GB2403382A - Digital Rights Management (DRM) system providing licences to use encrypted content only after a predetermined time - Google Patents
Digital Rights Management (DRM) system providing licences to use encrypted content only after a predetermined time Download PDFInfo
- Publication number
- GB2403382A GB2403382A GB0315133A GB0315133A GB2403382A GB 2403382 A GB2403382 A GB 2403382A GB 0315133 A GB0315133 A GB 0315133A GB 0315133 A GB0315133 A GB 0315133A GB 2403382 A GB2403382 A GB 2403382A
- Authority
- GB
- United Kingdom
- Prior art keywords
- data
- decryption
- encrypted
- time
- receiving
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 claims description 52
- 238000000034 method Methods 0.000 claims description 10
- 230000005540 biological transmission Effects 0.000 claims description 5
- 230000004075 alteration Effects 0.000 claims description 2
- 238000009826 distribution Methods 0.000 description 4
- 230000001413 cellular effect Effects 0.000 description 3
- 230000001010 compromised effect Effects 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2137—Time limited access, e.g. to a computer or data
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
At any time prior to a predetermined time T0 a consumer is able to request encrypted content data 27 from a content issuer 15, store it on their PC 33, and purchase or otherwise obtain a rights object or licence 36 including a decryption key for the data 27 from a rights issuer 17 using their mobile terminal 3. Before the predetermined time T0 the rights object 36 is stored on the mobile terminal 3 and is prevented from being transmitted to the PC 33. At the predetermined time T0 the mobile terminal 3 is able to send the decryption key contained within the rights object 36 to the PC 33 thus enabling the encrypted data 27 to be decoded. Only at this point does the data 27 become accessible to the consumer via the PC 33. The mobile terminal's secure and trusted clock is used to determine the time, thereby preventing unauthorized early decryption of and access to the content data 27.
Description
COMMUNICATION SYSTEMS
The present invention relates to communication apparatus such as mobile telephones and personal computers and the controlled use of distributed content data thereby, to communication systems including such apparatus, to a communication device, and to a method of distributing content data to respective users.
Digital Rights Management (DRM) is a technology allowing encrypted digital files or "content data" to be readily distributed to potential users without charge. The encrypted data may be freely onwardly transmitted by the user receiving the data.
However, for any user to be able to make use of the data, it must be decrypted. To obtain a key to decrypt the data, a licence must be purchased or otherwise obtained from a licence broker. The encrypted digital files or content data might comprise valuable data, such as a computer program, a movie or a sound recording, the use of which is required to be controlled.
According to the present invention, there is provided communication apparatus including receiving means for receiving encrypted content data over a communications network, receiving means for receiving decryption data over a communication network, at least one ofthe encrypted content data and the decryption data including a time value, decoding means for enabling decryption of the encrypted data using the decryption data, and control means for comparing said time value with a time indicator, wherein the control means only enables decryption of the encrypted data when said time value and said time indicator have a predetermined relationship.
According to another aspect of the present invention, there is provided communication apparatus including receiving means for receiving encrypted content data over a l communications network, receiving means for receiving decryption data over a communication network, at least one of the encrypted content data and the decryption data including a time value, decoding means for enabling decryption of the encrypted data using the decryption data, and control means for comparing said time value with a time indicator derived from the or one ofthe communication networks, wherein the control means only enables decryption of the encrypted data when said time value and said time indicator have a predetermined relationship.
The invention also relates to a communication system including such communication apparatus, and further including content provider means for providing the encoded content data to the communication apparatus, and decryption data provider means for selectively providing decryption keys for allowing the decoding means to decrypt the encrypted data from the content provider means. ] According to another aspect of the invention, there is provided a method of distributing content data to respective users, the method including transmitting encrypted content data to the respective users on request, selectively transmitting decryption data to the respective users, at least one of the encrypted content data and the decryption data including a time value, providing a trusted time indicator to the] respective users so that the trusted time indicator can be compared with the time value, the one ofthe encrypted content data and the decryption data including the time value being such that decryption of the encrypted content data can only be performed when the time value and the time indicator have a predetermined relationship.
According to further aspect of the invention, there is provided a communication device including receiving means for receiving decryption data over a communication network, the decryption data enabling decryption of encrypted data and including a time value; and control means for comparing said time value with a time indicator, wherein the control means only enables decryption of the encrypted data when said time value and said time indicator have a predetermined relationship. i
The "time indicator" may be of any suitable form. Preferably, the time indicator provides an indication of the current time, which is accurate and resistant to unauthorized alteration. In other words, the time indicator is a time indicator that is "trusted" by the owner of the content data and/or the decryption data. The distributors of this data will wish to be confident that the time indicator is accurate and secure so that the time of decryption of the content data can be controlled.
The time indicator may be provided by any suitable means. The time indicator could be generated by the or one of the receiving means, or could be derived from the or one of the communication networks.
One way of providing a time indicator is to use a Primary Reference Clock (PRC), based on timing signals received from the Global Positioning System (GPS). Using such a PRC, the mobile network can always be sure that all associated mobile terminals have the correct time and date, and these parameters cannot be changed by the consumer. This is in contrast to, say, a PC where the terminal date and time settings can be reset or otherwise altered. The PRC is a "trusted" time indicator. It is known by the mobile network to be accurate.
The embodiments to be described relate in particular to the distribution of content data to a consumer in a situation where the data has a predetermined time To at which it becomes accessible - i.e. a time at which the content data can be decrypted and used by the consumer.
In the embodiments the content data is encrypted and can only be decrypted by using a decryption key which is contained within a "rights object" provided in the decryption data. The consumer is able to obtain the encrypted data freely but is only able to decrypt the data upon (a) the purchase or otherwise obtainment of the decryption key contained within a rights object and (b) the predetermined time To having passed.
Both the encrypted data and the decryption data containing the rights object can be acquired at any time before the predetermined time To, at which the content becomes accessible and can be acquired in either order. Once the predetermined time To has passed, the control means communicates the decryption key held within the rights object to the receiver means that has previously received the encrypted content data, t which subsequently decrypts the data, thus making it accessible to the consumer.
Depending on the specific application, different levels of rights could be obtained as defined by parameters of the rights object - for example, allowing the content data to be accessed only once or a number of times. Different rights levels could each carry a different associated fee.
In contrast, a known method of distributing content data is to stream the required content data to the receiver means in real time at the time it is to be accessed. This approach allows the time of release of the content data to be controlled but is I bandwidth-intensive (particularly if the content data is requested simultaneously by a multiplicity of consumers) and requires a good quality of service on the communication links to all the consuming devices. Additionally, if there were to be a network outage at the critical time To the content data could not be accessed on time.
An alternative known approach to controlling the time at which requested content data becomes accessible by the consumer is to communicate the content data to the; receiver means prior to the predetermined time To, but not to communicate the rights object containing the decryption key to the storage module until the predetermined time To. Although this is an improvement, it still can require the transmission of decryption data to a multiplicity of consumers simultaneously and in a time sensitive manner.
The embodiments to be described allow pre-distribution of all the required content data and rights objects at any time before the predetermined time To, lowering the bandwidth and quality requirements as well as easing any potential congestion on the communication network at the critical time by requiring only a local transfer (which may be independent of the communication network) of the decryption data at the predetermined time To.
An example of an application for such a system is when the content data is a movie. t In this case, the receiving means may be a PC and the data could therefore be downloaded via the Internet. The predetermined time To may be the movie release date. The movie and the required decryption data could be downloaded well before the movie release date. Differing rights levels could then allow the movie to be watched only once or a specified number of times. Infinite access to the movie could also be purchased.
Communication apparatus, a communication system, a communication device and a method of distributing content data according to the present invention will now be I described, by way of example, with reference to the accompanying drawings, in which: Figure 1 shows schematically a telecommunications network according to a first embodiment of the invention including facilities for handling short messages and for communication with the Internet; Figure 2 shows an alternative arrangement to the first embodiment; and Figure 3 shows a flow chart of the steps performed by the apparatus shown in Figure 2.
In the drawings like elements are generally designated with the same reference numerals.
Figure 1 shows a network 1 of a mobile or cellular telecommunications system that has a terminal 3 associated with it. The terminal 3 may be a mobile telephone, a computer with cellular telecommunication facilities or other device with cellular telecommunication facilities. There will be many further terminals associated with the network 1, but such further terminals are not shown, for the sake of simplicity. In this embodiment the network 1 is a GSM network. When the terminal 3 wishes to communicate with another terminal or a fixed telephone, it will signal accordingly to a base station of the network 1 where it is situated. The details of the terminal 3 are I obtained from a home location register (HLR) of the network and temporarily placed in a visitor location register (VLR) appropriate to the cell and used to enable the; terminal 3 to complete the connection with the call destination.
The procedure for transmission of "short messages" is different. The term "short messages" (SMS) as used in relation to this embodiment means short messages as i defined in the GSM Standard Specification. Such messages are commonly in the form: of text messages of limited maximum length, but they can have other forms such as in the form of binary data. However, as an alternative to such short messages, the messaging format may be that of multi-media messaging (MMS).
Short messages may be sent to and from terminal 3 and other terminals belonging to the network 1. However, in addition, such messages may be sent to or from "short message entities" (SMEs) such as shown at 5. The SMEs 5 may be in the form of terminals of various sorts, such as fixed terminals for sending short messages of various types to mobile terminals and for receiving short messages from mobile terminals. For example, the SME terminal 5 may be in the form of a terminal: associated with banking computers or computers of other types generating information (commercial information, for example) for transmission to mobile terminals and for receiving short messages in response from mobile terminals, but may be of any other type, such as application servers of various types.
The network 1 has a short message service centre (SMSC) 7 associated with it. For example, if the mobile terminal 3 wishes to send a short message to another mobile terminal associated with the network 1, the short message is automatically addressed by the mobile terminal 3 to SMSC 7. SMSC 7 then delivers the short message to the addressed mobile terminal. When the local SMSC 7 receives the short message, it reads the address (the MSISDN or mobile terminal ISDN number or telephone number of the intended destination) and despatches the short message accordingly.
The SME terminal 5 is connected to the SMSC 7 by a fixed network 9 of suitable type.
When the terminal 3 sends or receives a short message, it will do this via the SMSC 7 of its network 1.
The telecommunications network 1 is also coupled to the Internet 11 for data communication therewith.
Mobile terminal 3 may, for example, include a wireless application protocol (WAP) browser 13 or other suitable means for allowing the running of applications from the Internet 11. The mobile terminal 3 may, for example, have facilities to allow a movie or music track to be downloaded and played using the terminal's display and/or audio speaker(s) .
A "content provider" 15 makes available to the user of terminal 3 via the Internet 11 (for example) and network 1 information that can be downloaded to the mobile terminal 3. The content provider 15 could, for example, provide movies, music tracks, ringing tone formats, games and activity applications, screen savers or imaging for multi-media messaging (MMS).
When the user of mobile terminal 3 identifies content that he wishes to obtain from the content provider 15, the mobile terminal 3 is used to send a request via the network 1 and the Internet 11 for the content from the content provider 15. The requested content is transmitted to the mobile terminal 3 via the Internet 11 and the network 1 in encrypted form such that the content is of no use to the mobile terminal 3 in the form that it is received. At this stage no charge has been made to the mobile terminal 3 for the content provided by content provider 15. If desired, the mobile terminal 3 may be used to onwardly transmit the encrypted content to other users in the network 1 and beyond. However, these other users will not be able to make use of the content as it is in encrypted form at this stage.
When the user of mobile terminal 3, or the user of any other terminal to which the content has been transmitted, wishes to make use of this content, they will be prompted by their terminal to purchase " rights " to make use of the content. If the user of the mobile terminal accepts the purchase, this is communicated in the form of an SMS or WAP call to a digital rights management (DRM) broker 17, via SMSC 7, and fixed network 9. The DRM broker 17 is a short message entity, similar to SME 5, and has an agreement with content provider 15 to provide licences for use of the content. The payment for the content could be made, for example, by deducting an appropriate amount from the account of the user of mobile terminal 3 with the network 1. When the payment has been made, licence information including a licence and content decryption key in the form of an SMSis sent to the mobile terminal 3 by DRM broker 17 via fixed network 9 and SMSC 7. The licence might, for example, grant the user of the mobile terminal 3 unlimited use of the content, or may restrict use of the content to be for a particular time period, depending on the price paid for the content by the user.
It is preferred to send the licence and content decryption key in the form of an SMS because an SMS must pass through the network operator's SMSC 7. The SMS may itself be of encrypted text for added security. Alternatively, or additionally, the SMS may be sent directly to the subscriber identity module (SIM) 19 associated with the mobile terminal 3 in a secure manner as an over the air (OTA) update. Y A potential problem of such an arrangement is that the user of mobile terminal 3 may be able to obtain the content decryption key from the information sent by the DRM broker 17 and make this available to other users of mobile terminals, allowing these other users to avoid paying for use of the content.
In the arrangement being described and in order to overcome this problem, the SIM 19 is provided with a private key of a public-private key pair during its manufacture. The I private key is stored in register 21 on the SIM 19. Other information stored on the SIM 19 includes a subscriber identity field (IMSI) stored in register 23 comprising data providing a unique identity of the SIM within the telecommunication system.
The private key is stored on the SIM 19 rather than the mobile terminal 3 so that the mobile terminal manufacturer does not need to create its own public-private key infrastructure (i.e. the cost of creating and certifying key-pairs). Also, the SIM 19 is a more secure storage medium for the private key than the mobile terminal.
It is important that the information stored on the SIM 19 cannot be copied. Secret information on the SIM 19 (for example, the IMSI and/or the private key or a function of one or both of them) is bound in a data binding process with other secret information, the binding of these two types of secret information being certified and digitally signed in a widely recognised way by a Certificate Authority. This "binding" operation will normally be carried out at the time when the SIM 19 is manufactured, and could be performed in the manner described in GB 0018279.0 ("Binding Data").
When it is desired to communicate with the mobile terminal 3 the digitally signed Certificate can be used to confirm the authenticity ofthe SIM 19 (i.e., confirm that the SIM 19 is a genuine SIM).
The information may be obtained from the Certificate Authority by referring to the telephone number of the mobile terminal 3, for example. Also associated with the telephone number at the Certificate Authority, or alternatively on another database, is the public key associated with the private key stored on the register 21 ofthe SIM 19.
The DRM broker 17 will optionally check the identity ofthe SIM 19 by referring to its Certificate. At this time, if the SIM 19 has become compromised in some way known to the operator of network 1, this can be notified to the DRM broker 17 so that it will not proceed with the transaction with the SIM 19.
The licence information provided by the DRM broker 17 is encrypted using the public key that the DRM broker 17 obtains from the relevant database, the obtained public key being the public key for the mobile terminal 3 requesting the content and not for any other mobile terminal 3. The encrypted licence information can be decrypted only by using the private key associated with the public key. Therefore, only the mobile terminal 3 is able to decrypt the content. Even if the user of mobile terminal 3 were able to transmit the encrypted licence information to other mobile terminals, this information would be of no use to those terminals as they would have a different private key and consequently would not be able to decrypt the licence information encrypted with the public key of mobile terminal 3.
When the DRM broker 17 obtains the public key from the relevant database, it may also obtain information identifying the type of mobile terminal or the particular mobile terminal (for example, the terminal's international mobile equipment identity number (IMEI)) associated with the public key. This information is useful because some mobile terminals may be poorly designed so that even encrypted data transmitted thereto would not be secure. If the mobile terminal requesting a licence from the DRM broker 17 is identified as not being secure, the DRM broker 17 could refuse to transmit the licence information.
Similarly, the database could include a field that indicated whether the mobile terminal is one that is known to have had its operating system compromised in some way. If the DRM 17 is made aware that the mobile terminal has been compromised it could refuse to transmit licence information.
If the mobile terminal 3 is deemed acceptably secure, encrypted licence information is transmitted to the mobile terminal 3. The encrypted licence information passes to the core operating system 25 of the mobile terminal 3. The core operating system 25 communicates with the SIM 19 and is operable to forward the received encrypted licence information to the SIM 19. The licence information including the content decryption key is decrypted using the private key stored on register 21 in the SIM 19.
Thus far an arrangement has been described in accordance with GB 0208453. 1 ("DRM SIM"). However, in accordance with an aspect of the present invention the licence information also includes a time value To (for example, a particular date and optionally a time on that date) indication when the encrypted content can be decrypted.
In this embodiment, the mobile terminal 3 includes a Primary Reference Clock(PRC) 26. The PRC 26 is used by the mobile telecommunication network 1 for various purposes. The time information provided by the PRC 26 is derived from signals received from the Global Positioning System (GPS) obtained via the mobile telecommunications network 1. The PRC 26 cannot be altered or interfered with by the user of the mobile terminal 3. The PRCis therefore a "trusted" clock. The time value from the PRC 26 will always be accurate as it is provided under control of the mobile telecommunications network 1.
Of course, other ways of securing a trusted time value are possible. For example, the PRC 26 could be provided by self-contained hardware incorporated into the mobile terminal 3. The PRC 26 may be a clock generator or "clock chip" which is set when the mobile terminal 3 is manufactured and designed so that the time generated cannot be changed by the user of the mobile terminal 3. A facility may be provided for periodically verifying the time output from the clock generator/chip with the time available from a third party (for example, from the network 1, in order to ensure accuracy over an extended period).
As an alternative to the time information provided by the PRC 26 being derived from signals received from the GPS, the signals maybe received from an alternative source - for example any reliable third party time source.
Timing information may be provided to the mobile terminal 3 when the mobile terminal 3 supports Unstructured Supplementary Service Data (USSD). This will allow the mobile terminal 3 to receive Network Identity and Timezone (NITZ) data via the network. This data includes information which allows the mobile terminal 3 to determine the current time and data at the location (timezone) of the mobile terminal 3.
The SIM 19 is configured to prevent the decrypted licence information being sent to the core operating system 25 until the time according to the PRC 26 is equal to or greater than the time To at which the encrypted data is allowed to be decrypted.
When the time according the PRC 26 is greater or equal to To, the SIM 19 sends the decrypted licence information to the core operating system 25 so that the core operating system 25 can decrypt the encrypted content using the content decryption key. The content decryption key cannot be accessed by parts of the mobile terminal 3 other than the core operating system 25,so less controlled applications running in "untrusted" parts of the mobile terminal (for example, hacker programs or viruses) will not be able to decrypt the content. These other parts of the mobile terminal 3 cannot access the SIM 19 independently of the core operating system 25 and cannot access communications between the core operating system 25 and the SIM 19.
The core operating system 25 is designed to follow any usage restrictions of the licence.
To discourage rogue DRM brokers illegitimately offering licences for content that is not theirs to licence, the network 1 could make a charge for the distribution of the SMS or MMS used to transmit the licence, which would deter the distribution of free illegitimate licences. Additionally, or alternatively, legitimate brokers could electronically sign licences, and the mobile terminal 3 could be configured to only accept licences signed by an approved DRM broker.
Figure 2 shows an alternative embodiment. In this embodiment a content provider supplies encrypted content data 27 to a consumer's personal computer (PC) 33 by use of the Internet, and a DRM broker or rights issuer 17 supplies licence information including a rights object 36 to the mobile terminal 3 by means of the mobile communications network 1.
At a time prior to predetermined time To, when the consumer identifies the content data 27 that he wishes to obtain from the content provider 15, a request is sent from the* PC 33 via the Internet 4 for the content data 27. The requested content data 27 is transmitted to the PC33 via the Internet 4 in encrypted form such that the content data 27 is of no use to the consumer in the form in which it is received. At this stage no charge has been made to the consumer for the content data provided by content provider 15. Also at a time preceding the predetermined time To the consumer may purchase the rights to make use of the content data 27. This purchase takes the form of a communication between the consumer and the rights issuer 17. The purchase of the rights object 36 may be by network 1 - for example by sending an SMS to the rights issuer 17. Alternatively, the purchase could be made using the consumer's PC 33 and this purchase could be communicated to the rights issuer 17 via the Internet 34.
The rights object 36 is transmitted to the user's mobile terminal 3 via the mobile communications network 1. The rights object 36 may be transmitted to the mobile terminal 3 in the form of a short message (SMS). Payment for the rights object 36 can then be debited from the consumer's mobile telephone account. By purchasing rights object 36 from the rights issuer 17 in this way the consumer indirectly also purchases the content data 27. When payment has been made, the rights object 36 including the decryption key for the encoded content data 27 is stored in the mobile terminal 3. The rights object 36 remains stored on the mobile terminal 3 until the predetermined time To In the upper section of Figure 2, the predetermined time To has not passed and hence the decryption key contained within the rights object 36 is stored on the mobile terminal 3. The data 27 therefore remains encrypted and cannot be decrypted by the PC33. The supply of the encrypted data 27 from the content issuer 15 to the PC33 by means of the Internet 4 and the supply of the rights obj ect 36 by the rights issuer 17 to the mobile terminal 3 by means of the mobile communications network 1 or Internet 4 t can occur in any order.
In the lower section of Figure 2 the predetermined time TO has been reached. At such a time, the rights object 36 is sent from the mobile terminal 3 to the PC33. The rights object 36 holds the decryption key for the data 27 and hence the data 27 can now be decrypted by the PC33 using the key.
Figure 3 shows a flow chart of the various steps performed by the apparatus shown in Figure 2.
The user of PC33 may view a list of content data available from the content provider 1 S. for example, by visiting the content provider's website. The user of PC33 selects content that the user wishes to download. At step A the encrypted content data 27 is communicated to the PC33 via the Internet 34. The PC33 stores the encrypted content data 27 in a suitable storage location such that it can be accessed and decrypted later (step B).
As discussed above, the encrypted content data 27, although it can be downloaded without charge, is of no use to the user of PC33. To make use of the encrypted content data 27 the user purchases the right to use the content data 27 from rights issuer 17. At step C the rights object 36 is purchased by the user and the purchased rights object 36 is transmitted to the user's mobile terminal 3 via the mobile telecommunications network 1. The rights object 36 is stored on the mobile terminal 3(step D), preferably in the SIM 19 - which allows additional security features described in relation to the first embodiment. At step E the user's mobile telephone account is debited by the rights issuer 17 in response to despatch of the rights object 36. The amount debited to the user's mobile telephone account is a charge not only for the rights object 36 but also for the encrypted content data 27. Appropriate arrangements will be madebetween the mobile telephone company, the content issuer and rights broker 17 for the user's payment to be distributed between them in an agreed manner.
As an alternative to step C (and E), the rights object 36 may be obtained by the mobile terminal 3 without requiring payment- step C'.
It should be appreciated that steps A and B can be performed after steps C (or C'), D and E. The order in which the encrypted content data 27 and the rights object 36 are obtained and stored is not important.
The mobile terminal 3 obtains the time To from the rights object 36 and compares this with the trusted time from the PRC26 at step F. If the time according to the PRC26 is before To, the rights object 36 is securely retained within the mobile terminal 3 - step G. It is thus not possible for the PC33 to decrypt the encrypted content data 27 stored thereon steps H and I. Step F is repeated until the time according to PRC26 is equal to or after To. When this occurs the mobile terminal 3 transmits the rights object 36 to the PC33 - step J. This transmission may be by any suitable communications link between the mobile terminal 3 and the PC33. For example, the rights object 36 could tee transmitted by an infra-red link, a cable link or any suitable wireless link, such as Bluetooth communication. The PC33 is then able to use the rights object 36 to decrypt the content data 27 (step K) and the content data 27 may then be accessed (step L). For example, if the content data is a movie, the user may view the movie on their PC.
In the embodiments the time value To is part ofthe decryption date/rights object 36.
The time value To could alternatively be communicated with the content data 27.
However, this is not preferred because the time value To will be less secure.
Claims (23)
1. Communication apparatus including receiving means for receiving encrypted content data over a communications network, receiving means for receiving decryption data over a communication network, at least one of the encrypted content data and the decryption data including a time value, decoding means for enabling decryption of the encrypted data using the decryption data, and control means for comparing said time value with a time indicator, wherein the control means only enables decryption of the encrypted data when said time value and said time indicator have a predetermined relationship.
2. The apparatus of claim 1, wherein the time indicator is a trusted time indicator that is resistant to unauthorised alteration.
3. The apparatus of claim 2, wherein the time indicator is provided by a clock signal generator associated with the or one of the receiving means.
4. The apparatus of claim 1, wherein the time indicator is derived from the or one of the communication networks.
5. The apparatus of claim 4, wherein the time indicator derived from the or one of the communication networks is a trusted time indicator provided under control of the communication network.
6. Communication apparatus including receiving means for receiving encrypted content data over a communications network, receiving means for receiving decryption data over a communication network, at least one of the encrypted content data and the decryption data including a time value, decoding means for enabling decryption of the encrypted data using the decryption data, and control means for comparing said time value with a time indicator derived from the or one of the communication networks, wherein the control means only enables decryption of the encrypted data when said time value and said time indicator have a predetermined relationship.
7. The apparatus of any one of the preceding claims wherein the or one of the communication networks comprises a mobile telecommunications network. i
8. The apparatus of claim 7, wherein the or one of the mobile telecommunication networks comprises a GSM or UMTS (3G) mobile telecommunication network.
9. The apparatus of claim 8, wherein the time indicator is derived from the Primary Reference Clock of the mobile telecommunications network.
10. The apparatus of any one of the preceding claims, wherein the encrypted content data and the decryption data are received over respective communication networks.
1 1. The apparatus of claim 10, wherein the communication network over which the encrypted content data is received comprises the Internet.
12. The communication apparatus of claim 11, wherein the receiver means for receiving the encrypted content data comprises a device for receiving data over the Internet.
13. The apparatus of any one ofthe preceding claims, wherein the receiving means for receiving the encrypted content data and the receiving means for receiving the decryption data are respective receiving means.
14. The apparatus of claim 13, wherein the receiving means for receiving the decryption data comprises the receiver means of a mobile telecommunications device.
15. A communication system including communication apparatus as claimed in any one of the preceding claims, content provider means for providing the encoded content data to the communication apparatus, and decryption data provider means for selectively providing decryption keys for allowing the decoding means to decrypt the encrypted data from the content provider means.
16. The system of claim 15, wherein said time value is set by the content provider means and corresponds to a predetermined time at which the encrypted content data may be decrypted.
17. The system of claim 15 or 16, wherein the content provider means is operable to provide said encrypted content data on request to the receiver means.
18. The system of claim 15,16 or 17, wherein the decryption data provider means includes means for determining identification data for the receiver means prior to transmission of the decryption data and for selectively providing the decryption data in dependence upon the identification data.
19. The system of claim 15,16,17 or 18, wherein the decryption data is provided by means of a short message.
20. A method of distributing content data to respective users, the method including transmitting encrypted content data to the respective users on request, selectively transmitting decryption data to the respective users, at least one of the encrypted content data and the decryption data including a time value, providing a trusted time indicator to the respective users so that the trusted time indicator can be compared with the time value, the one of the encrypted content data and the decryption data including the time value being such that decryption of the encrypted content data can only be performed when the time value and the time indicator have a predetermined relationship.
21. A communication device including receiving means for receiving decryption data over a communication network, the decryption data enabling decryption of encrypted data and including a time value; and control means for comparing said time value with a time indicator, wherein the control means only enables decryption ofthe encrypted data when said time value and said time indicator have a predetermined relationship. :
22. The communication device of claim 21, wherein the time indicator is derived from the communication network.
23. Communication apparatus, a communication system, or a method of distributing content data to respective users, substantially as hereinbefore described I with reference to and/or substantially as illustrated in any one of or any combination of the accompanying drawings.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GBGB0314595.0A GB0314595D0 (en) | 2003-06-23 | 2003-06-23 | Communication systems |
Publications (3)
Publication Number | Publication Date |
---|---|
GB0315133D0 GB0315133D0 (en) | 2003-08-06 |
GB2403382A true GB2403382A (en) | 2004-12-29 |
GB2403382B GB2403382B (en) | 2006-11-29 |
Family
ID=27637157
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GBGB0314595.0A Ceased GB0314595D0 (en) | 2003-06-23 | 2003-06-23 | Communication systems |
GB0315133A Expired - Fee Related GB2403382B (en) | 2003-06-23 | 2003-06-27 | Communication systems |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GBGB0314595.0A Ceased GB0314595D0 (en) | 2003-06-23 | 2003-06-23 | Communication systems |
Country Status (1)
Country | Link |
---|---|
GB (2) | GB0314595D0 (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2425374A (en) * | 2005-04-22 | 2006-10-25 | Vodafone Plc | Controlling data access |
CN100349088C (en) * | 2005-07-26 | 2007-11-14 | 华为技术有限公司 | Digital information controlling method |
US20070294774A1 (en) * | 2006-06-20 | 2007-12-20 | Samsung Electronics Co., Ltd. | Apparatus and method for controlling digital rights object in portable terminal |
EP2061228A1 (en) | 2007-10-31 | 2009-05-20 | Echostar Technologies Corporation | Process and system for pre-downloading video event data |
US7812854B1 (en) | 2006-09-05 | 2010-10-12 | Sprint Spectrum L.P. | Digital rights management for mobile devices |
CN101183931B (en) * | 2005-07-26 | 2012-01-11 | 华为技术有限公司 | Numerical information control method |
US8121295B1 (en) | 2008-03-28 | 2012-02-21 | Sprint Spectrum L.P. | Method, apparatus, and system for controlling playout of media |
US10445031B2 (en) * | 2016-11-11 | 2019-10-15 | Konica Minolta, Inc. | Image forming system and print log management method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997021162A1 (en) * | 1995-12-04 | 1997-06-12 | Northern Telecom Limited | Time-based availability of data on a storage medium |
EP1043878A2 (en) * | 1999-04-09 | 2000-10-11 | Sony Corporation | Information processing apparatus and method, information management apparatus and method and information providing medium |
WO2003012611A1 (en) * | 2001-08-01 | 2003-02-13 | Sony Electronics, Inc. | An apparatus for and method of invalidating or deleting digital conten after it expires by comparing the embedded time with a global time |
-
2003
- 2003-06-23 GB GBGB0314595.0A patent/GB0314595D0/en not_active Ceased
- 2003-06-27 GB GB0315133A patent/GB2403382B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997021162A1 (en) * | 1995-12-04 | 1997-06-12 | Northern Telecom Limited | Time-based availability of data on a storage medium |
EP1043878A2 (en) * | 1999-04-09 | 2000-10-11 | Sony Corporation | Information processing apparatus and method, information management apparatus and method and information providing medium |
WO2003012611A1 (en) * | 2001-08-01 | 2003-02-13 | Sony Electronics, Inc. | An apparatus for and method of invalidating or deleting digital conten after it expires by comparing the embedded time with a global time |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2425374A (en) * | 2005-04-22 | 2006-10-25 | Vodafone Plc | Controlling data access |
CN100349088C (en) * | 2005-07-26 | 2007-11-14 | 华为技术有限公司 | Digital information controlling method |
CN101183931B (en) * | 2005-07-26 | 2012-01-11 | 华为技术有限公司 | Numerical information control method |
US20070294774A1 (en) * | 2006-06-20 | 2007-12-20 | Samsung Electronics Co., Ltd. | Apparatus and method for controlling digital rights object in portable terminal |
US8978145B2 (en) * | 2006-06-20 | 2015-03-10 | Samsung Electronics Co., Ltd | Apparatus and method for controlling digital rights object in portable terminal |
US7812854B1 (en) | 2006-09-05 | 2010-10-12 | Sprint Spectrum L.P. | Digital rights management for mobile devices |
EP2061228A1 (en) | 2007-10-31 | 2009-05-20 | Echostar Technologies Corporation | Process and system for pre-downloading video event data |
US8121295B1 (en) | 2008-03-28 | 2012-02-21 | Sprint Spectrum L.P. | Method, apparatus, and system for controlling playout of media |
US10445031B2 (en) * | 2016-11-11 | 2019-10-15 | Konica Minolta, Inc. | Image forming system and print log management method |
Also Published As
Publication number | Publication date |
---|---|
GB2403382B (en) | 2006-11-29 |
GB0315133D0 (en) | 2003-08-06 |
GB0314595D0 (en) | 2003-07-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1495409B1 (en) | Method and system for distribution of encrypted data in a mobile network | |
JP4824309B2 (en) | Method for monitoring digital content provided by a content provider via a network | |
RU2395166C2 (en) | Method for provision of access to coded content of one of multiple subscriber systems, device for access provision to coded content and method for generation of protected content packets | |
EP2271140B1 (en) | Robust and flexible Digital Rights Management (DRM) involving a tamper-resistant identity module | |
EP1513040B1 (en) | System and method for distributing content access data | |
US7149545B2 (en) | Method and apparatus for facilitating over-the-air activation of pre-programmed memory devices | |
EP1513113B2 (en) | System and method for providing secured communication based on smart cards | |
US7240033B2 (en) | Information providing apparatus and method, information processing apparatus and method, program storage medium, program, and information providing system | |
KR101299934B1 (en) | Method of providing rights data objects | |
US9043242B2 (en) | Information providing apparatus and method, information processing apparatus and method, program storage medium, program, and information providing system | |
WO2007144388A1 (en) | A method for restricting access to digital content | |
CN100490374C (en) | Contents distribution system, method thereof, server, user terminal, encryption device, managing device and streaming device | |
JP2007507012A (en) | Method for automatically generating personalized data and / or programs with restricted access | |
JP2008523766A (en) | Authority in cellular communication systems | |
KR20100088966A (en) | Method for playing drm contents and managing of license in a portable device and a apparatus therefor | |
GB2403382A (en) | Digital Rights Management (DRM) system providing licences to use encrypted content only after a predetermined time | |
US20130104241A1 (en) | Devices for Controlling Rendering Protected Content and Related Methods | |
CN101375543B (en) | Via server by right objects the apparatus and method from an equipment moving to another equipment | |
EP1335266B1 (en) | Distribution and management process and system for mobile terminals for use rights associated with a purchased content. | |
US20060014521A1 (en) | Data protection method and system using the same | |
KR100579809B1 (en) | Service System and Method for Direct Charging of Push Type Contents and Mobile Communication Terminal | |
KR100614749B1 (en) | Method for downloading and playing contents in mobile phone | |
KR100874933B1 (en) | How to create a relay file for the distribution of digital content | |
JP2001211161A (en) | Content distributing method, computer and device for content distribution system, and control method thereof | |
KR20040049453A (en) | Method for delivering digital content |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20170627 |