200839564 九、發明說明: 【發明所屬之技術領域】 本發明之具體實施例一般而言係關於内容存取,且更特 定言之係關於鏈結内容與授權並基於一會話權證來存取内 容。 【先前技術】</ RTI> </ RTI> </ RTI> </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; [Prior Art]
數位權限管理(DRM)係一種用以保護並控制内容(例如 音樂檔案、視訊檔案及其他内容)分佈的技術。在drm 中,使用一密碼編譯密鑰來加密内容,因此該密碼編譯密 鑰還可用於解密該内容。為了使一使用者解密並存取該内 各,使用者必須有權存取相關聯於該内容的一授權。一般 而言,一授權可將不同的存取權限授予該内容,取決於一 授權提供者所定義之許可。例如,該授權可能限制持續一 有限\數來播放該内容(例如一音樂播荦)。 在傳統DRM技術中,用於解密内容之密碼編譯密输係儲 存於授權内。授權可能會被破解,從而可從授權容易地提 取密碼編譯密鑰。若危及密碼編譯密鑰的安全,則一未經 授權的使用者可在沒有授權愔七 惟h况下解袷内谷,從而無限制 地存取内容。由此,需I ;隹 止4 > 而要進一步改良内容保護。 【發明内容】 本發明之各種具體實施例提供用於鏈結 :於一會話權證來存取内容之方法、系統及/或裝置= ^ 了^用許多方式來實施,包括一方 、 轉系統或一器件。下面說明本發明之數個具 126729.doc 200839564 體實施例。 在一具體實施例中,提供一種用於存取儲存於一記憶體 器件上之内容之方在此方&中,傳輸一I求存取該内 容之請求並接收一會話權證。該會話權證包括一用以解密 該内容之參數且該會話權證係基於一變數來產生,該變數 係經組態用以在一會話時變化。該内容可基於該會話權證 來加以存取。Digital Rights Management (DRM) is a technology used to protect and control the distribution of content such as music files, video files, and other content. In drm, a cryptographic key is used to encrypt the content, so the cryptographic key can also be used to decrypt the content. In order for a user to decrypt and access the user, the user must have access to an authorization associated with the content. In general, an authorization grants different access rights to the content, depending on the license defined by an authorized provider. For example, the authorization may limit the duration of a limited number of plays (e.g., a music broadcast). In conventional DRM technology, the cryptographic compilation system used to decrypt the content is stored in the license. Authorization may be cracked so that the cryptographic key can be easily extracted from the authorization. If the security of the cryptographic key is compromised, an unauthorized user can unlock the content without authorization, thereby unrestricted access to the content. Therefore, it is necessary to improve the content protection by I; 4 4 > SUMMARY OF THE INVENTION Various embodiments of the present invention provide for a method, system, and/or apparatus for accessing content in a session ticket, in a number of ways, including a party, a transit system, or a Device. Several embodiments of the invention having 126729.doc 200839564 are described below. In one embodiment, a means for accessing content stored on a memory device is provided in the party & a request to access the content is received and a session ticket is received. The session ticket includes a parameter for decrypting the content and the session ticket is generated based on a variable configured to change during a session. The content can be accessed based on the session ticket.
在另一具體實施例中,提供一種裝置。該裝置包括一記 憶體及與該記憶體通信的一處理器。該處理器係經組態用 以··傳輸一請求至一記憶體器件以存取儲存於該記憶體器 件内的内容;接收一會話權證;及基於該會話權證來存取 該内容。該會話權證包括一用以解密該内容之參數且該會 話權證係基於一變數來產生,該變數係經組態用以在一會 活時變化。 結合以範例方式說明本發明之原理的附圖,根據下列詳 細說明會明白本發明之其他具體實施例及優點。 【實施方式】 連同附圖,以下提供一或多個具體實施例之一詳細說 明。該詳細說明係結合此類具體實施例來提供,但不卩卩於 任一特定具體實施例。範疇僅受申請專利範圍限制且涵蓋 許多替代、修改及等效物。在下列說明中提出眾多特定余 節’以便提供一詳盡理解。此等細節係出於示範目的而提 供且可在沒有該些特定細節之一些或全部之情況下依據申 睛專利範圍來實施該等所述具體實施例。為了清楚起見 126729.doc 200839564 未w詳細說明與該等具體實施例相關的在技術領域中已知 的技術材料’以免不必要地混淆本說明。 本文所述之該等具體實施例提供鏈結一授權與内容並基 ;3話權也來存取該内容。使用一密碼編譯密鑰來解密 亚存取-加密内容。如下面更詳細所解釋,使用相關聯於 該授權與該内容兩者之參數來導出該密碼編譯密餘。在一 些具體實施例中,一用以導出該密碼編譯密鑰之參數可進 一步使用一變數來加密,使得將内容存取限於一會話。 圖1係依據本發明之一具體實施例-裝置系、统之-簡化 方塊圖。如圖1所示,系統102包括主計算器件114與記憶 體器件116。主計算器件114可包括各種電子器件,其能夠 存取記憶體ϋ件116以儲存或擷取儲存在該記憶體器件上 的内合118 °冗憶體器件116可藉由機械介面108(例如接針 及/或插座連接器)而可移地耗合至主計算器件⑴。記憶體 件116係5己憶體儲存器件。如下面所將解釋,記憶體 器件116之-範例係—使用非揮發性記憶體之記憶卡。 主計算器件m主控應用程式104。應用程式1〇4可包括 各種程式應用。例如,廡用兹4 Λ 4 應用私式1〇4可能係一作業系統, 其管理主計算器件114上的硬體及軟體資源。在另一範例 中,應用程式104可能得一容據辦换i 此你夕媒體插放器,其係經組態用 以播放音訊及視訊檔案。此外,例如,應用程式刚可能 係-視訊遊戲。應用程式刚可存取館存於記憶體器件ιΐ6 内的内容m。内容118可包括各種資料。内容ιΐ8之範例 包括以音訊播案格式(例如wave、ΜΡΕ(Μ音訊層 I26729.doc 200839564 3(MP3)進 p白音訊編碼(Adv紐“a Audi〇 c〇ding,· AAC))及 〃他曰訊檔案格式編碼的音訊檔案。内容〗〗8還可包括以 視訊擋案格式(例如音訊視訊交錯(Α_〇 1心〇 ,AVI)、動晝專家組(Moving Picture Experts Group,· MPEG))及其他視訊播案袼&編碼的視訊播案。内 容118之其他範例包括文件檔案、影像播案、應用程式播 案及其他資料。 鏈結授權與内容 圖2係描述依據本發明之一具體實施例之一用以解密内 奋之參數之產生的-方塊圖。圖2顯示内容u 8與相關聯授 權204。内容U8係加密,使得該内容難以理解…般而 言,授權204係實現存取内容118之資料(例如一字串、一 檔案及其他資料)。授權2〇4可包括用以存取内容ιΐ8之許 :或規則’例如存取持續時間、將内容存取限於一特定計 算器件、日期、時間、可存取内容之次數及其他許可。因 此授權204可經組態用以定義存取内容118之許可。因此其 於在授權204内所包括之該等許可來允許—使用者存㈣ 容^例如’授權綱可允許在—特定計算器件上欲播放 採用-音樂檔案之形式的内容118三次。在另—範例中, 授權2〇4可允許存取内容118,但不允許複製至另一計算器 件。 内合118係加松的且第三參數21〇係經組態用以解密該内 谷第一乡S 21 〇包括可相關聯於内容工置8之解密的各種資 料例如帛二參數21〇可能係用於加密及解密内容⑴的 126729.doc 200839564 一密碼編譯密鑰。取代該密碼編譯密鑰,第三來數2ι〇還 可包括該密碼編譯密鑰的一引用。例如,該引用可能係識 別該密碼編譯密鑰的一號碼或字串。第三參數21〇還可包 括一驗證密錄。該驗證密输係一用於在該主計算哭件與“己 憶體器件之間驗證會話之密碼編譯密鑰。在另一範例中, • 第三參數21〇可能係一密碼編譯臨時值。一密碼編譯臨時 ^ 值係一可用以產生該密碼編譯密鑰的號碼。 第三參數210係基於第一參數202與第二參數2〇6來產 # 生。換言之,第三參數210可表述成 第三參數=F (第一參數,第二參數)(1〇) 其中該第三參數係第一參數202及第二參數206之一函數。 該函數可包括各種函數,例如一雜湊函數,因此第三泉數 210可能係該雜湊函數之雜湊值。第一參數2〇2係相關聯於 授權204而第二參數206係相關聯於内容118。第一參數2〇2 與第二參數206可包括各種資料。例如,第一參數2〇2可能 係一號碼。在一具體實施例中,該號碼可能係隨機產生 着 的。在另一具體實施例中,該號碼係預定義的。第二參數 206可能取決於第一參數202或反之亦然。例如,第二參數 • 206可能係自一密碼編譯密鑰之一引用與第一參數202兩者 . 導出之一號碼或字串。此類號碼或字串可表述成 第二參數=F (密鑰引用,第一參數)(1.2) 其中第二參數206係該密碼編譯密鑰引用與第一參數2〇2之 一函數。應瞭解,第二參數2〇6還可自一驗證密鑰與第一 乡數202兩者導出。在另一範例中,第二參數2Q6可自一密 126729.doc 200839564 碼編譯臨時值與第一參數202導出。反之,第一參數2〇2可 自第一參數206及一驗證密鑰、一密碼編譯密鑰之一引 用、一密碼編譯臨時值或其他參數來導出。 第參數202及第二參數206係分別相關聯於授權2〇4與 内容Π8。為了相關聯授權204或内容118,第一參數2〇2及 第一參數206可分別位於或包括於該授權及該内容内。例 如,第二參數206可位於内容118之標頭或註腳内。或者, 第一參數202及/或第二參數206可與授權2〇4及/或内容ιΐ8 分離定位。若分離定位,則授權204可包括該第一參數的 一指標而相關聯於第一參數2〇2。在該第二參數與該内容 分離疋位之情況下,内容118還可包括第二參數206的一指 標。 圖3係依據本發明之一具體實施例之一用於存取一記憶 體器件之系統之一簡化方塊圖。如所示,系統3包括麵 合至記憶體器件116之主計算器件114。主計算器件114可 包括應用程式1〇4與第一内容保護平台3〇4。記憶體器件 116包括第二内容保護平台306、内容118及授權204。在一 具體實施例中,授權2〇4可儲存於記憶體器件116之一隱藏 分區内,其中該授權不可見或不可供許多應用程式存取。 除了儲存於記憶體器件116内外,授權2〇4還可儲存於主計 ^件114内。弟一内谷保護平台304及第二内容保護平台 306係用於防護至記憶體器件116之内容118的技術平台。 使用第一内容保護平台3 〇 4及/或第二内容保護平台3 〇 6, 使用者可傳送記憶體器件116及其内容11 8而不危及内容 126729.doc 200839564 保濩的女全。存在各種可用於防護資料之内容保護平台, 範例係在商標TmStedFlasWCruviTM (由 SanDisk,Inc.製 造)下銷售。 如圖3所示,應用程式104藉由第一内容保護平台304來 傳輸一對儲存於記憶體器件116内之内容118的請求。此 處,加搶内容118。為了解密内容118,擷取相關聯於授權 204之第一參數2〇2與相關聯於内容118之第二參數2〇6。第 一參數202與第二參數206可分別包括於授權204與内容118 内,或可能係與該授權及該内容分離定位的檔案。如等式 h〇所疋義,一第三參數係基於第一參數202與第二參數 206而產生。換吕之,該第三參數可自第一參數π]與第二 參數20‘出。該第三參數可能係一用以解密内容us的密 碼、為澤饴鑰、該密鑰密鑰的一引用、一驗證密鑰、一臨時 值或其他參數。使用該第三參數,應用程式⑽可解密並 存取内容118。為了存取内容118,第一内容保護平台3〇4 口專輸該第一參數及要求内容118之請求至記憶體器件 116、第一内容保護平台3〇6可基於該第三參數來解密内容 118並可藉由第一内容保護平台3〇4將解密後的内容傳輸至 應用程式104。 在圖3之具體實施例中,主控於主計算器件ιΐ4上的第一 内容保,平台304掏取第—參數逝及第二參數·,並基 二:等第及第二參數來產生該第三參數。在另一具體實 ^例中’包括於記憶體器件116内的第二内容保護平台306 逛可擷取笫一夂勃 昂參數2〇2及第二參數2〇6,並基於該等第一及 126729.doc -12- 200839564 第二參數來產生該第三參數。 圖4係依據本發明之一具體實施例描述從一記憶體器件 存取内容之一流程圖。在4〇2開始,分析内容以決定是否 保護(即加密)該内容。相關聯於該内容的各種資訊可指示In another embodiment, an apparatus is provided. The device includes a memory and a processor in communication with the memory. The processor is configured to transmit a request to a memory device to access content stored in the memory device; receive a session ticket; and access the content based on the session ticket. The session ticket includes a parameter for decrypting the content and the session ticket is generated based on a variable configured to change during a session. Other embodiments and advantages of the invention will be apparent from the accompanying drawings. [Embodiment] A detailed description of one or more specific embodiments is provided below in conjunction with the accompanying drawings. The detailed description is provided in connection with such specific embodiments, but not in any particular embodiment. The scope is limited only by the scope of the patent application and encompasses many alternatives, modifications and equivalents. Numerous specific details are set forth in the following description in order to provide a thorough understanding. The details are provided for the purpose of example and the specific embodiments may be practiced without departing from the scope of the invention. For the sake of clarity, 126729.doc 200839564 does not detail the technical material that is known in the art in connection with the specific embodiments, so as not to unnecessarily obscure the description. The specific embodiments described herein provide a link-authorization and content merging; 3 utterances also access the content. A cryptographically compiled key is used to decrypt the sub-access-encrypted content. As explained in more detail below, the cryptographic compilation secret is derived using parameters associated with both the authorization and the content. In some embodiments, a parameter used to derive the cryptographic key can be further encrypted using a variable such that content access is limited to a session. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a simplified block diagram of an embodiment of the invention in accordance with an embodiment of the invention. As shown in FIG. 1, system 102 includes a host computing device 114 and a memory device 116. The main computing device 114 can include various electronic devices that can access the memory device 116 to store or retrieve the internal 118° memory device 116 stored on the memory device via the mechanical interface 108 (eg, The pin and/or socket connector is removably consuming to the host computing device (1). The memory device 116 is a 5 memory storage device. As will be explained below, the memory device 116 - an example - uses a memory card of non-volatile memory. The main computing device m hosts the application 104. Applications 1〇4 can include a variety of program applications. For example, the application 4 4 may be an operating system that manages hardware and software resources on the host computing device 114. In another example, the application 104 may have a data transfer device that is configured to play audio and video files. Also, for example, the app may just be a video game. The application just has access to the content m stored in the memory device ιΐ6. Content 118 can include a variety of materials. Examples of content ιΐ8 include audio broadcast formats (such as wave, ΜΡΕ (Μ音层层I26729.doc 200839564 3 (MP3) into p white audio coding (Adv New Zealand "a Audi〇c〇ding, · AAC)) and he The audio file encoded in the file format. The content can also include the video file format (such as audio video interlacing (Α_〇1心〇, AVI), Moving Picture Experts Group (MPEG) And other video broadcasts & encoded video broadcasts. Other examples of content 118 include file files, video broadcasts, application broadcasts and other materials. Link Authorization and Content Figure 2 is a description of one of the present invention One of the specific embodiments is used to decrypt the generation of the parameters of the internal parameters. Figure 2 shows the content u 8 and the associated authorization 204. The content U8 is encrypted, making the content difficult to understand... In general, the authorization 204 is implemented Accessing content 118 (eg, a string, a file, and other materials). Authorization 2〇4 may include access to content ιΐ8: or rules 'eg, access duration, limited content access to a particular Computing device, Date, time, number of times the content is accessible, and other permissions. Thus, the authorization 204 can be configured to define a license to access the content 118. Thus, the licenses included in the authorization 204 allow the user to save (d) Capability, for example, 'authorization' may allow content on the particular computing device to be played three times in the form of a -music file. In another example, authorization 2〇4 may allow access to content 118, but copying to Another computing device. The internal connector 118 is loosened and the third parameter 21 is configured to decrypt the inner valley first town S 21 and includes various information that can be associated with the decryption of the content device 8, such as 帛The second parameter 21〇 may be used to encrypt and decrypt the content (1) 126729.doc 200839564 a cryptographic key. Instead of the cryptographic key, the third number 2ι〇 may also include a reference to the cryptographic key. The reference may be a number or string identifying the cryptographic key. The third parameter 21 〇 may also include a verification secret record. The verification key is used in the main computing crying and "recall" Verification between devices The cryptographic compile key. In another example, the third parameter 21 may be a cryptographically compiled temporary value. A cryptographically compiled temporary value is a number that can be used to generate the cryptographic key. Based on the first parameter 202 and the second parameter 2〇6, in other words, the third parameter 210 can be expressed as a third parameter=F (first parameter, second parameter) (1〇), where the third parameter is A function of the first parameter 202 and the second parameter 206. The function may include various functions, such as a hash function, so the third spring 210 may be the hash value of the hash function. The first parameter 2〇2 is associated with the authorization 204 and the second parameter 206 is associated with the content 118. The first parameter 2〇2 and the second parameter 206 can include various materials. For example, the first parameter 2〇2 may be a number. In a specific embodiment, the number may be randomly generated. In another embodiment, the number is predefined. The second parameter 206 may depend on the first parameter 202 or vice versa. For example, the second parameter 206 may be referenced from one of the cryptographic keys and the first parameter 202. One of the numbers or strings is derived. Such a number or string can be expressed as a second parameter = F (key reference, first parameter) (1.2) where the second parameter 206 is a function of the cryptographic compilation key reference and the first parameter 2〇2. It will be appreciated that the second parameter 2〇6 can also be derived from both a verification key and the first home number 202. In another example, the second parameter 2Q6 can be derived from the first temporary parameter 126729.doc 200839564 code compilation temporary value. Conversely, the first parameter 2〇2 can be derived from the first parameter 206 and a verification key, a cryptographic compilation key reference, a cryptographic compilation temporary value or other parameters. The parameter 202 and the second parameter 206 are associated with the authorization 2〇4 and the content Π8, respectively. In order to associate the authorization 204 or the content 118, the first parameter 2〇2 and the first parameter 206 may be located or included in the authorization and the content, respectively. For example, the second parameter 206 can be located within the header or footer of the content 118. Alternatively, the first parameter 202 and/or the second parameter 206 can be separately located from the authorization 2〇4 and/or the content ιΐ8. If the location is separated, the authorization 204 can include an indicator of the first parameter and be associated with the first parameter 2〇2. In the event that the second parameter is separated from the content, the content 118 may also include an indicator of the second parameter 206. Figure 3 is a simplified block diagram of one system for accessing a memory device in accordance with one embodiment of the present invention. As shown, system 3 includes a host computing device 114 that is coupled to memory device 116. The host computing device 114 can include an application program 1-4 and a first content protection platform 〇4. The memory device 116 includes a second content protection platform 306, content 118, and an authorization 204. In one embodiment, the authorization 2〇4 can be stored in one of the hidden partitions of the memory device 116, wherein the authorization is not visible or accessible to many applications. In addition to being stored in the memory device 116, the authorization 2〇4 can also be stored in the master unit 114. The one-inner protection platform 304 and the second content protection platform 306 are used to protect the technology platform to the content 118 of the memory device 116. Using the first content protection platform 3 〇 4 and/or the second content protection platform 3 〇 6, the user can transfer the memory device 116 and its contents 11 8 without compromising the content 126729.doc 200839564. There are various content protection platforms available for protection data, examples are sold under the trademark TmStedFlasWCruviTM (manufactured by SanDisk, Inc.). As shown in FIG. 3, application 104 transmits a pair of requests for content 118 stored in memory device 116 by first content protection platform 304. Here, add content 118. To decrypt the content 118, the first parameter 2〇2 associated with the authorization 204 and the second parameter 2〇6 associated with the content 118 are retrieved. The first parameter 202 and the second parameter 206 may be included in the authorization 204 and the content 118, respectively, or may be files that are separately located from the authorization and the content. As the equation h 疋 is defined, a third parameter is generated based on the first parameter 202 and the second parameter 206. In other words, the third parameter may be derived from the first parameter π] and the second parameter 20'. The third parameter may be a password used to decrypt the content us, a key, a reference to the key key, a verification key, a temporary value, or other parameters. Using the third parameter, the application (10) can decrypt and access the content 118. In order to access the content 118, the first content protection platform 3 port transmits the first parameter and the request for the content 118 to the memory device 116, and the first content protection platform 3〇6 can decrypt the content based on the third parameter. The decrypted content can be transmitted to the application 104 by the first content protection platform 3〇4. In the specific embodiment of FIG. 3, the first content protection on the main computing device ι4 is controlled, and the platform 304 takes the first parameter and the second parameter, and the second parameter: the second parameter and the second parameter are used to generate the first content. The third parameter. In another specific embodiment, the second content protection platform 306 included in the memory device 116 can capture the first parameter 2〇2 and the second parameter 2〇6, and based on the first And 126729.doc -12- 200839564 the second parameter to generate the third parameter. 4 is a flow diagram depicting accessing content from a memory device in accordance with an embodiment of the present invention. Beginning at 4〇2, analyze the content to determine whether to protect (ie, encrypt) the content. Various information associated with the content may be indicated
是否加密該内容。例如,該内容之標頭可指示該内容係加 密的。或者,該内容之副檔名還可指示該内容係加密的。 若不保護該内容,則在410,可直接存取該内容。若保護 該内容,則在404可自授權擷取第一參數。在此具體實施 例中,該第_參數係—號碼。該號碼可能係隨機產生或預 定義的。在406,從該内容擷取一第二參數。在一具體實 施例中如等式1.2所表述’該第二參數可自該密碼編譯 密鑰的一引用與該第一參數來導出。該密碼編譯密鑰係用 以加密或解密該内容。由此,該第二參數係相關聯於該内 容與該授權兩纟m第二參數係從用以解密該内容之 密碼編譯密鑰的一引用與一包括於該授權内之號碼來導出 或計算。應注意,在另一具體實施例中,該第一參數(例 如-號碼)可能相關聯於該内容而該第二參數可能相關聯 於該授權。 使用該第一參數與該第二參數’可在4〇8產生或計算該 密碼編譯密鑰的一引用。如上面等式1〇所表述,該密碼 編譯密鑰引用可基於該第一參數與該第二參數來產生。其 後’在4U)’可基於該第三參數來解密並存取該内容。例 如,在-具體實施例中’可將採用一密碼編譯密鑰引用之 形式的該第三參數傳輸至該記憶體器件。該記憶體器件可 126729.doc •13- 200839564 /安王儲存器,其儲存該密碼編譯密鑰。該記憶體器 件可使用該密碼編譯密鑰引用來從該安全儲存器擷取該密 ^扁澤在餘。使用該密碼編譯密鑰,該記憶體器件可解密 該内容並將該解密内容傳輸至一主計算器件。 基於一會話權證來存取内容 圖5係依據本發明之一具體實施例描述一會話權證之產 生的一方塊圖。最初提供參數5〇2且該參數包括可相關聯 於内容解密的各種資料。參數5〇2可基於相關聯於上述授 權及内容之參數來產生。參數5〇2之範例包括一用以解密 内谷之密碼編譯密鑰的一引用、一密碼編譯臨時值或其他 參數。 會話權證506之產生涉及使用變數504。變數504包括各 種資料。例如,該資料可能係一號碼。該號碼可能係預定 義或卩返機產生的。在另一具體實施例中,該資料可能係一 字串。不同於上述參數’變數504可能不相關聯於該授權 及内容。換言之,變數504可能獨立於該授權及内容。變 數504係經組態用以在一會話時變化。一會話可跨越一段 時間。例如,該會話可能持續一小時、一天、一周或其他 時間單位。此外,一會話可能在初始化或重新啟動輕合至 該記憶體器件之主計算器件時戴止。一會話還可能在將該 記憶體器件從該主計算器件解耦合時截止。此外,例如, 一會話可能跨越一有限數目的内容存取(例如可存取内容 的一有限次數)。 會話權證506係基於參數502與變數504來產生,因此可 126729.doc -14- 200839564 基於該變數來加密該參數以定義會話權證5〇6。會話權證 506因此可表述成 會話權證=F (參數,變數)(2.0) 其中該會話權證係參數5〇2與變數5〇4的一函數。使用會話 權證506 ’可基於該會話權證來存取該内容。例如,一主 計算器件可將會話權證5〇6傳輸至該記憶體器件。該記憶 體器件可基於會話權證506來導出用以解密該内容的表 數。參數5 〇2可自以下導出 參數寸·1 (會話權證,變數)(2·2) 其中該參數係會話權證5〇6與變數5〇4的一反函數。 應瞭解,因為該會話權證係用以解密内$,故會話權證 5〇6係相關聯於一特定内容。由此,使用會話權證506無法 使用或存取另-儲存於該記憶體器件内的内容,除非該會 =權證包括-參數(例如參數5G2)來解密其他内容。作為一 ,例,若使用不同的密碼編譯密鍮來加密儲存於_記憶體 抑件内的兩個、分離内$,則該主計算器件或記憶體器件 產生兩個、不同會铥婼μ ιν — ^ 。推也U存取該等兩個、分離内容。此 處,一會話權證益法用j 、、 存取使用不同密碼編譯密鑰加密 的該等兩個、分離内容。 圖6係依據本發明之一星每 ,、體κ施例之一使用一會話權證 來存取一記憶體器件之车 ^ α 士人 糸、、、先之一間化方塊圖。系統602包 括耦合至記憶體器件116 王叶器件1 14。主計算器件 114可包括應用程式1〇4盘繁一々 哭1 6勺紅榮- ^ 一内谷保護平台304。記憶體 口口件16 l括第二内容保 a ^ 文卞口 306、内容U8及授權204 〇 126729.doc -15 200839564 如上述,第一内容保護平台304與第二内容保護平台306可 經組態用以管理儲存於記憶體器件11 6内之内容118之數位 權限。 如圖6所示,應用程式1〇4藉由第一内容保護平台3 〇4傳 輸一要求儲存於記憶體器件116内之内容118的請求。内容 118係使用一密碼編譯密鑰加密的。一相關聯於該密碼編 譯密鑰(例如該密碼編譯密鑰之一引用、一臨時值或其他 參數)之參數係提供至第二内容保護平台306。回應該存取 内容118之請求,第二内容保護平台306基於變數6〇4來加 密該參數以定義一會話權證,該會話權證係表述於等式 2.0内。第二内容保護平台306可產生變數6〇4(例如一號 碼、一字串或其他參數)。變數604係經组態用以在一會話 時變化。例如,第二内容保護平台3〇6可為每一會話產生 一不同變數604。變數604可能係隨機產生或預定義的。 在產生該會話權證之後,第二内容保護平台3〇6將該會 話權證傳輸至主計算器件114。使用該會話權證,主計算 器件114可基於該會話權證來存取内容118。為了存取内容 118,主汁算器件114隨後將該會話權證傳輸回到記憶體器 件116。在接收會話權證後,第二内容保護平台3〇6解密該 會話權證以提取用以解密内容118之參數,該參數係表述 於等式2.2内。若變數604未曾變化,則因為該解密係基於 等同於用以加密該參數之變數的變數,故可提取該參 數。變數604可在不同會話時變化。由此,在相同會話内 產生該等變數之情況下,變數6〇4等同於用以加密該參數 126729.doc -16· 200839564 之變數。然而,若變數604已變化,則因為該解密係基於 -不同於用以加密該參數之變數的變數,故無法提取該參 數。在*同會話内產生料魏之情訂,變數⑼4不^ 於用以加密該參數之變數。藉由在一會話時改變變數 604,該會話權證持續或有效地用於一會話。若可提取該 參數’則㈣4容保護平台鳩可基於該參數來解密内 容118並將該解密内容傳輸至主計算器件114。 在另一具體實施例中,第一内容保護平台3〇4還可藉由 加密用以解密内容118之參數來產生該會話權證。此處, 回應應用程式104請求存取内容118,第一内容保護平台 304可產生該會話權證並將該會話權證傳輸至應用程式 104。應用程式1〇4可接著將該會話權證傳輸回到第一内容 保護平台304以存取内容ι18, 圖7係依據本發明之一具體實施例描述基於一會話權證 從一圮憶體器件存取内容之一流程圖。在7〇2開始,擷取 一密碼編譯密鑰之一引用。該引用可能擷取自一主計算器 件或一記憶體器件。儲存於該記憶體器件内的内容係加密 的並可使用該密碼編譯密鑰來加以解密。使用該密碼編譯 密鑰引用,在704,基於一號碼來加密該密碼編譯密鑰引 用,以定義一會話權證。該號碼係經組態用以在一會話時 變化並可隨機產生。在7〇6,該會話權證可接著傳輸至(例 如)一主計算器件。 當該主計算器件存取儲存於一記憶體器件上的内容時, 在706,該主計算器件可傳輸接收至該記憶體器件之會話 126729.doc -17- 200839564 權證。在708該記憶體器件接收該會話權證並在7i〇基於一 號碼來解密該會話權證。若該號碼匹配用以產生該會話權 證之號碼’則可從解密操作提取該密碼編譯密鑰引用。然 而’若該會話已變化且該記憶體器件持有一不同號碼,則 無法從該解密操作中提取該密碼編譯密鑰引用,因為該等 號碼不匹配。若可從該會話權證提取該密碼編譯密鑰引 用’則在712,基於該引用來擷取該密碼編譯密鎗。該密 碼編譯密鑰可擷取自(例如)一安全儲存器。接著在714使用 該密碼編譯密鑰來解密該内容並接著在716傳輸至(例如)該 主計算器件。 圖8係依據本發明之一具體實施例可主控於一主計算器 件上用於存取内容之程式應用之一簡化方塊圖。主計算器 件114可主控應用程式1〇4 '數位權限管理(DRM)模組 806、内容保護平台3〇4、檔案系統管理程式8〇8及器件驅 動程式810。如上述,應用程式1〇4可包括各種程式應用, 例如多媒體播放器、視訊遊戲及其他應用。與應用程式 104通信的係DRM模組806與内容保護平台304。DRM模組 806允許主計算器件114管理儲存於一記憶體器件或其他位 置内的内容之數位權限。例如,DRM模組8〇6可保護内容 並控制其分佈。如上述,内容保護平台3〇4係一用於防護 在一記憶體器件上之内容之技術平台。内容保護平台3〇4 可包括安全管理程式802與主密碼編譯引擎8〇4。一般而 言,安全管理程式802管理儲存於一記憶體器件内之内容 之存取。管理包括(例如)檢查是否保護内容、基於相關聯 126729.doc -18- 200839564 於一授權及内容產生一密碼編譯密鑰之一引用、基於一參 數與-變數來產生一會話權證、產生該變數及其他操作: 主密碼編譯引擎8G4包括該等密碼編譯庫用以處理密碼編 譯操作。内容保護平台304及DRM模組8〇6 一起向主計算器 件114(及s己憶體器件)提供安全儲存及内容管理能力。例 如’内容保護平台304與DRM模組嶋允許防護儲存於該記 憶體器件内之内容(例如音樂檔案、電影檔案、軟體及其 他育料)之儲#並加強用於控制内容存取之預定義策略。 與内容保護平台304通信的係㈣系統管理程式8〇8。一 般而言,檔案系統管理程式808係經組態用以管理並處理 存取(例如讀取、寫人及其他存取㈣)儲存於—記憶體器 牛内的内谷例如,檔案系統管理程式808可從一記憶體 器件讀取内容並將該内容傳輸至内容保護平台3G4用於處 主計算器件114可介接一記憶體器件。因&,主計算 盗件114可包括器件驅動程式81〇’其與檔案系統管理程式 H 以接該記憶體器件。器件驅動程式81 〇可(例 )匕括下層;I面功能以與一記憶體器件通信。一下層介 力月b之範例包括相關聯於輸入資料至該記憶體器件及 從其輸出資料之輸入/輸出功能。 圖9,依據本發明之一具體實施例可包括於一記憶體器 件内之程式應用之-簡化方塊圖。記憶體器件116可包括 Μ极、、且9G2、内容保護平台剔、密碼編譯引擎州及安 全儲存器_。在記憶體器件116中,DRM模組9G2允許記 憶體器件116管理儲存於該記憶體器件内之内容之數位權 126729.doc -19- 200839564 限。例如,DRM模組902可經組態用以加強内容權限。如 上述,内容保護平台306係一用於防護儲存於記憶體器件 116上之内容的技術平台。内容保護平台3〇6可經組態用以 基於相關聯於一授權及該内容之參數來產生一密碼編譯密 鑰之一引用,基於一參數及一變數來產生一會話權證,並 可經組悲用於其他操作。密碼編譯引擎9〇4處理密碼編譯 操作而安全儲存器906儲存該等密碼編譯密鑰。 應瞭解’在其他具體實施例中,除了圖8及圖9所示該等 私式應用,圖8之主計算器件114與圖9之記憶體器件116可 包括更少或更多的程式應用。例如,如圖8所示,檔案系 統管理程式808與器件驅動程式81〇可整合於内容保護平台 304内。圖8之主計算器件114可因此包括1)11]^模組8〇6與内 容保護平台304。 圖1〇係依據本發明之一具體實施例適用於主控一内容保 濩平台與其他程式應用之一主計算器件之一般概述之一簡 化方塊圖。在一些具體實施例中,主計算器件114可用於 實施電腦程式(例如内容保護平台)、邏輯、應用程式、方 法、程序或其他軟體用於存取内容。主計算器件U4之範 例包括一桌上型電腦、一伺服器、一可攜式計算器件、一 個人數位助理、一行動電話、在一器具内的一計算引擎及 其他電腦系統。如圖10所示,主計算器件114包括匯流排 1002或其他用於傳達資訊之通信機制,該通信機制互連子 系統及器件,例如處理器1〇〇4、系統記憶體1〇〇6(例如隨 機存取記憶體(RAM))、儲存器件1〇〇8(例如唯讀記憶體 126729.doc -20- 200839564 (ROM)、磁碟機、光碟機及其他儲存器件)、通信介面 1012(例如數據機或乙太網路卡)、顯示器1〇14(例如陰極射 線官(CRT)或液晶顯示器(£CD))、輸入/輸出器件1〇16(例如 鍵盤)及游標控制1 〇 1 8(例如滑鼠或軌跡球)。 在-些具體實施例中,當執行儲存於系統記憶體1〇〇6内 之一或多個程式指令之一或多個序列時,主計算器件丨 藉由處理器1004來執行特定操作。此類程式指令可從另外 電腦可讀取媒體(例如儲存器件〗刪)讀人系統記憶體屬 内。在-些具體實施例中,硬佈線電路可取代或組合軟體 程式指令來使用,以實施本發明之具體實施例。 應瞭解,術語”電腦可讀取媒體”係指參與提供程式指令 至處理H 1_用於執行之適#媒體。此_媒體可採取許多 形式,包括(但不限於)非揮發性媒體、揮發性媒體及傳輸 媒體非揮發性媒體可包括(例如)光碟或磁碟,例如儲存 件1008。揮發性媒體可包括動態記憶體,例如系統記憶 體1006 °傳輸媒體包括同軸電、纜、銅導線及光纖,包括包 含匯流排1002之導線。傳輸媒體還可採取聲波或光波之形 式,例如在無線電電波及紅外線資料通信期間所產生之該 等波。電腦可讀取媒體之常見形式包括(例如)磁性媒體(例 如軟碟、軟性磁碟、硬碟、磁帶及其他磁性媒體)、光學 媒體(例如光碟唯讀記憶體(cd_r〇m)&其他光學媒體)、 具有圖案之實體媒體(例如打孔卡、紙帶、任何其他實體 媒體)、Λ憶體晶片或匣、載波(例如ram、可程式化唯讀 m (prom)、可抹除可程式化唯讀記憶體(epr〇m)、 126729.doc -21 - 200839564 快閃記憶體及其他記愔騍a u a <、 尤體晶片或匣)及電腦可自其讀取的 任一其他媒體。Whether to encrypt the content. For example, the header of the content may indicate that the content is encrypted. Alternatively, the extension of the content may also indicate that the content is encrypted. If the content is not protected, then at 410, the content can be accessed directly. If the content is protected, the first parameter can be retrieved at 404. In this embodiment, the _ parameter is a number. This number may be randomly generated or predefined. At 406, a second parameter is retrieved from the content. In a specific embodiment, as represented by Equation 1.2, the second parameter can be derived from a reference to the cryptographic key and the first parameter. The cryptographic key is used to encrypt or decrypt the content. Thus, the second parameter is associated with the content and the authorization parameter. The second parameter is derived or calculated from a reference to the cryptographic key used to decrypt the content and a number included in the authorization. . It should be noted that in another embodiment, the first parameter (e.g., a number) may be associated with the content and the second parameter may be associated with the authorization. Using the first parameter and the second parameter ', a reference to the cryptographic key can be generated or calculated at 4. As represented by Equation 1 above, the cryptographic compilation key reference can be generated based on the first parameter and the second parameter. Thereafter, at 4U), the content can be decrypted and accessed based on the third parameter. For example, in a particular embodiment, the third parameter in the form of a cryptographic keying reference can be transmitted to the memory device. The memory device can be 126729.doc • 13- 200839564 / Anwang memory, which stores the password compilation key. The memory device can use the cryptographically compiled key reference to retrieve the secret from the secure storage. Using the password to compile the key, the memory device can decrypt the content and transmit the decrypted content to a host computing device. Accessing Content Based on a Session Warrant Figure 5 is a block diagram depicting the generation of a session ticket in accordance with an embodiment of the present invention. Parameter 5〇2 is initially provided and includes various data that can be correlated with content decryption. Parameter 5〇2 can be generated based on parameters associated with the above authorization and content. An example of parameter 5〇2 includes a reference to decrypt the password compilation key of the inner valley, a cryptographic compilation temporary value or other parameters. The generation of the session ticket 506 involves the use of a variable 504. Variable 504 includes various materials. For example, the information may be a number. This number may be pre-determined or returned. In another embodiment, the material may be a string. Unlike the above parameter 'variable 504' may not be associated with the authorization and content. In other words, the variable 504 may be independent of the authorization and content. The variable 504 is configured to vary during a session. A session can span a period of time. For example, the session may last for an hour, a day, a week, or other time unit. In addition, a session may be worn when initializing or restarting the flash to the host computing device of the memory device. A session may also be turned off when the memory device is decoupled from the host computing device. Moreover, for example, a session may span a limited number of content accesses (e.g., a limited number of times the content can be accessed). The session ticket 506 is generated based on the parameter 502 and the variable 504, so the parameter 126729.doc -14-200839564 can be encrypted based on the variable to define the session ticket 5〇6. The session ticket 506 can thus be expressed as a session ticket = F (parameter, variable) (2.0) where the session warrant is a function of the parameter 5〇2 and the variable 5〇4. The session token 506' can be used to access the content based on the session ticket. For example, a host computing device can transfer session warrants 5〇6 to the memory device. The memory device can derive the number of tables used to decrypt the content based on the session ticket 506. The parameter 5 〇2 can be derived from the following parameters: 1 (session ticket, variable) (2·2) where the parameter is an inverse function of the session warrant 5〇6 and the variable 5〇4. It should be appreciated that because the session warrant is used to decrypt the internal $, the session warrant 5-6 is associated with a particular content. Thus, the use of session ticket 506 cannot use or access another content stored in the memory device unless the = warrant includes a parameter (e.g., parameter 5G2) to decrypt other content. As an example, if different passwords are used to compile the keys to encrypt the two stored in the _memory inhibitor, the internal computing device or the memory device generates two different 铥婼μ ιν — ^ . Push also U to access the two, separate content. Here, a session warrant is used to access the two, separate content encrypted with a different cryptographic key. 6 is a block diagram of a vehicle that uses a session warrant to access a memory device in accordance with one of the embodiments of the present invention. System 602 includes coupling to memory device 116. The main computing device 114 can include an application program of 1 〇 4 disks 々 哭 crying 1 6 scoops of red glory - ^ an inner valley protection platform 304. The memory port port 16 l includes the second content guarantee a ^ port 306, the content U8 and the authorization 204 〇 126729.doc -15 200839564 as described above, the first content protection platform 304 and the second content protection platform 306 can be grouped The state is used to manage the digital authority of the content 118 stored in the memory device 116. As shown in FIG. 6, the application program 4 transmits a request for content 118 stored in the memory device 116 via the first content protection platform 3 〇4. Content 118 is encrypted using a cryptographic key. A parameter associated with the cryptographically compiled key (e.g., a reference to the cryptographic key, a temporary value, or other parameter) is provided to the second content protection platform 306. Referring back to the request to access the content 118, the second content protection platform 306 encrypts the parameter based on the variable 6〇4 to define a session ticket, which is expressed in Equation 2.0. The second content protection platform 306 can generate variables 6〇4 (e.g., a number, a string, or other parameter). The variable 604 is configured to vary during a session. For example, the second content protection platform 〇6 can generate a different variable 604 for each session. The variable 604 may be randomly generated or predefined. After generating the session ticket, the second content protection platform 3〇6 transmits the session ticket to the host computing device 114. Using the session ticket, host computing device 114 can access content 118 based on the session ticket. In order to access the content 118, the primary juice computing device 114 then transmits the session ticket back to the memory device 116. After receiving the session ticket, the second content protection platform 3〇6 decrypts the session ticket to extract parameters for decrypting the content 118, which is expressed in Equation 2.2. If the variable 604 has not changed, the parameter can be extracted because the decryption is based on a variable equivalent to the variable used to encrypt the parameter. The variable 604 can vary during different sessions. Thus, in the case where the variables are generated within the same session, the variable 6〇4 is equivalent to the variable used to encrypt the parameter 126729.doc -16·200839564. However, if the variable 604 has changed, the parameter cannot be extracted because the decryption is based on a variable different from the variable used to encrypt the parameter. In the same session, the material is generated, and the variable (9) 4 is not used to encrypt the parameter. By changing the variable 604 at a session, the session ticket is used continuously or effectively for a session. If the parameter can be extracted, then the (four) 4 protection platform can decrypt the content 118 based on the parameter and transmit the decrypted content to the host computing device 114. In another embodiment, the first content protection platform 〇4 can also generate the session ticket by encrypting parameters used to decrypt the content 118. Here, in response to the application 104 requesting access to the content 118, the first content protection platform 304 can generate the session ticket and transmit the session ticket to the application 104. The application 1-4 may then transmit the session ticket back to the first content protection platform 304 to access the content ι 18, and FIG. 7 illustrates accessing from a memory device based on a session ticket in accordance with an embodiment of the present invention. One of the content flow charts. Beginning at 7〇2, draw a reference to one of the cryptographic keys. This reference may be taken from a master calculator or a memory device. The content stored in the memory device is encrypted and can be decrypted using the cryptographic key. The key reference is compiled using the password, and at 704, the cryptographic key reference is encrypted based on a number to define a session ticket. This number is configured to change at one session and can be randomly generated. At 7〇6, the session ticket can then be transmitted to, for example, a host computing device. When the host computing device accesses the content stored on a memory device, at 706, the host computing device can transmit the session 126729.doc -17-200839564 ticket received to the memory device. At 708, the memory device receives the session ticket and decrypts the session ticket based on a number at 7i. If the number matches the number used to generate the session token, then the cryptographic key reference can be extracted from the decryption operation. However, if the session has changed and the memory device holds a different number, the cryptographic keying reference cannot be extracted from the decryption operation because the numbers do not match. If the cryptographic keying reference is extracted from the session ticket, then at 712, the cryptographic rifle is retrieved based on the reference. The cryptographic key can be retrieved from, for example, a secure storage. The cryptographic key is then used at 714 to decrypt the content and then transmitted at 716 to, for example, the host computing device. Figure 8 is a simplified block diagram of a program application for accessing content on a master calculator in accordance with an embodiment of the present invention. The main calculator unit 114 can host the application program 4〇4 Digital Rights Management (DRM) module 806, the content protection platform 3〇4, the file system management program 8〇8, and the device driver 810. As mentioned above, the application program 1.4 can include various program applications such as multimedia players, video games, and other applications. The DRM module 806 and the content protection platform 304 are in communication with the application 104. The DRM module 806 allows the host computing device 114 to manage the digital rights of content stored in a memory device or other location. For example, the DRM module 8〇6 protects content and controls its distribution. As mentioned above, the content protection platform 3〇4 is a technology platform for protecting content on a memory device. The content protection platform 〇4 may include a security management program 802 and a master cipher compilation engine 8.4. In general, the security management program 802 manages access to content stored in a memory device. The management includes, for example, checking whether the content is protected, generating a session ticket based on a parameter and a variable based on a reference and a variable to generate a session ticket based on the associated 126729.doc -18-200839564 for a license and content generation, generating the variable And other operations: The main password compiling engine 8G4 includes the password compiling library for processing the password compiling operation. The content protection platform 304 and the DRM module 8〇6 together provide secure storage and content management capabilities to the main calculator 114 (and the suffix device). For example, the content protection platform 304 and the DRM module allow for protection of content stored in the memory device (eg, music files, movie archives, software, and other materials) and enhance pre-definition for controlling content access. Strategy. The system (4) system management program 8〇8 that communicates with the content protection platform 304. In general, the file system management program 808 is configured to manage and process access (eg, read, write, and other accesses (4)) stored in a memory bank, such as a file system management program. 808 can read content from a memory device and transfer the content to content protection platform 3G4 for host computing device 114 to interface with a memory device. Because &, the master computing thief 114 can include a device driver 81 〇 'and the file system management program H to interface with the memory device. The device driver 81 can (for example) include the lower layer; the I-face function can communicate with a memory device. An example of the lower layer of the month b includes an input/output function associated with the input data to and from the memory device. Figure 9 is a simplified block diagram of a program application that can be included in a memory device in accordance with an embodiment of the present invention. The memory device 116 can include a drain, and 9G2, a content protection platform, a cryptographic engine state, and a secure memory. In the memory device 116, the DRM module 9G2 allows the memory device 116 to manage the digital rights of the content stored in the memory device 126729.doc -19-200839564. For example, the DRM module 902 can be configured to enhance content rights. As described above, the content protection platform 306 is a technology platform for protecting content stored on the memory device 116. The content protection platform 〇6 can be configured to generate a reference to a cryptographic key based on a parameter associated with an authorization and the content, generate a session ticket based on a parameter and a variable, and can be grouped Sadness is used for other operations. The cryptographic engine 9〇4 handles the cryptographic compilation operation and the secure storage 906 stores the cryptographically compiled keys. It should be understood that in other embodiments, in addition to the private applications illustrated in Figures 8 and 9, the host computing device 114 of Figure 8 and the memory device 116 of Figure 9 may include fewer or more program applications. For example, as shown in FIG. 8, the file system management program 808 and the device driver 81 can be integrated into the content protection platform 304. The host computing device 114 of Figure 8 can thus include 1) 11) modules 8 〇 6 and a content protection platform 304. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a simplified block diagram of a general overview of a host computing device suitable for hosting a content protection platform and other programming applications in accordance with an embodiment of the present invention. In some embodiments, host computing device 114 can be used to implement computer programs (e.g., content protection platforms), logic, applications, methods, programs, or other software for accessing content. Examples of host computing device U4 include a desktop computer, a server, a portable computing device, a personal digital assistant, a mobile phone, a computing engine within an appliance, and other computer systems. As shown in FIG. 10, the main computing device 114 includes a bus bar 1002 or other communication mechanism for communicating information, the communication mechanism interconnecting subsystems and devices, such as the processor 1〇〇4, the system memory 1〇〇6 ( For example, random access memory (RAM), storage device 1〇〇8 (such as read-only memory 126729.doc -20-200839564 (ROM), disk drive, CD player and other storage devices), communication interface 1012 ( For example, data modem or Ethernet card), display 1〇14 (such as cathode ray official (CRT) or liquid crystal display (£CD)), input/output device 1〇16 (such as keyboard) and cursor control 1 〇1 8 (such as a mouse or trackball). In some embodiments, the host computing device performs a particular operation by the processor 1004 when executing one or more of the program instructions stored in the system memory 1-6. Such program instructions can be read from another computer readable medium (eg, a storage device) in the system memory. In some embodiments, hard-wired circuitry may be used in place of or in combination with software program instructions to implement a particular embodiment of the invention. It should be understood that the term "computer readable medium" refers to the media that participates in providing program instructions to process H1_ for execution. The medium may take many forms including, but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media may include, for example, a compact disc or a magnetic disk, such as storage member 1008. Volatile media can include dynamic memory, such as system memory 1006° transmission media including coaxial electrical, cable, copper wire, and fiber optics, including wires that include bus bar 1002. The transmission medium can also take the form of sound waves or light waves, such as those generated during radio wave and infrared data communication. Common forms of computer readable media include, for example, magnetic media (eg, floppy disks, floppy disks, hard drives, tapes, and other magnetic media), optical media (eg, CD-ROM (cd_r〇m) & other Optical media), physical media with patterns (such as punch cards, tapes, any other physical media), memory chips or cymbals, carrier waves (eg ram, programmable read-only m (prom), erasable Stylized read-only memory (epr〇m), 126729.doc -21 - 200839564 flash memory and other memory aua <, slabs or sputum) and any other media from which the computer can read .
在一些具體實施例巾’可藉由―單-計算时114來執 行該等程式指令序列之執行以實施該等具體實施例。在其 他具體實施例中’由通信鏈路刪(例如區域網路(LAN)、 公用交換電話網絡(PSTN)、無線網路及其他通信鍵路)輕 合的兩或更多電腦系統(例如主計算器件114)可執行程式指 令序列以相互協調地實施該等具體實施例。此外,計算器 件m可透過通信鏈路_與通信介面1〇12來傳輸並:收 訊息、資料及指令’包括程式,即應用程式碼。接收的程 式和令可在接收該等程式指令時由處理器1〇〇4執行及/或 儲存於儲存器件刪或其他非揮發性储存器内用於稱後執 行0 圖11係依據本發明之一具體實施例之一記憶體器件之一 簡化方塊圖。如圖11所示,記憶體器件116包括與記憶體 Π04通信的記憶體控制器1102。一般而言,記憶體控制器 1102控制記憶體1106之操作。操作範例包括寫入(或程式 化)資料、項取資料、抹除資料、核實資料及其他操作。 此外,記憶體控制1102可經組態用以基於相關聯於該授權 及該内容之參數來產生一參數,基於一參數及一號碼來產 生一會話權證,並可經組態用於上述其他操作。 記憶體器件116可包括各種非揮發性記憶體結構及技 術。記憶體技術之範例包括快閃記憶體(例如NAND、 NOR、單級單元(slC/BIN)、多級單元(MLC)、劃分位元 126729.doc •22- 200839564 線NOR(DINOR)、AND、高電容耦合比(HiCR)、非對稱無 接觸電晶體(ACT)及其他快閃記憶體)、可抹除可程式化唯 讀記憶體(EPROM)、電可抹除可程式化唯讀記憶體 (EEPROM)、唯讀記憶體(ROM)、一次可程式化記憶體 (OTP)及其他記憶體技術。在一具體實施例中,記憶體器 件116可能係使用快閃記憶體的一快閃記憶卡。快閃記憶 卡之範例包括各種以下商標標記產品,例如Secure DigitalTM (相容於加利福尼亞州San Ramon的SD卡協會所 主張的規格)、MultiMediaCard™ (相容於加利福尼亞州 Palo Alto的多媒體卡協會(’’MMCA”)所主張的規格)、 MiniSDTM (由 SanDisk,Inc·製造)、MicroSDTM(由 SanDisk, Inc.製造)、CompactFlashTM(相容於加利福尼亞州Palo Alto 的 CompactFlash 協會("CFA”所主張的規格)、SmartMedia™ (相容於日本橫濱的固態軟碟卡("SSFDC”)論壇主張的規 格)、xD-Picture CardTM (相容於日本東京的xD-Picture卡 許可辦公室所主張的規格)、Memory StickTM(相容於日本 橫濱的固態軟碟卡(f’SSFDC”論壇所主張的規格)、 TransFlashTM (由SanDisk,Inc·製造)及其他快閃記憶卡。在 另一具體實施例中,記憶體器件116可實施成一非可移式 記憶體器件。 下列專利文件包含可與本文所述之具體實施例一起使用 的具體實施例。該些專利文件之各專利文件與本申請案同 曰申請,讓渡給本發明之受讓人,並以引用形式併入本 文:"用於鏈結内容與授權之方法",美國專利申請案序號 126729.doc -23- 200839564 ll/599,655 ;"用於鏈結内容與授權之裝置,’,美國專利申 請案序號11/600,270 ; ”用於基於會話權證存取内容之裝 置ff,美國專利申請案序號11/600,273 ; ”用於結合内容至 分離記憶體器件之方法”,美國專利申請案序號 11/600,262 ;"用於結合内容至分離記憶體器件之裝置„, 美國專利申請案序號11/6〇〇,245 ;,,用於允許多個使用者存 取預視内容之方法”,美國專利申請案序號11/599,994 ; ”用於允許多個使用者存取預視内容之系統",美國專利申 請案序號11/599,995 ; ”用於允許第二DRM系統存取受第一 DRM系統保護之内容的方法”,美國專利申請案序號 11/600,005,”用於允許第二DRM系統存取受第一 系 統保護之内容的系統”,美國專利申請案序號11/599,991,· ”用於連接至相關聯於内容之網路位置的方法",美國專利 申請案序號11/_,3G();及"用於連接至相關聯於内容之網 路位置的系統",美國專利申請序號11/600,006。 儘管為了清楚理解之故,在—些細節上已說明前述具體 實施例’但該等具體實施例不限於所提供的細節。存在許 多實施該等具體實施例之替代性方式。據此,該等揭示且 體實施例應視為說明性而非限制性,且該等具體實施例不 =於本文所提出之細節’並可加以修改而不脫離隨附申請 專利範圍之範缚及等效物。”請專利範圍内,元件及/ t作不會暗示著任何特定操作次序,除非申請專利範圍 另有明確申明。 【圖式簡單說明】 126729.doc -24- 200839564 、-口附圖’精由上述詳細說明應容易地理解本發明,且 相似參考數位指定相似結構元件。 圖1係依據本發明之^^ , / 具體實施例之一裝置系統之一簡 化方塊圖。 圖2係依據本發明之一呈濟壤:—/丨w 具體貝%例描述一用以解密内容 之參數之產生的一方塊圖。 圖3係依據本發明之一具體實施例之一用於存取一記憶 體器件之系統之一簡化方塊圖。The execution of the sequence of program instructions can be performed by the "single-calculation" 114 in some embodiments to implement the specific embodiments. In other embodiments, two or more computer systems (eg, primary) that are lightly coupled by a communication link (eg, a local area network (LAN), a public switched telephone network (PSTN), a wireless network, and other communication keys) The computing device 114) can execute the sequence of program instructions to implement the specific embodiments in coordination with one another. In addition, the calculator m can be transmitted through the communication link _ and the communication interface 1 〇 12 and: the received message, the data and the command ‘includes the program, ie the application code. Received programs and commands may be executed by processor 1〇〇4 and/or stored in a memory device or other non-volatile memory for subsequent execution when receiving such program instructions. FIG. 11 is in accordance with the present invention. One of the memory devices of one embodiment simplifies the block diagram. As shown in Figure 11, memory device 116 includes a memory controller 1102 in communication with memory port 04. In general, memory controller 1102 controls the operation of memory 1106. Examples of operations include writing (or stylizing) data, item fetching, erasing data, verifying data, and other operations. Additionally, the memory control 1102 can be configured to generate a parameter based on the parameters associated with the authorization and the content, generate a session ticket based on a parameter and a number, and can be configured for the other operations described above . Memory device 116 can include a variety of non-volatile memory structures and techniques. Examples of memory technologies include flash memory (eg, NAND, NOR, single-level cell (slC/BIN), multi-level cell (MLC), partition bit 126729.doc • 22- 200839564 line NOR (DINOR), AND, High capacitance coupling ratio (HiCR), asymmetric contactless transistor (ACT) and other flash memory), erasable programmable read only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), read-only memory (ROM), one-time programmable memory (OTP) and other memory technologies. In one embodiment, memory device 116 may be a flash memory card that uses flash memory. Examples of flash memory cards include various branded markup products such as Secure DigitalTM (compatible with the specifications of the SD Card Association of San Ramon, Calif.), MultiMediaCardTM (compatible with the Multimedia Card Association of Palo Alto, California (' 'MMCA') specifications, MiniSDTM (manufactured by SanDisk, Inc.), MicroSDTM (manufactured by SanDisk, Inc.), CompactFlashTM (compatible with the CompactFlash Association of Palo Alto, Calif. ("CFA" Specifications), SmartMediaTM (Compatible with the Yokohama Solid State Disc Card ("SSFDC) Forum), xD-Picture CardTM (compatible with the specifications of the xD-Picture Card Licensing Office in Tokyo, Japan) , Memory StickTM (compatible with the specifications of the solid-state floppy disk card of Yokohama, Japan (f'SSFDC) forum), TransFlashTM (manufactured by SanDisk, Inc.), and other flash memory cards. In another embodiment, The memory device 116 can be implemented as a non-removable memory device. The following patent documents contain specific implementations that can be described herein. DETAILED DESCRIPTION OF THE INVENTION The patent documents of each of these patents are hereby incorporated by reference in their entireties in the entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire Authorized Method ", U.S. Patent Application Serial No. 126729.doc -23-200839564 ll/599,655; "Device for Linking Content and Authorization, 'US Patent Application Serial No. 11/600,270; ” for session-based Apparatus for accessing content by a warrant ff, U.S. Patent Application Serial No. 11/600,273; "Method for Combining Content to Separate Memory Devices", U.S. Patent Application Serial No. 11/600,262; " for combining content into separate memory Device device „, U.S. Patent Application Serial No. 11/6, 245;, for a method for allowing multiple users to access preview content, US Patent Application Serial No. 11/599,994; System for accessing pre-viewed content by a user", U.S. Patent Application Serial No. 11/599,995; "Method for Allowing a Second DRM System to Access Content Protected by a First DRM System", U.S. Patent Application Serial No. 11/600,005, "System for Allowing a Second DRM System to Access Content Protected by a First System", U.S. Patent Application Serial No. 11/599,991, the disclosure of which is incorporated herein to Method ", U.S. Patent Application Serial No. 11/-, 3G(); and "System for Connecting to a Network Location Associated with Content", U.S. Patent Application Serial No. 11/600,006. Although the foregoing specific embodiments have been described in some detail, the details are not limited to the details provided. There are many alternative ways of implementing such specific embodiments. Accordingly, the invention is to be construed as illustrative and not restrictive, and And equivalent. "In the scope of patents, the components and / / / will not imply any specific order of operation, unless the scope of the patent application is clearly stated. [Simple description of the drawings] 126729.doc -24- 200839564, - mouth drawing 'fine The above detailed description is to be understood as a preferred embodiment of the invention, and the same reference numerals are used to designate similar structural elements. Figure 1 is a simplified block diagram of one of the device systems in accordance with the present invention. Figure 2 is a simplified block diagram of a device system in accordance with the present invention. A panel is illustrated as a block diagram for generating a parameter for decrypting content. Figure 3 is a diagram for accessing a memory device in accordance with one embodiment of the present invention. One of the systems simplifies the block diagram.
圖4係依據本發明之一具體實施例描述從一記憶體器件 存取内容之一流程圖。 ° 圖5係依據本發明之一具體實施例描述一會話權證之產 生的一方塊圖。 圖6係依據本發明之一具體實施例之一使用一會話權證 來存取一記憶體器件之系統之一簡化方塊圖。 圖7係依據本發明之一具體實施例描述基於一會話權證 從一記憶體器件存取内容之一流程圖。 圖8係依據本發明之一具體實施例可主控於一主計算器 件上用於存取内容之程式應用之一簡化方塊圖。 圖9係依據本發明之一具體實施例可包括於一記憶體器 件内之程式應用之一簡化方塊圖。 圖10係依據本發明之一具體實施例適用於主控一内容保 漢平台與其他程式應用之一主計算器件之一般概述之一簡 化方塊圖。 圖11係依據本發明之一具體實施例之一記憶體器件之一 126729.doc -25- 200839564 簡化方塊圖。 【主要元件符號說明】 102 系統 104 應用程式 108 機械介面 - 114 主計算器件 . 116 記憶體器件 118 内容 ⑩ 202 第一參數 204 授權 206 第二參數 210 第三參數 302 系統 3 04 第一内容保護平台 306 第二内容保護平台 502 參數 • 504 變數 506 會話權證 ^ 602 系統 604 變數 802 安全管理程式 804 主密碼編譯引擎 806 數位權限管理(DRM)模組 808 檔案系統管理程式 126729.doc -26- 200839564 810 件驅動程式 902 DRM模組 904 密碼編譯引擎 906 安全儲存器 1002 匯流排 1004 處理器 1006 糸統記憶體 1008 儲存器件 1012 通信介面 1014 顯示器 1016 輸入/輸出器件 1018 游標控制 1020 通信鍵路 1102 記憶體控制器 1104 記憶體 126729.doc -27-4 is a flow diagram depicting accessing content from a memory device in accordance with an embodiment of the present invention. Figure 5 is a block diagram depicting the generation of a session ticket in accordance with an embodiment of the present invention. Figure 6 is a simplified block diagram of a system for accessing a memory device using a session ticket in accordance with one embodiment of the present invention. Figure 7 is a flow diagram illustrating the access of content from a memory device based on a session ticket in accordance with an embodiment of the present invention. Figure 8 is a simplified block diagram of a program application for accessing content on a master calculator in accordance with an embodiment of the present invention. Figure 9 is a simplified block diagram of a program application that can be included in a memory device in accordance with an embodiment of the present invention. Figure 10 is a simplified block diagram of a general overview of a host computing device suitable for hosting a content-guaranteed platform and other program applications in accordance with an embodiment of the present invention. Figure 11 is a simplified block diagram of one of the memory devices in accordance with one embodiment of the present invention 126729.doc -25- 200839564. [Main component symbol description] 102 System 104 Application 108 Mechanical interface - 114 main computing device. 116 Memory device 118 Content 10 202 First parameter 204 Authorization 206 Second parameter 210 Third parameter 302 System 3 04 First content protection platform 306 Second Content Protection Platform 502 Parameters • 504 Variables 506 Session Warrants ^ 602 System 604 Variables 802 Security Management Program 804 Master Password Compilation Engine 806 Digital Rights Management (DRM) Module 808 File System Management Program 126729.doc -26- 200839564 810 Driver 902 DRM Module 904 Password Compilation Engine 906 Security Storage 1002 Bus Bar 1004 Processor 1006 System Memory 1008 Storage Device 1012 Communication Interface 1014 Display 1016 Input/Output Device 1018 Cursor Control 1020 Communication Key 1102 Memory Control 1104 Memory 126729.doc -27-