KR20070020466A - License management in a privacy preserving information distribution system - Google Patents

Abstract

In an information distribution system, while providing privacy protection for a user, a method and system are provided for transferring a license from a first user to one user or several other users. The level of privacy is enhanced by the licensing format and the use of the master license, anonymity license, and the inclusion of a revocation list in the certificate corresponding to the license.

License, Information, Privacy, Privacy, Distribution

Description

LICENSE MANAGEMENT IN A PRIVACY PRESERVING INFORMATION DISTRIBUTION SYSTEM}

The present invention relates to an information distribution system that allows a user to request digital information, and more particularly, to an information distribution system that protects user information.

Currently, an individual is required to identify his identity when engaged in a wide range of activities. Generally, when an individual uses a credit card, makes a phone call, pays taxes, subscribes to a magazine, or purchases something over the Internet using a credit or debit card, an identifiable record of each transaction is generated and a computer database Is written somewhere. In order to acquire or purchase a service using anything other than cash, the institution requires an individual to verify himself.

Consumer polls repeatedly show that an individual values his privacy and is concerned about the fact that personal information is typically stored in computer databases out of control. Protecting an individual's identity is compatible with the option to maintain anonymity, the core of privacy. Advances in information and communication technologies have facilitated the data agency's ability to store huge amounts of personal information, but it is increasingly threatening the privacy of individuals from which information has been collected. In an increasingly privacy world, the leakage of personal information and the possibility of user tracking can lead to a number of privacy concerns on the user side, and ultimately, increased hatred toward new technologies that are likely to violate privacy on the part of these users. .

This is in sharp contrast to the interests of service providers or information distributors who want to know more about the user in order to enable possible direct marketing campaigns, protect them against fraud, and the like. This is because, as a preventive measure, the service provider or information distributor must exclude a user who abuses the system from the future system.

In many information distribution systems, it is relatively easy to learn the habits of different users, for example by eavesdropping on communication within the system. This information may later be abused for spam. Today, this problem is partially solved, for example, by forcing users to pay special attention to how to store, for example, secret codes used in the system, or by protecting valuable information with a high degree of security. . US 2003/0200468 describes a method of protecting a customer's identity with an online transaction by storing the user's identity on a trusted website.

However, the above mentioned system using a secure website is susceptible to attack. Anyone who successfully attacks a trusted website has knowledge of which key corresponds to which user identity. Therefore, an attacker can use this information to map the habits of any user in a less protected information distribution system.

A user of a privacy protection information distribution system may want to distribute a license that he owns, which describes a right relating to certain requested information. In this embodiment, the term "distribution" relates to two kinds of behavior. The first of these is to license or sell to another user, which means that the original owner can no longer own this license and has instead been transferred to another user. The second is sharing rights with one or several other users, all of whom belong to a given group or domain. If a user shares his rights with another user, both users each have one licensor and therefore freely use it. The rights associated with each licensor need not necessarily be identical. For example, the rights related to the transferred rights may be more restrictive than the original rights.

A problem associated with distributing rights within a system is to provide a system in which the privacy of the user is protected, although the license may be distributed from one user to one or several other users.

It is an object of the present invention to distribute or at least alleviate the problems associated with distributing rights or licensors from at least one user to at least another user in an information distribution system, while also providing privacy to the user.

This object is achieved by the method and the system according to the attached claims 1 and 15. Preferred embodiments are defined in the dependent claims.

As used herein, the term "actual identity of a user" refers to data that may be associated with a physical user (such as a telephone number, address, social security or insurance number, bank account, credit card number, organization number, etc.) or the user's physical identity. It is referred to as an identity. Moreover, "anonymous" or additional identity as used herein is any data that is sufficiently anonymous to prevent linking to the individual's actual identity. There is no link between the user's real identity and the information requested by the user, and there is no clear way to reconstruct what information the real user has requested because there is no database for storing information that enables reconfiguration, for example. do.

Therefore, according to a first aspect, the present invention relates to a method for managing a licensor and a certificate, which belongs to at least one user and keeps the identity of the user confidential in an information distribution system. In the system, each user is represented by at least one user identity device, the user identity device comprising at least a first persistent anonymity. The method,

At the license management device, receiving data representing the requested information and corresponding rights;

At the license management device, generating a first license for the requested information;

At a first user identity device, receiving the first license;

At the license management device, receiving a persistent anonymous set comprising at least one persistent anonymous, a second license based on the first license and a request to assign the second license to a set of user identity devices, The set of user identity devices comprises at least one user identity device, each user identity device receiving a persistent anonymous set, coupled to each persistent anonymous included in the persistent anonymous set;

At the license management device, forming a set of licenses for the requested information, the set comprising a third license for each user identity device of the set of user identity devices, each license being the respective license; Forming a set of licenses for the requested information, comprising identity data available for a third license;

Receiving, at the identity management device, a request for a certificate and a second persistent anonymous, corresponding to the second persistent anonymous and embedded in the persistent anonymous set from a second user identity device embedded in the user identity device; ;

At the identity management device, receiving a certificate;

At the second user identity device, receiving the certificate from the identity management device;

Distributing said generated several licenses in said set of licenses to corresponding user identity devices included in said set of user identity devices; And

Verifying the certificate included in the set of licenses and the access in the requested information.

