WO2006030336A1 - Method, apparatus, and medium for protecting content - Google Patents

Method, apparatus, and medium for protecting content Download PDF

Info

Publication number
WO2006030336A1
WO2006030336A1 PCT/IB2005/052850 IB2005052850W WO2006030336A1 WO 2006030336 A1 WO2006030336 A1 WO 2006030336A1 IB 2005052850 W IB2005052850 W IB 2005052850W WO 2006030336 A1 WO2006030336 A1 WO 2006030336A1
Authority
WO
WIPO (PCT)
Prior art keywords
usage right
information
right information
party
digital content
Prior art date
Application number
PCT/IB2005/052850
Other languages
English (en)
French (fr)
Inventor
Johan C. Talstra
Wilhelmus F. J. Fontijn
Philip S. Newton
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Priority to MX2007002955A priority Critical patent/MX2007002955A/es
Priority to EP05777354A priority patent/EP1792246A1/en
Priority to BRPI0515162-7A priority patent/BRPI0515162A/pt
Priority to JP2007530811A priority patent/JP2008513854A/ja
Publication of WO2006030336A1 publication Critical patent/WO2006030336A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general

Definitions

  • the invention relates to a method of controlling use of a digital content comprising the steps of: associating said digital content with a first party; and associating usage right information with said digital content, said usage right information defining one or more conditions that control the use of said digital content by said first party.
  • the invention further relates to an apparatus for controlling use of a digital content comprising: a first associating means arranged to associate said digital content with a first party; and a second associating means arranged to associate usage right information with said digital content, said usage right information defining one or more conditions that control the use of said digital content by said first party.
  • the invention also relates to a method of using a digital content for which usage is controlled, comprising the steps of: obtaining a usage right information associated with said digital content, said digital content associated with a first party, and said usage right information defining one or more conditions that control the use of said digital content by said first party.
  • the invention further relates to an apparatus for using of a digital content for which usage is controlled, comprising: a first obtaining means arranged to obtain a usage right information associated with said digital content, said digital content associated with a first party, and said usage right information defining one or more conditions that control the use of said digital content by said first party.
  • the invention also relates to a storage medium for digital data, the medium storing: a digital content associated with a first party; and a usage right information associated with said digital content, said usage right information defining one or more conditions that control the use of said digital content by said first party.
  • Usage right information is an important concept in DRM systems. Usage right information controls and regulates the use of content that is under control of the DRM system. Usage right information can vary from DRM system to DRM system, and can range from usage rights such as "copy never", “copy one time”, to "view until Wednesday”. There are several methods in use to store usage right information:
  • Device-Centric usage right information is securely stored inside the playback or storage device.
  • Media-Centric usage right information is securely stored on the media that holds the content.
  • the Media-Centric usage right information storage allows associated content to be used in any media centric DRM compatible device as usage right information travels together with content.
  • Content under control of a DRM system is often encrypted with one or more content keys.
  • the usage right information determines when a user can access the content keys and thereby the content. For this reason the storage of usage right information has a prominent role in DRM systems and often usage right information is stored in a secure storage to prevent tampering.
  • the Key Locker (encrypted with the Key Locker Key) provides secure storage for usage right information.
  • a new Key Locker Key and re- encrypting the Key Locker
  • this particular solution even provides an effective protection against a "copy-restore attack" in which an attacker copies the Key Locker and restores it after consuming a usage right.
  • WO2002/15184 (Attorney Docket PHNL000448) provides a secure way to store usage right information by a first party on a record carrier, and provides a system that blocks other parties from accessing said usage right information, and thereby the associated content.
  • the method as set forth in the first paragraph is further characterized in that it comprises a step of: associating an access permission information with said usage right information which access permission information grants access to said usage right information to a second party, other than the first party, in order for said second party to use said digital content in accordance with said usage right information.
  • Each access permission information may grant one or more parties, other than the first party associated with said content, access to the digital content associated with the usage right information.
  • the invention enables new business models.
  • a good example of such a scenario is the application of the present invention in a Blu-ray BD-ROM player.
