WO2011039677A1 - Procédés et dispositifs pour la gestion de contenu - Google Patents

Procédés et dispositifs pour la gestion de contenu Download PDF

Info

Publication number
WO2011039677A1
WO2011039677A1 PCT/IB2010/054249 IB2010054249W WO2011039677A1 WO 2011039677 A1 WO2011039677 A1 WO 2011039677A1 IB 2010054249 W IB2010054249 W IB 2010054249W WO 2011039677 A1 WO2011039677 A1 WO 2011039677A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
content
encrypted content
key
priority
Prior art date
Application number
PCT/IB2010/054249
Other languages
English (en)
Inventor
Changjie Wang
Fulong Ma
Hui Li
Yongliang Liu
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2011039677A1 publication Critical patent/WO2011039677A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]

Definitions

  • the invention relates to methods and devices for managing digital content, in particular to methods and devices for managing encrypted content in a DRM (Digital Rights Management) system.
  • DRM Digital Rights Management
  • DRM is an access control technology that can be used by hardware manufacturers, publishers, copyright holders and individuals to try to impose limitations on the usage of digital content and devices.
  • IPTV Internet Protocol Television
  • the content provider such as a TV station
  • the operator such as a telecom operator
  • the operator has a physical network for distributing the content.
  • the content provider has to ask for the help from the operator, because the operator has the physical network to deliver the content to end users.
  • the general process is as follows: the content provider prepares content and delivers the content to the operator; and then the operator distributes the protected content to the STB on demand.
  • a content provider provides content to an operator and declares a usage limitation in the contract signed by the content provider and the operator.
  • the usage limitation can be a capacity limitation, such as the content can be distributed only to no more than 1 million users, or a time limitation, such as the content is only available in the Chinese New Year period, while the operator has multiple options, such as pay per month and pay per view etc, for providing the content to end users.
  • the operator should follow the business contract signed with the content provider for distributing the content, but there is no technique solution to enforce the operator to act strictly according to the contract.
  • a first device corresponds to a content provider ; a second device corresponds to an operator; and a third device corresponds to an end user.
  • a method of managing encrypted content by a first device comprises the steps of:
  • - generating a license data comprising the right-related data, the priority data and a content key for decrypting said encrypted content, said license data being intended to authorize a second device to use said encrypted content.
  • the first device can authorize the second device to use the encrypted content.
  • the right-related data enables the content provider to impose limitations on the usage of the content.
  • the content key is used for decrypting the encrypted content.
  • the priority data is used for defining the priority levels for the right defined by the content provider and the right defined by the operator. In such a way, the content provider can impose limitations on the usage of the content even if the content is delivered by the operator to the end user, and meanwhile, the operator is allowed to define a personalized usage right for different end users. Both rights defined by the content provider and the operator have been considered and fulfilled.
  • a method of managing encrypted content by a second device is proposed.
  • Said encrypted content is associated with a first license data
  • said first license data is received from a first device and comprises a content key for decrypting said encrypted content
  • said content key is encrypted with a first key.
  • the method comprises the steps of:
  • the third device when the third device receives the re-encrypted content key from the operator, the third device is able to decrypt the re-encrypted content key and as a consequence is able to use the content encrypted by the content key. Therefore, the second device can authorize the third device to use the encrypted content and at the same time, the right defined by the first device, i.e. the content provider, can be guaranteed.
  • the second device i.e the operator
  • the operation of the above two steps i.e. encrypting and decrypting
  • the right defined by the first device cannot be changed by the second device and the second device cannot get the decrypted content key (clean content key).
  • the above two steps which are performed on the second device, could be trusted by the content provider.
  • the above two steps can be implemented in a tamper-proof module and the module can be provided by the content provider.
  • a method of managing encrypted content by a third device comprises the steps of:
  • the user By applying the first right-related data determined by the content provider, the second right-related data determined by the operator and the priority data, the user is allowed to use the encrypted content in the way agreed by the content provider and the operator. Therefore, both the right defined by the content provider and the right defined by the operator can be guaranteed.
  • a first device for managing an encrypted content comprises:
  • a second unit for generating a license data for authorizing a second device to use said encrypted content, the license data comprising the right-related data, the priority data and a content key for decrypting said encrypted content.
  • a tamper-proof module for managing encrypted content is proposed.
  • Said content is associated with a first license data
  • said first license data is received from a first device and comprises a content key for decrypting said encrypted content, said content key being encrypted with a first key.
  • the second device comprises:
  • the first unit and the second unit are safe, and the tamper -proof module can be provided to the operator by the content provider or a third party trusted by the content provider and then be installed in the second device of the operator.
  • a second device for managing encrypted content comprises the above tamper-proof module, wherein said first license data further comprises a first right -related data defining a first right of using said encrypted content, said second device further comprising: - a third unit for generating a second right -related data defining a second right of using said encrypted content; and
  • a fourth unit for generating a second license data comprising the first right -related data, the second right-related data and the re-encrypted content key, said second license data being intended to authorize the third device to use said encrypted content.
  • a third device for managing encrypted content comprises:
  • a receiver for receiving a license data comprising a first right-related data defining a first right of using said encrypted content and a second right -related data defining a second right of using said encrypted content;
  • Fig. 1 depicts a flow chart of the method of managing encrypted content by the first device according to an embodiment of the invention
  • Fig. 2 depicts a flow chart of the method of managing encrypted content by the second device according to an embodiment of the invention
  • Fig. 3 depicts a flow chart of the method of managing encrypted content by the second device according to another embodiment of the invention
  • Fig. 4 depicts a flow chart of the method of managing encrypted content by the third device according to an embodiment of the invention
  • Fig. 5 depicts a schematic block diagram of an embodiment of the first device
  • Fig. 6 depicts a schematic block diagram of a module of the second device
  • Fig. 7 depicts a schematic block diagram of another embodiment of the second device
  • Fig. 8 depicts a schematic block diagram of an embodiment of the third device.
  • Fig. 9 depicts a schematic block diagram of a system according to an embodiment of the invention.
  • Fig. 9 depicts a schematic block diagram of a system 900 according to an embodiment of the invention.
  • the system 900 comprises a first device 500, a second device 700 and a third device 800. Encrypted content is transmitted from the first device 500 to the second device 700 and then from the second device 700 to the third device 800.
  • the first device 500 can be a device at a content provider side
  • the second device 700 can be a device at an operator side
  • the third device 800 can be a device (such as a STB) at an end user side.
  • a method of managing encrypted content performed by the first device 500 is proposed.
  • Fig. 1 depicts a flow chart of the method of managing encrypted content by the first device 500.
  • the method comprises a step 110 of determining a
  • the right-related data defines a right of using the encrypted content and the priority data defines the priority level of the right.
  • the encrypted content could be encrypted by any symmetrical encryption algorithm or asymmetrical encryption algorithm. This invention does not intend to limit the algorithm for encrypting the content.
  • the right defined by the first device 500 illustrates a usage limitation of the content.
  • the right defines an authorization for authorizing the other device to use the content in a designated way.
  • the right can comprise many kinds of limitations, such as the content can only be played and cannot be copied, the content cannot be used more than one thousand times or the content can only be used in a predefined period, such as three months.
  • the priority data can define the priority level of the right. It is assumed that the first device 500 defines a first right via the right -related data which indicates that the content can only be used in a first way; and then the right-related data is transmitted to the second device 700. Later on, the second device 700 needs to distribute the content to a third device 800. For gaining a better interest, according to the business model of the second device 700, the second device 700 may need to define a second right which indicates that the content can only be used in a second way. On the other hand, the first device 500 representing the interest of the content provider needs to protect the content provider's interests by imposing the first right wherever the content is transmitted by the second device 700.
  • the priority data actually defines a rule on how to determine the right of using a content according to many different rights in case the license data related to this content comprises many different right-related data defining different rights of using this content.
  • the different rights for example could be defined according to the way of doing business by the content provider and the operator. There are many ways to define this rule.
  • the right of using the content is determined finally according to the priority data, the first right and the second right.
  • the priority data defines that the content should be used according to the second right if the second right and the first right are in conflict, for example, it is allowed to use the content according to the first right data but it is not allowed to use the content according to the second right data.
  • whether the content is allowed to be used should depend on both the first right data and the second right data in case there is conflict between two rights. For example, according to the first right, the content is only allowed to be played and is not allowed to be copied; however, according to the second right, the content can be both played and copied.
  • the priority data is very beneficial to solve the conflict between rights.
  • the rule defined by the priority data could comprise for example that in case of a conflict, the content's usage right should be decided according to the first right data.
  • the rule could be that the content's usage right should be decided according to the second right data.
  • a third example could be to determine the content's usage right according to the right which indicates a negative result (i.e. the negative result means it is not allowed to use the content or has less usage rights); the rule means that the content cannot be used if any right determines that it is not allowed to use the content, or on the contrary, according to the right which indicates a optimistic result, i.e. the content can be used if any right determines that the usage of the content is allowed.
  • the priority data can define that the first right is ignored if the operator has paid an extra fee to the content provider.
  • the priority data defines that the right defined by the first device 500 can limit the right defined by the second device 700
  • the right defined by the first device 500 can be guaranteed, i.e. the interests of the content provider are guaranteed.
  • the content provider defines a first right that the content can only be used from Jan. 1 , 2009 to Jun. 1 , 2009 and the operator defines a second right that the content can only be used from Feb. 1, 2009 to Oct. 1 2009. Because of limitation period of the first right, the content can only be used from Feb.1 to Jun. 1.
  • the method further comprises a step 120 of generating, by the first device 500, a license data.
  • the license data comprises the right-related data, the priority data and the content key for decrypting the encrypted content.
  • the license data is intended to authorize the second device to use the encrypted content.
  • the first device 500 encrypts the content key with a first key associated with the second device 700 so that the second device 700 can decrypt the encrypted content key.
  • the encrypted content key is comprised in the license data before the license data is transmitted to the second device 700. In this way, the content key can be accessed by an authorized second device 700, but cannot be accessed by an illegal user.
  • the content key can be encrypted with the first key with symmetric encryption algorithms or asymmetric encryption algorithms.
  • the first key is also the decryption key for decrypting the encrypted content key by the second device 700.
  • the first key is the public key of a public/private key pair of the second device 700; and thus, the second device 700 can decrypt the encrypted content key with the private key of the public/private key pair.
  • the first device 500 transmits the encrypted content and the license data to the second device 700.
  • the license data has advantages since it comprises not only the traditional item, i.e. right and content key, but also a priority data. By having the priority data in the license data, it is possible for the first device 500 to impose the first right and meanwhile give some freedom to the second device 700 to define a second right according to the operator's interests.
  • Fig. 2 depicts a flow chart of the method of managing encrypted content by the second device 700 according to an embodiment of the invention.
  • a method of managing encrypted content performed by the second device 700 is proposed.
  • the second device 700 receives the encrypted content and also receives an associated license data (i.e. the license data described in the embodiments of the method of managing the encrypted content in the first device 500) from the first device 500.
  • the associated license data is intended to be used for authorizing the second device 700 to use and distribute the content.
  • the license data comprises the content key for decrypting the encrypted content, and the content key is encrypted with the first key.
  • the license data generated by the first device 500 is referred to as "the first license data"
  • re-encrypted content key can be decrypted by the third device 800.
  • the module 600 in the second device 700 can re-encrypt the content key with the second key with symmetric encryption algorithms or asymmetric encryption algorithms. Symmetric encryption algorithms or asymmetric encryption algorithms is well known by the skilled person in the field of cryptography. Therefore, it will not be described in details in this application.
  • the algorithm for re-encrypting the content key could either be the symmetric encryption algorithm or the asymmetric encryption algorithm.
  • the second key is associated with the third device 800, for example the public key of a public/private key pair of the third device 800 in case of asymmetric encryption algorithm. Therefore, the third device 800 is able to decrypt the re-encrypted content key.
  • the second device 700 can authorize the third device 800 to use the encrypted content.
  • Fig. 3 depicts a flow chart of the method of managing encrypted content by the second device 700 according to another embodiment of the invention.
  • the method further comprises a step 310 of generating by the second device 700 a second right-related data defining a second right of using the encrypted content.
  • the second right is another usage limitation of the content.
  • the second right can comprise many kinds of limitations, such as the content can only be played and cannot be copied, the content can be used only one time or the content can only be used in a predefined time period, such as two days.
  • both the content provider's right and the operator's right can be imposed on the encrypted content.
  • the method since the first license data comprises a priority data defining the priority levels of the first right and the second right, the method further comprises a step of obtaining the priority data from the first license data. And the second license data further comprises the priority data.
  • any symmetric encryption algorithm or asymmetric encryption algorithm can be used. This invention does not intend to limit the algorithms for re-encrypting the encrypted content.
  • the second device 700 transmits the encrypted content and the second license data to the third device 800.
  • first and the second transmitter could be the same transmitter.
  • the encrypted content is content which is encrypted first with a content key and then with a service key;
  • the license data further comprises the encrypted content key and the encrypted service key for decrypting the encrypted content, and, if the second unit 830 indicates that the encrypted content is allowed to be used, the third device 800 further comprises a fifth unit (not shown) for decrypting the encrypted content key and the encrypted service key, and a sixth unit (not shown) for decrypting the encrypted content with the decrypted service key and the decrypted content key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne des procédés et dispositifs pour la gestion de contenu chiffré. Un premier dispositif génère une donnée de licence comportant une donnée associée aux droits, une donnée de priorité et une clé de contenu pour le déchiffrement d'un contenu chiffré. La donnée de priorité définit le niveau de priorité du droit défini par la donnée associée aux droits. Un second dispositif déchiffre une clé de contenu chiffré et effectue un nouveau chiffrement de la clé de contenu avec une seconde clé associée à un troisième dispositif. Le troisième dispositif reçoit une donnée de licence comportant une première donnée associée aux droits définissant un premier droit d'utilisation d'un contenu chiffré et une seconde donnée associée aux droits définissant un second droit d'utilisation du contenu chiffré; et obtient une donnée de priorité définissant les niveaux de priorité du premier droit et du second droit. Ainsi, il est possible de garantir que le contenu peut être utilisé par le troisième dispositif d'une manière déterminée à la fois par le premier dispositif et le second dispositif.
PCT/IB2010/054249 2009-09-30 2010-09-21 Procédés et dispositifs pour la gestion de contenu WO2011039677A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910174125 2009-09-30
CN200910174125.5 2009-09-30

Publications (1)

Publication Number Publication Date
WO2011039677A1 true WO2011039677A1 (fr) 2011-04-07

Family

ID=43301774

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2010/054249 WO2011039677A1 (fr) 2009-09-30 2010-09-21 Procédés et dispositifs pour la gestion de contenu

Country Status (1)

Country Link
WO (1) WO2011039677A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5982891A (en) * 1995-02-13 1999-11-09 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
WO2002067548A1 (fr) * 2001-02-21 2002-08-29 Rpk New Zealand Limited Systeme de gestion de cles de multimedias chiffres
US20040184616A1 (en) * 2003-03-18 2004-09-23 Widevine Technologies, Inc. System, method, and apparatus for securely providing content viewable on a secure device
US20040249768A1 (en) * 2001-07-06 2004-12-09 Markku Kontio Digital rights management in a mobile communications environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5982891A (en) * 1995-02-13 1999-11-09 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
WO2002067548A1 (fr) * 2001-02-21 2002-08-29 Rpk New Zealand Limited Systeme de gestion de cles de multimedias chiffres
US20040249768A1 (en) * 2001-07-06 2004-12-09 Markku Kontio Digital rights management in a mobile communications environment
US20040184616A1 (en) * 2003-03-18 2004-09-23 Widevine Technologies, Inc. System, method, and apparatus for securely providing content viewable on a secure device

Similar Documents

Publication Publication Date Title
US11811914B2 (en) Blockchain-based digital rights management
KR100689648B1 (ko) 자료의 라이센시에게 자료를 안전하게 제공하기 위한방법, 장치 및 시스템
KR101307413B1 (ko) Drm 라이센스 제공 방법 및 시스템
US7400729B2 (en) Secure delivery of encrypted digital content
US8474054B2 (en) Systems and methods for conditional access and digital rights management
CN101902611B (zh) 一种iptv数字版权保护的实现方法
US7650312B2 (en) Method and system to enable continuous monitoring of integrity and validity of a digital content
WO2006109982A1 (fr) Structure de donnees de licence et procede d'emission de licence
AU2002351508A1 (en) Method, apparatus and system for securely providing material to a licensee of the material
US8417937B2 (en) System and method for securely transfering content from set-top box to personal media player
CN109151507A (zh) 视频播放系统及方法
Lee et al. A secure and mutual-profitable DRM interoperability scheme
US20090192943A1 (en) Renewing an Expired License
Jeong et al. A trusted key management scheme for digital rights management
KR100903107B1 (ko) 개인 drm이 적용된 개인 멀티캐스팅 서비스 시스템 및 그 제공 방법
KR100765794B1 (ko) 공유 라이센스를 이용한 콘텐트 공유 방법 및 장치
JP5139045B2 (ja) コンテンツ配信システム、コンテンツ配信方法およびプログラム
Mishra An accountable privacy architecture for digital rights management system
KR20080082875A (ko) 저작권보호 시스템에서의 효율적인 디지털콘텐츠 라이센스관리 및 운영방법
WO2011039677A1 (fr) Procédés et dispositifs pour la gestion de contenu
KR20090114075A (ko) 개인 홈 도메인을 위한 디지털 저작권 관리방법
US20110004761A1 (en) Viral file transfer
JP2004048557A (ja) コンテンツ配信装置、コンテンツ配信方法、コンテンツ配信プログラムおよび記録媒体
US8630413B2 (en) Digital contents reproducing terminal and method for supporting digital contents transmission/reception between terminals according to personal use scope
JP2005149002A (ja) コンテンツ流通管理方法および装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10769066

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10769066

Country of ref document: EP

Kind code of ref document: A1