WO2007059807A1

WO2007059807A1 - Apparatus and method for retrieving a decryption key, license server and media player

Info

Publication number: WO2007059807A1
Application number: PCT/EP2006/001476
Authority: WO
Inventors: Andreas Eckleder; Richard Lesser
Original assignee: Nero Ag
Priority date: 2005-11-22
Filing date: 2006-02-17
Publication date: 2007-05-31

Abstract

Apparatus and Method for Retrieving a Decryption Key, License Server and Media Player Abstract For retrieving a decryption key (68) usable for decrypting an encrypted payload data, a license description is used. The license description includes a license function defining a set of different first sub-keys as function outputs obtained by inputting different function input values, the function being further defined so that at least one input value does not have an associated valid first sub-key as a function output. At least a portion (55) of the test input value associated with a decryption device for decrypting the encrypted payload data is input into the license function in a license function calculator (63). When a first sub-key is not found, an error message (64) is output. When a valid first sub-key is found, a second sub-key (66) associated with the portion of the test input value is used and combined (65) with the first sub-key to generate the decryption key (68).

Description

Apparatus and Method for Retrieving a Decryption Key, License Server and Media Player

Description

The present invention relates to a method for decrypting digital content protected by a digital rights management

(DRM) system and to be used by a playback device, which is assigned a unique identification number formed of a set of binary digits. The invention also relates to a device for decrypting content protected by a digital rights management

(DRM) system and using for decrypted content.

The term "digital rights management (DRM) " is used for any of several arrangements which allow a vendor or owner of digital content to control the material and restrict its usage in various ways that can be specified by the vendor. Typically, the content is a copyrighted digital work to which vendor holds rights. Such copyrighted digital works are for example movie or audio contents.

One example of a DRM system is the contents scrambling system (CSS) employed by the DVD forum on movie DVD discs. The data on the DVD is encrypted so that it can only be decoded and viewed using an encryption key, which the DVD consortium kept secret. In order to gain access to the key, a DVD-player manufacturer is required to sign a license agreement with the DVD consortium which restricts them from including certain desirable features in their players, such as a digital output which could be used to extract a high quality digital copy of the movie. In technical terms, a licensed DVD-player comprises an encryption key necessary for decrypting the DVD content. The encryption key stored in the DVD-player is itself encrypted and may be decrypted by using information stored on the DVD disc or on a license server for example. In the event that the encryption key stored in devices of a predetermined DVD-player manufacturer is illegally cracked, all future DVD discs will not contain information for decrypting this encryption key anymore. As a result, such DVD discs may not be played back on such compromised DVD- players .

In a more general sense, digital rights management systems comprise a description of rights, one or more physical or logical entities (referred to as principals) may exercise against a particular resource in a rights decryption language .

Description of rights is necessary in various situations, for example as mentioned above, emerging from processing, transfer and storage of resources, i.e. data, information.

Generally, a grant consists of a principal, a right that principal may exercise and a resource against which a right may be exercised as well as one or more conditions limiting the application of that right.

There are user groups by means of a list of authorized principals identified by means of a signature. This procedure requires a secure processing unit signalling access to the resource governed by a grant contained in a license description. A compromised processing unit might grant access to a resource although the license description does not allow a principal to exercise a new right against that resource. Especially, a compromised component has access to the content key that allows decryption of protected content. Once decrypted, content is freely available to anyone without the limitations imposed on it by the license.

Thus, a problem of prior art DRM systems is that, although the content is secured by encryption, the decryptor itself is not monitored. A license description may include certain conditions like a maximum number of allowable copies, a set of devices allowed to receive a copy of the digital content or only a time-out license. It is increasingly common to provide licenses on a timely basis, i.e., that a user is allowed to decrypt a digital content within a certain period such as several days, weeks, or months. When the user wishes to again decrypt the digital content, the user has to apply for a new license.

Furthermore, the distribution of encrypted content and the distribution of decryption keys for the purpose of securing digital content against un-authorized access depend on the trustworthiness of the decryption device. A trustworthy decryption device approved by the provider of the digital content has to guarantee that the decrypted digital content is not distributed in digital form. Stated differently, a trustworthy device makes sure that the output of the de- cryptor, i.e., the decrypted digital content can only be displayed on a display screen or output via speakers, but cannot be output as a non-encrypted digital file such as a compressed audio or video file.

Thus, the following steps can be performed within a digital rights management system. The user receives the digital content in encrypted form. When the user applies for a decryption key she or he receives a decryption key together with a license description setting the terms of the license against payment of a fee or against registration or anything else. When the user has received the decryption key together with the license terms, a trusted device within the user computer checks the license terms and, when the license terms are fulfilled, e.g., when the license has not expired, uses the decryption key for decrypting the digital content. Furthermore, the trusted module within the user computer makes sure that the decrypted content is not output in a digital format as a digital file etc. Instead, it is assured that the output takes place via the video display or the audio speakers only in a analog way. Typically, the trusted module is included within the user personal computer or is included within a DVD player, or is included within a graphics card or at any other suitable position in the user computer.

This, however, means that the trusted module is within the premises of the user and the user can do whatever he or she likes to compromise the trusted module. The user could, for example, bypass the license term checking stage, in which the non-compromised trusted module checks, for example, the expiry date of a license and rejects decryption, when the expiry data has already been passed. Alternatively, the user could crack the secure authenticated channel between the trusted module and the display, on which the decrypted content is present in a plain text digital format. Alternatively, the user could simply simulate a trusted module so that a central authority does not know that a requested trusted module is compromised or non-compromised.

In this context, even though the digital content has been protected in a cryptographic way, this protection is inef- ficient, since the trusted module in the user computer or, stated in general, the "arbiter" is corrupted, hacked, or compromised.

Therefore, the acceptance of such a system for a digital content provider is quite low, since the whole protection is broken when a single device has been successfully hacked. On the other hand, the creativity and inventiveness of hackers having substantially criminal energy is known to be high, especially in view of substantial amounts of money within this field of business.

On the other hand, the digital content provider has to find a way of distributing digital contents in an efficient and user-friendly way so that the distribution of digital con- tent is also accepted by the user, who has to pay for the content. Stated in other words, a very strong cryptographic distribution system fulfilling all needs of the digital content provider may fail, because it is not accepted by the user, who finally has to pay to make the whole business work.

Therefore, it is an object of the present invention to pro- vide a concept for efficiently distributing digital content, but which is also acceptable for the digital content provider.

This object is achieved by an apparatus for retrieving a decryption key in accordance with claim 1, by a license server in accordance with claim 12, a media player in accordance with claim 18, a method of retrieving a decryption key in accordance with claim 19, a method of serving licenses in accordance with claim 20, a method of media play- ing in accordance with claim 21, a computer program in accordance with claim 22, or a license description in accordance with claim 23.

The present invention is based on the finding that due to the significant and efficient information exchange via modern information exchange media such as the internet, or even printed media, the time period between a first time instant at which a certain trusted module is hacked or, generally, the time period between the time instant of hacking a certain secure DVD player and the time instant, at which this fact becomes known to the public is quite short. Thus, it is possible without extensive efforts to keep track of compromised media players over the time. In accordance with the present invention, the knowledge on such a compromised or hacked trusted device (or decryption device) providing a plain text digital content can be used for barring these devices from media decryption in the future.

In accordance with the present invention, this "barring" or revoking a right in the future, which the device had in the past, when it were not hacked, can easily be performed by using the inventive license description so that the digital content provider has the flexibility to deactivate a certain device or even a class of devices as soon as it has become known that these devices have been subjected to fraudulent manipulation.

