WO2007086015A2 - Secure transfer of content ownership - Google Patents

Secure transfer of content ownership Download PDF

Info

Publication number
WO2007086015A2
WO2007086015A2 PCT/IB2007/050249 IB2007050249W WO2007086015A2 WO 2007086015 A2 WO2007086015 A2 WO 2007086015A2 IB 2007050249 W IB2007050249 W IB 2007050249W WO 2007086015 A2 WO2007086015 A2 WO 2007086015A2
Authority
WO
WIPO (PCT)
Prior art keywords
user
content
ownership
piece
right
Prior art date
Application number
PCT/IB2007/050249
Other languages
French (fr)
Other versions
WO2007086015A3 (en
Inventor
Milan Petkovic
Hong Li
Albert M. A. Rijckaert
Eric W. J. Moors
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to EP06101010.4 priority Critical
Priority to EP06101010 priority
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2007086015A2 publication Critical patent/WO2007086015A2/en
Publication of WO2007086015A3 publication Critical patent/WO2007086015A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material

Abstract

A method and system for ownership transfer of digital content, in a secure system using digital rights management (DRM) to handle user access to stored content, comprising receiving instructions from a first user being a current owner of a piece of content to transfer ownership of said piece of content to a second user, granting said second user an ownership takeover right to said piece of content, said ownership takeover right only being grantable by a current owner, receiving an accept from said second user, and identifying said second user as new current owner of said piece of content. According to this solution, the transfer of the ownership can be handled at the level of digital rights management, by introducing new rights (e.g. an 'Ownership Takeover' right). This moves the ownership transfer protocol from the device specific implementations to the DRM specific implementations, which allows transfer of ownership between interoperable DRM systems.

Description

Secure transfer of content ownership

The present invention relates to a method for ownership transfer of digital content, in a secure system using digital rights management (DRM) to handle user access to stored content.

Recent developments in personalized entertainment give each user the possibility to record or collect his favorite content, to maintain his/her personal content collection, and to entertain in his own style. Consumer electronic devices therefore need to provide a multi-personalized entertainment environment for family members and friends. Such an environment raises a number of multi-user issues, which are related to the proper management of the shared devices, storage, resources and easy-to-use personal user interface. Furthermore, it raises some issues on privacy, such as: privacy protection between users and against the rest of the world, owner-controlled content sharing mechanism, private access to content from anywhere etc. In addition to that, very often, the ownership of a piece of content within the family is not clear, which results in a number of transfers of the ownership of the content between family members or other users.

Dealing with personal content using digital rights management brings a new problem of ownership transfer into focus. Within a family, or any another intimate group, the ownership of a piece of content is not always clear. Owners should therefore be able to easily transfer the ownership of their content to other family members or other persons. The same problem arises when a user wants to present a piece of personal content as a gift to someone or in the case of inheritance.

The issue of ownership transfer is described in US2003/0004885. According to this approach, each piece of digital property is associated with an ownership information. When an owner transfer takes place, the current owner simply enters the new owners name in the ownership field. Authentication and validation is handled by special digital rights management software, and can be performed using digital signatures and certificates.

However, the described method relates primarily to content that has an external origin, being provided from an original copyright owner (e.g. a distributor or manufacturer). In other words, the notion of "ownership" is slightly limited, and the ownership transfer therefore is adapted to ensure that the rights of the original owner are not abused (extra copies made, etc). Further, the new owner is assumed to accept the transfer, which is executed solely by the current owner. This does not involve the recipient, who cannot give prior consent to the transaction. Finally, the process according to US2003/0004885 is application specific, in terms of security and privacy of the users and/or owners.

It is therefore an object of the present invention to enable transfer of content ownership from an original owner to a new owner in a secure way.

This and other objects are achieved with a method and system for ownership transfer of digital content according to the present invention.

A first aspect of the present invention relates to a method for ownership transfer of digital content, comprising receiving instructions from a first user being a current owner of a piece of content to transfer ownership of said piece of content to a second user, granting said second user an ownership takeover right to said piece of content, the ownership takeover right only being grantable by a current owner, receiving an accept from said second user, and identifying said second user as new current owner of the piece of content. According to this solution, the transfer of the ownership can be handled at the level of digital rights management, by introducing new rights (e.g. an "Ownership Takeover" right). This moves the ownership transfer protocol from the device specific implementations to the DRM specific implementations, which allows transfer of ownership between interoperable DRM systems. An ownership takeover right can only be granted by a user with ownership rights, i.e. the current owner. This means that the DRM-system inherently will ensure that only a current owner can transfer the ownership.

