WO2008090402A1 - A system and method of transferring digital rights to a media player in a drm environment - Google Patents

A system and method of transferring digital rights to a media player in a drm environment Download PDF

Info

Publication number
WO2008090402A1
WO2008090402A1 PCT/IB2007/002434 IB2007002434W WO2008090402A1 WO 2008090402 A1 WO2008090402 A1 WO 2008090402A1 IB 2007002434 W IB2007002434 W IB 2007002434W WO 2008090402 A1 WO2008090402 A1 WO 2008090402A1
Authority
WO
WIPO (PCT)
Prior art keywords
media player
key
content
unique
content object
Prior art date
Application number
PCT/IB2007/002434
Other languages
French (fr)
Inventor
Martin Weiss
William Jacob Hayes
Eckart Zollner
Original Assignee
Psitek (Proprietary) Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Psitek (Proprietary) Limited filed Critical Psitek (Proprietary) Limited
Publication of WO2008090402A1 publication Critical patent/WO2008090402A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A system is provided in which a DRM service platform (2) is configured to dispense rights objects (RO) to media players (1) that are uniquely identifiable by way of unique identification data (GUID) with the digital media files encrypted into content objects (CO) that require a content object key (COk) in order to decrypt the content thereof and make it available, in real¬ time. The content object key is embodied in a rights object that is in turn transmitted to a particular media player in an encrypted format capable of decryption utilising at least some of the unique identification data of the particular media player and each media player has a processor capable of decrypting content objects in real-time to render the digital media files usable. Computer means (6) are interposed between a DRM service platform and a media player and are configured to share a unique interface key (IK) for communications with each unique media player and to decrypt a rights object received from the DRM service platform to retrieve the content object key contained therein and re-encrypt it with the unique interface key for onward transmission to the particular media player that is enabled to decrypt the content object key utilising its unique interface key.

