TW201019162A - Method and system for locally activating a DRM engine - Google Patents

Method and system for locally activating a DRM engine Download PDF

Info

Publication number
TW201019162A
TW201019162A TW97143654A TW97143654A TW201019162A TW 201019162 A TW201019162 A TW 201019162A TW 97143654 A TW97143654 A TW 97143654A TW 97143654 A TW97143654 A TW 97143654A TW 201019162 A TW201019162 A TW 201019162A
Authority
TW
Taiwan
Prior art keywords
digital content
file
content file
digital
rights management
Prior art date
Application number
TW97143654A
Other languages
Chinese (zh)
Other versions
TWI375160B (en
Inventor
Chi-Yang Chou
Pei-Yen Chou
Yeu-Chung Lin
Original Assignee
Condel Internat Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Condel Internat Technologies Inc filed Critical Condel Internat Technologies Inc
Priority to TW97143654A priority Critical patent/TWI375160B/en
Publication of TW201019162A publication Critical patent/TW201019162A/en
Application granted granted Critical
Publication of TWI375160B publication Critical patent/TWI375160B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

A method for locally activating a DRM engine is disclosed. A preprocessing operation is performed, wherein rights object is bound or separately stored with digital content files with a first format; the digital content has an appropriate authentication code for the purpose of performing authentication. The digital content files with the first format are converted to the digital content files with a second format. The digital content files with the second format file are encrypted and a corresponding decryption key is generated. The encrypted digital content files and the decryption key are stored in a memory device. An application is designed and installed on the memory device and the memory device is installed to the electronic device. The application is authenticated according to the authentication code of the digital contents, decrypts the encrypted digital content files using the decryption key, wherein the digital content files with the second format can be recovered from the third format, and activates a DRM engine of the electronic device. The DRM engine binds an IMEI code of the electronic device with the digital content files and the rights object, enabling the digital content files to only be accessed by the specific electronic device.

Description

201019162 九、發明說明: 【發明所屬之技術領域】 本發明係有關於資料加密與解密,且特別有關於一種 局部啟動數位權利管理(Digital Rights Management,DRM ) 引擎的方法與系統。 【先前技術】 ❿ 數位内容可以經由線上(On-Line )傳遞或離線 (Off-Line )傳遞。線上傳遞係經由如網際網路下載數位内 容,離線傳遞係經由特定儲存媒體(例如,光碟、數位視 訊影碟(Digital Video Disk,DVD)或可攜式電子裝置(例 如,手機)内建之快閃記憶體裝置(例如,安全數位(Secure Digital,SD)記憶卡或通用序列匯排流(Universal Serial Bus,USB))磁碟)來預錄數位内容。 離線傳遞可利用DVD之内容攔截系統(Content φ Scramble System,CSS )以及可錄製媒體之内容保護 (Content Protection for Recordable Media,CPRM)或者 SD記憶卡與DVD-RW之預錄媒體的内容保護(c〇ntem201019162 IX. INSTRUCTIONS: TECHNICAL FIELD OF THE INVENTION The present invention relates to data encryption and decryption, and more particularly to a method and system for locally initiating a Digital Rights Management (DRM) engine. [Prior Art] ❿ Digital content can be delivered via On-Line or Off-Line. Online delivery is the download of digital content via the Internet, such as flashing via a specific storage medium (eg, a disc, a Digital Video Disk (DVD), or a portable electronic device (eg, a mobile phone). A memory device (for example, a Secure Digital (SD) memory card or a Universal Serial Bus (USB) disk) is used to pre-record digital content. Offline transfer of Content Protection for Recording Media (CRM) and Content Protection for Recordable Media (CPRM) or Pre-recorded Media for SD-RW and DVD-RW (c) 〇ntem

Protection for Pre-Recorded Media,CPPM)來保護。 一般數位内容的使用需經過數位權利管理系統的處 理’才能確保該裝載之數位内容不會被非法使用或盜版。 第1圖係顯示傳統數位權利管理引擎處理的方法步驟 流程圖。 經過預處理的數位内容檔係儲存於網路上之檔案飼服Protection for Pre-Recorded Media, CPPM). The use of digital content is subject to the processing of a digital rights management system to ensure that the digital content of the payload is not illegally used or pirated. Figure 1 is a flow chart showing the method steps of a conventional digital rights management engine. The pre-processed digital content file is stored on the Internet.

Patent一 VIII/9034-A41794-TW / Draft-Final 201019162 器上(步驟S11)。當消費者取得授權後,經過預處理的 數位内容檔被下載與儲存在一電子裝置中(例如,個人電 腦或行動電話)(步驟S12),並同時啟動該電子裝置上 的數位權利管理引擎(步驟S13)。將該預處理的數位内 容樓與該電子裝置所持有的内碼(International Mobile Electron Identification,IMEI )以及權利物件結合(步驟 S14) ’以利用數位權利管理引擎將該預處理的數位内容檔 轉換成只能在該電子裝置上使用的檔案(步驟S15)。 上述方法包括開放行動聯盟(Open Mobile Alliance, OMA )之 DRM 處理、網路裝置之 windows Media DRM 10 (WMDRM-ND )處理以及Apple系統的FairPlay™處理。 以OMA DRM處理為例,原始數位内容槽的檔案格式 為.3gp、.mp3之類的影音檔。〇ma DRM會先執行一預處 理,以將.3gp檔轉換成.dm(DRMMaterial)檔,然後將dm 檔儲存在一檔案伺服器上等待下載。當消費者上網購買該 數位内容檔案並取得權利物件(Rights 〇bject)(即該數 位内谷檔)之後,該伺服器上的^瓜檔會被下載至消費者 的電子裝置上。該電子裝置的數位權利管理引擎會將權利 物件及其内碼與數位内容連結(Bind),並且將dm檔轉 換成.dcf(DRM Content Format)構。經此處理後,dcf檔 之數位内容檔只能在此特定電子裝置依權利物件所賦予的 方式使用。 然而’上述方法的缺陷是只適用於線上傳遞,而且其 數位權利管理方式可能違反消費者對於内容傳統的使用方Patent VIII/9034-A41794-TW / Draft-Final 201019162 (step S11). After the consumer obtains the authorization, the preprocessed digital content file is downloaded and stored in an electronic device (for example, a personal computer or a mobile phone) (step S12), and simultaneously activates the digital rights management engine on the electronic device ( Step S13). Combining the pre-processed digital content building with an International Mobile Electron Identification (IMEI) and a rights object held by the electronic device (step S14) to convert the pre-processed digital content file by using a digital rights management engine A file that can only be used on the electronic device (step S15). The above methods include DRM processing of the Open Mobile Alliance (OMA), Windows Media DRM 10 (WMDRM-ND) processing of the network device, and FairPlayTM processing of the Apple system. Taking OMA DRM processing as an example, the file format of the original digital content slot is a video file such as .3gp or .mp3. 〇ma DRM will perform a pre-processing to convert the .3gp file into a .dm (DRMMaterial) file, and then store the dm file on a file server for download. After the consumer purchases the digital content file online and obtains the rights object (Rights 〇bject), that is, the file on the server is downloaded to the consumer's electronic device. The digital rights management engine of the electronic device links the rights object and its inner code to the digital content (Bind), and converts the dm file into a .dcf (DRM Content Format) structure. After this processing, the digital content file of the dcf file can only be used in the manner given by the specific electronic device in accordance with the rights object. However, the drawback of the above method is that it is only applicable to online delivery, and its digital rights management method may violate consumers' traditional use of content.

