WO2000004549A2 - Copy protection by ticket encryption - Google Patents

Copy protection by ticket encryption Download PDF

Info

Publication number
WO2000004549A2
WO2000004549A2 PCT/EP1999/004766 EP9904766W WO0004549A2 WO 2000004549 A2 WO2000004549 A2 WO 2000004549A2 EP 9904766 W EP9904766 W EP 9904766W WO 0004549 A2 WO0004549 A2 WO 0004549A2
Authority
WO
WIPO (PCT)
Prior art keywords
ticket
key
copy
material
receiver
Prior art date
Application number
PCT/EP1999/004766
Other languages
French (fr)
Other versions
WO2000004549A3 (en
Inventor
Michael A. Epstein
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US9272798P priority Critical
Priority to US60/092,727 priority
Priority to US33362899A priority
Priority to US09/333,628 priority
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Priority claimed from JP2000560583A external-priority patent/JP2002520682A/en
Publication of WO2000004549A2 publication Critical patent/WO2000004549A2/en
Publication of WO2000004549A3 publication Critical patent/WO2000004549A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/913Television signal processing therefor for scrambling ; for copy protection
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00217Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
    • G11B20/00224Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is obtained from a remote server
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00485Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier
    • G11B20/00557Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein further management data is encrypted, e.g. sector headers, TOC or the lead-in or lead-out areas
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00731Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
    • G11B20/00746Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number
    • G11B20/00753Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number wherein the usage restriction limits the number of copies that can be made, e.g. CGMS, SCMS, or CCI flags
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00731Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
    • G11B20/00746Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number
    • G11B20/00811Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number wherein said number is encoded as a cryptographic token or ticket
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00884Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a watermark, i.e. a barely perceptible transformation of the original data which can nevertheless be recognised by an algorithm
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/913Television signal processing therefor for scrambling ; for copy protection
    • H04N2005/91307Television signal processing therefor for scrambling ; for copy protection by adding a copy protection signal to the video signal
    • H04N2005/91328Television signal processing therefor for scrambling ; for copy protection by adding a copy protection signal to the video signal the copy protection signal being a copy management signal, e.g. a copy generation management signal [CGMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/913Television signal processing therefor for scrambling ; for copy protection
    • H04N2005/91307Television signal processing therefor for scrambling ; for copy protection by adding a copy protection signal to the video signal
    • H04N2005/91335Television signal processing therefor for scrambling ; for copy protection by adding a copy protection signal to the video signal the copy protection signal being a watermark

Abstract

An encryption scheme is provided between a device that communicates material content and the intended receiver of this content. The encryption is applied to a ticket that conveys copy and display rights. To allow for the portability of devices, the encryption scheme in a preferred embodiment is dynamic. At any point in time, the channel between the providing device and the receiving device is configured for the exclusive use of these two devices; thereafter, the channel may be configured for the exclusive use of another set of devices. To prevent the use of non-conforming devices within the system, conforming devices contain verifiable certificates of authenticity, and channels are established when each device on the channel verifies the other device's authenticity.

Description

Copy protection by ticket encryption.

This invention relates to the field of entertainment systems, and in particular to copy protection for copyrighted material.

Digital recordings have the unique property that copies of the recorded material have the same quality as the original. As such, the need for an effective copy protection scheme is particularly crucial for the protection of copyright material that is digitally recorded. A cost-effective method of copy protection is discussed in detail by Jean-Paul Linnartz et al., in Philips Electronics Response to Call for Proposals Issued by the Data Hiding Subgroup Copy Protection Technical Working Group, July 1997 ("Linnartz"), which is incorporated herein by reference. The Linnartz scheme operates by attaching a "ticket" to the recorded material; the ticket comprises a verifiable "count" that is decremented at each stage of the playback and recording process, and is computationally difficult to increment. A computationally difficult process is one that can be expected to require an inordinate amount of time to complete, relative to the potential gain that may be realized by devoting this amount of time. The Linnartz scheme uses a hashing function that provides a hash value from a seed value in such a manner that it is computationally difficult to determine the seed value, given the hash value.

FIG. 1 illustrates the Linnartz ticket scheme. The multiple instances of player 110 and recorder 120 are used to illustrate the use of the same or another player 110 and recorder 120 with different inputs 101, 102, 111, 112, 122, 132. A protected recording, such as a DVD disk, can be encoded as "copy-never" 101 or "copy-once" 102. The material content C also contains an embedded watermark W that is a hash value of a physical mark P. As in a paper watermark, the watermark W is an encoding that is embedded in the recorded material in such a manner that it does not interfere with the rendering of the material, but cannot be removed from the material without adversely affecting the quality of the material. The physical mark P is a code that is embedded in the material of the disk media that can be read by a disk player 110, and also cannot be removed from the disk media without affecting the quality of the disk media. A copy-never disk 101 may or may not contain a ticket T. The copy- once disk 102 contains an embedded watermark W that is a four-times-hash of the physical mark P, and a ticket T that is a once-hash value of the physical mark P.

