HK1069234B - Method, apparatus and system for securely providing material to a licensee of the material - Google Patents

Method, apparatus and system for securely providing material to a licensee of the material Download PDF

Info

Publication number
HK1069234B
HK1069234B HK05101752.1A HK05101752A HK1069234B HK 1069234 B HK1069234 B HK 1069234B HK 05101752 A HK05101752 A HK 05101752A HK 1069234 B HK1069234 B HK 1069234B
Authority
HK
Hong Kong
Prior art keywords
license
key
encrypted
content key
content
Prior art date
Application number
HK05101752.1A
Other languages
Chinese (zh)
Other versions
HK1069234A1 (en
Inventor
戴维.科利尔
Original Assignee
Rovi Solutions Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/081,173 external-priority patent/US7299209B2/en
Application filed by Rovi Solutions Corporation filed Critical Rovi Solutions Corporation
Publication of HK1069234A1 publication Critical patent/HK1069234A1/en
Publication of HK1069234B publication Critical patent/HK1069234B/en

Links

Description

Method, apparatus and system for securely providing material to licensee of material
Technical Field
The present invention relates generally to techniques for preventing unauthorized use of material, and more particularly to a method, apparatus and system for securely providing material to a person authorized to the material.
Background
The document provider is required to compensate for the use of its document or content. Unauthorized use escapes the consideration paid by these providers. Accordingly, techniques to prevent such unauthorized use have been and will continue to be developed. However, once new technologies are developed and implemented, dishonest users seek to bypass these technologies to avoid remuneration to the content provider. Therefore, the development of techniques for preventing unauthorized use of data is kept ahead.
Disclosure of Invention
It is therefore an object of the present invention to provide a method for securely providing material to a licensee of the material.
It is a further object of the invention to provide an apparatus for securely providing material to a licensee of the material.
It is a further object of this invention to provide a system for securely providing material to a licensee of the material.
These and further objects are achieved by various aspects of the present invention which employ at least one dual-key method for enhanced security. Briefly described, one aspect is a method for securely providing material to a licensed person of the material, comprising: providing at least one license key to a licensed person of the material; providing the licensee with material encrypted with at least one content key; and providing the licensee with at least one content key encrypted with the at least one license key.
Another aspect is an apparatus for securely providing material to a licensed person of the material. The apparatus comprises at least one server configured to send at least one license key to a client device operable by a licensee of the material; sending material encrypted with at least one content key to the client device; and sending the at least one content key encrypted with the at least one license key to the client device.
Another aspect is a system for securely providing material to a licensed person of the material. The system comprises: a client device operable by a licensee of the material; and at least one server configured to send at least one license key, material encrypted with at least one content key, and at least one content key encrypted with the at least one license key to the client device.
Yet another aspect is a method for securely providing material to a licensed person of the material, comprising: providing a license and a license key corresponding to the license to the usage material; providing said material encrypted with a content key; and providing a content key encrypted with the license key.
Yet another aspect is a method for securely providing material to a licensed person of the material, comprising: receiving a license to use the material and a license key corresponding to the license; receiving material encrypted with a content key; receiving a content key encrypted with the license key; decrypting a content key with the license key; and decrypting the encrypted material using the decrypted content key.
Other objects, features and advantages of the various aspects of the present invention will become apparent from the following description of the preferred embodiments of the invention, which is to be read in connection with the accompanying drawings.
A method for securely providing material to a licensed person of the material, comprising: providing at least one license key to a licensed person of the material; providing said material encrypted with at least one content key to said licensee in at least one MPEG-4 bitstream; and providing the at least one content key encrypted with the at least one license key to the licensee in an intellectual property management and protection stream provided with the material.
An apparatus for securely providing material to a licensee of the material, comprising at least one server configured to: sending at least one license key to a client device operable by a licensee of the material; transmitting said encrypted content with at least one content key to said client device in at least one MPEG-4 bitstream; and sending at least one content key encrypted with the at least one license key to the client device in an intellectual property management and protection stream provided with the material.
A system for securely providing material to a licensed person of the material, comprising: a client device operable by a licensee of the material; and at least one server configured to send to the client device at least one license key, the material in at least one MPEG-4 bitstream encrypted with at least one content key, and at least one content key in an intellectual property management and protection stream provided with the material encrypted with at least one license key.
A method for securely providing material to a licensed person of the material, comprising: providing a license to use the material and a license key corresponding to the license; providing said material encrypted with a content key in at least one MPEG-4 bitstream; and providing the content key encrypted with the license key in an intellectual property management and protection stream provided with the material.