Patent_Vm/9034-A41794-TW / Draft-Final 201019162 式及權利(Traditional Rights and Usage,TRU)。 第2圖係顯示另一傳統數位權利管理引擎處理的方法 步驟流程圖。 經預處理的數位内容檔儲存於電子裝置之内建記憶體 (Embedded Memory)中’以加密預處理的數位内容檔(步 驟S21)。數位内容檔的權利物件可經由網路(例如,網 際網路)下載(步驟S22) ’並且儲存在該電子裝置中(步 驛S23),同時啟動該電子裝置的數位權利管理引擎(步 ⑩驟S24)。該數位權利管理引擎先對預處理的數位内容檔 解密(步驟S25) ’將電子裝置的内碼及權利物件連結到 • 數位内容檔(步驟S26),並且將數位内容檔轉換為新的 檔案格式(步驟S27)。 因此’該數位内容檔只能在此特定的電子裝置使用。 舉例來說’可攜式裝置之Windows Media DRM (WMDRM-PD )的檔案格式為 asf ( Advanced System I Format)。上述方法適用於可攜式電子裝置,但權利物件 需另行傳送’雖然安全性稍為提高,但是仍擺脫不了對網 路的依賴。 第3圖係顯示另一傳統數位權利管理引擎處理的方法 步驟流程圖。 不利用電子裝置所支持的數位權利管理引擎,而另行 s史计自有的數位權利管理機制(步驟S3i)。對數位内容 樓進行剛處理並且轉換為可被自行設計之數位權利管理引 擎或系統處理的檔案格式(步驟S32)。因此,該數位内Patent_Vm/9034-A41794-TW / Draft-Final 201019162 and Rights and Usage (TRU). Figure 2 is a flow chart showing the steps of another conventional digital rights management engine processing method. The preprocessed digital content file is stored in the built-in memory of the electronic device to encrypt the preprocessed digital content file (step S21). The rights object of the digital content file can be downloaded (step S22) via the network (for example, the Internet) and stored in the electronic device (step S23), and the digital rights management engine of the electronic device is activated (step 10) S24). The digital rights management engine first decrypts the preprocessed digital content file (step S25) 'Connecting the internal code and the rights object of the electronic device to the digital content file (step S26), and converting the digital content file into a new file format (Step S27). Therefore, the digital content file can only be used on this particular electronic device. For example, the file format of the Windows Media DRM (WMDRM-PD) of the portable device is asf (Advanced System I Format). The above method is applicable to portable electronic devices, but the rights object needs to be transmitted separately. Although the security is slightly improved, it still cannot get rid of the dependence on the network. Figure 3 is a flow chart showing the steps of another conventional digital rights management engine. The digital rights management engine supported by the electronic device is not utilized, and the digital rights management mechanism of the own is not used (step S3i). The digital content floor is just processed and converted into a file format that can be processed by a self-designed digital rights management engine or system (step S32). Therefore, within the digit

Patent_Vm/9034-A41794-TW / Draft-Final 201019162 容檔僅可被包含該自行設計之數位權利管理引擎或系統的 電子裝置存取(步驟S33)。上述方法面臨下面幾個問題: 1)此程式撰寫工程浩大;2)此程式可能佔用龐大記憶體 空間;3)數位權利管理機制通常與作業系統平台的底層息 息相關,動辄會有相容性的問題;以及4)由於是自行撰 寫,比較缺乏業界使用經驗,難獲得内容業者信賴。 【發明内容】 Φ 本發明目的在提供一種局部啟動數位權利管理引擎的 方法與系系統。 基於上述目的,本發明實施例揭露了一種局部啟動數 ‘位權利管理引擎的方法,其應用於一電子裝置。執行一前 處理操作,其將權利物件與一第一檔案格式的數位内容檔 分開儲存或連結在一起,此數位内容檔並有一專屬之認證 碼以供驗證。將該第一檔案格式的數位内容檔轉換為一第 二檔案格式的數位内容檔,並且加密該第二檔案格式的數 • 位内容檔並且產生一對應解密鑰匙。將該加密之數位内容 檔與該解密鑰匙儲存在一記憶體裝置中,若是權利物件與 分開儲存,則將權利物件儲存於記憶體的隱藏區中。利用 一應用程式執行驗證、檔案解密、數位權利管理引擎啟動 與安全控制等操作。將該應用程式安裝在該記憶體裝置, 並且安裝該記憶體裝置至該電子裝置中。根據該數位内容 檔之認證碼對該應用程式進行驗證,並且藉由該應用程式 並利用該解密鑰匙解密該加密之數位内容檔,其中自一第 三檔案格式的數位内容檔還原至該第二檔案格式的數位内Patent_Vm/9034-A41794-TW / Draft-Final 201019162 The container can only be accessed by the electronic device containing the self-designed digital rights management engine or system (step S33). The above methods face the following problems: 1) the programming of this program is vast; 2) this program may occupy a large memory space; 3) the digital rights management mechanism is usually closely related to the bottom of the operating system platform, and there will be compatibility. The problem; and 4) because it is written by itself, it lacks experience in the industry and it is difficult to gain the trust of the content industry. SUMMARY OF THE INVENTION The object of the present invention is to provide a method and system for locally initiating a digital rights management engine. Based on the above objective, an embodiment of the present invention discloses a method for locally starting a number of bit rights management engine, which is applied to an electronic device. A pre-processing operation is performed, which stores or links the rights object separately from the digital content file of the first file format, and the digital content file has a unique authentication code for verification. The digital content file of the first file format is converted into a digital content file of a second file format, and the digital content file of the second file format is encrypted and a corresponding decryption key is generated. The encrypted digital content file and the decryption key are stored in a memory device, and if the rights object is stored separately, the rights object is stored in a hidden area of the memory. Use an application to perform operations such as authentication, file decryption, digital rights management engine startup and security control. The application is installed in the memory device and the memory device is mounted in the electronic device. Determining the application according to the authentication code of the digital content file, and decrypting the encrypted digital content file by using the decryption key, wherein the digital content file from a third file format is restored to the second Within the file format

Patent VIII/9034-A41794-TW/Draft-Final 201019162 容檔。藉由該應用程式啟動該電子裝置之一數位權利管理 引擎,並且藉由該數位權利管理引擎將該電子裝置之一内 碼(IMEI)與該數位内容檐及權利物件連結’使得該數位 内容檔僅可被該電子裝置存取使用。 本發明實施例更揭露了一種局部啟動數位權利管理引 擎的系統’包括一記憶體裝置與一電子裝置。該記憶體襄 置提供一記憶體位置以儲存數位内容檔與一應用程式,其 中該應用程式執行驗證、檔案解密、數位權利管理引擎啟 動與安全控制等操作,且該數位内容檔利用一加密方法與 一解密鑰匙來加密。該電子裝置提供一數位權利管理引 擎。當該記憶體裝置安裝至該電子裝置時,該應用程式根 據該數位内容檔之認證碼進行驗證,利用該解密餘匙解密 該加密之數位内容檔,其中將一第一檔案格式的數位内容 構轉換為一第二標案格式的數位内容檔,並且啟動該數位 權利管理引擎。該數位權利管理引擎將該第二檔案格式的 數位内谷槽轉換為一第三檔案格式的數位内容播,並且將 該電子裝置之一内碼(IMEI)與該數位内容檔及權利物件 連結,使得該數位内容檔僅可被該電子裝置存取使用。 本發明實施例更揭露了一種局部啟動數位權利管理引 擎的方法,其應用於一電子裝置。執行一前處理操作,將 一第一檔案格式的數位内容檔轉換為一第二檔案格式之數 位内谷檔。加雄、該第二槽案格式的數位内容播,以將該第 二稽案格式的數位内容檔轉換為一第三檔案格式的數位内 容檔,同時產生一對應解密鑰匙。將該加密之數位内容檔Patent VIII/9034-A41794-TW/Draft-Final 201019162 Capacity. The digital rights management engine of the electronic device is activated by the application, and the digital content (IMEI) is linked to the digital content and the rights object by the digital rights management engine to make the digital content file It can only be accessed by the electronic device. Embodiments of the present invention further disclose a system for locally initiating a digital rights management engine' comprising a memory device and an electronic device. The memory device provides a memory location for storing a digital content file and an application, wherein the application performs operations such as verification, file decryption, digital rights management engine startup and security control, and the digital content file utilizes an encryption method Encrypt with a decryption key. The electronic device provides a digital rights management engine. When the memory device is installed on the electronic device, the application performs verification according to the authentication code of the digital content file, and uses the decryption key to decrypt the encrypted digital content file, wherein the digital content of the first file format is constructed. Convert to a digital content file in a second standard format and launch the digital rights management engine. The digital rights management engine converts the digital trough of the second file format into a digital content broadcast of a third file format, and links an inner code (IMEI) of the electronic device to the digital content file and the rights object. The digital content file is made accessible only to the electronic device. The embodiment of the invention further discloses a method for locally starting a digital rights management engine, which is applied to an electronic device. A pre-processing operation is performed to convert the digital content file of the first file format into the intra-database file of the second file format. Kaxiong, the digital content format of the second slot format, converts the digital content file of the second audit format into a digital content file of a third file format, and generates a corresponding decryption key. The encrypted digital content file

