JP2008529339A - Method for preventing unauthorized distribution of content in a DRM system for commercial or personal content - Google Patents

Abstract

  The present invention relates to a method, apparatus and system for preventing unauthorized distribution of content items in a network including a compliant device 102. The basic idea of the present invention is to link an authorization to create a content right 111 for a specific content item to a specific user 109 or a specific group of users. A content ID certificate 106 signed by an authorized certificate authority 103 and having a content ID, a fingerprint of the content item, and a public key of the user who brought the content item into the network in the network of compliant devices. By employing, a content provider can be considered authorized to create content rights for the particular content item after various checks of the certificate. As a result, unauthorized introduction and distribution of content in the network is prevented.

Description

  The present invention relates to a method, apparatus and system for preventing unauthorized distribution of content items in a network including compliant devices.

  In conventional DRM systems, content rights are associated with content items such as audio files, moving images, electronic books, and the like. Content rights typically include rules (eg, playback, duplication, distribution, etc.) and the necessary encryption keys to encrypt / decrypt associated content items. Content rights should be transferred only to devices that are operated and compliant by appropriate user rights, i.e., users who have the right to identify who can use the content rights. Note that content rights and user rights can be merged into one single license, as is known from the Open Mobile Alliance (OMA) DRM. A compliant device conforms to a predetermined standard and follows specific operating rules. The compliant device communicates using a specific protocol, thus responding to the presented questions and requests in the expected manner. A compliant device is considered trusted, which means, for example, that the compliant device does not illegally output content to the digital interface and that the owner of the device is not important. Device compliance management, ie compliant device identification, device renewability and device revocation, can be achieved by using known techniques.

  In general, content providers do not want to authorize a user to create their own content rights due to the risk of uncontrollable delivery of commercial content items. As a result, the content provider digitally signs the content rights before distribution. In addition, the compliant device must be forced to verify the title of the content right and reject the content right that has not been properly signed by the content provider. Typically, the device is included in a network or domain.

  The above approach is appropriate for DRM systems where only content providers deliver content rights. However, if a user wishes to bring a personal content item, such as a photo or home video, the user must engage the content provider to create content rights for the personal content item. Don't be. This is undesirable because the content provider should not be able to control personal content. In DRM systems where commercial content items and personal content items are distributed, the compliant device can be authorized to create content rights for specific personal content items. This content right can be signed by the compliant device, and if not signed, the compliant device should reject this content right. This has the effect that personal content can only enter the network of the device via the compliant device. In an environment with more stringent security requirements, the content right can be signed by an independent trusted third party authority, i.e. a party trusted by the involved communication party.

  A problem to be solved in a conventional DRM system where commercial content items and personal content items are brought in is that they are susceptible to attacks involving replacement of content item identifiers. The content item identifier uniquely identifies the corresponding content item in the system.

  In a DRM system in which commercial content items and personal content items are distributed, a user is authorized to create content rights for a particular personal content item, the content rights being either by the compliant device described above or by the user himself So that the user is effectively a content provider in his own right. A user can also obtain a commercial content item from a content provider and bring the commercial content item into the system. A malicious user can replace the specific personal content item for a commercial content item after creation of the content rights associated with the specific personal content item. This entails hacking the compliant device to obtain a key to decrypt the commercial content item, resulting in the commercial content item being cleared. The malicious user must in this case re-encrypt commercial content obtained illegally using a content key present in the content right associated with the specific personal content. Thereafter, the re-encrypted commercial content item is associated with a content identifier of the specific personal content item. The malicious user can then use this commercial content item with the same rights as the user's own personal content item. As a highly undesirable result, a large number of commercial content items can be brought into the network when encrypted with a leaked content key.

  Therefore, to avoid this attack, a secure link between the content item and the corresponding content item identifier is required. This is solved by adopting a content fingerprint. These fingerprints are used to uniquely identify the content referenced by the fingerprint. A known method for generating a fingerprint is described in detail in International Patent Application Publication WO 02/065782, which belongs to the applicant of this patent application. The compliant device adds fingerprint information to the content right before signing. If a content right is used, the compliant device must check whether the fingerprint information contained in the content right is also found in the actual content item. If the fingerprint information is not found in the actual content item, the content right must be rejected.

  However, the remaining problem with the approach of employing fingerprints is that it does not prevent users from illegally bringing and distributing commercial content to the network. As can be seen from the above description, in a DRM system where commercial content items and personal content items are brought in and distributed, the user can create content rights for any content item.

  An object of the present invention is to provide a method, apparatus and system for solving the problems given above and preventing unauthorized distribution of commercial content.