The protocol according to the present invention is much simpler than protocols for simultaneous contract signing which include a number of steps. Actually, there is no strong need to apply those protocols in this setting, as the ownership transfer starts with free will of the old owner who wants to transfer the ownership to the new owner. Therefore, he will sign the offer before the new owner signs it (accepts the offer).

The method can also comprise changing an encryption key used to encrypt the piece of content on the server. The new owner (second user) will thus re-encrypt the piece of content, so that the original owner will no longer be able to access the piece of content. Also, any rights granted by the original owner to other users will be void and unusable.

The method can also comprises granting the original owner (first user) a cleanup ownership right to said piece of content, and in response to the clean-up ownership right, deleting any previous access rights of the original owner to said piece of content. This will ensure that the original owner cannot maintain ownership after the transfer is completed.

The method is preferably implemented with a DRM-system using access messages to handle digital rights. In this case, the ownership takeover right can be granted by creating a first access message defining said piece of content, identifying said first user as current owner of said piece of content, and specifying said ownership takeover right granted by said first user to said second user. A second access message can be created in response to said accept from said second user, said second access message identifying said second user as new current owner of said piece of content.

This second message can be referred to as an ownership access message, as it serves to securely identify the owner of the content. This ownership access message will replace the previous ownership access message, identifying the first user as owner.

The removal of the previous ownership access message (and any other access messages identifying the first user as owner, can be ensured by granting the first user a cleanup ownership right to the piece of content, and, in response to this clean-up ownership right, deleting or revoking any ownership rights of the first user to the piece of content.

In a simple case, the right (e.g. an access message) is directly deleted from the system. However, some granted rights are not directly accessible, for example, this is the case if the particular user is currently off line. In such a case, in stead of directly deleting the right, the right can be revoked, e.g. by entering it on a revocation list, which is accessed each time access to a piece of content is requested. When an attempt is made to use the revoked right, the system will react by deleting the right.

Each user preferably accesses the system and encrypted data therein using a private key-public key pair. Such key pairs are conventionally used in secure systems, and are defined such that content encrypted with one of the keys can only be decrypted with the other key. As their names indicate, the public key is used openly, while the private key is kept hidden.

According to a specific embodiment, the private key of the user resides in a personal security device (a physical key such as a smart card, etc). Such a device can be provided with various authentication means to ensure that only the user can access "his" content. Such a physical key may also advantageously be provided with processing capabilities for performing a substantial part of the authentication and encryption/decryption process.

In this case, the revocation list mentioned above can be stored on the personal security device. This will make the revocation list available also when the user is using an off-line device containing the content and rights or their copies that should be revoked.

In the case where the DRM-system uses access messages, each such message can comprise the public key of the current owner, and an encryption key, used to encrypt the content identified in the message, said encryption key being encrypted by the public key of said current owner.

Each access message granting rights to another user can comprise the public key of the user to whom a right is granted, the right itself and the encryption key, the right and the encryption key being encrypted by the public key of said user. The ownership- takeover rights and encryption key in the ownership takeover message (first access message) can thus only be seen by the second user using his private key.

However, the ownership rights in an ownership access message, as described above, can preferably only be decrypted with the private key of the current owner. This will require access to the private key of the current owner in order to grant an ownership takeover right, e.g. access to the physical key of the user. Therefore, only the owner of the content can create an ownership-takeover message to start ownership transfer protocol.

An ownership access message of the current owner is further preferably signed with a hashing of the message that is encrypted with the private key of the current owner. This makes it impossible for another person to fake the ownership access message.

The ownership takeover message (first access message) also preferably contains a signature of the first user, such as a hashing of the message, which has been encrypted using the personal key of the first user. The specified user can thus verify the message signature to make sure that the message and every bit in the message is from the current owner, by decrypting the signature block of the access message with the owner's public key and comparing the result of decryption with the generated hash of the access message.

In this way, non-repudiational ownership-takeover offer is made, which is secure and private, because only the current owner can create the message and only the new owner can access the ownership-takeover rights and the content key. The second user can grant usage rights to access said piece of content corresponding to rights previously granted by the first user (i.e. re-establish such rights). This will make the transfer of ownership transparent to any user who is granted a right to the piece of content. However, there may be privacy issues related to re-establishing rights granted by the previous owner (first user). For example, the first user may not wish to disclose to whom he had granted rights. Further, the users who have been granted rights may not want this to be known. In order to handle these issues, the rights can be granted by first receiving from the first user information about any right granted by the first user which is not private (to the first user nor to the user who is granted the right), and then re-establishing selected ones of the rights. Any private usage rights can be deleted or revoked.

