local DRM solution if it can verify (preferably via some electronic challenge and response protocol with the mobile device) that the correct mobile device is attached to the consumer device.
10 In another embodiment, the rights locked to the mobile device can only be used by the local DRM solution within a configurable time period of it last verifying (via some electronic challenge and response protocol with the mobile device) that the correct mobile device was attached to the 15 consumer device, so that the mobile device does not need to be permanently connected to the consumer device.
Advantages of this new type of node-locked rights include (a) that the consumer can now access encrypted 20 content on any device to which the mobile device can be attached; (b) that the consumer cannot easily make copies of the mobile device and thereby defeat the DRM solution; (c) that the consumer no longer requires a network connection once the rights are stored on the consumer 25 device; (d) mobile devices are inherently less vulnerable to tampering than many consumer devices, e.g. personal computers.
In accordance with further embodiments, as illustrated 30 in Figure 4, the rights 110 are stored in the persistent storage (e.g. non-volatile RAM) of the mobile device 302 itself, as such devices are routinely coupled to consumer devices (e.g. personal computers) such that the storage in the mobile device is acce ssible to the consumer device. For example, mobile telephones are connectable to personal computers in order to provide the personal computer with.a wireless data modem connection. Palmtop computers are 5 connectable to personal computers to synchronise email, contact and scheduling information. Portable audio players (e.g. portable MP3 players) are connectable to personal computers for transferring audio tracks downloaded from the Internet to the portable device.
Some form of consumer identity can be deduced from each of these devices, e.g. the telephone number or network address of the mobile telephone, a synchronisation id or email address from the palmtop computer, or a security id 15 from a portable audio device. In addition, each of these devices has some form of persistent on-device storage, e.g. Sim cards on mobile telephones, battery-backed RAM on palmtop computers, flash RAM on portable audio players. The rights stored in the persistent on-device storage in this 20 embodiment may include some information about the mobile device, and the rights can only be used by the local DRM solution if it can be verified (by, for example, some electronic challenge and response protocol with the mobile device) that the rights are stored on the correct mobile 25 device attached to the consumer device, using the node identifier obtained or calculated from characteristics of the mobile device. In similar but alternative embodiments, the rights 110 are stored on a removable secondary storage medium (capable of being read by either the consumer device 30 or the mobile device) such as a floppy disk or a removable memory card or pack.
In another embodiment, the rights obtained from the mobile device can only be used by the local DRM solution on the consumer device within a configurable time period of it last verifying (via some electronic challenge and response 5 protocol with the mobile device) that the mobile device from which the rights were obtained was attached to the consumer device, so that the mobile device does not need to be permanently connected to the consumer device.
10 In accordance with further embodiments, discussed with reference to Figure 5, wireless network capabilities are used to enhance the effectiveness of a mobile device locking solution. There is a trend to unify wireless network capabilities with mobile computing devices (whether 15 general purpose or special purpose computing devices). As discussed above, these mobile devices typically provide reasonable verification that the holder of the device is an authorised rights user, because wireless mobile devices must have a unique network address (such as a telephone 20 number) in order to route communication traffic to/from the wireless mobile device and this address is closely tied to the holder of the device. Furthermore, mobile telephones already make periodic communication to a local cell (designated by reference numeral 502 in Figure 5) and are 25 inherently networked devices.
In accordance with these further embodiments, the wireless connection (either using on-demand dial-up connections or via the background cell communications) is
30 used for obtaining, refreshing or relinquishing rights to/from a remote DRM server. In practical DRM applications, DRM clients must obtain rights from a DRM server, may sometimes refresh (effectively re-request) -Isthose rights from a DRM server in order to prevent them relapsing to the DRM server and being issued to other DRM clients, and may relinquish those rights back to a DRM. servers when they are no longer required (so that they may 5 be issued to other DRM clients). The wireless connection can also be used to obtain a trusted clock signal from a central server (not necessarily the DRM server) which can be used to reliably control start and stop times for DRMmanaged access. Such control is reliable because the clock 10 obtained from for example the cellular system is a trusted clock (as opposed to a clock on the computing device that can often be manipulated by the user). Furthermore, the wireless connection can also be used to send auditing information to a central server for reporting and/or 15 billing of use of DRM-protected content. In addition, mobile telephones already have established billing channels, so access to encrypted information is relatively easily added onto the consumer's telephone bill, providing detailed usage reporting and providing a means for clearing 20 the smallest payments (i.e. an effective micropayment system, where small individual DRM charges are included within the larger consolidated telephone bill).
in accordance with yet another embodiment, illustrated 25 in Figure 6, the rights 110 provided from the DRM server 108 are stored on a "smart card" 602, the smart card 602 is used to authenticate the user, or acombination of both. Thus, any DRM-enabled consumer device (such as consumer device 106 and consumer device 206) may employ the rights 30 to access DRM-encrypted content so long as access to the smart card is provided to the consumer device via a smart card reader 604.
In accordance with the Figure 6 embodiment, the consumer can now access DRM-encrypted content on any DRMenabled consumer device on which the smart card can be 5 read. In addition, the consumer cannot easily make copies of the smart card and thereby defeat the DRM solution. The need for a network connection is minimised or eliminated.
In accordance with the invention, mobile devices are 10 used to enhance conventional DRM solutions, to accommodate the increasing mobility of DRM users without diminishing (and in some cases, enhancing) the security aspects of the DRM system.
is Embodiments of the present invention have been described with particular reference to the examples illustrated. However, it will be appreciated that variations and modifications may be made to the examples described within the scope of the present invention.