A method for securely providing material to a licensed person of the material, comprising: receiving a license to use the material and a license key corresponding to the license; receiving said material encrypted with a content key in at least one MPEG-4 bitstream; receiving the content key encrypted with the license key in an intellectual property management and protection stream provided with the material; decrypting the encrypted content key using the license key; decrypting the encrypted material using the decrypted content key.
Drawings
FIG. 1 shows a flow diagram of a method for securely providing material to a licensee of the material, such as through one or more servers, utilizing aspects of the invention;
FIG. 2 illustrates a flow diagram of a method for securely providing material to a licensee of the material, such as by a client, utilizing aspects of the present invention;
fig. 3-5 show block diagrams of three systems for securely providing material to a licensee of the material using aspects of the present invention.
Detailed Description
The term "audio-video content" or "A/V content" as used herein includes audio, video and other multimedia content including moving images, music, spoken words, photographs and printed text; "materials" and "content" are used interchangeably and include A/V and other executable content such as computer programs or software; by "proprietary material" (preprietrymentarial) is meant that the material is subject to contractual or intellectual property law protection.
As an example, FIG. 1 shows a flow diagram of a method for securely providing material to a licensee of the material, which may be performed by one or more servers. In step 101, a request for content or material is received from a client. The client may in this case be a person or a client device such as a computer, set-top box, network accessory, wireless communication device like a personal digital assistant ("PDA"), or other type of electronic equipment. Along with the content request identifying the requested content (e.g., a movie or music title), information identifying the client device or its operator may also be provided. In the case of a client device this may take the form of a host or network interface card identification number, in the case of an operator this may take the form of a credit card number or user identification and password. To establish secure communications between electronic devices, a public key "KU" may also be provided along with the content request. In this case, a conventional authentication and key exchange procedure may be performed to establish a secure channel.
At step 102, the transaction is authorized in a conventional manner. This preferably takes the form of a general verification that the requester or the operator of the customer has paid for the requested content appropriately and is not otherwise prohibited from receiving the content. The payment may be with a credit card with conventional bank confirmation. In addition, the requester may first be required to accept the terms of a license agreement by clicking a button (click-the-button) or other conventional means before the transaction is authorized.
At step 103, the customer is provided with a license specifying the usage rights purchased by the requestor in detail. The usage rights may include a number of conventional terms such as the number of times a movie, music recording, electronic book, entertainment item or software program is allowed to be viewed or played. They may also include such things as allowed time periods for viewing or playing. U.S. patent No. 5715403, entitled "system for controlling the distribution and use of a digital work having additional usage rights defined by a usage rights grammar," which is incorporated by reference in its entirety in this application, gives many examples of such usage rights.
At step 104, when a license is provided to the customer, at least one license key "KL" corresponding to the license is preferably provided. As will be discussed in more detail below, one primary use of the at least one license key is to provide a second level of security by encrypting at least one content key "KC" with which the requested content is encrypted before being sent to the client. In one embodiment of the invention, the at least one license key is comprised of a plurality of license keys that encrypt the at least one content key one at a time in a predetermined manner.
At step 105, at least one content key is conventionally generated. At step 106, at least one content key is encrypted with the at least one license key in a conventional manner. Wherein the at least one license key consists of a plurality of license keys for encrypting and decrypting the at least one content key, the plurality of license keys preferably being used one at a time in a predetermined manner for such encryption and corresponding decryption. For example, the at least one content key may be used on a periodically recurring time reference for encrypting and decrypting them. Thus, enhanced security is provided with this approach due to the many possible combinations of the license and content key.
In step 107, the requested material is encrypted with at least one content key "KC" in a conventional manner. Here, the at least one content key consists of a plurality of content keys for encrypting and decrypting the requested material, which are preferably used one at a time in a predetermined manner for such encryption and corresponding decryption, depending on the application. In step 108, the content key encrypted with the license key (also referred to herein simply as the "encrypted content key") and the material encrypted with the at least one content key (also referred to herein simply as the "encrypted material" or "encrypted content") are provided to the client, either separately or simultaneously. The order of the separate transactions is generally not important. The encrypted material may be provided as a file or streaming media (streamingmedia).
