JP2008529340A - Registration stage - Google Patents

Abstract

  The present invention relates to a method, an apparatus, and an apparatus for preventing unauthorized introduction of a content item in a network including a compliant apparatus. The basic idea of the present invention is to provide CA 206 with a fingerprint of a content item to be introduced into the network where the CA is located. Further, the CA is provided with an identifier of the content introducer 201 who introduces specific content in the network. The CA compares the fingerprint with a predetermined group of fingerprints, and the introduction of a content item is allowed if the fingerprint is not found in the group of fingerprints. In introducing a content item, the CA generates a watermark identifier, a watermark key, and a signed content identifier certificate that includes at least the fingerprint and unique identifier for the content item and the identifier of the content introducer. . Thereafter, the watermark identifier is inserted into the content item using the watermark key.

Description

  The present invention relates to a method, apparatus and system for preventing unauthorized introduction of content items in a network including compliant devices.

  In prior art DRM systems, content rights are associated with content items such as audio files, movies, and electronic books. A content right typically includes rules (eg, playback, duplication, distribution, etc.) and the encryption key required to encrypt / decrypt such content items associated with the content right. Content rights should only be transferred to compliant devices and devices operated by users with appropriate user rights, i.e. the right to specify who can use the content rights. It should be noted that content rights and user rights can be combined into a single license, as known in the Open Mobile Alliance (OMA) DRM. A compliant device complies with a given standard and adheres to specific operating rules. These devices also communicate using specific protocols so that they respond to the questions and requests that are cast on them in the intended manner. Compliant devices are considered trustworthy, which means, for example, that the device does not illegally output content at the digital interface and that device ownership is not important. Device compliance management, ie, compliant device identification, device updateability, and device revocation can be performed using known techniques.

  Typically, content providers do not want to authenticate users to create their own content rights because of the risk of uncontrollable distribution of commercial content items. As a result, the content provider digitally signs the content right before the content is distributed. Furthermore, the compliant device must be forced to verify the content rights signature and reject content rights that are not properly signed by the content provider. Usually, the device is included in a network or domain.

  The above-mentioned countermeasure is suitable for a DRM system in which only the content provider distributes the content right. However, if the user wishes to introduce a personal content item such as a photo or home video, the user needs to involve the content provider to generate content rights for the personal content item. . This is not desirable because it should not be possible for the content provider to manage personal content. In a DRM system where personal content items are distributed as well as commercial content items, the compliant device can be authenticated to generate content rights for specific personal content items. This content right can be signed by a compliant device, and if not signed, any compliant device must reject the content right. This has the effect that personal content can only enter the network of devices via a compliant device. In an environment with stricter security requirements, content rights can be signed by a trusted third party authority, i.e. an organization trusted by the relevant communicating party.

  A problem to be solved in prior art DRM systems where personal content items are introduced as well as commercial content items is subject to attacks involving replacement of content item identifiers. The content item identifier uniquely identifies the corresponding content item in the system.

  In prior art DRM systems where personal content items are introduced as well as commercial content items, any user is authenticated to generate content rights for a particular personal content item, and the content item is It can be signed by the device or by the user himself, so that the user is effectively a content provider regarding the user's own rights. Any user may be able to obtain a commercial content item from a content provider and introduce it into the system. A malicious user may replace a specific personal content item in place of a commercial content item after generation of a content right associated with the specific personal content item. This can include hacking the compliant device to obtain a key to decrypt the commercial content item so that the commercial content item appears in the clear. A malicious user in this case needs to re-encrypt commercial content obtained in an unapproved manner using a content key that exists in the content right associated with the particular personal content. The re-encrypted commercial content item is then associated with the content identifier of the particular personal content item. A malicious user may use this commercial content item that contains the same rights as the user's own personal content item. As a highly undesirable result, if a large number of commercial content items are encrypted using a compromised content key, they can be introduced and distributed on the network.

  Therefore, to prevent this attack, a secure link between the content item and the corresponding content item identifier is required. This has been solved by using content fingerprints. This fingerprint is used to individually identify the content referenced by the fingerprint. The fingerprint of the content item is a representation of the information signal of interest, and this does not change even if the content item is delicately modified. Such fingerprints are often also known as “(robust) hashes”. The term robust hash refers to a hash function that is somewhat robust with respect to data processing and signal degradation, such as by compression / decompression, encoding, and AD / DA conversion. Robust hashes are often referred to as robust summaries, robust signatures, or perceptual hashes.