Claims (1)

1. A digital rights management (DRM) system governing whether DRM-protected content can be rendered on a content 5 rendering device, wherein at least one rights specification governing access to DRM-protected content on the content rendering device is tied to a first node identifier that is based on a characteristic of a mobile device coupleable to the content rendering device, the system comprising:
10 a DRM client arranged to operate within the content rendering device and which has access to the at least one rights specification governing access to the DRM-protected content; wherein the at least one rights specification is is restricted to apply to at least one node identifier; the DRM client being arranged to retrieve said characteristic of a mobile device coupleable to the content rendering device, to generate the first node identifier based on said characteristic, and to check that the first node identifier matches the or at least one node identifier to which the at least one rights specification is restricted; wherein access to the DRM-protected content by the content rendering device is granted subject to the at least 25 one rights specification available to the DRM client and subject to the first node identifier matching the or at least one node identifier to which the at least one rights specification is restricted.
30 2. A system according to claim 1, wherein the DRM client is arranged to deny access when the mobile device is not coupled to the content rendering device.
3. A system according to claim 1, wherein the DRM client is arranged to deny access to DRM-protected content after a configurable time period elapses after the DRM client 5 detects that the mobile device is no longer coupled to the content rendering device.
4. A system according to any of claims I to 3, wherein the mobile device is a smart card that is readable by a 10 smart card reader coupled to the content rendering device.
5. A system according to any of claims 1 to 3, wherein the mobile device has a wireless networking capability.
15 6. A system according to claim 5, wherein the first node identifier for the mobile device is based on a network address of the mobile device.
7. A system according to claim 5 or claim 6, wherein the 20 DRM client is arranged to receive a trusted clock by way of the mobile device.
8. A system according to any of claims 5 to 7, wherein the DRM client is arranged to obtain at least one rights 25 specification from a DRM server by way of the mobile device.
9. A system according to any of claims 5 to 8, wherein the DRM client is arranged to relinquish at least one 30 rights specification to a DRM server by way of the mobile device.
19- 10. A system according to any of claims 5 to 9, wherein the DRM client is arranged to send auditing information to a DRM server by way of the mobile device.
5 11. A method of accessing digital rights management (DRM) protected content for rendering by a content rendering device, wherein at least one rights specification governing access to the DRM-protected content on the content rendering device is tied to a first node identifier that is based on a characteristic of a mobile device coupleable to the content rendering device, the at least one rights specification being restricted to apply to at least one node identifier, the method comprising the steps of: retrieving from a mobile device coupled to the content rendering device said characteristic of the mobile device coupled to the content rendering device; generating the first node identifier based on said characteristic; and, checking that the first node identifier matches the or at least one node identifier to which the at least one rights specification is restricted; wherein access to the DRM-protected content by the content rendering device is granted subject to the at least one rights specification available to the DRM client and 25 subject to the first node identifier matching the or at least one node identifier to which the at least one rights specification is restricted.
12. A method according to claim 11, wherein access to the 30 DRM-protected content is denied when the mobile device is not coupled to the content rendering device.
13. A method according to claim 11, wherein access to the DRM-protected content is denied after a configurable time period elapses after the mobile device is no longer coupled to the content rendering device.
14. A method according to any of claims 11 to 13, comprising the step of obtaining the at least one rights specification from a DRM server by way of the mobile device.
15. A method according to claim 14, comprising the step of storing the at least one rights specification on the mobile device such that the at least one rights specification can be obtained on demand from the mobile device without requiring the mobile device to connect to the DRM server.
16. A method according to any of claims 11 to 15, comprising the step of relinquishing the at least one rights specification to a DRM server by way of the mobile device.
17. A method according to any of claims 11 to 16, comprising the step of sending auditing information to a DRM server by way of the mobile device.
18. A digital rights management (DRM) system governing whether DRMprotected content can be rendered on a content rendering device, wherein at least one rights specification governing access to DRM-protected content on the content 30 rendering device is obtained from a mobile device coupleable to the content rendering device, the system comprising:
a DRM client arranged to operate within the content rendering device that is to retrieve from the mobile device the at least one rights specification applying to the DRMprotected content which the content rendering device is attempting to render; wherein access to the DRM-protected content by the content rendering device is granted subject to the at least one rights specification obtained by the DRM client from the mobile device.