In an example of an application in which the requested content or material is included in at least one MPEG-4 bitstream, such as a video or audio bitstream thereof, the at least one content key is comprised of a plurality of content keys that are used one at a time in a predetermined manner for encrypting the corresponding time period of the material. Alternatively, they may be used one at a time in a predetermined manner in order to encrypt the corresponding portion of the material. In this case, the at least one content key is encrypted with at least one license key and included in an IPMP ("intellectual property management and protection") stream, which is provided to the licensee along with the material included in the MPEG-4 bitstream encrypted with the at least one content key. In this case, the at least one content key is conventionally mapped to the corresponding portion of the material included in the at least one MPEG-4 bitstream encrypted with the at least one content key by means of the IPMP descriptor associated with the corresponding portion.
Fig. 2 illustrates a flow chart of a method for securely providing material to a secured person of the material, which may be performed by a client and which is complementary to the method described with reference to fig. 1. In step 201, a client issues a request for content or material. The client may in this case be a person or a client device such as a computer, set-top box, network accessory, wireless communication device like a PDA or other type of electronic equipment. Along with the content request identifying the requested content (e.g., a movie or music title), information identifying a client device or its operator may also be provided. In the case of a client device this may take the form of a host or network interface card identification number, in the case of an operator this may take the form of a credit card number or user identification and password. To establish secure communications between electronic devices, a public key "KU" may also be provided along with the content request. In this case, a conventional authentication and key exchange procedure may be performed to establish a secure channel, thereby providing a third level of security through 3 key levels (i.e., KU, KL, and KC).
At step 202, a license specifying the usage rights purchased by the requestor is received. At step 203, at least one license key "KL" corresponding to the license is also received, either along with the license or in a separate transaction. At step 204, the requested material encrypted with at least one content key is received. At step 205, at least one content key encrypted with at least one license key is received, either with the encrypted material or in a separate transaction. When the encrypted material and the at least one encrypted content key are received in separate transactions, the order in which they are received is generally unimportant. When the encrypted at least one content key is provided with the encrypted material as described in the case of the above-mentioned MPEG-4 example, the encrypted at least one content is extracted from the combination.
At step 206, the at least one content key is decrypted with the at least one license key in a conventional manner. Where the at least one content key is comprised of a plurality of content keys and/or the at least one license key is comprised of a plurality of license keys, such decryption generally follows a process complementary to the manner of decryption described with reference to step 106 of fig. 1. The encrypted content or material is then decrypted in step 207 using at least one content key in a conventional manner. Here, the at least one content key is composed of a plurality of content keys, and such decryption generally follows a process complementary to the decryption described with reference to step 107 in fig. 1. At step 208, the content is used in accordance with the license using conventional control software installed on the client device. The license can be made available to the control software for effective activation, in which case the at least one license key can also be used in the specific application. Fig. 3-5 show block diagrams of exemplary systems for securely providing material to a licensed person of the material. In fig. 3, a server 301 performs the method described with reference to fig. 1, and a client 302 performs the method described with reference to fig. 2. In this case, all transmissions between the server 301 and the client 302 are over a communications medium 303, which may be, for example, the Internet or a direct connection via cable, satellite, digital subscriber line ("DSL"), or other telephone modem.
In fig. 4, the server 401 likewise performs the method described with reference to fig. 1, and the client 402 likewise performs the method described with reference to fig. 2. In this case, however, some portions of the methods described with reference to fig. 1 and 2 (e.g., the request for content, and the transfer of encrypted content and encrypted at least one content key) are passed through a communication medium 403, while other portions of the methods described with reference to fig. 1 and 2 (e.g., the transfer of licenses and license keys) are passed through another communication medium 404 for additional security.
In fig. 5, servers 501 and 503 jointly perform the method described with reference to fig. 1, while client 502 performs the method described with reference to fig. 2. In this system, the server 501 acts as a content or data providing server, as it preferably performs part of the method described with reference to steps 101, 102 and 105 to 108 of FIG. 1. On the other hand, server 503 acts as a license server, since it preferably performs part of the method described with reference to the remaining steps 103 and 104 in fig. 1. Other arrangements of the multi-server system are equally well contemplated within the full scope of the present invention. U.S. patent No. 6202056B 1, entitled "method for computer network operation to provide a basis for royalties" incorporated by reference in its entirety herein, is merely one example of a multi-server system in which the present invention may be used.
While various aspects of the present invention have been described with reference to specific embodiments thereof, it will be understood that the invention is entitled to full protection within the full scope of the appended claims.

Claims (47)

1. A method for securely providing material to a licensed person of the material, comprising:
providing at least one license key to a licensed person of the material;
providing said material encrypted with at least one content key to said licensee in at least one MPEG-4 bitstream; and
the at least one content key encrypted with the at least one license key is provided to the licensee in an intellectual property management and protection stream provided with the material.
2. The method of claim 1, further comprising providing a license to authorize said licensed person to use said material.
3. The method of claim 2, wherein the license includes a plurality of usage rights with respect to using the material.
4. The method of claim 2, wherein the at least one license key is provided to the licensee with the license.
5. The method of claim 1, wherein said providing at least one license key to a licensee of the material comprises providing at least one license key to the licensee encrypted with a public key of the licensee.
6. The method of claim 1, wherein the at least one license key and the material encrypted with the at least one content key are provided to the licensee by transmitting them through different communication channels.
7. The method of claim 1, wherein the at least one content key encrypted with the at least one license key and the material encrypted with the at least one content key are provided to the licensee by transmitting them over a certified secure channel.
8. The method of claim 1, wherein providing the material encrypted with the at least one content key to the licensee comprises encrypting the material with the at least one content key in real time, and providing the material encrypted with the at least one content key to the licensee by streaming the material in a data stream.
9. The method of claim 1, wherein the at least one content key encrypted with the at least one license key is mapped to the corresponding portion of the material included in the at least one MPEG-4 bitstream encrypted with the at least one content key by an intellectual property management and protection descriptor associated with the corresponding portion.
10. The method of claim 1, wherein the at least one content key comprises a plurality of content keys for encrypting and decrypting a corresponding portion of the material.
11. The method of claim 1, wherein the at least one content key comprises a plurality of content keys for encrypting and decrypting a corresponding time period of the material.
12. The method of claim 11, wherein the plurality of content keys are used one at a time in a predetermined manner for encrypting and decrypting the corresponding time period of the material.
13. The method of claim 1, wherein the at least one license key comprises a plurality of license keys for encrypting and decrypting the at least one content key.
14. The method of claim 13, wherein the plurality of license keys are used one at a time in a predetermined manner for encrypting and decrypting the at least one content key.
15. An apparatus for securely providing material to a licensee of the material, comprising at least one server configured to:
sending at least one license key to a client device operable by a licensee of the material;
transmitting said encrypted content with at least one content key to said client device in at least one MPEG-4 bitstream; and
at least one content key encrypted with the at least one license key is sent to the client device in an intellectual property management and protection stream provided with the material.
16. The apparatus of claim 15, wherein said at least one server is further configured to send a license authorizing said licensed person to use said material.
17. The apparatus of claim 16, wherein the license includes a plurality of usage rights with respect to using the material.
18. The apparatus of claim 16, wherein the at least one server is further configured to establish a secure channel with the client device that is authenticated, and to transmit at least one license key to the client device along with the license over the secure channel.
19. The apparatus of claim 15, wherein the at least one server comprises: a license server configured to send at least one license key to said client device; and a data providing server configured to transmit the material encrypted with at least one content key and at least one content key encrypted with the license key to the client apparatus.
20. The apparatus of claim 15, wherein the at least one content key encrypted with the at least one license key is mapped to the corresponding portion of the material included in the at least one MPEG-4 bitstream encrypted with the at least one content key by an intellectual property management and protection descriptor associated with the corresponding portion.
21. The apparatus of claim 15, wherein the at least one content key comprises a plurality of content keys for encrypting and decrypting a corresponding portion of the material.
22. The apparatus of claim 15, wherein the at least one content key comprises a plurality of content keys for encrypting and decrypting a corresponding time period of the material.
23. The apparatus of claim 22, wherein the plurality of content keys are used one at a time in a predetermined manner for encrypting and decrypting the corresponding time period of the material.
24. The apparatus of claim 15, wherein the at least one license key comprises a plurality of license keys for encrypting and decrypting the at least one content key.
25. The apparatus of claim 24, wherein the plurality of license keys are used one at a time in a predetermined manner for encrypting and decrypting the at least one content key.
26. A system for securely providing material to a licensed person of the material, comprising:
a client device operable by a licensee of the material; and
at least one server configured to send to said client device at least one license key, said material in at least one MPEG-4 bitstream encrypted with at least one content key, and at least one content key in an intellectual property management and protection stream provided with said material encrypted with at least one license key.
27. The system of claim 26, wherein said at least one server is further configured to send a license to said client device to authorize said licensed person to use said material.
28. The system of claim 27, wherein the license includes a plurality of usage rights with respect to using the material.
29. The system of claim 27, wherein the at least one server is further configured to establish a certified secure channel with the client device and to send at least one license key to the client device along with the license over the secure channel.
30. The system of claim 26, wherein the at least one server comprises: a license server configured to send at least one license key to said client device; and a data providing server configured to transmit the material encrypted with at least one content key and at least one content key encrypted with the license key to the client apparatus.
31. The system of claim 26, wherein the at least one content key encrypted with the at least one license key is mapped to the corresponding portion of the material included in the at least one MPEG-4 bitstream encrypted with the at least one content key by an intellectual property management and protection descriptor associated with the corresponding portion.
32. The system of claim 26, wherein the at least one content key comprises a plurality of content keys for encrypting and decrypting a corresponding portion of the material.
33. The system of claim 26, wherein the at least one content key comprises a plurality of content keys for encrypting and decrypting a corresponding time period of the material.
34. The system of claim 33, wherein the plurality of content keys are used one at a time in a predetermined manner for encrypting and decrypting the corresponding time period of the material.
35. The system of claim 26, wherein the at least one license key includes a plurality of license keys for encrypting and decrypting the at least one content key.
36. The system of claim 35, wherein the plurality of license keys are used one at a time in a predetermined manner for encrypting and decrypting the at least one content key.
37. The system of claim 26, wherein the client device is configured to:
decrypting the at least one content key encrypted using the license key; and
decrypting the material encrypted using the at least one content key.
38. The system of claim 37, wherein the client device is further configured to receive the license key from the at least one server along with a license authorizing the licensed person to use the material.
39. The system of claim 38, wherein the license includes a plurality of usage rights with respect to using the material.
40. The system of claim 39, wherein the client device is further configured to use the profile based only on a plurality of usage rights of the licensee.
41. A method for securely providing material to a licensed person of the material, comprising:
providing a license to use the material and a license key corresponding to the license;
providing said material encrypted with a content key in at least one MPEG-4 bitstream; and
the content key encrypted with the license key is provided in an intellectual property management and protection stream provided with the material.
42. The method of claim 41, wherein the license includes a plurality of usage rights with respect to using the material.
43. The method of claim 41, wherein the license, license key, encrypted material, and encrypted content key are provided to the client requesting the material by electronically transmitting them.
44. A method for securely providing material to a licensed person of the material, comprising:
receiving a license to use the material and a license key corresponding to the license;
receiving said material encrypted with a content key in at least one MPEG-4 bitstream;
receiving the content key encrypted with the license key in an intellectual property management and protection stream provided with the material;
decrypting the encrypted content key using the license key;
decrypting the encrypted material using the decrypted content key.
45. The method of claim 44, wherein the license includes a plurality of usage rights with respect to using the material.
46. The method of claim 44, wherein the encrypted content key is received with the encrypted material.
47. The method of claim 44, wherein the license, license key, encrypted material, and encrypted content key are received electronically.
HK05101752.1A 2001-10-18 2002-10-17 Method, apparatus and system for securely providing material to a licensee of the material HK1069234B (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US34680201P 2001-10-18 2001-10-18
US60/346,802 2001-10-18
US10/081,173 US7299209B2 (en) 2001-10-18 2002-02-22 Method, apparatus and system for securely providing material to a licensee of the material
US10/081,173 2002-02-22
PCT/US2002/033072 WO2003034193A2 (en) 2001-10-18 2002-10-17 Method, apparatus and system for securely providing material to a licensee of the material

Publications (2)

Publication Number Publication Date
HK1069234A1 HK1069234A1 (en) 2005-05-13
HK1069234B true HK1069234B (en) 2006-09-01

Family

ID=

Similar Documents

Publication Publication Date Title
CN1256636C (en) Method, apparatus and system for securely providing data to licensees of the data
AU2002351508A1 (en) Method, apparatus and system for securely providing material to a licensee of the material
EP3770778B1 (en) Use of media storage structure with multiple pieces of content in a content-distribution system
US8934624B2 (en) Decoupling rights in a digital content unit from download
KR100467929B1 (en) System for protecting and managing digital contents
EP0999488B1 (en) Self-protecting documents
US7260557B2 (en) Method and apparatus for license distribution
US7801820B2 (en) Real-time delivery of license for previously stored encrypted content
CN100576148C (en) Systems and methods for providing secure server key operations
US20040139312A1 (en) Categorization of host security levels based on functionality implemented inside secure hardware
CN1194548C (en) Secure data transmission system and method
WO2006109982A1 (en) License data structure and license issuing method
CN1305310C (en) Device and method for selectively supplying access to a service encrypted using a control word and smart card
CN1592876A (en) Method and system for digital rights management in content distribution applications
JP4987978B2 (en) Digital content supply system using digital fingerprinting
HK1069234B (en) Method, apparatus and system for securely providing material to a licensee of the material
JP4959796B2 (en) Method and system for providing content subscription service