GB2403382A - Digital Rights Management (DRM) system providing licences to use encrypted content only after a predetermined time - Google Patents

Digital Rights Management (DRM) system providing licences to use encrypted content only after a predetermined time Download PDF

Info

Publication number
GB2403382A
GB2403382A GB0315133A GB0315133A GB2403382A GB 2403382 A GB2403382 A GB 2403382A GB 0315133 A GB0315133 A GB 0315133A GB 0315133 A GB0315133 A GB 0315133A GB 2403382 A GB2403382 A GB 2403382A
Authority
GB
United Kingdom
Prior art keywords
data
decryption
encrypted
time
receiving
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0315133A
Other versions
GB2403382B (en
GB0315133D0 (en
Inventor
Timothy James Wright
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vodafone Group PLC
Original Assignee
Vodafone Group PLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vodafone Group PLC filed Critical Vodafone Group PLC
Publication of GB0315133D0 publication Critical patent/GB0315133D0/en
Publication of GB2403382A publication Critical patent/GB2403382A/en
Application granted granted Critical
Publication of GB2403382B publication Critical patent/GB2403382B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

At any time prior to a predetermined time T0 a consumer is able to request encrypted content data 27 from a content issuer 15, store it on their PC 33, and purchase or otherwise obtain a rights object or licence 36 including a decryption key for the data 27 from a rights issuer 17 using their mobile terminal 3. Before the predetermined time T0 the rights object 36 is stored on the mobile terminal 3 and is prevented from being transmitted to the PC 33. At the predetermined time T0 the mobile terminal 3 is able to send the decryption key contained within the rights object 36 to the PC 33 thus enabling the encrypted data 27 to be decoded. Only at this point does the data 27 become accessible to the consumer via the PC 33. The mobile terminal's secure and trusted clock is used to determine the time, thereby preventing unauthorized early decryption of and access to the content data 27.