Description

A SYSTEM AND METHOD OF TRANSFERRING DIGITAL RIGHTS TO A MEDIA PLAYER IN A DRM ENVIRONMENT
FIELD OF THE INVENTION
This invention relates to a system and method of transferring digital rights to a digital media player, typically a portable media player of the general type having suitable memory and processing ability such as those sold under the trade name "I-POD™" by or on behalf of Apple Computers, with the transfer taking place in a DRM (Digital rights management) environment.
More particularly, the invention relates to a system and method in which the processing ability of a media player may be reduced from that typically required in certain DRM environments, in particular ones such as that of the MICROSOFT™ Direct Digital Rights Management (DRM) solution.
It is to be understood that in this specification the term "digital rights" is intended to mean the relevant enablement to play certain encrypted content of a digital media file on a particular media player. The invention is concerned with a system in which limited entitlement is embodied in a rights object (RO) that also embodies an encrypted content object key (COk) that needs to be extracted by decrypting the rights object (RO) so that it can be used in real time to decrypt the digital media file contained in encrypted form in a content object (CO). The encryption of a digital media file to form the content object would typically take place in association with a DRM platform where the content object key is used and the content object key is embodied in the rights object (RO) generally at a subsequent time upon request received from a media player. The digital media player has a global unique identifier (GUID) that is also embodied in the rights object (RO) to render the rights object usable only on that particular media player. The content object and rights object may thus follow different commercial chains and are regularly acquired at different times.
BACKGROUND TO THE INVENTION
Currently, as indicated in Figure 1, a portable media player (1) that is operated in a DRM environment such as the MICROSOFT™ Direct Digital Rights Management (DRM) solution requires a relatively fast and powerful microprocessor to handle the initial decryption transactions when acquiring a rights object (RO) from a DRM service platform (2). Typically, such a DRM solution requires a media player to communicate with the DRM service platform via the internet or any other connection (3). When connected, the media player is able to transact with the DRM service platform and request a rights object (RO) that encapsulates the rights actually made available to the particular media player in respect of a particular content object (CO) being the encrypted data that encapsulates the particular audio, audiovisual or other work that has been requested. The transfer takes place with the media player directly connected (usually by way of a PC or other computer (4) as a host, conveniently using a USB or other suitable port) to the DRM service platform.
The rights object (RO) in the system under consideration, as indicated above, embodies an embedded content object key (COk) that is necessary in order to unlock the actual data from the particular content object (CO) with which it is associated in real-time to enable it to be played. The arrangement is such that only the particular media player can decrypt the rights object (RO) and thus retrieve the content object key (COk).
During the session of connectivity, the media player sends a number of packets of information to the DRM service platform including a public key (Pp), a digital certificate (P0) and the global unique identifier (GUID) of the particular media player, as indicated in Figure 1. The DRM service platform authenticates the public key against the digital certificate and, if valid, at least in the instance of the proprietary MICROSOFT™ Direct Digital Rights Management (DRM) solution, the DRM service platform makes use of this unique information to encrypt the requested rights object (RO) that embodies the necessary content object key (COk). The encrypted rights object (RO) is then sent to the media player as indicated in Figure 2.
The media player may then use its unique secret key (Ps) to decrypt the rights object in a decryption process that is sophisticated (and, in this instance, proprietary to MICROSOFT™) as is indicated in Figure 3. Once the rights object (RO) has been decrypted, the player has access to the content object key (COk) that is required by the player to finally decrypt the content.
The player is then able to use the content object key (COk) in an algorithm that in real-time decrypts the content object thus exposing the media file that is able to be played by the electronics of the player, as indicated in Figure 4.
It can be seen that there are two decryption processes that take place within the media player, namely to decrypt the received rights object (RO) with the secret key (Ps) of the media player to expose the content object key (COk) as indicated Figure 3; and to decrypt the content object CO with the content object key (COk) to expose the playable media (5) in real time as indicated in Figure 4.
The decryption process for exposing the content object key (COk) requires a relatively powerful processor to handle the decryption algorithms that involve the manipulation of numbers with a large amount of digits (possibly up to 1024 bits). The decryption process for playing the content using the content object key (COk), on the other hand, is not as power intensive and can be performed by a relatively simple processor.
The result is that digital media of the type under consideration, may be unaffordable to a large sector of a population simply by virtue of the equipment required for decrypting the rights object being too costly. Applicant believes that such a situation is not in the interests of either the rights owners or would-be users of the rights.
OBJECT OF THE INVENTION
It is an object of this invention to provide a system and method of transferring digital media files to a digital media player that is less demanding on the processing power of a media player itself yet still honouring the DRM robustness.
SUMMARY OF THE INVENTION
In accordance with one aspect of this invention there is provided a system of the type in which a DRM service platform is configured to dispense rights objects to media players that are uniquely identifiable by way of unique identification data with the digital media files encrypted into content objects that require a content object key in order to decrypt the content thereof and make available, in real-time, the digital media files, and wherein a content object key is embodied in a rights object that is in turn transmitted to a particular media player in an encrypted format capable of decryption utilising at least some of the unique identification data of the particular media player, and wherein each media player has a processor capable of decrypting content objects in real-time to render the digital media files usable, the system being characterised in that computer means are interposed between a DRM service platform and a media player and are configured to share a unique interface key for communications with each unique media player and wherein the computer means is further configured to decrypt a rights object received from the DRM service platform to retrieve the content object key contained therein and re-encrypt it with a unique interface key for onward transmission to the particular media player that is enabled to decrypt the content object key utilising its unique interface key.
Further features of the invention provide for the computer means to include a computer and a uniquely identifiable memory unit, typically a smartcard but optionally any other secure processor unit with the decrypting and encrypting capabilities required in the event that it has been provided with unique identification data, in particular, a public key, a private key, and a certificate; for the unique identification data of the media player to include a global unique identifier, a media player public key and media player secret key, and a certificate; and for the generation of the interface keys to be carried out by an independent key management server.
It will be understood that, utilising a system as defined above, the power intensive initial decryption described above is handled by the computer means instead of by the media player, thus allowing the use of a less expensive and less power intensive processor in the media player itself. In the event that a smartcard is employed, the computer acts as a conduit for communications between the smartcard and the media player.
In order that the invention may be more fully understood an expanded description of one embodiment thereof will now follow. BRIEF DESCRIPTION OF THE DRAWINGS
In the drawings:-
Figure 1 illustrates schematically the transfer of a media player's unique identification data to a DRM service platform in an existing system;
Figure 2 illustrates the treatment of a rights object for transmission to a media player in an existing system;
Figure 3 illustrates the treatment in an existing system of a rights object in a media player to decrypt it;
Figure 4 illustrates the retrieval of the content object key and its use in association with the content object to release the digital media file;
Figure 5 illustrates the generation of an interface key for a particular media player in accordance with the present invention; and,
Figure 6 illustrates the acquisition and decryption of a rights object from a DRM service platform in terms of the present invention.
DETAILED DESCRIPTION WITH REFERENCE TO THE DRAWINGS
In order to implement the invention and secure communications between a media player (1) and computer means (6) utilised according to the invention, it is required that the two devices share a common interface key so that each media player has a unique interface key (IK). The computer means would therefore have to securely cache a unique interface key for each player and in this embodiment of the invention a smartcard (7) is used as a cache facility with the smartcard being used in conjunction with a computer (8) only for the duration of the transaction. A smartcard is employed in this embodiment of the invention for security reasons, in particular, the perception of the high degree of security afforded by a smartcard.
It is envisaged that in a system in which multiple media dispensers are available for customers with media players to acquire content objects of their choice, one smartcard could be employed per media dispenser or, if a media dispenser is operated by a plurality of independent operators, each operator could use their own smartcard.
With reference in particular to Figure 5, a secure link between the media player and the smartcard is required and this is achieved in the following way.
During personalization of the smartcard it is programmed with a public key (Sp), a private key (Ss) and a certificate (S0) such that when it is connected to a computer, and the media player sends its global unique identifier (GUID) to the computer a communications channel is set up between the computer and the smartcard whereupon the computer requests the smartcard's public key (Sp) and certificate (Sc).
The computer then establishes a communications channel with a key management server (KMS) (9) (back end server) and the computer forwards the global unique identifier of the media player as well as the smartcards' public key (Sp) and certificate (Sc) to the key management server. The key management server uses the received global unique identifier as a look-up index for that particular media player's interface key (IK). The key management server uses the smartcards' certificate to authenticate the smartcard's public key. The key management server, using a strong security framework such as a public key infrastructure (PKI) like RSA or ECC, encrypts the player's interface key using the smartcard's public key (Sp) and forwards it to the smartcard via the computer. The smartcard is able to decrypt the message using its private key and thereby extract the media player's interface key.
The interface key is then used to encrypt and decrypt all communications between the media player and the smart card. A secure communications channel has thus been created between the media player and the smartcard.
The smartcard then acts as a secure proxy for the media player when requesting a rights object (RO) from the DRM service platform, extracting the content object key (COk) and forwarding the content object key (COk) to the media player as follows:
The media player encrypts its secret key with its interface key and sends it securely to the smartcard via the computer. The smartcard uses the interface key to decrypt the players' secret key. The smartcard requests a rights object (RO) from the DRM service platform via the computer by forwarding the media players' public key, certificate and global unique identifier. The DRM service platform authenticates the players' public key using the players' certificate; encrypts the rights object (RO) using the players public key as well as any other operation that is required by the DRM service platform. This encrypted rights object (RO) package is forwarded to the smartcard via the computer.
The smartcard uses the media players' secret key and any other operation required by the DRM service platform to decrypt the rights object (RO) thus exposing the content object key (COk). The smartcard encrypts the content object key (COk) and other rights object information using the interface key and the smartcard forwards this data via the computer to the media player. The media player decrypts this data using the interface key and the media player uses the content object key (COk) to access the content in the content object, namely the digital media file.
The player stores the content object key (COk) in a secure area of its memory.
The content object itself, encrypted in the usual way, may be sent to the media player via the computer prior to the above process so that it is available when the content object key becomes available, or it may be acquired in any other permissible manner.
It will be appreciated that all DRM steps and functions required in order to fulfil licensing requirements are still present, the only difference being that the power intensive initial decryption portion is handled externally of the media player, thus allowing the use of a less expensive, less power intensive processor to be incorporated in the player. Also, implementation of the invention does not adversely affect any report back function between a media player and the relevant DRM platform, particularly as regards compliance with terms of the rights object, communications simply being conducted by way of the interposed computer means.
Numerous variations may be made to the system described above without departing from scope hereof.

