WO2006077544A1 - A method for discouraging illegal distribution of content within a drm system for commercial and personal content - Google Patents

A method for discouraging illegal distribution of content within a drm system for commercial and personal content Download PDF

Info

Publication number
WO2006077544A1
WO2006077544A1 PCT/IB2006/050198 IB2006050198W WO2006077544A1 WO 2006077544 A1 WO2006077544 A1 WO 2006077544A1 IB 2006050198 W IB2006050198 W IB 2006050198W WO 2006077544 A1 WO2006077544 A1 WO 2006077544A1
Authority
WO
WIPO (PCT)
Prior art keywords
content
identifier
certificate
network
content item
Prior art date
Application number
PCT/IB2006/050198
Other languages
French (fr)
Inventor
Wytse H. Van Der Velde
Milan Petkovic
Claudine V. Conrado
Minne Van Der Veen
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Priority to JP2007551790A priority Critical patent/JP2008529339A/en
Publication of WO2006077544A1 publication Critical patent/WO2006077544A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]

Definitions

  • the present invention relates to methods, devices and a system for preventing unauthorized distribution of content items in a network containing compliant devices.
  • content rights are associated with content items, such as audio files, movies, electronic books etc.
  • Content rights typically contains rules (e.g. play, copy, distribute etc.) and necessary cryptographic keys for encrypting/decrypting the content item(s) with which they are associated.
  • Content rights should only be transferred to devices that are compliant and operated by users that have appropriate user rights, i.e. rights specifying who can use the content rights.
  • OMA Open Mobile Alliance
  • Compliant devices comply with a given standard and adhere to certain operation rules. They also communicate by means of a certain protocol such that they answer questions and requests, which are posed to them, in the expected way.
  • Compliant devices are considered to be trusted, which e.g. means that they will not illegally output content on a digital interface and that ownership of a device is not important.
  • Device compliancy management i.e. compliant device identification, renewability of devices, and revocation of devices, can be effected by using known techniques.
  • content providers do not want to authorize users to create their own content rights, due to the risk of uncontrollable distribution of commercial content items. Consequently, the content provider digitally signs the content rights before they are distributed. Further, it must be enforced that the compliant devices check the signatures of the content rights and refuse content rights which are not properly signed by the content provider.
  • the devices are comprised in a network or domain. The above described approach is suitable for DRM systems in which only content provider(s) distribute content rights.
  • users wish to introduce personal content items, such as e.g. photos or home videos, they have to involve the content provider to create content rights for the personal content items. This is undesired, since the content provider should not be able to control personal content.
  • a compliant device may be authorized to create a content right for a specific personal content item.
  • This content right may be signed by the compliant device, and if it is not signed, any compliant device shall reject the content right. This has the effect that personal content only can enter the network of devices via a compliant device.
  • the content rights may be signed by an independent and trusted third party authority, i.e. a party which is trusted by concerned communicating parties.
  • a content item identifier uniquely identifies a corresponding content item in the system.
  • any user is authorized to create a content right for a specific personal content item, which content right may be signed by a compliant device as mentioned above or by the user himself, and hence the user effectively becomes a content provider in his own right.
  • Any user may also acquire commercial content items from a content provider and introduce them in the system.
  • a malicious user may substitute a specific personal content item for a commercial content item following the creation of the content right associated with the specific personal content item. This will involve hacking of the compliant device to obtain a key to decrypt the commercial content item, such that the commercial content item comes in the clear.
  • the malicious user then has to re-encrypt the unauthorized obtained commercial content with a content key that is present in the content right that is associated with the specific personal content. Thereafter, the re-encrypted commercial content item is associated with the content identifier of the specific personal content item. The malicious user may then use this commercial content item with the same rights as his own personal content item.
  • a great number of commercial content items may be introduced in the network, if it is encrypted with the leaked content key.
  • a secure link between a content item and a corresponding content item identifier is required. This has been solved by employing fingerprints of content. These fingerprints are used to uniquely identify the content to which they refer.
  • WO 02/065782 A known method of generating fingerprints is described in detail in WO 02/065782, which belongs to the applicant of the present patent application.
  • the compliant device adds fingerprint information to the content right before signing it. When a content right is used, the compliant device must check whether the fingerprint information that is included in the content right also can be found in the actual content item. If the fingerprint information cannot be found in the actual content item, the content right must be rejected.
  • An object of the present invention is to solve the above given problems and to provide methods, devices and a system for preventing unauthorized distribution of commercial content.
  • a method comprising the step of creating a content identifier certificate comprising at least unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer having introduced the content item in the network. Further, the method comprises the step of signing the content identifier certificate, such that it is ensured that the content introducer, which is identified by said identifier, introduced the content item in the network.
  • a device comprising means arranged to create a content identifier certificate comprising at least unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer having introduced the content item in the network. Further, the device comprises means arranged to sign the content identifier certificate.
  • a method comprising the step of receiving a content identifier certificate comprising at least unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer having introduced the content item in the network, which content identifier certificate has been signed by an authorized certificate authority. Further, the method comprises the step of verifying the signed content identifier certificate when a content provider requests to create a content right for the introduced content item.