Description

COMMUNICATION SYSTEMS
The present invention relates to communication apparatus such as mobile telephones and personal computers and the controlled use of distributed content data thereby, to communication systems including such apparatus, to a communication device, and to a method of distributing content data to respective users.
Digital Rights Management (DRM) is a technology allowing encrypted digital files or "content data" to be readily distributed to potential users without charge. The encrypted data may be freely onwardly transmitted by the user receiving the data.
However, for any user to be able to make use of the data, it must be decrypted. To obtain a key to decrypt the data, a licence must be purchased or otherwise obtained from a licence broker. The encrypted digital files or content data might comprise valuable data, such as a computer program, a movie or a sound recording, the use of which is required to be controlled.
According to the present invention, there is provided communication apparatus including receiving means for receiving encrypted content data over a communications network, receiving means for receiving decryption data over a communication network, at least one ofthe encrypted content data and the decryption data including a time value, decoding means for enabling decryption of the encrypted data using the decryption data, and control means for comparing said time value with a time indicator, wherein the control means only enables decryption of the encrypted data when said time value and said time indicator have a predetermined relationship.
According to another aspect of the present invention, there is provided communication apparatus including receiving means for receiving encrypted content data over a l communications network, receiving means for receiving decryption data over a communication network, at least one of the encrypted content data and the decryption data including a time value, decoding means for enabling decryption of the encrypted data using the decryption data, and control means for comparing said time value with a time indicator derived from the or one ofthe communication networks, wherein the control means only enables decryption of the encrypted data when said time value and said time indicator have a predetermined relationship.
The invention also relates to a communication system including such communication apparatus, and further including content provider means for providing the encoded content data to the communication apparatus, and decryption data provider means for selectively providing decryption keys for allowing the decoding means to decrypt the encrypted data from the content provider means. ] According to another aspect of the invention, there is provided a method of distributing content data to respective users, the method including transmitting encrypted content data to the respective users on request, selectively transmitting decryption data to the respective users, at least one of the encrypted content data and the decryption data including a time value, providing a trusted time indicator to the] respective users so that the trusted time indicator can be compared with the time value, the one ofthe encrypted content data and the decryption data including the time value being such that decryption of the encrypted content data can only be performed when the time value and the time indicator have a predetermined relationship.
According to further aspect of the invention, there is provided a communication device including receiving means for receiving decryption data over a communication network, the decryption data enabling decryption of encrypted data and including a time value; and control means for comparing said time value with a time indicator, wherein the control means only enables decryption of the encrypted data when said time value and said time indicator have a predetermined relationship. i
The "time indicator" may be of any suitable form. Preferably, the time indicator provides an indication of the current time, which is accurate and resistant to unauthorized alteration. In other words, the time indicator is a time indicator that is "trusted" by the owner of the content data and/or the decryption data. The distributors of this data will wish to be confident that the time indicator is accurate and secure so that the time of decryption of the content data can be controlled.
The time indicator may be provided by any suitable means. The time indicator could be generated by the or one of the receiving means, or could be derived from the or one of the communication networks.
One way of providing a time indicator is to use a Primary Reference Clock (PRC), based on timing signals received from the Global Positioning System (GPS). Using such a PRC, the mobile network can always be sure that all associated mobile terminals have the correct time and date, and these parameters cannot be changed by the consumer. This is in contrast to, say, a PC where the terminal date and time settings can be reset or otherwise altered. The PRC is a "trusted" time indicator. It is known by the mobile network to be accurate.
The embodiments to be described relate in particular to the distribution of content data to a consumer in a situation where the data has a predetermined time To at which it becomes accessible - i.e. a time at which the content data can be decrypted and used by the consumer.
In the embodiments the content data is encrypted and can only be decrypted by using a decryption key which is contained within a "rights object" provided in the decryption data. The consumer is able to obtain the encrypted data freely but is only able to decrypt the data upon (a) the purchase or otherwise obtainment of the decryption key contained within a rights object and (b) the predetermined time To having passed.
Both the encrypted data and the decryption data containing the rights object can be acquired at any time before the predetermined time To, at which the content becomes accessible and can be acquired in either order. Once the predetermined time To has passed, the control means communicates the decryption key held within the rights object to the receiver means that has previously received the encrypted content data, t which subsequently decrypts the data, thus making it accessible to the consumer.
Depending on the specific application, different levels of rights could be obtained as defined by parameters of the rights object - for example, allowing the content data to be accessed only once or a number of times. Different rights levels could each carry a different associated fee.
In contrast, a known method of distributing content data is to stream the required content data to the receiver means in real time at the time it is to be accessed. This approach allows the time of release of the content data to be controlled but is I bandwidth-intensive (particularly if the content data is requested simultaneously by a multiplicity of consumers) and requires a good quality of service on the communication links to all the consuming devices. Additionally, if there were to be a network outage at the critical time To the content data could not be accessed on time.
An alternative known approach to controlling the time at which requested content data becomes accessible by the consumer is to communicate the content data to the; receiver means prior to the predetermined time To, but not to communicate the rights object containing the decryption key to the storage module until the predetermined time To. Although this is an improvement, it still can require the transmission of decryption data to a multiplicity of consumers simultaneously and in a time sensitive manner.
The embodiments to be described allow pre-distribution of all the required content data and rights objects at any time before the predetermined time To, lowering the bandwidth and quality requirements as well as easing any potential congestion on the communication network at the critical time by requiring only a local transfer (which may be independent of the communication network) of the decryption data at the predetermined time To.
An example of an application for such a system is when the content data is a movie. t In this case, the receiving means may be a PC and the data could therefore be downloaded via the Internet. The predetermined time To may be the movie release date. The movie and the required decryption data could be downloaded well before the movie release date. Differing rights levels could then allow the movie to be watched only once or a specified number of times. Infinite access to the movie could also be purchased.
Communication apparatus, a communication system, a communication device and a method of distributing content data according to the present invention will now be I described, by way of example, with reference to the accompanying drawings, in which: Figure 1 shows schematically a telecommunications network according to a first embodiment of the invention including facilities for handling short messages and for communication with the Internet; Figure 2 shows an alternative arrangement to the first embodiment; and Figure 3 shows a flow chart of the steps performed by the apparatus shown in Figure 2.
In the drawings like elements are generally designated with the same reference numerals.
Figure 1 shows a network 1 of a mobile or cellular telecommunications system that has a terminal 3 associated with it. The terminal 3 may be a mobile telephone, a computer with cellular telecommunication facilities or other device with cellular telecommunication facilities. There will be many further terminals associated with the network 1, but such further terminals are not shown, for the sake of simplicity. In this embodiment the network 1 is a GSM network. When the terminal 3 wishes to communicate with another terminal or a fixed telephone, it will signal accordingly to a base station of the network 1 where it is situated. The details of the terminal 3 are I obtained from a home location register (HLR) of the network and temporarily placed in a visitor location register (VLR) appropriate to the cell and used to enable the; terminal 3 to complete the connection with the call destination.
The procedure for transmission of "short messages" is different. The term "short messages" (SMS) as used in relation to this embodiment means short messages as i defined in the GSM Standard Specification. Such messages are commonly in the form: of text messages of limited maximum length, but they can have other forms such as in the form of binary data. However, as an alternative to such short messages, the messaging format may be that of multi-media messaging (MMS).
Short messages may be sent to and from terminal 3 and other terminals belonging to the network 1. However, in addition, such messages may be sent to or from "short message entities" (SMEs) such as shown at 5. The SMEs 5 may be in the form of terminals of various sorts, such as fixed terminals for sending short messages of various types to mobile terminals and for receiving short messages from mobile terminals. For example, the SME terminal 5 may be in the form of a terminal: associated with banking computers or computers of other types generating information (commercial information, for example) for transmission to mobile terminals and for receiving short messages in response from mobile terminals, but may be of any other type, such as application servers of various types.
The network 1 has a short message service centre (SMSC) 7 associated with it. For example, if the mobile terminal 3 wishes to send a short message to another mobile terminal associated with the network 1, the short message is automatically addressed by the mobile terminal 3 to SMSC 7. SMSC 7 then delivers the short message to the addressed mobile terminal. When the local SMSC 7 receives the short message, it reads the address (the MSISDN or mobile terminal ISDN number or telephone number of the intended destination) and despatches the short message accordingly.
The SME terminal 5 is connected to the SMSC 7 by a fixed network 9 of suitable type.
When the terminal 3 sends or receives a short message, it will do this via the SMSC 7 of its network 1.
The telecommunications network 1 is also coupled to the Internet 11 for data communication therewith.
Mobile terminal 3 may, for example, include a wireless application protocol (WAP) browser 13 or other suitable means for allowing the running of applications from the Internet 11. The mobile terminal 3 may, for example, have facilities to allow a movie or music track to be downloaded and played using the terminal's display and/or audio speaker(s) .
A "content provider" 15 makes available to the user of terminal 3 via the Internet 11 (for example) and network 1 information that can be downloaded to the mobile terminal 3. The content provider 15 could, for example, provide movies, music tracks, ringing tone formats, games and activity applications, screen savers or imaging for multi-media messaging (MMS).
When the user of mobile terminal 3 identifies content that he wishes to obtain from the content provider 15, the mobile terminal 3 is used to send a request via the network 1 and the Internet 11 for the content from the content provider 15. The requested content is transmitted to the mobile terminal 3 via the Internet 11 and the network 1 in encrypted form such that the content is of no use to the mobile terminal 3 in the form that it is received. At this stage no charge has been made to the mobile terminal 3 for the content provided by content provider 15. If desired, the mobile terminal 3 may be used to onwardly transmit the encrypted content to other users in the network 1 and beyond. However, these other users will not be able to make use of the content as it is in encrypted form at this stage.
When the user of mobile terminal 3, or the user of any other terminal to which the content has been transmitted, wishes to make use of this content, they will be prompted by their terminal to purchase " rights " to make use of the content. If the user of the mobile terminal accepts the purchase, this is communicated in the form of an SMS or WAP call to a digital rights management (DRM) broker 17, via SMSC 7, and fixed network 9. The DRM broker 17 is a short message entity, similar to SME 5, and has an agreement with content provider 15 to provide licences for use of the content. The payment for the content could be made, for example, by deducting an appropriate amount from the account of the user of mobile terminal 3 with the network 1. When the payment has been made, licence information including a licence and content decryption key in the form of an SMSis sent to the mobile terminal 3 by DRM broker 17 via fixed network 9 and SMSC 7. The licence might, for example, grant the user of the mobile terminal 3 unlimited use of the content, or may restrict use of the content to be for a particular time period, depending on the price paid for the content by the user.