To this end, a license description is used, which has a license function defining a set of different first sub-keys as function outputs obtained when inputting different function input values into the license function. The license function is further defined so that at least one input value does not have an associated first sub-key as function output. Each decryption device has associated therewith an identification number forming a test input value into the license function. Based on the input value or at least a portion of the input value associated with a decryption device, the output of the license function is calculated. When the license function returns a first sub-key in response to the test input value fixedly associated with the decryption device, the decryption device is regarded as a trustworthy device, while, when the license function does not have a first sub-key associated with the input value, a special message is output, but no first sub-key is output, since such a first sub-key does not exist. This non- existence of this first sub-key for certain input values associated with a decryption device indicates that the particular decryption device had been hacked. When the license function is updated with respect to this information, the first sub-key associated with the input value for this device is removed from the license function in response to the information that the particular decryption device is not trustworthy anymore.

Thus, only a return of a first sub-key by the license function allows the calculation of a decryption key for de- crypting an encrypted payload data. Particularly, the first sub-key returned by the license function when a test input value for a non-compromised decryption device has been input represents an encrypted decryption key. To finally gen- erate the decrypted or plain text decryption key, this first sub-key is combined with a second sub-key, which is associated with the portion of a test input value input into the license function to retrieve the first sub-key.

Therefore, only when the correct first sub-key is output by the license function, which is continuously updated based on information of hacked decryption devices, and when the matching second sub-key, which is fixedly associated with the decryption device ID number is retrieved, the payload data can be decrypted.

Since the license function provides the possibility to associate a certain first sub-key to a certain test input value and to not associate a first sub-key to a further input value, the parties having access to a certain encrypted digital content can be controlled. Thus, it is possible to distribute an encrypted digital content via any media without any concerns about the trustworthiness of decryption devices, since the digital media is cryptographically protected, and since it is possible to revoke the right to decrypt a certain encrypted digital content even when the encrypted digital media has already been distributed before.

In a preferred embodiment, the present invention is based on a license description comprising a binary tree with a root node, parent nodes and leaf nodes, each node being assigned a unique number formed of a set of binary digits, and each leaf node being assigned a first sub-key.

Preferably, the invention is implemented as a method for decrypting digital content protected by a digital rights management system and to be used by a playback device, which is assigned a unique identification number formed of a set of binary digits, comprising the steps of providing a licence description comprising a binary tree with a root node, parent nodes and leaf nodes, each node being assigned a unique number formed of a set of binary digits and each leaf node being assigned a first sub-key; providing a set of second sub-keys, each second sub-key being assigned to a binary digit of said identification number; searching a leaf node of the binary tree wherein the set of binary dig- its of said leaf node matches at least a portion of said binary digits forming the identification number; and if a leaf node is found, combining the first sub-key of said leaf node and said second sub-key assigned to said portion of said binary digits as to form a master key for decrypt- ing the content, and if a leaf node is not found, rejecting the decryption of the content.

In other words, a set of keys is organized in a binary tree and access is granted only to parties (identified by a unique identification number in form of a sequence of binary digits) holding the counterpart of a key by combining the key contained in the binary tree with a private counterpart thereof to build a cryptographic key. The advantage of this method is that a grant to a particular party may easily be revoked by removing the corresponding key from the binary key.

Generally speaking, the invention specifies a group of principals in the context of a grant formulated in a rights description language by means of a binary tree. Each candidate for a principal is assigned a unique sequence of binary digits "1" "0". The binary tree consists of nodes each one of which is classified uniquely as root node, parent node or leaf node. Each leaf node is assigned a crypto- graphic key or sub-key. Neither root node nor parent node ever carry such cryptographic keys. The root node is the top level node of a binary tree. Root node and parent node carry one or two child nodes which may be of the type leaf node or parent node. Leaf nodes never comprise any child nodes.

According to the present invention, a binary tree is traversed by applying its unique sequence of binary digits such that a "1" shall mean proceeding to a first child node while "0" shall mean proceeding to the other second child node. The method terminates this process upon encountering either a parent node not containing a child node as desig- nated by the currently processed binary digit, in which case a grant is to be considered rejected or upon encountering a leaf node carrying a sub-key. In the latter case, a grant is considered to be granted to the principal identified by the unique sequence of binary digits.

The method hence builds a cryptographic key by combining the key carried by the leaf node with a sub-key assigned to the unique sequence of binary digits identified by the number of bits of the unique sequence of binary digits that have been processed before finding the leaf node.

The result of this combination of both sub-keys is the master key which may be used to decrypt the resource, for example the digital data, the grant refers to.

A principal that has formerly been allowed to exercise one or more rights granted to it by one or more grants specified by means of a right description language can have this right revoked by removing any keys associated to any of the digits of the unique sequence of binary digits from the bi- nary tree specifying the group of authorized principals. Doing so will keep an unauthorized principal off from building the master key necessary for accessing any content governed by one or more such grants.

In a preferred embodiment the step of combining the first and second sub-keys comprises decrypting said first sub-key using said second sub-key as decryption key.

This means that the second sub-key is encrypted, for exam- pie by standard encryption procedures, like RSA etc., so that it is protected against illegal use. In a preferred embodiment, said digital content is audio or video content.

The inventive method is of particular advantage for de- crypting protected audio or video content.

In a preferred embodiment, said step of providing said license description comprises the step of reading said license description from a storage medium containing^' said content to be decrypted. Preferably, said storage medium is an optical storage medium, preferably a DVD disc.

The advantage of providing the license description and the content to be decrypted on a storage medium is that said playback device, like a computer, a DVD-player, a PDA, etc., can be operated offline meaning that said device has not to establish any connection to a remote server.

However, it is also possible to provide said license de~ scription by reading it from a remote license server, preferably via the internet.

This has the advantage that the license description may be updated easily. Preferably, new leaf nodes can be added or particularly nodes can be deleted quickly.

In a further preferred embodiment, said step of providing a set of unique second sub-keys comprises the step of writing said second sub-keys into a memory unit of the playback de- vice during its manufacturing process.

In a further preferred embodiment, said binary tree forming the license description comprises a leaf node for every authorized playback device.

In other words, every authorized playback device is assigned a unique identification number which in turn finds correspondence in a leaf node of the binary tree. However, if a certain playback device type looses authorization, for example because its sub-keys has been compromised, the corresponding leaf node in the binary tree is deleted. The result of this deletion is that the master key for decrypting the encrypted digital content may not be built anymore.

The advantage of this measure is that the license description may be adapted to new situations quickly.

The object of the present invention is also solved by a device for decrypting digital content protected by a digital rights management system and using the decrypted content, comprising a controller unit for processing encrypted content to be used, a first memory unit for storing a unique device identification number formed of a set of binary digits, a second memory unit for storing a license description, wherein said second memory unit is adapted to store a binary tree and a set of unique first sub-keys and a link between each sub-key and the assigned leaf node of the bi- nary tree, said first memory unit is adapted to store a set of unique second sub-keys, each sub-key being assigned a binary digit of said identification number by storing a link in said first memory unit, and an authorization unit adapted to seek a leaf node in the binary tree correspond- ing to at least a subset of the binary digits forming the identification number and combining said first sub-key assigned to at least said subset of the binary digits and said second sub-key assigned to the leaf node found to form a master key for decrypting the protected content.

This inventive device has the advantages already mentioned before with respect to the inventive method.