  • BD-ROM player fitted with a hard-disc drive (HDD) and a Java Virtual Machine (JVM) for executing small Java programs.
  • the BD-ROM player is further fitted with a module that provides Internet access. Content stored on the HDD of the Blu-ray BD-ROM player is accessed by means of applications. Furthermore assume that access permission information is defined on an application basis.
  • Content on the HDD of the BD-ROM player can originate from a variety of sources; from pre-recorded BD-ROM discs, or from the Internet.
  • the content can be stored on the HDD in a secure fashion, by using an enhanced Key Locker according to the present invention.
  • This Key Locker provides fine-grained access control to usage right information, and thereby to the associated content.
  • a consumer buys a BD-ROM disc comprising a first movie from a first studio.
  • a first title song from the first movie could be downloaded over the Internet using the aforementioned BD-ROM player.
  • the first title song can be rendered using a small Java program called Xlet that was distributed on the disc of said first movie.
  • the first studio and a second studio have come to an agreement to share access to their content to provide end-users with a seamless interface between content from both studios.
  • the second studio can release digital content, and usage right information with accompanying access permission information that grants the Xlet provided by the first studio access to the usage right information of the second movie. Thereby allowing the Xlet from the first studio to render the title song from both the first and the second studio.
  • the same mechanism may be used by the second studio to exclude an Xlet from an untrustworthy third studio from access to the usage right information of the second title song, and thereby from access to the second title song.
  • parties that desire access to usage right information have to authenticate themselves before they are granted access to the usage right information.
  • Authentication can be done on-line using a public/private key pair, or off-line by providing a certificate signed by a trusted third party. In doing so, the likelihood that a malicious party can obtain access to said usage right information may be further reduced.
  • the content associated with the usage right information is encrypted, and the usage right information further comprises the content key for decrypting said content. In doing so an attacker that wants to get the digital content in the clear will have to obtain a content key before being able to access said content.
  • the usage right information is cryptographically bound, i.e. encrypted, using a hidden information.
  • a hidden information could be stored on a hidden channel stored on the storage medium for digital data on which the digital content is stored.
  • the hidden information could be stored in a secure or tamper resilient storage in e.g. a Non- Volatile memory in a Blu-ray BD-ROM player.
  • the usage right information is cryptographically bound in a different way; the usage right information is hashed together with the hidden information, e.g. using a cryptographic hash.
  • a checksum is formed that can be used to cryptographically verify the integrity of the usage right information.
  • a hacker that wants to tamper with the usage right information will have to compute a new checksum, which in turn requires access to the hidden information.
  • the access permission information associated with the usage right information is cryptographically bound, e.g.
  • the digital content is stored on a storage medium for digital data using a file system that associates access permission information with said digital content.
  • the access permission information associated with said digital content is also used as the access permission information associated with said usage right information.
  • the access permission information can be shared.
  • This embodiment can be advantageously combined with a solution that calculates a hash over the access permission information and the usage right information.
  • the DRM can detect access permission information manipulation in the file system.
  • the collective usage right information associated with the content stored on said storage medium for digital data is hierarchically structured similarly to the content on said storage medium for digital data. The use of such a hierarchical structure can effectively reduce the amount of access permission information needed.
  • the access permission information associated with said usage right information is defined separately for: the first party associated with said digital content; at least one group comprising the first party associated with said digital content; all parties.
  • the access permission information can comprise credentials.
  • a credential is a signed statement that a particular party or group is granted access to a particular usage right information.
  • the signature can be verified to see whether or not a credential is legitimate, for example by verifying the signature using a public key of the signing party.
  • credentials could be signed by the first party associated with said digital content or by a trusted third party. Credentials can be used to augment the previously proposed owner, group, world access permission information and to provide flexible fine-grained access permission information for usage right information.