According to a second aspect of the present invention, the present invention relates to an information system for distributing information while maintaining confidentiality of a user's identity, the system comprising:

A first user identity device comprising persistent anonymity;

A set of user identity devices comprising at least one user identity device;

A license management device, wherein the license management device comprises:

 Receive data representing the requested information and corresponding rights from the first user identity device, generate a first license, transmit the first license to the first user identity device, and include at least one persistent anonymous A set of licenses for receiving a persistent anonymous set and a second license based on the first license, the third license for each user identity device associated with each persistent anonymous included in the second set of persistent anonymous A license management device arranged to generate and distribute each of the licenses included in the set of licenses to a corresponding user identity device;

An identity management device arranged to receive persistent anonymity, generate a certificate, and send the certificate to the user identity device included in the set of user devices.

One advantage of the aspects described above is that a license can be distributed from one user to one or other lifetime users without revealing any de facto identification of the user to the system. Thus, since the user's actual identity is not combined with an identifier in the system, the user's privacy is maintained. As a result, monitoring of user behavior in the information distribution system is prevented.

In the following, many advantages related to other embodiments of the present invention are listed. Common to all of them is that the described method keeps the user identity secret in the system.

When distributing a license to a domain, a master license is used, and the method defined in claim 2, in which case (except for one responsible for generating domains and similar types), a domain identifier can be associated with a domain member (or domain identifier). In the absence, it advantageously provides privacy for the domain structure. In addition, the introduction of the second license management device or domain administrator is prevented from knowing when the consumption of the right to be counted by the content provider occurs, what identifiers are involved, what content and which device is used, Privacy of countable rights provides improved management. By introducing several domain managers, for example one per domain, no device can have complete information on what information is used by which device. Moreover, this method is advantageous when managing the right to count while protecting the privacy of the user. In this way, behavioral privacy towards the first license management device is achieved. That is, the first license management device cannot know the time, requested information, user identity device, and persistent anonymity for each user's action related to the change of the countable right.

The method as defined in claim 3 advantageously provides a security license structure.

The method as defined in claim 4 advantageously provides a higher level of security. This is because both the user identity device license and the master license need to be verified before access to the requested content is provided. In this verification process, in order to determine that the rights contained in the master license are less restrictive than the rights contained in the user identity device license, the rights contained in the user identity device license are compared with the rights contained in the master license. Can be.

The method as defined in claim 5 advantageously facilitates verification of the validity of the license by providing an indication of which license is valid in the corresponding certificate. It will be appreciated that the function "pointing to which license is valid" can be performed both in a positive and a negative way. One example of the latter is to use a revocation list, or black list, which contains all licenses that are no longer valid. An example of the former is to use a white list containing all valid licenses.

The method as defined in claim 6 advantageously facilitates the revocation of an old license, for example if the license is transferred to another user or invalidated for other reasons, such as harmful behavior.

The method defined in FIGS. 5 and 6 has the advantage of providing a security method of revoking a license whose validity has been suspended. The method ensures that the old license and the new license cannot be used at the same time. It also prevents the device providing the information from being aware of the connection between the old and new users of the license.

The method as defined in claim 7 provides an advantageous method of identifying a license. Normally, each set of information is encoded with a different key, which key can be included in the license and used to decrypt the content. Since each license contains a different key, the key can be used to identify the license. Moreover, such license identity data facilitates the management of consumed, shared or transferred rights.

The method as defined in claim 8 is an advantageous way of providing integrity. According to this method, each license identity data in the list of licenses pointing to a valid license contained in the certificate is encoded as a constant by a hash function. This allows the verifier of the certificate and license to determine if the license is valid by comparing the license identity data with a list of encoded license identity data, but all other entities do not know any of the license identity data.

The method as defined in claim 9 provides an advantageous license format. This license format provides security to information providers without revealing the user's identity to the system.

The method defined in claim 10 is advantageous. This is because it facilitates one way of determining that a given license is valid (will not be revoked).

The method as defined in claim 11 is advantageous because no user needs to manage any other user key.

The method as defined in claim 12 is advantageous by preventing the system from recognizing the relationship between the first and second persistent anonymity. This knowledge may be abused for example for spam, so the user will not want it.

The method as defined in claim 14 is advantageous because it facilitates a method of providing more limited rights for the transmitted license compared to the original license. Thus, this method can be used to distinguish rights between components within a domain.

Some of the advantages obtained by the embodiment of the method have been described above. Similar advantages can also be achieved by corresponding embodiments of the information distribution system as defined in the dependent claims relating to the system.

The above and other aspects of the invention will be apparent from and elucidated with reference to the embodiments described hereinafter.

1 schematically depicts a first embodiment of the invention in which a license is distributed from a first user identity device to at least a second user identity device.

Figure 2 shows schematically a second embodiment of the invention in which the transmitted license has been revoked.

3 schematically illustrates a third embodiment of the invention in which anonymity license is used when a license is transferred from a first user to a second user;

4 schematically illustrates a fourth embodiment of the present invention in which an anonymous license is used to transfer rights from a first user to a second user without a prior license.

5 schematically illustrates a third embodiment of the present invention in which one license is distributed from one user identity device to a set of user identity devices.

1 schematically shows a first embodiment of the present invention. For example, a user who wishes to access information belonging to a content provider or license management device (LMD) 120, such as a database, connected to the Internet, may use the user identity device or By using the smart card (SC) 110, it can be accessed. If the user wishes to purchase a right to access some internet, the user connects to the content provider or license management device 120 via an anonymous channel requesting the right 113 and the desired content 112. After the anonymity payment method is executed, the user transfers his public key (PK1) 111 to the license management device 110 (1), after which the license right device has rights and / or licenses 121 for its content. ) In another embodiment, the content provider and license management device may be one common unit or two separate units. If there are two separate units, the content provider sends the requested content to the user, and the license management device generates a license for that content. If it is one common unit, the license management device provides both the requested content and the license to the user.

The content is encrypted by the content provider with a symmetric key (SYM) and sent to the user with the license 121. Preferably, the format of the license is represented by {PK1 [SYM // Rights // contentID]} _signCP , where PK1 encrypts the mixed value [SYM // Rights // contentID]. In the present invention, Rights describes rights acquired by a user. For example, the right is whether the user is authorized to listen to the entire song or only the introduction, or the number of times the authorized song is to be listened to. Moreover, contentID identifies the content associated with the right, and signCP becomes the signature of the content provider on license 121. An alternative format for providing additional security is {PK1 [SYM // Rights // contentID], H (SYM // Rights // contentID)} _signCP , where the full value under encryption must be _checked individually by the accessing device. Can be. Note that the accessing device cannot check the complete value under encryption with PK ₁ , because PK ₁ is unknown. If checked, the license 121 does not reveal the public key PK1 111 or the content identifier or rights. Therefore, it is possible to protect the privacy of the user with respect to the content and possession of rights. Therefore, even if license 121 is found in the user's storage device, it does not compromise the user's privacy. During the purchase process, as briefly described above, the license manager device 120 may know the association between the public key (PK1) 111 and the contentID 112, the right 113 and the symmetric key, but with an anonymous channel. It is not possible to know the identity of the actual user.

If the user of the first user identification device 110 wishes to distribute one of the licenses of the user to the holder of the second user device 130, a corresponding license for the second user device needs to be generated. This can be achieved through the following procedure, for example. The first user who is the holder of the license is responsible for transmitting (4) to the license management device 120 a license 121 which he wishes to distribute with at least permanent anonymity (PK2) of the user identity device 130 to receive the license. Use user identification device 110. License 121 may have a format {PK2 [SYM '// rights' / contentID]} _signCP , as described above. If the received license is valid, a new second license 122 is created (5) and has the format {PK2 [SYM '// rights' / contentID]} _signCP . Here, PK2 131 encrypts the mixed value [SYM '// right' / contentID]. Rights' describe rights acquired by a second user, which may be more restrictive or the same as Rights. The contentID identifies the content associated with the right and the signCP becomes the signature of the content provider on the license 122. The generated license 114 is transmitted to the second user device 130 (9), ready to be used to access the content with a valid compliance certificate for the second user device. Do

In general, in order for the second user to securely access the requested content on the device being accessed, the compliance certificate 141 for his smart card 130 must be shown to the accessing device. Such compliance is preferably issued before the second license is sent to the second identity device. Further, the certificate 141 preferably does not include a public key (PK1) 111, but is issued with a modifiable SC (Smart Card) anonymous or temporary anonymous. To obtain a compliance certificate for the SC 130, the user / SC anonymously contacts the identity management device 140 or the compliance certificate issuer (CA-SC) for the smart card and the public key (PK2) 131. Request for a certificate by sending (6). The CA-SC 140 checks whether the private key PK2 131 is valid. If valid, CA-SC 140 generates a temporary anonymity, for example a random number (RAN: RAndum unmber) for smart card 131, and the {H (RAN), PK1 [RAN]} _signCA-SC . Compliant certificate 141 is issued (7). This certificate 141 is then sent 8 to the smart card 131. In this embodiment, H () is a one-way hash function, where PK2 131 encrypts the RAN, and signCA-SC becomes the CA-SC's signature for the certificate.

If checked, the certificate 141 does not leak the public key (PK2) 131, nor does it leak the temporary anonymous RAN of the smart card 130. In addition, the only entity that can obtain the RAN from the certificate 131 is the smart card 130. This is done by decryption with the private key (SK2) 133 associated with the SC 130. Therefore, the value RAN can be checked by the authenticator through the hash value in the certificate. The use of the anonymous RAN allows the authenticator to check the compliance of the smart card 130 without knowing the public key (PK2) 131. Moreover, since the anonymous RAN can be changed as often as needed, each time the smart card (SC) 130 obtains a new compliance certificate 131, the possibility of an authenticator for associating a compliance certificate with a given smart card 110 is Can be minimized. During the procedure described above, the compliance certificate issuer for the smart card (CA-SC) 140 recognizes the association between the public key 131 and the RAN, but does not recognize the identity of the actual user due to the anonymity channel.

The user can then access the licensed content, which is preferably executed on the accessing device (AD). In general, the accessing device operates in accordance with Digital Rights Management (DRM) rules. In order to access the content, the user must possess the content and license (eg, in an optical disc) or store the content and license in a specific location on the network. In one of these cases, the content + license must first be sent to the accessing device AD. Moreover, since the user is in front of the device AD that is physically accessing, the user's actual identity may be "public" to the AD. Therefore, in order to prevent the association between the user's actual identity and the public key PK2 from being disclosed to anyone other than the user, the public key PK2 131 should not be exposed to the device AD accessing the content access. . This is why the compliance certificate 141 for the SC 130 is issued to a changeable anonymous RAN. Upon checking the certificate, the accessing device AD knows the RAN but does not know the public key PK2 131. One example of a content access procedure is described below.

Content access process

Before the smart card 130 and the accessing device interact with each other, they do a mutual compliance check. That is, the compliance of the accessing device AD is verified by the compliance certificate of the accessing device, which is issued by the compliance certificate issuer for the accessing device CA-AD. This is shown in smart card 130. In order to verify the compliance certificate of the accessing device, the smart card 130 is provided with a public key of CA-AD. If this public key is changed periodically, it causes the AD to periodically renew the compliance certificate of the AD. In addition, this may be done at a time when the smart card (SC; 130) periodically updates its public key, and the SC (130) obtains its own compliance certificate from the CA-SC.

The compliance of smart card 130 is provided by a compliance certificate, which is presented to the accessing device. As described above, the smart card 130 obtains the value RAN from the certificate 141 by decrypting the certificate with the private key PK2 and transmits this value to the accessing device. The accessing device checks this value via the function H (RAN) in the certificate. Since the accessing device may be provided with a clock means, the smart card compliance certificate 141 may have an issue time added to the certificate, which forces the certificate to be renewed if the certificate is too old. In addition, for the smart card, the compliance certificate of the smart card is often updated sufficiently, thus minimizing the above-mentioned combination.

After such reciprocal compliance checking, as described above, the accessing device sends PP [SYM // Rights / contentID] from the license to the smart card 130, which decrypts it, giving the value SYM, Rights and It will send the contentID back to the accessing device. Thus, the accessing device decrypts the content using SYM and gives the user access to the content according to the Rights.

Cancellation of License

2 schematically illustrates another embodiment of the present invention. This embodiment is identical to the embodiment described in connection with FIG. 1 except that this embodiment includes the use of a certificate indicating which associated license is valid. The first license 121 is issued as described above and transmitted to the first user identity device 110, and reference numerals 1 to 3 correspond to FIG. 1. The user then distributes his license to a second user possessing the second user identity device 130, the first license being revoked according to the process described below.

The first user identity device 110 connects to the license management device 120 via an anonymous channel, authenticates itself with its persistent anonymous (PK1) 111 (4), and the second user identity device ( License 121 to be transmitted with persistent anonymous (PK2) 131 of 134 (4). The license management device verifies that the license is valid by comparing the license to the first set of data 224. In this embodiment, this first set of data is a black list, or in other words a revocation list, which contains the identity of all licenses that are no longer valid.

If the first license is valid, the license manager device 120 updates the information system through the information transmitted by the first license 121 to the second user (10). This is done by updating 10 the first set of data 224 to indicate that the first license is no longer valid.

Therefore, the first user is required to provide 11 to the identity management device 140 a request for renewal of its persistent anonymous 111 and certificate. After the identity management service 140 receives the persistent anonym 111, the anonymity indicates all revoked licenses corresponding to the anonymity PK1, with the request for the second set of data, with the request for the second set of data. (12). Since the symmetric key SYM that encrypts the content is unique per license, the license management device can use this value to identify each revocation license associated with PK1 111. Thus, the license management device generates 13 a second set of data 225 that includes the following values.

H (Sym_1 // Time),

H (Sym_2 // Time),

....,

H (Sym_n // Time)

Here, each value is mixed with the current time, and is a hash value of the key Sym_i of the revocation license corresponding to the PK1 111. The one-way hash function H () is used to reduce the size of each term in the revocation list in the second set of data 225 and is also used to hide the values of Sym_i from the other side that do not need to know from these values. Also, the current time is mixed with each Sym_i to prevent binding through the revocation list of compliance certificates issued for PK1 111 at different times.

Once the values for all revocation licenses of PK1 are included in the second set 225 of data, these data are transmitted by the license management device 120 to the identity management device 140 with a value Time, ie, a constant. (14). The license identity is mixed with the constant. At this time, the identity management device 140 includes (15) this second set of data as well as the value Time in the compliance certificate 242 of the first user identity. Certificate 242 has the following format: {H (RAN), PK1 [RAN], Time, H (Sym_1 // Time), H (Sym_2 // Time), ..., H (SYM_n // Time)} _{sign CA-SC} .

Thus, certificate 242 is sent to first SC 110, which may store the certificate in itself. A typical SC can store a compliance certificate with a revocation list of up to about 500 revocation licenses. If the revocation list is so large that storage on the SC is no longer possible //, then the certificate can be stored, for example, on a server in the network or on an optical storage medium.

As described above, if a user request accesses content on the accessing device or compatible device (CD), the content + license must be sent to the accessing device. In the user's request for content, the user identity device must verify the compliance of the identity device to the accessing device, and therefore must provide the above-mentioned compliance certificate. Thus, after checking for mutual compliance, the accessing device sends an anti-PK2 [SYM '// rights' // contentID] from the license to the user identity device, which decrypts it and sends the value back to the accessing device (SYM'). , Right 'and contentID). Before the accessing device uses SYM 'to decrypt the content and gives the user access to the content (according to Rights), the accessing device computes Sym (/ ym) and checks if this value is in the revocation list Check for absence. If the value is not on the revocation list, the CD will process the access request.

This is an advantage if the compliance certificate is frequently updated by the user identity device 110. This is done for both the user and the DRM system for at least the following reasons.

-To minimize connectivity through anonymous RAN of user's request to access content to other content, and

As a requirement of the accessing device to verify that the certificate (and the resulting revocation list) is too old via the value Time.

If the user is not interested in frequent updates to his certificate, the update may be forced to the requirements of the accessing device. As a result of this frequent update of the compliance certificate, the update value of the revoked license of PK1 is available to devices that access it very frequently.

After a certificate 242 has been received by the first user device 110 (16) and shown to a license management device, the second license 122 is transferred to the second user identity device 131 (9). .

The preferred approach is that the second license is passed to the second user identity device and that the first user device has expired its old certificate (which does not include the revoked license since it is used before the certificate 242 is obtained). Check with the management device.

One advantage of this procedure is that the new license is not distributed to the second user until the first user receives his new certificate. In this way, it is possible to prevent the first user and the second user from using each license at the same time. That is, use can be prevented while maintaining the relationship between the secret information of the first user and the secret information of the second user.

For example, according to the second embodiment of the present invention, in the case where a license is transferred from the first user to the second user, the license manager device may establish a relationship between these two users, that is, public key PK1 and public key ( The relationship between PK2). Recognition of this relationship may be undesirable by the user. Therefore, in the present specification referred to as "anonymity license", it is advantageous to use a generic license, in which case the user identity is not specified.

In this specification, anonymity license is a license for specific content that has specified rights (as license 122 described previously), but this license is not associated with a user identity device (ie has persistent anonymity). ). For any anonymous user who pays for this license or otherwise obtains the given content through certain rights, this license may be issued for the first user who requests revocation of the license in order to transfer his license to the second user. It may be. Since the license is not associated with any individual, this license can be transferred (or provided, sold, etc.) to any other individual. Such an individual may later provide the same license management device a license to be exchanged for a personalized license (e.g., license 121), which may then be used for content access.

However, for security reasons, it is preferable that a unique identifier be assigned to an anonymous license before the license management device issues an anonymous license. This is done to prevent once an anonymous license has already been recovered, any copy of this license (which can be made by the user) can be recovered. However, if such an identifier is selected by the license management device, since the license management device can recognize this identifier, it will be possible to establish a persistent anonymous connection between both users. To prevent this, a blind signature can be used, as described below.

3 illustrates a third embodiment of the present invention. Here, a first user who processes a license corresponding to a given content and right transmits this license to a second user without revealing to the system the relationship between the first user device and the second user device. This third embodiment is identical except for the differences described below with respect to the second embodiment described in connection with FIG.

The first license 121 is issued and transmitted to the first user identity device 110 as described with reference 1 to 3 above in connection with FIG. 1. The first user then contacts the CP or license management device 120 via anonymity channel 18 and issues the first license 121 and its PK1 with the request for issuance of the anonymity license and revocation of this license. Send 111. This withdrawal, i.e. cancellation, has been described previously in connection with reference numerals 11 to 16 in FIG.

The CP 120 sends a request for the user to authenticate himself, which can be accomplished via standard protocols (ie, send a random challenge to the user, where the CP is encrypted with PK1 111. Thus, if If the user is a party user, he can use his SK from the PK / SK pair to decrypt this challenge and send this SK back to the CP). After authentication of the user, the CP revokes the first license 121 of the PK1 111. Furthermore, before anonymity license is sent to the first user identity device 110, a new compliance certificate 241 is transferred 16 from the CA-SC to the first user identity device. The first set of data is changed before the certificate is generated, such a certificate 241 comprising the first license 121.

The first user identity device generates a secret and random identifier and conceals this value (17), which in turn becomes a concealed identifier blind [ID] 314. After the first user identity device receives the new certificate 241, the protocol between the user and the CP may continue. Preferably, the user wants to send his PK1 111, first license 121 to the CP, authenticate himself, and also send the user to the second user as well as his new compliance certificate 241. A new protocol is initiated when sending a concealed ID blind [ID] 314 and NewRight (NewRight) 313, old expired certificate. With all these values from the first user, the CP (Content Provider) first checks whether the first user's new inspection certificate 241 includes the revoked license 121 (see section H (Sym // Time)). You will be confirmed. Secondly, it is checked whether the NewRight 313 appearing in the first license 121 is equal to or less than the Right 113. Third, the contentID 112 is obtained from the provided first license 121. If the confirmation is satisfactory, content provider (CP) 120 may be able to generate anonymity license for the requested content and corresponding rights (19).

To do this, the license management device has a unique pair of authorized / private keys for each possible combination of different rights and different content. If a set of all rights including R rights is specified, every set of content has C items. This preferably means that the license management device must have R * C different authorized / private key pairs. Given these settings, once the license management device receives data {blind [ID], NewRight} from the first user, it conceals the blind blind identifier (BLIND [ID]) with a private key for this combination of {NewRight, contentID} ( 314) and return the value {blind [ID]} _{signed-NewRight-contentID} 325 to the user (20). Thus, the user may publish the signed identifier 21 to obtain the {ID} _{signed-NewRight-contentID} 315 and send this value along with the license details {NewRight, contentID} to the second user (11). . The description of NewRight, which must be combined with an anonymous license (if a license is being transferred between users), is only necessary if the specified rights allow less than the original rights. The possibility of sending a NewRight allows a user to give one of his licenses to another user. In this case, however, the license is, if he desires, a more restrictive right than the original right he has.

To obtain a personalized license, the second user identity device anonymously contacts the license management device, authenticates itself with its public anonymous PK2 131, and associates with {NewRight 313, contentID 316}. Together, the signed and published identifier {ID} _{signed-NewRight-contentID} 315 is sent to the license management device.

CP 120 first confirms that the published ID 315 is not already used (ie, in the list of IDs maintained by the CP) and that the CP does not enter such an ID in the list of used IDs. In addition, the CP checks its signature within ID 315 (if this signature was created with a key for {NewRight, contentID}), and if everything is correct, the license management device finally personalizes it to the second user. License 122 may be issued (5). This license is transmitted 9 to the user identity device 130 of the second user with the content encrypted with the personalized key SYM2. This license 122 is as follows: {PK2 [SYM2 // NewRight // contentID]} _signCP 122.

After the issuance of the above license 122, the value ID is entered into the set of data by the license management device, as described above, and requests a request for personalized license (with signed identifier) from the anonymous license. Each time it receives, it is checked by the license management device. This prevents issuance of licenses in response to personalized license requests for anonymous licenses that have already been recovered.

Apart from being used when a user passes or sells information to another user, anonymity licenses can be used to promote people under a license, for example, through a "one time purchase, second time free" model. It can be helpful. The second license can also be issued as an anonymous license and can be transferred to anyone. A fourth embodiment according to the invention is described with reference to FIG. 4. In this embodiment, the first user requests anonymity license for a given right corresponding to the given content without having to transfer the current license. The user receives this anonymity license and sends it to a second user identity device belonging to the second user. This third embodiment is the same as the third embodiment except for the differences described below as shown in FIG.

As illustrated in FIG. 4, the first user contacts the CP via an anonymous channel having a request for an anonymous license for a predetermined combination of rights 113 and contentID 112 (1). Further, possibly, the first user transmits proof of anonymity payment (equivalent to a token corresponding to the amount of money given). If the amount paid by the user is paid for a given combination of Right 113 and contentID 112, then the license management device 120 or CP is signed by the CP, for example with a key for the given combination. Anonymity license 421, which is a randomized ID, may be issued for the first user (2). In this fourth embodiment, the CP 120 itself can generate the ID 325 directly, since the user does not need to anonymously contact the CP to leak his or her PK. Because the license is not issued to itself. The user only needs to confirm anonymously that he is entitled to request the corresponding content for these rights. Thereafter, anonymity license 421 is transmitted to the first user identity device 110 (3). The first user identity device then forwards this license to the second user identity device 130, possibly with the contentID 112 and the right 113. Thus, a second user identity device provides the license management device 120 with a request for the anonymity license 421 and personalized license, possibly along with the contentID 112 and the right 113. do. At this time, as described in connection with the third embodiment, the license management device generates a personalized license 122 for the second user identity device 130 (5), the personalized license being the device. Is sent to 130 (9).

In the solution described above, the license management device 120 must maintain a vast list of different R * C public / private key pairs and corresponding rights, contentID values. This solution can be technically simplified from identity-based cryptography. Instead of using the identity of those people or others to generate a key, applying it to the present invention, a combination of content identifiers, rights and license management device names can be used for key generation. In this way, the public key can be simply defined as a string [contentID // Rights // LMDname], and the corresponding private key is generated based on the above string and the master key generated by the license management device.

The use of identity-based cryptography to generate a signing key pair has the following advantages.

If the license management device no longer needs to store a list of all R * C key pairs, key management by the license management device can be used quite easily (private keys can be generated as needed). Although the storage method is preferred over calculations, only the private key needs to be stored.

This solution allows anyone to check the signature of the license management device for an anonymous license if it knows the content identifier, the rights and the name of the license management device (ie because these values constitute a public key).

If the second user purchases a license from the first user, confirmation of the signature of the license management device may be necessary. The second user will be interested in seeing if the anonymity license he received from the first user refers to some content with a given right and whether this license can be restored to a given CP.

Distribution of rights within the domain

When a user of an information distribution system purchases information, other users who are familiar with the user may want to share this information. This can be done by forming a domain and is associated with a shared domain key PK _D. A domain must register a domain authority, which can, for example, actually verify that it is a component of a group, such as a family. The same domain authority can be assigned to PK _D for user groups and added to SK _D for smart cards. Once this is done, the user can purchase the content for the entire domain using the domain key (PK _D ) or for his private use (your private key (PK1)). In this case, a first user having a first user identity device 110 associated with a public key domain key (PK _D ) 516 may request this public domain key (PK) with a request of a given contentID 112 and a right 113. _D ) to the license management device 120. The license management device generates a master license 521 (2), which license is transferred to the first user identity device (3). The license has the following format: {{PK _D [SYM // Rights // contentID}, 1} _signCP , MR} _signCP (1)

The master license constitutes a domain license and has the following format: {PK _D [SYM // Rights // contentID}, 1} _signCP . (2)

Here, the master rights tag MR is all signed together by the CP.

The domain license is set to a representative tag (1) all signed together by the CP 120 as well as the contentID 112 encrypted by the symmetric key (SYM), master rights (Rights) 113, and the domain key (PKD). It consists of At the end of the procedure for obtaining this master license 121 from the CP 120, in order to protect their privacy towards domain members sharing the PKD, the user can encrypt the master license in the following format: have.

PK1 [{{PK _D [SYM // Rights // contentID}, 1} _signCP , MR} _signCP ], (3)

Users in the domain will not be able to see the rights and licenses of the users who purchased the content.

Creation of individual user rights (for a particular domain member) is done by domain manager device (DM) 150. The user who purchased the content prepares a set of persistent anonymous 132 and corresponding rights for the particular domain member and sends it to the DM with the master license 521 (4). Such a set, i.e., a data structure, may have the following form: [PK ₁ Right ₁ ; PK ₂ , Right ₂ ; PK ₃ , Right ₃ ; ... PK _n , Right _n ]. Where PK _i is the public key of the domain member (possibly including the first user), while Right _i is a right expression, describing the right to be associated with different PK _S. This facilitates the distinction of rights within the domain. In interaction with the DM, the user decrypts the encrypted certificate 3, thus decrypting the anti-PK _D [Sym // Rights // contentID]. In addition, the user may need to show in the DM certificate that confirms that all the PK _i mentioned actually belong to their domain because the user wants to prepare a license for the set. Thus, DM generates a member license for each PK _i with the following format (5):

{PK _i [Sym // Right _i // contentID _i ], PK _DM } _signDM . (4)

Finally, the license management device distributes these rights to domain members (9), preferably via user identity devices.

When accessing content, domain members may have to submit both personalized licenses and domain licenses to the device, as well as compliance certificates for the DM. The reason for submitting both licenses is to allow the accessing device to verify that the user belongs to the domain (if the user knows PK _i and PK _D ) and that both rights Rights _i ≤ Rights.

The procedure described above ensures that only users who purchase content and have a master license can generate domain licenses for domain members. The introduction of DM as a party that handles user rights within the domain has advantages for the management of countable rights. At this time, the DM may issue a new license and revoke the old license if consumption of the right to count occurs. In this way user privacy towards the CP is protected. This is because CP is not mixed every time a user consumes a right. Therefore, the CP cannot create a log linking the user's PK, the content identifier, the device identifier and the time at which the expenditure of the right to count occurs. However, this solution is advantageous for CP. Because the revocation of the old license is managed by the DM, so this is instantaneous.

As a result, as described above, the present invention facilitates the distribution of rights within the information distribution system. For this application, in particular with respect to the appended claims, the term “comprising” does not exclude the presence of other components or steps than those described in the claims. Moreover, a single means does not exclude a plurality of means, and a single unit or processor may perform the functions of several means. In addition, at least some of the means may be implemented in hardware or software, which will be apparent to those skilled in the art.

As described above, the present invention relates to an information distribution system in which a user can request digital information, and is particularly applicable to an information distribution system for protecting user information.

Claims (20)

A method of managing licensors and certificates belonging to at least one user within a system that distributes the requested information, while keeping the identity of the user confidential, wherein each user is represented by at least one user identity device. A user identity device is a method of managing a licensor and a certificate comprising at least a first persistent anonymous, Receiving (1) at the license management device data representing the requested information and corresponding rights; Generating (2) at the license management device a first license for the requested information; At a first user identity device, receiving (3) the first license; Receiving (4) at the license management device a persistent anonymous set comprising at least one persistent anonymous, a second license based on the first license and a request to assign the second license to a set of user identity devices Wherein the set of user identity devices comprises at least one user identity device, each user identity device receiving a set of persistent anonymous, coupled to each persistent anonymous included in the persistent anonymous set ); In the license management device, forming a set of licenses for the requested information (5), the set comprising a third license for each user identity device of the set of user identity devices, each license being Forming (5) a set of licenses for the requested information, comprising identity data available for identifying each third license; Receiving, at an identity management device, a request for a certificate and a second persistent anonymous, embedded in the persistent anonymous set, from a second user identity device embedded in the set of user identity devices corresponding to the second persistent anonymous (6); Receiving (7) at the identity management device; At the second user identity device, receiving (8) the certificate from the identity management device; Distributing (9) each generated license in the set of licenses to a corresponding user identity device included in the user identity device; And Identifying the certificate included in the set of licenses and the certificate in access of the requested information. How to manage the licensor and certificate comprising a. The method of claim 1, The first user identity device belongs to a first domain of a user identity device, each user identity device included in the user identity device set belongs to the first domain, and the first license is a master license, The second license is the same as the first license, the license management device includes a first license management device and a second license management device, and the set of persistent anonymous includes all persistent anonymous belonging to the first domain: The step (2) of generating a first license includes, at the first license management device, generating a master license and the right corresponding to the requested information, wherein a license is distributeable within the first domain. and; Receiving (4) a persistent anonymous set, a license and a request to assign the license to the user identity device further comprises receiving them from the first identity device; The step (5) of generating a set of licenses includes, at the second license management device, generating the set of licenses, each license being accessed by a corresponding user identity device when accessing the request information. How to manage available licensors and certificates. The method of claim 2, Receiving (1) data indicative of the requested information and corresponding rights further comprises receiving a first persistent domain anonymity associated with the first domain; The step (2) of generating a master license further comprises encrypting the data and the right representing the information by a first symmetric key, the first persistent domain anonymity and including this cipher in the master license. How to manage licensors and certificates that they contain. The method of claim 2 or 3, Verifying one of the compliance certificate and the license included in the set of licenses further comprises verifying the license by comparing the master license and the compliance certificate to manage the licensor and the certificate. Way. The method according to any one of claims 1 to 4, Generating a first set of data indicative of a valid license in such a way that data representing all licenses that are no longer valid and related to the at least one persistent anonymous is indicative of that anonymous traceable; Generating steps 7 and 15 is as follows: Receiving (12) at the license management device from the identity management device a request for data indicating which license is valid, related to the persistent anonymous and the persistent anonymous; Generating (13) at the license management device a second data set indicating which license related to the persistent anonymity is valid; Receiving (14) at the identity management device the second data set from the license management device; And At the identity management device, including the second data set in the requested certificate. The method of claim 5, The steps are: Receiving (4) receiving a request to assign the license to a set of persistent anonymous sets, licenses and user identity devices further comprises receiving them from the first identity device along with the first persistent anonymous set. and; Generating a second license (5) includes modifying (10) the first set of data to indicate that the second license is no longer valid, and at the identity management device, the first persistent anonymous Generating (15) and distributing the generated certificate to the first user identity device. The method of claim 6, Each license comprises a different key, and wherein step 13 of generating the second set of data includes generating a list of all keys, wherein the key is included in a license related to the first persistent anonymous. How to manage your licensors and certificates. The method of claim 7, wherein The step 13 of generating a second set of data includes encoding each of the keys with a constant by a hash function, the constant also being included in the second set of data. And how to manage certificates. The method according to any one of claims 1 to 8, Permit anonymity and requests are received for licenses for the requested information (1,4), The method, Using the received persistent anonymity associated with a user identity device when encrypting a symmetric key, an identifier of the requested information and a right associated with the user identity device and the request information; And Generating a license (2,5), wherein said encryption is included in said generated license. The method according to any one of claims 1 to 9, The step of identifying a license when accessing the requested content includes determining that the license identification data included in the license is valid by comparing the license with a second set of data contained in the certificate. And how to manage certificates. The method according to any one of claims 1 or 5 to 10, The second license is the same as the first license, Receiving the first license at a first user identity device comprises distributing (11) the first license to the second user identity device; Receiving (4) a persistent anonymous set and a second license further comprises receiving the set and the license from the second identity device. The method of claim 1, The first license is an anonymous license, the second license is the same as the first license, the license management device is associated with a second set of data indicating which anonymous licenses are valid, At the license management device, receiving (1) data indicative of the requested information and the corresponding right further comprises: receiving the data by an anonymous channel; Generating (2) the first license further comprises: generating an anonymous identification and encrypting the identification with a key corresponding to the received information and the right; At the first license management device, step (3) of receiving the first license further comprises distributing (11) the first license to the second user identity device; At the license management device, receiving (4) at least one persistent anonymous and second license comprises receiving them from the second user identity device, indicating that the second license is no longer valid. Changing (10) a third set of licensors and certificates. The method of claim 5, The second license corresponds to the first license if it is published, The steps are: Receiving (3) the first license at the first user identity device comprises: generating and concealing a secret identifier at the first identity device (17); and at the license management device, at the first Receiving (18) a license, the persistent anonymous, a request to revoke the first license, a request for an anonymous license for the requested information, and the concealed secret identifier, and a certificate associated with the first persistent anonymous Generating (15), transmitting the certificate to the license management device, and generating, at the license management device, the anonymous license for the requested information based on the concealed identifier (19). ) Receiving, at the first user identity device, the anonymity license (20), and the first user identity device In further comprising a step 21, a step 11 for receiving from said second user identity device, the anonymity of the license that the publicly disclose the anonymous license, Receiving (4) at the license management device the persistent anonymous set and the published anonymous license further comprising receiving them from the second user identity device. The method according to any one of claims 1 to 13, The first license refers to a distributable right for the requested information, The step (4) of receiving a persistent anonymous set further comprises receiving data indicating which rights each license in the set of licenses should be associated with; Generating a set of licenses (5) further comprises combining at least one of the licenses with a more restrictive right compared to the distributed rights. As an information system for distributing information while maintaining the confidentiality of the user, A first user identity device 110 comprising a persistent anonymous 111; A set of user identity devices 132 including at least one user identity device 130; As the license management device 120,  Receive data representing the requested information 112 and corresponding rights 113 from the first user identification device, generate a first license 121, transmit the first license to the first user identification device, and Receive a set of persistent anonymous 134 including at least one persistent anonymous 131 and a second license 115 based on the first license and each persistent anonymous included in the second set of persistent anonymous; Generate a set of licenses 123 including a third license 122 for each user identity device 130 in combination with 131, and included in the set of licenses 123 in a corresponding user identity device. A license management device (120), arranged to distribute each of the licenses; An identity management device 140 arranged to receive a persistent anonymous 131, generate a certificate 141, and send a certificate 141 to the user identity device included in the set of user devices. Information system comprising a. The method of claim 15, The first user identity device (110) belongs to a first domain of a user identity device, and each user identity device included in the set of user identity devices belongs to the first domain; The second license (122) is the same as the first license (521); The license management device comprises a first license management device 520 and a second management device 550; The set of persistent anonyms (132) all includes persistent anonyms belonging to the first domain; The first license management device 520 receives the data representing the requested information 112 and corresponding rights 113 from the first user identity device, generates the first license, and generates the first user. Arranged to transmit the first license to an identity device; The license management device 550 receives the set of the same persistent anonymity as the first license 521 and the second license, generates the set of licenses 123 and licenses the corresponding user identity device. An information system arranged to distribute several said licenses contained within said set of 123). The method of claim 17, The first license management device (520) is further arranged to receive the first persisted place name; And The master license (521) is a cipher with the first persistent anonymous, wherein the cipher includes the data representing a first symmetric key, the right and the requested information. The method of claim 15, wherein Further comprising a first set of data 224 indicating which licenses are valid; The license management device 120 receives a license identification and a request to revoke a corresponding license, changes the first set of data to indicate that the license corresponding to the license identification is revoked, and the identity management device Receive persistent anonymity from 140, generate the second set of data 225 indicating which licenses related to the first persistent anonymity are valid, and receive a second set of data from the identity management device. Arranged;   The identity management device receives a first persistent anonymity from the first user identity device, sends the first persistent anonymity to the license management device, receives the second set of data from the license management device, and And generate a certificate (242) that includes the second set of data and transmit the generated certificate to the first user identity device. The method of claim 15, The first license 421 is an anonymous license; The second license (421) is the same as the first license; The license management device 120 is coupled with a second set of data 424 indicating which anonymous licenses are valid; And The license management device receives anonymity by receiving data representing the requested information 112 and corresponding rights 113 via an anonymity channel and encrypting the anonymous identification with a key corresponding to the received information and rights. Generate an identity, generate anonymity license 421, send the anonymity license to the first user device, receive an anonymity license from the second user identity device, and confirm that the anonymity license is revoked And further arranged to modify the third set (424) of data to point. The method of claim 15, After the anonymous license is published, the second license corresponds to the generated anonymous license; The first user identity device 110 generates and conceals a secret identifier 314, transmits the blinded secret identifier to the license management device 120, and anonymity license from a privileged license management device. Receive (325), publish the second anonymous license, and transmit the published license (315) to the second user device; The license management device generates the anonymous license 325 corresponding to the hidden secret identifier to receive the hidden secret identifier 314 and the first license, and to revoke the first license, Send the anonymous license to a first identity device, receive the published license 315 from the second user identity device, revoke the published license, generate the third license 122, and Further arranged to distribute the third license to a second user identity device Information system.

Images