Preferably, the device is a DVD-player, or a personal com- puter. However, it is to be understood that the device may be any electronic apparatus which is designed to handle, preferably to playback digital content. Such digital content may for example visual or audio data, like movies or music. Particularly, digital right systems are used for protecting digital content which is of particular value.

In a preferred embodiment, the device comprises a reading unit adapted to read optical storage media, preferably DVD storage media, said optical storage media comprising said DRM protected content and said license description. More preferably, said controller unit is adapted to decrypt the protected content by using said master key.

Further features and advantages can be taken from the following description and the enclosed drawings.

It is to be understood that the features mentioned above and those yet to be explained below can be used not only in the respective combination indicated, but also in other combinations or in isolation, without leaving the scope of the present invention.

An embodiment of the invention is shown in the drawings and will be explained in more detail in the description below with reference to same. In the drawings:

Fig. 1 is a schematic diagram of a binary tree according to the present invention;

Fig. 2 is a schematic diagram showing three different identification numbers and the respective sub- keys assigned to each binary digit of the identification number;

Fig. 3 is a schematic diagram of the binary tree of Fig. 1 with one leaf node being removed;

Fig. 4 is a diagram of the identification number corresponding to the removed leaf node; Fig. 5 is a schematic block diagram of the cooperation of a decryption key retriever apparatus, a license server, and a media player;

Fig. βa is a preferred embodiment of the apparatus for retrieving in accordance with the present invention;

Fig. 6b is a schematic diagram of a license function in table form in contrast to the license function in the form of a tree of Fig. 1;

Fig. 7 is a schematic representation of the inventive license server;

Fig. 8 is a schematic representation of the inventive media player;

Fig. 9 is a flow chart of a process to be conducted for playing decrypted data;

Fig. 10 is a preferred embodiment of the data stored in the non-volatile storage of Fig. 8, and a description of the "meaning" of the certain bits, and the associated keys Kl to KlO; and

Fig. 11a to lie illustrate the "development" of a license function in the form of a binary tree, when knowledge about hacked devices is used for updat- ing the license function.

Fig. 5 illustrates an overview over the inventive components, i.e., a decryption key retriever apparatus 60, a license server 70, and a media player 80. These functional building blocks cooperate with each other by exchanging messages. This message exchange can be performed via a wireless or wire connection. Furthermore, the information channel can be a long-distance channel such as the Internet or any other communication medium, but can also be a short distance connection within a device. Preferably, the decryption key retriever apparatus is connected to the license server via the internet so that a media ID of a media payload data, for which a license is required by the decryption key retriever apparatus 60 is forwarded to the remotely located license server 70 via the internet. Then, the license server 70 replies by providing an updated license description 52 again via the Internet or a telephone line or any other remote connection to the decryption key retriever apparatus 60.

Preferably, the license server 60 is provided in a secure environment and is only accessible by a trusted license server user, who can be the digital content provider herself or himself or who can be a person authorized by the digital content provider for servicing the license description generation so that the license function is continuously updated as will be outlined later on.

Alternatively, a media player 80 can directly send a media ID to the license server via a channel 53. In this embodiment, the license server 70 replies to this request by sending the license description back to the media player, which then forwards the license description to the decryption key retriever apparatus 60, or by directly sending the license description from the license server to the decryption key retriever apparatus as shown at 52 in Fig. 5.

Furthermore, there exists a communication between the media player 80 and the decryption key retriever apparatus, when the decryption functionality is included in the media player 80. Particularly, the decryption key retriever apparatus 60 asks for a test input value, or preferably a por- tion thereof, the test input value representing the device ID of the media player or the encryption device within the media player. Furthermore, the decryption key retriever apparatus asks for a second sub-key corresponding to a por- tion of the test input value, which successfully resulted in a first sub-key output by the license function. Then, based on this second sub-key, the decryption key retriever apparatus decrypts the first sub-key included in the Ii- cense description for the certain test input value to generate the decryption key and to forward the decryption key 54 to the media player 80.

Thus, the decryption key retriever apparatus receives the license description 52 including a certain first sub-key and, from the media player, the test input value or a portion of the test input value and a corresponding second sub-key via line 54 to finally generate the decryption key and to output the decryption key 54 to the media player 80.

Subsequently, the apparatus for retrieving a decryption key usable for decrypting an encrypted payload data is described with reference to Fig. 6a. The apparatus includes a license description receiver 61 for receiving a license de- scription having a license function, the license function defining a set of different first sub-keys as function outputs obtained by inputting different function input values into the license function, wherein the function is further defined so that at least one input value does not have a valid associated first sub-key as a license function output anymore. The license function had a valid output for the device id portion before but this valid output was removed, since it became known that the device is not trustworthy anymore. Removing a valid first sub-key can include manipu- lating this sub-key so that a successful decryption is not possible anymore or preferably includes completely removing this sub-key so that the license function can not output any useful value.

Furthermore, the apparatus of Fig. 6a includes an input value receiver 62 for receiving at least a portion of a test input value associated with a decryption device for decrypting the encrypted payload data. The portion of the test input value and the license function are input into a license function calculator 63 for calculating an output of the license function for at least a portion of the test input value and for retrieving the first sub-key associated with the portion of the test input value as the output of the license function, when an associated first sub-key exists, and for outputting a special message, when an associated first sub-key does not exist. The special message is preferably a "decryption rejected" message or any other er- ror message 64, which indicates that the corresponding decryption device feeding its device ID 55 into the input value receiver does not have the right to decrypt the encrypted content, since the license function does not have a ^* valid first sub-key for this device.

When, however, the license function calculator retrieves a first sub-key, this first sub-key is input into a key de- cryptor 65 for decrypting the associated first sub-key using a second sub-key received from the input value re- ceiver 62, wherein this second sub-key is associated with the portion of the test input value, which resulted in a successful output of the first sub-key via the license function. The key decryptor 65 combines the first and second sub-keys by means of any combining function such as a concatenation function simply concatenating bits or by a logical or arithmetic combining function or even by decrypting the first sub-key using the second sub-key as a decryption key via any one of the known cryptographic formats such as a symmetric or asymmetric cryptographic scheme. Symmetric schemes include the DES or AES encryption/decryption standard, and asymmetric cryptographic schemes include the well-known RSA algorithm or related asymmetric protocols, in which there exist a public key and a private key.

The apparatus of Fig. 6a is adapted to receive license data restricting an access to the encrypted payload data. The apparatus further includes a license data interpreter 69 for interpreting the license data and for deactivating the input value receiver 62, the license function calculator 63 or the key decryptor 65 via deactivation lines originating from block 69, when an access to the encrypted payload data is not granted to the decryption device. Naturally, it is sufficient to only deactivate a single block. However, one can also deactivate more than one block as needed.

There is a plurality of possible license functions. A Ii- cense function suitable for use in the present invention is shown in Fig. 6b. This license function is organized as a table, in which different first sub-keys are associated with different test input values. Preferably, the different test input values are different portions of the decryption device ID associated with the media player 80 of Fig. 5. The different values can even be different bits of the device-ID or different overlapping or non-overlapping portions of the device-ID having varying numbers of bits of the device-ID. Importantly, the license function is such that there also exists at least one or typically more input values, which do not have an associated first sub-key. Such an input value results, when input into the license function calculator 63 from Fig. 6a, in an error message or a decryption rejected message 64, since the license function calculator did not locate a valid first sub-key for the input value .