  • the invention further relates to an apparatus as set forth in the first paragraph, the apparatus further characterized in that the apparatus comprises: a third associating means arranged to associate an access permission information with said usage right information which access permission information grants access to said usage right information to a second party, other than the first party, in order for said second party to use said digital content in accordance with said usage right information.
  • the method as set forth in the second paragraph is further characterized in that it further comprises a step of: obtaining an access permission information associated with said usage right information; and granting a second party, other than the first party, access to said usage right information if the access permission information permits, in order for said second party to use said digital content in accordance with said usage right information.
  • the above method effectively uses access permission information associated with usage right information for controlling the use of a digital content.
  • Such information can be provided by the method of controlling use of a digital content according to the present invention, both methods complement one another.
  • the method of using a digital content for which usage is controlled shares the advantages related to the addition of access permission information, as well as the advantages related to the particular way of storing access permission information and usage right information discussed earlier.
  • the invention further relates to an apparatus as set forth in the second paragraph, the apparatus further characterized in that a second obtaining means arranged to obtain an access permission information associated with said usage right information; and a control means arranged to grant a second party, other than the first party, access to said usage right information if the access permission information permits, in order for said second party to use said digital content in accordance with said usage right information. It is yet another object of the invention to provide a storage medium for digital data for controlling use of a digital content.
  • the storage medium for digital data as set forth in the third paragraph is characterized in that it further stores: an access permission information associated with said usage right information that grants access to said usage right information to a second party, other than the first party, in order for said second party to use said digital content in accordance with said usage right information.
  • Fig. 1 is a schematic diagram of a network centric DRM system
  • Fig. 2 is a schematic diagram of a (personal) card centric DRM system
  • Fig. 3 is a schematic diagram of a device centric DRM system
  • Fig. 4 is a schematic diagram of a media centric DRM system
  • Fig. 5 is a schematic diagram of the layout of a Key Locker
  • Fig. 6 is a schematic diagram of the security architecture of a device
  • Fig. 7 is a schematic diagram of a simple Key Locker according to the present invention
  • Fig. 8 is a schematic diagram of the MHP File Access Control Mechanism
  • Fig. 9 is a schematic diagram of a Key Locker according to the present invention.
  • Fig. 10 is a schematic representation of an apparatus according to the invention for controlling use of a digital content according to the invention, a storage medium for digital data according to the invention, and an apparatus for using a digital content for which usage is controlled according to the invention.
  • Fig. 1 depicts a schematic diagram of a Network Centric DRM system according to the prior art.
  • usage right information 110 is stored securely on a dedicated server in a network 115.
  • a device 100 wanting to access content stored on a storage medium for digital data 105 consults the server to obtain (and if necessary update) the usage right information 110.
  • the server might reside somewhere on the Internet (e.g. at the content owner's), or in a home network. This method of storing usage right information requires devices to be (almost) always on-line when accessing content. Examples of this type of DRM system are DivX ® DRM, and DVB-CPT.
  • Fig. 2 depicts a schematic diagram of a (Personal) Card-Centric DRM system according to the prior art.
  • usage right information 110 is stored securely on a removable card or token 125, e.g. a smart-card, SD card, MemoryStick etc.
  • This method of usage right information storage requires devices to have a slot for a plug- in card.
  • This particular type of DRM system is currently used for Conditional Access in Pay TV.
  • Fig. 3 depicts a schematic diagram of a Device Centric DRM system according to the prior art.
  • usage right information 110 is stored securely inside a fixed playback or storage device 100 (e.g. a PC on which the content resides).
  • a device 100 wanting to access content stored on a storage medium for digital data 105 administers the usage right information 110 itself.
  • a recent example of such system is the content downloaded onto a Blu-ray Disc Player with local storage (a hard-disc drive (HDD)).
  • Microsoft Windows Media® is an example of a Device Centric DRM system.
  • a fourth variant has been developed which aims essentially at combining the current optical media content distribution business-model with DRM, giving an optical disc almost the same functionality as an SD-card or MemoryStick.
  • Fig. 4 presents a schematic diagram of a Media-Centric DRM system according to the prior art.
  • usage right information is stored securely on a storage medium for digital data 105 that also holds the digital content.
  • Devices (100, 101) wanting to access content have special circuitry to retrieve (and if necessary update) the usage right information 110 on the storage medium for digital data.
  • this method of usage right information storage content can be consumed in any (media-centric DRM compatible) device as usage right information right travels together with the content.
  • the usage right information is stored in a secure storage area to prevent tampering.
  • a malicious user might for example want to change a play three times usage right into a play hundred times usage right.
  • secure storage also may prevent theft of the digital content, in particular if the usage right information is a key.
  • programmable platforms which allow software to be run from many independent sources, preventing tampering is relatively hard to achieve.
  • a (software-)application that requires secure-storage authenticates itself to the system (typically using public-key cryptography), either with a signature or with a challenge- response protocol if the software runs remotely. Part of the authentication process is to inform the system of the Application ID which has been assigned to this application.
  • FIG. 5 shows a schematic representation of a Key Locker 500.
  • the Key Locker 500 comprises a set of entries e.g. entries 521, 522, and 528 corresponding to AssetData.
  • Each AssetData comprises an application ID e.g. application IDs 501, 502, and 508 and an associated AssetString e.g. AssetStrings 511, 512, and 518.
  • Applications only get access to AssetStrings with the identical Application ID. Because of this Application ID-mechanism applications cannot access AssetData from other applications.
  • the system protects the Key Locker by cryptographically hashing and/or encrypting it with a key, referred to as the Key Locker Key, which is stored in a place that is inaccessible to the casual hacker.
  • a Key referred to as the Key Locker Key
  • this may be a Non- Volatile memory (NVRAM/Flash)
  • NVRAM/Flash Non- Volatile memory
  • Media-Centric usage right information storage this may typically be a hidden channel.
  • the Key Locker Key may be updated every time an AssetData is accessed or updated.
  • the application may decrypt and use the content accordingly.
  • the hidden channel is used for storing hidden information such as the Key Locker Key in a side-channel on a storage medium for digital data containing information that cannot be written by the user but only by a compliant DRM application, and is therefore lost in bit-copies made by the user.
  • the side-channel provides a method to store additional information on a recordable storage medium for digital data e.g. by exploiting the fact that multiple read-out signals represent the same user-data pattern (data available to the user). For instance an additional message may be coded in the error-correction parities. The error- correction mechanism will remove these parities, so the user does not see any difference, but dedicated circuitry preceding the error-correction mechanism does.
  • FIG. 6 depicts a schematic representation of the security architecture of a device.
  • the diagram depicts a storage media 105 and a player 100.
  • the storage media comprises encrypted content 600, the Key Locker 601, and the hidden channel 602 used for storing the Key Locker Key.
  • the player 100 comprises a Non- Volatile memory 625 that can serve as an alternative secure storage for storing the Key Locker Key (Media-Centric/Device- Centric DRM).
  • a hidden information 645 here the Key Locker Key from either the hidden channel 602 or the Non- Volatile memory 625, is sent to a Decryption and Verification Module 615 for decrypting and/or verifying the Key Locker data.
  • the AssetData is retrieved and the AssetString comprising the usage right information is sent to the Right Evaluation module 635.
  • the Rights Evaluation module controls whether or not the content is allowed to be rendered.
  • the Decryption and Verification Module 615 extracts the content key from the Asset Data, and passes this to the Content Decryption Module 610.
  • the decrypted content is then passed to the Output Gate 640 that under control of the Right Evaluation module 635 gates or passes the decrypted content to an output for example for rendering.
  • Full Feature mode BD-ROM players include a Java- Virtual Machine (JVM), which can run small programs called Xlets. These flexible and powerful rendering machines also have network connections and may have local storage in the form of a Hard Disc Drive (HDD).
  • the content owner may distribute the Xlets together with the movie on the BD-ROM disc or via a network connection.
  • Content or movie studios may use various forms of DRM, e.g. downloading title-songs to the HDD after payment under control of an Xlet.
  • the architecture as outlined in WO2002/15184 (Attorney Docket PHNL000448) can in principle manage the keys and usage right information for such songs.
  • application images that are feasible within a system in accordance with the present invention include: different third party developers may develop Xlets (with different application IDs) for a studio; the studio will want them to share its A/V-content with a third party Xlet; studios may give other studios access to some of their usage right information, e.g. to allow Xlets to make catalogues of content; and native Java code (i.e. installed in the player as part of the JVM by the manufacturer) may need to be given access to the A/V-content of a studio.
  • Xlets with different application IDs
  • studios may give other studios access to some of their usage right information, e.g. to allow Xlets to make catalogues of content
  • native Java code i.e. installed in the player as part of the JVM by the manufacturer
  • Fig. 7 depicts an enhanced Key Locker 700 according to the present invention.
  • the Key Locker 700 comprises several entries of AssetData according to the present invention, e.g. AssetData 721, 722, and 728.
  • the general structure of the Key Locker 700 resembles that of the Key Locker 500 in Fig. 5.
  • each entry in this Key Locker also comprises an access permission information such as access permission information 701, 702, and 708.
  • the access permission information controls access to the usage right information comprised in the AssetString, thereby allowing other applications with other application IDs to be granted or denied access to said usage right information. In doing so the access permission information indirectly controls access to the actual digital content associated with said AssetData.
  • this access permission information 701 explicitly authorizes the application with Application ID 502 to read the AssetString 511 associated with Application ID 501.
  • the AssetString 511 is readable by the applications with Application ID 501 and 502 respectively.
  • AssetString 511 is not accessible to the application with Application ID 508, as the access permission information 701 does not authorize the latter application.
  • MHP MultiMedia Home Platform
  • MHP uses a subset of Java fitted with extension of Java to enable running of Java Xlets on e.g. Set-Top Boxes (STB) for the purpose of browsing, interaction with AJV- data etc. (see http://www.mhp.org). More information regarding the definition of the MHP standard can be obtained from: "ETSI TS 102 812 Vl.1.1 (2001-11) Digital Video Broadcasting (DVB); Multimedia Home Platform (MHP) Specification 1.1" (available from http ://www. etsi.org) .
  • an application e.g. an Xlet
  • an Xlet When an application, e.g. an Xlet, is loaded it is first authenticated by the platform.
  • the platform subsequently treats the application as a user on the platform; the application has its own home directory, and a group of applications to which it belongs.
  • the application comes with a Permission Request File, through which it requests certain resources from the system (network access, etc.).
  • the requested resources may be granted depending on a system- and a user-policy file.
  • Application data is stored on the local storage, such as a HDD of a STB.
  • MHP defines a two-layered access structure to data stored on the local storage.
  • the first layer comprises Unix style access permission information.
  • the second layer comprises a credential mechanism that overrules the first layer.
  • the first layer in the access structure resembles that of the Unix file access mechanism. Every file and directory stored on the local storage is endowed with read/write access-permissions for three levels; an application (that created the data), and organisation (application that belong to the same organisation as the creating application); and the world (all applications).
  • the second layer provides a mechanism to override the first layer, and provides a more fine-grained access control.
  • the owner of a file(s)/directory can prepare a credential.
  • a credential is a (signed) statement that another application (e.g. from another group) can access file(s) or directory. This credential is contained in the Permission Request File of the other application mentioned above.
  • the platform may decide, based on the credential and the policy files that the application should get access to such additional files.
  • Fig. 8 depicts a schematic diagram of the MHP File Access Control Mechanism.
  • the diagram depicts a tree structure and a credential 850.
  • the tree structure depicts three access permission levels; the world-level 801, the group-level 802, and the application level 803.
  • the actual digital content is located in files at the bottom of the tree, here the files 830, 831, 832, and 833.
  • the world- level 801 comprises a single Node 805.
  • the groups are studios; Studiol 810, Studio2 811, and Studio3 812 respectively. Each of these studios (groups) may have various applications associated with them.
  • applications are associated with movies.
  • the application level 803 comprises several movies. Moviela 820 and Movielb 821 are associated with Studiol, and Movie3a 822 is associated with Studio3 812.
  • the actual digital content owned by the various applications (here movies) is located at the bottom of the tree.
  • the first digital content Xletla 830 is associated with
  • Moviela 820 and the audio/video content AVIa 831 is associated with Moviela 820.
  • node Xletlb 832 is associated with Movielb 821
  • Xlet3a 833 is associated with Movie3a 822.
  • Each of the nodes in Fig. 8 has access permission information associated with it.
  • the access permission information comprises of three tuples of three literals each, for the example access permission information associated with Xletlb 831 is "rwx r-w — ".
  • the first tuple represents application-level access permission information
  • the second tuple represents group-level access permission information
  • the third tuple provides the world- level access permission information.
  • Each literal in a tuple corresponds to a particular type of access; 'r' for read access, 'w' for write access, and 'x' for execute access.
  • a dash indicates that that particular access permission is not granted.
  • the first tuple states that applications with the Application ID of Movie Ia 820 are allowed to read and write said data.
  • the second tuple states that all applications that have an Application ID that is a member of the group Studio 1 810, in this case an Application ID corresponding to Movie Ia 820 or Movielb 821, are allowed to read said data.
  • the third tuple states that applications outside of the group do not have access permission.
  • Xletlb 832 can read the audio/video content AVIa 831; as the access permission information for AVIa 831 allows read access to all applications in the group Studiol 810.
  • the Xletlb 832 is a member of the same group Studiol 810, therefore according to the access permission information from AVIa 831, the Xletlb 832 has read access 862.
  • Xletlb 832 is not allowed to start Xletla even though they are in the same group Studiol 810; the group access permission information for Xletla does not allow execute access 861.
  • Xlet3a 833 does not have read access to AVIa 831 based on the first layer of access permission information.
  • a credential 850 can be generated signed by Studiol 810 that explicitly states that Xlet3a 833 has read access to AVIa 831. In doing so the first layer of access permission information is overruled by the second layer of access permission information.
  • the present invention proposes to associate an access permission information with each usage right information in order to provide the means for shared access to usage right information, and thereby to the actual digital content stored on the local storage.
  • the Key Locker also referred to as secure storage, has a similar or the same structure as the directory on the local storage or recordable storage medium for digital data. That is the Key Locker contains a directory-tree with AssetData. Every item, file and/or directory, in the file-system of the local storage or recordable storage medium for digital data, may have a corresponding entry in the Key Locker.
  • the platform gives an application access to a file through the 2-layer MHP access control mechanism, it also allows the (authenticated) application access to the corresponding AssetData in the Key Locker.
  • a studio may give another Xlet associated with a different disc (either of the same studio or from another studios) access not only to their data, but also to their usage-right information and/or content-keys, necessary for playback.
  • FIG. 9 A schematic diagram of a Key Locker according to the above embodiment is depicted in Fig. 9. On the left hand side we see the MHP file system 800, as discussed earlier. On the right hand side we see a schematic representation of an embodiment of a Key Locker according to the present invention.
  • the structure of the Key Locker resembles that of the MHP File System 800.
  • the world access permissions 905 we find the world access permissions 905, and subsequently we find group access permissions for Studio 1 910, Studio2 911, and Studio3 912.
  • Studio 1 910 the world access permissions
  • Studio2 911 we find group access permissions for Studio 1 910, Studio2 911, and Studio3 912.
  • On the application level access permissions we find the Moviela 920, the Movielb 921, and the Movie3a 922.
  • the access permission information in the Key Locker 900 mimics that of the MHP File System 800.
  • the addition of Key Locker access control does not require alterations in the MHP File system 800.
  • the Key Locker 900 we furthermore find the usage right information, and possibly content keys associated with the actual digital content stored in the MHP File System 800.
  • Node 930 corresponds with content key kXletla associated with the Xletla 830.
  • Node 931 in turn comprises the usage right information associated with AVIa 831, such as play 2 times, as well as the content key kAVla needed for decrypting the content AVIa.
  • Node 932 in turn comprises the content key for decrypting of the Xletlb; kXletlb.
  • node 933 is empty; signifying that Xlet3a 933 is unencrypted. Therefore here an empty node was placed in the Key Locker, a system could be envisaged in which such an empty node is left out altogether, and the Key Locker only comprises AssetData for content that is protected by the DRM system, thereby reducing the size of the Key Locker.
  • the Xletlb 832 can read the encrypted data
  • Fig. 9 depicts a system in which access permissions are shared it is equally well possible to create separate access permissions for the MHP File System 800 and the Key Locker 900. The latter might simplify rights management, as access permission information and usage right information are clustered and therefore operations such as hashing/encrypting access permission information and usage right information is simplified.
  • a further advantage of separating access permission information for both usage right information and the content is that this allows usage right information associated with read ⁇ only content to be updated.
  • usage right information associated with read ⁇ only content would be updated.
  • a simple example of such a situation would be the use of a play 2 times usage right for a read-only movie.
  • the storage medium for digital data used in an MHP STB could be a removable/rewritable disc or could be a HDD that can be removed, and therefore might be subject to off-line inspection and manipulation. For this reason, secure storage of AssetData in a Key Locker protected by a Key Locker Key is still needed, to prevent for example a copy restore attack.
  • the access permission information should be protected.
  • the access permission information could be cryptographically hashed and the resulting checksum stored in the Key Locker. As a result it is no longer possible to cheat the system by manipulating the access permission information undetected.
  • the present invention can be incorporated in a device, such as a Personal Computer (PC), a portable audio, or video player, a car-entertainment system, a Set-Top Box, or a mobile phone.
  • a device such as a Personal Computer (PC), a portable audio, or video player, a car-entertainment system, a Set-Top Box, or a mobile phone.
  • the present invention could be applied in any device that controls the use of digital content by means of Digital Rights Management.
  • Figure 10 depicts a schematic representation of an apparatus 1001 according to the invention for recording digital content for which use is controlled on a recordable optical disc.
  • the apparatus 1001 comprises a first associating means 1011 arranged to associate said digital content with a first party. It further comprises a second associating means 1012 arranged to associate usage right information with said digital content, said usage right information defining one or more conditions that control the use of the digital content by the first party. In addition the apparatus 1001 comprises a third associating means 1013 arranged to associate an access permission information with the usage right information to grant access to the usage right information to a second party, thereby allowing the second party to distribute or use said digital content in accordance with said usage right information.
  • the apparatus 1001 further comprises a recording means 1014, to record the aforementioned information as well as the digital content on a recordable storage medium for digital data 1002.
  • the recordable storage medium for digital data 1002 thus comprises: the digital content 1021 associated with the first party, the usage right information 1022 associated with the digital content, said usage right information defining one or more conditions that control the use of said digital content by the first party, and the access permission information 1023 associated with the usage right information that grants access to the usage right information to the second party, in order for the second party to distribute or use said digital content in accordance with said usage right information.
  • Fig. 10 further depicts an apparatus 1003 for using a digital content for which usage is controlled, such as a STB fitted with an optical disc reader 1031.
  • a digital content for which usage is controlled such as a STB fitted with an optical disc reader 1031.
  • the present invention can be advantageously applied to other devices that use digital content under Digital Rights Management.
  • suitable equipment are mobile phones, portable audio players.
  • the apparatus 1003 comprises a first obtaining means 1032 arranged to obtain an usage right information associated with the digital content.
  • the digital content is associated with a first party, and the usage right information define one or more conditions that control the use of said digital content by the first party.
  • the apparatus 1003 further comprises a second obtaining means 1033 arranged to obtain an access permission information associated with said usage right information; and a control means 1034 arranged to grant a second party, other than the first party, access to said usage right information if the access permission information permits, in order for said second party to distribute or use said digital content in accordance with said usage right information.
  • the output of the control means could comprise the content key, and or usage right information associated with the digital content.
  • the apparatus 1003 can read and use the access permission information provided by means of the recordable storage medium for digital data 1002, to establish whether it is allowed to access the usage right information stored on the recordable storage medium for digital data 1002. Provided this is the case the apparatus 1003 can access the digital content stored on the recordable storage medium for digital data, and optionally decrypt it with the content key stored together, or as part of the usage right information associated with the digital content. It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims.
  • any reference signs placed between parentheses shall not be construed as limiting the claim.
  • the word “comprising” does not exclude the presence of elements or steps other than those listed in a claim.
  • the word “a” or “an” preceding an element does not exclude the presence of a plurality of such elements.
  • the invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer.
  • the device claim enumerating several means several of these means can be embodied by one and the same item of hardware.
  • the mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
PCT/IB2005/052850 2004-09-14 2005-08-31 Method, apparatus, and medium for protecting content WO2006030336A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
MX2007002955A MX2007002955A (es) 2004-09-14 2005-08-31 Metodo, aparato y medio para proteger contenido.
EP05777354A EP1792246A1 (en) 2004-09-14 2005-08-31 Method, apparatus, and medium for protecting content
BRPI0515162-7A BRPI0515162A (pt) 2004-09-14 2005-08-31 métodos de controlar o uso de um conteúdo digital e de usar um conteúdo digital, meio de armazenamento para dados digitais, aparelho para usar um conteúdo digital e produto de programa de computador
JP2007530811A JP2008513854A (ja) 2004-09-14 2005-08-31 コンテンツをプロテクトする方法、装置及び記録媒体

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP04104439 2004-09-14
EP04104439.7 2004-09-14

Publications (1)

Publication Number Publication Date
WO2006030336A1 true WO2006030336A1 (en) 2006-03-23

Family

ID=35429350

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/052850 WO2006030336A1 (en) 2004-09-14 2005-08-31 Method, apparatus, and medium for protecting content

Country Status (8)

Country Link
EP (1) EP1792246A1 (zh)
JP (1) JP2008513854A (zh)
KR (1) KR20070057940A (zh)
CN (1) CN101019083A (zh)
BR (1) BRPI0515162A (zh)
MX (1) MX2007002955A (zh)
RU (1) RU2007114069A (zh)
WO (1) WO2006030336A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008527598A (ja) * 2005-01-07 2008-07-24 エルジー エレクトロニクス インコーポレーテッド 共有データ保護方法及び保護装置並びにローカルストレージを用いた記録媒体再生方法及び再生装置

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009187146A (ja) * 2008-02-04 2009-08-20 Fuji Xerox Co Ltd 情報処理システム及び情報処理プログラム
JP5623712B2 (ja) * 2009-06-15 2014-11-12 キヤノン電子株式会社 情報処理装置、情報処理システム、制御方法、プログラム、及び記憶媒体
US8984373B2 (en) * 2012-02-22 2015-03-17 Silicon Motion, Inc. Method for accessing flash memory and associated flash memory controller

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002015184A1 (en) * 2000-08-16 2002-02-21 Koninklijke Philips Electronics N.V. Method and device for controlling distribution and use of digital works

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002015184A1 (en) * 2000-08-16 2002-02-21 Koninklijke Philips Electronics N.V. Method and device for controlling distribution and use of digital works

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Digital Video Broadcasting (DVB) Multimedia Home Platform (MHP) Specification 1.1.1", ETSI STANDARDS, EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE, SOPHIA-ANTIPO, FR, no. V121, June 2003 (2003-06-01), pages 1 - 1086, XP002326584, ISSN: 0000-0001 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008527598A (ja) * 2005-01-07 2008-07-24 エルジー エレクトロニクス インコーポレーテッド 共有データ保護方法及び保護装置並びにローカルストレージを用いた記録媒体再生方法及び再生装置

Also Published As

Publication number Publication date
EP1792246A1 (en) 2007-06-06
JP2008513854A (ja) 2008-05-01
RU2007114069A (ru) 2008-10-27
KR20070057940A (ko) 2007-06-07
BRPI0515162A (pt) 2008-07-08
MX2007002955A (es) 2007-04-24
CN101019083A (zh) 2007-08-15

Similar Documents

Publication Publication Date Title
US8613103B2 (en) Content control method using versatile control structure
US8140843B2 (en) Content control method using certificate chains
JP5450392B2 (ja) コンテンツライセンスのポータブル記憶装置へのバインド
TWI439882B (zh) 管理存取控制的系統
JP5200204B2 (ja) 高信頼性システムを含む連合型デジタル権限管理機構
US8266711B2 (en) Method for controlling information supplied from memory device
US20070043667A1 (en) Method for secure storage and delivery of media content
US20080034440A1 (en) Content Control System Using Versatile Control Structure
US20080010449A1 (en) Content Control System Using Certificate Chains
US20080010455A1 (en) Control Method Using Identity Objects
US20080235810A1 (en) Method of Authorizing Access to Content
CA2616981C (en) System and method for managing encrypted content using logical partitions
US20060161502A1 (en) System and method for secure and convenient handling of cryptographic binding state information
JP2009508412A (ja) メディアコンテンツのセキュアストレージと配信のためのモバイルメモリシステム
WO2008008244A2 (en) Content control system and method using versatile control structure
TW201301267A (zh) 資訊處理裝置、及資訊處理方法、以及程式
WO2008013656A2 (en) Content control system and method using certificate chains
WO2006030336A1 (en) Method, apparatus, and medium for protecting content
KR100960290B1 (ko) 안전한 저장을 위한 시스템
WO2006073251A2 (en) Method and apparatus for protecting shared data and method and apparatus for reproducing data from recording medium using local storage
KR20060087317A (ko) 로컬 스토리지를 포함하는 컨텐츠 재생 장치 및 그 컨텐츠보호 방법
MXPA06011033A (en) Portable storage device and method of managing files in the portable storage device

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2005777354

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: MX/a/2007/002955

Country of ref document: MX

WWE Wipo information: entry into national phase

Ref document number: 2007530811

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 200580030929.8

Country of ref document: CN

Ref document number: 1065/CHENP/2007

Country of ref document: IN

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 1020077008427

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 2007114069

Country of ref document: RU

WWP Wipo information: published in national office

Ref document number: 2005777354

Country of ref document: EP

ENP Entry into the national phase

Ref document number: PI0515162

Country of ref document: BR