By agreement among manufacturers, a compliant player 110 plays a recording that contains an embedded watermark W if and only if: the embedded watermark W is a once- hash of the physical mark P; the embedded watermark W is a thrice-hash of the ticket T; or the embedded watermark W is a once-hash of the ticket T. Any other combination of embedded watermark W, ticket T, and physical mark P is deemed an illegal copy, and the compliant player 110 will not play the illegal copy. If the recording is deemed legal, the compliant player 110 provides as an output the material C, with its embedded watermark W, and a transformed ticket T' that is a once-hash of the incoming ticket T. As illustrated, the compliant player 110 provides an output 111 from the copy-never disk 101 because the embedded watermark W is equal to a once-hash of the physical mark P, and provides an output 112 from the copy-once disk 102 because the embedded watermark W is equal to the thrice-hash of the ticket T.

By agreement among manufacturers, a compliant recorder 120 makes a copy of a recording that contains an embedded watermark W and ticket T, if and only if the embedded watermark W is a twice hash of the ticket T. The copy-never output 111 does not have an embedded watermark W that is a twice hash of the transformed ticket T', and thus will not be recorded by the compliant recorder 120. The copy-once output 112 contains an embedded watermark W that is a four-times-hash of the physical mark P, and a transformed ticket T' that is a once-hash of the original ticket T. Because the original ticket T is a once-hash of the physical mark P, the transformed ticket T' is a twice-hash of the physical mark P, and therefore the embedded watermark W is a twice-hash of the transformed ticket T'. Because the embedded watermark W is a twice-hash of the incoming transformed ticket T', the compliant recorder 120 makes a copy 122 of the copy-once material 112. The compliant recorder 120 attaches a once-hash of the incoming ticket T' as a new ticket T" on the copy 122. Because the incoming ticket T' is a twice-hash of the physical mark P, the new ticket T" is a thrice-hash of the physical mark P. The combination of an embedded watermark W that is a once-hash of the attached ticket defines a "copy-no-more" recording.

Note that in the Linnartz scheme, there are no restrictions on the number of copies that can be made from the "copy-once" disk 102. That is, the playback of the original copy-once disk 102 will always produce an output that contains the material C, with its embedded watermark W, and a transformed ticket T' that is a once-hash of the incoming ticket T. Because the original ticket T is a once-hash of the physical mark P, and the transformed ticket T' is a twice-hash of the physical mark P, the embedded watermark W will always be a twice-hash of the transformed ticket T', and therefore recordable. A mass production of the copy-once disk 102 can be effected by merely operating a number of recorders 120 in parallel, each receiving the output 112 of the player 110. Note that this mass production can be performed using recorders 120 that are compliant with the ticketing scheme of Linnartz. As discussed above, a compliant player 110 plays a recording that contains an embedded watermark W if and only if: the embedded watermark W is a once-hash of the physical mark P; the embedded watermark W is a thrice-hash of the incoming ticket; or the embedded watermark W is a once-hash of the incoming ticket. Because the incoming ticket T" from the copy-no-more copy 122 is a thrice-hash of the physical mark P, and the embedded watermark W is a four-times hash of the physical mark P, the embedded watermark W is a once-hash of the ticket T", and therefore a legally playable copy. The compliant player 110 plays the legal copy-no-more copy 122 and produces an output 132 that includes the material content C, its embedded watermark W, and a transformed ticket T'" that is a hash of the incoming ticket T". The transformed ticket T'" of the output 132 is a four-times hash of the physical mark P.

The compliant recorder 120, as discussed above, makes a copy of a recording that contains an embedded watermark W and ticket T, if and only if the embedded watermark W is a twice hash of the ticket T. The copy-no-more output 132 does not have an embedded watermark W that is a twice hash of the transformed ticket T'", and therefore will not be recorded by the compliant recorder 120.

Note that in the Linnartz scheme, the output of the compliant player is assumed to be displayable on a display device. That is, there are no display restrictions placed on a display device. Note also that the arrangement of the embedded watermark W and the ticket T at the output 132 of the compliant player 110 is an embedded watermark W that equals the ticket T. Thus, if a restriction were placed on a display device based on the embedded watermark W and ticket T, it must allow the display of an output wherein the embedded watermark and ticket are equal. Thus, an attempted restriction on the display of copyright material based on the Linnartz embedded watermark and trademark scheme could be overcome by merely replacing whatever ticket is provided by a copy of the embedded watermark.

For completeness, FIGs. 2 and 3 illustrate applications of the prior-art ticket processing scheme for controlling the copying of copyright material that is communicated via a broadcast channel, such as a "pay-per-view" transmission from a service provider. FIG. 2 illustrates the transmission of a copy-never broadcast 201, and FIG. 3 illustrates the transmission of a copy-once broadcast 202. As is common in the art, the broadcast 201, 202 is encrypted. A conditional access decrypter 210 decrypts the encrypted broadcast 201, 202 to provide a decrypted output 211, 212 that contains the material content C, an embedded watermark W, and a ticket T. The conditional access decrypter 210 may be, for example, a "cable-box" that decrypts the incoming broadcast after arrangements are made with the service provider for the payment of the fees associated with the receipt of the material content C, or after a "smart-card" is plugged into the cable box.