It is preferred to send the licence and content decryption key in the form of an SMS because an SMS must pass through the network operator's SMSC 7. The SMS may itself be of encrypted text for added security. Alternatively, or additionally, the SMS may be sent directly to the subscriber identity module (SIM) 19 associated with the mobile terminal 3 in a secure manner as an over the air (OTA) update. Y A potential problem of such an arrangement is that the user of mobile terminal 3 may be able to obtain the content decryption key from the information sent by the DRM broker 17 and make this available to other users of mobile terminals, allowing these other users to avoid paying for use of the content.
In the arrangement being described and in order to overcome this problem, the SIM 19 is provided with a private key of a public-private key pair during its manufacture. The I private key is stored in register 21 on the SIM 19. Other information stored on the SIM 19 includes a subscriber identity field (IMSI) stored in register 23 comprising data providing a unique identity of the SIM within the telecommunication system.
The private key is stored on the SIM 19 rather than the mobile terminal 3 so that the mobile terminal manufacturer does not need to create its own public-private key infrastructure (i.e. the cost of creating and certifying key-pairs). Also, the SIM 19 is a more secure storage medium for the private key than the mobile terminal.
It is important that the information stored on the SIM 19 cannot be copied. Secret information on the SIM 19 (for example, the IMSI and/or the private key or a function of one or both of them) is bound in a data binding process with other secret information, the binding of these two types of secret information being certified and digitally signed in a widely recognised way by a Certificate Authority. This "binding" operation will normally be carried out at the time when the SIM 19 is manufactured, and could be performed in the manner described in GB 0018279.0 ("Binding Data").
When it is desired to communicate with the mobile terminal 3 the digitally signed Certificate can be used to confirm the authenticity ofthe SIM 19 (i.e., confirm that the SIM 19 is a genuine SIM).
The information may be obtained from the Certificate Authority by referring to the telephone number of the mobile terminal 3, for example. Also associated with the telephone number at the Certificate Authority, or alternatively on another database, is the public key associated with the private key stored on the register 21 ofthe SIM 19.
The DRM broker 17 will optionally check the identity ofthe SIM 19 by referring to its Certificate. At this time, if the SIM 19 has become compromised in some way known to the operator of network 1, this can be notified to the DRM broker 17 so that it will not proceed with the transaction with the SIM 19.
The licence information provided by the DRM broker 17 is encrypted using the public key that the DRM broker 17 obtains from the relevant database, the obtained public key being the public key for the mobile terminal 3 requesting the content and not for any other mobile terminal 3. The encrypted licence information can be decrypted only by using the private key associated with the public key. Therefore, only the mobile terminal 3 is able to decrypt the content. Even if the user of mobile terminal 3 were able to transmit the encrypted licence information to other mobile terminals, this information would be of no use to those terminals as they would have a different private key and consequently would not be able to decrypt the licence information encrypted with the public key of mobile terminal 3.
When the DRM broker 17 obtains the public key from the relevant database, it may also obtain information identifying the type of mobile terminal or the particular mobile terminal (for example, the terminal's international mobile equipment identity number (IMEI)) associated with the public key. This information is useful because some mobile terminals may be poorly designed so that even encrypted data transmitted thereto would not be secure. If the mobile terminal requesting a licence from the DRM broker 17 is identified as not being secure, the DRM broker 17 could refuse to transmit the licence information.
Similarly, the database could include a field that indicated whether the mobile terminal is one that is known to have had its operating system compromised in some way. If the DRM 17 is made aware that the mobile terminal has been compromised it could refuse to transmit licence information.
If the mobile terminal 3 is deemed acceptably secure, encrypted licence information is transmitted to the mobile terminal 3. The encrypted licence information passes to the core operating system 25 of the mobile terminal 3. The core operating system 25 communicates with the SIM 19 and is operable to forward the received encrypted licence information to the SIM 19. The licence information including the content decryption key is decrypted using the private key stored on register 21 in the SIM 19.
Thus far an arrangement has been described in accordance with GB 0208453. 1 ("DRM SIM"). However, in accordance with an aspect of the present invention the licence information also includes a time value To (for example, a particular date and optionally a time on that date) indication when the encrypted content can be decrypted.
In this embodiment, the mobile terminal 3 includes a Primary Reference Clock(PRC) 26. The PRC 26 is used by the mobile telecommunication network 1 for various purposes. The time information provided by the PRC 26 is derived from signals received from the Global Positioning System (GPS) obtained via the mobile telecommunications network 1. The PRC 26 cannot be altered or interfered with by the user of the mobile terminal 3. The PRCis therefore a "trusted" clock. The time value from the PRC 26 will always be accurate as it is provided under control of the mobile telecommunications network 1.
Of course, other ways of securing a trusted time value are possible. For example, the PRC 26 could be provided by self-contained hardware incorporated into the mobile terminal 3. The PRC 26 may be a clock generator or "clock chip" which is set when the mobile terminal 3 is manufactured and designed so that the time generated cannot be changed by the user of the mobile terminal 3. A facility may be provided for periodically verifying the time output from the clock generator/chip with the time available from a third party (for example, from the network 1, in order to ensure accuracy over an extended period).
As an alternative to the time information provided by the PRC 26 being derived from signals received from the GPS, the signals maybe received from an alternative source - for example any reliable third party time source.
Timing information may be provided to the mobile terminal 3 when the mobile terminal 3 supports Unstructured Supplementary Service Data (USSD). This will allow the mobile terminal 3 to receive Network Identity and Timezone (NITZ) data via the network. This data includes information which allows the mobile terminal 3 to determine the current time and data at the location (timezone) of the mobile terminal 3.
The SIM 19 is configured to prevent the decrypted licence information being sent to the core operating system 25 until the time according to the PRC 26 is equal to or greater than the time To at which the encrypted data is allowed to be decrypted.