Claims

CLAIMS:
1. A system of the type in which a DRM service platform (2) is configured to dispense rights objects (RO) to media players (1) that are uniquely identifiable by way of unique identification data (GUID) with the digital media files encrypted into content objects (CO) that require a content object key (COk) in order to decrypt the content thereof and make available, in real-time, the digital media files, and wherein a content object key is embodied in a rights object that is in turn transmitted to a particular media player in an encrypted format capable of decryption utilising at least some of the unique identification data of the particular media player, and wherein each media player has a processor capable of decrypting content objects in real-time to render the digital media files usable, the system being characterised in that computer means (6) are interposed between a DRM service platform and a media player and are configured to share a unique interface key (IK) for communications with each unique media player and wherein the computer means is further configured to decrypt a rights object received from the DRM service platform to retrieve the content object key contained therein and re-encrypt it with the unique interface key for onward transmission to the particular media player that is enabled to decrypt the content object key utilising its unique interface key.
2. A system as claimed in claim 1 in which the computer means include a computer (8) and a uniquely identifiable memory unit.
3. A system as claimed in claim 2 in which the uniquely identifiable memory unit is a smartcard (7).
4. A system as claimed in either one of claims 2 or 3 in which the uniquely identifiable memory unit has a processor unit with required decrypting and encrypting capabilities.
5. A system as claimed in claim 4 in which unique identification data of the uniquely identifiable memory unit includes a public key (Sp), a private key (Ss) and a certificate (Sc).
6. A system as claimed in any one of the preceding claims in which the unique identification data of the media player includes a global unique identifier (GUID), a media player public key (Pp), and media player secret key (Ps), and a digital certificate (Pc).
7. A system as claimed in any one of the preceding claims in which the interface keys are retained and managed by an independent key management server (9).
PCT/IB2007/002434 2007-01-25 2007-08-24 A system and method of transferring digital rights to a media player in a drm environment WO2008090402A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA2007/00693 2007-01-25
ZA200700693 2007-01-25

Publications (1)

Publication Number Publication Date
WO2008090402A1 true WO2008090402A1 (en) 2008-07-31

Family

ID=39304166

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2007/002434 WO2008090402A1 (en) 2007-01-25 2007-08-24 A system and method of transferring digital rights to a media player in a drm environment

Country Status (1)

Country Link
WO (1) WO2008090402A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013033807A1 (en) * 2011-09-07 2013-03-14 Irdeto Canada Corporation Method and system for enhancing content security
CN111600934A (en) * 2020-04-20 2020-08-28 星络智能科技有限公司 Storage medium, intelligent central control equipment and pushing authentication method thereof

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004038568A2 (en) * 2002-10-22 2004-05-06 Koninklijke Philips Electronics N.V. Method and device for authorizing content operations
WO2006051494A1 (en) * 2004-11-15 2006-05-18 Koninklijke Philips Electronics N.V. Improved revocation in authorized domain
EP1686757A1 (en) * 2005-01-28 2006-08-02 Thomson Licensing S.A. Method for managing consumption of digital contents within a client domain and devices implementing this method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004038568A2 (en) * 2002-10-22 2004-05-06 Koninklijke Philips Electronics N.V. Method and device for authorizing content operations
WO2006051494A1 (en) * 2004-11-15 2006-05-18 Koninklijke Philips Electronics N.V. Improved revocation in authorized domain
EP1686757A1 (en) * 2005-01-28 2006-08-02 Thomson Licensing S.A. Method for managing consumption of digital contents within a client domain and devices implementing this method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013033807A1 (en) * 2011-09-07 2013-03-14 Irdeto Canada Corporation Method and system for enhancing content security
CN111600934A (en) * 2020-04-20 2020-08-28 星络智能科技有限公司 Storage medium, intelligent central control equipment and pushing authentication method thereof

Similar Documents

Publication Publication Date Title
US7975312B2 (en) Token passing technique for media playback devices
AU2005223902B2 (en) Authentication between device and portable storage
JP4366037B2 (en) System and method for controlling and exercising access rights to encrypted media
US6684198B1 (en) Program data distribution via open network
JP2009545229A (en) Method, apparatus and system for securely distributing content
JP2005529433A5 (en)
JP2005102163A (en) Equipment authentication system, server, method and program, terminal and storage medium
WO2010141174A1 (en) Method for performing double domain encryption a memory device
US8417937B2 (en) System and method for securely transfering content from set-top box to personal media player
US20070064936A1 (en) Content data delivery method and content data delivery system and handheld device for use therein
CN101140610B (en) Contents decryption method using DRM card
JP4614377B2 (en) ENCRYPTED DATA MANAGEMENT SYSTEM AND METHOD, STORAGE MEDIUM
JP2003530635A (en) System and method for securely storing confidential information, and digital content distribution device and server used in the system and method
CN101539977B (en) Method for protecting computer software
US9083685B2 (en) Method and system for content replication control
JP2005197912A (en) Method and program for information disclosure control and tamper resistant instrument
JP2000347566A (en) Contents administration device, contents user terminal, and computer-readable recording medium recording program thereon
CN102196304A (en) Method, system and equipment for generating secrete key in video monitoring
CN101009549B (en) Decoding device for the digital copyright management
WO2008090402A1 (en) A system and method of transferring digital rights to a media player in a drm environment
JP4377619B2 (en) CONTENT DISTRIBUTION SERVER AND ITS PROGRAM, LICENSE ISSUING SERVER AND ITS PROGRAM, CONTENT DECRYPTION TERMINAL AND ITS PROGRAM, CONTENT DISTRIBUTION METHOD AND CONTENT DECRYPTION METHOD
JP3868218B2 (en) Content-restricted content display method and apparatus
JP2006129143A (en) Secret information transmission/reception system and method therefor, server apparatus and program, and key information storing apparatus
JP2007159009A (en) Ticket protection method and client
JP2003244136A5 (en)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07804817

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07804817

Country of ref document: EP

Kind code of ref document: A1