If, as in FIG. 2, the transmission is a copy-never broadcast 201, the decrypted output 211 will include the material content C, an embedded watermark W that equals a double-hash of a physical mark P, and a ticket T that is also equal to the double-hash of the physical mark P. In the case of a broadcast, the "physical" mark P may be an arbitrary code associated with the broadcast, or it may be related to an attribute of the broadcast, such as a modulated signal within the broadcast. The origin of the mark P is somewhat arbitrary, except that it should not be "publicly-available"; that is, it should not be easy to determine. Alternative methods can be used to supply the appropriate ticket value. The service provider may provide a ticket that is a single-hash of the physical mark P, and the conditional access decrypter 210 can be configured to apply a single-hash to the incoming ticket, as is performed in the conventional conforming player 110. Alternatively, the service provider may provide the double-hashed ticket directly, and the conditional access decrypter 210 merely passes the incoming ticket on as the output ticket. As discussed above, the compliant recorder 120 will only make copies of watermarked material when the embedded watermark is equal to the twice-hash of the incoming ticket. In this copy-never case, the embedded watermark W is equal to the incoming ticket T, and therefore the compliant recorder 120 will not make a copy of this copy-never material 211. A compliant display device 220, on the other hand, will display the copy-never material 211 because the embedded watermark equals the ticket.

If, as in FIG. 3, the transmission is a copy-once broadcast 202, the decrypted output 212 will include the material content C, an embedded watermark W that equals a four- hash of the physical mark P, and a ticket T that equals a double-hash of the physical mark P. Because the embedded watermark W is equal to a twice-hash of the incoming ticket T, a compliant recorder 120 will produce a authorized copy 222 of the decrypted output 212, and a compliant display device 220 will provide a display of the decrypted output 212. The copy 222 from the recorder 120 includes the material content C, its embedded watermark W, and a transformed ticket T that is equal to a single-hash of the incoming ticket T. Because the incoming ticket T is a twice-hash of the physical mark P, the transformed ticket T' is equal to a thrice-hash of the physical mark P.

Note that as in the ticketed disk scheme discussed above, a plurality of compliant recorders 120 may be configured to receive the output of the decrypter 210 and will produce a corresponding plurality of copies 222. Note also that a non-compliant "blind" copy of the material 212 can be made and subsequently provided to any compliant recorder 120 for an unlimited number of copies 222. A 'blind" copy is substantially a bit-for-bit copy, with no transformation of the information as it is copied. In the aforementioned ticketed disk scheme, the presence of the physical mark P on the disk media itself precluded the use of a blind copy, because the physical mark P would not have been transferred with the information that is copied, and a compliant device will reject a copy having an embedded watermark that differs from a single-hash or four-hash of the physical mark P. In the broadcast example, however, if the physical mark P is communicated, it will be part of the broadcast information, and therefore will be transferred with the information during a blind copy. When the copy 222 is provided to a player 110, the player will match the embedded watermark W to a single-hash of the ticket T', and will provide an output 232 that contains the material content C, the embedded watermark W, and a transformed ticket T" that is a single-hash of the incoming ticket T', or, equivalently, a four-hash of the physical mark P. A compliant recorder 120 will not make a copy of the output 232, because the embedded watermark W is not a twice-hash of the incoming ticket T". The compliant display device will display the output 230, because the embedded watermark W is equal to the incoming ticket T". Note that a non-compliant player can have authorized and unauthorized copies of the material content C displayed by a conforming display device 220 by merely providing a ticket T" that is equal to the embedded watermark W.

It is an object of this invention to prevent the display of unauthorized copies of material on a conforming display device. It is a further object of this invention to prevent the unauthorized copying of material on a conforming recording device. It is a further object of this invention to prevent the unauthorized copying of material on a non-conforming recording device, or to render such unauthorized copies useless for a conforming display or recording device.

These objects and others are achieved by providing an encryption scheme between the device that communicates the material content and the intended receiver of this content. The encryption is applied to the ticket that conveys copy and display rights. To allow for the portability of devices, the encryption scheme in a preferred embodiment is dynamic. At any point in time, the channel between the providing device and the receiving device is configured for the exclusive use of these two devices; thereafter, the channel may be configured for the exclusive use of another set of devices. To prevent the use of non- conforming devices within the system, conforming devices contain verifiable certificates of authenticity, and channels are established only when each device on the channel verifies the other device's authenticity.

The invention is explained in further detail, and by way of example, with reference to the accompanying drawings wherein:

FIG. 1 illustrates a block diagram of an example prior-art ticket processing scheme for controlling the copying of copyright material on a physical media. FIGs. 2 and 3 illustrate applications of the prior- art ticket processing scheme for controlling the copying of copyright material that is communicated via a broadcast channel.

FIG. 4 illustrates an example block diagram of a ticket processing scheme for controlling the display of copyright material in accordance with this invention.

FIG. 5 illustrates an example block diagram for a ticket processing scheme for controlling the copying of copyright material in accordance with this invention.

FIG. 6 illustrates an example flow diagram for a ticket processing scheme for controlling the display or copy of copyright material in accordance with this invention.