When the time according the PRC 26 is greater or equal to To, the SIM 19 sends the decrypted licence information to the core operating system 25 so that the core operating system 25 can decrypt the encrypted content using the content decryption key. The content decryption key cannot be accessed by parts of the mobile terminal 3 other than the core operating system 25,so less controlled applications running in "untrusted" parts of the mobile terminal (for example, hacker programs or viruses) will not be able to decrypt the content. These other parts of the mobile terminal 3 cannot access the SIM 19 independently of the core operating system 25 and cannot access communications between the core operating system 25 and the SIM 19.
The core operating system 25 is designed to follow any usage restrictions of the licence.
To discourage rogue DRM brokers illegitimately offering licences for content that is not theirs to licence, the network 1 could make a charge for the distribution of the SMS or MMS used to transmit the licence, which would deter the distribution of free illegitimate licences. Additionally, or alternatively, legitimate brokers could electronically sign licences, and the mobile terminal 3 could be configured to only accept licences signed by an approved DRM broker.
Figure 2 shows an alternative embodiment. In this embodiment a content provider supplies encrypted content data 27 to a consumer's personal computer (PC) 33 by use of the Internet, and a DRM broker or rights issuer 17 supplies licence information including a rights object 36 to the mobile terminal 3 by means of the mobile communications network 1.
At a time prior to predetermined time To, when the consumer identifies the content data 27 that he wishes to obtain from the content provider 15, a request is sent from the* PC 33 via the Internet 4 for the content data 27. The requested content data 27 is transmitted to the PC33 via the Internet 4 in encrypted form such that the content data 27 is of no use to the consumer in the form in which it is received. At this stage no charge has been made to the consumer for the content data provided by content provider 15. Also at a time preceding the predetermined time To the consumer may purchase the rights to make use of the content data 27. This purchase takes the form of a communication between the consumer and the rights issuer 17. The purchase of the rights object 36 may be by network 1 - for example by sending an SMS to the rights issuer 17. Alternatively, the purchase could be made using the consumer's PC 33 and this purchase could be communicated to the rights issuer 17 via the Internet 34.
The rights object 36 is transmitted to the user's mobile terminal 3 via the mobile communications network 1. The rights object 36 may be transmitted to the mobile terminal 3 in the form of a short message (SMS). Payment for the rights object 36 can then be debited from the consumer's mobile telephone account. By purchasing rights object 36 from the rights issuer 17 in this way the consumer indirectly also purchases the content data 27. When payment has been made, the rights object 36 including the decryption key for the encoded content data 27 is stored in the mobile terminal 3. The rights object 36 remains stored on the mobile terminal 3 until the predetermined time To In the upper section of Figure 2, the predetermined time To has not passed and hence the decryption key contained within the rights object 36 is stored on the mobile terminal 3. The data 27 therefore remains encrypted and cannot be decrypted by the PC33. The supply of the encrypted data 27 from the content issuer 15 to the PC33 by means of the Internet 4 and the supply of the rights obj ect 36 by the rights issuer 17 to the mobile terminal 3 by means of the mobile communications network 1 or Internet 4 t can occur in any order.
In the lower section of Figure 2 the predetermined time TO has been reached. At such a time, the rights object 36 is sent from the mobile terminal 3 to the PC33. The rights object 36 holds the decryption key for the data 27 and hence the data 27 can now be decrypted by the PC33 using the key.
Figure 3 shows a flow chart of the various steps performed by the apparatus shown in Figure 2.
The user of PC33 may view a list of content data available from the content provider 1 S. for example, by visiting the content provider's website. The user of PC33 selects content that the user wishes to download. At step A the encrypted content data 27 is communicated to the PC33 via the Internet 34. The PC33 stores the encrypted content data 27 in a suitable storage location such that it can be accessed and decrypted later (step B).
As discussed above, the encrypted content data 27, although it can be downloaded without charge, is of no use to the user of PC33. To make use of the encrypted content data 27 the user purchases the right to use the content data 27 from rights issuer 17. At step C the rights object 36 is purchased by the user and the purchased rights object 36 is transmitted to the user's mobile terminal 3 via the mobile telecommunications network 1. The rights object 36 is stored on the mobile terminal 3(step D), preferably in the SIM 19 - which allows additional security features described in relation to the first embodiment. At step E the user's mobile telephone account is debited by the rights issuer 17 in response to despatch of the rights object 36. The amount debited to the user's mobile telephone account is a charge not only for the rights object 36 but also for the encrypted content data 27. Appropriate arrangements will be madebetween the mobile telephone company, the content issuer and rights broker 17 for the user's payment to be distributed between them in an agreed manner.
As an alternative to step C (and E), the rights object 36 may be obtained by the mobile terminal 3 without requiring payment- step C'.
It should be appreciated that steps A and B can be performed after steps C (or C'), D and E. The order in which the encrypted content data 27 and the rights object 36 are obtained and stored is not important.
The mobile terminal 3 obtains the time To from the rights object 36 and compares this with the trusted time from the PRC26 at step F. If the time according to the PRC26 is before To, the rights object 36 is securely retained within the mobile terminal 3 - step G. It is thus not possible for the PC33 to decrypt the encrypted content data 27 stored thereon steps H and I. Step F is repeated until the time according to PRC26 is equal to or after To. When this occurs the mobile terminal 3 transmits the rights object 36 to the PC33 - step J. This transmission may be by any suitable communications link between the mobile terminal 3 and the PC33. For example, the rights object 36 could tee transmitted by an infra-red link, a cable link or any suitable wireless link, such as Bluetooth communication. The PC33 is then able to use the rights object 36 to decrypt the content data 27 (step K) and the content data 27 may then be accessed (step L). For example, if the content data is a movie, the user may view the movie on their PC.
In the embodiments the time value To is part ofthe decryption date/rights object 36.
The time value To could alternatively be communicated with the content data 27.
However, this is not preferred because the time value To will be less secure.

Claims (23)

1. Communication apparatus including receiving means for receiving encrypted content data over a communications network, receiving means for receiving decryption data over a communication network, at least one of the encrypted content data and the decryption data including a time value, decoding means for enabling decryption of the encrypted data using the decryption data, and control means for comparing said time value with a time indicator, wherein the control means only enables decryption of the encrypted data when said time value and said time indicator have a predetermined relationship.
2. The apparatus of claim 1, wherein the time indicator is a trusted time indicator that is resistant to unauthorised alteration.
3. The apparatus of claim 2, wherein the time indicator is provided by a clock signal generator associated with the or one of the receiving means.
4. The apparatus of claim 1, wherein the time indicator is derived from the or one of the communication networks.
5. The apparatus of claim 4, wherein the time indicator derived from the or one of the communication networks is a trusted time indicator provided under control of the communication network.
6. Communication apparatus including receiving means for receiving encrypted content data over a communications network, receiving means for receiving decryption data over a communication network, at least one of the encrypted content data and the decryption data including a time value, decoding means for enabling decryption of the encrypted data using the decryption data, and control means for comparing said time value with a time indicator derived from the or one of the communication networks, wherein the control means only enables decryption of the encrypted data when said time value and said time indicator have a predetermined relationship.
7. The apparatus of any one of the preceding claims wherein the or one of the communication networks comprises a mobile telecommunications network. i
8. The apparatus of claim 7, wherein the or one of the mobile telecommunication networks comprises a GSM or UMTS (3G) mobile telecommunication network.
9. The apparatus of claim 8, wherein the time indicator is derived from the Primary Reference Clock of the mobile telecommunications network.
10. The apparatus of any one of the preceding claims, wherein the encrypted content data and the decryption data are received over respective communication networks.
1 1. The apparatus of claim 10, wherein the communication network over which the encrypted content data is received comprises the Internet.
12. The communication apparatus of claim 11, wherein the receiver means for receiving the encrypted content data comprises a device for receiving data over the Internet.
13. The apparatus of any one ofthe preceding claims, wherein the receiving means for receiving the encrypted content data and the receiving means for receiving the decryption data are respective receiving means.
14. The apparatus of claim 13, wherein the receiving means for receiving the decryption data comprises the receiver means of a mobile telecommunications device.
15. A communication system including communication apparatus as claimed in any one of the preceding claims, content provider means for providing the encoded content data to the communication apparatus, and decryption data provider means for selectively providing decryption keys for allowing the decoding means to decrypt the encrypted data from the content provider means.
16. The system of claim 15, wherein said time value is set by the content provider means and corresponds to a predetermined time at which the encrypted content data may be decrypted.
17. The system of claim 15 or 16, wherein the content provider means is operable to provide said encrypted content data on request to the receiver means.
18. The system of claim 15,16 or 17, wherein the decryption data provider means includes means for determining identification data for the receiver means prior to transmission of the decryption data and for selectively providing the decryption data in dependence upon the identification data.
19. The system of claim 15,16,17 or 18, wherein the decryption data is provided by means of a short message.
20. A method of distributing content data to respective users, the method including transmitting encrypted content data to the respective users on request, selectively transmitting decryption data to the respective users, at least one of the encrypted content data and the decryption data including a time value, providing a trusted time indicator to the respective users so that the trusted time indicator can be compared with the time value, the one of the encrypted content data and the decryption data including the time value being such that decryption of the encrypted content data can only be performed when the time value and the time indicator have a predetermined relationship.
21. A communication device including receiving means for receiving decryption data over a communication network, the decryption data enabling decryption of encrypted data and including a time value; and control means for comparing said time value with a time indicator, wherein the control means only enables decryption ofthe encrypted data when said time value and said time indicator have a predetermined relationship. :
22. The communication device of claim 21, wherein the time indicator is derived from the communication network.
23. Communication apparatus, a communication system, or a method of distributing content data to respective users, substantially as hereinbefore described I with reference to and/or substantially as illustrated in any one of or any combination of the accompanying drawings.
GB0315133A 2003-06-23 2003-06-27 Communication systems Expired - Fee Related GB2403382B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GBGB0314595.0A GB0314595D0 (en) 2003-06-23 2003-06-23 Communication systems