19. A system according to claim 18, wherein the at least one rights specification obtained from the mobile device is tied to the node identifier of the mobile device, thereby preventing the at least one rights specification from being obtained from another mobile device.
20. A system according to claim 18 or claim 19, wherein the mobile device contains a tamper-proofing mechanism to prevent unauthorised access to the at least one rights specification.
21. A system according to any of claims 18 to 20, wherein the DRM client on the content rendering device and the mobile device are arranged to use a challenge-response protocol to establish trust between them.
22. A system according to any of claims 18 to 21, wherein the DRM client is arranged to deny access to the DRM protected content after a predetermined time period elapses 30 after the DRM client detects that the mobile device is no longer coupled to the content rendering device.
23. A system according to any of claims 18 to 22, wherein the mobile device is a smart card that is readable by a smart card reader coupled to the content rendering device.
5 24. A system according to any of claims 18 to 22, wherein the mobile device has a wireless networking capability.
25. A system according to claim 24, wherein the DRM client is arranged to establish a consumer identity based upon a network address of the mobile device.
26. A system according to claim 24 or claim 25, wherein the DRM client is arranged to receive a trusted clock by way of the mobile device.
27. A system according to any of claims 24 to 26, wherein the DRM client is arranged to obtain at least one rights specification from a DRM server by way of the mobile device.
28. A system according to any of claims 24 to 27, wherein the DRM client is arranged to relinquish at least one rights specification to a DRM server by way of the mobile device.
29. A system according to any of claims 24 to 28, wherein the DRM client is arranged to send auditing information to a DRM server by way of the mobile device.
30 30. A method of accessing digital rights management (DRM) protected content for rendering by a content rendering device, wherein at least one rights specification governing access to DRM-protected content on the content rendering device is obtained from a mobile device coupleable to the content rendering device, the method comprising the steps of: retrieving from the mobile device the at least one rights specification applying to the DRM-protected content which the content rendering device is attempting to render; wherein access to the DRM-protected content by the content rendering device is granted subject to the at least one rights specification obtained from the mobile device.
31. A method according to claim 30, wherein the at least one rights specification obtained from the mobile device is tied to the node identifier of the mobile device, thereby preventing the at least one rights specification from being obtained from another mobile device.
32. A method according to claim 30 or claim 31, wherein access to the DRM-protected content is denied after a predetermined time period elapses after the mobile device is no longer coupled to the content rendering device.
33. A method according to any of claims 30 to 32, comprising the step of obtaining the at least one rights specification from a DRM server by way of the mobile 25 device.
34. A method according to claim 33, comprising the step of storing the at least one rights specification on the mobile device such that the at least one rights specification can 30 be obtained on demand from the mobile device without requiring the mobile device to connect to the DRM server.
35. A method according to any of claims 30 to 34, comprising the step of relinquishing the at least one rights specification to a DRM server by way of the mobile device.
36. A method according to any of claims 30 to 35, comprising the step of sending auditing information to a DRM server by way of the mobile device.
10 37. A digital rights management (DRM) system for managing access to content on a content rendering device that is coupled to a wireless device that is coupled to a wireless network, wherein usage of the wireless device on the wireless network produces billing information that is accounted for by a billing system, the system comprising: a DRM server for coupling to a said wireless network and arranged to provide at least one rights specification for gaining access to content on a said content rendering device, the DRM server being arranged to account for usage 20 of the DRM-protected content and to provide billing information based on the usage of the DRM-protected content to a said billing system, such that the said billing system can consolidate billing information based on the usage of the DRM-protected content with billing information based on 25 the usage of the wireless device.
38. A system according to claim 37, wherein the billing information based upon the usage of the DRM-protected content is the basis for a micro-payments system.
39. A digital rights management (DRM) system governing whether DRMprotected content can be rendered on a content rendering device, substantially in accordance with any of the examples as hereinbefore described with reference to and as illustrated by the accompanying drawings.
40. A method of accessing digital rights management (DRM) 5 protected content for rendering by a content rendering device, substantially in accordance with any of the examples as hereinbefore described with reference to and as illustrated by the accompanying drawings.
GB0112628A 2000-05-25 2001-05-23 Digital rights management Expired - Lifetime GB2367925B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0416497A GB2400952B (en) 2000-05-25 2001-05-23 Digital rights management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GBGB0012791.0A GB0012791D0 (en) 2000-05-25 2000-05-25 Mobile node-lock