Preferably, the binary tree as discussed in connection with Figs. 1, 2, 3, and 4 or 11a to lie is used as the license function, since the binary tree is well-suited for subsequent modifications, when certain decryption devices are attacked. In this case, a certain leaf of the binary tree for such a device simply has to be cut from the license function tree. Then, there does not exist any more a valid first sub-key for this device-ID, which could be decrypted using the second sub-key stored in a non-volatile memory of the decryption device located within the media player 80 of Fig. 5. Generally, the test input value, i.e., the device-ID of the decryption device is dividable into a plurality of different portions, wherein the different portions have associ- ated therewith different second sub-keys from the set of different second sub-keys. Furthermore, the license function calculator 63 is operative to calculate an output of the license function for a first portion of the test input value. When this first portion of the test input value re- suits in a first sub-key associated with this first portion, the key decryptor 65 is operative to use the second sub-key associated with the portion of the test input value resulting in the first sub-key for generating the decrypted decryption key 68. Typically, the different portions of the test input value can be used in a certain sequence. Then, the license function calculator 63 performs a kind of a "trial and error" procedure. A first portion of the test input value is input into the license function calculator. When the license function calculator outputs a valid first sub-key, then the iteration is completed. When, however, the license function calculator does not find a first sub- key for this first portion, then a second portion of the test input value is input into the license function calculator. The license function calculator checks, whether this second portion has an associated first sub-key. When there exists an associated first sub-key, then the second sub-key associated with the second portion of the test input value is also retrieved and both sub-keys are input into the key decryptor. When, however, the second portion of the test input value does not result in a valid first sub-key, then the procedure is continued using a third portion of the test input value etc.

The different portions of the test input values can be dif- ferent groups of bits of a device-ID of the decryption device residing in the media player. When, for example, the device ID is an 8-bit number, then the first portion can be the most significant bit. The second portion can be the most significant bit and the bit having the next-lower significance. The third portion can be the three more significant bits and so on. The n^th portion for example can be the complete device ID, when the device ID is considered as the test input value. However, other bit groupings can also be used based on the device ID, when the license description is generated accordingly, i.e., so that a second sub-key associated with a certain portion of the test input value is a valid decryption key for decrypting a first sub-key obtained, when the corresponding portion of the test input value is input into the license function.

Preferably, the license function is a binary tree as shown in Fig. 1, wherein the binary tree has leaf nodes 16A, to 16G, wherein each leaf node has a certain first sub-key, which can be one of the keys A, B, C, D, E, F, G. When a portion of the test input value, i.e., the device ID results in a leaf node, the first sub-key associated with the portion of the test input value is output. When, for exam- pie, device A is considered, the first portion of device A, i.e., the MSB "1" does not yet result in a valid first sub- key. However, the second portion consisting of "10" results in a valid first sub-key, i.e., key G associated with leaf 16A.

However, for device B having an ID equal to 111, a valid first sub-key is only obtained after calculating the license function, i.e., binary tree for all portions of the test input value including the whole test input value hav- ing device ID bits "111".

As will be outlined in more detail later, the binary tree of Fig. 1 does not have any input value not resulting in a decryption rejected or error message 64. This is due to the fact that the binary tree in Fig. 1 is the "fresh tree", in which all devices in the field are trustworthy devices, which have not yet been fraudulently manipulated. However, Fig. 3 illustrates an example, in which leaf 16G has been cut away, since it has become known that device B having device-ID 111 was successfully hacked.

An advantage of the present invention is that the same Ii- cense description is sent to each requesting decryption key retriever apparatus, which makes the maintenance of the license description within the license server a quite easy task. Thus, any grant or non-grant of rights to decrypt an encrypted content does not depend on any device ID sent from the decryptor device to the license server. Instead, each requestor receives the same license description irrespective of the fact, whether the requestor is a trustworthy or non-trustworthy entity. However, the selective grant of rights is obtained by updating the license function such as by deleting lines in the table of Fig. 6d or by cutting (and replacing) leafs of the binary tree in Fig. 1 or by any other modification to the license function. Thus, although each trustworthy or non-trustworthy device receives the same license function, a trustworthy device will not notice any modifications of the license function, because the license function outputs a valid first sub-key for the portion of the test input value in the same way as before updating the license function. However, the non-trustworthy entity will not be able to retrieve a valid first sub-key anymore and is, therefore, barred from decrypting the digital media payload data.

Fig. 7 shows a preferred embodiment of the inventive license server. The license server includes a request re- ceiver 71, receiving a license description request corresponding to the "media ID" branch 51 of Fig. 5. A requesting party is already in the possession of the encrypted digital content. The encrypted digital content preferably includes the complete internet address or telephone number of the license request receivers so that, for example, a DVD player receiving the encrypted digital content automatically connects to the license request receiver 71 of a preferably remotely located license server. Base on a pay- load ID 72, a license description generator 73 is operative to generate, as an output, a current license description 74 and to send same to a license description sender 75, which finally sends the license description to the preferably re- mote client. Furthermore, the inventive license server has a compromised device receiver 76 receiving information on compromised devices via channel 77. The compromised device receiver 76 feeds the license description generator for deleting table entries for the example of Fig. 6b, or for de- leting branches of the binary tree for compromised devices or even classes of compromised devices.

Normally, hacking a certain device from a certain manufacturer will also result that all other identical devices of this manufacturer have to be blocked from decrypting the digital content. Additionally, hacking a certain software version may e.g. automatically mean that also lower-level software versions are compromised. Therefore, the compromised device receiver and the license description generator are operative to make sure that the license function is updated such that for any such class of compromised devices, no valid first sub-key is obtainable any more or that the first sub-keys are modified in order to block decryption. Preferably, however, in the binary tree example, a leaf node is cut away and replaced by a parent node having child nodes, which ensures flexibility so that only compromised devices are rejected but non-compromised devices from, for example, the same manufacturer, are still allowed to decrypt the encrypted content.

Particularly, the license request receiver 71 is operative to receive a request for a license description for payload data from an apparatus for retrieving a decryption key usable for decrypting an encrypted payload data, which re- sides or is operatively connected to a target device. The compromised device receiver 76 receives information on a compromised device or a set of compromised devices, which include the apparatus for retrieving the decryption key or which are connected to an apparatus for retrieving a decryption key. Furthermore, the license description generator 73 is operative for generating a license function, the license function defining a set of different first sub-keys as function outputs obtained by inputting different function input values into the license function, the license function being further defined so that at least one input value does not have an associated first sub-key as a function output. Particularly, the license description genera- tor is adapted to change the license function in response to information on a compromised device or a set of compromised devices so that a test input value associated with the compromised device, when input into the license function, will not result in a first sub-key but in a special message or will result in a non-useful sub-key, which is not usable for generating a valid decryption key. Furthermore, the license description sender is operative for sending the license description to the apparatus for retrieving a decryption key irrespective of any knowledge of a compro- mised or a non-compromised state of the target device.

Fig. 8 illustrates a preferred embodiment of an inventive media player for playing decrypted payload data. The media player has a preferably cryptographically secured non- volatile storage 81 having stored therein an identification number (device ID) , the identification number having a sequence of bits, from which different portions of a test input value including different numbers of bits of the sequence of bits are derivable. Furthermore, the non-volatile storage has stored therein a set of different second sub- keys, wherein each of the second sub-keys is associated with a certain portion of a test input value derived from the sequence of bits. The media player furthermore includes a request receiver 82 for receiving a request for a certain second sub-key associated with a specific portion and a sub-key transmitter for transmitting the requested second sub-key as outlined at 83 in Fig. 8. Furthermore, the media player includes a key receiver 84 for receiving a decryp- tion key formed using the transmitted second sub-key. The inventive media player furthermore includes a payload de- cryptor 85 for decrypting an encrypted payload data using the decryption key to obtain the decrypted payload data. Additionally, the inventive media player includes a media output interface having a display or speakers as outlined at 86, which is preferably connected to the payload decryp- tor 85 via a secure channel 87 so that an output or a digital storage of the decrypted data generated by the payload decryptor 85 is not possible. Stated differently, the secure channel 87 makes sure that the media output interface 86 can only output the encrypted data in an analog form, rather than in a digital form, which would allow unlimited copying without quality losses.

Subsequently, Fig. 9 gives an overview over an inventive process. In a first step 90, an inventive apparatus for retrieving a decryption key requests a license description for an encrypted payload data, which is preferably already in possession of a media player. To this context, the apparatus 60 of Fig. 5 contacts the license server 70 of Fig. 5. The license server 70 provides the updated description, which is then received at decryption key retriever apparatus 60 in step 91. Additionally, the decryption key retriever apparatus retrieves the device ID of the media player after a request for the device ID in step 92. Then, the binary tree included within the license description 52 of Fig. 5 is parsed using the device ID received in step 92. As soon as step 92 encounters a leaf node in the binary tree, the first sub-key associated with this leaf node is found. Alternatively, when this first sub-key is not found, i.e., when a leaf node is not encountered, a reject message is output. For the portion of the device ID or, particularly, for the portion of the device ID having the bit, at which a leaf has been encountered, the second sub-key is received by apparatus 60 in Fig. 5. Then, in step 96, the first sub-key is decrypted using the second sub-key. Then, the decryption key is generated and used in step 97 to decrypt the payload data using the decryption key so that, finally, the decrypted data can be played but cannot be output in a digital format suitable for transmitting or storing.

Subsequently, a preferred embodiment of the present invention as an example for a binary tree is discussed in connection with Fig. 10 and Figs. 11a, lib, and lie.

Fig. 11 illustrates an exemplary situation of the nonvolatile storage 81 in Fig. 8. This storage has stored therein an identification number having bits 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 and possibly additional bits as illustrated at 101 in Fig. 10. Additionally, as illustrated in Fig. 10, the bits 1 to 10 do not necessarily have to be the most significant bits. Instead, there can be bits having a higher significance as shown at 102, which are not relevant for decryption key retrieval.

Each bit has associated therewith a certain second sub-key. Particularly, the sub-key associated with bit 1 is Kl. The sub-key associated with bit 7 is, for example, sub-key K7, etc.

In a preferred embodiment of the present invention, each bit has a certain meaning, which is especially important for selectively revoking certain media players. Bit number 1 is called an "intro bit". This bit is reserved for a complete revocation of the media or for any other purposes outlined later. In this embodiment, bits 2 and 3 are the region bits. 2 bits allow to indicate four different regions, in which a media player is located or from which a media player originates. These four different regions can, for example, be four different countries, or four different business regions, etc. In this embodiment, bits 4, 5, 6 represent manufacturer bits. 3 bits allow to indicate 8 different manufacturers for each region. Thus, each bit combination of bits 4, 5, 6 indicates a certain manufac- turer of a region as defined by the region bits 2 and 3. Exemplarily, bits 7, 8, 9 of the media player ID represent year bits, which allow to indicate different software/hardware release years for each manufacturer in each region. Finally, bit 10 is a version bit, which allows to indicate two different versions per year and manufacturer and region.

Fig. 11a illustrates a "fresh" license function in the form of a very small binary tree only having a root node 110 and two leaf nodes indicated by "L" at 111 and 112. This means that, for each value of the intro bit 1 in Fig. 10, a valid leaf node 111 or 112 is encountered, when the binary tree is parsed. In the license description including the binary tree of Fig. 11a, also the first sub-key for each node 111 and 112 is included. Now, for decrypting the content, the license function calculator 63 of Fig. 6a only has to input bit 1 of the user ID as the first portion of the test input value into the license function. This value will result in a valid first sub-key, which is, then, combined with the second sub-key Kl to find the multimedia decryption key.

Then, it is assumed that it becomes known that all players in region "01" have been compromised (hacked) . In view of this information received via the compromised device receiver 76 of Fig. 7, the license server updates the license function. This functionality is performed within the license description generator 73 of Fig. 7. Particularly, the leaf nodes 111, and 112 are replaced by tree portions. Par- ticularly, the tree portions are generated such that the bit combination "001" will not result in a valid leaf node as indicated at 113 in Fig. lib and will, therefore, not result in a first sub-key. However, each other region, i.e., each other 3-bit combination will result in a valid leaf node such as leaf node 114 or 115. It becomes clear that the new license function is a tree, which is larger than the originally generated tree in Fig. 11a. Then, it becomes known that all players of manufacturer "Hl" in region "11" have been compromised (hacked) . In view of this information, the license description generator 73 of Fig. 7 updates the license function or license tree by replacing leaf 114 of Fig. lib corresponding to region "11" and the corresponding leaf 116 for the other value of the intro bit by an additional tree portion as shown in Fig. lie for node 114. The tree portion is designed such that the ID "111111" will not result in a leaf node and will, therefore, result in a decryption rejected message 64 of Fig. 6a. The same is true for the device ID "011111", which will also result in such a negative message. Additionally, as becomes clear from Fig. lie, also the devices, which have been revoked in Fig. Hd at 113, also remain revoked. However, the license function in Fig. Hc is generated such that all other players such as the players of the other manufacturers in region "H" have a device ID, which has a portion resulting in a leaf node and, therefore, in an associated first sub-key.

The binary tree license function in accordance with a preferred embodiment of the present invention is particularly advantageous, since, in the beginning, the license function has a very small tree and, therefore, only a small storage capacity and transmission capacity for transmitting the license function is required, which is even more advantageous, when it is considered that the same license function is transmitted to each and every decryption device in the field. Only when the number of compromised devices in- creases, also the binary tree increases and the "negative effect" of an increased storage requirement and an increased amount of data to be transmitted as the license description will come up.

Additionally, the preferred binary tree embodiment is furthermore advantageous in that one has a very selective and very flexible way of deactivating very specific media players so that it is made absolutely sure that no trustworthy media players are deactivated although they are still valid. This makes sure that the user acceptance remains high, since a non-compromised media player does not notice anything regarding a high or low number of revoked devices. The only effect is that the iterations for parsing the binary tree increase, but the encryption and decryption of the encrypted content always remains the same.

To increase the efficiency of the inventive process and to make sure that any updates of the license description are distributed to trustworthy and non-trustworthy devices in the field, it is preferred to generally use a license description allowing the decryption of an encrypted digital content only for a certain time period. This license de- scription is negotiated with the user before the user receives the license and this license term, i.e., a limited time duration of the license, is accepted by the user by accepting the license description.

This will force the user to apply for a new license after the expiry data of the old license. Even when this "subsequent" license is provided to the user for free, the user receives an updated license description and the user is deactivated, when the user media player has been hacked. Thus, the usage of limited time period license terms even increases the effectiveness of the inventive concept by assuring that all players in the field use a current license function. When the user does not ask for a new license after expiry of the old license, for example, because the user has hacked his device, the user will violate the license terms and can be prosecuted in accordance with provisions of existing civil laws

In the following description one embodiment of a license description forming the basis of a digital rights management is given. Particularly, the license description is described in the context of a DVD-player. However, it is to be understood that the license description may also be used for other applications employing digital rights management. The invention may be used for specifying the rights associated with any copyrighted multi media contents.