Publications (3)

Publication Number Publication Date
GB0315133D0 GB0315133D0 (en) 2003-08-06
GB2403382A true GB2403382A (en) 2004-12-29
GB2403382B GB2403382B (en) 2006-11-29

Family

ID=27637157

Family Applications (2)

Application Number Title Priority Date Filing Date
GBGB0314595.0A Ceased GB0314595D0 (en) 2003-06-23 2003-06-23 Communication systems
GB0315133A Expired - Fee Related GB2403382B (en) 2003-06-23 2003-06-27 Communication systems

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GBGB0314595.0A Ceased GB0314595D0 (en) 2003-06-23 2003-06-23 Communication systems

Country Status (1)

Country Link
GB (2) GB0314595D0 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2425374A (en) * 2005-04-22 2006-10-25 Vodafone Plc Controlling data access
CN100349088C (en) * 2005-07-26 2007-11-14 华为技术有限公司 Digital information controlling method
US20070294774A1 (en) * 2006-06-20 2007-12-20 Samsung Electronics Co., Ltd. Apparatus and method for controlling digital rights object in portable terminal
EP2061228A1 (en) 2007-10-31 2009-05-20 Echostar Technologies Corporation Process and system for pre-downloading video event data
US7812854B1 (en) 2006-09-05 2010-10-12 Sprint Spectrum L.P. Digital rights management for mobile devices
CN101183931B (en) * 2005-07-26 2012-01-11 华为技术有限公司 Numerical information control method
US8121295B1 (en) 2008-03-28 2012-02-21 Sprint Spectrum L.P. Method, apparatus, and system for controlling playout of media
US10445031B2 (en) * 2016-11-11 2019-10-15 Konica Minolta, Inc. Image forming system and print log management method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997021162A1 (en) * 1995-12-04 1997-06-12 Northern Telecom Limited Time-based availability of data on a storage medium
EP1043878A2 (en) * 1999-04-09 2000-10-11 Sony Corporation Information processing apparatus and method, information management apparatus and method and information providing medium
WO2003012611A1 (en) * 2001-08-01 2003-02-13 Sony Electronics, Inc. An apparatus for and method of invalidating or deleting digital conten after it expires by comparing the embedded time with a global time