Publications (4)

Publication Number Publication Date
GB0112628D0 GB0112628D0 (en) 2001-07-18
GB2367925A true GB2367925A (en) 2002-04-17
GB2367925A9 GB2367925A9 (en) 2002-04-17
GB2367925B GB2367925B (en) 2004-09-15

Family

ID=9892398

Family Applications (2)

Application Number Title Priority Date Filing Date
GBGB0012791.0A Ceased GB0012791D0 (en) 2000-05-25 2000-05-25 Mobile node-lock
GB0112628A Expired - Lifetime GB2367925B (en) 2000-05-25 2001-05-23 Digital rights management

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GBGB0012791.0A Ceased GB0012791D0 (en) 2000-05-25 2000-05-25 Mobile node-lock

Country Status (1)

Country Link
GB (2) GB0012791D0 (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004019191A2 (en) * 2002-08-23 2004-03-04 Mdrm, Inc. Apparatus, system and method for securing digital documents in a digital appliance
DE10308011A1 (en) * 2003-02-25 2004-09-09 Siemens Ag Method for award-based recommending content objects that can be downloaded to a mobile radio terminal
DE10317037A1 (en) * 2003-04-14 2004-11-04 Orga Kartensysteme Gmbh Process for protecting data against unauthorized use on a mobile device
US6889206B1 (en) * 1998-04-03 2005-05-03 Macrovision Corporation Method for computer network operation providing basis for usage fees
EP1526432A3 (en) * 2003-10-22 2005-08-24 Samsung Electronics Co., Ltd. Method and apparatus for managing digital rights using portable storage device
WO2005093989A1 (en) * 2004-03-29 2005-10-06 Smart Internet Technology Crc Pty Limited Digital license sharing system and method
WO2005104000A2 (en) * 2004-03-18 2005-11-03 Thomson Licensing Method and system for selectively providing access to content
EP1702483A1 (en) * 2003-12-26 2006-09-20 Samsung Electronics Co., Ltd. Method of storing and reproducing contents
WO2006114123A1 (en) * 2005-04-28 2006-11-02 Telecom Italia S.P.A. Conditional access method and system for broadcast services
US7702591B2 (en) 1998-04-03 2010-04-20 Macrovision Corporation System and methods providing secure delivery of licenses and content
US7793014B2 (en) 2003-03-27 2010-09-07 Sandisk Il Ltd. Data storage device with multi-access capabilities
US7979700B2 (en) 2002-08-23 2011-07-12 Sandisk Corporation Apparatus, system and method for securing digital documents in a digital appliance
US8078788B2 (en) 2005-12-08 2011-12-13 Sandisk Technologies Inc. Media card command pass through methods
US8443206B2 (en) 2003-10-22 2013-05-14 Samsung Electronics Co., Ltd. Method and apparatus for managing digital rights using portable storage device
FR2986682A1 (en) * 2012-02-08 2013-08-09 Bouygues Telecom Sa DIGITAL CONTENT READING SYSTEM AND CORRESPONDING READING METHOD
WO2014105330A1 (en) * 2012-12-31 2014-07-03 General Electric Company Systems and methods for licensing non destructive testing content
US8839005B2 (en) 2006-09-13 2014-09-16 Sandisk Technologies Inc. Apparatus for transferring licensed digital content between users
US9032154B2 (en) 2007-12-13 2015-05-12 Sandisk Technologies Inc. Integration of secure data transfer applications for generic IO devices
US9177116B2 (en) 2002-08-23 2015-11-03 Sandisk Technologies Inc. Protection of digital data content
US11135426B2 (en) 2003-12-03 2021-10-05 Google Llc Personalized network searching

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4779224A (en) * 1985-03-12 1988-10-18 Moseley Donald R Identity verification method and apparatus
GB2312767A (en) * 1996-04-29 1997-11-05 Mitel Corp Protected persistent storage access by applets
EP0851335A2 (en) * 1996-12-31 1998-07-01 Compaq Computer Corporation Secure two-piece user authentication in a computer network
US20010005890A1 (en) * 1999-12-22 2001-06-28 Nec Corporation Access right managing system, portable terminal, gateway and contents server

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5050213A (en) * 1986-10-14 1991-09-17 Electronic Publishing Resources, Inc. Database usage metering and protection system and method
GB2228807A (en) * 1989-03-03 1990-09-05 Esselte Letraset Ltd Data retrieval system
JPH04504794A (en) * 1989-04-28 1992-08-20 ソフテル,インコーポレイテッド Method and apparatus for remotely controlling and monitoring the use of computer software
US5754646A (en) * 1995-07-19 1998-05-19 Cable Television Laboratories, Inc. Method for protecting publicly distributed software
JP2939723B2 (en) * 1996-07-11 1999-08-25 株式会社インターナショナルサイエンティフィック Internet Timed Usage Billing System
US6128741A (en) * 1998-03-05 2000-10-03 Rainbow Technologies, Inc. Compact transparent dongle device
US6317836B1 (en) * 1998-03-06 2001-11-13 Tv Objects Limited Llc Data and access protection system for computers
EP0987860A3 (en) * 1998-09-16 2004-01-14 Mitsubishi Materials Corporation Radio server system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4779224A (en) * 1985-03-12 1988-10-18 Moseley Donald R Identity verification method and apparatus
GB2312767A (en) * 1996-04-29 1997-11-05 Mitel Corp Protected persistent storage access by applets
EP0851335A2 (en) * 1996-12-31 1998-07-01 Compaq Computer Corporation Secure two-piece user authentication in a computer network
US20010005890A1 (en) * 1999-12-22 2001-06-28 Nec Corporation Access right managing system, portable terminal, gateway and contents server

Cited By (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7702591B2 (en) 1998-04-03 2010-04-20 Macrovision Corporation System and methods providing secure delivery of licenses and content
US6889206B1 (en) * 1998-04-03 2005-05-03 Macrovision Corporation Method for computer network operation providing basis for usage fees
WO2004019191A3 (en) * 2002-08-23 2004-04-22 Mdrm Inc Apparatus, system and method for securing digital documents in a digital appliance
US8595488B2 (en) 2002-08-23 2013-11-26 Sandisk Technologies Inc. Apparatus, system and method for securing digital documents in a digital appliance
US9177116B2 (en) 2002-08-23 2015-11-03 Sandisk Technologies Inc. Protection of digital data content
US7979700B2 (en) 2002-08-23 2011-07-12 Sandisk Corporation Apparatus, system and method for securing digital documents in a digital appliance
WO2004019191A2 (en) * 2002-08-23 2004-03-04 Mdrm, Inc. Apparatus, system and method for securing digital documents in a digital appliance
DE10308011A1 (en) * 2003-02-25 2004-09-09 Siemens Ag Method for award-based recommending content objects that can be downloaded to a mobile radio terminal
DE10308011B4 (en) * 2003-02-25 2005-04-28 Siemens Ag A method for reward-based recommending content objects downloadable to a mobile station
US7970710B2 (en) 2003-02-25 2011-06-28 Siemens Aktiengesellschaft Method for carrying out the premium-based recommendation of content objects that can be downloaded to a mobile terminal
US7793014B2 (en) 2003-03-27 2010-09-07 Sandisk Il Ltd. Data storage device with multi-access capabilities
DE10317037A1 (en) * 2003-04-14 2004-11-04 Orga Kartensysteme Gmbh Process for protecting data against unauthorized use on a mobile device
EP1526432A3 (en) * 2003-10-22 2005-08-24 Samsung Electronics Co., Ltd. Method and apparatus for managing digital rights using portable storage device
EP1667046A1 (en) * 2003-10-22 2006-06-07 Samsung Electronics Co., Ltd. Method for managing digital rights using portable storage device
EP1667047A1 (en) * 2003-10-22 2006-06-07 Samsung Electronics Co., Ltd. Method for managing digital rights using portable storage device
EP1667045A1 (en) * 2003-10-22 2006-06-07 Samsung Electronics Co., Ltd. Method for managing digital rights using portable storage device
US8443206B2 (en) 2003-10-22 2013-05-14 Samsung Electronics Co., Ltd. Method and apparatus for managing digital rights using portable storage device
US11369792B2 (en) 2003-12-03 2022-06-28 Google Llc Personalized network searching
US11420059B1 (en) 2003-12-03 2022-08-23 Google Llc Personalized network searching
US11147970B2 (en) 2003-12-03 2021-10-19 Google Llc Personalized network searching
US11135426B2 (en) 2003-12-03 2021-10-05 Google Llc Personalized network searching
US11547853B2 (en) 2003-12-03 2023-01-10 Google Llc Personalized network searching
EP1702483A1 (en) * 2003-12-26 2006-09-20 Samsung Electronics Co., Ltd. Method of storing and reproducing contents
EP1702483A4 (en) * 2003-12-26 2010-07-07 Samsung Electronics Co Ltd Method of storing and reproducing contents
WO2005104000A3 (en) * 2004-03-18 2006-01-05 Thomson Licensing Sa Method and system for selectively providing access to content
WO2005104000A2 (en) * 2004-03-18 2005-11-03 Thomson Licensing Method and system for selectively providing access to content
US8234217B2 (en) 2004-03-18 2012-07-31 Thomson Licensing Method and system for selectively providing access to content
WO2005093989A1 (en) * 2004-03-29 2005-10-06 Smart Internet Technology Crc Pty Limited Digital license sharing system and method
WO2006114123A1 (en) * 2005-04-28 2006-11-02 Telecom Italia S.P.A. Conditional access method and system for broadcast services
US8874918B2 (en) 2005-04-28 2014-10-28 Telecom Italia S.P.A. Conditional access method and system for broadcast services
US8417866B2 (en) 2005-12-08 2013-04-09 Sandisk Technologies Inc. Media card command pass through methods
US8078788B2 (en) 2005-12-08 2011-12-13 Sandisk Technologies Inc. Media card command pass through methods
US8839005B2 (en) 2006-09-13 2014-09-16 Sandisk Technologies Inc. Apparatus for transferring licensed digital content between users
US9032154B2 (en) 2007-12-13 2015-05-12 Sandisk Technologies Inc. Integration of secure data transfer applications for generic IO devices
WO2013117708A1 (en) * 2012-02-08 2013-08-15 Bouygues Telecom System for reading digital content and corresponding method of reading
FR2986682A1 (en) * 2012-02-08 2013-08-09 Bouygues Telecom Sa DIGITAL CONTENT READING SYSTEM AND CORRESPONDING READING METHOD
US8950004B2 (en) 2012-12-31 2015-02-03 General Electric Company Systems and methods for licensing non-destructive testing content
WO2014105330A1 (en) * 2012-12-31 2014-07-03 General Electric Company Systems and methods for licensing non destructive testing content

Also Published As

Publication number Publication date
GB0012791D0 (en) 2000-07-19
GB2367925B (en) 2004-09-15
GB0112628D0 (en) 2001-07-18
GB2367925A9 (en) 2002-04-17

Similar Documents

Publication Publication Date Title
US7509685B2 (en) Digital rights management
US7676846B2 (en) Binding content to an entity
US9569627B2 (en) Systems and methods for governing content rendering, protection, and management applications
US7975312B2 (en) Token passing technique for media playback devices
EP3118759B1 (en) Use of media storage structure with multiple pieces of content
KR100493900B1 (en) Method for Sharing Rights Object Between Users
GB2367925A (en) Digital rights management
US8539233B2 (en) Binding content licenses to portable storage devices
US8572372B2 (en) Method for selectively enabling access to file systems of mobile terminals
US20030079133A1 (en) Method and system for digital rights management in content distribution application
JP2004530222A (en) Method and apparatus for supporting multiple zones of trust in a digital rights management system
US20050137889A1 (en) Remotely binding data to a user device
KR100656402B1 (en) Method and apparatus for the secure digital contents distribution
US7802109B2 (en) Trusted system for file distribution
CN1708941A (en) Digital-rights management system
EP1754167A1 (en) Method and apparatus for transmitting rights object information between device and portable storage
CA2495196A1 (en) Apparatus, system and method for securing digital documents in a digital appliance
WO2007010427A1 (en) Digital inheritance
CA2560474A1 (en) Portable storage device and method of managing files in the portable storage device
US10558786B2 (en) Media content encryption and distribution system and method based on unique identification of user
US8621231B2 (en) Method and server for accessing an electronic safe via a plurality of entities
KR100831726B1 (en) Method and Device for Security on Digital Rights Management System
GB2400952A (en) Digital rights management billing for a wireless device
Server 2. DESIGN GOALS AND SYSTEM ARCHITECTURE OF PCMHoDC
Sun et al. A Trust Distributed DRM System Using Smart Cards

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20180111 AND 20180117

PE20 Patent expired after termination of 20 years

Expiry date: 20210522