A second aspect of the present invention relates to a system including a DRM- system for handling encrypted content. In order to enable secure transfer of ownership of a piece of content, the system comprises means for receiving instructions from a first user being a current owner of a piece of content to transfer ownership of said piece of content to a second user, means for granting said second user an ownership takeover right to said piece of content, said ownership takeover right only being grantable by a current owner, means for receiving an accept from said second user, and means for identifying said second user as new current owner of said piece of content. The advantages of the system are similar to the ones described with reference to the first aspect of the present invention.

A third aspect of the present invention relates to a computer program product, comprising computer code portions for performing the steps of the method according to the first aspect of the invention.

These and other aspects of the present invention will now be described in more detail, with reference to the appended drawings showing a currently preferred embodiment of the invention.

Fig. 1 is a schematic block diagram of a secure system for content management in which the present invention may be advantageously implemented.

Fig. 2 shows an example of an access message used in the system in Fig. 1. Fig. 3 is a flow chart illustrating the process of protecting (encrypting) a piece of content.

Fig. 4 is a flow chart illustrating the process of granting a right to a user. Fig. 5 is a flow chart illustrating the process of ownership transfer according to an embodiment of the present invention.

Fig. 6 is a flow chart illustrating the process of re-establishing sharing rights with preserved privacy, according to an embodiment of the present invention.

Figure 1 shows a basic system that provides a user with the ability to protect and share private content in the context of a multi-personalized entertainment server, comprising a content server 1 , a secure subsystem 2 and a personal security device, here a private physical key 3 such as a smart card or the like. It should be noted that each user of the system has his or her personal secure subsystem 2, and physical key 3.

The secure subsystem 2 has a cryptographic processor 4 for content encryption and decryption, a secure interface 5 to the personal physical key, an interface 6 to the content server (used for e.g. content streaming), and a memory 7, such as a RAM. In this embodiment, digital rights management is handled by so called access messages. The physical key 3 has a message processor 8 for creating and using such access messages, and a memory 9, such as a flash memory or RAM memory. An access message contains an encryption key (referred to as an asset key) of an encrypted content (an asset) and the access rights for an authorized user, which determine among others whether the secure subsystem 2 should decrypt the asset for playback. The access messages can be stored in the memory 9, the memory 7, or the server 1, depending on the purpose of the access message.

Using the asset key, a private content can be encrypted for storing and decrypted for playback by the secure subsystem 2 with a personal physical key plugged-in. Note that the asset key should not be exposed in clear outside the secure subsystem 2. The physical key 3 further contains a unique private-public key pair. The public key (PK) of a user is of course public, while the private key (SK, secret key) is never exposed outside the physical key 3 (compliance of the physical key). Other users use a user's public key to share data with him through an access message which contains an asset key and rights data encrypted with the public key. The private key is used in the physical key to sign messages and decrypt data encrypted with the public key. The asset owner also uses his physical key to generate access messages to other users with whom he wants to share the asset. The owner can also revoke sharing rights and transfer the ownership using the physical key. The physical key 3 has a certificate (signed by a trusted central authority) that confirms that a user's PK is a valid key (e.g. not revoked) corresponding to the private key stored in the compliant personal physical key 3. The certificate is inspected by the system during an authentication process between the security subsystem 2 and the personal physical key 3. Revocation of a physical key (for example in case it is lost), can be done via a revocation list that each server from time to time must check and match with keys that want to log in. Alternatively, the validity of key certificates can be limited. This means that a user has to renew the certificate for his physical key from time to time. This can be used to include at that point another revocation list to the user's physical key and that would be a list of revoked access messages that he is not allowed to use any more.

The personal physical key 3 needs limited processing power for messages and limited interface throughput to the secure subsystem. The secure subsystem can be integrated in the server or in other digital rendering devices. It can also be a portable plug-in device for legacy devices. It needs a high bandwidth cryptographic processor and interface for AV content. The physical key 3 can be a smart card device, or for example a Thumbdrive Touch, that combines biometric technologies to offer a single portable secure storage medium (it prevents unauthorized usage of the user's physical and therefore also the private key).

An example of an access message 10 is shown in figure 2, and comprises a message identifier 11, a user ID block 12, an owner ID block 13, two asset blocks 14a, 14b, and a signature block 15. Each block is 256 bytes, which is large enough for 2048 bits encryption. One message is created for one user to access one asset (content).