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997021162A1 (en) * 1995-12-04 1997-06-12 Northern Telecom Limited Time-based availability of data on a storage medium
EP1043878A2 (en) * 1999-04-09 2000-10-11 Sony Corporation Information processing apparatus and method, information management apparatus and method and information providing medium
WO2003012611A1 (en) * 2001-08-01 2003-02-13 Sony Electronics, Inc. An apparatus for and method of invalidating or deleting digital conten after it expires by comparing the embedded time with a global time

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2425374A (en) * 2005-04-22 2006-10-25 Vodafone Plc Controlling data access
CN100349088C (en) * 2005-07-26 2007-11-14 华为技术有限公司 Digital information controlling method
CN101183931B (en) * 2005-07-26 2012-01-11 华为技术有限公司 Numerical information control method
US20070294774A1 (en) * 2006-06-20 2007-12-20 Samsung Electronics Co., Ltd. Apparatus and method for controlling digital rights object in portable terminal
US8978145B2 (en) * 2006-06-20 2015-03-10 Samsung Electronics Co., Ltd Apparatus and method for controlling digital rights object in portable terminal
US7812854B1 (en) 2006-09-05 2010-10-12 Sprint Spectrum L.P. Digital rights management for mobile devices
EP2061228A1 (en) 2007-10-31 2009-05-20 Echostar Technologies Corporation Process and system for pre-downloading video event data
US8121295B1 (en) 2008-03-28 2012-02-21 Sprint Spectrum L.P. Method, apparatus, and system for controlling playout of media
US10445031B2 (en) * 2016-11-11 2019-10-15 Konica Minolta, Inc. Image forming system and print log management method

Also Published As

Publication number Publication date
GB2403382B (en) 2006-11-29
GB0315133D0 (en) 2003-08-06
GB0314595D0 (en) 2003-07-30

Similar Documents

Publication Publication Date Title
EP1495409B1 (en) Method and system for distribution of encrypted data in a mobile network
JP4824309B2 (en) Method for monitoring digital content provided by a content provider via a network
RU2395166C2 (en) Method for provision of access to coded content of one of multiple subscriber systems, device for access provision to coded content and method for generation of protected content packets
EP2271140B1 (en) Robust and flexible Digital Rights Management (DRM) involving a tamper-resistant identity module
EP1513040B1 (en) System and method for distributing content access data
US7149545B2 (en) Method and apparatus for facilitating over-the-air activation of pre-programmed memory devices
EP1513113B2 (en) System and method for providing secured communication based on smart cards
US7240033B2 (en) Information providing apparatus and method, information processing apparatus and method, program storage medium, program, and information providing system
KR101299934B1 (en) Method of providing rights data objects
US9043242B2 (en) Information providing apparatus and method, information processing apparatus and method, program storage medium, program, and information providing system
WO2007144388A1 (en) A method for restricting access to digital content
CN100490374C (en) Contents distribution system, method thereof, server, user terminal, encryption device, managing device and streaming device
JP2007507012A (en) Method for automatically generating personalized data and / or programs with restricted access
JP2008523766A (en) Authority in cellular communication systems
KR20100088966A (en) Method for playing drm contents and managing of license in a portable device and a apparatus therefor
GB2403382A (en) Digital Rights Management (DRM) system providing licences to use encrypted content only after a predetermined time
US20130104241A1 (en) Devices for Controlling Rendering Protected Content and Related Methods
CN101375543B (en) Via server by right objects the apparatus and method from an equipment moving to another equipment
EP1335266B1 (en) Distribution and management process and system for mobile terminals for use rights associated with a purchased content.
US20060014521A1 (en) Data protection method and system using the same
KR100579809B1 (en) Service System and Method for Direct Charging of Push Type Contents and Mobile Communication Terminal
KR100614749B1 (en) Method for downloading and playing contents in mobile phone
KR100874933B1 (en) How to create a relay file for the distribution of digital content
JP2001211161A (en) Content distributing method, computer and device for content distribution system, and control method thereof
KR20040049453A (en) Method for delivering digital content

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20170627