  A known method for generating a fingerprint is described in detail in International Patent Application No. 02/065782, belonging to the applicant of the present patent application. However, those skilled in the art will appreciate that there are many other ways to generate a fingerprint. The compliant device adds fingerprint information to the content right before signing the content right. If a content right is used, the compliant device must verify that the fingerprint information contained in the content right can also be found in the actual content item. If fingerprint information cannot be found in the actual content item, the content right must be rejected. In addition, digital watermarks associated with approved content providers are used to enhance security. The watermark is applied to a specific content item by an approved content provider, and the compliant device must ensure that no watermark exists in the content item for which the user wishes to generate content rights. The watermarked content originally originates from “official” (ie, approved) commercial content providers, and therefore the user is allowed to generate their own content rights for such content. Absent. If the content item is watermarked, the compliant device will only access the content if the content has the appropriate content rights signed by the official content provider (whose public key is known). . If no watermark is detected, the content is classified as “personal content” and the accompanying content rights can be signed by any compliant device.

  However, the remaining problem with the fingerprinting approach is that it does not prevent the user from unauthorized introduction and distribution of commercial content in the network. As can be appreciated from the above, in a DRM system where commercial and personal content items are introduced and distributed, any user can create a content item for any content item.

  In addition, the use of watermarks to identify commercial content items makes DRM systems vulnerable to watermark attacks. Since digital watermarks must be detected by a compliant device to identify commercial content items, the security of the system depends on the secret state of the watermark detection key. If this key is compromised, security is broken. Furthermore, by using watermarks, old content items that do not have a watermark applied are not recognized as commercial content by the system and can still be illegally delivered. Thus, there are problems with backward compatibility. Also, in prior art systems that use watermarks for identifying commercial content, the personal content items are not watermarked and, therefore, if they are obtained from outside the protected area of the DRM system in plain text. Is not traceable.

  It is an object of the present invention to provide a solution to prevent unauthorized distribution of commercial content that addresses the above-mentioned problems, particularly those related to security and backward compatibility.

  The object is to prevent introduction of unauthorized distribution of content items in a network including a compliant device according to claim 1, and to introduce unapproved distribution of content items in a network including a compliant device according to claim 9. And a system for preventing unauthorized introduction of content items in a network including a compliant device according to claim 13.

  According to a first aspect of the present invention, providing a fingerprint of a content item to be introduced into a network and an identifier of a content introducer that introduces the content item in the network; and Comparing to a group, wherein introduction of the content item is allowed if the fingerprint is not found in the group of fingerprints, a watermark identifier, a watermark key, and at least the content item Generating a signed content identifier certificate that includes a fingerprint and a unique identifier and the identifier of the content introducer. The method further includes inserting the watermark identifier into the content item using the watermark key.

  According to a second aspect of the present invention, means for receiving a fingerprint of a content item to be introduced into a network, an identifier of a content introducer that introduces the content in the network, and the fingerprint as a predetermined fingerprint Means for comparing with a group, wherein introduction of the content item is allowed if the fingerprint is not found in the group of fingerprints, a watermark identifier, a watermark key, and at least the fingerprint for the content item And a means for generating a signed content identifier certificate including the unique identifier and the identifier of the content introducer.

  According to a third aspect of the present invention, a system for preventing unauthorized introduction of content items in a network including a compliant device, comprising at least one compliant device and a certificate authority. Means for determining a fingerprint of a content item to be introduced into the network and an identifier of a content introducer who introduces the content item in the network; and And a means configured to transmit to the system. Means for comparing the fingerprint with a predetermined group of fingerprints, wherein the introduction of the content item is permitted if the fingerprint cannot be found in the group of fingerprints; a watermark; Means for generating an identifier, a watermark key, and at least the fingerprint and unique identifier for the content item and the signed content identifier certificate including the identifier of the content introducer; and further comprising the watermark identifier, the watermark Means for distributing a key and the signed content identifier certificate to the compliant device. Furthermore, the compliant device includes means for inserting the watermark identifier into the content item using the watermark key.

  The basic idea of the present invention is to provide an approved certificate authority (CA) with a fingerprint of a content item that is to be deployed on the network where the CA is located or on behalf of. Further, the CA is provided with an identifier of a content introducer who introduces a specific content item in the network. Content introducers can include users or individuals, but in a more conventional sense can also include content providers such as, for example, Warner Brothers. The CA compares the fingerprint with a given group of fingerprints and the introduction of a content item in the network is allowed if the fingerprint of the content item cannot be found in the fingerprints contained in that group.

  If the content item can be introduced into the network, the CA has a watermarked identifier, a watermark key, and a signed content identifier certificate that includes at least the fingerprint and unique identifier for the content item and the identifier of the content introducer, Is generated. In this case, the watermark identifier is inserted into the content item using the watermark key.

  In prior art DRM systems where commercial content items and personal content items are introduced and distributed, any user is authorized to generate content rights for a particular personal content item, thereby substantially substituting the user's own rights. Become a content provider. Since the compliant device does not have access to information about the owner of the content item, any user can generate content rights for any content item. In accordance with the present invention, a signed content identifier (ID) certificate that includes a unique content identifier and fingerprint for a particular content item associated with the content identifier is introduced into a network of compliant devices. Note that the CA is a trusted third party, or alternatively, a trusted compliant device whose certificate authority signs the certificate is distributed by the third party. Furthermore, even if both the fingerprint of the content item and the unique content identifier for the content item are unique, the fingerprint is actually calculated from the content item, and the unique content identifier is usually selected by the CA and assigned to the content item. Should be understood. The unique content identifier is linked to the fingerprint by a content ID certificate that makes this unique content identifier a valid content identifier. The unique content identifier may be, for example, a number or character string representing a title and / or artist associated with a particular content item.

  The signature of the content ID certificate is issued to prevent a malicious user from falsifying the content ID certificate. If the user wishes to use a content right to access the corresponding content item, the compliant device on which the content item is to be rendered verifies the validity of the signature of the content ID certificate, and the fingerprint of the content item Compare with the fingerprint included in the signature of the ID certificate. In the prior art, content rights can be used to access a content item when a match exists. As described above, content ID replacement attacks can be prevented by creating a secure link between a content item and a unique content item identifier. However, this does not prevent unauthorized introduction and distribution of content items in the network. If a malicious user obtains cryptographically protected, ie encrypted, commercial content via a DRM system, the malicious user has a secret to generate a plaintext copy of the commercial content. To obtain a decryption key, a compliant device that handles content can be hacked. Thus, a malicious user can generate new content rights for commercial content. In order to solve this problem, the present invention associates a user (ie, a content provider) and a content item.

  This is accomplished by including in the content ID certificate the identifier of the user / content provider who introduced the content item to the network, eg a public key, but other identifiers are possible. Users / content providers who have introduced content items to the network are often also referred to in this document as “content introducers”. If the user is to generate content rights for a particular content item, the compliant device used may verify that the user's identifier is present in the content ID certificate signed by the CA. If the user's identifier is present in the content ID certificate, the user is deemed authorized to generate content rights for a particular content item. This is due to the fact that if the user's identifier is included in the signed certificate, it must have been this particular user that introduced the content item in the network, and this installation has been approved by the CA. It is a result. In contrast, if the content ID certificate does not include a user identifier, the user is not authorized to generate content rights for a particular content item. Therefore, unauthorized introduction and distribution of content in the network is prevented.

  Furthermore, in the prior art DRM system described above, all commercial content items are watermarked. Any compliant device can verify that the personal content to be introduced is not watermarked. If the user makes an unauthorized attempt to install watermarked content, the compliant device will not allow such content to be introduced. However, commercial content watermarks create security and backward compatibility issues. According to the present invention, each personal content item introduced into the network must be registered in the registration phase. In the registration phase described above, the fingerprint for the content item to be introduced is provided to the CA to identify the content item as a possible commercial content item. Therefore, in the present invention, the watermark is not used for identification.

  The watermark identifier used in the present invention enables tracking of the content introducer, ie, the user / content provider who originally introduced the content item, when a personal content item is misused. Furthermore, if a malicious user tampers with the fingerprint of a content item and introduces a commercial content item as a personal content item, the watermark exploits the identification of unauthorized distributors (ie, malicious users).

  In an embodiment of the present invention, the content introducer communicates directly with the CA and provides the fingerprint of the content item to be introduced into the network and the identifier of the content introducer from the content item, similar to the fingerprint of the content item. Determining the identifier of the content introducer at the CA.

  In another embodiment of the present invention, the content introducer communicates with the CA via his compliant device to provide the fingerprint of the content item to be introduced into the network and the identifier of the content introducer. Implemented in steps. First, a compliant device from which the content introducer introduces the content item to the network determines the identifier of the content introducer as well as the fingerprint of the content item. The identifier is typically provided to the compliant device by inserting a smart card into the device, which includes the content introducer's identifier, eg, a public key. Alternatively, the compliant device is configured to have a keypad that the content introducer uses to enter his identifier in the form of a personal code or string. In this case, the fingerprint of the content item and the identifier of the content introducer are sent to the CA for further processing.

  When a content introducer works with a CA via a compliant device, the CA needs to deliver the watermark identifier, watermark key, and signed content identifier certificate to the compliant device, and the content introducer Via the device, the content item is introduced after the generation of these data, so that the compliant device can insert a watermark identifier into the content item.

  According to yet another embodiment of the invention, the CA stores a data post that includes a watermark identifier, a content introducer identifier, and a content item fingerprint. If content identifier tracking is also desired, a unique content identifier may be included in the data post.

  As described above, the watermark identifier can track the content introducer, ie the user / content provider who originally introduced the content item, if a personal content item is misused.

  From the CA perspective, the watermark identifier is a pointer to a data post for each introduced content item in the database. The watermark identifier can be obtained from a database stored on an appropriate storage medium at the CA by using the fingerprint of the content item. The content introducer can then be found in the database. Furthermore, as described above, when a malicious user falsifies a fingerprint of a content item (or when the fingerprint cannot be found in the database, that is, the CA has not approved the introduction of the content item). And if a commercial content item is introduced as a personal content item, the watermark exploits the identification of unauthorized distributors (ie malicious users). In addition, the CA may use the stored fingerprint of the personal content item to prevent it from being illegally reintroduced in the network. By limiting the amount of data that can be processed by the CA, the CA may allow fingerprint identification for commercial content items only, thereby allowing options for identification of personal content items (ie, additional protection for personal content items). To. Desirably, the user may need to pay additional security costs for such functionality.

  Further features and advantages of the invention will be apparent upon reading the appended claims and the following description. Those skilled in the art can combine different features of the present invention to produce embodiments other than those described below.

  A detailed description of a preferred embodiment of the present invention is given below with reference to the accompanying drawings.

  FIG. 1 shows an authentication hierarchy 100 embodying the present invention. The continuous line indicates the approval step involving the use of public key certificates. These certificates are well known in the art and are therefore not shown in FIG. Dotted lines indicate certificate and / or rights issue steps.

  The system station (SA) 101 is at the top of the hierarchy. All compliant devices have access to the SA's public key. Usually, the SA public key is built into the hardware of each compliant device 102. Using this public key, the compliant device can verify any certificate issued by SA (101). At the next level of the hierarchy, a certificate authority (CA) 103, a device station (DA) 104, and a user ID authority (UIDA) 105 are configured. The CA (103) approves the content provider 109 in the system. For example, EMI and Disney may constitute content providers in the network, but as described above, compliant devices or users may also represent content providers. In fact, in a DRM system where commercial content items and personal content items are delivered, any user is authenticated to generate a content right (via a compliant device) for a particular personal content item, thereby allowing the user to Effectively become a content provider regarding the user's own rights. As a result, there are a large number of content providers in the DRM system to which the present invention is applied. This is because the term “content provider” in this context includes both traditional content providers such as records and movie companies and content distributors and individual users.

The CA (103) issues a content ID certificate 106 and provides these to the content provider 109. The CA (103) may be a trusted third party or alternatively may be a compliant device. This is primarily a matter of flexibility and provides flexibility to the system when a compliant device is certified to operate as a CA. In contrast, third party providers may not want to “distribute” the right to issue content ID certificates to compliant devices for security reasons. The content ID certificate 106 has been described in detail above,
(A) a unique content ID, (b) a fingerprint associated with a content item introduced into the network, and (c) an identifier of a user who has introduced the content item in the network, eg, a public key, and (d) a CA signature. ,
including.

  Note that if the CA is a trusted third party, the content ID certificate is generated at the content provider in the form of a compliant device, but can be signed at the CA.

  The content provider 109 in the network is authorized to issue a content right 111 for the content item if the content provider has a valid content ID certificate 106. Each content right includes a content key and a content ID that allow access to the cryptographically protected content item, and the cryptographically protected content item and the content right are associated with each other. (Because the association is compared with the content ID attached to the encrypted content item, the association is validated by using the content ID in the content right). The content right 111 also identifies a valid user rights authority (URA) 112 for a particular content item, which relates to the content right 111 including the URA 112 public key. Accordingly, the content provider 109 can delegate the issuance of the user right 113 to another organization, that is, the URA 112. This makes the system flexible, since this mechanism can be used for content distributed by content providers, personal content (when a user / compliant device operates as a content provider), and another DRM. This is because various usage models including content imported from the system can be supported. The content provider 109 that issues the content right 111 also signs the content right 111. In practice, the content provider itself is authorized to be a URA and therefore issues a content right 111 and a user right 113. In fact, content rights and user rights for a particular content item can be combined into a single right.

  The URA 112 issues user rights 113 for specific content items. The user right indicates whether the user is allowed to use the right to access the content item. The user right includes a user ID, a content right, and a content ID that is a connection between content items. As described above, all three of these components include a content ID. The user right further includes a right expression indicating how the user can use the content item, and the user is specified using the user ID in the form of a public key included in the user right. Finally, user rights are signed by URA.

  There is a distinction between the user rights 113 and the content rights 111 regarding the security aspects involved in the steps dealing with different types of rights. User rights do not contain any secrets and can be distributed freely, and signatures prevent modification. On the other hand, the content right includes a cryptographic key for accessing the content item. Thus, content rights can only be transferred to compliant devices. Furthermore, transfer of content rights between devices may require communication means that may be based on a secure approved channel. As a result, content rights 111 require both confidentiality and integrity, while user rights 113 require only integrity.

  User and device management includes user and device personalization and certification, which are then introduced into the system and declared compliant (with respect to certain required characteristics, as described above). The Device Authority (DA) 104 is a trusted organization that approves Device ID Authority (DIDA) 110 for several device manufacturers. Each device manufacturer (eg, Philips or Sony) has its own DIDA 110 that provides the device with an associated public key and unique identity by using a signed device ID certificate 107; This indicates compliance.

  The user ID station (UIDA) 105 is responsible for issuing a user ID device (not shown in FIG. 1). This is usually done in the manufacturing stage. UIDA 105 identifies a user ID device that typically includes a tamper resistant smart card or SIM card by issuing a signed user ID certificate that includes the user's name or any other identifier along with the public key of the user ID device. Associate with individual. The private key corresponding to this public key is considered to be the user's private key. However, the user is not given personal access to this private key. This prevents the user from distributing the secret key to someone who can impersonate the user. Thus, the user's private key is securely stored in the tamper resistant user's ID device. The user ID device acts as a token that proves the presence of the user. User ID devices should be easy to handle, robust, provide secure calculations and difficult to replicate.

  Each authority shown in FIG. 1 can generate various certificates and rights, eg, application specific integrated circuits (ASICs), field programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs). Typically) one or more microprocessors or certain other devices with computing power. In generating certificates and rights, as well as intercommunication between various stations, the microprocessor can be downloaded to the corresponding station and stored in a suitable storage area such as RAM, flash memory or hard disk, for example. . In order to allow intercommunication, the stations are configured with an interface that allows communication.

  Before a certificate can be used, it needs to be validated. Certificate validation is confirmed at least by integrity (using signatures) and certificate authenticity (up to SA, using a certificate chain that binds a certificate to an approved certificate). Suggest that.

  Referring to FIG. 2, which shows an embodiment of the present invention, when a new content item is to be registered in the network, the content introducer 201 as a user in this case presents the content item to the compliant device 203 (step 202). ). The compliant device determines the fingerprint of the content item. Further, for example, using the smart card 204, the content introducer provides an identifier to the compliant device. The compliant device 203 transfers the fingerprint of the content item and the content introducer's identifier to the trusted certificate authority (CA) 206 (step 205). The unique content identifier is usually selected by the CA and includes a character string defining an artist and a title, or a reference number. Compliant device 203 and CA 206 include microprocessors 217 and 218, respectively, for performing cryptographic operations and other computational operations. Microprocessors 217 and 218 execute appropriate software that can be downloaded to compliant devices 203 and CA 206 and stored in corresponding RAMs 219 and 220. The CA includes a database stored in a storage medium 207 such as a RAM or a hard disk. The CA searches for fingerprints of content items to be introduced in a database of existing commercial content or registered personal content fingerprints (step 208). The introduction of a content item in the network is permitted if the fingerprint of the content item cannot be found in any of the fingerprints stored in the storage medium 207.

  When a content item is introduced into the network, the CA 206 generates a watermark identifier, a watermark key, and a signed content ID certificate that includes the content item's fingerprint and unique content identifier and content introducer identifier. These data are transmitted to the compliant device 203 (step 209). The compliant device then inserts a watermark identifier into the content item using the watermark key. Alternatively, the watermarking step is performed by CA 206. After adding a watermark to the content item, the compliant device 203 may generate other suitable DRM certificates, such as content right 212 and user right 213 (step 211), and the content item is ready for sharing. become. The compliant device also uses the received content ID certificate 214 and user ID certificate 215 (as described in connection with FIG. 1). The CA stores a data post containing a watermark identifier, a content introducer identifier, and a content item fingerprint (and possibly a unique content identifier) (step 210). Note that storage media 207 and 216 can be combined into a single storage medium and further incorporated into CA 206.

Referring to FIG. 3, if a user 301, referred to below as Alice, wants to access a content item, she needs the following:
(A) Content ID certificate (b) Content right (c) User right (d) User ID certificate

  It is assumed that device compliance has already been confirmed, and for that reason the above list does not include a device ID certificate. Content items are loaded into the compliant device 302 in encrypted form. The compliant device may be a CD player, for example, and the content item to be played on the device may be an audio CD. The compliant device 302 includes a microprocessor 313 to generate various certificates and rights and to perform cryptographic operations and other computational operations described below. Microprocessor 313 executes appropriate software that can be downloaded to a compliant device and stored in RAM 314.

  The compliant device 302 confirms that the user ID certificate 304 is valid by confirming the signature using the built-in public key in the compliant device (step 303). Alice 301 also needs to approve herself by proving that she knows the private key corresponding to the public key contained in the user ID certificate. As mentioned above, the user is not given personal access to this secret key to prevent the user from distributing the secret key and to prevent impersonation. Thus, the user's private key is inserted into the compliant device 302 (step 306) and securely stored in the user ID device 305, such as a tamper resistant smart card, read by the compliant device 302. In addition, the compliant device verifies the signature of the user right 308 to ensure that the user right is valid (step 307). To do this, the compliant device checks the user rights authority (URA) in the content right 309 and verifies that the particular URA specifies the user right. Compliant device 302 verifies that Alice 301 can use user rights 308. This is done by comparing the user ID in the user right, ie the user public key, with the user ID in Alice's user ID certificate 304.

  The compliant device verifies whether the content provider has been authorized to sign the content right (step 310). Accordingly, the apparatus confirms the signature of the content right 309 using the public key included in the content ID certificate 311. To do this, the compliant device first verifies the content ID certificate by confirming the signature of the content ID certificate provided by the CA (see FIG. 1) using the built-in public key (step 312). )Must. As described above, the content right 309 is generated and signed by the person who introduced the content item corresponding to the network. Therefore, the public key included in the content ID certificate 311 is the public key of the user who introduced the content item to the network (that is, the content provider), and this public key was used to sign the content right 309. Corresponds to the private key.

  Ultimately, the compliant device 302 needs to verify whether the content right can be used to access the encrypted content. To accomplish this, the device calculates the fingerprint of the content item and compares it with the fingerprint in the content ID certificate 311. If there is a match, Alice 301 is allowed to access the content item in the compliant device 302. If any of the above steps fail, Alice is not given access to the content.

  According to the present invention, the content ID certificate is introduced into the network of compliant devices. Certificate signing by an approved certificate authority (CA) prevents malicious users from tampering with the content ID certificate. The content item fingerprint is included in the content ID certificate to prevent content ID replacement attacks. The problem of unauthorized installation and distribution of content items in the network by using (unauthorized) generation of content rights is overcome by including the content introducer's public key in the content ID certificate. When a user (or a third-party content provider) tries to generate a content right for a particular content item, the compliant device used is the content ID certificate signed by the CA as described above. Make sure the user's public key exists. If the user's public key is present in the content ID certificate, the user is considered authorized to generate a content right for the specific content item. Therefore, unauthorized introduction and distribution of content in the network is prevented. Furthermore, the watermark identifier introduced at the registration stage as described above according to the present invention allows tracking of the content introducer, ie the user / content provider who originally introduced the content item, if the personal content item is misused. . Furthermore, when a malicious user falsifies a fingerprint of a content item and introduces a commercial content item as a personal content item, the watermark uses the ID of an unapproved distributor (ie, malicious user). Further, if a malicious user falsifies a fingerprint of a content item and introduces a commercial content item as a personal content item, the watermark utilizes a malicious and unapproved user certificate.

    Although the present invention has been described with reference to particular embodiments, many variations and modifications will be apparent to those skilled in the art. For example, the content ID certificate may also include the public key of the compliant device through which the content item is introduced. This public key can be used to generate content rights according to the format of the license used in OMA DRM. The content ID certificate may additionally or alternatively include information regarding the type of certificate. This can be specified in the rights field, eg right = ownership. Accordingly, the described embodiments are not intended to limit the scope of the invention as defined by the appended claims.

FIG. 1 shows an approval hierarchy to which the present invention is applied. FIG. 2 shows a registration procedure used for content items to be introduced into the network according to an embodiment of the present invention. FIG. 3 illustrates an authentication procedure that is performed when a user desires access to content according to an embodiment of the present invention.

Claims (14)

A method for preventing unauthorized introduction of content items in a network including compliant devices,
Providing a fingerprint of a content item to be introduced into the network and an identifier of a content introducer who introduces the content item in the network;
-Comparing the fingerprint with a predetermined group of fingerprints, the introduction of the content item being allowed if the fingerprint is not found in the group of fingerprints;
Generating a watermark identifier, a watermark key, and a signed content identifier certificate including at least the fingerprint and unique identifier for the content item and the identifier of the content introducer;
Using the watermark key to insert the watermark identifier into the content item;
Including a method.   The method of claim 1, wherein providing a fingerprint comprises determining the identifier of the content introducer and the fingerprint of the content item to be introduced to the network.   The method of claim 1, wherein providing a fingerprint includes receiving the identifier of the content introducer and the fingerprint of the content item to be introduced to the network.   4. The method of claim 3, wherein the identifier of the content introducer and the received fingerprint of the content item are determined at a compliant device through which the content introducer introduces the content in the network.   4. The method of claim 3, further comprising: distributing the watermark identifier, the watermark key, and the signed content identifier certificate to the compliant device through which the content introducer introduces the content. Method.   The method of claim 1, further comprising storing a data post that includes the watermark identifier, the identifier of the content introducer, and the fingerprint of the content item.   The method of claim 6, wherein the data post further includes a unique content identifier for the content item.   The method of claim 1, wherein the identifier of the content introducer includes a public key of the content introducer. A device that prevents unauthorized introduction of content items in a network that includes compliant devices,
Means for receiving a fingerprint of a content item to be introduced into the network and an identifier of a content introducer who introduces the content in the network;
Means for comparing the fingerprint with a predetermined group of fingerprints, wherein the introduction of the content item is permitted if the fingerprint is not found in the group of fingerprints;
Means for generating a watermark identifier, a watermark key, and a signed content identifier certificate including at least the fingerprint and unique identifier for the content item and the identifier of the content introducer;
Including the device.   The apparatus of claim 9, further comprising means for inserting the watermark identifier into the content item using the watermark key.   10. The means of claim 9, further comprising means for receiving the identifier of the content introducer by reading a smart card inserted into the device, wherein the smart card comprises the identifier of the content introducer. apparatus.   The apparatus of claim 9, further comprising means for selecting a unique content identifier for the content item to be networked. A system that prevents unauthorized introduction of content items in a network that includes compliant devices,
-At least one compliant device;
-A certificate authority;
Including
The compliant device is
Means for determining a fingerprint of a content item to be introduced into the network and an identifier of a content introducer who introduces the content item in the network;
Means for transmitting the fingerprint and the identifier to the certificate authority;
The certificate authority is configured to include:
Means for comparing the fingerprint with a predetermined group of fingerprints, wherein the introduction of the content item is permitted if the fingerprint cannot be found in the group of fingerprints;
Means for generating a watermark identifier, a watermark key, and a signed content identifier certificate including at least the fingerprint and unique identifier for the content item and the identifier of the content introducer;
Means for distributing the watermark identifier, the watermark key, and the signed content identifier certificate to the compliant device;
The compliant device is configured to include:
-Means for inserting the watermark identifier into the content item using the watermark key;
Further comprising a system.   9. A method according to any one of claims 1 to 8, wherein the method is a computer executable component for a device when the computer executable component is executed in a processing unit included in the device. A computer program including a computer-executable component that executes a step.

Images