Such copyrighted multi media content may for example be stored on a DVD and may be played back by a DVD-player. In order to ensure that this valuable content cannot be copied, the content is encrypted. For decrypting the content before playing it back, the content is decrypted by using a key which is stored in the DVD-player.

As a further security measure this key differs from DVD- player type to type. The use of different keys allows to disable a predetermined DVD-player type from decrypting digital content. This is for example necessary in cases where a DVD-player is compromised by having being hacked or by providing a backdoor such as to allow non-authorized tasks to be performed with a piece of protected content. It is hence possible to revoke the authorization of a prede- termined DVD-player to process a protected digital work. However, in order to do so a license description telling which DVD-player types are authorized and which are not authorized is necessary and has to be linked with the respective digital content.

For security reasons, the key stored in the DVD-player is also encrypted and the key for decrypting it is part of the license description.

With reference to Figs. 1 to 4, the structures of such a license description is described. Generally, the license description is based on a binary tree which is shown in Fig. 1 and indicated with reference numeral 10. The binary tree can comprise one root node 12, a couple of parent nodes 14 and leaf nodes 16. In Fig. 1, the root node 12, the parent nodes 14 and the leaf nodes 16 are differentiated by using different signs. Since it is a binary tree, the root node and the parent nodes have not more than two child nodes. Such a child node may be a parent node 14 or a leaf node 16.

In Fig. 1, the binary tree 10 comprises one root node 12 having two children which are in the present cases parent nodes 14A and 14B. The parent node 14A has two children which are again parent nodes 14C and 14D. The parent node

14B has two children, one of which is a leaf node 16A and the other node is a parent node 14E. As apparent from Fig. 1, the parent nodes 14C, 14D and 14E each have two childes in form of leaf nodes 16B to 16G.

It is to be understood that this binary tree 10 is merely illustrative and only serves to describe the present inven- tion and not to limit the invention.

Each parent node 14 and leaf node 16 is assigned a binary number. This binary number corresponds to the path through the binary tree starting from the root node, wherein each branch of a node provides a binary digit "0" and "1", respectively. For example, the parent node 14A is assigned binary number "0" whereas the parent node 14B is assigned binary number "1". Further examples are for example parent node 14C which is assigned binary number "00", the parent node 14E which is assigned binary number "11" or the leaf node 16F which is assigned to binary number "011".

It is apparent from Fig. 1 that the binary number assigned to a node 14, 16 may be build by means of the path from the root node 12 to the respective node 14, 16. Each branch from one node to the next node of the path adds one binary digit to the binary number.

Each leaf node 16 A to G of the binary tree 10 is addition- ally assigned a key which is used for decrypting another key which will be described below. In the present embodiment, there are seven leaf nodes 16A to G and hence seven keys which are indicated as key A to key F.

As mentioned above, each DVD-player type is assigned a identification number build up of binary digits "0" and "1". In Fig. 2, three different DVD-player types with three different identifications numbers are shown. The first DVD- player type (device A) has the identification number "100", the second DVD-player type (device B) the identification number ^wlll" and the third DVD-player (device C) the identification number "101".

These identification numbers are stored during the manufac- turing process of the respective DVD-player.

In Fig. 2 it is also shown that each binary digit of an identification number is assigned a key, indicated with key 1 to key 3. Each key 1 to 3 is an encrypted version of the main key (also called master key) necessary for decrypting the digital content. However, the keys 1 to 3 are generally different since they are encrypted itself with different keys .

In order to process the main or master key necessary for decrypting the digital content to be played back, the binary tree supplies the key which is necessary for decrypting one of the keys 1 to 3.

Assuming that device A with the identification "100" is used for playing back digital content, the binary tree is searched for a leaf node 16 with an assigned digital number corresponding to at least a portion of the identification number of the device A. According to the binary tree 10 shown in Fig. 1, leaf node 16C is assigned digital number "100", the respective path from root node 12 to leaf node 16C being indicated with arrows 20. Hence, each binary digit in the identification number corresponds one branch within the binary tree 10.

As already mentioned, each binary digit of the identifica- tion number is assigned a key (key 1 to key 3) . Relevant for the decryption process is the most significant digit in the identification number which finds correspondence in the binary tree 10 in form of a branch.

In the described case, the most significant binary digit finding a corresponding branch in the binary tree 10 is the digit "1" corresponding to the branch leading from the parent node 14C to leaf node 16C. Hence, key 1 assigned to this binary digit is used together with the key B assigned to the leaf node 16C for processing the main key. In other words, key "1" is decrypted by key B and the result is the main key which allows to decrypt the digital content.

With respect to device B, the identification number is "111" and the corresponding leaf node is leaf node 16G. The path from root node 12 to the leaf node 16G is indicated with arrows 22.

As in the previous case, the most significant binary digit finding a corresponding branch in the binary tree 10 is digit 1 (left most) so that the assigned key 1 is used together with key F assigned to leaf node 16G for processing the main key.

With respect to device C, the identification number of this device is "101" and the most significant binary digit finding a corresponding branch leading to a leaf node is the binary digit "0". The respective leaf node is leaf node 16A and the path from the root node 12 to this leaf node 16A is indicated with arrows 24. In this case, key 2 assigned to this binary digit "0" is used together with key G assigned to the leaf node 16A for processing the main key.

It is apparent from the above description, that it is always looked for a leaf node in the binary tree 10, the assigned binary digits of which correspond at least a portion of the identification number of the respective DVD-player. If there is no leaf node found for a identification number or at least a portion thereof, this means that this DVD- player has no authorization for playing back encrypted digital content.

If for example device B is compromised meaning that the re- spective keys 1 to 3 are cracked, it is possible to revoke authorization by deleting the respective branch and/or leaf node formerly assigned to this device. In the present case, which is shown in Figs. 3 and 4, leaf node 16G and the branch leading from the parent node 14E to the leaf node 16G are deleted from the binary tree 10.

As a result, the device B does not find a leaf node in the binary tree corresponding to at least a portion of the identification number. Here, the path beginning from the root node 12 ends at node 14E which is a parent node and not a leaf node. Therefore, the device B does not find a key for decrypting the key 2 assigned to the most significant binary digit "1" finding a corresponding branch in the binary tree 10. Therefore, the main key which is necessary for decrypting the digital content may not be processed so that the device is not able to play back this content.

Due to the fact that every binary digit of the identification number is assigned a key and the corresponding key for processing the main key is part of a binary tree, the license description is very flexible. It is easily possible to adapt the binary tree 10 to new situations for example caused by compromised devices or new devices. It is to be understood that the afore mentioned examples are merely illustrative and should not be considered as limiting the invention. Of course, the binary tree gener- ally comprises much more leaf nodes and the identification number may comprise more binary digits.

A device, for example a DVD-player, can comprises a controller unit, a first and a second memory unit, a reading unit and an authorization unit. The controller unit is adapted to process encrypted content, particularly to decrypt and to play back this content. The first memory unit stores the unique device identification number formed of a set of binary digits and the set of keys (key 1 to key 3 in the present case) assigned to the binary digits of the identification number. The second memory unit is adapted to store the binary tree. The authorization unit is adapted to seek a leaf node in the binary tree corresponding to at least a subset of the binary digits forming the identifica- tion number and to combine the respective key assigned to the identification number and the respective key assigned to the leaf node as to form the main key for decrypting the protected content.

Generally, the license description in form of the binary tree is stored on a DVD disc which also carries the encrypted content. However, there is also the preferred possibility that a special license server stores the license description and supplies the respective information which is then requested by the device for example via the internet .

The invention also includes a method for granting access to a closed group of authorized principals regarding a right described in a rights description language.

Particularly, a system and method is provided, which is designed for granting access to a closed group of authorized principals regarding a right described in a rights description language and cryptographically protecting access by means of principals description in the context of a digital rights management system (DRM) .

The invention includes a method of describing a group of authorized principals within a grant formulated in a rights description language by means of a binary tree where each possible principal is assigned a unique number.

The invention furthermore includes a method of describing a group of authorized principals within a grant described by means of a rights description language such that non- authorized principals are cryptographically kept from ob- taining access to a resource while authorized principals obtain a key to the resource implicitly by reading the principals description.

The invention furthermore includes a method of revoking a grant to formerly authorized principals of a grant described by means of a rights description language by updating the binary tree describing a group of authorized principals such that it no longer authorizes that particular principal.

The invention furthermore includes a method of revoking a grant to formerly authorized principals by updating the principals declaration of a grant described by means of a rights description language such that a principal that has formerly had access to a resource is cryptographically kept from obtaining access to such resource

The present invention relates to the description of rights one or more physical or logical entities (referred to as principals) may exercise against a particular resource in a rights description language. Description of rights is necessary in various situations emerging from processing, transfer and storage of resources, e.g. data, information. Generally, a grant consists of a principal, a right that principal may exercise and a resource against which a right may be exercised as well as one or more conditions limiting the application of that right.

There are user groups by means of a list of authorized principals identified by means of a signature. This procedure requires a secure processing unit signalling access to the resource governed by a grant contained in a license de- scription. A compromised processing unit might grant access to a resource although the license description doesn't allow a principal to exercise any rights against that resource. Especially, a compromised component has access to the content key that allows decryption of protected con- tent. Once decrypted, content is freely available to anyone without the limitations imposed on it by the license.

A set of keys organized in a binary tree will grant access only to parties (identified by a unique sequence of binary digits ^Λl' and ^Λ0' ) holding the counterpart of a key by combining the key contained in a binary tree with a private counterpart thereof to build a cryptographic key. A grant to a particular party may be revoked by removing the corresponding key from the binary tree.

The invention refers to specifying a group of principals in the context of a grant formulated in a rights description language by means of a binary tree. Each candidate for a principal is assigned a unique sequence of binary digits ^yl' and ^y0' . The binary tree shall consist of nodes each one of which is classified uniquely as root-node, parent- node or leaf-node. Each leaf-node is assigned a cryptographic key, from now on referred to as authorization key. Neither root-node nor parent-node ever carry such crypto- graphic keys. The root-node is the top-level node of a binary tree. Root-node and parent-node carry one or two child-nodes which may be of type leaf-node or parent-node. Leaf-Nodes never possess any child-nodes. An application will traverse the binary tree by applying its unique sequence of binary digits such that a ^yl^r shall mean either proceeding to the first child node or the sec- ond child node while ^y0^r shall mean proceeding to the child node not designated by ^λl' . The application shall terminate this process upon encountering either a parent-node not containing a child-node as designated by the currently processed binary digit, in which case a grant is to be con- sidered rejected or upon encountering a leaf-node carrying part of a cryptographic key. In the latter case, a grant is considered to be granted to the principal identified by the unique sequence of binary digits. The application shall hence build a cryptographic key by combining the key car- ried by the leaf-node with one of a list of private key contributions accompanying the unique sequence of binary digits identified by the number of bits of the unique sequence of binary digits that have been processed before finding the leaf-node. The cryptographic key obtained by following above procedure shall be used to decrypt the resource the grant refers to.

A principal that has formerly been allowed to exercise one or more rights granted to it by one or more grants speci- fied by means of a rights description language can have this right revoked by removing any keys associated to any of the digits of the unique sequence of binary digits from the binary tree specifying the group of authorized principals. Doing so will keep an unauthorized principal from building the cryptographic key necessary for accessing any content governed by one ore more such grants.

The invention shall be used for specifying the rights associated with copyrighted multimedia content distributed separately to a license specifying such rights in an XML based rights description language and enforcing such rights cryptographically . A principal shall be a hardware instance or software version of an authorized component participating in the digital rights management system. If a component is compromised by having been hacked or by providing a backdoor such as to allow non-authorized tasks to be performed with a piece of protected content such component shall have its authorization to process a protected digital work be revoked by updating the license associated with that digital work.

Depending on certain implementation requirements of the inventive methods, the inventive methods can be implemented in hardware or in software. The implementation can be performed using a digital storage medium, in particular a disk, DVD or a CD having electronically readable control signals stored thereon, which cooperate with a programmable computer system such that the inventive methods are performed. Generally, the present invention is, therefore, a computer program product with a program code stored on a machine readable carrier, the program code being operative for performing the inventive methods when the computer program product runs on a computer. In other words, the inventive methods are, therefore, a computer program having a program code for performing at least one of the inventive methods when the computer program runs on a computer.

Those skilled in the art can now appreciate from the foregoing description that the broad teachings of the present invention can be implemented in a variety of forms. Therefore, while this information has been described in connec- tion with a particular example thereof, the true scope of the invention should not be so limited, since other modifications will become apparent to the skilled practitioner upon a study of the drawings, specification and the claims.

Claims

1. Apparatus (60) for retrieving a decryption key usable for decrypting an encrypted payload data, comprising:

a license description receiver (61) for receiving a license description (52) having a license function, the license function defining a set of different first sub-keys as function outputs obtained by inputting different function input values into the license function, the license function being further defined so that at least one input value does not have an associated valid first sub-key as a function output;

an input value receiver (55) for receiving at least a portion of a test input value associated with a decryption device (80) for decrypting the encrypted pay- load data;

a license function calculator (63) for calculating an output of the license function for at least a portion of the test input value and for retrieving the first sub-key associated with the portion of the test input value as the output, when an associated valid first sub-key exists, and for outputting a special message, when an associated valid first sub-key does not exist; and

a key decryptor (65) for decrypting the associated first sub-key using a second sub-key associated with the portion of the test input value used for retrieving the first sub-key to obtain the decryption key (68) .

2. Apparatus in accordance with claim 1, in which the test input value is divided in a plurality of different portions, wherein the different portions have associated therewith different second sub-keys, in which the license function calculator (63) is operative to calculate an output of the license function for a portion of the test input value, and

in which the key decryptor (65) is operative to use the second sub-key associated with the portion of the test input value, when the portion of the test input value results in an associated valid first sub-key.

3. Apparatus in accordance with claim 1, in which the license function calculator (63) is operative to calculate an output of the license function for a further portion of the test input value, when a first portion of the test input value did not result in a first sub- key, until several different portions of the test input value have been tried, until a first sub-key is retrieved, or until an interrupt condition is fulfilled.

4. Apparatus in accordance with claim 2 or 3,

in which the test input value includes a sequence of bits,

in which different portions of the test input value include different numbers of bits of the sequence of bits, and

in which a unique second sub-key is associated with each portion.

5. Apparatus in accordance with one of the preceding claims, in which the license function includes a bi- nary tree, having a root node, parent nodes, and leaf nodes, a node having assigned a number from a set of binary digits and a leaf node being assigned a first sub-key, in which the test input value associated with the decryption device is a sequence of binary digits, different portions of the sequence having associated therewith different second sub-keys, and

in which the license function calculator (63) is operative to output a first sub-key, when a portion of the sequence of the test input value has a unique num- ber matching with the unique number assigned to a leaf node, and

in which the key decryptor (65) is operative to use the second sub-key associated with the portion of the sequence.

6. Apparatus in accordance with one of the preceding claims, in which the key decryptor (65) is operative to combine the first and the second sub-keys for ob- taining the decryption key (68).

7. Apparatus in accordance with claim 6, in which the key decryptor (65) is operative to concatenate the first and the second sub-keys, to combine the first and the second sub-keys in a logical or arithmetical way or to process the first and the second sub-keys using a cryptographic function, in which one sub-key is used as an encrypted message and in which the other sub-key is used as a key of the cryptographic function.

8. Apparatus in accordance with one of the preceding claims, in which the license description receiver (61) is operative to receive the license description from a storage medium also including the encrypted payload data, or in which the license description receiver (61) is operative to receive the license description from a remote license server.

9. Apparatus in accordance with one of the preceding claims, in which the input value receiver (62) is operative to write as set of second sub-keys into a nonvolatile memory unit of a media player (80) during a manufacturing process.

10. Apparatus in accordance with one of the preceding claims, in which the license description additionally includes license data restricting an access to the en- crypted payload data, and

in which the apparatus further includes a license data interpreter (69) for interpreting the license data and for deactivating the input value receiver (62), the license function calculator (63) or the key decryp- tor (65), when an access to the encrypted payload data is not granted to the decryption device.

11. Apparatus in accordance with one of the preceding claims, in which the payload data includes audio data and/or video data, and in which the apparatus is included in an audio and/or video player (80), the apparatus further including a decryptor (85) for decrypting the encrypted payload data using the decryption key, the apparatus further having a secure channel (87) from the payload decryptor (85) to an output device (86) so that a digital output of the decrypted payload data generated by the payload decryptor (85) is made impossible in a non-compromised player.

12. License server (70) comprising:

a request receiver (71) for receiving a request for a license description for payload data from an appara- tus (60) for retrieving a decryption key usable for decrypting an encrypted payload data connected to a target device (80) ; a compromised device receiver (76) for receiving information on a compromised device or a set of compromised devices, the compromised device including an apparatus (60) for retrieving a decryption key;

a license description generator (73) for generating a license function, the license function defining a set of different first sub-keys as function output obtained by inputting different function input values into the license function, the license function being further defined so that at least one input value does not have an associated valid first sub-key as a function output,

wherein the license description generator (73) is adapted to change the license function in response to information on a compromised device or a set of compromised devices so that the test input value associated with a compromised device, when input into the license function, will not result in a valid first sub-key anymore, but in a special message or will result in a non-useful first sub-key, which is not usable for generating a valid decryption key; and

a license description sender (75) for sending the generated license description to an apparatus (60) for retrieving irrespective of any knowledge on a compromised or a non-compromised state of the target device.

13. License server in accordance with claim 12,

in which in which the license function includes a binary tree, having a root node, parent nodes, and leaf nodes, a node having assigned a number from a set of binary digits and a leaf node being assigned a first sub-key; and in which the license description generator is operative to cut or replace the leaf node corresponding to a compromised device or a class of compromised devices by a parent node having a dependent leaf node or a de- pendent parent node.

14. License server in accordance with claim 13, in which the license description generator (73) is operative to associate with a newly generated leaf node a first sub-key, which, when combined with a further second sub-key results in a decrypted decryption key.

15. License server in accordance with one of claims 12, 13, or 14, in which the request receiver (71) and the license description sender (75) are operative to communicate with a remotely located apparatus (64) for retrieving a decryption key.

16. License server in accordance with any one of claims 12 to 15, further having an authorizer for ensuring that only an authorized user is able to update the license function in response to information on a compromised device or a set of compromised devices.

17. License server in accordance with any one of claims 12 to 16, in which the license description generator is operative to generate a single license description for a certain payload data, and

in which the license description generator (73) is operative to distribute the same license description to different requesting entities, and

in which the license description generator (73) is further operative to update the license description in response to new information on a compromised device or a class of compromised devices so that only an updated license description is distributed to requesting enti- ties and any older versions of the license description is not distributed any more.

18. Media player (80) for playing decrypted payload data, comprising:

a non-volatile storage (81) having stored thereon an identification number, the identification number having a sequence of bits, the sequence of bits having different portions of bits, each portion of bits having associated therewith a second sub-key from a set of second sub-keys;

a request receiver (82) for receiving a request for a certain second sub-key associated with a specific portion of the sequence of bits and a sub-key transmitter (83) for transmitting a requested second sub-key;

a key receiver (84) for receiving a decryption key formed using the certain second sub-key;

a decryptor (85) for decrypting encrypted payload data using the decryption key to obtain decrypted payload data; and

an output interface (86) for outputting decrypted pay- load data.

19. Media player in accordance with claim 18, in which the payload decryptor (85) has a secure output channel, the secure output channel being adapted to not allow an output of decrypted payload data in a digital format suitable for transmitting or storing.

20. Method of retrieving a decryption key usable for decrypting an encrypted payload data, comprising: receiving (61) a license description (52) having a license function, the license function defining a set of different first sub-keys as function outputs obtained by inputting different function input values into the license function, the license function being further defined so that at least one input value does not have an associated valid first sub-key as a function output;

receiving (55) at least a portion of a test input value associated with a decryption device (80) for decrypting the encrypted payload data;

calculating (63) an output of the license function for at least a portion of the test input value and for retrieving the first sub-key associated with the portion of the test input value as the output, when an associated valid first sub-key exists, and for outputting a special message, when an associated valid first sub- key does not exist; and

decrypting (65) the associated first sub-key using a second sub-key associated with the portion of the test input value used for retrieving the first sub-key to obtain the decryption key (68).

21. Method of serving a license, comprising:

receiving (71) a request for a license description for payload data from an apparatus (60) for retrieving a decryption key usable for decrypting an encrypted pay- load data connected to a target device (80);

receiving (76) information on a compromised device or a set of compromised devices, the compromised device including an apparatus (60) for retrieving a decryption key; generating (73) a license function, the license function defining a set of different first sub-keys as function output obtained by inputting different function input values into the license function, the Ii- cense function being further defined so that at least one input value does not have an associated valid first sub-key as a function output,

wherein, in the step of generating (73) a license function, a license function is updated in response to information on a compromised device or a set of compromised devices so that the test input value associated with a compromised device, when input into the license function, will not result in a valid first sub-key anymore, but in a special message or will result in a non-useful first sub-key, which is not usable for generating a valid decryption key; and

sending (75) the generated license description to an apparatus (60) for retrieving irrespective of any knowledge on a compromised or a non-compromised state of the target device.

22. Method of playing decrypted payload data, comprising:

storing (81), in a non-volatile way, an identification number, the identification number having a sequence of bits, the sequence of bits having different portions of bits, each portion of bits having associated therewith a second sub-key from a set of second sub- keys ;

receiving (82) a request for a certain second sub-key associated with a specific portion of the sequence of bits and transmitting (83) a requested second sub-key;

receiving (84) a decryption key formed using the certain second sub-key; decrypting (85) encrypted payload data using the decryption key to obtain decrypted payload data; and

outputting (86) decrypted payload data.

23. Computer program having computer-readable instructions for performing, when running on a computer, a method in accordance with claim 20, 21, or 22.

24. License description comprising

a license function defining a set of different first sub-keys as a function output obtained by inputting different function input values into the license function, the license function being further defined so that at least one input value does not have an associated valid first sub-key as a function output,

wherein a valid first sub-key is adapted such that when combined with a second sub-key associated with a portion of a test input value used for retrieving the first sub-key a the decryption key (68) for decrypting encrypted payload date is obtained.