  This object is achieved by a method according to claim 1, a device according to claim 9, a method according to claim 11, a device according to claim 13 and a system according to claim 14.

  According to a first aspect of the present invention, a content identifier certificate (at least comprising unique content identification data for content items brought into the network and an identifier of a content introducer that brought the content item into the network) A method is provided comprising the step of creating a content identifier certificate. Furthermore, the method comprises the step of signing the content identifier certificate, so that it is ensured that the content introducer identified by the identifier has brought the content item into the network.

  According to a second aspect of the present invention, there is provided means for creating a content identifier certificate having at least unique content identification data for a content item brought into the network and an identifier of a content introducer that brought the content item into the network. An apparatus is provided. Further, the apparatus has means for signing the content identifier certificate.

  According to a third aspect of the invention, receiving a content identifier certificate having at least the unique content identification data for a content item brought into the network and the identifier of the content introducer that brought the content item into the network. The content identifier certificate is signed by an authorized certificate authority. Further, the method includes the step of verifying the signed content identifier certificate when a content provider requests to create a content right for the brought-in content item.

  According to a fourth aspect of the present invention, means for receiving a content identifier certificate having at least unique content identification data for a content item brought into the network and an identifier of a content introducer that brought the content item into the network. And the content identifier certificate is signed by an authorized certificate authority. The device further comprises means for verifying the signed content identifier certificate when a content provider requests to create a content right for the brought-in content item.

  According to a fifth aspect of the present invention, a content identifier certificate is created having at least the unique content identification data for a content item brought into the network and the identifier of the content introducer that brought the content item into the network. A system having at least one compliant device configured is provided. In addition, the system has an authorized certificate authority configured to sign the content identifier certificate.

  The basic idea of the present invention is to link authorizations to create content rights for specific content items to specific users or groups of users. In DRM systems where commercial content items and personal content items are brought in and distributed, a user is authorized to create content rights for a particular personal content item, and therefore in effect in the user's own rights. Become a content provider. Since the compliant device does not have access to information about ownership of the content item, any user can create a content right for any content item. According to the invention, a content identifier (ID) certificate is brought into the network of the compliant device. The content ID certificate has unique content identification data for a specific associated content item. The unique content identification data includes, for example, a content ID and a fingerprint of a specific content item associated with the content ID. The certificate is signed by a unit authorized by the content provider, and the unit is hereinafter referred to as a certificate authority (CA). Note that the CA may be a trusted third party, but may alternatively be a trusted compliant device in which the authority to sign the certificate is distributed. This signature is performed to prevent a malicious user from tampering with the content ID certificate. Whenever a user wishes to access a corresponding content item using a content right, the compliant device on which the content item is to be rendered verifies the correctness of the signature of the content ID certificate, and The actual fingerprint of the content item is compared with the fingerprint included in the content ID certificate. In the prior art, the content right can be used to access the content item if a match exists.

  As described above, since the content item fingerprint is included in the content ID certificate, a content ID replacement attack is prevented. However, unauthorized introduction and distribution of content items into the network by means for creating content rights is not prevented by including the content item fingerprint. If a malicious user obtains commercial content protected by an encryption method, i.e. encrypted, via the DRM system, the user creates a secret decryption key that creates a clear text copy of the commercial content Can be hacked into a compliant device that processes the content. Accordingly, the malicious user can create a new content right for the commercial content. To overcome this problem, the present invention links users (ie content providers) and content items.

  This is accomplished by including in the content ID certificate the identifier of the user / content provider who brought the content item into the network, for example a public key. The user / content provider who brought the content item into the network is sometimes referred to herein as a “content introducer”. When a user creates a content right for a particular content item, the compliant device employed verifies that the user's public key is present in the content ID certificate signed by the CA. If the user's public key is present in the content ID certificate, the user is deemed authorized to create content rights for the particular content item. Conversely, if the content ID certificate does not have the user's public key, the user is not authorized to create content rights for the particular content item. Accordingly, illegal introduction and distribution of content into the network is prevented.

  According to one embodiment of the invention, the compliant device decrypts the certificate with the authorized certificate authority's public key that the content ID certificate has been signed by an authorized certificate authority. Confirm by means. The public key corresponds to the private key of the authorized certificate authority used to sign the certificate.

  In another embodiment of the invention, a user who wishes to create a content right for a particular content item provides the user's public key to the compliant device. This is accomplished by inserting a smart card containing the requesting user's public key into the compliant device.

  According to another embodiment of the invention, a compliant device is designated as an authorized certificate authority in the network. This brings great flexibility to the network.

  According to yet another embodiment of the invention, the authorized certificate authority is a trusted third party. This enhances security within the network. According to yet another embodiment of the invention, the content identifier comprises a unique number that identifies the content item with which the content identifier is associated. For example, content ID = 4556 indicates content item A, content ID = 67 indicates content item B, and so forth.

  Still other features and advantages of the present invention will become apparent from a review of the appended claims and the following description. One skilled in the art will recognize that different features of the present invention can be combined to create embodiments other than those described below.

  A detailed description of preferred embodiments of the invention is provided below with reference to the accompanying drawings.

  FIG. 1 shows an authorization hierarchy 100 to which the present invention can be applied. The solid line shows the authorization step with the use of a public key certificate. These certificates are well known in the art and are therefore not shown in FIG. The dotted line indicates the issuance of certificates and / or rights.

  The system authority (SA) 101 is at the top of the hierarchy. All compliant devices can access the SA's public key. Typically, the SA public key is built in the hardware of each compliant device 102. Using this public key, the compliant device can confirm the certificate issued by SA 101. At the next level of the hierarchy, a certificate authority (CA) 103, a device authority (DA) 104, and a user ID authority (UIDA) 105 are arranged. The CA 103 authorizes the content provider 109 in the system. For example, EMI and Disney can configure content providers in the network, but as described above, compliant devices or users can also represent content providers. In fact, in a DRM system where commercial content items and personal content items are distributed, the user is authorized to create content rights (via a compliant device) for a particular personal content item, and thus in effect, Become a content provider in the user's own rights. As a result, in the DRM system to which the present invention applies, the term “content provider” includes both individual users and traditional content providers such as records and video companies and content distributors, so there are a large number of content providers. .

The CA 103 issues a content ID certificate 106 and provides the certificate to the content provider 109. The CA 103 may be a trusted third party, or alternatively may be a compliant device. This is primarily a matter of flexibility, which provides flexibility to the system if the compliant device is authorized to act as a CA. Conversely, a third party provider may not want to “distribute” the right to issue a content ID certificate to a compliant device for security reasons. The content ID certificate 106 is described in detail above.
(A) a unique content ID;
(B) a content fingerprint for a content item brought into the network;
(C) the public key of the user who brought the content item into the network;
(D) the CA signature;
Have

  Note that if the CA is a trusted third party, the content ID certificate is created at the content provider in the form of a compliant device, but can be signed at the CA.

  A content provider 109 in the network is allowed to issue a content right 111 for a content item if the content provider is provided with a valid content ID certificate 106. Each content right includes the content ID and a content key that allows access to the cryptographically protected content item with which the content is associated (compare with the content ID associated with the encrypted content item). So this association is validated using the content ID in the content right). The content right 111 also identifies a valid URA 112 for a particular content item in that it includes the public key of the user rights authority (URA) 112. Accordingly, the content provider 109 can delegate the issue of the user right 113 to another party, that is, the URA 112. This can support different usage models including content delivered by content providers, personal content (when a user / compliant device acts as a content provider) and content captured from other DRM systems. Make the system flexible. The content provider 109 that issues the content right 111 also signs it. In fact, the content provider itself is authorized to become a URA, thus issuing content rights 111 and user rights 113. In fact, content rights and user rights for a particular content item can be combined into one single right.

  The URA 112 issues a user right 113 for a specific content item. The user right indicates whether the user is allowed to use the content right to access the content item. The user right has a content ID that is a link between the user right, the content right, and the content item. As described above, these three components all have a content ID. The user right further includes a right expression indicating how a user designed using a user ID in the form of a public key included in the user right can use the content item. Have. Finally, the user right is signed by the URA.

  There are differences between the user rights 113 and the content rights 111 regarding the security aspects required when dealing with different types of rights. Since user rights do not contain secrets, they can be distributed freely and the signature prevents changes. The content right, on the other hand, includes an encryption key for accessing the content item. Thus, the content right can only be transferred to the compliant device. Furthermore, the transfer of content rights between devices requires a secure communication means that can be based on a secure authorized channel. As a result, content rights 111 require both confidentiality and integrity, whereas user rights 113 require only integrity.

  User and device management involves the personalization and authentication of users and devices, which in this case are in the system and the compliant device declared (for certain required properties as previously described). be introduced. Device Authority (DA) 104 is a trusted party that authorizes Device ID Authority (DIDA) 110 for multiple device manufacturers. Each device manufacturer (eg, Philips, Sony) uses a signed device ID certificate 107 to give the device a unique identification and associated public key, thus indicating each device manufacturer's own DIDA 110 indicating compliance. have.

  User ID authority (UIDA) 105 is responsible for issuing user ID devices (not shown in FIG. 1). This is typically performed during the manufacturing phase. The UIDA 105 typically issues a signed user ID certificate 108 that includes the user's name or other identifier along with the user ID device's public key, for example, a tamper resistant smart card or Associate a user ID device with a SIM card with a particular person. The private key corresponding to this public key is regarded as the user's private key. However, the user is not given personal access to this private key. This prevents a user from distributing the secret key to someone who can impersonate the user. Therefore, the user's private key is securely stored in the user ID device that prevents unauthorized tampering. The user ID device functions as a token that proves the existence of the user. The user ID device must be easy to handle, robust, provide secure computing, and difficult to clone.

  Each authority shown in FIG. 1 typically has one or more microprocessors or other devices with computing capabilities, such as application specific integrated circuits (ASICs), to create various certificates and rights. ), Field programmable gate array (FPGA), coupled programmable logic circuit (CPLD), and the like. In creating the certificate and rights, and in intercommunication between different authorities, the microprocessor is downloaded to the respective authority and is stored in a suitable storage area such as RAM, flash memory or hard disk. Execute. In order to allow mutual communication, the authority is arranged with an interface that allows communication.

  Before a certificate can be used, it must be validated. Certificate validation verifies at least the integrity of the certificate (using a signature) and the authenticity (using a chain of certificates that links the certificate to the authority's certificate up to the SA) Means that.

Referring to FIG. 2, if a user 201, hereinafter referred to as Alice, wants to access a content item, Alice
(A) a content ID certificate;
(B) content rights;
(C) user rights;
(D) a user ID certificate;
Need.

  It is assumed that device compliance has already been confirmed and for this reason the list does not have a device ID certificate. The content item is loaded into the compliant device 202 in encrypted form. The compliant device may be a CD player, for example, and the content item to be rendered on the device may be an audio CD. The compliant device 202 has a microprocessor 213 to create various certificates and rights and perform cryptographic operations and other computing operations described below. The microprocessor 213 executes appropriate software that is downloaded to the compliant device and stored in the RAM 14.

  The compliant device 202 confirms that the user ID certificate 204 is valid by confirming the signature using the built-in public key in the compliant device (step 203). Alice 201 must also authenticate Alice himself by proving that she knows the private key corresponding to the public key contained in the user ID certificate. As mentioned above, the user is not given personal access to the secret key to prevent the user from distributing the secret key and thus prevent impersonation. Accordingly, the user's private key is securely stored in a user ID device 205, eg, a tamper-proof smart card, which is inserted into the compliant device 202 (step 206) and read. Furthermore, the compliant device verifies the signature of the user right 208 to ensure that the user right is valid (step 207). To do this, the compliant device checks the user rights authority (URA) field in the content rights 209 and confirms that the specified URA has signed the user rights. The compliant device 202 allows Alice 201 to use user rights 208. This is done by comparing the user ID within the user right, ie the user public key, with the user ID in Alice's user ID certificate 204.

  The compliant device verifies that the content provider is authorized to sign the content right (step 210). Therefore, the device verifies the signature of the content right 209 using the public key included in the content ID certificate 211. To do this, the compliant device uses the built-in public key to first check the content ID certificate provided by the CA (see FIG. 1) by checking the content ID certificate signature. The certificate is confirmed (step 212). As described above, the content right 209 is created and named by an operator who brings a corresponding content item into the network. Therefore, the public key included in the content ID certificate 211 is the public key of the user (ie, content provider) who brought the content item into the network, and this public key signs the content right 209. Corresponds to the secret key adopted in

  Finally, the compliant device 202 can be used to access the encrypted content with the content right. For this purpose, the device calculates the fingerprint of the content item and compares this fingerprint with the fingerprint in the content ID certificate 211. If there is a match, Alice 201 is allowed to access the content item at the compliant device 202. If any of the above steps fail, Alice is not given access to the content.

  According to the present invention, the content ID certificate is brought into the network of compliant devices. The certificate signature by the authorized certificate authority (CA) prevents a malicious user from tampering with the content ID certificate. The fingerprint of the content item is included in the content ID certificate and prevents a content ID replacement attack. The problems associated with unauthorized introduction and distribution of content items into the network using (illegal) creation of content rights are overcome by including the content introducer's public key in the content ID certificate. When a user (or a third-party content provider) is trying to create a content right for a particular content item, the compliant device employed is that the user's public key is the content ID signed by the CA as described above Check if it exists in the certificate. If the user's public key is present in the content ID certificate, the user is deemed authorized to create content rights for the particular content item. Accordingly, illegal introduction and distribution of content into the network is prevented.

  Although the present invention has been described with reference to specific exemplary embodiments, many different changes and modifications will become apparent to those skilled in the art. For example, the content ID certificate can also have the public key of the compliant device, and the content item is brought in via the compliant device. This public key can be used to create content rights according to the type of license used in OMA DRM. The content ID certificate has information regarding the type of certificate in addition or alternatively. This can be specified in the rights field, eg rights = ownership. The described embodiments are therefore not intended to limit the scope of the invention as defined by the appended claims.

3 shows an authorization hierarchy to which the present invention can be applied. FIG. 6 illustrates an authentication procedure that is performed when a user desires access to a content item, according to an embodiment of the present invention. FIG.

Claims (17)

A method for preventing unauthorized delivery of content items in a network including compliant devices, wherein the method uses unique content identification data for each content item brought into the network;
Creating a content identifier certificate having at least the unique content identification data for a content item brought into the network and an identifier of a content introducer that brought the content item into the network;
Signing the content identifier certificate to ensure that the content introducer identified by the identifier has brought the content item into the network;
A method characterized by comprising:   Used to sign the certificate that the content identifier certificate is signed by an authorized certificate authority when a request is made to create a content right for the brought-in content item. The method of claim 1, further comprising the step of verifying using means for decrypting the certificate using a public key of the authorized certificate authority corresponding to the private key. Receiving a request from a content provider to create a content right for the brought-in content item;
Verifying that the requesting content provider identifier matches the identifier contained in the content identifier certificate;
The method of claim 2 further comprising:   5. The method of claim 4, further comprising creating a content right for the content item brought into the network after a successful confirmation of the identifier.   The method of claim 1, wherein the unique content identification data comprises a content identifier and a content fingerprint associated with the content item.   If a user wishes to use a content right to access a content item, the content fingerprint of the content identifier certificate matches the actual fingerprint of the content item to which access is requested. 6. The method of claim 5, further comprising the step of confirming.   The method of claim 1, wherein the content identifier is set to be a number that identifies the content item with which the content identifier is associated.   The method of claim 1, wherein the identifier of the content introducer comprises a public key of the content introducer. In a device for preventing unauthorized distribution of content items in a network including compliant devices,
Means for generating a content identifier certificate having at least the unique content identifier data for the content item brought into the network and the identifier of the content introducer that brought the content item into the network;
Means for signing the content identifier certificate;
A device characterized by comprising:   Signing the certificate that the content identifier certificate is signed by an authorized certificate authority when a content provider requests to create a content right for the brought-in content item in the device Creating means for verifying by means for decrypting the certificate using a public key of the authorized certificate authority corresponding to the private key used to perform the content right for the brought-in content item Means for receiving a request from a content provider for confirming that the requesting content provider matches the identifier contained in the content identifier certificate, and including an identifier of the requesting content provider; Smart car inserted into the device Further comprising a means for receiving said identifier of the content provider that the request by means for reading, according to claim 9. A method for preventing unauthorized delivery of content items in a network including compliant devices, wherein the method uses unique content identification data for each content item brought into the network;
Content that has at least the unique identification data for a content item brought into the network and an identifier of a content introducer that brought the content item into the network and is signed by an authorized certificate authority Receiving an identifier certificate;
Verifying the signed content identifier certificate when a content provider requests to create a content right for the brought-in content item;
A method characterized by comprising:   The method of claim 11, wherein the unique content identification data comprises a content identifier and a content fingerprint associated with the content item. In a device for preventing unauthorized distribution of content items in a network including compliant devices,
A content identifier certificate having at least unique identification data for a content item brought into the network and an identifier of a content introducer that brought the content item into the network and signed by an authorized certificate authority A means of receiving the letter,
Means for verifying the signed content identifier certificate when a content provider requests to create a content right for the brought-in content item;
A device characterized by comprising: In a system for preventing unauthorized distribution of content items in a network including compliant devices,
At least one compliant configured to create a content identifier certificate having at least unique identification data for a content item brought into the network and an identifier of a content introducer that brought the content item into the network Equipment,
An authorized certificate authority configured to sign the content identifier certificate;
The system characterized by having.   The system of claim 14, wherein the authorized certificate authority is included in at least one compliant device configured to create the content identifier certificate.   The system of claim 14, wherein the authorized certificate authority is a trusted third party included in at least one compliant device configured to create the content identifier certificate.   A computer program having a computer-executable component that, when executed on a processing unit included in an apparatus, causes the apparatus to perform the steps of claim 1.

Images