Patent_Vm/9034-A41794-TW / Draft-Final 201019162 與該解密鑰匙儲存在一記憶體裝置之各自記憶體位置中。 利用一應用程式執行驗證、檔案解密、數位權利管理引擎 啟動與安全控制等操作,並且將該應用程式安裝在該記憶 體裝置。安裝該記憶體裝置至該電子裝置中,並且根據該 數位内容檔之認證碼對該應用程式進行驗證。藉由該應用 程式並利用該解密鑰匙解密該加密之數位内容檔,其中自 該第三檔案格式的數位内容檔還原至該第二檔案格式的數 位内容檔。藉由該應用程式啟動該電子裝置之一數位權利 ® 管理引擎,以及藉由該數位權利管理引擎將該第二檔案格 式的數位内容檔與該數位内容之權利物件以及該電子裝置 之一内碼連結,使得該數位内容檔僅可被該電子裝置存取 使用。 本發明實施例更揭露了一種局部啟動數位權利管理引 擎的系統,包括一記憶體裝置與一電子裝置。該記憶體裝 置提供一記憶體位置以儲存數位内容檔、一應用程式、一 認證碼與一權利物件,其中該數位内容檔利用一加密方法 @ 與一解密鑰匙來加密,使得將一第一檔案格式的數位内容 檔轉換為一第二檔案格式之數位内容檔,且該第二檔案格 式的數位内容檔轉換為一第三檔案格式的數位内容檔。該 電子裝置提供一數位權利管理引擎,其中該應用程式執行 驗證、檔案解密、數位權利管理引擎啟動與安全控制等操 作。當該記憶體裝置安裝至該電子裝置時,該應用程式根 據該數位内容檔之認證碼進行驗證,利用該解密鑰匙解密 該加密之數位内容檔,其中自該第三檔案格式的數位内容The Patent_Vm/9034-A41794-TW / Draft-Final 201019162 is stored in the respective memory locations of the memory device with the decryption key. An application is used to perform operations such as authentication, file decryption, digital rights management engine startup and security control, and the application is installed in the memory device. The memory device is installed in the electronic device, and the application is verified based on the authentication code of the digital content file. The encrypted digital content file is decrypted by the application and using the decryption key, wherein the digital content file from the third file format is restored to the digital content file of the second file format. Launching, by the application, a digital rights management engine of the electronic device, and the digital content file of the second file format and the right object of the digital content and the inner code of the electronic device by the digital rights management engine The link is such that the digital content file can only be accessed by the electronic device. The embodiment of the invention further discloses a system for locally starting a digital rights management engine, comprising a memory device and an electronic device. The memory device provides a memory location for storing a digital content file, an application, an authentication code, and a rights object, wherein the digital content file is encrypted using an encryption method @ and a decryption key, such that a first file is The digital content file of the format is converted into a digital content file of a second file format, and the digital content file of the second file format is converted into a digital content file of a third file format. The electronic device provides a digital rights management engine that performs operations such as authentication, file decryption, digital rights management engine initiation, and security control. When the memory device is installed to the electronic device, the application verifies according to the authentication code of the digital content file, and uses the decryption key to decrypt the encrypted digital content file, wherein the digital content from the third file format

Patent VIII/9034-A41794-TW/Draft-Final 11 201019162 檀還原至該第二檔案格式的數位内容檔,並且啟動該電子 裝置之一數位權利管理引擎。該數位權利管理引擎將該第 二檔案格式的數位内容檔與該數位内容之權利物件以及該 電子裝置之一内碼連結,使得該數位内容檔僅可被該電子 裝置存取使用。 【實施方式】 為了讓本發明之目的、特徵、及優點能更明顯易懂, ❹下文特舉較佳實施例,並配合所附圖式第4圖至第7圖, 做詳細之說明。本發明說明書提供不同的實施例來說明本 發明不同實施方式的技術特徵。其中,實施例中的各元件 之配置係為說明之用,並非用以限制本發明。且實施例中 圖式標號之部分重複,係為了簡化說明’並非意指不同實 施例之間的關聯性。 本發明實施例揭露了一種局部啟動數位權利管理引擎 的方法與系統。 鲁本發明貫施例之局部啟動數位權利管理引擎的方法與 系統係適用於一可攜式快閃記憶體裝置(例如,安全數位 (Secure Digital ’ SD )記憶卡、通用序列匯排流(Patent VIII/9034-A41794-TW/Draft-Final 11 201019162 restores the digital content file to the second file format and activates the digital rights management engine of the electronic device. The digital rights management engine couples the digital content file of the second file format with the rights object of the digital content and an internal code of the electronic device such that the digital content file is only accessible for use by the electronic device. DETAILED DESCRIPTION OF THE INVENTION In order to make the objects, features, and advantages of the present invention more comprehensible, the preferred embodiments of the present invention are described in detail below with reference to Figures 4 through 7 of the drawings. The present specification provides various embodiments to illustrate the technical features of various embodiments of the present invention. The arrangement of the various elements in the embodiments is for illustrative purposes and is not intended to limit the invention. In the embodiments, the portions of the drawings are repeated for the sake of simplicity of the description, and the meaning of the different embodiments is not intended. The embodiment of the invention discloses a method and system for locally starting a digital rights management engine. The method and system for locally implementing the digital rights management engine of the present invention are applicable to a portable flash memory device (for example, a Secure Digital (SD) memory card, a universal serial stream (

SerialBus,·))磁碟)或電子裝置中内嵌式快閃記憶 體裝置,用以產生不同於網路系統的數位權利管理機制。 該數位權利管理機制利用電子裝置之數位權利管理引擎來 克服數位權利管理引擎與該電子裝置之作業系統間的相容 性問題。 第4圖係顯示本發明實施例之局部啟動數位權利管理 Pat气VIII/9034-A41794-TW / Draft-Final 12 201019162 引擎的方法步驟流程圖。 執I、#’處理操作’其中將權利物件與數位内容檔連 '" 在—起(步驟s401),此數位内容檔並有一 專屬之二證螞以供驗證。將苐一檔案格式(例如,Ο·SerialBus, ·)) Disk) or embedded flash memory device in an electronic device to generate a digital rights management mechanism different from the network system. The digital rights management mechanism utilizes the digital rights management engine of the electronic device to overcome the compatibility problem between the digital rights management engine and the operating system of the electronic device. Figure 4 is a flow chart showing the method steps of the partial start digital rights management Pat gas VIII/9034-A41794-TW / Draft-Final 12 201019162 engine of the embodiment of the present invention. The I, #' processing operation' in which the rights object is linked to the digital content file '" (in step s401), the digital content file has a dedicated certificate for verification. Will be in a file format (for example, Ο·

之.3gP β的數位内容檔轉換為第二檔案格式(例如,OMAThe .3gP β digital content file is converted to the second file format (for example, OMA

DRM—10之’dm檔)的數位内容樓(步驟S402),其僅可 被特定電子裝置之數位權利管理引擎辨識。舉例來說,先 以OMA 1.0的内容包裹程式(例如s〇NY_Ericss〇n的drm 原始數位内容標轉換成.dm槽 ,此時權利物件 已經和内〜被包裹在一起。由於OMA的數位權利管理引 擎品要&網路傳送的程序才能被啟動,此.dm槽並不能被 一般電子裝置使用。 然而對於習知該工藝流程者,此dm檔可以被拷貝至 檔案伺服器’然後再經網路下載後即可被使用,故必須要 有另-層的保護。因此,自—播案祠服器下載,則加密 該第二檔案格式的數位内容檔,其利用一加密機制(例如, 先進加密系統(Advanced Encryption System,AES )、3 資 料加密系統(3 Data Encryption System,3DES)、雙魚 (Twofish) ...等等)加密該第二檔案格式的數位内容檔, 其中將該第二檔案格式的數位内容檔轉換為第三檔案格式 的數位内容檔(例如,.aes檔)’同時產生一對應解密鑰 匙(步驟S403)。 將該加密之數位内容檔與該解密鑰匙分別儲存在一記 憶體裝置(例如,SD記憶卡)之各自記憶體位置(例如將The digital content floor of the 'Dm file of DRM-10 (step S402), which can only be recognized by the digital rights management engine of the specific electronic device. For example, first use the OMA 1.0 content wrapper (for example, s〇NY_Ericss〇n's drm raw digits are converted to .dm slots, at which point the rights object has been wrapped with the inner ~. Due to OMA's digital rights management The engine product must be started and the network transfer program can not be used by the general electronic device. However, for those skilled in the process, the dm file can be copied to the file server. After the road is downloaded, it can be used, so it must be protected by another layer. Therefore, the download of the file is encrypted, and the digital content file of the second file format is encrypted, which utilizes an encryption mechanism (for example, advanced An Encryption System (AES), a 3 Data Encryption System (3DES), a Twofish, etc., encrypt the digital content file of the second file format, wherein the second file is Converting the formatted digital content file to a digital content file of the third file format (eg, .aes file) 'generates a corresponding decryption key (step S403). The encrypted digital content The file and the decryption key are respectively stored in respective memory locations of a memory device (for example, an SD memory card) (for example,

Patent_VIII/9034-A41794-TW / Draft-Final 13 201019162Patent_VIII/9034-A41794-TW / Draft-Final 13 201019162

數位内容檔儲存在公開區,將解密錄匙儲存在隱藏區)中 (步驟S404)。該解密鑰匙亦可分散儲存於該記憶體裝置 或已編譯成機器語言的應用程式中而無法被辨識以加強保 護。利用程式語言(例如,C++)設計一應用程式以執行 驗證、檔案解密、數位權利管理引擎啟動與安全控制等操 作(步驟S405),並且將該應用程式安裝於該記憶體裝置 上(步驟S406)。當該記憶體裝置安裝至該電子裝置中時 (步驟S407),根據該數位内容檔之認證碼對該應用程式 進行驗證(步驟S408)。認證碼可為該數位内容檔的一專 屬序號或該記憶體裝置之一唯一序號。 當成功驗證後,該應用程式利用該解密鑰匙解密該加 密之數位内容播’其中自—第三㈣格式( ae〇的數位内 容檔還原至該第二檔案格式(.dm)的數位内容槽(步驟 S409),並且局部啟動該電子裝置之數位權利管理引擎(步 驟S410)。該數位權利管理引擎將第二槽案格式(加) 的數位内容檔轉換為第四檔案格式( dcf)的數位内容檔(步 驟S4H),並且將該電子裝置之—内竭(imei)與該田數位 内容檔連結(權利物件與數位内容檔在前面程序已先行連 #在-起X㈣S4U) ’使得該㈣内容槽僅可被該電 子裝置存取使用(步驟S413)。 需注意到,當記憶體裝置自電子裝置中移除,或者在 該電子裝置之數位權利管理引擎啟動前襲該電子裝置, 該應用程式執行安全控制以刪除加密的數位内容檔。 第5圖係顯示本發明實施例之局部啟動數位權利管理The digital content file is stored in the public area, and the decryption key is stored in the hidden area (step S404). The decryption key can also be stored in the memory device or in an application that has been compiled into a machine language and cannot be recognized for enhanced protection. Designing an application using a programming language (for example, C++) to perform operations such as verification, file decryption, digital rights management engine startup and security control (step S405), and installing the application on the memory device (step S406) . When the memory device is installed in the electronic device (step S407), the application is verified based on the authentication code of the digital content file (step S408). The authentication code can be a unique serial number of the digital content file or a unique serial number of the memory device. After successful verification, the application uses the decryption key to decrypt the encrypted digital content broadcast 'in the third (four) format (ae〇 digital content file is restored to the second file format (.dm) digital content slot ( Step S409), and locally launching the digital rights management engine of the electronic device (step S410). The digital rights management engine converts the digital content file of the second slot format (plus) into the digital content of the fourth file format (dcf) File (step S4H), and the electronic device - imei is linked to the field digital content file (the rights object and the digital content file have been linked in the previous program #在在起X(四)S4U) 'making the (four) content slot It can only be accessed and used by the electronic device (step S413). It should be noted that when the memory device is removed from the electronic device or the electronic device is launched before the digital rights management engine of the electronic device is started, the application executes Security control to delete the encrypted digital content file. Figure 5 shows the partial boot digital rights management of the embodiment of the present invention.

Patent—ΥΠΙ/9034-Α41794-TW / Draft-Final 14 201019162 引擎的系統架構示意圖。 該系統包括一記憶體裝置500與一電子裝置600。電 子裝置一數位權利管理引擎630。記憶體裝置5〇〇提供記 憶體位置550 (例如,隱藏區與公開區)以儲存數位内容 檔551、數位内容檔551之認證碼552、一解密鑰匙553 與一應用程式555,其中數位内容檔利551用一加密方法 與解密鑰匙553來加密。若利用AES來處理數位内容檔 瘳 551,則數位内容檔5S1的格式為 • aes 〇 利用程式語言(例如,C++)設計應用程式555以執 行驗證、檔案解密、數位權利管理引擎啟動與安全控制等 操作。當記憶體裝置5〇〇安裝至電子裝置6〇〇時,應用程 式555根據數位内容檔551之認證碼552進行授權。認證 碼552可為數位内容檔551的一專屬序號或該記憶體裝置 之一唯一序號。 當成功驗證後,應用程式555利用解密鑰匙553解密 φ 該加密之數位内容檔551,其中自一第三檔案袷式(.aes) 的數位内谷檔551還原至該第二檔案格式(dm)的數位内 容槽551 ’並且局部啟動電子裝置600之數位權利管理引 擎610。數位權利管理引擎61〇將第二檔案格式(dm)的 數位内容檔551轉換為該第一檔案格式(dcf)的數位内容 樓551,並且將電子裝置之一内碼(ιΜΕι)與該數位内容 檔551連結(權利物件與數位内容檔551在前面耩序已先行 連結在一起)’使得該數位内容檔551僅可被電孑裝置6〇〇 存取使用。Patent—ΥΠΙ/9034-Α41794-TW / Draft-Final 14 201019162 Schematic diagram of the system architecture of the engine. The system includes a memory device 500 and an electronic device 600. The electronic device is a digital rights management engine 630. The memory device 5 provides a memory location 550 (eg, a hidden area and a public area) to store the digital content file 551, the authentication code 552 of the digital content file 551, a decryption key 553, and an application 555, wherein the digital content file The 551 is encrypted by an encryption method and a decryption key 553. If AES is used to process the digital content file 551, the format of the digital content file 5S1 is • aes 设计 design application 555 using a programming language (for example, C++) to perform verification, file decryption, digital rights management engine startup and security control, etc. operating. When the memory device 5 is mounted to the electronic device 6, the application 555 authorizes according to the authentication code 552 of the digital content file 551. The authentication code 552 can be a unique serial number of the digital content file 551 or a unique serial number of the memory device. Upon successful verification, the application 555 decrypts φ the encrypted digital content file 551 using the decryption key 553, wherein the digital file file 551 from a third file format (.aes) is restored to the second file format (dm). The digital content slot 551' and partially activates the digital rights management engine 610 of the electronic device 600. The digital rights management engine 61 converts the digital content file 551 of the second file format (dm) into the digital content floor 551 of the first file format (dcf), and the internal code (ιΜΕι) of the electronic device and the digital content The file 551 is linked (the rights object and the digital content file 551 have been linked together in the front sequence) so that the digital content file 551 can only be accessed and used by the power device 6.

Patent_VIII/9034-A41794-TW / Draft-Final 15 201019162 本發明第二實施例揭露了-種局部啟動數位權利管理 引擎的方法與系統的另外範例。 本發明實施例之局部啟動數位權利管理引擎的方法與 系統係適用於一可攜式快閃記憶體裝置(例如,安全數位 (Secure Digital,SD )記憶、卡、通用序列匯排流( —s’ _)磁碟)或電子裝置中内嵌式快閃記憶 體裝置,用以產生不同於網路系統的數位權利管理機制。 該數位權利管理機制利用電子裝置之數位權利管理引擎來 ®克服數位權利管理引擎與該電子裝置之作業系統間的相容 性問題。 第6圖係顯示本發明另一實施例之局部啟動數位權利 管理引擎的方法步驟流程圖。 執行一前處理操作,將第一檔案格式(例如,〇MA 之.3gP檔)的數位内容檔轉換為第二檔案格式(例如,〇MA DRM 1.0之.dcf)的數位内容檔(步驟6〇1 ),其僅可被特 定電子裝置之數位權利管理引擎辨識,並且需要結合其相 對應的權利物件才能被使用。舉例來說,先以〇MA U的 内容包裹程式(例如SONY-Ericsson的DRM Packager)將 原始數位内容檔轉換成.dcf,此時其相對應的一權利物件也 另外同時產生’但是並不與此第二檔案格式的數位内容檔 案相連結。 需注意到,本實施例中之.dcf檔與第4圖中之.dcf檔不 同,其加密時並未使用權利物件。 此檔案己經過加密處理,基本上沒有被非法授權使用Patent_VIII/9034-A41794-TW / Draft-Final 15 201019162 A second embodiment of the present invention discloses another example of a method and system for locally initiating a digital rights management engine. The method and system for locally enabling the digital rights management engine in the embodiments of the present invention are applicable to a portable flash memory device (for example, Secure Digital (SD) memory, card, universal serial stream (-s ' _) disk or embedded flash memory device in an electronic device to generate a digital rights management mechanism different from the network system. The digital rights management mechanism utilizes the digital rights management engine of the electronic device to overcome the compatibility problem between the digital rights management engine and the operating system of the electronic device. Figure 6 is a flow chart showing the steps of a method for locally initiating a digital rights management engine in accordance with another embodiment of the present invention. Performing a pre-processing operation to convert the digital content file of the first file format (for example, .3gP file of 〇MA) into the digital content file of the second file format (for example, dMA DRM 1.0.dcf) (step 6〇 1), which can only be recognized by the digital rights management engine of a particular electronic device, and needs to be combined with its corresponding rights object to be used. For example, the original digital content file is first converted to .dcf by the 〇MA U content wrapper (such as SONY-Ericsson's DRM Packager), and the corresponding one of the rights objects is also generated simultaneously 'but not with The digital content file of this second file format is linked. It should be noted that the .dcf file in this embodiment is different from the .dcf file in Figure 4, and the rights object is not used for encryption. This file has been encrypted and is basically not illegally authorized.

Patent一VIII/9034-A41794_TW / Draft-Final 16 201019162 的顧慮。但是為增強其保護機制,在本實施中,利用一加 密機制(例如’先進加密系統(Advanced Encryption System ’ AES )、3 資料加雄、系統(3 Data Encryption System, 3DES)、Twofisli (雙魚)…等等)加密該第二檔案格式 的數位内容檔,其中將該第二權案格式的數位内容檔轉換 為第三槽案格式的數位内容權(例如,.aes檔),同時產 生一對應解密鑰匙(步驟602)。 將該加密之數位内容權與該解密鑰匙儲存在一記憶體 裝置(例如,SD記憶卡)之各自記憶體位置(例如將數位 内容檔儲存在公開區’將解密鍮匙儲存在隱藏區)中(步 驟603 )。該解密鑰匙亦可分散儲存於該記憶體裝置或已 編譯成機器語言的應用程式中而無法被辨識以加強保護。 利用程式語言(例如,C++)設計一應用程式以執行驗證、 檔案解密、數位權利管理引擎啟動與安全控制等操作(步 驟604) ’並且將該應用程式安裝於該記憶體裝置上(步 _ 驟605)。當該記憶體裝置安裝至該電子裝置中時(步驟 606) ’根據該數位内容檔之認證碼對該應用程式進行驗證 (步驟607 )。認證碼可為該數位内容檔的一專屬序發或 該記憶體裝置之一唯一序號。 ; 當成功驗證後’該應用程式利用該解密餘匙解密該加 密之數位内容檔,其中自該第三檔案袼式( aes)的數=内 容槽還原至該第二檔案格式(.dcf)的數位内容稽(步驟 S608) ’並且局部啟動該電子裝置之數位權利管理引擎(步 驟S609)。該數位權利管理引擎將第二檔案格式( dcf)Patent VIII/9034-A41794_TW / Draft-Final 16 201019162 concerns. However, in order to enhance its protection mechanism, in this implementation, an encryption mechanism (such as 'Advanced Encryption System' AES), 3 Data Encryption System (3DES), Twofisli (Pisces)... And so on) encrypting the digital content file of the second file format, wherein the digital content file of the second rights format is converted into a digital content right of the third slot format (eg, .aes file), and a corresponding decryption is generated Key (step 602). The encrypted digital content rights and the decryption key are stored in respective memory locations of a memory device (eg, an SD memory card) (eg, storing the digital content file in the public area to store the decryption key in the hidden area) (Step 603). The decryption key can also be stored in the memory device or in an application that has been compiled into a machine language and cannot be recognized for enhanced protection. Designing an application using a programming language (eg, C++) to perform operations such as verification, file decryption, digital rights management engine startup and security control (step 604) 'and installing the application on the memory device (step _ 605). When the memory device is installed in the electronic device (step 606), the application is verified based on the authentication code of the digital content file (step 607). The authentication code can be a dedicated serial number of the digital content file or a unique serial number of the memory device. After successful verification, the application decrypts the encrypted digital content file by using the decryption key, wherein the number from the third file (aes) = content slot is restored to the second file format (.dcf) The digital content is checked (step S608)' and the digital rights management engine of the electronic device is locally activated (step S609). The digital rights management engine will be in the second file format (dcf)

Patent_VIII/9034-A41794-TW / Draft-Final 17 201019162 的數位内容檔與權利物件以及該電子裝置之一内碼 (IMEI)結合,成為同名的第四檔案格式(.dcf)的數位 内容檔(步驟610),使得該數位内容檔僅可被該電子裝 置存取使用(步驟611)。 需注意到,當記憶體裝置自電子裝置中移除,或者在 該電子裝置之數位權利管理引擎啟動前關閉該電子裝置, 該應用程式執行安全控制以刪除加密的數位内容檔。 第7圖係顯示本發明另一實施例之局部啟動數位權利 ® 管理引擎的系統架構示意圖。 該系統包括一記憶體裝置700與一電子裝置800。電 子裝置800提供一數位權利管理引擎810。記憶體裝置700 提供記憶體位置750 (例如,隱藏區與公開區)以儲存數 位内容檔75卜數位内容檔751之一認證碼752、一解密鑰 匙753、一應用程式755 —權利物件757,其中數位内容檔 751利用一加密方法與解密鑰匙753來加密。若利用AES 來處理數位内容檔751,則數位内容檔751的格式為.aes。 胃 利用程式語言(例如,C++)設計應用程式755以執 行驗證、檔案解密、數位權利管理引擎啟動與安全控制等 操作。當記憶體裝置700安裝至電子裝置800時,應用程 式755根據數位内容檔751之認證碼752進行驗證。認證 碼752可為數位内容檔751的一專屬序號或記憶體裝置 700之一唯一序號。 當成功驗證後,應用程式755利用該解密鑰匙解密該 加密之數位内容檔751,其中自一第三檔案格式(.aes)的Patent_VIII/9034-A41794-TW / Draft-Final 17 201019162 The digital content file is combined with the rights object and one of the electronic device internal code (IMEI) to become the digital file of the fourth file format (.dcf) of the same name (step 610), such that the digital content file is only accessible for use by the electronic device (step 611). It is noted that when the memory device is removed from the electronic device or the electronic device is turned off prior to activation of the electronic device's digital rights management engine, the application performs security controls to delete the encrypted digital content file. Figure 7 is a block diagram showing the system architecture of the Partially Launched Digital Rights ® Management Engine of another embodiment of the present invention. The system includes a memory device 700 and an electronic device 800. The electronic device 800 provides a digital rights management engine 810. The memory device 700 provides a memory location 750 (eg, a hidden area and a public area) to store an authentication code 752, a decryption key 753, an application 755, a rights object 757, of the digital content file 75. The digital content file 751 is encrypted with an encryption key 753 using an encryption method. If AES is used to process the digital content file 751, the format of the digital content file 751 is .aes. The stomach uses a programming language (e.g., C++) to design the application 755 to perform operations such as verification, file decryption, digital rights management engine startup, and security control. When the memory device 700 is mounted to the electronic device 800, the application 755 verifies based on the authentication code 752 of the digital content file 751. The authentication code 752 can be a unique serial number of the digital content file 751 or a unique serial number of the memory device 700. Upon successful verification, the application 755 decrypts the encrypted digital content file 751 using the decryption key, wherein from a third file format (.aes)

Patent_VIII/9034-A41794-TW / Draft-Final 18 201019162 數位内容檔751還原至該第二檔案格式( dcf)的數位内容 檔751,並且局部啟動電子裝置8〇〇之數位權利管理引擎 810。數位權利管理引擎81〇將第二檔案格式(dcf)的數 位内容檔751與權利物件757以及電子裝置8〇〇之一内碼 (IMEI)結合,成為同名的第四檔案格式(dcf)的數位 内容檔751,使得該數位内容檔751僅可被電子裝置8⑻ 存取使用。Patent_VIII/9034-A41794-TW / Draft-Final 18 201019162 The digital content file 751 is restored to the digital content file 751 of the second file format (dcf), and the digital rights management engine 810 of the electronic device 8 is locally activated. The digital rights management engine 81 combines the digital content file 751 of the second file format (dcf) with the rights object 757 and an internal code (IMEI) of the electronic device 8 to become a digital file of the fourth file format (dcf) of the same name. The content file 751 is such that the digital content file 751 can only be accessed by the electronic device 8 (8).

本發明實施例之局部啟動數位權利管理引擎的方法與 系統係適用於可攜式電子裝置或可攜式快閃記憶裝置之離 線傳遞,其建立一個可以獨立於網路系統之外的數位内容 檔與對應之數位權利管理的離線傳遞。此外,本發明更提 供自行設計的應隸式’以啟動特定f子裝置的數位權利 管理引擎’可克服特定電子裝置之作業系統與數位權利管 理引擎間的相容性問題。 本發明之方法,或特定型態或其部份,可以以程式碼 的型態存在。程式碼可以包含於實體媒體,如軟碟、光碟 片、硬碟、或是任何其他機器可讀取(如電腦可讀取)儲 存媒體’其中’當程式碼被機器,如電腦载人且執行時, 此機器變顧以參與本發明之裝f。程式碼也可以透過一 些傳送媒體’如電線或電瘦、光纖、或是任何傳輸型熊進 行傳送,其中,當程式碼被機器,如電腦接收、載入^執 行時,此機器變成用以參與本發明之裝置。當在―般用途 處理單元實作時,程式碼結合處理單元提供—操作類似於 應用特定邏輯電路之獨特裝置。 'The method and system for partially starting the digital rights management engine in the embodiment of the present invention are applicable to offline transmission of a portable electronic device or a portable flash memory device, and establish a digital content file that can be independent of the network system. Offline delivery with corresponding digital rights management. In addition, the present invention further provides a self-designed digital rights management engine that activates a particular f-sub-device to overcome compatibility issues between the operating system of a particular electronic device and the digital rights management engine. The method of the invention, or a particular version or portion thereof, may exist in the form of a code. The code can be included in physical media, such as floppy disks, CDs, hard drives, or any other machine readable (such as computer readable) storage media 'where' when the code is loaded by a machine, such as a computer and executed At this time, the machine is referred to to participate in the assembly of the present invention. The code can also be transmitted via some transmission medium such as wire or thin, optical fiber, or any transmission bear. When the code is received by the machine, such as a computer, the machine becomes active. The device of the invention. When implemented in a general purpose processing unit, the code is combined with a processing unit to provide a unique device that operates similar to the application specific logic. '

Patent_Vni/9034-A41794-TW / Draft-Final 19 201019162 雖然本發明已以較佳實施例揭露如上,然其並#用以 限定本發明,任何熟習此技藝者’在不脫離本發明之精神 和範圍内,當可作各種之更動與潤飾,因此本發明之保護 範圍當視後附之申請專利範圍所界定者為準。 【圖式簡單說明】 第1圖係顯示傳統數位權利管理引擎處理的方法步驟 流程圖。Patent_Vni/9034-A41794-TW / Draft-Final 19 201019162 Although the present invention has been disclosed in the above preferred embodiments, the present invention is intended to be limited to the scope of the invention. The scope of protection of the present invention is defined by the scope of the appended claims. [Simple description of the diagram] Figure 1 is a flow chart showing the method steps of the traditional digital rights management engine.

第2圖係顯示另一傳統數位權利管理引擎處理的方法 步驟流程圖。 第3圖係顯示另一傳統數位權利管理引擎處理的方法 步驟流程圖。 第4圖係顯示本發明實施例之局部啟動數位權利管理 引擎的方法步驟流程圖。 第5圖係顯示本發明實施例之局部啟動數位權利管理 引擎的系統架構示意圖。Figure 2 is a flow chart showing the steps of another conventional digital rights management engine processing method. Figure 3 is a flow chart showing the steps of another conventional digital rights management engine. Figure 4 is a flow chart showing the steps of a method for locally initiating a digital rights management engine in accordance with an embodiment of the present invention. Figure 5 is a schematic diagram showing the system architecture of the local boot digital rights management engine of the embodiment of the present invention.

第6圖係顯示本發明另一 管理引擎的方法步驟流程圖。 第7圖係顯示本發明另一 管理引擎的系統架構示意圖。 【主要元件符號說明】 實施例之局部啟動數位權利 實施例之局部啟動數位權利 500、700〜記憶體裝置 550、 750〜記憶體位置 551、 751〜數位内容檔Figure 6 is a flow chart showing the method steps of another management engine of the present invention. Figure 7 is a schematic diagram showing the system architecture of another management engine of the present invention. [Description of main component symbols] Locally activated digital rights of the embodiment Locally activated digital rights of the embodiment 500, 700~memory device 550, 750~memory location 551, 751~digital content file

Patent_VIII/9034-A41794-TW / Draft-Final 201019162 552、 752〜認證碼 553、 753〜解密鑰匙 555、755〜應用程式 757〜權利物件 600、800〜電子裝置 610、810〜數位權利管理引擎 511.. 515〜流程步驟 521.. 527〜流程步驟 531.. 533〜流程步驟 5401.. 5413〜流程步驟 5601.. 5611〜流程步驟Patent_VIII/9034-A41794-TW / Draft-Final 201019162 552, 752~ authentication code 553, 753~ decryption key 555, 755~ application 757~ rights object 600, 800~ electronic device 610, 810~ digital rights management engine 511. 515~Process step 521.. 527~ process step 531.. 533~ process step 5401.. 5413~ process step 5601.. 5611~ process step

Patent VIII/9034-A41794-TW/Draft-FinalPatent VIII/9034-A41794-TW/Draft-Final

Claims (1)