The user ID block 12 and the owner ID block 13 contains the user's public key and the owner's public key. They can be stored as plaintext, as they are public information in the environment. Alternatively, the whole access message can be encrypted, one which will be kept by the owner with his public key while another one for a user with the user's public key. These two messages should be linked together, which requires an extra index information (a table with message identifiers, public keys, and asset IDs) which will help the system to operate in an efficient way. To avoid privacy problems such index information should be divided and distributed among user physical keys. The two asset blocks 14a, 14b contain identical information about an asset: the asset ID pointing to the content file, the asset key used for asset encryption, and the asset rights granted to the user. One block is encrypted with the user's public key, and is thus only readable by the user with his physical key (because the private key of the key-pair, which is necessary to decrypt the block, is inside the physical key). The other block is encrypted with the owner's public key. This block is required when the owner wants to change the message (e.g. the access rights) to the user.

The signature block 15 is required to ensure that no one else can misuse the access message (e.g. fake the ownership or to do anything to the content which is not authorized by the owner). The signature block contains a hashing of the other four blocks, including the encrypted asset blocks, created by the physical key of the owner. The hashing ensures the integrity of every bit in the four blocks. The signature block is then encrypted by the owner's private key: this ensures that only the owner's physical key can create this signature. Any physical key can verify the owner of the message by decrypting the signature block using the owner's public key and comparing the hashing in the signature and the one created by the user's physical key.

The owner uses the same access message mechanism to access his content. In this case, the message has full access rights in the asset block and the user ID block and owner ID block are identical. Protecting private content

In order to protect a plaintext content (e.g. photos downloaded from a camera) as private content, a user plugs in his physical key to authenticate to the system and open his/her private environment Ia of the server 1, and stores the content file in his private domain. This user action is completed as following, with reference to fig 3: 1) the secure subsystem 2 receives a request to protect the plaintext content file,

(step 31)

2) the subsystem 2 requests the physical key 3 to create a new private asset with the ownership access message 10 and the asset key, (step 32)

3) the subsystem 2 receives the asset key and encrypts the content, (step 33) 4) the encrypted content and the ownership access message are then stored on the server 1, (step 34)

5) the plaintext file is then removed and only the owner can access the content.

(step 35)

Unveiling private content An owner can publish his private content by decrypting the content and storing it in plaintext. Using the owner's physical key 3 the server 1 will ask the owner to complete the authentication procedure again (e.g. using password or bio-matrix), before it starts publishing the content. After publishing, the server cleans up the old access messages and announces the content to other users. Controlled sharing

In his private environment an owner can grant sharing rights of a content file to other users by selecting a user or a group of users and to specify access rights to them. The process is shown in figure 4: 1) The server 1 confirms the grant of sharing rights, (step 41)

2) the server 1 sends the ownership access message of the content, together with the selected users' public keys and the granted access rights, to the owner's physical key 3, (step 42)

3) the physical key 3 checks validity of the ownership access message (signature and ownership), (step 43)

4) the physical key 3 creates and signs access messages for all selected users, accordingly, (step 44)

5) selected users can access the shared content with the created access message, using their physical keys 3. The validity check in step 3) is performed by decrypting the signature block of the ownership access message with the owner's public key and comparing the result of decryption with the generated hash of the access message. The physical key also checks if the owner's public key (corresponding to the private key stored in the physical key) appears in the owner ID block of the message. In this way only the owner can create access messages for sharing, which prohibits second-generation sharing propagation.

Consequently, only the owner can change the sharing rights granted to a user. In his private environment the owner can decrypt the asset block encrypted with the owner's public key, and see the sharing rights in the access message of the content for the user. The owner can change the rights, ask his physical key to create a new access message for the user with the new rights and then delete the old message.

According to the present invention an owner can transfer the ownership of his content in an offer-accept way. A preferred embodiment of the present invention is illustrated in figure 5. First, in step 51, when the owner (first user) has selected a second user to take over the ownership of a content, the owner's physical key 3 creates a special access message with an Ownership takeover' right to the user. If the ownership access message is:

{PKowneri, PKowneri, EPKowneri[AssetID, Rights=Ownership, Assetkey], Epκowneri[AssetID, Rights=Ownership, Assetkey] }signSKθwneri, (eq. 1) then the special access message would be:

(PK0WnCr2, PKowneri, EPKowner2[AssetID, Rights=TakeOwnership, Assetkey], Epκowneri[AssetID, Rights=TakeOwnership, Assetkey] }signSKθwneri. (eq. 2)

The system 2 then (step 52) sends the message (eq 2) to the user to whom the offer is made. When the private environment of the receiving user has seen the special access message, the user's physical key 3 checks the ownership-transferring offer (step 53). For example, the owner can send his physical key certificate for the public key to enable such check. The user can choose to refuse or accept the offer (step 54).

If the user accepts the offer, he communicates this to his subsystem 2 in a suitable way. The system can then start to complete the transferring: First, in step 55, the new owner's physical key creates a new ownership access message (eq 3) using the special access message (eq 2):

(PK0WnCr2, PKowner2, EPKowner2[AssetID, Rights=Ownership, Assetkey],

EpKowner2[AssetID, Rights=Ownership, Assetkey] }signSKθwner2. (eq. 3)

The new owner (second user) preferably changes the asset key and re-encrypts the content to ensure a full ownership takeover. The subsystem 2 will then generate a new Asset key (AssetkeyNew) and re-encrypt this private content so that step 55 instead of the access message given in eq 3 the system 2 of the new owner will produce an ownership access message as in eq. 4:

(PKOWner2, PKoWner2, EPKowner2[AssetID, Rights=Ownership, AssetkeyNew], Epκowner2[AssetID, Rights=Ownership, AssetkeyNew] }signsκOwner2. (eq. 4)

After the transfer, the new owner has his ownership access message on his system, which is independent on any other party. He thus has full control of the content.

After taking over the content, the new owner's physical key creates (step 56) a special access message for the old owner (owner 1) with a 'clean-up' right:

(PKowneri, PKoWner2, EPKowneri[AssetID, Rights=Clean-upOwnership, Assetkey], Epκowner2[AssetID, Rights=Clean-upOwnership, Assetkey] }signSκowner2. (eq. 5) This access message (eq 5) is sent to the old owner (step 57). When the old owner's subsystem 2 sees the 'clean-up' message (eq 5), it removes (or revokes) the old access messages (step 58), which include messages for the old owner himself, the old sharing users, and for the transferring. In case the old sharing access messages were together with the content distributed to old sharing users, the system revokes them (using e.g. a black revocation list). Optionally, the old owner's system 2 can send to the new owner a signed confirmation that the old ownership is cleaned-up (step 59). The confirmation message in step 59 ensures the new owner that the old owner cannot claim the ownership anymore.

It is obvious that the ownership message given in (1) can be easily copied. So, a dishonest old owner can copy a message (1) before the transfer, and then after the transfer try to introduce to the system the copy of that message, so that he can maintain the ownership. To counter such behavior, the physical key 3 of the old owner can permanently store messages (eq 2) and (eq 5) as proofs for the revocation of the ownership message (eq 1). Therefore, if the old owner tries later to reintroduce a copy of the ownership message his physical key 3 will refuse that message.

The old owner might also try to claim that he has never received the Clean-up Message (eq 5). This is handled by step 59, which involves confirmation that the old ownership is cleaned-up. Similarly, the physical key of the new owner can permanently store messages (eq 2) and the confirmation of the cleaning-up of the old ownership as legal proofs of the ownership transfer. Using these messages the new owner can legally prove his ownership.

Note that all old sharing relations are removed as a result of the transfer. The new owner may grant sharing rights to other users, but it is his responsibility to ensure these rights. According to one alternative, the new owner can send to the old owner instead of the clean-up message (eq 5) an access message which in addition to the clean-up also will state that the sharing should be restored. Such a "delete and restore" message could look like:

{PKowneri, PKoWner2, EPKowneri[AssetID, Rights=Clean-upOwnership and RestoreRights, Assetkey], EPKowner2[AssetID, Rights=Clean-upOwnership and RestoreRights, Assetkey]}signSKowner2. (eq. 6)

In response to this message, the old owner can collect relevant information from all non-private sharing access messages related to this piece of content and send it to the new owner. Alternatively, the sharing users could also provide the new owner with this information. Consequently, the new owner will be able to produce new valid access messages for the sharing users and subsequently update sharing users with new access messages. These new access messages will have the format:

{PKuseri, Pkowner2, EPKuseri [AssetID, Rights=Use, Assetkey], EPKθwner2[AssetID, Rights=Use, Assetkey] }signSKowner2. (eq. 7)

Note that the transfer of old sharing relations from the old to the new owner might raise some privacy issues. Namely, sharing relations might be private, i.e. either the old owner or the users with whom he shared the content might not want the new owner to know these existing sharing relations. Furthermore, the new owner might want to stay anonymous towards the users with whom the old owner shared the content. Even the old and the new owner might want the process of ownership transfer to be private towards sharing- users.

The diagram in figure 6 describes a process of transferring sharing relations, which solves privacy issues. First, in step 61, it is determined if the sharing relations established by the previous owner (first user) are private. If this is the case, the sharing relations are deleted by the first user (step 62), and the process is terminated. If the sharing relations are not considered private by the first user, in step 63 it is determined if any sharing relations are private for the user being granted these rights. If this is the case, any such sharing rights are deleted in step 64, before the process moves on to step 65.

When the process reached step 65, a list of sharing relations has been established that are not private for the previous owner nor the users who have been granted these rights. In step 65, communication takes place between the first user and the second user to allow the second user to decide, for each specific sharing relation, if it should be maintained.

If no, this particular sharing relation is deleted (step 66). If yes, the old owner provides the new owner with the details of this sharing relation (step 67), and the new owner re-establishes this sharing relation according to eq 7 above. Optionally, the new owner can offer sharing to the old sharing users in an offer-accept way (similar to the protocol in figure 5). The described functionality of the herein discussed embodiments can be implemented by suitable software in the personal security devices of the users (physical keys) 3 as well as in the secure system 2. However, it should be noted that parts of the functionality instead, or in combination, can be implemented as hardware, e.g. as dedicated circuits in the physical keys 3.

The person skilled in the art realizes that the present invention by no means is limited to the preferred embodiments described above. On the contrary, many modifications and variations are possible within the scope of the appended claims. For example, in a case where the ownership of the personal content is registered by a third party, the protocol according to the present invention should be accordingly adopted. Alternatively, simultaneous contract signing with an arbitrator (which is in this case exactly the third party who registers the ownership) can also be used.

Claims

1. A method for ownership transfer of digital content, in a secure system using digital rights management (DRM) to handle user access to stored content, said method comprising: receiving instructions from a first user being a current owner of a piece of content to transfer ownership of said piece of content to a second user, granting (step 51) said second user an ownership takeover right to said piece of content, said ownership takeover right only being grantable by a current owner, receiving an accept (step 57) from said second user, and identifying said second user as new current owner of said piece of content (step 55).
2. The method according to claim 1, further comprising changing an encryption key used to encrypt the piece of content (step 55).
3. A method according to claim 1, wherein said secure system uses access messages for digital rights management, and wherein said ownership takeover right is granted by creating a first access message (eq 2) defining said piece of content, identifying said first user as current owner of said piece of content, and specifying said ownership takeover right granted by said first user to said second user, and wherein a second access message (eq 3) is created in response to said accept from said second user, said second access message identifying said second user as new current owner of said piece of content.
4. The method according to claim 1, further comprising: granting said first user a clean-up ownership right to said piece of content (step 56), and in response to said clean-up ownership right, deleting or revoking any ownership rights of said first user to said piece of content (step 58).
5. The method according to claim 4, wherein said secure system handles digital rights by means of access messages, and wherein said clean-up ownership right is granted by creating a third access message (eq 5) identifying said second user as new current owner of said piece of content and specifying said clean-up ownership right granted by said second user to said first user, and wherein, in response to said clean-up ownership right, any access message related to said piece of content and identifying said first user as current owner is deleted or revoked.
6. The method according to claim 1, wherein each user is authenticated by the system using a private key-public key pair (SK, PK).
7. The method according to claim 6, wherein said private key is securely stored in a personal security device (3).
8. The method according to claim 6, wherein said secure system handles digital rights by means of access messages, and wherein each access message comprises the public key (13) of the current owner, and an encryption key, used to encrypt the content identified in the message, said encryption key being encrypted by the public key of said current owner.
9. The method according to claim 8, wherein each access message granting rights to another user comprises the public key (12) of the user to whom a right is granted, said right and said encryption key, said right and said encryption key being encrypted by the public key of said user.
10. The method according to claim 3, wherein said first access message contains a signature (15) of the first user, which has been encrypted using the private key of the first user.
11. The method according to claim 1 , further comprising said second user granting rights to access said piece of content corresponding to rights previously granted by said first user.
12. The method according to claim 11, wherein said rights are granted by: receiving (step 67) from said first user information about any right granted by said first user, which is not privacy-sensitive to any related users, and re-establishing selected ones of the rights (step 68).
13. The method according to claim 12, wherein any right granted by said first user, which is privacy sensitive to any related users, is deleted or revoked (step 62, 64).
14. The method according to claim 12, wherein said related users include at least one of said first user, said second user, and a user being granted rights by said first user.
15. The method according to claim 7, wherein revocation of a right is effected by including said right in a list comprising all revoked rights, said revocation list being stored on said personal security device 3.
16. A system for sharing digital content, each piece of content having a unique owner, comprising: a digital rights management (DRM) system for handling user access to said content, means (2, 3) for receiving instructions from a first user being a current owner of a piece of content to transfer ownership of said piece of content to a second user, means (2, 3) for granting said second user an ownership takeover right to said piece of content, said ownership takeover right only being grantable by a current owner, means (2, 3) for receiving an accept from said second user, and means (2, 3) for identifying said second user as new current owner of said piece of content, thereby effecting transfer of ownership of said piece of content from said first user to said second user.
17. A computer program product, comprising computer program code portions, adapted to, when run on a computer processor, perform the steps of claim 1.
PCT/IB2007/050249 2006-01-30 2007-01-25 Secure transfer of content ownership WO2007086015A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP06101010.4 2006-01-30
EP06101010 2006-01-30

Publications (2)

Publication Number Publication Date
WO2007086015A2 true WO2007086015A2 (en) 2007-08-02
WO2007086015A3 WO2007086015A3 (en) 2008-01-03

Family

ID=38181175

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2007/050249 WO2007086015A2 (en) 2006-01-30 2007-01-25 Secure transfer of content ownership

Country Status (1)

Country Link
WO (1) WO2007086015A2 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008134216A1 (en) * 2007-04-25 2008-11-06 General Instrument Corporation Method and apparatus for enabling digital rights management in file transfers
US20120110642A1 (en) * 2010-10-29 2012-05-03 Nokia Corporation Method and apparatus for granting rights for content on a network service
EP2880582A1 (en) * 2012-08-06 2015-06-10 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment
US9369455B2 (en) 2012-04-27 2016-06-14 Intralinks, Inc. Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment
US9397998B2 (en) 2012-04-27 2016-07-19 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys
US9514327B2 (en) 2013-11-14 2016-12-06 Intralinks, Inc. Litigation support in cloud-hosted file sharing and collaboration
US9547770B2 (en) 2012-03-14 2017-01-17 Intralinks, Inc. System and method for managing collaboration in a networked secure exchange environment
US9553860B2 (en) 2012-04-27 2017-01-24 Intralinks, Inc. Email effectivity facility in a networked secure collaborative exchange environment
US9613190B2 (en) 2014-04-23 2017-04-04 Intralinks, Inc. Systems and methods of secure data exchange
WO2017194231A1 (en) * 2016-05-12 2017-11-16 Koninklijke Philips N.V. Digital rights management for anonymous digital content sharing
US10033702B2 (en) 2015-08-05 2018-07-24 Intralinks, Inc. Systems and methods of secure data exchange
US10037436B2 (en) 2015-12-11 2018-07-31 Visa International Service Association Device using secure storage and retrieval of data

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1271279A2 (en) * 2001-06-27 2003-01-02 Microsoft Corporation Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out/checking in the digital license to/from the portable device or the like
US20030187801A1 (en) * 2002-03-26 2003-10-02 Microsoft Corporation Content revocation and license modification in a digital rights management (DRM) system on a computing device
US20050044016A1 (en) * 2002-03-27 2005-02-24 Convergys Information Management Group, Inc. System and method for securing digital content
WO2005093989A1 (en) * 2004-03-29 2005-10-06 Smart Internet Technology Crc Pty Limited Digital license sharing system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1271279A2 (en) * 2001-06-27 2003-01-02 Microsoft Corporation Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out/checking in the digital license to/from the portable device or the like
US20030187801A1 (en) * 2002-03-26 2003-10-02 Microsoft Corporation Content revocation and license modification in a digital rights management (DRM) system on a computing device
US20050044016A1 (en) * 2002-03-27 2005-02-24 Convergys Information Management Group, Inc. System and method for securing digital content
WO2005093989A1 (en) * 2004-03-29 2005-10-06 Smart Internet Technology Crc Pty Limited Digital license sharing system and method

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8140439B2 (en) 2007-04-25 2012-03-20 General Instrument Corporation Method and apparatus for enabling digital rights management in file transfers
WO2008134216A1 (en) * 2007-04-25 2008-11-06 General Instrument Corporation Method and apparatus for enabling digital rights management in file transfers
US9449154B2 (en) 2010-10-29 2016-09-20 Nokia Technologies Oy Method and apparatus for granting rights for content on a network service
US20120110642A1 (en) * 2010-10-29 2012-05-03 Nokia Corporation Method and apparatus for granting rights for content on a network service
US9135664B2 (en) 2010-10-29 2015-09-15 Nokia Corporation Method and apparatus for granting rights for content on a network service
US9547770B2 (en) 2012-03-14 2017-01-17 Intralinks, Inc. System and method for managing collaboration in a networked secure exchange environment
US9654450B2 (en) 2012-04-27 2017-05-16 Synchronoss Technologies, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys
US9369454B2 (en) 2012-04-27 2016-06-14 Intralinks, Inc. Computerized method and system for managing a community facility in a networked secure collaborative exchange environment
US9397998B2 (en) 2012-04-27 2016-07-19 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys
US9369455B2 (en) 2012-04-27 2016-06-14 Intralinks, Inc. Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment
US9807078B2 (en) 2012-04-27 2017-10-31 Synchronoss Technologies, Inc. Computerized method and system for managing a community facility in a networked secure collaborative exchange environment
US10142316B2 (en) 2012-04-27 2018-11-27 Intralinks, Inc. Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment
US10356095B2 (en) 2012-04-27 2019-07-16 Intralinks, Inc. Email effectivity facilty in a networked secure collaborative exchange environment
US9596227B2 (en) 2012-04-27 2017-03-14 Intralinks, Inc. Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment
US9553860B2 (en) 2012-04-27 2017-01-24 Intralinks, Inc. Email effectivity facility in a networked secure collaborative exchange environment
EP2880582A4 (en) * 2012-08-06 2016-04-20 Intralinks Inc Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment
EP2880582A1 (en) * 2012-08-06 2015-06-10 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment
AU2013299720B2 (en) * 2012-08-06 2019-07-18 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment
US10346937B2 (en) 2013-11-14 2019-07-09 Intralinks, Inc. Litigation support in cloud-hosted file sharing and collaboration
US9514327B2 (en) 2013-11-14 2016-12-06 Intralinks, Inc. Litigation support in cloud-hosted file sharing and collaboration
US9613190B2 (en) 2014-04-23 2017-04-04 Intralinks, Inc. Systems and methods of secure data exchange
US9762553B2 (en) 2014-04-23 2017-09-12 Intralinks, Inc. Systems and methods of secure data exchange
US10033702B2 (en) 2015-08-05 2018-07-24 Intralinks, Inc. Systems and methods of secure data exchange
US10037436B2 (en) 2015-12-11 2018-07-31 Visa International Service Association Device using secure storage and retrieval of data
WO2017194231A1 (en) * 2016-05-12 2017-11-16 Koninklijke Philips N.V. Digital rights management for anonymous digital content sharing

Also Published As

Publication number Publication date
WO2007086015A3 (en) 2008-01-03

Similar Documents

Publication Publication Date Title
CA2341784C (en) Method to deploy a pki transaction in a web browser
US8838977B2 (en) Watermark extraction and content screening in a networked environment
CN100576148C (en) System and method for providing key operation of safety server
CN101043319B (en) Digital content protective system and method
CN1668002B (en) Encryption and data-protection for content on portable medium
CN103366102B (en) Digital rights management system for content delivery and distribution
US6950941B1 (en) Copy protection system for portable storage media
CA2456400C (en) Publishing digital content within a defined universe such as an organization in accordance with a digital rights management (drm) system
CA2457938C (en) Enrolling/sub-enrolling a digital rights management(drm) server into a drm architecture
US8336105B2 (en) Method and devices for the control of the usage of content
CN100403209C (en) Method and device for authorizing content operations
RU2350038C2 (en) Forced interlinking of digital license with user and forced interlinking of user with several computing mechanisms in digital content rights management system (drm)
KR100493900B1 (en) Method for Sharing Rights Object Between Users
US8387154B2 (en) Domain management for digital media
CA2457291C (en) Issuing a publisher use license off-line in a digital rights management (drm) system
JP4418648B2 (en) System and method for issuing a license to use the digital content and services
JP4795727B2 (en) Method, storage device, and system for restricting content use terminal
JP4664352B2 (en) Move or copy to a method and apparatus RO between the device and the portable storage device
US8364984B2 (en) Portable secure data files
KR101100385B1 (en) Method and apparatus for digital rights management by using certificate revocation list
US7296147B2 (en) Authentication system and key registration apparatus
JP4149150B2 (en) Transmission distribution system and transmission distribution method in an offline environment license
CN102111274B (en) A platform and method for establishing provable identities while maintaining privacy
JP4750352B2 (en) How to get a digital license for digital content
EP1579621B1 (en) Domain-based digital-rights management system with easy and secure device enrollment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE