WO2001024080A1 - Lecteur securise pour donnees de reproduction - Google Patents

Lecteur securise pour donnees de reproduction Download PDF

Info

Publication number
WO2001024080A1
WO2001024080A1 PCT/US2000/024375 US0024375W WO0124080A1 WO 2001024080 A1 WO2001024080 A1 WO 2001024080A1 US 0024375 W US0024375 W US 0024375W WO 0124080 A1 WO0124080 A1 WO 0124080A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
data file
performance
representative
file
Prior art date
Application number
PCT/US2000/024375
Other languages
English (en)
Inventor
Robert Joseph Villemure
Paul Timothy Miller
Aaron Mark Helsinger
Original Assignee
Gte Internetworking Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gte Internetworking Incorporated filed Critical Gte Internetworking Incorporated
Priority to AU73501/00A priority Critical patent/AU7350100A/en
Publication of WO2001024080A1 publication Critical patent/WO2001024080A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising

Definitions

  • This application relates to the field of digital data encryption, more particularly to the field of audiovisual data file encryption for controlled distribution.
  • Copyright has long been used to protect the recorded expressions of artists, authors, composers, performers, and other creative entities from unauthorized exploitation by others, ensuring that the rights to these materials are controlled exclusively by their creators.
  • Recent technological innovations designed to copy recorded materials have made enforcing copyright protection increasingly difficult.
  • the development of the photocopier facilitated the reproduction of the written word and of static images.
  • the development of the tape recorder made the duplication of audio recordings, such as records, compact discs, and radio broadcasts, possible for the average listener.
  • Video cassette recorders opened the doors to wanton reproduction of video materials, including television broadcasts and movies.
  • a system for using an encrypted data file includes a database to store an encrypted data file representative of performances and a player to decrypt the data file and to reproduce the performance represented in the data file substantially simultaneously.
  • the encrypted data file may be encrypted with a public key of a public-private key pair.
  • the private key may stored on a device and may be substantially inaccessible to a user.
  • the device may be a smart card.
  • Unencrypted data may be substantially inaccessible to the user during operation of the player.
  • the data file may be representative of a video performance and the player reproduces a video display.
  • the video file may be an MPEG file.
  • the data file may be representative of an audio performance and the player may reproduce an audio sequence.
  • the data file may be an MP3 file.
  • using an encrypted data file includes storing an encrypted data file representative of a performance, decrypting a data file, and reproducing the performance represented in the data file, where decrypting the data file and reproducing the performance occur substantially simultaneously.
  • a system for distributing a data file representative of performances includes a receiver that receives a request from a user for a data file representative of a performance, an encoder that encrypts the data file for decryption by the user, and a transmitter that sends the encrypted data file to the user.
  • the request may include information representative of a user.
  • the information representative of a user may be a public key of a public-private key pair.
  • the information representative of a user may be representative of an account of the user and the account may include a public key of a public-private key pair.
  • the system may also include a database to store information representative of a plurality of user accounts, where the user accounts including a public key of a public-private key pair.
  • the system may also include a retriever that retrieves information representative of a user.
  • a method for distributing a data file representative of a performance includes receiving a request from a user for a data file representative of a performance, encrypting the data file for decryption by the user, and sending the encrypted data file to the user.
  • the method may also include receiving information representative of a user.
  • the method may also include storing information representative of a plurality of user accounts where the user accounts including a public key of a public-private key pair.
  • a system for distributing a data file representative of a performance includes an identification token including an identification code representative of a user, a first transmitter to send over a network a request for a data file representative of a performance, the request including the identification code, a receiver to receive a request over the network for a data file, a first database to store a plurality of data files, a processor coupled to the database and to the receiver to retrieve the requested file from the database and to encrypt the retrieved file for the user represented by the identification code, a server coupled to the processor to send the encrypted file to the user over the network, and a player coupled to the identification token to decrypt and play the encrypted file substantially simultaneously.
  • the system may also include a second database containing a plurality of accounts, each account containing information representative of an encryption code corresponding to an identification code.
  • the code may be a public key of a public/private key pair.
  • a method for selling performance files over a network includes receiving a request over a network from a user for a data file representative of a performance, encrypting the data file for decryption by the user, sending the encrypted data file to the user over the network, and charging a fee to the user. Charging a fee to the user may include debiting a credit account of the user and/or receiving money from the user in an electronic transaction.
  • Figure 1 presents a system for distributing encrypted performance files according to the present invention.
  • Figure 2 illustrates a transaction for obtaining an encrypted performance file according to the present invention.
  • Figure 3 depicts a flowchart for a method of encrypting performance files according to the present invention.
  • Figure 4 illustrates a method of using encrypted performance files according to the present invention.
  • Figure 5 depicts a system for playing encrypted performance files according to the present invention.
  • the systems and methods described herein relate to the distribution of electronic files which encrypt performances to restrict the use and/or distribution of said files to unauthorized users. In this way, copyright violations and other unauthorized uses of such files may be minimized without requiring extensive policing efforts.
  • a performance may include any informational, entertaining, recreational, or artistic expression including an audio or visual component which proceeds over a span of time in a substantially predefined manner.
  • music, movies, readings, animated cartoons, television programs, and any portions thereof may be considered performances.
  • Performances may include presentations, such as animated sketches, recordings of natural sounds, and wildlife documentaries, that include little or no human participation, as well as singing, acting, sporting events, and other performances that rely heavily on human participation.
  • a performance file may be a data file containing information representative of a performance such that at least an aspect or portion of a performance may be reproduced on the using information in the performance file.
  • the performance file may be compressed or encoded by any means.
  • Representative types of performance files include MPEG, MP3 (MPEG layer 3), WAV, MOV, SGI, QT, INDEO, VOC, MIDI, and audio (.AU) files.
  • performance files may be encrypted for distribution to a user by using a code specific to that user. For example, the performance may be encrypted for distribution with a user's public key, allowing the file to be decrypted and played only by a user with the corresponding private key.
  • Playing a performance file includes reproducing the encoded performance or a portion thereof for the user.
  • the software, or ⁇ player', used to play the file may be configured to decrypt the file substantially simultaneously with playing the file. In this way, generation of a decrypted version of the file, which might be distributed and played by unauthorized users, is inhibited, and the decrypted data is made to be substantially inaccessible to the user before, during, and after play.
  • the decrypted data may be stored in a RAM buffer between the decryption and play stages.
  • a system 100 for distributing performance files is depicted in Fig. 1.
  • the system 100 may include a processor 110, a server 120, a database of performance files 130, and a database of tokens 140.
  • the system 100 may be accessed over a network 150, such as the Internet, by a client 160.
  • a network 150 such as the Internet
  • client 160 Alternate configurations of these components which are capable of performing the functions set forth below will be apparent to those of skill in the art, including embodiments wherein one or more of the above components are unified in a single device, and embodiments wherein the components are connected to each other in a different arrangement, and such embodiments are intended to fall within the scope of the present disclosure.
  • a token is an electronic file or code that includes information, such as a private key, which can be used to decode an encrypted performance file.
  • a token may include additional information such as an account code, information which can be used to encrypt a file such as a public key corresponding to the user's private key, information relating to the user's computer system, the user's performance preferences, or information relating to the user's identity.
  • the system 100 may receive a request for a performance file from a client 160.
  • the request may include a code for encrypting the performance file, or the system 100 may request or retrieve such a code from the user when the request is received.
  • the processor 1 10 may then retrieve the requested performance file from the database 130, encrypt the performance file according to the determined code, and send the encrypted file to the client 160 over the network 150 using the server 120.
  • the request may include information representative of the token or the encryption code rather than the encryption code itself, and the processor 110 may search the database 140 using the representative information to determine appropriate encryption parameters and proceed as above.
  • the database 140 includes a plurality of certificates, and thus may return the user's certificate containing the public encryption key.
  • the database 140 may be remote from the location of the processor 110, or may be operated by a separate entity.
  • This exchange of information is represented schematically in Figure 2, which shows an embodiment wherein the token is included on an external device 170, as discussed in detail below.
  • the authenticity of the token is supported by the use of digital certificates, such as certificates provided by CyberTrust.
  • the token may include or be associated with a digital certificate which includes a public key of a public/private key pair. A request for a file may include this certificate to enable the system to accurately and securely encrypt a file for the user.
  • the token may include an identification code, e.g., a serial number, which may be sent with a request for a file.
  • the system 100 may transmit this code to a certificate authority (CA) for verification, and the CA may send verification to the system 100 that may include an encryption code, such as a public key, associated with that identification code.
  • CA certificate authority
  • the CA may send a certificate to the system 100 as verification. Additional methods of certifying tokens or file requests will be apparent to those of skill in the art and are intended to fall within the scope of the present invention
  • the token is configured in a way that discourages or inhibits redistribution of the token
  • the token may be embedded in or retained by a software program, such as a program that plays performance files, operating system software, e g , Windows 95, Mac OS, Linux, etc , or by another software application on the user's system
  • a software program that employs or includes tokens such as a player or an operating system, may be unable to include more than one token Additional modifications which may reduce unauthorized redistribution of tokens may be readily envisioned by those of skill in the art reading the present disclosure, and are intended to be encompassed by the scope thereof
  • a token includes information representative of a user's system
  • the information may include a serial number, for example, of an application which plays performance files, of the system software, or of any other component of the user's system, or may represent some other configurational aspect of the user's system
  • the information is selected to be individual and distinct for each user and to remain substantially constant over time, so as not to become inoperative based on minor or routine system reconfigurations or manipulations Such a token may be inoperative when the system does not match the information stored in the token
  • the token is stored on a separate device 170, such as a smart card
  • a separate device 170 such as a smart card
  • Suitable technologies include the iKey from Rainbow Technologies, and the Aladdin Smartcard Environment, among others
  • information stored on the device cannot be directly accessed by the user
  • a token-bearing device may further include information such as a URL address for a web site where performance files are available, performance preferences of the user, or other suitable information
  • Token-bearing devices may be further protected by requiring a password for use
  • a token-bearing device when coupled to a user's computer system, prompts the user to provide a password.
  • the device may launch an application, such as a web browser, and direct the user to a distributor of performance files by providing an appropriate URL address.
  • an application such as a web browser
  • the device may further present to the user personalized information, such as new releases in the user's favorite performance categories.
  • Such information may be stored on the token- bearing device, or anywhere on a computer system coupled to the token-bearing device.
  • the private key may be stored on the token-bearing device in a way that is inaccessible to the user so that the user is inhibited from using the private key to make unauthorized copies of the encrypted files.
  • a user may obtain or certify a token by any of several methods. For example, a user may request a token from a performance file distributor or vendor, or from a token distributor, e.g., in person or over the Internet. In embodiments wherein tokens are certified, a token which does not include a certificate may be coupled to a computer system, the token sent over a network such as the Internet to a certificate authority (CA), and a certificate received from the CA for the token.
  • CA certificate authority
  • the user may obtain the token-bearing device from a distributor, such as a music store, which may also provide the certifying information for the token-bearing device.
  • the user may obtain certifying information from another source, such as a CA recognized by the music encryption system 100.
  • a user requests a file 210 from a distributor.
  • a distributor may be any service or device which distributes digital performance files, such as an Internet web site, a file server, etc.
  • the distributor may determine whether a token is valid 220, and refuse requests to invalid tokens 230. Otherwise, a code for encrypting the requested file is then determined 240.
  • the request may include an encryption code suitable for decryption by the user, or such information may be requested or retrieved from the user by the distributor upon initiation of the request.
  • the distributor may then encrypt the requested file 250 using the encryption code.
  • the encrypted file may then be sent to the user 260.
  • the distributor may identify an encryption scheme associated with the identification code, for example, by determining a public key associated with the code, or by accessing an account for the identification code which includes an encryption scheme.
  • a fee may be charged to the user requesting the data file, for example, by charging a credit account of the user, or by receiving money from the user in an electronic transaction.
  • An alternative method 300 for distributing files is outlined in Figure 4.
  • a user submits a request for a file to a distributor 310, as outlined above.
  • the request may include information representative of the user, such as token information or information representative of the user's computer system, such as a serial number for a component, e.g., a player or system software, an identification code embedded in a smart card or similar device, or any other suitable information as discussed above.
  • the system 100 may request or retrieve such information from the user when the request is received.
  • the information selected is individual and distinct for each user and remains substantially constant over time.
  • the distributor may validate the user's information 320, and deny the request if the information is not valid 330.
  • the distributor may create a token which includes the information representative of the user and a decryption key 340.
  • the token may remain separate from the encrypted file or may be appended to or included in the encrypted file.
  • the distributor may then encrypt the requested file for decryption using the token and send the encrypted file and the token to the user.
  • a token will be inoperative when the information representative of the user in the local environment is different from that stored in the token.
  • conventional a one-time encryption key and certificate exchange occurs similar to that used in connection with credit card purchases over the internet.
  • a system 400 for decrypting and playing performance files is depicted in Figure 5.
  • a decryption key 420 and an encrypted file 410 are received by a decrypter 430 as input.
  • the decrypter 430 uses the decryption key 420 to decode the encrypted file 410 and provide decrypted data to a player 440.
  • the decrypter 430 may provide the decrypted data to the player 440 by storing the data in RAM, on a storage medium such as a disk or hard drive, or by directly transferring the data as it is decrypted to the player 440.
  • measures are taken to inhibit user access to the data after it is decrypted and before it is provided to the player 440.
  • the player 440 then converts the data to a performance signal, such as an audio or video signal, suitable for reproduction, for example, using speakers or a video display.
  • a performance signal such as an audio or video signal
  • Techniques for decryption of encrypted files are well known in the art, any of which may be employed in the systems and methods disclosed herein.
  • playing files representative of performances is well known in the art, and any such files may be played in accordance with the systems and methods disclosed herein.
  • decryption occurs substantially simultaneously with playing, e.g., the decrypter and the player operate in tandem.
  • the player may be a software application, while in other embodiments, the player could be a hardware component, e.g., a tamper-proof decryption/playing mechanism.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Game Theory and Decision Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne des systèmes et des procédés permettant de distribuer et de reproduire des créations enregistrées. A l'aide de ces systèmes et procédés, il est possible de crypter des fichiers de créations enregistrées afin de limiter l'accès à ces fichiers, d'empêcher une redistribution, et une utilisation non autorisée. Le système comprend une base de données (130) destinée à stocker un fichier de données cryptées représentatives des créations enregistrées, et un lecteur (160) décrypte le fichier de données et reproduit sensiblement simultanément les créations enregistrées représentées dans ledit fichier de données.
PCT/US2000/024375 1999-09-27 2000-09-05 Lecteur securise pour donnees de reproduction WO2001024080A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU73501/00A AU7350100A (en) 1999-09-27 2000-09-05 Secure play of performance data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US40667299A 1999-09-27 1999-09-27
US09/406,672 1999-09-27

Publications (1)

Publication Number Publication Date
WO2001024080A1 true WO2001024080A1 (fr) 2001-04-05

Family

ID=23608986

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/024375 WO2001024080A1 (fr) 1999-09-27 2000-09-05 Lecteur securise pour donnees de reproduction

Country Status (2)

Country Link
AU (1) AU7350100A (fr)
WO (1) WO2001024080A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10248006B4 (de) * 2001-10-15 2008-01-17 Hewlett-Packard Development Co., L.P., Houston Verfahren und Vorrichtung zum Verschlüsseln von Daten

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5703951A (en) * 1993-09-14 1997-12-30 Spyrus, Inc. System and method for access data control
US5740246A (en) * 1994-12-13 1998-04-14 Mitsubishi Corporation Crypt key system
US5757909A (en) * 1994-11-26 1998-05-26 Lg Electronics, Inc. Illegal view and copy protection method in digital video system and controlling method thereof
US5825879A (en) * 1996-09-30 1998-10-20 Intel Corporation System and method for copy-protecting distributed video content
US5915018A (en) * 1996-11-05 1999-06-22 Intel Corporation Key management system for DVD copyright management
US5937164A (en) * 1995-12-07 1999-08-10 Hyperlock Technologies, Inc. Method and apparatus of secure server control of local media via a trigger through a network for instant local access of encrypted data on local media within a platform independent networking system
US5991399A (en) * 1997-12-18 1999-11-23 Intel Corporation Method for securely distributing a conditional use private key to a trusted entity on a remote system
US5999629A (en) * 1995-10-31 1999-12-07 Lucent Technologies Inc. Data encryption security module

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5703951A (en) * 1993-09-14 1997-12-30 Spyrus, Inc. System and method for access data control
US5757909A (en) * 1994-11-26 1998-05-26 Lg Electronics, Inc. Illegal view and copy protection method in digital video system and controlling method thereof
US5740246A (en) * 1994-12-13 1998-04-14 Mitsubishi Corporation Crypt key system
US5999629A (en) * 1995-10-31 1999-12-07 Lucent Technologies Inc. Data encryption security module
US5937164A (en) * 1995-12-07 1999-08-10 Hyperlock Technologies, Inc. Method and apparatus of secure server control of local media via a trigger through a network for instant local access of encrypted data on local media within a platform independent networking system
US5825879A (en) * 1996-09-30 1998-10-20 Intel Corporation System and method for copy-protecting distributed video content
US5915018A (en) * 1996-11-05 1999-06-22 Intel Corporation Key management system for DVD copyright management
US5991399A (en) * 1997-12-18 1999-11-23 Intel Corporation Method for securely distributing a conditional use private key to a trusted entity on a remote system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10248006B4 (de) * 2001-10-15 2008-01-17 Hewlett-Packard Development Co., L.P., Houston Verfahren und Vorrichtung zum Verschlüsseln von Daten
DE10248006B8 (de) * 2001-10-15 2008-05-15 Hewlett-Packard Development Co., L.P., Houston Verfahren und Vorrichtung zum Verschlüsseln von Daten

Also Published As

Publication number Publication date
AU7350100A (en) 2001-04-30

Similar Documents

Publication Publication Date Title
EP1625479B1 (fr) Procede et systeme de partage de media controle dans un reseau
EP1665717B1 (fr) Procédé destiné à empêcher une distribution non autorisée d'un contenu multimédia
RU2290767C2 (ru) Приемное устройство для защищенного сохранения единицы контента и устройство воспроизведения
US8108671B2 (en) Method and system for controlling presentation of computer readable media on a media storage device
KR100798199B1 (ko) 데이터 처리 장치, 데이터 처리 시스템, 및 데이터 처리방법
US6779115B1 (en) Portable device using a smart card to receive and decrypt digital data
US6941283B2 (en) Information recording device and information reproducing device
US8250663B2 (en) Method and system for controlling presentation of media on a media storage device
US20010032312A1 (en) System and method for secure electronic digital rights management, secure transaction management and content distribution
US20040125957A1 (en) Method and system for secure distribution
US20080247731A1 (en) Contents Reproduction Device, Contents Reproduction Control Method, Program
JP2006526204A (ja) セキュアストリーミングコンテナ
JP2003518351A (ja) ディジタル・データの無許可アクセスを防止するための適応可能セキュリティ機構
JP2001175606A5 (fr)
JP2004520755A (ja) デジタルコンテンツの保護及び管理のための方法並びにこれを利用したシステム
JP2008520053A (ja) デジタル情報ライブラリ及び配信システム
WO2004027622A2 (fr) Procede et systeme de distribution securisee
JP3332361B2 (ja) データ著作権保護システムにおけるデータ変換装置、データ変換方法およびプログラム格納媒体
US20030233563A1 (en) Method and system for securely transmitting and distributing information and for producing a physical instantiation of the transmitted information in an intermediate, information-storage medium
JP2003509881A (ja) 記録された電子出版資料からのマスター鍵の復元方法
WO2001041027A1 (fr) Systeme et procede destines a la gestion securisee des droits numeriques electroniques et aux transactions et distribution de contenu securisees
WO2001024080A1 (fr) Lecteur securise pour donnees de reproduction
KR100809664B1 (ko) 암호화된 컨텐츠를 저장하는 저장 장치 및 그 컨텐츠의제공 방법
JP3578101B2 (ja) コンテンツ提供方法及び装置及びコンテンツ提供プログラム及びコンテンツ提供プログラムを格納した記憶媒体
GB2389928A (en) Data stored in encrypted form on a data carrier may be accessed by a user when a remote server provides permission

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP