METHOD AND APPARATUS FOR CONTROLLING ACCESS
TO MULTIMEDIA FILES
DESIGN AND IMPLEMENTATION
The present invention relates to a method and apparatus for enabling and disabling access to various multimedia content.
Where it is desired to send multimedia files that are stored in electronic format to another user it is possible that the originator may wish to protect the content from unauthorised use or from usage outside the conditions agreed as part of the subscription. Examples might be restricting access to specific locations, specific time periods or a specific number of accesses. It is common for such multimedia files to be supplied in a format that can be accessed by using a player that has the capability to display content that is coded in a specific format. It is generally possible to copy the original file and transfer it to an alternative location that also has access to a similar player and therefore have equal access to the same content.
It is commonplace for the originators of such content to encrypt these files so the content cannot be accessed by the player until it has been decrypted using a key. The provision of the key may be restricted by the originator to control access to the content. Once a valid key has been provided the decoded content may then be accessed by the player. It may also be copied many times and be distributed further once it is removed from its encrypted state. Thus further distribution of the content can no longer be controlled and may result in a significant loss of revenue for the content originator.
The present invention describes apparatus and a method for facilitating the supply of such multimedia content in a form that allows the originator to maintain control over access to the content. This is particularly beneficial where the multimedia content is provided on a
subscription basis or is being provided for a restricted period of time.
Examples of the use of such a system are as follows: a. provision of a video such as a movie where the subscription is made on a rental basis for a fixed period or on a pay-per-view basis; b. provision of music where playback is restricted to a single playback machine; c. provision of documentation such as an examination paper where access is not permitted before a fixed time; d. provision of a price list document where prices are only current for a specified period of time; and e. provision of training material where training is provided for a fixed location for a fixed period of time only.
In accordance with the present invention, we provide apparatus for encrypting and playing multimedia files, as follows: a. selecting the multimedia content; b. selecting the appropriate multimedia player; c. collecting appropriate key data from the user; d. selecting the appropriate key parameters; e. processing the content, player, key control and key parameters together; f. incorporating the resulting data into a single executable object; g. providing the single executable object to the user; h. checking that current key data matches the stored key parameters; i. decrypting the multimedia content on an incremental basis; j . playing the multimedia content on an incremental basis; k. communicating with the multimedia content originator by encrypted means; and
1. updating the key parameters maintained within the executable object. Also, in accordance with the present invention, we provide a method for : a. selecting the multimedia content; b. selecting the multimedia player; c. determining certain key parameters from the user; d. processing the content, player, access control and key parameters together into a single executable object; e. providing this single executable object to the user; f. executing the single object; g. checking the key parameters previously agreed with the user; h. playing the multimedia content directly from the executable object; i. further checking the key parameters previously agreed with the user; j . disabling the operation of the executable object where such parameters do not match; k. communicating with the originator of the multimedia content; 1. exchanging encrypted information with the originator of the multimedia content; and m. updating the key parameters stored within the executable object. Examples of the present invention will now be described with reference to the accompanying drawing, in which: -
Figure 1 is a schematic diagram of apparatus assembled according to the current invention.
The executable object
The executable object is a single entity designed to execute within the users end-terminal.
The executable object may exist as a single file or may be distributed between several files. It may operate in conjunction or be integrated with other apparatus. Examples might be as software loaded onto a computer or as a component within an appliance, such as a television set or audio playback system.
The executable object will be created by processing together the multimedia content, the appropriate multimedia player, the access control and the key parameters.
The key parameters will be compiled by the content originator from information supplied by the user, either manually or by an automated process. These key parameters will be embedded as part of the executable object. The executable object will also contain encryption keys that are agreed with the content originator .
The executable object is supplied to the user as a single entity rather than separate multimedia content and player. The practical restrictions on distribution of the executable object may necessitate that it is supplied in a number of smaller parts although it will be necessary for these parts to be re-assembled for it to function as a whole. When the executable object is activated by the user it will first check that the key parameters stored within the object can be validated by comparing them with the appropriate parameters at the users end-station. These parameters may be related to any aspect of the users situation that may be appropriate to the authorisation for access to the multimedia content. These parameters may include for example, the user's password, the end- station serial number, the operating system registration number, the data or time, codes provided by the content originator and the like.
Subject to the key parameters being validated the executable object will directly decrypt and play the content on an incremental basis through the end-terminal.
The decryption process will take place within the executable object and does not result in the direct availability of decrypted content to the user other than as is necessarily displayed by the embedded player. Where the key parameters are not met the executable object will not proceed with decryption of the content and playback. The executable object may request that the user re-validates the registration with the originator of the multimedia content. This transaction with the content originator may be performed manually by the user entering new access codes. Alternatively the executable object may communicate directly with the content provider to re-validate the subscription utilising the encryption keys previously agreed. The executable object may contain the facility to detect unsuccessful attempts to gain access to the content and take steps to erase or otherwise disable it.
The method The invention provides a method for creating an executable object that is a single entity containing the multimedia content with an embedded player. The method also embeds an access control feature that contains key parameters determined from the user when the provision of the multimedia content is requested.
The executable object is then provided to the user in a form compatible with the users end-station.
When the user requires access to multimedia content, it is possible for the user to select the appropriate content from facilities supplied by the content originator.
When the selection and any necessary subscription process is completed an appropriate player or viewer is automatically provided by the originators system. The originators system then requests certain pertinent information related to the chosen key parameters either from the user or directly from the user's end-station equipment. This information may
include for example, data that uniquely identifies the user, the user' s end-station or other features related to the user' s situation such as the end-station operating system software registration code or network adapter identity or the like, or combinations of these.
The content originator' s system then processes the multimedia content, the appropriate player, the access control and the key parameters into a single entity known as the executable object. This processing may take the form of a compilation process that would be familiar to one skilled in the art of creating computer software. This processing may include commonly available techniques for encryption and embedding of data with program functionality such as, for example, public/private key encryption, object-oriented programming and the like.
The resulting executable object may than be provided to the user and will only perform the desired function provided that the parameters specified by the included keys are matched at the time of execution on the user' s end-station.
The user will gain the following benefits from the system:
• multimedia content can be obtained without prior availability of a compatible player or viewer;
• subscription and licensing is automatically managed; and
• subscription and licensing renewal is automatically managed. The content originator will gain the following benefits from the system:
• content can be provided to users without regard for the availability of a compatible player at the user's end-station; • content can only be copied along with the encapsulated access control and key parameters;
• copied content can only be accessed provided the key parameters continue to be correctly validated;
• content access will automatically be disabled where key parameters have expired;
• access can be restricted to approved machines;
• access can be restricted to approved systems;
• access can be restricted to approved users;
• access can be restricted to a fixed time period; and
• access can be restricted to a maximum number of usages;
Appendix A
Each of the major components will now be described in brief.
Executable object 1
The executable object 1 is a single executable entity that encapsulates all multimedia content, player, access control and key parameters. The executable object is individually built for each user and will only function to play the content whilst the key parameters can be validated. The embedded player will be individually selected to match the format of the content being included. This may be various types of content including for example, video, audio, presentations, documents, games, books, web pages, magazines, animations and the like.
Embedded player 2 The embedded player 2 is incorporated as an integral part of the executable object. It is therefore possible for the content encoding to be specifically matched to the player. In this way it can be arranged that the content is effectively playable only with the individual instance of player provided and only then in conjunction with the access control and key parameters which are also incorporated in the same way. The player may be of various types to suit the content being displayed. For example, a display program for viewing video, a playback device for listening to audio, a viewer for viewing documents, a console for playing games and the like.
Access control and key parameters 3
The access control and key parameters 3 are embedded within the specific multimedia content player. The access control module is responsible for checking that the embedded key parameters can be appropriately matched before the embedded player is allowed to be run. The key
parameters are specified by the originators system at the time that the executable object is built. The access control may allow the user the option to renew the subscription. This may be accomplished by the user renewing the subscription directly with the originators system and the access control then communicating with the system to verify the new key parameters, utilising encryption over the communication channel as appropriate.