FIG. 4 illustrates an example block diagram of a ticket processing scheme for controlling the copying of copyright material in accordance with this invention. Illustrated in FIG. 4 are a conditional access module 300 and a display device 400. The conditional access module receives a broadcast 301 that may or may not be encrypted, and which may or may not be copy protected. The brackets { } used in FIG. 4 illustrate items that may or may not be present in a particular broadcast 301. A Broadcast decrypter 350 is a conventional broadcast decrypter that decrypts the broadcast 301 if it is encrypted, otherwise, it passes it on unmodified, such that the output 351 of the broadcast decrypter comprises the material content C, it's embedded watermark W, if any, and associated ticket T, if any. A ticket detector 340 separates the ticket T 341, if present, from the output 351 to produce a material content C and it's embedded watermark W, if any, signal 342, and . communicates the ticket 341 to a ticket encrypter 330. In accordance with this invention, the ticket encrypter 330 encrypts the ticket T using a key K 321 to produce an encrypted ticket Eκ(T) 331 that can only be decrypted by the display device 400 that is currently bound to it, as will be discussed further below. The material content C and it's embedded watermark W, if any, signal 342, and the encrypted ticket Eκ(T) 331, if any, are communicated to the display device 400 as a communicated signal 401.

The display device 400 includes a ticket detector 440 that processes the communicated signal 401 to produce a material content C and it's embedded watermark W, if any, signal 442, and extracted ticket 431, if any. If, as illustrated in FIG. 4, the conditional access module 300 is a compliant device in accordance with this invention, the extracted ticket 431 will be equal to the encrypted ticket EK(T) 331. If the communicated signal 401 is not from the compliant conditional access module 300, the extracted ticket 431 will not be equal to the encrypted ticket Eκ(T) 331. The ticket decrypter 430 decrypts the extracted ticket 431 based on a key K' 421, such that the resultant ticket T 441 matches the original ticket T 431 if and only if the decryption key K' 421 corresponds to the encryption key K 321. One key corresponds to another if that key decrypts an encryption produced by the other. In a symmetric key system, the keys K 321 and K' 421 are equal to each other. In an asymmetric key system, the keys K 321 and K' 421 are private and public keys, respectively, of a private/public encryption key pair.

A display controller 460 controls the display of the material content C and it's embedded watermark W, if any, signal 442, based upon the relationship between the embedded watermark W, if any, and the decrypted ticket T 441. In accordance with this invention, the material content C will be displayed if and only if one of the following three conditions are met:

- there is no embedded watermark;

- the embedded watermark W equals the decrypted ticket T 441; or

- the embedded watermark W equals a twice-hash of the decrypted ticket T 441. The first condition corresponds to material content C that is not copy or display protected. The second condition corresponds to the copy-never 212 and copy-no-more 232 states of the prior art ticketing scheme, respectively, and the third condition corresponds to the copy-once 222 state of the prior art ticketing scheme, as illustrated in FIGs. 2 and 3. As discussed above, the embedded watermark W in the prior art ticketing scheme, if present, will equal the original ticket T 341 in the copy-never 212 and copy-no-more 232 states, and will equal the twice hash of the original ticket T 341 in the copy-once state 222. Because the . decrypted ticket T 441 will only equal the original ticket T 341 when the display device has a key K' 421 that corresponds to the key K 321 at the conditional access module 300, protected material content C will only be displayed when the conditional access module 300 and display device 400 have corresponding keys K 321 and K' 421. Thus, if a blind copy of the communicated signal 401 is made, it will only be displayable on the display device 400 that contains the key K' 421 that corresponds to key K 321.

FIG. 5 illustrates a corresponding recorder 500 in accordance with this invention. The recorder 500 is substantially similar to the display device 400 except for the substitution of a copy controller 560 for the display controller 460. The copy controller 560 allows a copy of the content material C to be made if and only if one of the following two conditions are met: - there is no embedded watermark; or - the embedded watermark W equals a twice-hash of the decrypted ticket T 441.

The first condition corresponds to material content C that is not copy or display protected. The second condition corresponds to the copy-once 222 state of the prior art ticketing scheme, as illustrated in FIG 3. Because the decrypted ticket T 441 will only equal the original ticket T 341 when the display device has a key K' 421 that corresponds to the key K 321 at the conditional access module 300, copy-once material C that has an embedded watermark W that is equal to a twice hash of the original ticket T 341 will only be copied when the conditional access module 300 and recorder 500 have corresponding keys K 321 and K' 421. Thus, if a blind copy of the communicated signal 401 is made, it will only be copyable on the recorder 500 that contains the key K' 421 that corresponds to key K 321. Although multiple copies can be made by the same recorder 500 from the blind copy of communicated signal 401, the use of an encrypted ticket in accordance with this invention precludes the simultaneous copying of multiple copies, thereby minimizing the economic gains that can be realized by a one-at-a-time production of the protected material.

A variety of techniques are commonly available for generating corresponding encryption keys K 321, K' 421. (For ease of reference, the term receiver 400, 500 will be used to refer to either the display device 400 or the recorder 500.) In the simplest case, each receiver 400, 500 has a private key that is associated with an identifier of the receiver 400, 500, and the conditional access module 300 has a list of public keys corresponding to each identifier. The public key forms the key K 321 and the private key forms the key K' 421. In this embodiment, the ticket encrypter 330 and decrypter 430 are an asymmetric encrypter/decrypter pair. The same identifier and public/private key pair may be assigned to multiple receivers 400, 500; assigning a unique public/private key pair to each receiver 400,

500 allows an individual public key to be revoked in the event that a violation of copy rights is discovered.

Alternatively, FIG. 4 illustrates explicit key generators 320 and 420 that generate keys K 321 and K' 421. An example set of key generators 320, 420 include a "Diffie-

Hellman" key-exchange algorithm, common in the art. In the Diffie-Hellman scheme, each key generator 320, 420 selects a random large integer x, y, respectively, and publicly exchange key parameters 325 that include a large prime n, and a number g that is primitive mod n. Key generator 320 communicates X = gx mod n to key generator 420, and, Key generator 420 communicates Y = gy mod n to key generator 320. Then,

Key generator 320 computes K = Yx mod n, and Key generator 420 computes K = Xy mod n.

In this manner, both K and K' are equal to gxy mod n. Because x and y are kept private, the determination of the key K, K' is computationally difficult. In this embodiment, the ticket encrypter 330 and ticket decrypter 430 are a symmetric encrypter/decrypter pair, each using the same key value gxy mod n to encrypt and decrypt the ticket T. Note that two receivers 400, 500 will not generate the same key value with a conventional access module 300 unless they both select the same random number y. In a preferred embodiment of this invention, the receivers 400, 500 are created such that the likelihood of creating the same random number at the same time is minimal. Thus, as compared to the prior-art ticketing system, placing compliant recorders 500 in parallel to the communicated signal 401 will not allow each to copy material that is in the copy-once state

222. Similarly, as noted above, creating a blind copy of the communicated signal 401 will only allow the compliant recorder 500 having the proper key K' to produce multiple one-at-a-time copies.

Additional security may be provided by a combination of alternative security schemes. For example, FIGs. 4 and 5 illustrate the optional use of corresponding pairs of authenticators 310, 410 with the key generators 320, 420. The authenticator 310 initiates the authentication process upon receipt of a trigger 346 from the ticket detector by requesting a certification 411 from the authenticator 410. The certification 411 is a verifiable digital certificate, common in the art, that is provided by the manufacturer of the receiver and contains an identification of the particular receiver. The authenticator 310 verifies the certificate, using conventional digital signature verification techniques, and communicates the results 311 of this certification to the key generator 320. In this manner, the receiver 400, 500 can be re-authenticated upon receipt of each ticketed material 301. Non-conforming receivers, or particular receivers 400, 500 that have had their authorization revoked, can thus be prevented from receiving ticketed material.

Note that the determination or generation of the appropriate key K 321 to correspond to the key K' 421 can occur periodically, randomly, or, as mentioned above, upon receipt of ticketed material 301. In a preferred embodiment the key determination or generation also occurs whenever the communications path between the conditional access module 300 and receiver 400, 500 is newly established. In this manner, the conditional access module 300 can be reassigned, or bound, to a different receiver 400, 500, as required. Note also that the conditional access module 300 in a preferred embodiment includes a pair of key generators 320, and corresponding ticket encrypters 330, each associated with a channel. The output 401 of one channel is provided, for example, to a display device 400 at the same time that the output 401 of the other channel is provided to a recorder 500, so that an authorized copy of the protected material can be made at the same time that an authorized viewing occurs. In this embodiment, the output 401 of each channel has a different encrypted ticket, depending upon the receiver 400, 500 attached to each output 401. For completeness, FIG. 6 illustrates a flow diagram for a compliant conditional access module 300 and receiver 400, 500, in accordance with this invention. At 610, the broadcast material is received at the conditional access module 300. If the broadcast material contains encrypted material 620, it is decrypted, at 625; if it contains a ticket 630, the ticket is encrypted, at 635, using a key that corresponds to a key in the receiver 400, 500, as discussed above. The decrypted material and encrypted ticket is transmitted to the receiver 400, 500, at 640. Upon receipt, the receiver 400, 500 determines whether the material contains a ticket. If, at 650, the received material has a ticket, it is decrypted, at 655 using the key associated with the receiver 400, 500. If the receiver 400, 500 is a recorder 500, at 660, the test at 680 is applied to determine if the material is copyable. If there is no embedded watermark W in the material, or if the embedded watermark W matches a twice-hash of the decrypted ticket, the material content and embedded watermark W, if any, is copied 685, along with a hash of the decrypted ticket T, consistent with the prior- art ticketing scheme. Otherwise, the copy step 685 is bypassed. If, at 660, the receiver 400, 500 is a display device 400, the test at 670 is applied. If there is no embedded watermark W in the material, or if the embedded watermark W matches the decrypted ticket or a thrice-hash of the decrypted ticket, the material content C is displayed 675. Otherwise, the display step 675 is bypassed. After copying, displaying, or bypassing, the process continues, at 690, awaiting the receipt of the next broadcast material, at 610.

The foregoing merely illustrates the principles of the invention. It will thus be appreciated that those skilled in the art will be able to devise various arrangements which, although not explicitly described or shown herein, embody the principles of the invention and are thus within its spirit and scope. For example, the above described ticket encryption scheme at the conditional access module may be embodied in other devices, such as a conventional player 110, an unconditional access module, or any other device that receives ticketed material from a source and provides it to an intended receiver 400, 500. Similarly, the details of the prior art ticketing scheme is presented above for illustration purposes. Other ticketing schemes may also be employed, requiring only a change to the particular ticket tests 675, 685 to correspond to such schemes.

Note that the particular functions and structures in the figures are presented for illustration purposes. Alternative arrangements are feasible. For example, the ticket encrypter 330 can be located at the site of the provider of the broadcast 301, such that the material 301 is received at the broadcast decrypter 350 with a ticket that is suitably encrypted for decryption by the receiver 400, 500. In this embodiment, the conditional access module 300 will include means for communicating an identification of the receiver 400, 500 to the provider of the broadcast 301. In like manner, some or all of the illustrated components of the conditional access module 300 may be included in the receiver 400, 500, or other device. These and other system configuration and optimization options will be evident to one of ordinary skill in the art in view of this invention, and are included within the scope of the following claims.

Claims

CLAIMS:
1. A device (300) comprising: a ticket detector (340) that extracts a ticket (341) and a material content (342) with embedded watermark (W) from a source, a ticket encrypter (330) that encrypts the ticket (341) based on a key (321) that depends upon an intended receiver of the material content (342), to provide an encrypted ticket (331) that is communicated with the material content (342) with embedded watermark (W) to a receiving device (400, 500).
2. The device (300) of claim 1, further including a broadcast decrypter (430) that decrypts a broadcast transmission (301) to form the source of the ticket (341) and material content (342) with embedded watermark (W).
3. The device (300) of claim 1, further including a key generator (320) that generates the key (321) that depends upon the intended recei ver .
4. The device (300) of claim 3, wherein the key generator (320) includes a Diffie-Hellman key-exchange system.
5. The device (300) of claim 1, further including an authenticator (310) that authenticates the receiving device (400, 500) as the intended receiver.
6. A receiver (400, 500) comprising: a ticket detector (340) that extracts an encrypted ticket (431) from a received communication (401) that includes the encrypted ticket (431) and a material content (442) with an embedded watermark (W), a ticket decrypter (430) that decrypts the encrypted ticket (431) to form a decrypted ticket (441), and a controller (460, 560) that determines at least one of a display permission and a copy permission based on the embedded watermark (W) and the decrypted ticket (441)..
7. The receiver (400, 500) of claim 6, further including a key generator (420) that generates a key (421) that is provided to the ticket decrypter (430) to decrypt the encrypted ticket (431) to form the decrypted ticket (441).
8. The receiver (400, 500) of claim 7, wherein the key generator (420) includes a Diffie-Hellman key-exchange system.
9. The receiver (400, 500) of claim 6, further including an authenticator (410) that provides a certification (411) to a device (300) that provides the received communication (401) to facilitate a creation of the encrypted ticket (431).
10. The receiver (400, 500) of claim 6, wherein the controller (460, 560) determines the at least one display permission and copy permission based on at least one hash of the decrypted ticket (441).
11. The receiver (400, 500) of claim 6, further including at least one of a display
(400) and a copier (500).
12. A method for communicating a copyright material comprising: encrypting (635) a ticket (341) associated with the copyright material to form an encrypted ticket (331) based on an intended receiver, and communicating (640) the encrypted ticket (331) with the copyright material to a receiving device (400, 500) to facilitate an enforcement of the copyright in dependence upon whether the receiving device (400, 500) is the intended receiver.
13. The method of claim 12, further including generating a key (321) based on the intended receiver that is used in encrypting (635) the ticket (341).
14. The method of claim 13, wherein the step of generating the key (321) includes effecting a Diffie-Hellman key-exchange.
15. The method of claim 12, further including authenticating the receiving device (400, 500) as the intended receiver.
16. A method for enforcing protection to copyright material comprising: decrypting (655) an encrypted ticket (431) to form a decrypted ticket (441), determining (670, 680) at least one of a display permission and a copy permission based on the decrypted ticket (441) and a watermark that is embedded in the copyright material.
17. The method of claim 16 further including generating a key (421) that is used in decrypting the encrypted ticket (431).
18. The method of claim 17, wherein the step of generating the key (421) includes effecting a Diffie-Hellman key-exchange.
19. The method of claim 16, wherein the step of determining (670, 680) at least one display permission and copy permission is based on at least one hash of the decrypted ticket (441).
PCT/EP1999/004766 1998-07-14 1999-07-07 Copy protection by ticket encryption WO2000004549A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US9272798P true 1998-07-14 1998-07-14
US60/092,727 1998-07-14
US33362899A true 1999-06-15 1999-06-15
US09/333,628 1999-06-15

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP99932846A EP1145243A3 (en) 1998-07-14 1999-07-07 Copy protection by message encryption
JP2000560583A JP2002520682A (en) 1998-07-14 1999-07-07 Copy protection by the ticket encryption
KR1020007002682A KR20010023967A (en) 1998-07-14 1999-07-07 Copy protection by ticket encryption

Publications (2)

Publication Number Publication Date
WO2000004549A2 true WO2000004549A2 (en) 2000-01-27
WO2000004549A3 WO2000004549A3 (en) 2001-06-07

Family

ID=26785979

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP1999/004766 WO2000004549A2 (en) 1998-07-14 1999-07-07 Copy protection by ticket encryption

Country Status (5)

Country Link
EP (1) EP1145243A3 (en)
KR (1) KR20010023967A (en)
CN (1) CN1333975A (en)
TW (1) TW406249B (en)
WO (1) WO2000004549A2 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002091666A1 (en) * 2001-05-04 2002-11-14 Quantum Digital Solutions, Inc. Hopscotch ticketing
WO2006024233A1 (en) * 2004-09-01 2006-03-09 Huawei Technologies Co., Ltd. Method for protecting broadband video and audio broadcast content
WO2006024234A1 (en) * 2004-09-01 2006-03-09 Huawei Technologies Co., Ltd. Method ano apparatus for protecting broadband video and audio broadcast content
US7908635B2 (en) 2000-03-02 2011-03-15 Tivo Inc. System and method for internet access to a personal television service
US8171520B2 (en) 2000-03-02 2012-05-01 Tivo Inc. Method of sharing personal media using a digital recorder
US8261315B2 (en) 2000-03-02 2012-09-04 Tivo Inc. Multicasting multimedia content distribution system
US8275094B2 (en) 2006-04-03 2012-09-25 Huawei Technologies Co., Ltd. Method and devices for providing wetting current
US8812850B2 (en) 2000-03-02 2014-08-19 Tivo Inc. Secure multimedia transfer system

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100678018B1 (en) 2005-01-07 2007-02-02 엘지전자 주식회사 Method and apparatus for recording and reproducing based on set parental level
JP4140624B2 (en) 2005-09-16 2008-08-27 ソニー株式会社 The information processing apparatus, the information recording medium manufacturing apparatus, an information recording medium, method, and computer program
EP2100452A1 (en) 2006-12-11 2009-09-16 Thomson Licensing Text-based anti-piracy system and method for digital cinema

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0716544A2 (en) * 1994-12-08 1996-06-12 Lg Electronics Inc. Copy prevention method and apparatus of a digital magnetic recording/reproduction system
US5574787A (en) * 1994-07-25 1996-11-12 Ryan; John O. Apparatus and method for comprehensive copy protection for video platforms and unprotected source material
EP0750423A2 (en) * 1995-06-23 1996-12-27 Irdeto B.V. Method and apparatus for controlling the operation of a signal decoder in a broadcasting system
EP0800312A1 (en) * 1995-10-09 1997-10-08 Matsushita Electric Industrial Co., Ltd. Data transmitter, data transmitting method, data receiver, information processor, and information recording medium
WO1997043853A1 (en) * 1996-05-15 1997-11-20 Macrovision Corporation Method and apparatus for copy protection of copyrighted material on various recording media
WO1998033325A2 (en) * 1997-01-27 1998-07-30 Koninklijke Philips Electronics N.V. Method and system for transferring content information and supplemental information relating thereto
WO1999011064A2 (en) * 1997-08-26 1999-03-04 Koninklijke Philips Electronics N.V. System for transferring content information and supplemental information relating thereto

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5574787A (en) * 1994-07-25 1996-11-12 Ryan; John O. Apparatus and method for comprehensive copy protection for video platforms and unprotected source material
EP0716544A2 (en) * 1994-12-08 1996-06-12 Lg Electronics Inc. Copy prevention method and apparatus of a digital magnetic recording/reproduction system
EP0750423A2 (en) * 1995-06-23 1996-12-27 Irdeto B.V. Method and apparatus for controlling the operation of a signal decoder in a broadcasting system
EP0800312A1 (en) * 1995-10-09 1997-10-08 Matsushita Electric Industrial Co., Ltd. Data transmitter, data transmitting method, data receiver, information processor, and information recording medium
WO1997043853A1 (en) * 1996-05-15 1997-11-20 Macrovision Corporation Method and apparatus for copy protection of copyrighted material on various recording media
WO1998033325A2 (en) * 1997-01-27 1998-07-30 Koninklijke Philips Electronics N.V. Method and system for transferring content information and supplemental information relating thereto
WO1999011064A2 (en) * 1997-08-26 1999-03-04 Koninklijke Philips Electronics N.V. System for transferring content information and supplemental information relating thereto

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
INGEMARSSON I ET AL: "A conference key distribution system" IEEE TRANSACTIONS ON INFORMATION THEORY, SEPT. 1982, USA, vol. 28, no. 5, pt.1, pages 714-720, XP002121757 ISSN: 0018-9448 *
LINNARTZ J-P, DEPOVER G, KALKER T: "Philips Electronics response to call for proposals issued by the Data Hiding Subgroup copy protection technical working group"1997, XP002118336 cited in the application *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10206010B2 (en) 2000-03-02 2019-02-12 Tivo Solutions Inc. Method of sharing personal media using a digital recorder
US10080063B2 (en) 2000-03-02 2018-09-18 Tivo Solutions Inc. Method of sharing personal media using a digital recorder
US9854289B2 (en) 2000-03-02 2017-12-26 Tivo Solutions Inc. Secure multimedia transfer system
US7908635B2 (en) 2000-03-02 2011-03-15 Tivo Inc. System and method for internet access to a personal television service
US8171520B2 (en) 2000-03-02 2012-05-01 Tivo Inc. Method of sharing personal media using a digital recorder
US8261315B2 (en) 2000-03-02 2012-09-04 Tivo Inc. Multicasting multimedia content distribution system
US9826273B2 (en) 2000-03-02 2017-11-21 Tivo Solutions Inc. System and method for internet access to a personal television service
US8336077B2 (en) 2000-03-02 2012-12-18 Tivo Inc. System and method for internet access to a personal television service
US8656446B2 (en) 2000-03-02 2014-02-18 Tivo Inc. System and method for internet access to a personal television service
US8812850B2 (en) 2000-03-02 2014-08-19 Tivo Inc. Secure multimedia transfer system
US9055273B2 (en) 2000-03-02 2015-06-09 Tivo Inc. System and method for internet access to a personal television service
WO2002091666A1 (en) * 2001-05-04 2002-11-14 Quantum Digital Solutions, Inc. Hopscotch ticketing
WO2006024234A1 (en) * 2004-09-01 2006-03-09 Huawei Technologies Co., Ltd. Method ano apparatus for protecting broadband video and audio broadcast content
WO2006024233A1 (en) * 2004-09-01 2006-03-09 Huawei Technologies Co., Ltd. Method for protecting broadband video and audio broadcast content
US8275094B2 (en) 2006-04-03 2012-09-25 Huawei Technologies Co., Ltd. Method and devices for providing wetting current

Also Published As

Publication number Publication date
EP1145243A2 (en) 2001-10-17
EP1145243A3 (en) 2004-11-03
KR20010023967A (en) 2001-03-26
TW406249B (en) 2000-09-21
CN1333975A (en) 2002-01-30
WO2000004549A3 (en) 2001-06-07

Similar Documents

Publication Publication Date Title
EP1098311B1 (en) Revocation information updating method, revocation information updating apparatus and storage medium
KR100533225B1 (en) A method and a system for transferring information using an encryption mode indicator
US7162642B2 (en) Digital content distribution system and method
JP4798935B2 (en) Content Security method for providing a long-term permit renewal security, the device and computer readable storage medium
CN1329909C (en) Secure single drive copy method and apparatus
US6367019B1 (en) Copy security for portable music players
JP5026670B2 (en) Divided right in the approved area
US7356143B2 (en) System, method, and apparatus for securely providing content viewable on a secure device
RU2290767C2 (en) Receiving device for protective preservation of a unit of content and reproduction device
US9270673B2 (en) Terminal device, verification device, key distribution device, content playback method, key distribution method, and computer program
KR100692344B1 (en) Public key media key block
US8656178B2 (en) Method, system and program product for modifying content usage conditions during content distribution
CN1190033C (en) Enciphering apparatus and method, deciphering apparatus and method as well as information processing apparatus and method
JP4524920B2 (en) Information recording apparatus, information reproducing apparatus, the authentication processing apparatus, information recording method, information reproducing method, and authentication method
US20040243814A1 (en) Digital work protection system, recording apparatus, reproduction apparatus, and recording medium
US7725720B2 (en) Method for generating and managing a local area network
KR100798199B1 (en) Data processing apparatus, data processing system, and data processing method therefor
USRE42107E1 (en) Digital data file encryption apparatus and method and recording medium for recording digital data file encryption program thereon
US7466826B2 (en) Method of secure transmission of digital data from a source to a receiver
US20020154779A1 (en) Data recording/reproducing device and saved data processing method, and program proving medium
AU2004258523B2 (en) Reprogrammable security for controlling piracy and enabling interactive content
US7845011B2 (en) Data transfer system and data transfer method
US20060021065A1 (en) Method and device for authorizing content operations
EP2330533A1 (en) Recording/reproducing system, recording medium device, and recording/reproducing device
EP1521422B1 (en) Method of creating domain based on public key cryptography

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 99801574.1

Country of ref document: CN

AK Designated states

Kind code of ref document: A2

Designated state(s): CN JP KR

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

WWE Wipo information: entry into national phase

Ref document number: 1999932846

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 1020007002682

Country of ref document: KR

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWP Wipo information: published in national office

Ref document number: 1020007002682

Country of ref document: KR

AK Designated states

Kind code of ref document: A3

Designated state(s): CN JP KR

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

WWP Wipo information: published in national office

Ref document number: 1999932846

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1999932846

Country of ref document: EP

WWG Wipo information: grant in national office

Ref document number: 1020007002682

Country of ref document: KR