  • a device comprising means arranged to receive a content identifier certificate comprising at least unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer having introduced the content item in the network, which content identifier certificate has been signed by an authorized certificate authority. Further, the device comprises means arranged to verify the signed content identifier certificate when a content provider requests to create a content right for the introduced content item.
  • a system comprising at least one compliant device arranged to create a content identifier certificate comprising at least unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer having introduced the content item in the network. Further, the system comprises an authorized certificate authority arranged to sign the content identifier certificate.
  • a basic idea of the present invention is to link the authorization to create content rights for a particular content item to a specific user, or a specific group of users. In DRM systems, in which commercial content items as well as personal content items are introduced and distributed, any user is authorized to create a content right for a specific personal content item and hence effectively becomes a content provider in his own right.
  • a content identifier (ID) certificate is introduced in the network of compliant devices.
  • the content ID certificate comprises unique content identification data for the particular content item with which it is associated.
  • the unique content identification data comprises e.g. a content ID and a fingerprint of the particular content item with which the content ID is associated.
  • the certificate is signed by a unit that is authorized by the content provider, which unit in the following will be referred to as a Certificate Authority (CA).
  • CA Certificate Authority
  • the CA may be a trusted third party, but it may alternatively be a trusted compliant device to which the authority to sign certificates has been distributed.
  • This signing is effected in order to prevent malicious users from tampering with the content ID certificate.
  • the compliant device on which the content item is to be rendered verifies correctness of the signature of the content ID certificate and compares the actual fingerprint of the content item with the fingerprint comprised in the content ID certificate.
  • the content right can be used to access the content item if there is a match.
  • the present invention links a user (i.e. a content provider) and a content item.
  • an identifier e.g. a public key
  • the user/content provider who introduced the content item in the network is occasionally referred to herein as a "content introducer”.
  • the compliant device which is employed will check that the user's public key is present in the content ID certificate signed be the CA. If the user's public key is present in the content ID certificate, the user is deemed authorized to create content rights for the particular content item. On the contrary, if the content ID certificate does not comprise the user's public key, the user is not authorized to create content rights for the particular content item. Hence, unauthorized introduction and distribution of content in the network is prevented.
  • a compliant device checks that the content ID certificate has been signed by an authorized certificate authority by means of decrypting the certificate with a public key of the authorized certificate authority.
  • the public key corresponds to the authorized certificate authority's private key that was used to sign the certificate.
  • the user that wishes to create a content right for a particular content item provides the compliant device with his public key. This is effected by inserting a smart card containing the requesting user's public key into the compliant device.
  • a compliant device is assigned as an authorized certificate authority in the network.
  • the authorized certificate authority is a trusted third party. This enhances security in the network.
  • Fig. 1 shows an authorization hierarchy in which the present invention may be applied
  • Fig. 2 shows an authentication procedure which is performed when a user wishes to access a content item, in accordance with an embodiment of the present invention.
  • Fig. 1 shows an authorization hierarchy 100 in which the present invention may be applied.
  • Continuous lines indicate authorization steps, which involve the use of public key certificates. These certificates are well known in the art and are hence not shown in Fig. 1. Dotted lines indicate issuing of certificates and/or rights.
  • a System Authority (SA) 101 is at the top of the hierarchy. All compliant devices has access to the public key of the SA. Typically, the SA public key is built-in into the hardware of each compliant device 102. With this public key, a compliant device can verify any certificate that has been issued by the SA 101.
  • a Certificate Authority (CA) 103, a Device Authority (DA) 104 and a User ID Authority (UIDA) 105 are arranged.
  • the CA 103 authorizes content providers 109 within the system. For example, EMI and Disney may constitute content providers within the network, but as previously mentioned, a compliant device or a user may also represent a content provider.
  • the CA 103 issues content ID certificates 106 and provides these to the content providers 109.
  • the CA 103 may be a trusted third party or may alternatively be a compliant device. This is primarily a question of flexibility; if a compliant device is authorized to act as CA, it brings flexibility to the system. On the contrary, a third party provider may not want to "distribute" the right to issue content ID certificates to a compliant device for security reasons.
  • the content ID certificate 106 has been described in detail hereinabove and comprises:
  • the content ID certificate is created at a content provider in the form of a compliant device, but signed at the CA.
  • a content provider 109 within the network is authorized to issue content rights 111 for a content item, if the content provider has been provided with a valid content ID certificate 106.
  • Each content right contains the content ID and content key(s) that enable access to cryptographically protected content items with which the content right is associated (which association is made effective by means of the content ID in the content right, since it is compared to the content ID attached to the encrypted content item).
  • the content right 111 also specifies a valid User Right Authority (URA) 112 for a particular content item, in that the content right 111 contains the public key of the URA 112.
  • URA User Right Authority
  • the content provider 109 who issues the content right 111 also signs it.
  • the content provider itself is authorized to be URA, and hence issues the content rights 111 and the user rights 113.
  • the content right and the user right for a particular content item may be combined into one single right.
  • the URA 112 issues a user right 113 for a certain content item.
  • a user right indicates whether a user is allowed to use a content right to access a content item.
  • the user right comprises a content ID, which is the link between the user right, the content right and the content item.
  • the user right further comprises a rights expression that indicates how a user, which user is designated by means of a user ID in the form of a public key included in the user right, may use the content item.
  • the user right is signed by the URA.
  • user rights 113 In terms of security aspects involved in handling different types of rights, there is a distinction between user rights 113 and content rights 111.
  • User rights may be freely distributed, because they do not contain any secrets, and the signature prevents modifications.
  • Content rights on the other hand, contains cryptographic keys for accessing content items. Hence, content rights may only be transferred to compliant devices. Further, the transfer of content rights between devices requires secure communication means, which may be based on secure authenticated channels. Consequently, the content right 111 requires both confidentiality and integrity, whereas the user right 113 requires only integrity.
  • the Device Authority (DA) 104 is a trusted party that authorizes the Device ID authorities (DIDA) 110 for several device manufacturers. Each device manufacturer (e.g. Philips, Sony) has its own DIDA 110 that gives devices a unique identity and an associated public key by means of a signed device ID certificate 107, hence indicating compliance.
  • DIDA Device ID authorities
  • the User ID Authority (UIDA) 105 is responsible for issuing user ID devices (not shown in Fig. 1). This is typically performed during a manufacturing phase.
  • the UIDA 105 associates a user ID device, which device typically comprises e.g. a tamper resistant smartcard or a SIM card, with a certain person by issuing a signed user ID certificate 108 containing the name, or any other identifier, of the user together with the public key of the user ID device.
  • the private key that corresponds to this public key is considered to be the user's private key. However, the user is not given personal access to this private key. This prevents a user from distributing the private key to someone who thus could impersonate him.
  • Each authority illustrated in Fig. 1 typically comprise one or more microprocessors or some other device with computing capabilities, e.g. an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), a complex programmable logic device (CPLD), etc., in order the create the various certificates and rights.
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • CPLD complex programmable logic device
  • the microprocessors execute appropriate software that is downloaded to the respective authorities and stored in a suitable storage area, such as a RAM, a Flash memory or a hard disk.
  • a suitable storage area such as a RAM, a Flash memory or a hard disk.
  • the authorities are arranged with interlaces that enables the communication.
  • Certificate validation implies that at least the integrity (using the signature) and the authenticity (using the chain of certificates that links a certificate to the certificate of the authority, all the way up to the SA) of a certificate is checked.
  • a user 201 in the following referred to as Alice, wishes to access a content item, she will need the following:
  • the content item has been loaded into a compliant device 202 in encrypted form.
  • the compliant device may e.g. be a CD player, and the content item to be rendered on the device may be an audio CD.
  • the compliant device 202 comprises a microprocessor 213 in order the create the various certificates and rights and to perform cryptographical operations and other computing operations described in the following.
  • the microprocessor 213 executes appropriate software that is downloaded to the compliant device and stored in a RAM 214.
  • the compliant device 202 verifies (step 203) that the user ID certificate 204 is valid by checking the signature using the built-in public key in the compliant device. Alice 201 will also have to authenticate herself by proving she knows the secret key corresponding to the public key comprised in the user ID certificate. As previously mentioned, the user is not given personal access to this private key in order to prevent the user from distributing the private key, and thus prevent impersonation. Therefore, the user's private key is securely stored on a user ID device 205, e.g. a tamper resistant smartcard, which is inserted (step 206) into, and read by, the compliant device 202. Further, the compliant device verifies (step 207) the signature of the user right 208, to ensure that the user right is valid.
  • a user ID device 205 e.g. a tamper resistant smartcard
  • the compliant device checks the User Right Authority (URA) field in the content right 209 and verifies that the specified URA signed the user right.
  • the compliant device 202 verifies that Alice 201 can use the user right 208. This is done by comparing the user ID, i.e. a user public key, in the user right with the user ID on Alice's user ID certificate 204.
  • URA User Right Authority
  • the compliant device verifies (step 210) that the content provider was allowed to sign the content right.
  • the device checks the signature of the content right 209 using the public key comprised in the content ID certificate 211.
  • the compliant device must, by using its built-in public key, first verify (step 212) the content ID certificate by checking the signature of the content ID certificate provided by the CA (see Fig. 1).
  • the content right 209 is created and signed by the actor who introduced the corresponding content item in the network.
  • the public key comprised in the content ID certificate 211 is the public key of the user (i.e. content provider) having introduced the content item in the network, and this public key corresponds to the private key that was employed to sign the content right 209.
  • the compliant device 202 will have to verify if the content right can be used to access the encrypted content. To this end, the device computes a fingerprint of the content item and compares it with the fingerprint in the content ID certificate 211. If there is a match, Alice 201 is allowed to access the content item on the compliant device 202. If any of the above steps fail, Alice will not be given access to the content.
  • a content ID certificate is introduced in the network of compliant devices.
  • the signing of the certificate by the authorized certificate authority (CA) prevents malicious users from tampering with the content ID certificate.
  • the fingerprint of the content item is included in the content ID certificate to hamper content ID substitution attacks.
  • the problem related to unauthorized introduction and distribution of content items in the network by means of (unauthorized) creation of content rights is overcome by including, in the content ID certificate, the public key of the content introducer.
  • the content ID certificate could also comprise the public key of a compliant device via which a content item is introduced.
  • This public key may be used to create content rights in accordance with format of licenses used in OMA DRM.

Abstract

The present invention relates to methods, devices and a system for preventing unauthorized distribution of content items in a network containing compliant devices (102). A basic idea of the present invention is to link the authorization to create content rights (111) for a particular content item to a specific user (109), or a specific group of users. By employing a content ID certificate (106) in the network of compliant devices, which certificate is signed by an authorized certificate authority (103) and comprises a content ID, a fingerprint of the content item and the public key of the user who introduced the content item in the network, Content providers may, after various verifications of the certificate, be deemed authorized to create content rights for the particular content item. Consequently, unauthorized introduction and distribution of content in the network is prevented.

Description

A method for discouraging illegal distribution of content within a DRM system for commercial and personal content
The present invention relates to methods, devices and a system for preventing unauthorized distribution of content items in a network containing compliant devices.
In prior art DRM systems, content rights are associated with content items, such as audio files, movies, electronic books etc. Content rights typically contains rules (e.g. play, copy, distribute etc.) and necessary cryptographic keys for encrypting/decrypting the content item(s) with which they are associated. Content rights should only be transferred to devices that are compliant and operated by users that have appropriate user rights, i.e. rights specifying who can use the content rights. Note that a content right and a user right may be merged in one single license, as is known from Open Mobile Alliance (OMA) DRM. Compliant devices comply with a given standard and adhere to certain operation rules. They also communicate by means of a certain protocol such that they answer questions and requests, which are posed to them, in the expected way. Compliant devices are considered to be trusted, which e.g. means that they will not illegally output content on a digital interface and that ownership of a device is not important. Device compliancy management, i.e. compliant device identification, renewability of devices, and revocation of devices, can be effected by using known techniques.
In general, content providers do not want to authorize users to create their own content rights, due to the risk of uncontrollable distribution of commercial content items. Consequently, the content provider digitally signs the content rights before they are distributed. Further, it must be enforced that the compliant devices check the signatures of the content rights and refuse content rights which are not properly signed by the content provider. Typically, the devices are comprised in a network or domain. The above described approach is suitable for DRM systems in which only content provider(s) distribute content rights. However, if users wish to introduce personal content items, such as e.g. photos or home videos, they have to involve the content provider to create content rights for the personal content items. This is undesired, since the content provider should not be able to control personal content. In DRM systems in which commercial content items as well as personal content items are distributed, a compliant device may be authorized to create a content right for a specific personal content item. This content right may be signed by the compliant device, and if it is not signed, any compliant device shall reject the content right. This has the effect that personal content only can enter the network of devices via a compliant device. In environments with stricter security requirements, the content rights may be signed by an independent and trusted third party authority, i.e. a party which is trusted by concerned communicating parties.
A problem to be solved in prior art DRM systems, in which commercial content items as well as personal content items are introduced, is that they are susceptible to attacks involving substitution of content item identifiers. A content item identifier uniquely identifies a corresponding content item in the system.
In DRM systems in which commercial content items as well as personal content items are distributed, any user is authorized to create a content right for a specific personal content item, which content right may be signed by a compliant device as mentioned above or by the user himself, and hence the user effectively becomes a content provider in his own right. Any user may also acquire commercial content items from a content provider and introduce them in the system. A malicious user may substitute a specific personal content item for a commercial content item following the creation of the content right associated with the specific personal content item. This will involve hacking of the compliant device to obtain a key to decrypt the commercial content item, such that the commercial content item comes in the clear. The malicious user then has to re-encrypt the unauthorized obtained commercial content with a content key that is present in the content right that is associated with the specific personal content. Thereafter, the re-encrypted commercial content item is associated with the content identifier of the specific personal content item. The malicious user may then use this commercial content item with the same rights as his own personal content item. As a highly undesired consequence, a great number of commercial content items may be introduced in the network, if it is encrypted with the leaked content key. Hence, to avoid this attack, a secure link between a content item and a corresponding content item identifier is required. This has been solved by employing fingerprints of content. These fingerprints are used to uniquely identify the content to which they refer. A known method of generating fingerprints is described in detail in WO 02/065782, which belongs to the applicant of the present patent application. The compliant device adds fingerprint information to the content right before signing it. When a content right is used, the compliant device must check whether the fingerprint information that is included in the content right also can be found in the actual content item. If the fingerprint information cannot be found in the actual content item, the content right must be rejected.
However, a problem that remains in the approach of employing fingerprints is that it does not prevent a user from unauthorized introduction and distribution of commercial content in the network. As can be seen from the above, in DRM systems in which commercial content items as well as personal content items are introduced and distributed, any user can create content rights for any content item.
An object of the present invention is to solve the above given problems and to provide methods, devices and a system for preventing unauthorized distribution of commercial content.
This object is attained by a method in accordance with claim 1, a device in accordance with claim 9, a method in accordance with claim 11, a device in accordance with claim 13 and a system in accordance with claim 14.
According to a first aspect of the present invention, there is provided a method comprising the step of creating a content identifier certificate comprising at least unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer having introduced the content item in the network. Further, the method comprises the step of signing the content identifier certificate, such that it is ensured that the content introducer, which is identified by said identifier, introduced the content item in the network.
According to a second aspect of the present invention, there is provided a device comprising means arranged to create a content identifier certificate comprising at least unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer having introduced the content item in the network. Further, the device comprises means arranged to sign the content identifier certificate.
According to a third aspect of the present invention, there is provided a method comprising the step of receiving a content identifier certificate comprising at least unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer having introduced the content item in the network, which content identifier certificate has been signed by an authorized certificate authority. Further, the method comprises the step of verifying the signed content identifier certificate when a content provider requests to create a content right for the introduced content item. According to a fourth aspect of the present invention, there is provided a device comprising means arranged to receive a content identifier certificate comprising at least unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer having introduced the content item in the network, which content identifier certificate has been signed by an authorized certificate authority. Further, the device comprises means arranged to verify the signed content identifier certificate when a content provider requests to create a content right for the introduced content item.
According to a fifth aspect of the present invention, there is provided a system comprising at least one compliant device arranged to create a content identifier certificate comprising at least unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer having introduced the content item in the network. Further, the system comprises an authorized certificate authority arranged to sign the content identifier certificate. A basic idea of the present invention is to link the authorization to create content rights for a particular content item to a specific user, or a specific group of users. In DRM systems, in which commercial content items as well as personal content items are introduced and distributed, any user is authorized to create a content right for a specific personal content item and hence effectively becomes a content provider in his own right. Since compliant devices do not have access to information regarding ownership of a content item, any user can create content rights for any content item. According to the present invention, a content identifier (ID) certificate is introduced in the network of compliant devices. The content ID certificate comprises unique content identification data for the particular content item with which it is associated. The unique content identification data comprises e.g. a content ID and a fingerprint of the particular content item with which the content ID is associated. The certificate is signed by a unit that is authorized by the content provider, which unit in the following will be referred to as a Certificate Authority (CA). Note that the CA may be a trusted third party, but it may alternatively be a trusted compliant device to which the authority to sign certificates has been distributed. This signing is effected in order to prevent malicious users from tampering with the content ID certificate. Whenever a user wants to use a content right to access a corresponding content item, the compliant device on which the content item is to be rendered verifies correctness of the signature of the content ID certificate and compares the actual fingerprint of the content item with the fingerprint comprised in the content ID certificate. In the prior art, the content right can be used to access the content item if there is a match.
As previously mentioned, since the content item fingerprint is included in the content ID certificate, content ID substitution attacks are prevented. However, unauthorized introduction and distribution of content items in the network by means of creating content rights is not hindered by including the content item fingerprint. If a malicious user has obtained cryptographically protected, i.e. encrypted, commercial content via the DRM system, he may hack the compliant device which handles the content, in order to procure a secret decryption key to create a clear text copy of the commercial content. Hence, the malicious user can create a new content right for the commercial content. To overcome this problem, the present invention links a user (i.e. a content provider) and a content item.
This is accomplished by including, in the content ID certificate, an identifier, e.g. a public key, of the user/content provider who introduced the content item in the network. The user/content provider who introduced the content item in the network is occasionally referred to herein as a "content introducer". When a user is to create a content right for a particular content item, the compliant device which is employed will check that the user's public key is present in the content ID certificate signed be the CA. If the user's public key is present in the content ID certificate, the user is deemed authorized to create content rights for the particular content item. On the contrary, if the content ID certificate does not comprise the user's public key, the user is not authorized to create content rights for the particular content item. Hence, unauthorized introduction and distribution of content in the network is prevented.
According to an embodiment of the present invention, a compliant device checks that the content ID certificate has been signed by an authorized certificate authority by means of decrypting the certificate with a public key of the authorized certificate authority.
The public key corresponds to the authorized certificate authority's private key that was used to sign the certificate.
In another embodiment of the present invention, the user that wishes to create a content right for a particular content item provides the compliant device with his public key. This is effected by inserting a smart card containing the requesting user's public key into the compliant device.
In accordance with another embodiment of the present invention, a compliant device is assigned as an authorized certificate authority in the network. This brings a great deal of flexibility to the network. In accordance with yet another embodiment of the present invention, the authorized certificate authority is a trusted third party. This enhances security in the network. According to a further embodiment of the invention, the content identifier comprises a unique numeral to identify the content item with which it is associated. For example, content ID = 4556 denotes content item A, content ID = 67 denotes content item B, etc.
Further features of, and advantages with, the present invention will become apparent when studying the appended claims and the following description. Those skilled in the art realize that different features of the present invention can be combined to create embodiments other than those described in the following.
A detailed description of preferred embodiments of the present invention will be given in the following with reference made to the accompanying drawings, in which:
Fig. 1 shows an authorization hierarchy in which the present invention may be applied; and
Fig. 2 shows an authentication procedure which is performed when a user wishes to access a content item, in accordance with an embodiment of the present invention.
Fig. 1 shows an authorization hierarchy 100 in which the present invention may be applied. Continuous lines indicate authorization steps, which involve the use of public key certificates. These certificates are well known in the art and are hence not shown in Fig. 1. Dotted lines indicate issuing of certificates and/or rights.
A System Authority (SA) 101 is at the top of the hierarchy. All compliant devices has access to the public key of the SA. Typically, the SA public key is built-in into the hardware of each compliant device 102. With this public key, a compliant device can verify any certificate that has been issued by the SA 101. At the next level in the hierarchy, a Certificate Authority (CA) 103, a Device Authority (DA) 104 and a User ID Authority (UIDA) 105 are arranged. The CA 103 authorizes content providers 109 within the system. For example, EMI and Disney may constitute content providers within the network, but as previously mentioned, a compliant device or a user may also represent a content provider. In fact, in DRM systems in which commercial content items as well as personal content items are distributed, any user is authorized to create (via a compliant device) a content right for a specific personal content item and hence effectively becomes a content provider in his own right. Consequently, in a DRM system in which the present invention is applied, a large number of content providers exist, since the term "content provider" in this context includes both individual users and traditional content providers such as record and motion-picture companies and content distributors. The CA 103 issues content ID certificates 106 and provides these to the content providers 109. The CA 103 may be a trusted third party or may alternatively be a compliant device. This is primarily a question of flexibility; if a compliant device is authorized to act as CA, it brings flexibility to the system. On the contrary, a third party provider may not want to "distribute" the right to issue content ID certificates to a compliant device for security reasons. The content ID certificate 106 has been described in detail hereinabove and comprises:
(a) the unique content ID and
(b) the content fingerprint for a content item introduced in the network, as well as
(c) the public key of a user having introduced the content item in the network and (d) a signature of the CA.
Note that it is possible that, in case the CA is a trusted third party, the content ID certificate is created at a content provider in the form of a compliant device, but signed at the CA.
A content provider 109 within the network is authorized to issue content rights 111 for a content item, if the content provider has been provided with a valid content ID certificate 106. Each content right contains the content ID and content key(s) that enable access to cryptographically protected content items with which the content right is associated (which association is made effective by means of the content ID in the content right, since it is compared to the content ID attached to the encrypted content item). The content right 111 also specifies a valid User Right Authority (URA) 112 for a particular content item, in that the content right 111 contains the public key of the URA 112. Hence, the content provider 109 may delegate issuance of user rights 113 to another party, namely the URA 112. This makes the system flexible, because it can support different usage models, including content distributed by a content provider, personal content (when a user/compliant device acts as content provider) and content imported from another DRM system. The content provider 109 who issues the content right 111 also signs it. In practice, the content provider itself is authorized to be URA, and hence issues the content rights 111 and the user rights 113. In fact, the content right and the user right for a particular content item may be combined into one single right. The URA 112 issues a user right 113 for a certain content item. A user right indicates whether a user is allowed to use a content right to access a content item. The user right comprises a content ID, which is the link between the user right, the content right and the content item. As described hereinabove, these three components all comprise a content ID. The user right further comprises a rights expression that indicates how a user, which user is designated by means of a user ID in the form of a public key included in the user right, may use the content item. Finally, the user right is signed by the URA.
In terms of security aspects involved in handling different types of rights, there is a distinction between user rights 113 and content rights 111. User rights may be freely distributed, because they do not contain any secrets, and the signature prevents modifications. Content rights, on the other hand, contains cryptographic keys for accessing content items. Hence, content rights may only be transferred to compliant devices. Further, the transfer of content rights between devices requires secure communication means, which may be based on secure authenticated channels. Consequently, the content right 111 requires both confidentiality and integrity, whereas the user right 113 requires only integrity.
User and device management involves personalization and certification of users and devices, which are then introduced into the system and declared compliant (to certain required properties, as has previously been described). The Device Authority (DA) 104 is a trusted party that authorizes the Device ID Authorities (DIDA) 110 for several device manufacturers. Each device manufacturer (e.g. Philips, Sony) has its own DIDA 110 that gives devices a unique identity and an associated public key by means of a signed device ID certificate 107, hence indicating compliance.
The User ID Authority (UIDA) 105 is responsible for issuing user ID devices (not shown in Fig. 1). This is typically performed during a manufacturing phase. The UIDA 105 associates a user ID device, which device typically comprises e.g. a tamper resistant smartcard or a SIM card, with a certain person by issuing a signed user ID certificate 108 containing the name, or any other identifier, of the user together with the public key of the user ID device. The private key that corresponds to this public key is considered to be the user's private key. However, the user is not given personal access to this private key. This prevents a user from distributing the private key to someone who thus could impersonate him. Therefore, the user's private key is securely stored on the user ID device, which is tamper resistant. The user ID device serves as a token, proving the user's presence. The user ID device should be easy to handle, robust, provide secure computing and hard to clone. Each authority illustrated in Fig. 1 typically comprise one or more microprocessors or some other device with computing capabilities, e.g. an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), a complex programmable logic device (CPLD), etc., in order the create the various certificates and rights. In the creation of the certificates and rights, as well as in intercommunication between the different authorities, the microprocessors execute appropriate software that is downloaded to the respective authorities and stored in a suitable storage area, such as a RAM, a Flash memory or a hard disk. For intercommunication to be possible, the authorities are arranged with interlaces that enables the communication. Before a certificate can be used, it has to be validated. Certificate validation implies that at least the integrity (using the signature) and the authenticity (using the chain of certificates that links a certificate to the certificate of the authority, all the way up to the SA) of a certificate is checked.
Referring to Fig. 2, when a user 201, in the following referred to as Alice, wishes to access a content item, she will need the following:
(a) a content ID certificate,
(b) a content right,
(c) a user right, and
(d) a user ID certificate. It is assumed that device compliancy has already been checked, which is why the above list does not comprise a device ID certificate. The content item has been loaded into a compliant device 202 in encrypted form. The compliant device may e.g. be a CD player, and the content item to be rendered on the device may be an audio CD. The compliant device 202 comprises a microprocessor 213 in order the create the various certificates and rights and to perform cryptographical operations and other computing operations described in the following. The microprocessor 213 executes appropriate software that is downloaded to the compliant device and stored in a RAM 214.
The compliant device 202 verifies (step 203) that the user ID certificate 204 is valid by checking the signature using the built-in public key in the compliant device. Alice 201 will also have to authenticate herself by proving she knows the secret key corresponding to the public key comprised in the user ID certificate. As previously mentioned, the user is not given personal access to this private key in order to prevent the user from distributing the private key, and thus prevent impersonation. Therefore, the user's private key is securely stored on a user ID device 205, e.g. a tamper resistant smartcard, which is inserted (step 206) into, and read by, the compliant device 202. Further, the compliant device verifies (step 207) the signature of the user right 208, to ensure that the user right is valid. To do this, the compliant device checks the User Right Authority (URA) field in the content right 209 and verifies that the specified URA signed the user right. The compliant device 202 verifies that Alice 201 can use the user right 208. This is done by comparing the user ID, i.e. a user public key, in the user right with the user ID on Alice's user ID certificate 204.
The compliant device verifies (step 210) that the content provider was allowed to sign the content right. Thus, the device checks the signature of the content right 209 using the public key comprised in the content ID certificate 211. To do this, the compliant device must, by using its built-in public key, first verify (step 212) the content ID certificate by checking the signature of the content ID certificate provided by the CA (see Fig. 1). As described in the above, the content right 209 is created and signed by the actor who introduced the corresponding content item in the network. Hence, the public key comprised in the content ID certificate 211 is the public key of the user (i.e. content provider) having introduced the content item in the network, and this public key corresponds to the private key that was employed to sign the content right 209.
Finally, the compliant device 202 will have to verify if the content right can be used to access the encrypted content. To this end, the device computes a fingerprint of the content item and compares it with the fingerprint in the content ID certificate 211. If there is a match, Alice 201 is allowed to access the content item on the compliant device 202. If any of the above steps fail, Alice will not be given access to the content.
According to the present invention, a content ID certificate is introduced in the network of compliant devices. The signing of the certificate by the authorized certificate authority (CA) prevents malicious users from tampering with the content ID certificate. The fingerprint of the content item is included in the content ID certificate to hamper content ID substitution attacks. The problem related to unauthorized introduction and distribution of content items in the network by means of (unauthorized) creation of content rights is overcome by including, in the content ID certificate, the public key of the content introducer. When a user (or a third party content provider) is about to create a content right for a particular content item, the compliant device which is employed will check that the user's public key is present in the content ID certificate signed be the CA, as described hereinabove. If the user's public key is present in the content ID certificate, the user is deemed authorized to create content rights for the particular content item. Hence, unauthorized introduction and distribution of content in the network is prevented. Even though the invention has been described with reference to specific exemplifying embodiments thereof, many different alterations, modifications and the like will become apparent for those skilled in the art. For example, the content ID certificate could also comprise the public key of a compliant device via which a content item is introduced. This public key may be used to create content rights in accordance with format of licenses used in OMA DRM. The content ID certificate could additionally or alternatively comprise information concerning type of certificate. This may be specified in a rights field, e.g. right = ownership. The described embodiments are therefore not intended to limit the scope of the invention, as defined by the appended claims.

Claims

CLAIMS:
1. A method of preventing unauthorized distribution of content items in a network containing compliant devices (102), which method uses unique content identification data for each content item introduced in the network, said method being characterized in that it comprises the steps of: creating a content identifier certificate (106) comprising at least the unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer (109) having introduced the content item in the network; signing the content identifier certificate, such that it is ensured that the content introducer, which is identified by said identifier, introduced the content item in the network.
2. The method according to claim 1, further comprising the step of verifying that the content identifier certificate (106) has been signed by an authorized certificate authority (103) by means of decrypting said certificate with a public key of the authorized certificate authority, which corresponds to a private key that was used to sign the certificate, when a request is made to create a content right for the introduced content item.
3. The method according to claim 2, further comprising the steps of: receiving a request from a content provider (109) to create a content right
(111) for the introduced content item; and verifying that the identifier of the requesting content provider matches the identifier comprised in the content identifier certificate (106).
4. The method according to claim 4, further comprising the step of creating a content right (111) for the content item introduced in the network upon successful verification of the identifier.
5. The method according to claim 1, wherein the unique content identification data comprises a content identifier and a content fingerprint associated with the content item.
6. The method according to claim 5, further comprising the step of verifying, whenever a user wants to use a content right (111) to access a content item, that the content fingerprint of the content identifier certificate (106) matches the actual fingerprint of the content item to which access is requested.
7. The method according to claim 1, wherein the content identifier is set to be a numeral that identifies the content item to which it is associated.
8. The method according to claim 1, wherein the identifier of the content introducer (109) comprises the public key of said content introducer.
9. A device (202) for preventing unauthorized distribution of content items in a network containing compliant devices, said device being characterized in that it comprises: means (213) arranged to create a content identifier certificate (211) comprising at least unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer having introduced the content item in the network; and means (213) arranged to sign the content identifier certificate.
10. The device (202) according to claim 9, further comprising means (213) arranged to verify that the content identifier certificate (211) has been signed by an authorized certificate authority (202) by means of decrypting said certificate with a public key of the authorized certificate authority, which corresponds to a private key that was used to sign the certificate, when a content provider (201) requests to create a content right (209) for the introduced content item at the device, means (213) arranged to receive a request from a content provider (201) to create a content right (209) for the introduced content item, and to verify that the identifier of the requesting content provider matches the identifier comprised in the content identifier certificate (211), and means (213) arranged to receive the identifier of the requesting content provider (201) by means of reading a smart card (205) inserted into the device, which smartcard contains the requesting content provider's identifier.
11. A method of preventing unauthorized distribution of content items in a network containing compliant devices (102), which method uses unique content identification data for each content item introduced in the network, said method being characterized in that it comprises the steps of: receiving a content identifier certificate (106) comprising at least the unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer (109) having introduced the content item in the network, which content identifier certificate has been signed by an authorized certificate authority (103); verifying the signed content identifier certificate when a content provider requests to create a content right for the introduced content item.
12. The method according to claim 11, wherein the unique content identification data comprises a content identifier and a content fingerprint associated with the content item.
13. A device (202) for preventing unauthorized distribution of content items in a network containing compliant devices, said device being characterized in that it comprises: means (213) arranged to receive a content identifier certificate (211) comprising at least unique identification data for a content item introduced in the network, as well as an identifier of a content introducer having introduced the content item in the network, which content identifier certificate has been signed by an authorized certificate authority; means (213) arranged to verify the signed content identifier certificate when a content provider (201) requests to create a content right (209) for the introduced content item.
14. A system for preventing unauthorized distribution of content items in a network containing compliant devices (102), said system being characterized in that it comprises: at least one compliant device (109) arranged to create a content identifier certificate (106) comprising at least unique content identification data for a content item introduced in the network, as well as an identifier of a content introducer having introduced the content item in the network; and an authorized certificate authority (103) arranged to sign the content identifier certificate.
15. The system according to claim 14, wherein the authorized certificate authority
(103) is comprised in said at least one compliant device (109) arranged to create a content identifier certificate (106).
16. The system according to claim 14, wherein the authorized certificate authority
(103) is a trusted third party comprised in said at least one compliant device (109) arranged to create a content identifier certificate (106).
17. A computer program product comprising computer-executable components for causing a device (202) to perform the steps recited in claim 1 when the computer-executable components are run on a processing unit (213) included in the device.
PCT/IB2006/050198 2005-01-24 2006-01-19 A method for discouraging illegal distribution of content within a drm system for commercial and personal content WO2006077544A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2007551790A JP2008529339A (en) 2005-01-24 2006-01-19 Method for preventing unauthorized distribution of content in a DRM system for commercial or personal content

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP05100405.9 2005-01-24
EP05100405 2005-01-24

Publications (1)

Publication Number Publication Date
WO2006077544A1 true WO2006077544A1 (en) 2006-07-27

Family

ID=36579520

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/050198 WO2006077544A1 (en) 2005-01-24 2006-01-19 A method for discouraging illegal distribution of content within a drm system for commercial and personal content

Country Status (4)

Country Link
JP (1) JP2008529339A (en)
CN (1) CN101107610A (en)
TW (1) TW200637309A (en)
WO (1) WO2006077544A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111641507A (en) * 2020-05-18 2020-09-08 湖南智领通信科技有限公司 Software communication system structure component registration management method and device

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108292330B (en) * 2015-12-04 2023-02-28 维萨国际服务协会 Secure token distribution
CN111625781B (en) * 2020-08-03 2020-11-10 腾讯科技(深圳)有限公司 SDK authorization authentication method, device, equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004084050A1 (en) * 2003-03-21 2004-09-30 Koninklijke Philips Electronics N.V. User identity privacy in authorization certificates
US6816596B1 (en) * 2000-01-14 2004-11-09 Microsoft Corporation Encrypting a digital object based on a key ID selected therefor

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6816596B1 (en) * 2000-01-14 2004-11-09 Microsoft Corporation Encrypting a digital object based on a key ID selected therefor
WO2004084050A1 (en) * 2003-03-21 2004-09-30 Koninklijke Philips Electronics N.V. User identity privacy in authorization certificates

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111641507A (en) * 2020-05-18 2020-09-08 湖南智领通信科技有限公司 Software communication system structure component registration management method and device
CN111641507B (en) * 2020-05-18 2023-09-19 湖南智领通信科技有限公司 Software communication architecture component registration management method and device

Also Published As

Publication number Publication date
JP2008529339A (en) 2008-07-31
TW200637309A (en) 2006-10-16
CN101107610A (en) 2008-01-16

Similar Documents

Publication Publication Date Title
EP1844418B1 (en) Private and controlled ownership sharing
KR101315076B1 (en) Method for redistributing dram protected content
US9418210B2 (en) Systems and methods for managing and protecting electronic content and applications
JP3613936B2 (en) Access qualification authentication device
US20040088541A1 (en) Digital-rights management system
US7224805B2 (en) Consumption of content
CN101490689B (en) Content control system and method using certificate chains
KR101238490B1 (en) Binding content licenses to portable storage devices
US20060021065A1 (en) Method and device for authorizing content operations
US20010056533A1 (en) Secure and open computer platform
US20040103312A1 (en) Domain-based digital-rights management system with easy and secure device enrollment
US20060282680A1 (en) Method and apparatus for accessing digital data using biometric information
JP2004530222A (en) Method and apparatus for supporting multiple zones of trust in a digital rights management system
CN103186723B (en) The method and system of digital content security cooperation
US20080052510A1 (en) Multi certificate revocation list support method and apparatus for digital rights management
WO2006077544A1 (en) A method for discouraging illegal distribution of content within a drm system for commercial and personal content
WO2006077546A2 (en) Registration phase
Abbadi Digital asset protection in personal private networks
Abbadi Digital rights management for personal networks

Legal Events

Date Code Title Description
WWW Wipo information: withdrawn in national office

Ref document number: 2006710696

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2006710696

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2007551790

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 3251/CHENP/2007

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 200680002983.6

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06710696

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 06710696

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 6710696

Country of ref document: EP