201019162 十、申請專利範圍: 1.一種局部啟動數位權利管理引擎的方法,其應用於 一電子裝置,包括下列步驟: 執行一前處理操作,其將權利物件與一第一檔案格式 的數位内容檔分開儲存或連結在一起; 將該第一檔案格式的數位内容檔轉換為一第二檔案格 式的數位内容檔; 加密該第二檔案格式的數位内容檔並且產生一對應解 ❹密鑰匙; 將該加密之數位内容檔與該解密鑰匙儲存在一記憶體 裝置之各自記憶體位置中; 利用一應用程式執行驗證、檔案解密、數位權利管理 引擎啟動與安全控制等操作; 將該應用程式安裝在該記憶體裝置; 安裝該記憶體裝置至該電子裝置中; •根據該數位内容檔之認證碼對該應用程式進行驗證; 藉由該應用程式並利用該解密鑰匙解密該加密之數位 内容檔,其中自一第三檔案格式的數位内容檔還原至該第 二檔案格式的數位内容檔; 藉由該應用程式啟動該電子裝置之一數位權利管理引 擎;以及 藉由該數位權利管理引擎將該電子裝置之一内碼與該 數位内容檔以及權利物件連結,使得該數位内容檔僅可被 該電子裝置存取使用。 Patent一VHI/9034-A41794-TW / Draft-Final 22 201019162 2. 如申請專利範圍第1項所述的局部啟動數位權利管 理引擎的方法,其中,該第二檔案格式之數位内容檔僅可 被該電子裝置之該數位權利管理引擎辨識。 3. 如申請專利範圍第1項所述的局部啟動數位權利管 理引擎的方法,其中,加密該數位内容檔之步驟更包括將 該第二檔案格式之數位内容檔轉換為該第三檔案格式之數 位内容檔。 4. 如申請專利範圍第1項所述的局部啟動數位權利管 ® 理引擎的方法,其中,該解密鑰匙係分散儲存於該記憶體 裝置。 5. 如申請專利範圍第1項所述的局部啟動數位權利管 理引擎的方法,其中,該認證碼可為該數位内容檔的一專 屬序號或該記憶體裝置之一唯一序號。 6. 如申請專利範圍第1項所述的局部啟動數位權利管 理引擎的方法,其更包括當啟動該數位權利管理引擎時, 將該第二檔案格式之數位内容檔轉換為一第四檔案格式之 ®數位内容檔。 7..—種局部啟動數位權利管理引擎的系統,包括: 一記憶體裝置,其提供一記憶體位置以儲存數位内容 檔、一應用程式、一認證碼與一權利物件,其中該數位内 容檔利用一加密方法與一解密鑰匙來加密;以及 一電子裝置,其提供一數位權利管理引擎,其中該應 用程式執行驗證、檔案解密、數位權利管理引擎啟動與安 全控制等操作; Patent VIII/9034-A41794-TW/Draft-Final 23 201019162 其中,當該記憶體裝置安裝至該電子裝置時,該應用 程式根據該數位内容檔之認證碼進行驗證,利用該解密鑰 匙解密該加密之數位内容檔,其中將一第一檔案格式的數 位内容檔轉換為一第二檔案格式的數位内容檔,並且啟動 該數位權利管理引擎,該數位權利管理引擎將該第二檔案 格式的數位内容檔轉換為一第三檔案格式的數位内容檔, 並且將該電子裝置之一内碼與該數位内容檔連結,使得該 數位内容檔僅可被該電子裝置存取使用。 8. 如申請專利範圍第7項所述的局部啟動數位權利管 理引擎的系統,其中,該解密鑰匙係分散儲存於該記憶體 裝置。 9. 如申請專利範圍第7項所述的局部啟動數位權利管 理引擎的系統,其中,該認證碼可為該數位内容檔的一專 屬序號或該記憶體裝置之一唯一序號。 10. —種電腦可記錄媒體,用以儲存一電腦程式,上 述電腦程式包括複數程式碼片段,其用以載入至一電腦系 統中並且使得上述電腦系統執行一種局部啟動數位權利管 理引擎的方法,其應用於一電子裝置,包括: 執行一前處理操作,其將權利物件與一第一檔案格式 的數位内容檔分開儲存或連結在一起; 將該第一檔案格式的數位内容檔轉換為一第二檔案格 式的數位内容檔; 加密該第二檔案格式的數位内容檔並且產生一對應解 密鑰匙; Patent_VIII/9034-A41794-TW / Draft-Final 24 201019162 將該加密之數位内容檔與該解密鑰匙儲存在一記憶體 裝置中; 利用一應用程式執行驗證、檔案解密、數位權利管理 引擎啟動與安全控制等操作; 將該應用程式安裝在該記憶體裝置中; 安裝該記憶體裝置至該電子裝置中; 根據該數位内容檔之認證碼對該應用程式進行驗證; 藉由該應用程式並利用該解密鑰匙解密該加密之數位 ® 内容檔,其中自一第三檔案格式的數位内容檔還原至該第 二檔案格式的數位内容檔; 藉由該應用程式啟動該電子裝置之一數位權利管理引 擎;以及 藉由該數位權利管理引擎將該電子裝置之一内碼與該 數位内容檔以及權利物件連結,使得該數位内容檔僅可被 該電子裝置存取使用。 11. 如申請專利範圍第10項所述的電腦可記錄媒體, ® 其中,該第二檔案格式之數位内容檔僅可被該電子裝置之 該數位權利管理引擎辨識。 12. 如申請專利範圍第10項所述的電腦可記錄媒體, 其中,加密該數位内容檔之步驟更包括將該第二檔案格式 之數位内容檔轉換為該第三檔案格式之數位内容檔。 13. 如申請專利範圍第10項所述的電腦可記錄媒體, 其中,該解密鑰匙係分散儲存於該記憶體裝置。 14. 如申請專利範圍第10項所述的電腦可記錄媒體, Patent_VIII/9034-A41794-TW / Draft-Final 25 201019162 其中,該認證碼可為該數位内容檔的一專屬序號或該記憶 體裝置之一唯一序號。 15. 如申請專利範圍第10項所述的電腦可記錄媒體, 其更包括當啟動該數位權利管理引擎時,將該第二檜案格 式之數位内容檔轉換為一第四檔案格式之數位内容檔。 16. —種局部啟動數位權利管理引擎的方法,其應用於 一電子裝置,包括下列步驟: 執行一前處理操作,將一第一檔案格式的數位内容檔 ® 轉換為一第二檔案格式之數位内容檔; 加密該第二檔案格式的數位内容檔,以將該第二檔案 格式的數位内容檔轉換為一第三檔案格式的數位内容檔, 同時產生一對應解密鑰匙; 將該加密之數位内容檔與該解密鑰匙儲存在一記憶體 裝置之各自記憶體位置中; 利用一應用程式執行驗證、檔案解密、數位權利管理 引擎啟動與安全控制等操作; ® 將該應用程式安裝在該記憶體裝置; 安裝該記憶體裝置至該電子裝置中; 根據該數位内容檔之認證碼對該應用程式進行驗證; 藉由該應用程式並利用該解密鑰匙解密該加密之數位 内容檔,其中自該第三檔案格式的數位内容檔還原至該第 二檔案格式的數位内容檔; 藉由該應用程式啟動該電子裝置之一數位權利管理引 擎;以及 Patent_VIII/9034-A41794-IW / Draft-Final 26 201019162 藉由該數位權利管理引擎將該第二檔案格式的數位内 容檔與該數位内容之權利物件以及該電子裝置之一内碼連 結,使得該數位内容檔僅可被該電子裝置存取使用。 17.—種局部啟動數位權利管理引擎的系統,包括: 一記憶體裝置,其提供一記憶體位置以儲存數位内容 標、一應用程式、一認證竭與一權利物件,其中該數位内 容檔利用一加密方法與一解密鑰匙來加密,使得將一第一 ❹檔案格式的數位内容檔轉換為一第二檔案格式之數位内容 檔,且該第二檔案格式的數位内容檔轉換為一第三檔案格 式的數位内容檔;以及 一電子裝置,其提供一數位權利管理引擎,其中該應 用程式執行驗證、檔案解密、數位權利管理引擎啟動與安 全控制等操作; 其中,當該記憶體襄置安裝至該電子裝置時,該應用 籲起解密該加密之數位内容權,其中自該第三檔案格式的數 位内容播還原至該第二檔案格式的數位内容槽,並且啟動 該電子装置之 '一數位描士丨篇 ?丨*_201019162 X. Patent application scope: 1. A method for locally starting a digital rights management engine, which is applied to an electronic device, comprising the following steps: performing a pre-processing operation, which uses a rights object and a digital content file of a first file format. Separatingly storing or linking together; converting the digital content file of the first file format into a digital content file of a second file format; encrypting the digital content file of the second file format and generating a corresponding decryption key; Encrypting the digital content file and the decryption key are stored in a respective memory location of the memory device; performing an operation such as verification, file decryption, digital rights management engine startup and security control by using an application; installing the application in the a memory device; installing the memory device into the electronic device; • authenticating the application according to the authentication code of the digital content file; and decrypting the encrypted digital content file by using the decryption key by the application, wherein Restore from a third file format digital content file to the second file a digital content file of the file format; the digital rights management engine of the electronic device is activated by the application; and the digital code is linked to the digital content file and the rights object by the digital rights management engine The digital content file can only be accessed by the electronic device. 2. A method for locally initiating a digital rights management engine according to claim 1, wherein the digital content file of the second file format can only be used by the method of claim 2, wherein the digital content file of the second file format can only be The digital rights management engine of the electronic device recognizes. 3. The method of claim 3, wherein the step of encrypting the digital content file further comprises converting the digital content file of the second file format to the third file format. Digital content file. 4. A method of locally initiating a digital rights management engine as described in claim 1, wherein the decryption key is stored in the memory device. 5. A method of locally initiating a digital rights management engine as described in claim 1, wherein the authentication code is a unique serial number of the digital content file or a unique serial number of the memory device. 6. The method for locally initiating a digital rights management engine according to claim 1, further comprising converting the digital content file of the second file format into a fourth file format when the digital rights management engine is activated ® digital content file. 7. A system for locally launching a digital rights management engine, comprising: a memory device that provides a memory location for storing a digital content file, an application, an authentication code, and a rights object, wherein the digital content file Encrypting with an encryption method and a decryption key; and an electronic device providing a digital rights management engine, wherein the application performs operations such as verification, file decryption, digital rights management engine startup and security control; Patent VIII/9034- A41794-TW/Draft-Final 23 201019162 wherein, when the memory device is installed to the electronic device, the application performs verification according to the authentication code of the digital content file, and decrypts the encrypted digital content file by using the decryption key, wherein Converting a digital file of a first file format into a digital content file of a second file format, and initiating the digital rights management engine, the digital rights management engine converting the digital content file of the second file format into a third file a digital content file in the file format, and the inner code of the electronic device and the number Link file content so that the digital content files can only be accessed using the electronic device. 8. The system for locally activated digital rights management engine of claim 7, wherein the decryption key is stored in the memory device. 9. The system for locally activated digital rights management engine of claim 7, wherein the authentication code is a unique serial number of the digital content file or a unique serial number of the memory device. 10. A computer recordable medium for storing a computer program, the computer program comprising a plurality of code segments for loading into a computer system and causing the computer system to perform a method of locally launching a digital rights management engine The method is applied to an electronic device, comprising: performing a pre-processing operation, separately storing or linking the rights object to a digital content file of a first file format; converting the digital content file of the first file format into one a digital content file of the second file format; encrypting the digital content file of the second file format and generating a corresponding decryption key; Patent_VIII/9034-A41794-TW / Draft-Final 24 201019162 encrypting the encrypted digital content file with the decryption key Storing in a memory device; performing an operation such as verification, file decryption, digital rights management engine startup and security control by an application; installing the application in the memory device; installing the memory device to the electronic device The application is executed according to the authentication code of the digital content file Verifying, by the application and using the decryption key, the encrypted digital content file, wherein the digital content file from a third file format is restored to the digital content file of the second file format; a digital rights management engine of the electronic device; and connecting the internal code of the electronic device to the digital content file and the rights object by the digital rights management engine, so that the digital content file can only be accessed by the electronic device . 11. The computer recordable medium of claim 10, wherein the digital content file of the second file format is only identifiable by the digital rights management engine of the electronic device. 12. The computer recordable medium of claim 10, wherein the step of encrypting the digital content file further comprises converting the digital content file of the second file format into a digital content file of the third file format. 13. The computer recordable medium of claim 10, wherein the decryption key is stored in the memory device. 14. The computer recordable medium according to claim 10, Patent_VIII/9034-A41794-TW / Draft-Final 25 201019162 wherein the authentication code may be a unique serial number of the digital content file or the memory device One of the unique serial numbers. 15. The computer recordable medium of claim 10, further comprising converting the digital content file of the second file format into a digital content of a fourth file format when the digital rights management engine is activated. files. 16. A method of locally initiating a digital rights management engine for use in an electronic device comprising the steps of: performing a pre-processing operation to convert a digital content file of a first file format into a digit of a second file format a content file; encrypting the digital content file of the second file format to convert the digital content file of the second file format into a digital content file of a third file format, and simultaneously generating a corresponding decryption key; The file and the decryption key are stored in a respective memory location of the memory device; an application is used to perform verification, file decryption, digital rights management engine startup and security control, etc.; and the application is installed in the memory device Installing the memory device into the electronic device; authenticating the application according to the authentication code of the digital content file; and decrypting the encrypted digital content file by the application and using the decryption key, wherein the third Retrieving the digital content file of the file format to the digital content file of the second file format; The digital rights management engine of the electronic device is started by the application; and the digital content file of the second file format is matched with the digital content by the digital rights management engine by Patent_VIII/9034-A41794-IW / Draft-Final 26 201019162 The rights object and one of the electronic devices are coded such that the digital content file can only be accessed by the electronic device. 17. A system for locally launching a digital rights management engine, comprising: a memory device that provides a memory location for storing digital content tags, an application, an authentication device, and a rights object, wherein the digital content file utilizes An encryption method is encrypted with a decryption key, so that the digital content file of the first file format is converted into the digital content file of the second file format, and the digital content file of the second file format is converted into a third file. a formatted digital content file; and an electronic device providing a digital rights management engine, wherein the application performs operations such as verification, file decryption, digital rights management engine startup and security control; wherein, when the memory device is installed to In the electronic device, the application appeals to decrypt the encrypted digital content right, wherein the digital content from the third file format is restored to the digital content slot of the second file format, and the digital device is activated.士丨篇?丨*_ 可被該電子裝置存取使用。 程式根據該數仙容叙認證褐進行驗證,利用該解密錄 以及琢數位權利管理 與該數位内容之權利 使得該數位内容檔僅 Patent_Vni/9034-A41794-TW / Draft-FinalCan be accessed by the electronic device. The program verifies according to the number of authentications, and uses the decryption record and the right to manage the digital content to make the digital content file only Patent_Vni/9034-A41794-TW / Draft-Final
TW97143654A 2008-11-12 2008-11-12 Method and system for locally activating a drm engine TWI375160B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW97143654A TWI375160B (en) 2008-11-12 2008-11-12 Method and system for locally activating a drm engine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW97143654A TWI375160B (en) 2008-11-12 2008-11-12 Method and system for locally activating a drm engine

Publications (2)

Publication Number Publication Date
TW201019162A true TW201019162A (en) 2010-05-16
TWI375160B TWI375160B (en) 2012-10-21

Family

ID=44831627

Family Applications (1)

Application Number Title Priority Date Filing Date
TW97143654A TWI375160B (en) 2008-11-12 2008-11-12 Method and system for locally activating a drm engine

Country Status (1)

Country Link
TW (1) TWI375160B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI563838B (en) * 2013-08-26 2016-12-21 Digital Action Inc Digital contents encoding and decoding system and the method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI563838B (en) * 2013-08-26 2016-12-21 Digital Action Inc Digital contents encoding and decoding system and the method thereof

Also Published As

Publication number Publication date
TWI375160B (en) 2012-10-21

Similar Documents

Publication Publication Date Title
US8914634B2 (en) Digital rights management system transfer of content and distribution
JP4740157B2 (en) Protect digital data content
JP5248153B2 (en) Information processing apparatus, method, and program
US9047445B2 (en) Memory device and method for updating a security module
KR101954215B1 (en) Method and apparatus for using non volatile storage device
US20050210236A1 (en) Digital rights management structure, portable storage device, and contents management method using the portable storage device
JP2010028485A (en) Information processing apparatus, authentication method, and storage medium
JP2012113740A (en) Drm providing device, system and method
CN103635911A (en) Storage device and host device for protecting content and method thereof
WO2006003778A1 (en) Content management method, content management program, and electronic device
US9652624B2 (en) Method, host, storage, and machine-readable storage medium for protecting content
US20100205460A1 (en) Encryption method for digital data memory card and assembly for performing the same
TW201301267A (en) Information processing device, information processing method, and program
KR20110042296A (en) Information processing device, method for processing data, and program
US20100313034A1 (en) Information processing apparatus, data recording system, information processing method, and program
JP2005505853A (en) Apparatus and method for reading or writing user data
US8171565B2 (en) Systems and methods for locally generating license and activating DRM agent
JP5911876B2 (en) Storage device, authentication method for storage device, and authentication device
KR100996992B1 (en) Portable Memory Media for Recording and Using Contents applied DRM and Method and System for Realizing It Thereby
TWI375160B (en) Method and system for locally activating a drm engine
CN101267305A (en) Method and system of transmitting contents between devices
CN101739518B (en) Method and system for locally starting digital rights management engine
JP2013150179A (en) Information processing apparatus, information storage device, information processing system, information processing method, and program
US8095793B1 (en) Digital rights management apparatus and method
JP5318069B2 (en) Information processing device

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees